| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220112131204.800307-3-Jason@zx2c4.com>
Date: Wed, 12 Jan 2022 14:12:03 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Ard Biesheuvel <ardb@...nel.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>,
linux-crypto@...r.kernel.org
Subject: [PATCH RFC v1 2/3] ipv6: move from sha1 to blake2s in address calculation
BLAKE2s is faster and more secure. SHA-1 has been broken for a long time
now. This also removes some code complexity, and lets us potentially
remove sha1 from lib, which would further reduce vmlinux size.
Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Ard Biesheuvel <ardb@...nel.org>
Cc: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
Cc: linux-crypto@...r.kernel.org
Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
---
net/ipv6/addrconf.c | 31 +++++++++----------------------
1 file changed, 9 insertions(+), 22 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 3445f8017430..f5cb534aa261 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -61,7 +61,7 @@
#include <linux/delay.h>
#include <linux/notifier.h>
#include <linux/string.h>
-#include <linux/hash.h>
+#include <crypto/blake2s.h>
#include <net/net_namespace.h>
#include <net/sock.h>
@@ -3225,25 +3225,16 @@ static int ipv6_generate_stable_address(struct in6_addr *address,
const struct inet6_dev *idev)
{
static DEFINE_SPINLOCK(lock);
- static __u32 digest[SHA1_DIGEST_WORDS];
- static __u32 workspace[SHA1_WORKSPACE_WORDS];
-
- static union {
- char __data[SHA1_BLOCK_SIZE];
- struct {
- struct in6_addr secret;
- __be32 prefix[2];
- unsigned char hwaddr[MAX_ADDR_LEN];
- u8 dad_count;
- } __packed;
- } data;
-
+ struct {
+ struct in6_addr secret;
+ __be32 prefix[2];
+ unsigned char hwaddr[MAX_ADDR_LEN];
+ u8 dad_count;
+ } __packed data;
struct in6_addr secret;
struct in6_addr temp;
struct net *net = dev_net(idev->dev);
- BUILD_BUG_ON(sizeof(data.__data) != sizeof(data));
-
if (idev->cnf.stable_secret.initialized)
secret = idev->cnf.stable_secret.secret;
else if (net->ipv6.devconf_dflt->stable_secret.initialized)
@@ -3254,20 +3245,16 @@ static int ipv6_generate_stable_address(struct in6_addr *address,
retry:
spin_lock_bh(&lock);
- sha1_init(digest);
memset(&data, 0, sizeof(data));
- memset(workspace, 0, sizeof(workspace));
memcpy(data.hwaddr, idev->dev->perm_addr, idev->dev->addr_len);
data.prefix[0] = address->s6_addr32[0];
data.prefix[1] = address->s6_addr32[1];
data.secret = secret;
data.dad_count = dad_count;
- sha1_transform(digest, data.__data, workspace);
-
temp = *address;
- temp.s6_addr32[2] = (__force __be32)digest[0];
- temp.s6_addr32[3] = (__force __be32)digest[1];
+ blake2s((u8 *)&temp.s6_addr32[2], (u8 *)&data, NULL,
+ sizeof(temp.s6_addr32[2]) * 2, sizeof(data), 0);
spin_unlock_bh(&lock);
--
2.34.1
Powered by blists - more mailing lists