lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ea693ce2-61dd-4885-805f-28aa7e60ea28@csgroup.eu>
Date: Tue, 27 Aug 2024 18:53:54 +0200
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: "Jason A. Donenfeld" <Jason@...c4.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] random: vDSO: move prototype of arch chacha function
 to vdso/getrandom.h



Le 27/08/2024 à 17:47, Jason A. Donenfeld a écrit :
> Having the prototype for __arch_chacha20_blocks_nostack in
> arch/x86/include/asm/vdso/getrandom.h meant that the prototype and large
> doc comment were cloned by every architecture, which has been causing
> unnecessary churn. Instead move it into include/vdso/getrandom.h, where
> it can be shared by all archs implementing it.
> 
> As a side bonus, this then lets us use that prototype in the
> vdso_test_chacha self test, to ensure that it matches the source, and
> indeed doing so turned up some inconsistencies, which are rectified
> here.

Side bonus that I dislike. Or ... it is all that u32 key stuff that I 
dislike.

If it was really u32 I would be able to read it with a LWZ instruction 
(Load Word Zero extended). That's what I did at the begining. But if I 
want the selftest to work, I have to use LWBRX (Load Word Byte Reversed 
...)instead  because the bytes in the word are in reversed order in reality.

So either it is a table of 32 bytes, or it is as defined in RFC 7539:

   A 256-bit key, treated as a concatenation of eight 32-bit 
little-endian integers.

And in that case it is not a table of 8x u32 but table of 8x __le32

> 
> Suggested-by: Christophe Leroy <christophe.leroy@...roup.eu>
> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
> ---


> diff --git a/tools/testing/selftests/vDSO/vdso_test_chacha.c b/tools/testing/selftests/vDSO/vdso_test_chacha.c
> index e38f44e5f803..ca5639d02969 100644
> --- a/tools/testing/selftests/vDSO/vdso_test_chacha.c
> +++ b/tools/testing/selftests/vDSO/vdso_test_chacha.c
> @@ -7,16 +7,20 @@
>   #include <sys/random.h>
>   #include <string.h>
>   #include <stdint.h>
> +#include <stdbool.h>
>   #include "../kselftest.h"
>   
> -extern void __arch_chacha20_blocks_nostack(uint8_t *dst_bytes, const uint8_t *key, uint32_t *counter, size_t nblocks);
> +typedef uint8_t u8;
> +typedef uint32_t u32;
> +typedef uint64_t u64;
> +#include <vdso/getrandom.h>
>   
>   int main(int argc, char *argv[])
>   {
>   	enum { TRIALS = 1000, BLOCKS = 128, BLOCK_SIZE = 64 };
>   	static const uint8_t nonce[8] = { 0 };
>   	uint32_t counter[2];
> -	uint8_t key[32];
> +	uint32_t key[8];
>   	uint8_t output1[BLOCK_SIZE * BLOCKS], output2[BLOCK_SIZE * BLOCKS];
>   
>   	ksft_print_header();
> @@ -27,7 +31,7 @@ int main(int argc, char *argv[])
>   			printf("getrandom() failed!\n");
>   			return KSFT_SKIP;
>   		}
> -		crypto_stream_chacha20(output1, sizeof(output1), nonce, key);
> +		crypto_stream_chacha20(output1, sizeof(output1), nonce, (uint8_t *)key);
>   		for (unsigned int split = 0; split < BLOCKS; ++split) {
>   			memset(output2, 'X', sizeof(output2));
>   			memset(counter, 0, sizeof(counter));

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ