tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests: vDSO: open code basic chacha instead of linking to libsodium

Linking to libsodium makes building this test annoying in cross
compilation environments and is just way too much. Since this is just a
basic correctness test, simply open code a simple, unoptimized, dumb
chacha, rather than linking to libsodium.

This also fixes a correctness issue on big endian systems. The kernel's
random.c doesn't bother doing a le32_to_cpu operation on the random
bytes that are passed as the key, and consequently neither does
vgetrandom-chacha.S. However, libsodium's chacha _does_ do this, since
it takes the key as an array of bytes. This meant that the test was
broken on big endian systems, which this commit rectifies.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Jason A. Donenfeld 7fe5b3e4 6fd13b28

+45 -9
+1 -6
tools/testing/selftests/vDSO/Makefile
··· 1 1 # SPDX-License-Identifier: GPL-2.0 2 2 uname_M := $(shell uname -m 2>/dev/null || echo not) 3 3 ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/) 4 - SODIUM_LIBS := $(shell pkg-config --libs libsodium 2>/dev/null) 5 - SODIUM_CFLAGS := $(shell pkg-config --cflags libsodium 2>/dev/null) 6 4 7 5 TEST_GEN_PROGS := vdso_test_gettimeofday 8 6 TEST_GEN_PROGS += vdso_test_getcpu ··· 12 14 TEST_GEN_PROGS += vdso_test_correctness 13 15 ifeq ($(uname_M),x86_64) 14 16 TEST_GEN_PROGS += vdso_test_getrandom 15 - ifneq ($(SODIUM_LIBS),) 16 17 TEST_GEN_PROGS += vdso_test_chacha 17 - endif 18 18 endif 19 19 20 20 CFLAGS := -std=gnu99 ··· 39 43 -isystem $(top_srcdir)/include/uapi 40 44 41 45 $(OUTPUT)/vdso_test_chacha: $(top_srcdir)/tools/arch/$(ARCH)/vdso/vgetrandom-chacha.S 42 - $(OUTPUT)/vdso_test_chacha: LDLIBS += $(SODIUM_LIBS) 43 46 $(OUTPUT)/vdso_test_chacha: CFLAGS += -idirafter $(top_srcdir)/tools/include \ 44 47 -idirafter $(top_srcdir)/arch/$(ARCH)/include \ 45 48 -idirafter $(top_srcdir)/include \ 46 - -D__ASSEMBLY__ -Wa,--noexecstack $(SODIUM_CFLAGS) 49 + -D__ASSEMBLY__ -Wa,--noexecstack
+44 -3
tools/testing/selftests/vDSO/vdso_test_chacha.c
··· 3 3 * Copyright (C) 2022-2024 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4 4 */ 5 5 6 - #include <sodium/crypto_stream_chacha20.h> 6 + #include <tools/le_byteshift.h> 7 7 #include <sys/random.h> 8 8 #include <string.h> 9 9 #include <stdint.h> 10 10 #include <stdbool.h> 11 11 #include "../kselftest.h" 12 + 13 + static uint32_t rol32(uint32_t word, unsigned int shift) 14 + { 15 + return (word << (shift & 31)) | (word >> ((-shift) & 31)); 16 + } 17 + 18 + static void reference_chacha20_blocks(uint8_t *dst_bytes, const uint32_t *key, size_t nblocks) 19 + { 20 + uint32_t s[16] = { 21 + 0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U, 22 + key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7] 23 + }; 24 + 25 + while (nblocks--) { 26 + uint32_t x[16]; 27 + memcpy(x, s, sizeof(x)); 28 + for (unsigned int r = 0; r < 20; r += 2) { 29 + #define QR(a, b, c, d) ( \ 30 + x[a] += x[b], \ 31 + x[d] = rol32(x[d] ^ x[a], 16), \ 32 + x[c] += x[d], \ 33 + x[b] = rol32(x[b] ^ x[c], 12), \ 34 + x[a] += x[b], \ 35 + x[d] = rol32(x[d] ^ x[a], 8), \ 36 + x[c] += x[d], \ 37 + x[b] = rol32(x[b] ^ x[c], 7)) 38 + 39 + QR(0, 4, 8, 12); 40 + QR(1, 5, 9, 13); 41 + QR(2, 6, 10, 14); 42 + QR(3, 7, 11, 15); 43 + QR(0, 5, 10, 15); 44 + QR(1, 6, 11, 12); 45 + QR(2, 7, 8, 13); 46 + QR(3, 4, 9, 14); 47 + } 48 + for (unsigned int i = 0; i < 16; ++i, dst_bytes += sizeof(uint32_t)) 49 + put_unaligned_le32(x[i] + s[i], dst_bytes); 50 + if (!++s[12]) 51 + ++s[13]; 52 + } 53 + } 12 54 13 55 typedef uint8_t u8; 14 56 typedef uint32_t u32; ··· 60 18 int main(int argc, char *argv[]) 61 19 { 62 20 enum { TRIALS = 1000, BLOCKS = 128, BLOCK_SIZE = 64 }; 63 - static const uint8_t nonce[8] = { 0 }; 64 21 uint32_t counter[2]; 65 22 uint32_t key[8]; 66 23 uint8_t output1[BLOCK_SIZE * BLOCKS], output2[BLOCK_SIZE * BLOCKS]; ··· 72 31 printf("getrandom() failed!\n"); 73 32 return KSFT_SKIP; 74 33 } 75 - crypto_stream_chacha20(output1, sizeof(output1), nonce, (uint8_t *)key); 34 + reference_chacha20_blocks(output1, key, BLOCKS); 76 35 for (unsigned int split = 0; split < BLOCKS; ++split) { 77 36 memset(output2, 'X', sizeof(output2)); 78 37 memset(counter, 0, sizeof(counter));