Hi Jason,
Le 28/08/2024 à 15:55, Jason A. Donenfeld a écrit :
> Linking to libsodium makes building this test annoying in cross
> compilation environments and is just way too much. Since this is just a
> basic correctness test, simply open code a simple, unoptimized, dumb
> chacha, rather than linking to libsodium.
It doesn't work.
Works with the following change:
diff --git a/tools/testing/selftests/vDSO/vdso_test_chacha.c
b/tools/testing/selftests/vDSO/vdso_test_chacha.c
index 3a5a08d857cf..7443657aa7da 100644
--- a/tools/testing/selftests/vDSO/vdso_test_chacha.c
+++ b/tools/testing/selftests/vDSO/vdso_test_chacha.c
@@ -8,6 +8,7 @@
#include <string.h>
#include <stdint.h>
#include <stdbool.h>
+#include <endian.h>
#include "../kselftest.h"
static uint32_t rol32(uint32_t word, unsigned int shift)
@@ -19,7 +20,8 @@ static void reference_chacha20_blocks(uint8_t
*dst_bytes, const uint32_t *key, s
{
uint32_t s[16] = {
0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U,
- key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7]
+ le32toh(key[0]), le32toh(key[1]), le32toh(key[2]),
le32toh(key[3]),
+ le32toh(key[4]), le32toh(key[5]), le32toh(key[6]),
le32toh(key[7])
};
while (nblocks--) {
Christophe
>
> Signed-off-by: Jason A. Donenfeld <[email protected]>
> ---
> tools/testing/selftests/vDSO/Makefile | 7 +--
> .../testing/selftests/vDSO/vdso_test_chacha.c | 46 ++++++++++++++++++-
> 2 files changed, 45 insertions(+), 8 deletions(-)
>
> diff --git a/tools/testing/selftests/vDSO/Makefile
> b/tools/testing/selftests/vDSO/Makefile
> index 13a626ef64f7..93c50a462858 100644
> --- a/tools/testing/selftests/vDSO/Makefile
> +++ b/tools/testing/selftests/vDSO/Makefile
> @@ -1,8 +1,6 @@
> # SPDX-License-Identifier: GPL-2.0
> uname_M := $(shell uname -m 2>/dev/null || echo not)
> ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/)
> -SODIUM_LIBS := $(shell pkg-config --libs libsodium 2>/dev/null)
> -SODIUM_CFLAGS := $(shell pkg-config --cflags libsodium 2>/dev/null)
>
> TEST_GEN_PROGS := vdso_test_gettimeofday
> TEST_GEN_PROGS += vdso_test_getcpu
> @@ -14,10 +12,8 @@ endif
> TEST_GEN_PROGS += vdso_test_correctness
> ifeq ($(uname_M),x86_64)
> TEST_GEN_PROGS += vdso_test_getrandom
> -ifneq ($(SODIUM_LIBS),)
> TEST_GEN_PROGS += vdso_test_chacha
> endif
> -endif
>
> CFLAGS := -std=gnu99
>
> @@ -43,8 +39,7 @@ $(OUTPUT)/vdso_test_getrandom: CFLAGS += -isystem
> $(top_srcdir)/tools/include \
> -isystem $(top_srcdir)/include/uapi
>
> $(OUTPUT)/vdso_test_chacha:
> $(top_srcdir)/tools/arch/$(ARCH)/vdso/vgetrandom-chacha.S
> -$(OUTPUT)/vdso_test_chacha: LDLIBS += $(SODIUM_LIBS)
> $(OUTPUT)/vdso_test_chacha: CFLAGS += -idirafter
> $(top_srcdir)/tools/include \
> -idirafter
> $(top_srcdir)/arch/$(ARCH)/include \
> -idirafter $(top_srcdir)/include \
> - -D__ASSEMBLY__ -Wa,--noexecstack
> $(SODIUM_CFLAGS)
> + -D__ASSEMBLY__ -Wa,--noexecstack
> diff --git a/tools/testing/selftests/vDSO/vdso_test_chacha.c
> b/tools/testing/selftests/vDSO/vdso_test_chacha.c
> index ca5639d02969..019e8fbdf570 100644
> --- a/tools/testing/selftests/vDSO/vdso_test_chacha.c
> +++ b/tools/testing/selftests/vDSO/vdso_test_chacha.c
> @@ -3,7 +3,6 @@
> * Copyright (C) 2022-2024 Jason A. Donenfeld <[email protected]>. All Rights
> Reserved.
> */
>
> -#include <sodium/crypto_stream_chacha20.h>
> #include <sys/random.h>
> #include <string.h>
> #include <stdint.h>
> @@ -14,6 +13,49 @@ typedef uint8_t u8;
> typedef uint32_t u32;
> typedef uint64_t u64;
> #include <vdso/getrandom.h>
> +#include <tools/le_byteshift.h>
> +
> +static u32 rol32(u32 word, unsigned int shift)
> +{
> + return (word << (shift & 31)) | (word >> ((-shift) & 31));
> +}
> +
> +static void reference_chacha20_blocks(u8 *dst_bytes, const u32 *key, size_t
> nblocks)
> +{
> + u32 s[16] = {
> + 0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U,
> + key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7]
> + };
> +
> + while (nblocks--) {
> + u32 x[16];
> + memcpy(x, s, sizeof(x));
> + for (unsigned int r = 0; r < 20; r += 2) {
> + #define QR(a, b, c, d) ( \
> + x[a] += x[b], \
> + x[d] = rol32(x[d] ^ x[a], 16), \
> + x[c] += x[d], \
> + x[b] = rol32(x[b] ^ x[c], 12), \
> + x[a] += x[b], \
> + x[d] = rol32(x[d] ^ x[a], 8), \
> + x[c] += x[d], \
> + x[b] = rol32(x[b] ^ x[c], 7))
> +
> + QR(0, 4, 8, 12);
> + QR(1, 5, 9, 13);
> + QR(2, 6, 10, 14);
> + QR(3, 7, 11, 15);
> + QR(0, 5, 10, 15);
> + QR(1, 6, 11, 12);
> + QR(2, 7, 8, 13);
> + QR(3, 4, 9, 14);
> + }
> + for (unsigned int i = 0; i < 16; ++i, dst_bytes += sizeof(u32))
> + put_unaligned_le32(x[i] + s[i], dst_bytes);
> + if (!++s[12])
> + ++s[13];
> + }
> +}
>
> int main(int argc, char *argv[])
> {
> @@ -31,7 +73,7 @@ int main(int argc, char *argv[])
> printf("getrandom() failed!\n");
> return KSFT_SKIP;
> }
> - crypto_stream_chacha20(output1, sizeof(output1), nonce,
> (uint8_t *)key);
> + reference_chacha20_blocks(output1, key, BLOCKS);
> for (unsigned int split = 0; split < BLOCKS; ++split) {
> memset(output2, 'X', sizeof(output2));
> memset(counter, 0, sizeof(counter));
