Commit e59236b5 authored by Eric Biggers's avatar Eric Biggers Committed by Dave Hansen
Browse files

x86/sgx: Use SHA-256 library API instead of crypto_shash API 



This user of SHA-256 does not support any other algorithm, so the
crypto_shash abstraction provides no value.  Just use the SHA-256
library API instead, which is much simpler and easier to use.

Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/all/20250428183838.799333-1-ebiggers%40kernel.org
parent b4432656

arch/x86/Kconfig

+1 −2
Original line number Diff line number Diff line
@@ -1881,8 +1881,7 @@ endchoice 
config X86_SGX

	bool "Software Guard eXtensions (SGX)"

	depends on X86_64 && CPU_SUP_INTEL && X86_X2APIC

	depends on CRYPTO=y

	depends on CRYPTO_SHA256=y

	select CRYPTO_LIB_SHA256

	select MMU_NOTIFIER

	select NUMA_KEEP_MEMINFO if NUMA

	select XARRAY_MULTI

arch/x86/kernel/cpu/sgx/driver.h

+0 −1
Original line number Diff line number Diff line
@@ -2,7 +2,6 @@ 
#ifndef __ARCH_SGX_DRIVER_H__

#define __ARCH_SGX_DRIVER_H__



#include <crypto/hash.h>

#include <linux/kref.h>

#include <linux/mmu_notifier.h>

#include <linux/radix-tree.h>

arch/x86/kernel/cpu/sgx/ioctl.c

+2 −28
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 


#include <asm/mman.h>

#include <asm/sgx.h>

#include <crypto/sha2.h>

#include <linux/mman.h>

#include <linux/delay.h>

#include <linux/file.h>
@@ -463,31 +464,6 @@ static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg) 
	return ret;

}



static int __sgx_get_key_hash(struct crypto_shash *tfm, const void *modulus,

			      void *hash)

{

	SHASH_DESC_ON_STACK(shash, tfm);



	shash->tfm = tfm;



	return crypto_shash_digest(shash, modulus, SGX_MODULUS_SIZE, hash);

}



static int sgx_get_key_hash(const void *modulus, void *hash)

{

	struct crypto_shash *tfm;

	int ret;



	tfm = crypto_alloc_shash("sha256", 0, CRYPTO_ALG_ASYNC);

	if (IS_ERR(tfm))

		return PTR_ERR(tfm);



	ret = __sgx_get_key_hash(tfm, modulus, hash);



	crypto_free_shash(tfm);

	return ret;

}



static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct,

			 void *token)

{
@@ -523,9 +499,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, 
	    sgx_xfrm_reserved_mask)

		return -EINVAL;



	ret = sgx_get_key_hash(sigstruct->modulus, mrsigner);

	if (ret)

		return ret;

	sha256(sigstruct->modulus, SGX_MODULUS_SIZE, (u8 *)mrsigner);



	mutex_lock(&encl->lock);