From: Vladimir Serbinenko <phcoder@gmail.com>
To: grub-devel@gnu.org
Cc: Vladimir Serbinenko <phcoder@gmail.com>
Subject: [PATCH v12 10/13] libgcrypt: Import blake family of hashes
Date: Tue, 15 Apr 2025 22:57:05 +0000 [thread overview]
Message-ID: <20250415225914.361036-11-phcoder@gmail.com> (raw)
In-Reply-To: <20250415225914.361036-1-phcoder@gmail.com>
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
---
.../lib/libgcrypt-patches/06_blake.patch | 80 +++++++++++++++++++
include/grub/crypto.h | 6 ++
util/import_gcry.py | 36 +++++++--
3 files changed, 115 insertions(+), 7 deletions(-)
create mode 100644 grub-core/lib/libgcrypt-patches/06_blake.patch
diff --git a/grub-core/lib/libgcrypt-patches/06_blake.patch b/grub-core/lib/libgcrypt-patches/06_blake.patch
new file mode 100644
index 000000000..19543dc87
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/06_blake.patch
@@ -0,0 +1,80 @@
+--- a/grub-core/lib/libgcrypt-grub/cipher/blake2.c
++++ b/grub-core/lib/libgcrypt-grub/cipher/blake2.c
+@@ -784,68 +784,6 @@
+ return blake2s_init(c, key, keylen);
+ }
+
+-/* Selftests from "RFC 7693, Appendix E. BLAKE2b and BLAKE2s Self-Test
+- * Module C Source". */
+-static void selftest_seq(byte *out, size_t len, u32 seed)
+-{
+- size_t i;
+- u32 t, a, b;
+-
+- a = 0xDEAD4BAD * seed;
+- b = 1;
+-
+- for (i = 0; i < len; i++)
+- {
+- t = a + b;
+- a = b;
+- b = t;
+- out[i] = (t >> 24) & 0xFF;
+- }
+-}
+-
+-
+-
+-
+-gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags,
+- const unsigned char *key,
+- size_t keylen, int algo)
+-{
+- gcry_err_code_t rc;
+- switch (algo)
+- {
+- case GCRY_MD_BLAKE2B_512:
+- rc = blake2b_init_ctx (ctx, flags, key, keylen, 512);
+- break;
+- case GCRY_MD_BLAKE2B_384:
+- rc = blake2b_init_ctx (ctx, flags, key, keylen, 384);
+- break;
+- case GCRY_MD_BLAKE2B_256:
+- rc = blake2b_init_ctx (ctx, flags, key, keylen, 256);
+- break;
+- case GCRY_MD_BLAKE2B_160:
+- rc = blake2b_init_ctx (ctx, flags, key, keylen, 160);
+- break;
+- case GCRY_MD_BLAKE2S_256:
+- rc = blake2s_init_ctx (ctx, flags, key, keylen, 256);
+- break;
+- case GCRY_MD_BLAKE2S_224:
+- rc = blake2s_init_ctx (ctx, flags, key, keylen, 224);
+- break;
+- case GCRY_MD_BLAKE2S_160:
+- rc = blake2s_init_ctx (ctx, flags, key, keylen, 160);
+- break;
+- case GCRY_MD_BLAKE2S_128:
+- rc = blake2s_init_ctx (ctx, flags, key, keylen, 128);
+- break;
+- default:
+- rc = GPG_ERR_DIGEST_ALGO;
+- break;
+- }
+-
+- return rc;
+-}
+-
+-
+ #define DEFINE_BLAKE2_VARIANT(bs, BS, dbits, oid_branch) \
+ static void blake2##bs##_##dbits##_init(void *ctx, unsigned int flags) \
+ { \
+@@ -879,7 +817,7 @@
+ dbits / 8, blake2##bs##_##dbits##_init, blake2##bs##_write, \
+ blake2##bs##_final, blake2##bs##_read, NULL, \
+ _gcry_blake2##bs##_##dbits##_hash_buffers, \
+- sizeof (BLAKE2##BS##_CONTEXT), selftests_blake2##bs \
++ sizeof (BLAKE2##BS##_CONTEXT) \
+ , \
+ GRUB_UTIL_MODNAME("gcry_blake2") \
+ .blocksize = GRUB_BLAKE2 ## BS ## _BLOCK_SIZE \
diff --git a/include/grub/crypto.h b/include/grub/crypto.h
index 25b118898..4f15a7818 100644
--- a/include/grub/crypto.h
+++ b/include/grub/crypto.h
@@ -586,8 +586,14 @@ void grub_gcry_fini_all (void);
int
grub_get_random (void *out, grub_size_t len);
+#define GRUB_UTIL_MODNAME(x) .modname = x,
+#else
+#define GRUB_UTIL_MODNAME(x)
#endif
+#define GRUB_BLAKE2B_BLOCK_SIZE 128
+#define GRUB_BLAKE2S_BLOCK_SIZE 64
+
typedef struct _gpgrt_b64state *gpgrt_b64state_t;
gpgrt_b64state_t gpgrt_b64dec_start (const char *title);
gpg_error_t gpgrt_b64dec_proc (gpgrt_b64state_t state,
diff --git a/util/import_gcry.py b/util/import_gcry.py
index a4411ecb9..b6ddde9cd 100644
--- a/util/import_gcry.py
+++ b/util/import_gcry.py
@@ -120,7 +120,8 @@ mdblocksizes = {"_gcry_digest_spec_crc32" : 64,
"_gcry_digest_spec_gost3411_94": 32,
"_gcry_digest_spec_gost3411_cp": 32,
"_gcry_digest_spec_cshake128": 64,
- "_gcry_digest_spec_cshake256": 64}
+ "_gcry_digest_spec_cshake256": 64,
+ "_gcry_digest_spec_blake2": "GRUB_BLAKE2 ## BS ## _BLOCK_SIZE"}
cryptolist = codecs.open (os.path.join (cipher_dir_out, "crypto.lst"), "w", "utf-8")
@@ -209,6 +210,7 @@ for cipher_file in cipher_files:
skip = 0
skip2 = False
ismd = False
+ ismddefine = False
mdarg = 0
ispk = False
iscipher = False
@@ -245,19 +247,19 @@ for cipher_file in cipher_files:
mdarg = mdarg + len (spl) - 1
if ismd or iscipher or ispk:
if not re.search (" *};", line) is None:
+ escapenl = " \\" if ismddefine else ""
if not iscomma:
- fw.write (" ,\n")
- fw.write ("#ifdef GRUB_UTIL\n");
- fw.write (" .modname = \"%s\",\n" % modname);
- fw.write ("#endif\n");
+ fw.write (f" ,{escapenl}\n")
+ fw.write (f" GRUB_UTIL_MODNAME(\"%s\"){escapenl}\n" % modname);
if ismd:
if not (mdname in mdblocksizes):
print ("ERROR: Unknown digest blocksize: %s\n"
% mdname)
exit (1)
- fw.write (" .blocksize = %s\n"
+ fw.write (f" .blocksize = %s{escapenl}\n"
% mdblocksizes [mdname])
ismd = False
+ ismddefine = False
mdarg = 0
iscipher = False
ispk = False
@@ -281,7 +283,7 @@ for cipher_file in cipher_files:
hold = False
# We're optimising for size and exclude anything needing good
# randomness.
- if re.match ("(_gcry_hash_selftest_check_one|bulk_selftest_setkey|run_selftests|do_tripledes_set_extra_info|selftest|sm4_selftest|_gcry_[a-z0-9_]*_hash_buffers|_gcry_sha1_hash_buffer|tripledes_set2keys|_gcry_rmd160_mixblock|serpent_test|dsa_generate_ext|test_keys|gen_k|sign|gen_x931_parm_xp|generate_x931|generate_key|dsa_generate|dsa_sign|ecc_sign|generate|generate_fips186|_gcry_register_pk_dsa_progress|_gcry_register_pk_ecc_progress|progress|scanval|ec2os|ecc_generate_ext|ecc_generate|ecc_get_param|_gcry_register_pk_dsa_progress|gen_x931_parm_xp|gen_x931_parm_xi|rsa_decrypt|rsa_sign|rsa_generate_ext|rsa_generate|secret|check_exponent|rsa_blind|rsa_unblind|extract_a_from_sexp|curve_free|curve_copy|point_set|_gcry_dsa_gen_rfc6979_k|bits2octets|int2octets|_gcry_md_debug|_gcry_md_selftest|_gcry_md_is_enabled|_gcry_md_is_secure|_gcry_md_init|_gcry_md_info|md_get_algo|md_extract|_gcry_md_get |_gcry_md_get_algo |_gcry_md_extract|_gcry_md_setkey|md_setkey|prepare_macpads|_gcry_md_algo_name|search_oid|spec_from_oid|spec_from_name|spec_from_algo|map_algo|cshake_hash_buffers)", line) is not None:
+ if re.match ("(_gcry_hash_selftest_check_one|bulk_selftest_setkey|run_selftests|do_tripledes_set_extra_info|selftest|sm4_selftest|_gcry_[a-z0-9_]*_hash_buffers|_gcry_sha1_hash_buffer|tripledes_set2keys|_gcry_rmd160_mixblock|serpent_test|dsa_generate_ext|test_keys|gen_k|sign|gen_x931_parm_xp|generate_x931|generate_key|dsa_generate|dsa_sign|ecc_sign|generate|generate_fips186|_gcry_register_pk_dsa_progress|_gcry_register_pk_ecc_progress|progress|scanval|ec2os|ecc_generate_ext|ecc_generate|ecc_get_param|_gcry_register_pk_dsa_progress|gen_x931_parm_xp|gen_x931_parm_xi|rsa_decrypt|rsa_sign|rsa_generate_ext|rsa_generate|secret|check_exponent|rsa_blind|rsa_unblind|extract_a_from_sexp|curve_free|curve_copy|point_set|_gcry_dsa_gen_rfc6979_k|bits2octets|int2octets|_gcry_md_debug|_gcry_md_selftest|_gcry_md_is_enabled|_gcry_md_is_secure|_gcry_md_init|_gcry_md_info|md_get_algo|md_extract|_gcry_md_get |_gcry_md_get_algo |_gcry_md_extract|_gcry_md_setkey|md_setkey|prepare_macpads|_gcry_md_algo_name|search_oid|spec_from_oid|spec_from_name|spec_from_algo|map_algo|cshake_hash_buffers|blake2b_vl_hash|selftest_seq)", line) is not None:
skip = 1
if not re.match ("selftest", line) is None and cipher_file == "idea.c":
@@ -355,6 +357,13 @@ for cipher_file in cipher_files:
ispk = True
iscryptostart = True
+ m = re.match (r"DEFINE_BLAKE2_VARIANT\((.), (.), ([0-9]*)", line)
+ if isc and not m is None:
+ bs = m.groups()[0]
+ bits = m.groups()[2]
+ mdname = f"_gcry_digest_spec_blake2{bs}_{bits}"
+ mdnames.append (mdname)
+
m = re.match ("(const )?gcry_md_spec_t", line)
if isc and not m is None:
assert (not ismd)
@@ -366,6 +375,19 @@ for cipher_file in cipher_files:
mdname = re.match("[a-zA-Z0-9_]*",mdname).group ()
mdnames.append (mdname)
ismd = True
+ ismddefine = False
+ mdarg = 0
+ iscryptostart = True
+ m = re.match (" (const )?gcry_md_spec_t _gcry_digest_spec_blake2.*\\\\", line)
+ if isc and not m is None:
+ assert (not ismd)
+ assert (not ispk)
+ assert (not iscipher)
+ assert (not iscryptostart)
+ line = removeprefix(line, " const ")
+ ismd = True
+ ismddefine = True
+ mdname = "_gcry_digest_spec_blake2"
mdarg = 0
iscryptostart = True
m = re.match (r"static const char \*selftest.*;$", line)
--
2.49.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2025-04-15 23:02 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-15 22:56 [PATCH v12 00/13] Upgrade libgcrypt to 1.11 Vladimir Serbinenko
2025-04-15 22:56 ` [PATCH v12 01/13] Import libgcrypt 1.11 Vladimir Serbinenko
2025-05-15 16:42 ` Daniel Kiper
2025-04-15 22:56 ` [PATCH v12 02/13] Import b64dec from gpg-error Vladimir Serbinenko
2025-05-15 16:43 ` Daniel Kiper
2025-04-15 22:56 ` [PATCH v12 03/13] b64dec: Adjust for compilation in GRUB environment Vladimir Serbinenko
2025-05-15 16:55 ` Daniel Kiper
2025-04-15 22:56 ` [PATCH v12 04/13] Adjust import script, definitions and API users for libgcrypt 1.11 Vladimir Serbinenko
2025-05-15 16:56 ` Daniel Kiper
2025-04-15 22:57 ` [PATCH v12 05/13] Add DSA and RSA SEXP tests Vladimir Serbinenko
2025-05-15 16:57 ` Daniel Kiper
2025-04-15 22:57 ` [PATCH v12 06/13] keccak: Disable acceleration with SSE asm Vladimir Serbinenko
2025-05-15 16:58 ` Daniel Kiper
2025-04-15 22:57 ` [PATCH v12 07/13] libgcrypt: Fix coverity warnings Vladimir Serbinenko
2025-05-15 16:59 ` Daniel Kiper
2025-04-15 22:57 ` [PATCH v12 08/13] Remove now unneeded gcrypt compilation flag Vladimir Serbinenko
2025-05-15 17:03 ` Daniel Kiper
2025-04-15 22:57 ` [PATCH v12 09/13] gcry: Ignore sign-compare warnings Vladimir Serbinenko
2025-05-15 17:07 ` Daniel Kiper
2025-04-15 22:57 ` Vladimir Serbinenko [this message]
2025-04-18 9:29 ` [PATCH v12 10/13] libgcrypt: Import blake family of hashes Gary Lin via Grub-devel
2025-04-15 22:57 ` [PATCH v12 11/13] import_gcry: Make compatible with python 3.4 Vladimir Serbinenko
2025-05-15 17:10 ` Daniel Kiper
2025-04-15 22:57 ` [PATCH v12 12/13] import_gcry: Fix pylint warnings Vladimir Serbinenko
2025-05-15 17:12 ` Daniel Kiper
2025-04-15 22:57 ` [PATCH v12 13/13] libgcrypt: Don't use 64-bit division on platforms where it's slow Vladimir Serbinenko
2025-05-15 17:14 ` Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250415225914.361036-11-phcoder@gmail.com \
--to=phcoder@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.