Google Git
Sign in
boringssl/boringssl.git/4c7b3bfd7313e354ca8df01f780a2f4cdb0d36ea^!/.
commit
4c7b3bfd7313e354ca8df01f780a2f4cdb0d36ea
[log]
author
Adam Langley <agl@google.com>
Mon May 08 12:42:15 2017 -0700
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Mon May 08 20:36:20 2017 +0000
tree
54b70050ade352c9e0584cef6733b97cce5a7937
parent
238148a8f64ff2ae506349c4b00ea604c2137325 [diff]
Switch integrity hash to SHA-512.

SHA-512 is faster to calculate on 64-bit systems and we're only
targetting 64-bit systems with FIPS.

Change-Id: I5e9b8419ad4ddc72ec682c4193ffb17975d228e5
Reviewed-on: https://boringssl-review.googlesource.com/16025
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index d75ee99..70edbec 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c

@@ -313,11 +313,11 @@
   const uint8_t *const start = BORINGSSL_bcm_text_start;
   const uint8_t *const end = BORINGSSL_bcm_text_end;
 
-  static const uint8_t kHMACKey[32] = {0};
-  uint8_t result[SHA256_DIGEST_LENGTH];
+  static const uint8_t kHMACKey[64] = {0};
+  uint8_t result[SHA512_DIGEST_LENGTH];
 
   unsigned result_len;
-  if (!HMAC(EVP_sha256(), kHMACKey, sizeof(kHMACKey), start, end - start,
+  if (!HMAC(EVP_sha512(), kHMACKey, sizeof(kHMACKey), start, end - start,
             result, &result_len) ||
       result_len != sizeof(result)) {
     goto err;

diff --git a/crypto/fipsmodule/const.go b/crypto/fipsmodule/const.go
index aec10c7..2e009ac 100644
--- a/crypto/fipsmodule/const.go
+++ b/crypto/fipsmodule/const.go

@@ -17,6 +17,6 @@
 // uninitHashValue is the default hash value that we inject into the module.
 // This value need only be distinct, i.e. so that we can safely
 // search-and-replace it in an object file.
-var uninitHashValue = [32]byte{
-	0x5f, 0x30, 0xd1, 0x80, 0xe7, 0x9e, 0x8f, 0x8f, 0xdf, 0x8b, 0x93, 0xd4, 0x96, 0x36, 0x30, 0xcc, 0x30, 0xea, 0x38, 0x0f, 0x75, 0x56, 0x9a, 0x1b, 0x23, 0x2f, 0x7c, 0x79, 0xff, 0x1b, 0x2b, 0xca,
+var uninitHashValue = [64]byte{
+	0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b, 0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f, 0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80, 0xa2, 0xd4, 0xc3, 0x66, 0x0f, 0xc2, 0x6a, 0x7b, 0xf4, 0xbe, 0x39, 0xa2, 0xd7, 0x25, 0xdb, 0x21, 0x98, 0xe9, 0xd5, 0x53, 0xbf, 0x5c, 0x32, 0x06, 0x83, 0x34, 0x0c, 0x65, 0x89, 0x52, 0xbd, 0x1f,
 }

diff --git a/crypto/fipsmodule/delocate.go b/crypto/fipsmodule/delocate.go
index 2c7fbb5..34082c9 100644
--- a/crypto/fipsmodule/delocate.go
+++ b/crypto/fipsmodule/delocate.go

@@ -567,7 +567,7 @@
 
 	// Emit an array for storing the module hash.
 	ret = append(ret, ".type BORINGSSL_bcm_text_hash,@object")
-	ret = append(ret, ".size BORINGSSL_bcm_text_hash,32")
+	ret = append(ret, ".size BORINGSSL_bcm_text_hash,64")
 	ret = append(ret, "BORINGSSL_bcm_text_hash:")
 	for _, b := range uninitHashValue {
 		ret = append(ret, ".byte 0x"+strconv.FormatUint(uint64(b), 16))

diff --git a/crypto/fipsmodule/inject-hash.go b/crypto/fipsmodule/inject-hash.go
index b2e91aa..688024d 100644
--- a/crypto/fipsmodule/inject-hash.go
+++ b/crypto/fipsmodule/inject-hash.go

@@ -20,7 +20,7 @@
 import (
 	"bytes"
 	"crypto/hmac"
-	"crypto/sha256"
+	"crypto/sha512"
 	"debug/elf"
 	"errors"
 	"flag"
@@ -137,8 +137,8 @@
 		return errors.New("failed to read .text: " + err.Error())
 	}
 
-	var zeroKey [32]byte
-	mac := hmac.New(sha256.New, zeroKey[:])
+	var zeroKey [64]byte
+	mac := hmac.New(sha512.New, zeroKey[:])
 	mac.Write(moduleText)
 	calculated := mac.Sum(nil)