lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jan 2022 15:20:13 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, bpf@...r.kernel.org, linux-crypto@...r.kernel.org Cc: "Jason A. Donenfeld" <Jason@...c4.com>, Geert Uytterhoeven <geert@...ux-m68k.org>, Herbert Xu <herbert@...dor.apana.org.au>, Andy Lutomirski <luto@...capital.net>, Ard Biesheuvel <ardb@...nel.org>, Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>, Alexei Starovoitov <alexei.starovoitov@...il.com> Subject: [PATCH RFC v2 1/3] bpf: move from sha1 to blake2s in tag calculation BLAKE2s is faster and more secure. SHA-1 has been broken for a long time now. This also removes quite a bit of code, and lets us potentially remove sha1 from lib, which would further reduce vmlinux size. Cc: Geert Uytterhoeven <geert@...ux-m68k.org> Cc: Herbert Xu <herbert@...dor.apana.org.au> Cc: Andy Lutomirski <luto@...capital.net> Cc: Ard Biesheuvel <ardb@...nel.org> Cc: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com> Cc: Alexei Starovoitov <alexei.starovoitov@...il.com> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com> --- kernel/bpf/core.c | 39 ++++----------------------------------- 1 file changed, 4 insertions(+), 35 deletions(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index de3e5bc6781f..20a799d36ba8 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -33,6 +33,7 @@ #include <linux/extable.h> #include <linux/log2.h> #include <linux/bpf_verifier.h> +#include <crypto/blake2s.h> #include <asm/barrier.h> #include <asm/unaligned.h> @@ -265,24 +266,16 @@ void __bpf_prog_free(struct bpf_prog *fp) int bpf_prog_calc_tag(struct bpf_prog *fp) { - const u32 bits_offset = SHA1_BLOCK_SIZE - sizeof(__be64); u32 raw_size = bpf_prog_tag_scratch_size(fp); - u32 digest[SHA1_DIGEST_WORDS]; - u32 ws[SHA1_WORKSPACE_WORDS]; - u32 i, bsize, psize, blocks; struct bpf_insn *dst; bool was_ld_map; - u8 *raw, *todo; - __be32 *result; - __be64 *bits; + u8 *raw; + int i; raw = vmalloc(raw_size); if (!raw) return -ENOMEM; - sha1_init(digest); - memset(ws, 0, sizeof(ws)); - /* We need to take out the map fd for the digest calculation * since they are unstable from user space side. */ @@ -307,31 +300,7 @@ int bpf_prog_calc_tag(struct bpf_prog *fp) } } - psize = bpf_prog_insn_size(fp); - memset(&raw[psize], 0, raw_size - psize); - raw[psize++] = 0x80; - - bsize = round_up(psize, SHA1_BLOCK_SIZE); - blocks = bsize / SHA1_BLOCK_SIZE; - todo = raw; - if (bsize - psize >= sizeof(__be64)) { - bits = (__be64 *)(todo + bsize - sizeof(__be64)); - } else { - bits = (__be64 *)(todo + bsize + bits_offset); - blocks++; - } - *bits = cpu_to_be64((psize - 1) << 3); - - while (blocks--) { - sha1_transform(digest, todo, ws); - todo += SHA1_BLOCK_SIZE; - } - - result = (__force __be32 *)digest; - for (i = 0; i < SHA1_DIGEST_WORDS; i++) - result[i] = cpu_to_be32(digest[i]); - memcpy(fp->tag, result, sizeof(fp->tag)); - + blake2s(fp->tag, raw, NULL, sizeof(fp->tag), bpf_prog_insn_size(fp), 0); vfree(raw); return 0; } -- 2.34.1
Powered by blists - more mailing lists