From nobody Fri Dec 19 07:53:28 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1745334466; cv=none; d=zohomail.com; s=zohoarc; b=iTbzuUo5MfywXYVcB32FEWK0wGwF9ZZn79bCrXEfUOJKfFUEOIQpUaRfPWfQovwIm2fcj1WcGoex6t9GnODwL1EZ49gGCcsGUyQ/jt58irNLz6JDuEIP13Em+aJWMbyd6AAE62JtAnUGzTwP0fmDGkoS9KsaWeopfMtNfQbo+fU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1745334466; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=WDJT0W+j5imcAWnKzPI6gEyLmrSG03CfujuYBuS2VuQ=; b=UWq4HfSAS/4vz0bLwrcPMgKEXf0R1FJPOTWElEpjLoYyCznDawZjdmxipA+ro3GG4CAmz3XKB5qoFySJFOi+N4KQJllWnsWxfWzfWDuT9efCSxxGY3Q4nZVq29i94QQllkvB7NPuvf94z8Mh8X2BpfW+lCz0uRiV3EuZuJOtUMQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17453344665921010.9630201523804; Tue, 22 Apr 2025 08:07:46 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.962778.1353978 (Exim 4.92) (envelope-from ) id 1u7FDh-0002hN-A8; Tue, 22 Apr 2025 15:07:33 +0000 Received: by outflank-mailman (output) from mailman id 962778.1353978; Tue, 22 Apr 2025 15:07:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u7FDh-0002hC-6v; Tue, 22 Apr 2025 15:07:33 +0000 Received: by outflank-mailman (input) for mailman id 962778; Tue, 22 Apr 2025 15:07:31 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u7FDf-0000lQ-GT for xen-devel@lists.xenproject.org; Tue, 22 Apr 2025 15:07:31 +0000 Received: from 16.mo583.mail-out.ovh.net (16.mo583.mail-out.ovh.net [87.98.174.144]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 825c7e38-1f8b-11f0-9eb0-5ba50f476ded; Tue, 22 Apr 2025 17:07:30 +0200 (CEST) Received: from director6.ghost.mail-out.ovh.net (unknown [10.109.148.21]) by mo583.mail-out.ovh.net (Postfix) with ESMTP id 4Zhlw11xj6z1gwT for ; Tue, 22 Apr 2025 15:07:29 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-6tjtj (unknown [10.110.178.32]) by director6.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 518011FEC4; Tue, 22 Apr 2025 15:07:28 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.113]) by ghost-submission-5b5ff79f4f-6tjtj with ESMTPSA id XczlBbCwB2gtAQEAHtJGkA (envelope-from ); Tue, 22 Apr 2025 15:07:28 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 825c7e38-1f8b-11f0-9eb0-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-113S007e787a2bd-89e1-430c-a228-f3b8fb6ac07a, 7E508E014E7E7C169EB13C6E22C3C4EBF1F0FDD7) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , trenchboot-devel@googlegroups.com Subject: [PATCH 09/21] lib/sha1.c: add file Date: Tue, 22 Apr 2025 18:06:43 +0300 Message-ID: <8dec423182ed60e2233ed87d98066fed6dc20caf.1745172094.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 12731957624680330396 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvgeegtdehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeeiteejtdffveekuddtgfegteffkefhgedujeehfeefveekvdevveevteeufeevteenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrdduudefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheekfegmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=WDJT0W+j5imcAWnKzPI6gEyLmrSG03CfujuYBuS2VuQ=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1745334449; v=1; b=UM7ZURbYhRRjQiFbl+pHtxZI+t5eXVeafpdrNRYGif+JnCVnauX1q3w+R+agFXTXvTxycoY8 K/zkiFFYN+IEs1tMSWwMDKWIdSOTUPMizO22JcWzReXz3SkWwWrPgQuQsDsr3Hn3oTKYlXuBH/P MCPhTu+8SjWRWZsxauiCXM5/1xHufeTEr2f2SnjHaVhSPo95NeehkjHVHhZuCOTYIe4q40uays0 Of5g6Ipa7VPRkBZVNoH3YoKnbNZAY4G19p1WOCELba3wkpbyhfYbf2uSS+VCSNFG1CTUvCtpOIA BSl83zhAYMUvpKcoQZcK8KcjmIztsMhnvPWmncXmmjOlQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1745334470494019100 Content-Type: text/plain; charset="utf-8" From: Krystian Hebel The code comes from [1] and is licensed under GPL-2.0 license. It's a combination of: - include/crypto/sha1.h - include/crypto/sha1_base.h - lib/crypto/sha1.c - crypto/sha1_generic.c Changes: - includes - formatting - renames and splicing of some trivial functions that are called once - dropping of `int` return values (only zero was ever returned) - getting rid of references to `struct shash_desc` [1]: https://github.com/torvalds/linux/tree/afdab700f65e14070d8ab92175544b1= c62b8bf03 Signed-off-by: Sergii Dmytruk Signed-off-by: Krystian Hebel --- xen/include/xen/sha1.h | 12 +++ xen/lib/Makefile | 1 + xen/lib/sha1.c | 240 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 253 insertions(+) create mode 100644 xen/include/xen/sha1.h create mode 100644 xen/lib/sha1.c diff --git a/xen/include/xen/sha1.h b/xen/include/xen/sha1.h new file mode 100644 index 0000000000..752dfdf827 --- /dev/null +++ b/xen/include/xen/sha1.h @@ -0,0 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef __XEN_SHA1_H +#define __XEN_SHA1_H + +#include + +#define SHA1_DIGEST_SIZE 20 + +void sha1_hash(const u8 *data, unsigned int len, u8 *out); + +#endif /* !__XEN_SHA1_H */ diff --git a/xen/lib/Makefile b/xen/lib/Makefile index 76dc86fab0..0d5774b8d7 100644 --- a/xen/lib/Makefile +++ b/xen/lib/Makefile @@ -38,6 +38,7 @@ lib-y +=3D strtoll.o lib-y +=3D strtoul.o lib-y +=3D strtoull.o lib-$(CONFIG_X86) +=3D x86-generic-hweightl.o +lib-$(CONFIG_X86) +=3D sha1.o lib-$(CONFIG_X86) +=3D xxhash32.o lib-$(CONFIG_X86) +=3D xxhash64.o =20 diff --git a/xen/lib/sha1.c b/xen/lib/sha1.c new file mode 100644 index 0000000000..a11822519d --- /dev/null +++ b/xen/lib/sha1.c @@ -0,0 +1,240 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * SHA1 routine optimized to do word accesses rather than byte accesses, + * and to avoid unnecessary copies into the context array. + * + * This was based on the git SHA1 implementation. + */ + +#include +#include +#include +#include + +/* + * If you have 32 registers or more, the compiler can (and should) + * try to change the array[] accesses into registers. However, on + * machines with less than ~25 registers, that won't really work, + * and at least gcc will make an unholy mess of it. + * + * So to avoid that mess which just slows things down, we force + * the stores to memory to actually happen (we might be better off + * with a 'W(t)=3D(val);asm("":"+m" (W(t))' there instead, as + * suggested by Artur Skawina - that will also make gcc unable to + * try to do the silly "optimize away loads" part because it won't + * see what the value will be). + * + * Ben Herrenschmidt reports that on PPC, the C version comes close + * to the optimized asm with this (ie on PPC you don't want that + * 'volatile', since there are lots of registers). + * + * On ARM we get the best code generation by forcing a full memory barrier + * between each SHA_ROUND, otherwise gcc happily get wild with spilling and + * the stack frame size simply explode and performance goes down the drain. + */ + +#ifdef CONFIG_X86 + #define setW(x, val) (*(volatile uint32_t *)&W(x) =3D (val)) +#elif defined(CONFIG_ARM) + #define setW(x, val) do { W(x) =3D (val); __asm__("":::"memory"); } whil= e ( 0 ) +#else + #define setW(x, val) (W(x) =3D (val)) +#endif + +/* This "rolls" over the 512-bit array */ +#define W(x) (array[(x) & 15]) + +/* + * Where do we get the source from? The first 16 iterations get it from + * the input data, the next mix it from the 512-bit array. + */ +#define SHA_SRC(t) get_unaligned_be32((uint32_t *)data + t) +#define SHA_MIX(t) rol32(W(t + 13) ^ W(t + 8) ^ W(t + 2) ^ W(t), 1) + +#define SHA_ROUND(t, input, fn, constant, A, B, C, D, E) do { \ + uint32_t TEMP =3D input(t); setW(t, TEMP); \ + E +=3D TEMP + rol32(A, 5) + (fn) + (constant); \ + B =3D ror32(B, 2); \ + TEMP =3D E; E =3D D; D =3D C; C =3D B; B =3D A; A =3D TEMP; \ + } while ( 0 ) + +#define T_0_15(t, A, B, C, D, E) \ + SHA_ROUND(t, SHA_SRC, (((C ^ D) & B) ^ D), 0x5a827999, A, B, C, D,= E) +#define T_16_19(t, A, B, C, D, E) \ + SHA_ROUND(t, SHA_MIX, (((C ^ D) & B) ^ D), 0x5a827999, A, B, C, D,= E) +#define T_20_39(t, A, B, C, D, E) \ + SHA_ROUND(t, SHA_MIX, (B ^ C ^ D), 0x6ed9eba1, A, B, C, D, E) +#define T_40_59(t, A, B, C, D, E) = \ + SHA_ROUND(t, SHA_MIX, ((B & C) + (D & (B ^ C))), 0x8f1bbcdc, A, B,= C, \ + D, E) +#define T_60_79(t, A, B, C, D, E) \ + SHA_ROUND(t, SHA_MIX, (B ^ C ^ D), 0xca62c1d6, A, B, C, D, E) + +#define SHA1_BLOCK_SIZE 64 +#define SHA1_WORKSPACE_WORDS 16 + +struct sha1_state { + uint32_t state[SHA1_DIGEST_SIZE / 4]; + uint64_t count; + uint8_t buffer[SHA1_BLOCK_SIZE]; +}; + +typedef void sha1_block_fn(struct sha1_state *sst, const uint8_t *src, int= blocks); + +/** + * sha1_transform - single block SHA1 transform (deprecated) + * + * @digest: 160 bit digest to update + * @data: 512 bits of data to hash + * @array: 16 words of workspace (see note) + * + * This function executes SHA-1's internal compression function. It updat= es the + * 160-bit internal state (@digest) with a single 512-bit data block (@dat= a). + * + * Don't use this function. SHA-1 is no longer considered secure. And ev= en if + * you do have to use SHA-1, this isn't the correct way to hash something = with + * SHA-1 as this doesn't handle padding and finalization. + * + * Note: If the hash is security sensitive, the caller should be sure + * to clear the workspace. This is left to the caller to avoid + * unnecessary clears between chained hashing operations. + */ +void sha1_transform(uint32_t *digest, const uint8_t *data, uint32_t *array) +{ + uint32_t A, B, C, D, E; + unsigned int i =3D 0; + + A =3D digest[0]; + B =3D digest[1]; + C =3D digest[2]; + D =3D digest[3]; + E =3D digest[4]; + + /* Round 1 - iterations 0-16 take their input from 'data' */ + for ( ; i < 16; ++i ) + T_0_15(i, A, B, C, D, E); + + /* Round 1 - tail. Input from 512-bit mixing array */ + for ( ; i < 20; ++i ) + T_16_19(i, A, B, C, D, E); + + /* Round 2 */ + for ( ; i < 40; ++i ) + T_20_39(i, A, B, C, D, E); + + /* Round 3 */ + for ( ; i < 60; ++i ) + T_40_59(i, A, B, C, D, E); + + /* Round 4 */ + for ( ; i < 80; ++i ) + T_60_79(i, A, B, C, D, E); + + digest[0] +=3D A; + digest[1] +=3D B; + digest[2] +=3D C; + digest[3] +=3D D; + digest[4] +=3D E; +} + +static void sha1_init(struct sha1_state *sctx) +{ + sctx->state[0] =3D 0x67452301UL; + sctx->state[1] =3D 0xefcdab89UL; + sctx->state[2] =3D 0x98badcfeUL; + sctx->state[3] =3D 0x10325476UL; + sctx->state[4] =3D 0xc3d2e1f0UL; + sctx->count =3D 0; +} + +static void sha1_do_update(struct sha1_state *sctx, + const uint8_t *data, + unsigned int len, + sha1_block_fn *block_fn) +{ + unsigned int partial =3D sctx->count % SHA1_BLOCK_SIZE; + + sctx->count +=3D len; + + if ( unlikely((partial + len) >=3D SHA1_BLOCK_SIZE) ) + { + int blocks; + + if ( partial ) + { + int p =3D SHA1_BLOCK_SIZE - partial; + + memcpy(sctx->buffer + partial, data, p); + data +=3D p; + len -=3D p; + + block_fn(sctx, sctx->buffer, 1); + } + + blocks =3D len / SHA1_BLOCK_SIZE; + len %=3D SHA1_BLOCK_SIZE; + + if ( blocks ) + { + block_fn(sctx, data, blocks); + data +=3D blocks * SHA1_BLOCK_SIZE; + } + partial =3D 0; + } + if ( len ) + memcpy(sctx->buffer + partial, data, len); +} + +static void sha1_do_finalize(struct sha1_state *sctx, sha1_block_fn *block= _fn) +{ + const int bit_offset =3D SHA1_BLOCK_SIZE - sizeof(__be64); + __be64 *bits =3D (__be64 *)(sctx->buffer + bit_offset); + unsigned int partial =3D sctx->count % SHA1_BLOCK_SIZE; + + sctx->buffer[partial++] =3D 0x80; + if ( partial > bit_offset ) + { + memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial); + partial =3D 0; + + block_fn(sctx, sctx->buffer, 1); + } + + memset(sctx->buffer + partial, 0x0, bit_offset - partial); + *bits =3D cpu_to_be64(sctx->count << 3); + block_fn(sctx, sctx->buffer, 1); +} + +static void sha1_finish(struct sha1_state *sctx, uint8_t *out) +{ + __be32 *digest =3D (__be32 *)out; + int i; + + for ( i =3D 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++ ) + put_unaligned_be32(sctx->state[i], digest++); + + memset(sctx, 0, sizeof(*sctx)); +} + +static void sha1_generic_block_fn(struct sha1_state *sctx, const uint8_t *= src, + int blocks) +{ + uint32_t temp[SHA1_WORKSPACE_WORDS]; + + while ( blocks-- ) + { + sha1_transform(sctx->state, src, temp); + src +=3D SHA1_BLOCK_SIZE; + } + memset(temp, 0, sizeof(temp)); +} + +void sha1_hash(const uint8_t *data, unsigned int len, uint8_t *out) +{ + struct sha1_state sctx; + + sha1_init(&sctx); + sha1_do_update(&sctx, data, len, sha1_generic_block_fn); + sha1_do_finalize(&sctx, sha1_generic_block_fn); + sha1_finish(&sctx, out); +} --=20 2.49.0