Reimplement libbpf_sha256() using some basic SHA-256 C code. This eliminates the newly-added dependency on AF_ALG, which is a problematic UAPI that is not supported by all kernels. Make libbpf_sha256() return void, since it can no longer fail. This simplifies some callers. Also drop the unnecessary 'sha_out_sz' parameter. Finally, also fix the typo in "compute_sha_udpate_offsets". Tested by uncommenting the included test code and running 'make -C tools/bpf/bpftool', which causes the test to be executed. Fixes: c297fe3e9f99 ("libbpf: Implement SHA256 internal helper") Signed-off-by: Eric Biggers --- Let me know if there's some way I should wire up the test. But libbpf doesn't seem to have an internal test suite. tools/lib/bpf/gen_loader.c | 20 ++-- tools/lib/bpf/libbpf.c | 169 ++++++++++++++++++++++---------- tools/lib/bpf/libbpf_internal.h | 2 +- 3 files changed, 124 insertions(+), 67 deletions(-) diff --git a/tools/lib/bpf/gen_loader.c b/tools/lib/bpf/gen_loader.c index 376eef292d3a8..6945dd99a8469 100644 --- a/tools/lib/bpf/gen_loader.c +++ b/tools/lib/bpf/gen_loader.c @@ -369,11 +369,11 @@ static void emit_sys_close_blob(struct bpf_gen *gen, int blob_off) 0, 0, 0, blob_off)); emit(gen, BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0)); __emit_sys_close(gen); } -static int compute_sha_udpate_offsets(struct bpf_gen *gen); +static void compute_sha_update_offsets(struct bpf_gen *gen); int bpf_gen__finish(struct bpf_gen *gen, int nr_progs, int nr_maps) { int i; @@ -397,15 +397,12 @@ int bpf_gen__finish(struct bpf_gen *gen, int nr_progs, int nr_maps) sizeof(struct bpf_map_desc) * i + offsetof(struct bpf_map_desc, map_fd), 4, blob_fd_array_off(gen, i)); emit(gen, BPF_MOV64_IMM(BPF_REG_0, 0)); emit(gen, BPF_EXIT_INSN()); - if (OPTS_GET(gen->opts, gen_hash, false)) { - gen->error = compute_sha_udpate_offsets(gen); - if (gen->error) - return gen->error; - } + if (OPTS_GET(gen->opts, gen_hash, false)) + compute_sha_update_offsets(gen); pr_debug("gen: finish %s\n", errstr(gen->error)); if (!gen->error) { struct gen_loader_opts *opts = gen->opts; @@ -455,29 +452,24 @@ void bpf_gen__free(struct bpf_gen *gen) } \ } \ _val; \ }) -static int compute_sha_udpate_offsets(struct bpf_gen *gen) +static void compute_sha_update_offsets(struct bpf_gen *gen) { __u64 sha[SHA256_DWORD_SIZE]; __u64 sha_dw; - int i, err; + int i; - err = libbpf_sha256(gen->data_start, gen->data_cur - gen->data_start, sha, SHA256_DIGEST_LENGTH); - if (err < 0) { - pr_warn("sha256 computation of the metadata failed"); - return err; - } + libbpf_sha256(gen->data_start, gen->data_cur - gen->data_start, (__u8 *)sha); for (i = 0; i < SHA256_DWORD_SIZE; i++) { struct bpf_insn *insn = (struct bpf_insn *)(gen->insn_start + gen->hash_insn_offset[i]); sha_dw = tgt_endian(sha[i]); insn[0].imm = (__u32)sha_dw; insn[1].imm = sha_dw >> 32; } - return 0; } void bpf_gen__load_btf(struct bpf_gen *gen, const void *btf_raw_data, __u32 btf_raw_size) { diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 7edb36aa88e1d..f804c7b3fa8a2 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -33,21 +33,19 @@ #include #include #include #include #include +#include #include #include #include #include #include #include #include #include -#include -#include -#include #include #include #include #include "libbpf.h" @@ -4489,11 +4487,11 @@ bpf_object__section_to_libbpf_map_type(const struct bpf_object *obj, int shndx) } static int bpf_prog_compute_hash(struct bpf_program *prog) { struct bpf_insn *purged; - int i, err; + int i, err = 0; purged = calloc(prog->insns_cnt, BPF_INSN_SZ); if (!purged) return -ENOMEM; @@ -4517,12 +4515,12 @@ static int bpf_prog_compute_hash(struct bpf_program *prog) } purged[i] = prog->insns[i]; purged[i].imm = 0; } } - err = libbpf_sha256(purged, prog->insns_cnt * sizeof(struct bpf_insn), - prog->hash, SHA256_DIGEST_LENGTH); + libbpf_sha256(purged, prog->insns_cnt * sizeof(struct bpf_insn), + prog->hash); out: free(purged); return err; } @@ -14286,60 +14284,127 @@ void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s) free(s->maps); free(s->progs); free(s); } -int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz) +static inline __u32 ror32(__u32 v, int bits) { - struct sockaddr_alg sa = { - .salg_family = AF_ALG, - .salg_type = "hash", - .salg_name = "sha256" - }; - int sock_fd = -1; - int op_fd = -1; - int err = 0; + return (v >> bits) | (v << (32 - bits)); +} - if (sha_out_sz != SHA256_DIGEST_LENGTH) { - pr_warn("sha_out_sz should be exactly 32 bytes for a SHA256 digest"); - return -EINVAL; - } +#define SHA256_BLOCK_LENGTH 64 +#define Ch(x, y, z) (((x) & (y)) ^ (~(x) & (z))) +#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +#define Sigma_0(x) (ror32((x), 2) ^ ror32((x), 13) ^ ror32((x), 22)) +#define Sigma_1(x) (ror32((x), 6) ^ ror32((x), 11) ^ ror32((x), 25)) +#define sigma_0(x) (ror32((x), 7) ^ ror32((x), 18) ^ ((x) >> 3)) +#define sigma_1(x) (ror32((x), 17) ^ ror32((x), 19) ^ ((x) >> 10)) - sock_fd = socket(AF_ALG, SOCK_SEQPACKET, 0); - if (sock_fd < 0) { - err = -errno; - pr_warn("failed to create AF_ALG socket for SHA256: %s\n", errstr(err)); - return err; - } +static const __u32 sha256_K[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, + 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, + 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, + 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, + 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, + 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +}; - if (bind(sock_fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { - err = -errno; - pr_warn("failed to bind to AF_ALG socket for SHA256: %s\n", errstr(err)); - goto out; - } +#define SHA256_ROUND(i, a, b, c, d, e, f, g, h) \ + { \ + __u32 tmp = h + Sigma_1(e) + Ch(e, f, g) + sha256_K[i] + w[i]; \ + d += tmp; \ + h = tmp + Sigma_0(a) + Maj(a, b, c); \ + } + +static void sha256_blocks(__u32 state[8], const __u8 *data, size_t nblocks) +{ + while (nblocks--) { + __u32 a = state[0]; + __u32 b = state[1]; + __u32 c = state[2]; + __u32 d = state[3]; + __u32 e = state[4]; + __u32 f = state[5]; + __u32 g = state[6]; + __u32 h = state[7]; + __u32 w[64]; + int i; + + for (i = 0; i < 16; i++) + w[i] = get_unaligned_be32(&data[4 * i]); + for (; i < ARRAY_SIZE(w); i++) + w[i] = sigma_1(w[i - 2]) + w[i - 7] + + sigma_0(w[i - 15]) + w[i - 16]; + for (i = 0; i < ARRAY_SIZE(w); i += 8) { + SHA256_ROUND(i + 0, a, b, c, d, e, f, g, h); + SHA256_ROUND(i + 1, h, a, b, c, d, e, f, g); + SHA256_ROUND(i + 2, g, h, a, b, c, d, e, f); + SHA256_ROUND(i + 3, f, g, h, a, b, c, d, e); + SHA256_ROUND(i + 4, e, f, g, h, a, b, c, d); + SHA256_ROUND(i + 5, d, e, f, g, h, a, b, c); + SHA256_ROUND(i + 6, c, d, e, f, g, h, a, b); + SHA256_ROUND(i + 7, b, c, d, e, f, g, h, a); + } + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; + data += SHA256_BLOCK_LENGTH; + } +} + +void libbpf_sha256(const void *data, size_t len, __u8 out[SHA256_DIGEST_LENGTH]) +{ + __u32 state[8] = { 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; + const __be64 bitcount = cpu_to_be64((__u64)len * 8); + __u8 final_data[2 * SHA256_BLOCK_LENGTH] = { 0 }; + size_t final_len = len % SHA256_BLOCK_LENGTH; + int i; - op_fd = accept(sock_fd, NULL, 0); - if (op_fd < 0) { - err = -errno; - pr_warn("failed to accept from AF_ALG socket for SHA256: %s\n", errstr(err)); - goto out; - } + sha256_blocks(state, data, len / SHA256_BLOCK_LENGTH); - if (write(op_fd, data, data_sz) != data_sz) { - err = -errno; - pr_warn("failed to write data to AF_ALG socket for SHA256: %s\n", errstr(err)); - goto out; - } + memcpy(final_data, data + len - final_len, final_len); + final_data[final_len] = 0x80; + final_len = round_up(final_len + 9, SHA256_BLOCK_LENGTH); + memcpy(&final_data[final_len - 8], &bitcount, 8); - if (read(op_fd, sha_out, SHA256_DIGEST_LENGTH) != SHA256_DIGEST_LENGTH) { - err = -errno; - pr_warn("failed to read SHA256 from AF_ALG socket: %s\n", errstr(err)); - goto out; - } + sha256_blocks(state, final_data, final_len / SHA256_BLOCK_LENGTH); -out: - if (op_fd >= 0) - close(op_fd); - if (sock_fd >= 0) - close(sock_fd); - return err; + for (i = 0; i < ARRAY_SIZE(state); i++) + put_unaligned_be32(state[i], &out[4 * i]); +} + +#if 0 /* To test libbpf_sha256(), uncomment this. Requires -lcrypto. */ +#include + +/* Test libbpf_sha256() for all lengths from 0 to 4096 bytes inclusively. */ +static void __attribute__((constructor)) test_libbpf_sha256(void) +{ + __u8 data[4096]; + __u8 hash1[SHA256_DIGEST_LENGTH]; + __u8 hash2[SHA256_DIGEST_LENGTH]; + size_t i; + + for (i = 0; i < sizeof(data); i++) + data[i] = rand(); + + for (i = 0; i <= sizeof(data); i++) { + libbpf_sha256(data, i, hash1); + SHA256(data, i, hash2); /* Uses OpenSSL */ + if (memcmp(hash1, hash2, sizeof(hash1)) != 0) { + pr_warn("libbpf_sha256() test failed\n"); + abort(); + } + } + pr_info("libbpf_sha256() test passed\n"); } +#endif diff --git a/tools/lib/bpf/libbpf_internal.h b/tools/lib/bpf/libbpf_internal.h index 8a055de0d3248..c93797dcaf5bc 100644 --- a/tools/lib/bpf/libbpf_internal.h +++ b/tools/lib/bpf/libbpf_internal.h @@ -737,7 +737,7 @@ int elf_resolve_pattern_offsets(const char *binary_path, const char *pattern, int probe_fd(int fd); #define SHA256_DIGEST_LENGTH 32 #define SHA256_DWORD_SIZE SHA256_DIGEST_LENGTH / sizeof(__u64) -int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz); +void libbpf_sha256(const void *data, size_t len, __u8 out[SHA256_DIGEST_LENGTH]); #endif /* __LIBBPF_LIBBPF_INTERNAL_H */ base-commit: 0e8e60e86cf3292e747a0fa7cc13127f290323ad -- 2.51.0