From: Sumit Garg <sumit.garg@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>,
op-tee@lists.trustedfirmware.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] tee: Use SHA-1 library instead of crypto_shash
Date: Mon, 11 Aug 2025 11:43:35 +0530 [thread overview]
Message-ID: <aJmKDyD4weX9bR0U@sumit-X1> (raw)
In-Reply-To: <20250801235541.14050-1-ebiggers@kernel.org>
On Fri, Aug 01, 2025 at 04:55:41PM -0700, Eric Biggers wrote:
> Use the SHA-1 library functions instead of crypto_shash. This is
> simpler and faster.
>
> Change uuid_v5() to return void, since it can no longer fail.
>
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
>
> Note: this patch depends on the SHA-1 library functions that were merged
> in v6.17-rc1.
>
> drivers/tee/Kconfig | 3 +--
> drivers/tee/tee_core.c | 55 +++++++-----------------------------------
> 2 files changed, 10 insertions(+), 48 deletions(-)
Nice cleanup, FWIW:
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
-Sumit
>
> diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> index 61b507c187801..a84767940fbfc 100644
> --- a/drivers/tee/Kconfig
> +++ b/drivers/tee/Kconfig
> @@ -1,12 +1,11 @@
> # SPDX-License-Identifier: GPL-2.0-only
> # Generic Trusted Execution Environment Configuration
> menuconfig TEE
> tristate "Trusted Execution Environment support"
> depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD
> - select CRYPTO
> - select CRYPTO_SHA1
> + select CRYPTO_LIB_SHA1
> select DMA_SHARED_BUFFER
> select GENERIC_ALLOCATOR
> help
> This implements a generic interface towards a Trusted Execution
> Environment (TEE).
> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> index acc7998758ad8..d079aeee0690a 100644
> --- a/drivers/tee/tee_core.c
> +++ b/drivers/tee/tee_core.c
> @@ -12,11 +12,10 @@
> #include <linux/module.h>
> #include <linux/overflow.h>
> #include <linux/slab.h>
> #include <linux/tee_core.h>
> #include <linux/uaccess.h>
> -#include <crypto/hash.h>
> #include <crypto/sha1.h>
> #include "tee_private.h"
>
> #define TEE_NUM_DEVICES 32
>
> @@ -140,72 +139,36 @@ static int tee_release(struct inode *inode, struct file *filp)
> * UUIDv5 is specific in RFC 4122.
> *
> * This implements section (for SHA-1):
> * 4.3. Algorithm for Creating a Name-Based UUID
> */
> -static int uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
> - size_t size)
> +static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
> + size_t size)
> {
> unsigned char hash[SHA1_DIGEST_SIZE];
> - struct crypto_shash *shash = NULL;
> - struct shash_desc *desc = NULL;
> - int rc;
> -
> - shash = crypto_alloc_shash("sha1", 0, 0);
> - if (IS_ERR(shash)) {
> - rc = PTR_ERR(shash);
> - pr_err("shash(sha1) allocation failed\n");
> - return rc;
> - }
> -
> - desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
> - GFP_KERNEL);
> - if (!desc) {
> - rc = -ENOMEM;
> - goto out_free_shash;
> - }
> -
> - desc->tfm = shash;
> + struct sha1_ctx ctx;
>
> - rc = crypto_shash_init(desc);
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_update(desc, (const u8 *)ns, sizeof(*ns));
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_update(desc, (const u8 *)name, size);
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_final(desc, hash);
> - if (rc < 0)
> - goto out_free_desc;
> + sha1_init(&ctx);
> + sha1_update(&ctx, (const u8 *)ns, sizeof(*ns));
> + sha1_update(&ctx, (const u8 *)name, size);
> + sha1_final(&ctx, hash);
>
> memcpy(uuid->b, hash, UUID_SIZE);
>
> /* Tag for version 5 */
> uuid->b[6] = (hash[6] & 0x0F) | 0x50;
> uuid->b[8] = (hash[8] & 0x3F) | 0x80;
> -
> -out_free_desc:
> - kfree(desc);
> -
> -out_free_shash:
> - crypto_free_shash(shash);
> - return rc;
> }
>
> int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> const u8 connection_data[TEE_IOCTL_UUID_LEN])
> {
> gid_t ns_grp = (gid_t)-1;
> kgid_t grp = INVALID_GID;
> char *name = NULL;
> int name_len;
> - int rc;
> + int rc = 0;
>
> if (connection_method == TEE_IOCTL_LOGIN_PUBLIC ||
> connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) {
> /* Nil UUID to be passed to TEE environment */
> uuid_copy(uuid, &uuid_null);
> @@ -258,11 +221,11 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> default:
> rc = -EINVAL;
> goto out_free_name;
> }
>
> - rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> + uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> out_free_name:
> kfree(name);
>
> return rc;
> }
>
> base-commit: 0905809b38bda1fa0b206986c44d846e46f13c1d
> --
> 2.50.1
>
WARNING: multiple messages have this Message-ID (diff)
From: Sumit Garg via OP-TEE <op-tee@lists.trustedfirmware.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: op-tee@lists.trustedfirmware.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] tee: Use SHA-1 library instead of crypto_shash
Date: Mon, 11 Aug 2025 11:43:35 +0530 [thread overview]
Message-ID: <aJmKDyD4weX9bR0U@sumit-X1> (raw)
In-Reply-To: <20250801235541.14050-1-ebiggers@kernel.org>
On Fri, Aug 01, 2025 at 04:55:41PM -0700, Eric Biggers wrote:
> Use the SHA-1 library functions instead of crypto_shash. This is
> simpler and faster.
>
> Change uuid_v5() to return void, since it can no longer fail.
>
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
>
> Note: this patch depends on the SHA-1 library functions that were merged
> in v6.17-rc1.
>
> drivers/tee/Kconfig | 3 +--
> drivers/tee/tee_core.c | 55 +++++++-----------------------------------
> 2 files changed, 10 insertions(+), 48 deletions(-)
Nice cleanup, FWIW:
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
-Sumit
>
> diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> index 61b507c187801..a84767940fbfc 100644
> --- a/drivers/tee/Kconfig
> +++ b/drivers/tee/Kconfig
> @@ -1,12 +1,11 @@
> # SPDX-License-Identifier: GPL-2.0-only
> # Generic Trusted Execution Environment Configuration
> menuconfig TEE
> tristate "Trusted Execution Environment support"
> depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD
> - select CRYPTO
> - select CRYPTO_SHA1
> + select CRYPTO_LIB_SHA1
> select DMA_SHARED_BUFFER
> select GENERIC_ALLOCATOR
> help
> This implements a generic interface towards a Trusted Execution
> Environment (TEE).
> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> index acc7998758ad8..d079aeee0690a 100644
> --- a/drivers/tee/tee_core.c
> +++ b/drivers/tee/tee_core.c
> @@ -12,11 +12,10 @@
> #include <linux/module.h>
> #include <linux/overflow.h>
> #include <linux/slab.h>
> #include <linux/tee_core.h>
> #include <linux/uaccess.h>
> -#include <crypto/hash.h>
> #include <crypto/sha1.h>
> #include "tee_private.h"
>
> #define TEE_NUM_DEVICES 32
>
> @@ -140,72 +139,36 @@ static int tee_release(struct inode *inode, struct file *filp)
> * UUIDv5 is specific in RFC 4122.
> *
> * This implements section (for SHA-1):
> * 4.3. Algorithm for Creating a Name-Based UUID
> */
> -static int uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
> - size_t size)
> +static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
> + size_t size)
> {
> unsigned char hash[SHA1_DIGEST_SIZE];
> - struct crypto_shash *shash = NULL;
> - struct shash_desc *desc = NULL;
> - int rc;
> -
> - shash = crypto_alloc_shash("sha1", 0, 0);
> - if (IS_ERR(shash)) {
> - rc = PTR_ERR(shash);
> - pr_err("shash(sha1) allocation failed\n");
> - return rc;
> - }
> -
> - desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
> - GFP_KERNEL);
> - if (!desc) {
> - rc = -ENOMEM;
> - goto out_free_shash;
> - }
> -
> - desc->tfm = shash;
> + struct sha1_ctx ctx;
>
> - rc = crypto_shash_init(desc);
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_update(desc, (const u8 *)ns, sizeof(*ns));
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_update(desc, (const u8 *)name, size);
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_final(desc, hash);
> - if (rc < 0)
> - goto out_free_desc;
> + sha1_init(&ctx);
> + sha1_update(&ctx, (const u8 *)ns, sizeof(*ns));
> + sha1_update(&ctx, (const u8 *)name, size);
> + sha1_final(&ctx, hash);
>
> memcpy(uuid->b, hash, UUID_SIZE);
>
> /* Tag for version 5 */
> uuid->b[6] = (hash[6] & 0x0F) | 0x50;
> uuid->b[8] = (hash[8] & 0x3F) | 0x80;
> -
> -out_free_desc:
> - kfree(desc);
> -
> -out_free_shash:
> - crypto_free_shash(shash);
> - return rc;
> }
>
> int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> const u8 connection_data[TEE_IOCTL_UUID_LEN])
> {
> gid_t ns_grp = (gid_t)-1;
> kgid_t grp = INVALID_GID;
> char *name = NULL;
> int name_len;
> - int rc;
> + int rc = 0;
>
> if (connection_method == TEE_IOCTL_LOGIN_PUBLIC ||
> connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) {
> /* Nil UUID to be passed to TEE environment */
> uuid_copy(uuid, &uuid_null);
> @@ -258,11 +221,11 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> default:
> rc = -EINVAL;
> goto out_free_name;
> }
>
> - rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> + uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> out_free_name:
> kfree(name);
>
> return rc;
> }
>
> base-commit: 0905809b38bda1fa0b206986c44d846e46f13c1d
> --
> 2.50.1
>
next prev parent reply other threads:[~2025-08-11 6:13 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-01 23:55 [PATCH] tee: Use SHA-1 library instead of crypto_shash Eric Biggers
2025-08-01 23:55 ` Eric Biggers via OP-TEE
2025-08-11 6:13 ` Sumit Garg [this message]
2025-08-11 6:13 ` Sumit Garg via OP-TEE
2025-08-13 13:43 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJmKDyD4weX9bR0U@sumit-X1 \
--to=sumit.garg@kernel.org \
--cc=ebiggers@kernel.org \
--cc=jens.wiklander@linaro.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=op-tee@lists.trustedfirmware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.