Switch integrity hash to SHA-512.
SHA-512 is faster to calculate on 64-bit systems and we're only
targetting 64-bit systems with FIPS.
Change-Id: I5e9b8419ad4ddc72ec682c4193ffb17975d228e5
Reviewed-on: https://boringssl-review.googlesource.com/16025
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index d75ee99..70edbec 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -313,11 +313,11 @@
const uint8_t *const start = BORINGSSL_bcm_text_start;
const uint8_t *const end = BORINGSSL_bcm_text_end;
- static const uint8_t kHMACKey[32] = {0};
- uint8_t result[SHA256_DIGEST_LENGTH];
+ static const uint8_t kHMACKey[64] = {0};
+ uint8_t result[SHA512_DIGEST_LENGTH];
unsigned result_len;
- if (!HMAC(EVP_sha256(), kHMACKey, sizeof(kHMACKey), start, end - start,
+ if (!HMAC(EVP_sha512(), kHMACKey, sizeof(kHMACKey), start, end - start,
result, &result_len) ||
result_len != sizeof(result)) {
goto err;
diff --git a/crypto/fipsmodule/const.go b/crypto/fipsmodule/const.go
index aec10c7..2e009ac 100644
--- a/crypto/fipsmodule/const.go
+++ b/crypto/fipsmodule/const.go
@@ -17,6 +17,6 @@
// uninitHashValue is the default hash value that we inject into the module.
// This value need only be distinct, i.e. so that we can safely
// search-and-replace it in an object file.
-var uninitHashValue = [32]byte{
- 0x5f, 0x30, 0xd1, 0x80, 0xe7, 0x9e, 0x8f, 0x8f, 0xdf, 0x8b, 0x93, 0xd4, 0x96, 0x36, 0x30, 0xcc, 0x30, 0xea, 0x38, 0x0f, 0x75, 0x56, 0x9a, 0x1b, 0x23, 0x2f, 0x7c, 0x79, 0xff, 0x1b, 0x2b, 0xca,
+var uninitHashValue = [64]byte{
+ 0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b, 0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f, 0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80, 0xa2, 0xd4, 0xc3, 0x66, 0x0f, 0xc2, 0x6a, 0x7b, 0xf4, 0xbe, 0x39, 0xa2, 0xd7, 0x25, 0xdb, 0x21, 0x98, 0xe9, 0xd5, 0x53, 0xbf, 0x5c, 0x32, 0x06, 0x83, 0x34, 0x0c, 0x65, 0x89, 0x52, 0xbd, 0x1f,
}
diff --git a/crypto/fipsmodule/delocate.go b/crypto/fipsmodule/delocate.go
index 2c7fbb5..34082c9 100644
--- a/crypto/fipsmodule/delocate.go
+++ b/crypto/fipsmodule/delocate.go
@@ -567,7 +567,7 @@
// Emit an array for storing the module hash.
ret = append(ret, ".type BORINGSSL_bcm_text_hash,@object")
- ret = append(ret, ".size BORINGSSL_bcm_text_hash,32")
+ ret = append(ret, ".size BORINGSSL_bcm_text_hash,64")
ret = append(ret, "BORINGSSL_bcm_text_hash:")
for _, b := range uninitHashValue {
ret = append(ret, ".byte 0x"+strconv.FormatUint(uint64(b), 16))
diff --git a/crypto/fipsmodule/inject-hash.go b/crypto/fipsmodule/inject-hash.go
index b2e91aa..688024d 100644
--- a/crypto/fipsmodule/inject-hash.go
+++ b/crypto/fipsmodule/inject-hash.go
@@ -20,7 +20,7 @@
import (
"bytes"
"crypto/hmac"
- "crypto/sha256"
+ "crypto/sha512"
"debug/elf"
"errors"
"flag"
@@ -137,8 +137,8 @@
return errors.New("failed to read .text: " + err.Error())
}
- var zeroKey [32]byte
- mac := hmac.New(sha256.New, zeroKey[:])
+ var zeroKey [64]byte
+ mac := hmac.New(sha512.New, zeroKey[:])
mac.Write(moduleText)
calculated := mac.Sum(nil)
