From: Eric Biggers <ebiggers3@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: kernel-hardening@lists.openwall.com,
LKML <linux-kernel@vger.kernel.org>,
linux-crypto@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
George Spelvin <linux@horizon.com>,
Scott Bauer <sbauer@eng.utah.edu>,
ak@linux.intel.com, Andy Lutomirski <luto@amacapital.net>,
Greg KH <gregkh@linuxfoundation.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>,
"Daniel J . Bernstein" <djb@cr.yp.to>
Subject: [kernel-hardening] Re: [PATCH v2] siphash: add cryptographically secure hashtable function
Date: Sun, 11 Dec 2016 21:42:29 -0800 [thread overview]
Message-ID: <20161212054229.GA31382@zzz> (raw)
In-Reply-To: <20161212034817.1773-1-Jason@zx2c4.com>
On Mon, Dec 12, 2016 at 04:48:17AM +0100, Jason A. Donenfeld wrote:
>
> diff --git a/lib/Makefile b/lib/Makefile
> index 50144a3aeebd..71d398b04a74 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -22,7 +22,8 @@ lib-y := ctype.o string.o vsprintf.o cmdline.o \
> sha1.o chacha20.o md5.o irq_regs.o argv_split.o \
> flex_proportions.o ratelimit.o show_mem.o \
> is_single_threaded.o plist.o decompress.o kobject_uevent.o \
> - earlycpio.o seq_buf.o nmi_backtrace.o nodemask.o win_minmax.o
> + earlycpio.o seq_buf.o siphash.o \
> + nmi_backtrace.o nodemask.o win_minmax.o
>
> lib-$(CONFIG_MMU) += ioremap.o
> lib-$(CONFIG_SMP) += cpumask.o
> @@ -44,7 +45,7 @@ obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> obj-y += kstrtox.o
> obj-$(CONFIG_TEST_BPF) += test_bpf.o
> obj-$(CONFIG_TEST_FIRMWARE) += test_firmware.o
> -obj-$(CONFIG_TEST_HASH) += test_hash.o
> +obj-$(CONFIG_TEST_HASH) += test_hash.o test_siphash.o
Maybe add to the help text for CONFIG_TEST_HASH that it now tests siphash too?
> +static inline u64 le64_to_cpuvp(const void *p)
> +{
> + return le64_to_cpup(p);
> +}
This assumes the key and message buffers are aligned to __alignof__(u64).
Unless that's going to be a clearly documented requirement for callers, you
should use get_unaligned_le64() instead. And you can pass a 'u8 *' directly to
get_unaligned_le64(), no need for a helper function.
> + b = (v0 ^ v1) ^ (v2 ^ v3);
> + return (__force u64)cpu_to_le64(b);
> +}
It makes sense for this to return a u64, but that means the cpu_to_le64() is
wrong, since u64 indicates CPU endianness. It should just return 'b'.
> +++ b/lib/test_siphash.c
> @@ -0,0 +1,116 @@
> +/* Test cases for siphash.c
> + *
> + * Copyright (C) 2015-2016 Jason A. Donenfeld <Jason@zx2c4.com>
> + *
> + * This file is provided under a dual BSD/GPLv2 license.
> + *
> + * SipHash: a fast short-input PRF
> + * https://131002.net/siphash/
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/siphash.h>
> +#include <linux/kernel.h>
> +#include <linux/string.h>
> +#include <linux/errno.h>
> +#include <linux/module.h>
> +
> +static const u8 test_vectors[64][8] = {
> + { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72 },
Can you mention in a comment where the test vectors came from?
> + if (memcmp(&out, test_vectors[i], 8)) {
> + pr_info("self-test %u: FAIL\n", i + 1);
> + ret = -EINVAL;
> + }
If you make the output really be CPU-endian like I'm suggesting then this will
need to be something like:
if (out != get_unaligned_le64(test_vectors[i])) {
Or else make the test vectors be an array of u64.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers3@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: kernel-hardening@lists.openwall.com,
LKML <linux-kernel@vger.kernel.org>,
linux-crypto@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
George Spelvin <linux@horizon.com>,
Scott Bauer <sbauer@eng.utah.edu>,
ak@linux.intel.com, Andy Lutomirski <luto@amacapital.net>,
Greg KH <gregkh@linuxfoundation.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>,
"Daniel J . Bernstein" <djb@cr.yp.to>
Subject: Re: [PATCH v2] siphash: add cryptographically secure hashtable function
Date: Sun, 11 Dec 2016 21:42:29 -0800 [thread overview]
Message-ID: <20161212054229.GA31382@zzz> (raw)
In-Reply-To: <20161212034817.1773-1-Jason@zx2c4.com>
On Mon, Dec 12, 2016 at 04:48:17AM +0100, Jason A. Donenfeld wrote:
>
> diff --git a/lib/Makefile b/lib/Makefile
> index 50144a3aeebd..71d398b04a74 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -22,7 +22,8 @@ lib-y := ctype.o string.o vsprintf.o cmdline.o \
> sha1.o chacha20.o md5.o irq_regs.o argv_split.o \
> flex_proportions.o ratelimit.o show_mem.o \
> is_single_threaded.o plist.o decompress.o kobject_uevent.o \
> - earlycpio.o seq_buf.o nmi_backtrace.o nodemask.o win_minmax.o
> + earlycpio.o seq_buf.o siphash.o \
> + nmi_backtrace.o nodemask.o win_minmax.o
>
> lib-$(CONFIG_MMU) += ioremap.o
> lib-$(CONFIG_SMP) += cpumask.o
> @@ -44,7 +45,7 @@ obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o
> obj-y += kstrtox.o
> obj-$(CONFIG_TEST_BPF) += test_bpf.o
> obj-$(CONFIG_TEST_FIRMWARE) += test_firmware.o
> -obj-$(CONFIG_TEST_HASH) += test_hash.o
> +obj-$(CONFIG_TEST_HASH) += test_hash.o test_siphash.o
Maybe add to the help text for CONFIG_TEST_HASH that it now tests siphash too?
> +static inline u64 le64_to_cpuvp(const void *p)
> +{
> + return le64_to_cpup(p);
> +}
This assumes the key and message buffers are aligned to __alignof__(u64).
Unless that's going to be a clearly documented requirement for callers, you
should use get_unaligned_le64() instead. And you can pass a 'u8 *' directly to
get_unaligned_le64(), no need for a helper function.
> + b = (v0 ^ v1) ^ (v2 ^ v3);
> + return (__force u64)cpu_to_le64(b);
> +}
It makes sense for this to return a u64, but that means the cpu_to_le64() is
wrong, since u64 indicates CPU endianness. It should just return 'b'.
> +++ b/lib/test_siphash.c
> @@ -0,0 +1,116 @@
> +/* Test cases for siphash.c
> + *
> + * Copyright (C) 2015-2016 Jason A. Donenfeld <Jason@zx2c4.com>
> + *
> + * This file is provided under a dual BSD/GPLv2 license.
> + *
> + * SipHash: a fast short-input PRF
> + * https://131002.net/siphash/
> + */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> +#include <linux/siphash.h>
> +#include <linux/kernel.h>
> +#include <linux/string.h>
> +#include <linux/errno.h>
> +#include <linux/module.h>
> +
> +static const u8 test_vectors[64][8] = {
> + { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72 },
Can you mention in a comment where the test vectors came from?
> + if (memcmp(&out, test_vectors[i], 8)) {
> + pr_info("self-test %u: FAIL\n", i + 1);
> + ret = -EINVAL;
> + }
If you make the output really be CPU-endian like I'm suggesting then this will
need to be something like:
if (out != get_unaligned_le64(test_vectors[i])) {
Or else make the test vectors be an array of u64.
- Eric
next prev parent reply other threads:[~2016-12-12 5:42 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-09 18:36 [kernel-hardening] [PATCH] siphash: add cryptographically secure hashtable function Jason A. Donenfeld
2016-12-09 18:36 ` Jason A. Donenfeld
2016-12-10 12:37 ` [kernel-hardening] " Greg KH
2016-12-11 15:30 ` Jason A. Donenfeld
2016-12-11 15:30 ` Jason A. Donenfeld
2016-12-11 20:43 ` [kernel-hardening] " Greg KH
2016-12-12 3:48 ` [kernel-hardening] [PATCH v2] " Jason A. Donenfeld
2016-12-12 3:48 ` Jason A. Donenfeld
2016-12-12 4:01 ` [kernel-hardening] " Linus Torvalds
2016-12-12 4:01 ` Linus Torvalds
2016-12-12 5:48 ` [kernel-hardening] " Jason A. Donenfeld
2016-12-12 5:48 ` Jason A. Donenfeld
2016-12-12 21:37 ` [kernel-hardening] " Linus Torvalds
2016-12-12 21:37 ` Linus Torvalds
2016-12-12 22:18 ` [kernel-hardening] [PATCH v3] " Jason A. Donenfeld
2016-12-12 22:18 ` Jason A. Donenfeld
2016-12-12 23:01 ` [kernel-hardening] " Andi Kleen
2016-12-12 23:01 ` Andi Kleen
2016-12-13 8:39 ` [kernel-hardening] " Eric Biggers
2016-12-13 8:39 ` Eric Biggers
2016-12-13 19:26 ` [kernel-hardening] " Linus Torvalds
2016-12-13 19:26 ` Linus Torvalds
2016-12-13 22:43 ` [kernel-hardening] " Jason A. Donenfeld
2016-12-13 22:43 ` Jason A. Donenfeld
2016-12-13 22:48 ` [kernel-hardening] [PATCH v4] " Jason A. Donenfeld
2016-12-13 22:48 ` Jason A. Donenfeld
2016-12-12 5:42 ` Eric Biggers [this message]
2016-12-12 5:42 ` [PATCH v2] " Eric Biggers
2016-12-12 21:17 ` [kernel-hardening] " Jason A. Donenfeld
2016-12-12 21:17 ` Jason A. Donenfeld
2016-12-10 14:17 ` [kernel-hardening] Re: [PATCH] " Vegard Nossum
2016-12-10 14:17 ` Vegard Nossum
2016-12-10 15:35 ` [kernel-hardening] " George Spelvin
2016-12-10 15:35 ` George Spelvin
2016-12-10 18:13 ` [kernel-hardening] " Jean-Philippe Aumasson
2016-12-10 18:13 ` Jean-Philippe Aumasson
-- strict thread matches above, loose matches on Subject: below --
2016-12-12 21:44 [kernel-hardening] Re: [PATCH v2] " Jason A. Donenfeld
2016-12-12 21:57 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161212054229.GA31382@zzz \
--to=ebiggers3@gmail.com \
--cc=Jason@zx2c4.com \
--cc=ak@linux.intel.com \
--cc=djb@cr.yp.to \
--cc=gregkh@linuxfoundation.org \
--cc=jeanphilippe.aumasson@gmail.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@horizon.com \
--cc=luto@amacapital.net \
--cc=sbauer@eng.utah.edu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.