[PATCH] SoC: cros_ec_codec: switch to library API for SHA-256
Ard Biesheuvel
ardb at kernel.org
Fri May 15 08:50:34 CEST 2020
On Fri, 15 May 2020 at 08:40, Tzung-Bi Shih <tzungbi at google.com> wrote:
>
> On Fri, May 15, 2020 at 2:04 PM Ard Biesheuvel <ardb at kernel.org> wrote:
> > > > > Looking at the code, I was wondering if the SHA-256 is really required
> > > > > here? It looks like it is using it as some kind of fingerprint to decide
> > > > > whether the provided file is identical to the one that has already been
> > > > > loaded. If this is the case, we should probably just use CRC32 instead.
> > >
> > > No, the binary blob carries data and possibly code. We are not only
> > > using the hash as a fingerprint but also an integrity check.
> > >
> >
> > But does it have to be cryptographically strong? Why is CRC32 not sufficient?
>
> Please see https://crrev.com/c/1490800/26/include/ec_commands.h#4744
> for our original decision.
>
In this case, you are using the digest to decide whether the same code
has already been loaded, right?
So it makes sense to think about the threat model here: if you are
able to defeat the strong hash, what does that buy an attacker? If an
attacker is able to create a different piece of code that has the same
digest as the code that was already loaded, the only thing that
happens is that the loader will ignore it. If that is a threat you
want to protect yourself against, then you need sha256. Otherwise, a
crc is sufficient.
> Also would like to let you know that the data path to call
> calculate_sha256( ) is in-frequent (1~2 times) if you think it is too
> expensive to use SHA256
In general, you shouldn't use crypto at all unless you can explain why
it is necessary.
More information about the Alsa-devel
mailing list