From 7e6ab83de79ef36481daa5f85918efaab5d1082d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sun, 30 Aug 2020 14:35:47 +0200
Subject: padlock: fix partial PHE detection

The xsha1 instruction takes complete SHA-1 blocks (64 bytes) instead
of arbitrary length data when EAX is set to -1.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/accelerated/x86/x86-common.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index 3845c6b4c9..29410e51fd 100644
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -306,17 +306,21 @@ static int check_phe_sha512(unsigned edx)
 
 static int check_phe_partial(void)
 {
-	const char *text = "test and test";
+	const char text[64] =
+		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
 	uint32_t iv[5] = { 0x67452301UL, 0xEFCDAB89UL,
 		0x98BADCFEUL, 0x10325476UL, 0xC3D2E1F0UL
 	};
 
-	padlock_sha1_blocks(iv, text, sizeof(text) - 1);
-	padlock_sha1_blocks(iv, text, sizeof(text) - 1);
+	/* If EAX is set to -1 (this is the case with padlock_sha1_blocks), the
+	 * xsha1 instruction takes a complete SHA-1 block (64 bytes), while it
+	 * takes arbitrary length data otherwise. */
+	padlock_sha1_blocks(iv, text, 1);
 
-	if (iv[0] == 0x9096E2D8UL && iv[1] == 0xA33074EEUL &&
-	    iv[2] == 0xCDBEE447UL && iv[3] == 0xEC7979D2UL &&
-	    iv[4] == 0x9D3FF5CFUL)
+	if (iv[0] == 0xDA4968EBUL && iv[1] == 0x2E377C1FUL &&
+	    iv[2] == 0x884E8F52UL && iv[3] == 0x83524BEBUL &&
+	    iv[4] == 0xE74EBDBDUL)
 		return 1;
 	else
 		return 0;
-- 
cgit v1.2.1