Re: [PATCH v6 06/14] x86: Add early SHA support for Secure Launch early measurements

Mon, 15 May 2023 17:52:39 -0700 

On 5/10/23 23:33, Herbert Xu wrote:

Ross Philipson <[email protected]> wrote:


+static void __sha_transform(u32 *digest, const char *data)
+{
+       u32 ws[SHA1_WORKSPACE_WORDS];
+
+       sha1_transform(digest, data, ws);
+
+       memzero_explicit(ws, sizeof(ws));
+}
+
+void early_sha1_init(struct sha1_state *sctx)
+{
+       sha1_init(sctx->state);
+       sctx->count = 0;
+}
+
+void early_sha1_update(struct sha1_state *sctx,
+                      const u8 *data,
+                      unsigned int len)
+{
+       unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
+
+       sctx->count += len;
+
+       if (likely((partial + len) >= SHA1_BLOCK_SIZE)) {
+               int blocks;
+
+               if (partial) {
+                       int p = SHA1_BLOCK_SIZE - partial;
+
+                       memcpy(sctx->buffer + partial, data, p);
+                       data += p;
+                       len -= p;
+
+                       __sha_transform(sctx->state, sctx->buffer);
+               }
+
+               blocks = len / SHA1_BLOCK_SIZE;
+               len %= SHA1_BLOCK_SIZE;
+
+               if (blocks) {
+                       while (blocks--) {
+                               __sha_transform(sctx->state, data);
+                               data += SHA1_BLOCK_SIZE;
+                       }
+               }
+               partial = 0;
+       }
+
+       if (len)
+               memcpy(sctx->buffer + partial, data, len);
+}
+
+void early_sha1_final(struct sha1_state *sctx, u8 *out)
+{
+       const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
+       unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
+       __be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
+       __be32 *digest = (__be32 *)out;
+       int i;
+
+       sctx->buffer[partial++] = 0x80;
+       if (partial > bit_offset) {
+               memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
+               partial = 0;
+
+               __sha_transform(sctx->state, sctx->buffer);
+       }
+
+       memset(sctx->buffer + partial, 0x0, bit_offset - partial);
+       *bits = cpu_to_be64(sctx->count << 3);
+       __sha_transform(sctx->state, sctx->buffer);
+
+       for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
+               put_unaligned_be32(sctx->state[i], digest++);
+
+       *sctx = (struct sha1_state){};
+}


If we're going to add SHA1 then this should go into lib/crypto
just like SHA2.



As mentioned before, this patch mimicked an early version for SHA2. We 
were remiss in not keeping it aligned with how the SHA2 evolved. I will 
take a closer look, but these wrappers may be able to go away and be 
reduced to just an include as SHA2 does these days.


v/r,
dps

_______________________________________________
kexec mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/kexec























					Reply via email to