crypto: lib/sha1 - rename "sha" to "sha1"
The library implementation of the SHA-1 compression function is confusingly called just "sha_transform()". Alongside it are some "SHA_" constants and "sha_init()". Presumably these are left over from a time when SHA just meant SHA-1. But now there are also SHA-2 and SHA-3, and moreover SHA-1 is now considered insecure and thus shouldn't be used. Therefore, rename these functions and constants to make it very clear that they are for SHA-1. Also add a comment to make it clear that these shouldn't be used. For the extra-misleadingly named "SHA_MESSAGE_BYTES", rename it to SHA1_BLOCK_SIZE and define it to just '64' rather than '(512/8)' so that it matches the same definition in <crypto/sha.h>. This prepares for merging <linux/cryptohash.h> into <crypto/sha.h>. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
4d21e59450
commit
6b0b0fa2bc
|
@ -7,7 +7,7 @@ SipHash - a short input PRF
|
|||
SipHash is a cryptographically secure PRF -- a keyed hash function -- that
|
||||
performs very well for short inputs, hence the name. It was designed by
|
||||
cryptographers Daniel J. Bernstein and Jean-Philippe Aumasson. It is intended
|
||||
as a replacement for some uses of: `jhash`, `md5_transform`, `sha_transform`,
|
||||
as a replacement for some uses of: `jhash`, `md5_transform`, `sha1_transform`,
|
||||
and so forth.
|
||||
|
||||
SipHash takes a secret key filled with randomly generated numbers and either
|
||||
|
|
|
@ -31,10 +31,10 @@ EXPORT_SYMBOL_GPL(sha1_zero_message_hash);
|
|||
static void sha1_generic_block_fn(struct sha1_state *sst, u8 const *src,
|
||||
int blocks)
|
||||
{
|
||||
u32 temp[SHA_WORKSPACE_WORDS];
|
||||
u32 temp[SHA1_WORKSPACE_WORDS];
|
||||
|
||||
while (blocks--) {
|
||||
sha_transform(sst->state, src, temp);
|
||||
sha1_transform(sst->state, src, temp);
|
||||
src += SHA1_BLOCK_SIZE;
|
||||
}
|
||||
memzero_explicit(temp, sizeof(temp));
|
||||
|
|
|
@ -1397,14 +1397,14 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
|
|||
__u32 w[5];
|
||||
unsigned long l[LONGS(20)];
|
||||
} hash;
|
||||
__u32 workspace[SHA_WORKSPACE_WORDS];
|
||||
__u32 workspace[SHA1_WORKSPACE_WORDS];
|
||||
unsigned long flags;
|
||||
|
||||
/*
|
||||
* If we have an architectural hardware random number
|
||||
* generator, use it for SHA's initial vector
|
||||
*/
|
||||
sha_init(hash.w);
|
||||
sha1_init(hash.w);
|
||||
for (i = 0; i < LONGS(20); i++) {
|
||||
unsigned long v;
|
||||
if (!arch_get_random_long(&v))
|
||||
|
@ -1415,7 +1415,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
|
|||
/* Generate a hash across the pool, 16 words (512 bits) at a time */
|
||||
spin_lock_irqsave(&r->lock, flags);
|
||||
for (i = 0; i < r->poolinfo->poolwords; i += 16)
|
||||
sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
|
||||
sha1_transform(hash.w, (__u8 *)(r->pool + i), workspace);
|
||||
|
||||
/*
|
||||
* We mix the hash back into the pool to prevent backtracking
|
||||
|
|
|
@ -4,11 +4,15 @@
|
|||
|
||||
#include <uapi/linux/types.h>
|
||||
|
||||
#define SHA_DIGEST_WORDS 5
|
||||
#define SHA_MESSAGE_BYTES (512 /*bits*/ / 8)
|
||||
#define SHA_WORKSPACE_WORDS 16
|
||||
|
||||
void sha_init(__u32 *buf);
|
||||
void sha_transform(__u32 *digest, const char *data, __u32 *W);
|
||||
/*
|
||||
* An implementation of SHA-1's compression function. Don't use in new code!
|
||||
* You shouldn't be using SHA-1, and even if you *have* to use SHA-1, this isn't
|
||||
* the correct way to hash something with SHA-1 (use crypto_shash instead).
|
||||
*/
|
||||
#define SHA1_DIGEST_WORDS 5
|
||||
#define SHA1_BLOCK_SIZE 64
|
||||
#define SHA1_WORKSPACE_WORDS 16
|
||||
void sha1_init(__u32 *buf);
|
||||
void sha1_transform(__u32 *digest, const char *data, __u32 *W);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -746,7 +746,7 @@ static inline u32 bpf_prog_insn_size(const struct bpf_prog *prog)
|
|||
static inline u32 bpf_prog_tag_scratch_size(const struct bpf_prog *prog)
|
||||
{
|
||||
return round_up(bpf_prog_insn_size(prog) +
|
||||
sizeof(__be64) + 1, SHA_MESSAGE_BYTES);
|
||||
sizeof(__be64) + 1, SHA1_BLOCK_SIZE);
|
||||
}
|
||||
|
||||
static inline unsigned int bpf_prog_size(unsigned int proglen)
|
||||
|
|
|
@ -262,10 +262,10 @@ void __bpf_prog_free(struct bpf_prog *fp)
|
|||
|
||||
int bpf_prog_calc_tag(struct bpf_prog *fp)
|
||||
{
|
||||
const u32 bits_offset = SHA_MESSAGE_BYTES - sizeof(__be64);
|
||||
const u32 bits_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
|
||||
u32 raw_size = bpf_prog_tag_scratch_size(fp);
|
||||
u32 digest[SHA_DIGEST_WORDS];
|
||||
u32 ws[SHA_WORKSPACE_WORDS];
|
||||
u32 digest[SHA1_DIGEST_WORDS];
|
||||
u32 ws[SHA1_WORKSPACE_WORDS];
|
||||
u32 i, bsize, psize, blocks;
|
||||
struct bpf_insn *dst;
|
||||
bool was_ld_map;
|
||||
|
@ -277,7 +277,7 @@ int bpf_prog_calc_tag(struct bpf_prog *fp)
|
|||
if (!raw)
|
||||
return -ENOMEM;
|
||||
|
||||
sha_init(digest);
|
||||
sha1_init(digest);
|
||||
memset(ws, 0, sizeof(ws));
|
||||
|
||||
/* We need to take out the map fd for the digest calculation
|
||||
|
@ -308,8 +308,8 @@ int bpf_prog_calc_tag(struct bpf_prog *fp)
|
|||
memset(&raw[psize], 0, raw_size - psize);
|
||||
raw[psize++] = 0x80;
|
||||
|
||||
bsize = round_up(psize, SHA_MESSAGE_BYTES);
|
||||
blocks = bsize / SHA_MESSAGE_BYTES;
|
||||
bsize = round_up(psize, SHA1_BLOCK_SIZE);
|
||||
blocks = bsize / SHA1_BLOCK_SIZE;
|
||||
todo = raw;
|
||||
if (bsize - psize >= sizeof(__be64)) {
|
||||
bits = (__be64 *)(todo + bsize - sizeof(__be64));
|
||||
|
@ -320,12 +320,12 @@ int bpf_prog_calc_tag(struct bpf_prog *fp)
|
|||
*bits = cpu_to_be64((psize - 1) << 3);
|
||||
|
||||
while (blocks--) {
|
||||
sha_transform(digest, todo, ws);
|
||||
todo += SHA_MESSAGE_BYTES;
|
||||
sha1_transform(digest, todo, ws);
|
||||
todo += SHA1_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
result = (__force __be32 *)digest;
|
||||
for (i = 0; i < SHA_DIGEST_WORDS; i++)
|
||||
for (i = 0; i < SHA1_DIGEST_WORDS; i++)
|
||||
result[i] = cpu_to_be32(digest[i]);
|
||||
memcpy(fp->tag, result, sizeof(fp->tag));
|
||||
|
||||
|
|
22
lib/sha1.c
22
lib/sha1.c
|
@ -64,22 +64,24 @@
|
|||
#define T_60_79(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0xca62c1d6, A, B, C, D, E )
|
||||
|
||||
/**
|
||||
* sha_transform - single block SHA1 transform
|
||||
* sha1_transform - single block SHA1 transform (deprecated)
|
||||
*
|
||||
* @digest: 160 bit digest to update
|
||||
* @data: 512 bits of data to hash
|
||||
* @array: 16 words of workspace (see note)
|
||||
*
|
||||
* This function generates a SHA1 digest for a single 512-bit block.
|
||||
* Be warned, it does not handle padding and message digest, do not
|
||||
* confuse it with the full FIPS 180-1 digest algorithm for variable
|
||||
* length messages.
|
||||
* This function executes SHA-1's internal compression function. It updates the
|
||||
* 160-bit internal state (@digest) with a single 512-bit data block (@data).
|
||||
*
|
||||
* Don't use this function. SHA-1 is no longer considered secure. And even if
|
||||
* you do have to use SHA-1, this isn't the correct way to hash something with
|
||||
* SHA-1 as this doesn't handle padding and finalization.
|
||||
*
|
||||
* Note: If the hash is security sensitive, the caller should be sure
|
||||
* to clear the workspace. This is left to the caller to avoid
|
||||
* unnecessary clears between chained hashing operations.
|
||||
*/
|
||||
void sha_transform(__u32 *digest, const char *data, __u32 *array)
|
||||
void sha1_transform(__u32 *digest, const char *data, __u32 *array)
|
||||
{
|
||||
__u32 A, B, C, D, E;
|
||||
|
||||
|
@ -185,13 +187,13 @@ void sha_transform(__u32 *digest, const char *data, __u32 *array)
|
|||
digest[3] += D;
|
||||
digest[4] += E;
|
||||
}
|
||||
EXPORT_SYMBOL(sha_transform);
|
||||
EXPORT_SYMBOL(sha1_transform);
|
||||
|
||||
/**
|
||||
* sha_init - initialize the vectors for a SHA1 digest
|
||||
* sha1_init - initialize the vectors for a SHA1 digest
|
||||
* @buf: vector to initialize
|
||||
*/
|
||||
void sha_init(__u32 *buf)
|
||||
void sha1_init(__u32 *buf)
|
||||
{
|
||||
buf[0] = 0x67452301;
|
||||
buf[1] = 0xefcdab89;
|
||||
|
@ -199,4 +201,4 @@ void sha_init(__u32 *buf)
|
|||
buf[3] = 0x10325476;
|
||||
buf[4] = 0xc3d2e1f0;
|
||||
}
|
||||
EXPORT_SYMBOL(sha_init);
|
||||
EXPORT_SYMBOL(sha1_init);
|
||||
|
|
|
@ -3222,11 +3222,11 @@ static int ipv6_generate_stable_address(struct in6_addr *address,
|
|||
const struct inet6_dev *idev)
|
||||
{
|
||||
static DEFINE_SPINLOCK(lock);
|
||||
static __u32 digest[SHA_DIGEST_WORDS];
|
||||
static __u32 workspace[SHA_WORKSPACE_WORDS];
|
||||
static __u32 digest[SHA1_DIGEST_WORDS];
|
||||
static __u32 workspace[SHA1_WORKSPACE_WORDS];
|
||||
|
||||
static union {
|
||||
char __data[SHA_MESSAGE_BYTES];
|
||||
char __data[SHA1_BLOCK_SIZE];
|
||||
struct {
|
||||
struct in6_addr secret;
|
||||
__be32 prefix[2];
|
||||
|
@ -3251,7 +3251,7 @@ static int ipv6_generate_stable_address(struct in6_addr *address,
|
|||
retry:
|
||||
spin_lock_bh(&lock);
|
||||
|
||||
sha_init(digest);
|
||||
sha1_init(digest);
|
||||
memset(&data, 0, sizeof(data));
|
||||
memset(workspace, 0, sizeof(workspace));
|
||||
memcpy(data.hwaddr, idev->dev->perm_addr, idev->dev->addr_len);
|
||||
|
@ -3260,7 +3260,7 @@ retry:
|
|||
data.secret = secret;
|
||||
data.dad_count = dad_count;
|
||||
|
||||
sha_transform(digest, data.__data, workspace);
|
||||
sha1_transform(digest, data.__data, workspace);
|
||||
|
||||
temp = *address;
|
||||
temp.s6_addr32[2] = (__force __be32)digest[0];
|
||||
|
|
Loading…
Reference in New Issue