From: Eric Biggers <ebiggers@kernel.org>
To: Jens Wiklander <jens.wiklander@linaro.org>,
Sumit Garg <sumit.garg@kernel.org>,
op-tee@lists.trustedfirmware.org
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH] tee: Use SHA-1 library instead of crypto_shash
Date: Fri, 1 Aug 2025 16:55:41 -0700 [thread overview]
Message-ID: <20250801235541.14050-1-ebiggers@kernel.org> (raw)
Use the SHA-1 library functions instead of crypto_shash. This is
simpler and faster.
Change uuid_v5() to return void, since it can no longer fail.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
Note: this patch depends on the SHA-1 library functions that were merged
in v6.17-rc1.
drivers/tee/Kconfig | 3 +--
drivers/tee/tee_core.c | 55 +++++++-----------------------------------
2 files changed, 10 insertions(+), 48 deletions(-)
diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
index 61b507c187801..a84767940fbfc 100644
--- a/drivers/tee/Kconfig
+++ b/drivers/tee/Kconfig
@@ -1,12 +1,11 @@
# SPDX-License-Identifier: GPL-2.0-only
# Generic Trusted Execution Environment Configuration
menuconfig TEE
tristate "Trusted Execution Environment support"
depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD
- select CRYPTO
- select CRYPTO_SHA1
+ select CRYPTO_LIB_SHA1
select DMA_SHARED_BUFFER
select GENERIC_ALLOCATOR
help
This implements a generic interface towards a Trusted Execution
Environment (TEE).
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index acc7998758ad8..d079aeee0690a 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -12,11 +12,10 @@
#include <linux/module.h>
#include <linux/overflow.h>
#include <linux/slab.h>
#include <linux/tee_core.h>
#include <linux/uaccess.h>
-#include <crypto/hash.h>
#include <crypto/sha1.h>
#include "tee_private.h"
#define TEE_NUM_DEVICES 32
@@ -140,72 +139,36 @@ static int tee_release(struct inode *inode, struct file *filp)
* UUIDv5 is specific in RFC 4122.
*
* This implements section (for SHA-1):
* 4.3. Algorithm for Creating a Name-Based UUID
*/
-static int uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
- size_t size)
+static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
+ size_t size)
{
unsigned char hash[SHA1_DIGEST_SIZE];
- struct crypto_shash *shash = NULL;
- struct shash_desc *desc = NULL;
- int rc;
-
- shash = crypto_alloc_shash("sha1", 0, 0);
- if (IS_ERR(shash)) {
- rc = PTR_ERR(shash);
- pr_err("shash(sha1) allocation failed\n");
- return rc;
- }
-
- desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
- GFP_KERNEL);
- if (!desc) {
- rc = -ENOMEM;
- goto out_free_shash;
- }
-
- desc->tfm = shash;
+ struct sha1_ctx ctx;
- rc = crypto_shash_init(desc);
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_update(desc, (const u8 *)ns, sizeof(*ns));
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_update(desc, (const u8 *)name, size);
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_final(desc, hash);
- if (rc < 0)
- goto out_free_desc;
+ sha1_init(&ctx);
+ sha1_update(&ctx, (const u8 *)ns, sizeof(*ns));
+ sha1_update(&ctx, (const u8 *)name, size);
+ sha1_final(&ctx, hash);
memcpy(uuid->b, hash, UUID_SIZE);
/* Tag for version 5 */
uuid->b[6] = (hash[6] & 0x0F) | 0x50;
uuid->b[8] = (hash[8] & 0x3F) | 0x80;
-
-out_free_desc:
- kfree(desc);
-
-out_free_shash:
- crypto_free_shash(shash);
- return rc;
}
int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
const u8 connection_data[TEE_IOCTL_UUID_LEN])
{
gid_t ns_grp = (gid_t)-1;
kgid_t grp = INVALID_GID;
char *name = NULL;
int name_len;
- int rc;
+ int rc = 0;
if (connection_method == TEE_IOCTL_LOGIN_PUBLIC ||
connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) {
/* Nil UUID to be passed to TEE environment */
uuid_copy(uuid, &uuid_null);
@@ -258,11 +221,11 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
default:
rc = -EINVAL;
goto out_free_name;
}
- rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
+ uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
out_free_name:
kfree(name);
return rc;
}
base-commit: 0905809b38bda1fa0b206986c44d846e46f13c1d
--
2.50.1
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers via OP-TEE <op-tee@lists.trustedfirmware.org>
To: Jens Wiklander <jens.wiklander@linaro.org>,
Sumit Garg <sumit.garg@kernel.org>,
op-tee@lists.trustedfirmware.org
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH] tee: Use SHA-1 library instead of crypto_shash
Date: Fri, 1 Aug 2025 16:55:41 -0700 [thread overview]
Message-ID: <20250801235541.14050-1-ebiggers@kernel.org> (raw)
Use the SHA-1 library functions instead of crypto_shash. This is
simpler and faster.
Change uuid_v5() to return void, since it can no longer fail.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
Note: this patch depends on the SHA-1 library functions that were merged
in v6.17-rc1.
drivers/tee/Kconfig | 3 +--
drivers/tee/tee_core.c | 55 +++++++-----------------------------------
2 files changed, 10 insertions(+), 48 deletions(-)
diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
index 61b507c187801..a84767940fbfc 100644
--- a/drivers/tee/Kconfig
+++ b/drivers/tee/Kconfig
@@ -1,12 +1,11 @@
# SPDX-License-Identifier: GPL-2.0-only
# Generic Trusted Execution Environment Configuration
menuconfig TEE
tristate "Trusted Execution Environment support"
depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD
- select CRYPTO
- select CRYPTO_SHA1
+ select CRYPTO_LIB_SHA1
select DMA_SHARED_BUFFER
select GENERIC_ALLOCATOR
help
This implements a generic interface towards a Trusted Execution
Environment (TEE).
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index acc7998758ad8..d079aeee0690a 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -12,11 +12,10 @@
#include <linux/module.h>
#include <linux/overflow.h>
#include <linux/slab.h>
#include <linux/tee_core.h>
#include <linux/uaccess.h>
-#include <crypto/hash.h>
#include <crypto/sha1.h>
#include "tee_private.h"
#define TEE_NUM_DEVICES 32
@@ -140,72 +139,36 @@ static int tee_release(struct inode *inode, struct file *filp)
* UUIDv5 is specific in RFC 4122.
*
* This implements section (for SHA-1):
* 4.3. Algorithm for Creating a Name-Based UUID
*/
-static int uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
- size_t size)
+static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
+ size_t size)
{
unsigned char hash[SHA1_DIGEST_SIZE];
- struct crypto_shash *shash = NULL;
- struct shash_desc *desc = NULL;
- int rc;
-
- shash = crypto_alloc_shash("sha1", 0, 0);
- if (IS_ERR(shash)) {
- rc = PTR_ERR(shash);
- pr_err("shash(sha1) allocation failed\n");
- return rc;
- }
-
- desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
- GFP_KERNEL);
- if (!desc) {
- rc = -ENOMEM;
- goto out_free_shash;
- }
-
- desc->tfm = shash;
+ struct sha1_ctx ctx;
- rc = crypto_shash_init(desc);
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_update(desc, (const u8 *)ns, sizeof(*ns));
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_update(desc, (const u8 *)name, size);
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_final(desc, hash);
- if (rc < 0)
- goto out_free_desc;
+ sha1_init(&ctx);
+ sha1_update(&ctx, (const u8 *)ns, sizeof(*ns));
+ sha1_update(&ctx, (const u8 *)name, size);
+ sha1_final(&ctx, hash);
memcpy(uuid->b, hash, UUID_SIZE);
/* Tag for version 5 */
uuid->b[6] = (hash[6] & 0x0F) | 0x50;
uuid->b[8] = (hash[8] & 0x3F) | 0x80;
-
-out_free_desc:
- kfree(desc);
-
-out_free_shash:
- crypto_free_shash(shash);
- return rc;
}
int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
const u8 connection_data[TEE_IOCTL_UUID_LEN])
{
gid_t ns_grp = (gid_t)-1;
kgid_t grp = INVALID_GID;
char *name = NULL;
int name_len;
- int rc;
+ int rc = 0;
if (connection_method == TEE_IOCTL_LOGIN_PUBLIC ||
connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) {
/* Nil UUID to be passed to TEE environment */
uuid_copy(uuid, &uuid_null);
@@ -258,11 +221,11 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
default:
rc = -EINVAL;
goto out_free_name;
}
- rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
+ uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
out_free_name:
kfree(name);
return rc;
}
base-commit: 0905809b38bda1fa0b206986c44d846e46f13c1d
--
2.50.1
next reply other threads:[~2025-08-01 23:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-01 23:55 Eric Biggers [this message]
2025-08-01 23:55 ` [PATCH] tee: Use SHA-1 library instead of crypto_shash Eric Biggers via OP-TEE
2025-08-11 6:13 ` Sumit Garg
2025-08-11 6:13 ` Sumit Garg via OP-TEE
2025-08-13 13:43 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250801235541.14050-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=jens.wiklander@linaro.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=op-tee@lists.trustedfirmware.org \
--cc=sumit.garg@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.