Re: [PATCH v5 1/1] use crc32 instead of md5 for hibernation e820 integrity check

From: Chris von Recklinghausen
Date: Thu Apr 08 2021 - 11:54:11 EST

Next message: Barney Goette: "[PATCH v2] gpio: gpio-104-dio-48e: Fixed coding style issues (revised)"
Previous message: Siddharth Chandrasekaran: "Re: [PATCH 4/4] KVM: hyper-v: Advertise support for fast XMM hypercalls"
In reply to: Eric Biggers: "Re: [PATCH v5 1/1] use crc32 instead of md5 for hibernation e820 integrity check"
Next in thread: Eric Biggers: "Re: [PATCH v5 1/1] use crc32 instead of md5 for hibernation e820 integrity check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/8/21 11:30 AM, Eric Biggers wrote:

On Thu, Apr 08, 2021 at 09:15:06AM -0400, Chris von Recklinghausen wrote:

Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.

This patch changes the integrity check algorithm from md5 to
crc32. This integrity check is used only to verify accidental
corruption of the hybernation data and is not intended as a
cryptographic integrity check.
Md5 is overkill in this case and also disabled in FIPS mode because it
is known to be broken for cryptographic purposes.

Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")

Tested-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
Reviewed-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
Signed-off-by: Chris von Recklinghausen <crecklin@xxxxxxxxxx>
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code change)
v3 -> v4
add note to comments that md5 isn't used for encryption here.
v4 -> v5
reword comment per Simo's suggestion

arch/x86/power/hibernate.c | 35 +++++++++++++++++++----------------
1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/arch/x86/power/hibernate.c b/arch/x86/power/hibernate.c
index cd3914fc9f3d..b56172553275 100644
--- a/arch/x86/power/hibernate.c
+++ b/arch/x86/power/hibernate.c
@@ -55,31 +55,31 @@ int pfn_is_nosave(unsigned long pfn)
}
-#define MD5_DIGEST_SIZE 16
+#define CRC32_DIGEST_SIZE 16
struct restore_data_record {
unsigned long jump_address;
unsigned long jump_address_phys;
unsigned long cr3;
unsigned long magic;
- u8 e820_digest[MD5_DIGEST_SIZE];
+ u8 e820_digest[CRC32_DIGEST_SIZE];
};
-#if IS_BUILTIN(CONFIG_CRYPTO_MD5)
+#if IS_BUILTIN(CONFIG_CRYPTO_CRC32)

Should CONFIG_CRYPTO_CRC32 be getting selected from somewhere?

Yes, presumably from the same source that sets CONFIG_CRYPTO_MD5. Also presumably there's value to not forcing the check if the config value is not set.

If that is too hard because it would pull in too much of the crypto API, maybe
using the library interface to CRC-32 (lib/crc32.c) would be a better fit?

Based on my statement above, the intent is to provide a simple drop in replacement for md5 so that users of FIPS mode can suspend/resume without any errors.

Thanks,

Chris

- Eric

Next message: Barney Goette: "[PATCH v2] gpio: gpio-104-dio-48e: Fixed coding style issues (revised)"
Previous message: Siddharth Chandrasekaran: "Re: [PATCH 4/4] KVM: hyper-v: Advertise support for fast XMM hypercalls"
In reply to: Eric Biggers: "Re: [PATCH v5 1/1] use crc32 instead of md5 for hibernation e820 integrity check"
Next in thread: Eric Biggers: "Re: [PATCH v5 1/1] use crc32 instead of md5 for hibernation e820 integrity check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]