Project

General

Profile

Bug #6242

sha512 is broken in grub

Added by Toomas Soome about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
bootloader
Start date:
2015-09-17
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

so, i did decide to test out sha512 implementation and got "checksum verification failed" error after having enabled sha512 on pool root dataset. while investigating, I did decide to test the sha512 implementation in grub against test in usr/src/test/zfs-tests/tests/functional/checksum/sha2 and sha512_256.

here is printout of digests, first line for generated, second for baseline; first test for msg0, second for msg2:

f91e9481268e0453 ab7d4c6bb7292e9b 466dfc34c6d0c2e4 23afe70731f1e2e0
53048e2681941ef9 9b2e29b76b4c7dab e4c2d0c634fc6d46 e0e2f13107e7af23
FAILED!
4a7cdaf275d96dac a17d7d7becfff77e 7a1625c9bb1d554c 6d0ee9c80e3a281c
3928e184fb8690f8 40da3988121d31be 65cb9d3ef83ee614 6feac861e19b563a
FAILED!

History

#1

Updated by Toomas Soome about 4 years ago

  • Status changed from New to In Progress
  • Assignee set to Toomas Soome

The current SHA512 implementation in grub has 2 major issues - missing type casts of uint8_t data are causing data loss from left shift operation and resulting checksum has wrong byte order. Those two issues are causing immediate failure from reading zfs.

#2

Updated by Electric Monk about 4 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 9ce6e318fecae800270f382ed76162508c5d525b

commit  9ce6e318fecae800270f382ed76162508c5d525b
Author: Toomas Soome <tsoome@me.com>
Date:   2015-10-09T19:27:38.000Z

    6242 sha512 is broken in grub
    Reviewed by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
    Reviewed by: Matthew Ahrens <mahrens@delphix.com>
    Reviewed by: Sašo Kiselkov <skiselkov.ml@gmail.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Also available in: Atom PDF