From: Sumit Garg via OP-TEE <op-tee@lists.trustedfirmware.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: op-tee@lists.trustedfirmware.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] tee: Use SHA-1 library instead of crypto_shash
Date: Mon, 11 Aug 2025 11:43:35 +0530 [thread overview]
Message-ID: <aJmKDyD4weX9bR0U@sumit-X1> (raw)
In-Reply-To: <20250801235541.14050-1-ebiggers@kernel.org>
On Fri, Aug 01, 2025 at 04:55:41PM -0700, Eric Biggers wrote:
> Use the SHA-1 library functions instead of crypto_shash. This is
> simpler and faster.
>
> Change uuid_v5() to return void, since it can no longer fail.
>
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
>
> Note: this patch depends on the SHA-1 library functions that were merged
> in v6.17-rc1.
>
> drivers/tee/Kconfig | 3 +--
> drivers/tee/tee_core.c | 55 +++++++-----------------------------------
> 2 files changed, 10 insertions(+), 48 deletions(-)
Nice cleanup, FWIW:
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
-Sumit
>
> diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
> index 61b507c187801..a84767940fbfc 100644
> --- a/drivers/tee/Kconfig
> +++ b/drivers/tee/Kconfig
> @@ -1,12 +1,11 @@
> # SPDX-License-Identifier: GPL-2.0-only
> # Generic Trusted Execution Environment Configuration
> menuconfig TEE
> tristate "Trusted Execution Environment support"
> depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD
> - select CRYPTO
> - select CRYPTO_SHA1
> + select CRYPTO_LIB_SHA1
> select DMA_SHARED_BUFFER
> select GENERIC_ALLOCATOR
> help
> This implements a generic interface towards a Trusted Execution
> Environment (TEE).
> diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> index acc7998758ad8..d079aeee0690a 100644
> --- a/drivers/tee/tee_core.c
> +++ b/drivers/tee/tee_core.c
> @@ -12,11 +12,10 @@
> #include <linux/module.h>
> #include <linux/overflow.h>
> #include <linux/slab.h>
> #include <linux/tee_core.h>
> #include <linux/uaccess.h>
> -#include <crypto/hash.h>
> #include <crypto/sha1.h>
> #include "tee_private.h"
>
> #define TEE_NUM_DEVICES 32
>
> @@ -140,72 +139,36 @@ static int tee_release(struct inode *inode, struct file *filp)
> * UUIDv5 is specific in RFC 4122.
> *
> * This implements section (for SHA-1):
> * 4.3. Algorithm for Creating a Name-Based UUID
> */
> -static int uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
> - size_t size)
> +static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
> + size_t size)
> {
> unsigned char hash[SHA1_DIGEST_SIZE];
> - struct crypto_shash *shash = NULL;
> - struct shash_desc *desc = NULL;
> - int rc;
> -
> - shash = crypto_alloc_shash("sha1", 0, 0);
> - if (IS_ERR(shash)) {
> - rc = PTR_ERR(shash);
> - pr_err("shash(sha1) allocation failed\n");
> - return rc;
> - }
> -
> - desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
> - GFP_KERNEL);
> - if (!desc) {
> - rc = -ENOMEM;
> - goto out_free_shash;
> - }
> -
> - desc->tfm = shash;
> + struct sha1_ctx ctx;
>
> - rc = crypto_shash_init(desc);
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_update(desc, (const u8 *)ns, sizeof(*ns));
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_update(desc, (const u8 *)name, size);
> - if (rc < 0)
> - goto out_free_desc;
> -
> - rc = crypto_shash_final(desc, hash);
> - if (rc < 0)
> - goto out_free_desc;
> + sha1_init(&ctx);
> + sha1_update(&ctx, (const u8 *)ns, sizeof(*ns));
> + sha1_update(&ctx, (const u8 *)name, size);
> + sha1_final(&ctx, hash);
>
> memcpy(uuid->b, hash, UUID_SIZE);
>
> /* Tag for version 5 */
> uuid->b[6] = (hash[6] & 0x0F) | 0x50;
> uuid->b[8] = (hash[8] & 0x3F) | 0x80;
> -
> -out_free_desc:
> - kfree(desc);
> -
> -out_free_shash:
> - crypto_free_shash(shash);
> - return rc;
> }
>
> int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> const u8 connection_data[TEE_IOCTL_UUID_LEN])
> {
> gid_t ns_grp = (gid_t)-1;
> kgid_t grp = INVALID_GID;
> char *name = NULL;
> int name_len;
> - int rc;
> + int rc = 0;
>
> if (connection_method == TEE_IOCTL_LOGIN_PUBLIC ||
> connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) {
> /* Nil UUID to be passed to TEE environment */
> uuid_copy(uuid, &uuid_null);
> @@ -258,11 +221,11 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
> default:
> rc = -EINVAL;
> goto out_free_name;
> }
>
> - rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> + uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
> out_free_name:
> kfree(name);
>
> return rc;
> }
>
> base-commit: 0905809b38bda1fa0b206986c44d846e46f13c1d
> --
> 2.50.1
>
next prev parent reply other threads:[~2025-08-11 6:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-01 23:55 [PATCH] tee: Use SHA-1 library instead of crypto_shash Eric Biggers via OP-TEE
2025-08-11 6:13 ` Sumit Garg via OP-TEE [this message]
2025-08-13 13:43 ` Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJmKDyD4weX9bR0U@sumit-X1 \
--to=op-tee@lists.trustedfirmware.org \
--cc=ebiggers@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sumit.garg@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox