From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org,
sparclinux@vger.kernel.org, x86@kernel.org,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 19/26] tee: Use SHA-1 library instead of crypto_shash
Date: Sat, 12 Jul 2025 16:23:10 -0700 [thread overview]
Message-ID: <20250712232329.818226-20-ebiggers@kernel.org> (raw)
In-Reply-To: <20250712232329.818226-1-ebiggers@kernel.org>
Use the SHA-1 library functions instead of crypto_shash. This is
simpler and faster.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
drivers/tee/Kconfig | 3 +--
drivers/tee/tee_core.c | 55 +++++++-----------------------------------
2 files changed, 10 insertions(+), 48 deletions(-)
diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
index 61b507c187801..a84767940fbfc 100644
--- a/drivers/tee/Kconfig
+++ b/drivers/tee/Kconfig
@@ -1,12 +1,11 @@
# SPDX-License-Identifier: GPL-2.0-only
# Generic Trusted Execution Environment Configuration
menuconfig TEE
tristate "Trusted Execution Environment support"
depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD
- select CRYPTO
- select CRYPTO_SHA1
+ select CRYPTO_LIB_SHA1
select DMA_SHARED_BUFFER
select GENERIC_ALLOCATOR
help
This implements a generic interface towards a Trusted Execution
Environment (TEE).
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
index acc7998758ad8..4c82a171bff20 100644
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -12,11 +12,10 @@
#include <linux/module.h>
#include <linux/overflow.h>
#include <linux/slab.h>
#include <linux/tee_core.h>
#include <linux/uaccess.h>
-#include <crypto/hash.h>
#include <crypto/sha1.h>
#include "tee_private.h"
#define TEE_NUM_DEVICES 32
@@ -140,72 +139,36 @@ static int tee_release(struct inode *inode, struct file *filp)
* UUIDv5 is specific in RFC 4122.
*
* This implements section (for SHA-1):
* 4.3. Algorithm for Creating a Name-Based UUID
*/
-static int uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
- size_t size)
+static void uuid_v5(uuid_t *uuid, const uuid_t *ns, const void *name,
+ size_t size)
{
+ struct sha1_ctx ctx;
unsigned char hash[SHA1_DIGEST_SIZE];
- struct crypto_shash *shash = NULL;
- struct shash_desc *desc = NULL;
- int rc;
-
- shash = crypto_alloc_shash("sha1", 0, 0);
- if (IS_ERR(shash)) {
- rc = PTR_ERR(shash);
- pr_err("shash(sha1) allocation failed\n");
- return rc;
- }
-
- desc = kzalloc(sizeof(*desc) + crypto_shash_descsize(shash),
- GFP_KERNEL);
- if (!desc) {
- rc = -ENOMEM;
- goto out_free_shash;
- }
-
- desc->tfm = shash;
- rc = crypto_shash_init(desc);
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_update(desc, (const u8 *)ns, sizeof(*ns));
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_update(desc, (const u8 *)name, size);
- if (rc < 0)
- goto out_free_desc;
-
- rc = crypto_shash_final(desc, hash);
- if (rc < 0)
- goto out_free_desc;
+ sha1_init(&ctx);
+ sha1_update(&ctx, (const u8 *)ns, sizeof(*ns));
+ sha1_update(&ctx, (const u8 *)name, size);
+ sha1_final(&ctx, hash);
memcpy(uuid->b, hash, UUID_SIZE);
/* Tag for version 5 */
uuid->b[6] = (hash[6] & 0x0F) | 0x50;
uuid->b[8] = (hash[8] & 0x3F) | 0x80;
-
-out_free_desc:
- kfree(desc);
-
-out_free_shash:
- crypto_free_shash(shash);
- return rc;
}
int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
const u8 connection_data[TEE_IOCTL_UUID_LEN])
{
gid_t ns_grp = (gid_t)-1;
kgid_t grp = INVALID_GID;
char *name = NULL;
int name_len;
- int rc;
+ int rc = 0;
if (connection_method == TEE_IOCTL_LOGIN_PUBLIC ||
connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) {
/* Nil UUID to be passed to TEE environment */
uuid_copy(uuid, &uuid_null);
@@ -258,11 +221,11 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
default:
rc = -EINVAL;
goto out_free_name;
}
- rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
+ uuid_v5(uuid, &tee_client_uuid_ns, name, name_len);
out_free_name:
kfree(name);
return rc;
}
--
2.50.1
next prev parent reply other threads:[~2025-07-12 23:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-12 23:22 [PATCH 00/26] SHA-1 library functions Eric Biggers
2025-07-12 23:22 ` [PATCH 01/26] crypto: x86/sha1 - Rename conflicting symbol Eric Biggers
2025-07-12 23:22 ` [PATCH 02/26] lib/crypto: sha1: Rename sha1_init() to sha1_init_raw() Eric Biggers
2025-07-12 23:22 ` [PATCH 03/26] lib/crypto: sha1: Add SHA-1 library functions Eric Biggers
2025-07-13 15:05 ` Elliott, Robert (Servers)
2025-07-13 16:54 ` Eric Biggers
2025-07-12 23:22 ` [PATCH 04/26] lib/crypto: sha1: Add HMAC support Eric Biggers
2025-07-12 23:22 ` [PATCH 05/26] crypto: sha1 - Wrap library and add " Eric Biggers
2025-07-12 23:22 ` [PATCH 06/26] crypto: sha1 - Use same state format as legacy drivers Eric Biggers
2025-07-12 23:22 ` [PATCH 07/26] lib/crypto: arm/sha1: Migrate optimized code into library Eric Biggers
2025-07-12 23:22 ` [PATCH 08/26] lib/crypto: arm64/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 09/26] lib/crypto: mips/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 10/26] lib/crypto: powerpc/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 11/26] lib/crypto: s390/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 12/26] lib/crypto: sparc/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 13/26] lib/crypto: x86/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 14/26] crypto: sha1 - Remove sha1_base.h Eric Biggers
2025-07-12 23:23 ` [PATCH 15/26] lib/crypto: tests: Add KUnit tests for SHA-1 and HMAC-SHA1 Eric Biggers
2025-07-12 23:23 ` [PATCH 16/26] bpf: Use sha1() instead of sha1_transform() in bpf_prog_calc_tag() Eric Biggers
2025-07-12 23:23 ` [PATCH 17/26] sctp: Use HMAC-SHA1 and HMAC-SHA256 library functions Eric Biggers
2025-07-12 23:23 ` [PATCH 18/26] ipv6: sr: " Eric Biggers
2025-07-12 23:23 ` Eric Biggers [this message]
2025-07-12 23:23 ` [PATCH 20/26] lib/digsig: Use SHA-1 library instead of crypto_shash Eric Biggers
2025-07-12 23:23 ` [PATCH 21/26] drm/bridge: it6505: " Eric Biggers
2025-07-12 23:23 ` [PATCH 22/26] nfc: s3fwrn5: " Eric Biggers
2025-07-12 23:23 ` [PATCH 23/26] ppp: mppe: " Eric Biggers
2025-07-12 23:23 ` [PATCH 24/26] KEYS: trusted_tpm1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 25/26] ipv6: Switch to higher-level SHA-1 functions Eric Biggers
2025-07-12 23:23 ` [PATCH 26/26] lib/crypto: sha1: Remove low-level functions from API Eric Biggers
2025-07-14 5:22 ` [PATCH 00/26] SHA-1 library functions Ard Biesheuvel
2025-07-18 17:24 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250712232329.818226-20-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sparclinux@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).