libbpf: Replace AF_ALG with open coded SHA-256
Reimplement libbpf_sha256() using some basic SHA-256 C code. This
eliminates the newly-added dependency on AF_ALG, which is a problematic
UAPI that is not supported by all kernels.
Make libbpf_sha256() return void, since it can no longer fail. This
simplifies some callers. Also drop the unnecessary 'sha_out_sz'
parameter. Finally, also fix the typo in "compute_sha_udpate_offsets".
Fixes: c297fe3e9f ("libbpf: Implement SHA256 internal helper")
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Link: https://lore.kernel.org/r/20250928003833.138407-1-ebiggers@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Eric Biggers
Alexei Starovoitov
parent
15cf39221e
commit
4ef77dd584
|
|
@ -371,7 +371,7 @@ static void emit_sys_close_blob(struct bpf_gen *gen, int blob_off)
|
|||
__emit_sys_close(gen);
|
||||
}
|
||||
|
||||
static int compute_sha_udpate_offsets(struct bpf_gen *gen);
|
||||
static void compute_sha_update_offsets(struct bpf_gen *gen);
|
||||
|
||||
int bpf_gen__finish(struct bpf_gen *gen, int nr_progs, int nr_maps)
|
||||
{
|
||||
|
|
@ -399,11 +399,8 @@ int bpf_gen__finish(struct bpf_gen *gen, int nr_progs, int nr_maps)
|
|||
blob_fd_array_off(gen, i));
|
||||
emit(gen, BPF_MOV64_IMM(BPF_REG_0, 0));
|
||||
emit(gen, BPF_EXIT_INSN());
|
||||
if (OPTS_GET(gen->opts, gen_hash, false)) {
|
||||
gen->error = compute_sha_udpate_offsets(gen);
|
||||
if (gen->error)
|
||||
return gen->error;
|
||||
}
|
||||
if (OPTS_GET(gen->opts, gen_hash, false))
|
||||
compute_sha_update_offsets(gen);
|
||||
|
||||
pr_debug("gen: finish %s\n", errstr(gen->error));
|
||||
if (!gen->error) {
|
||||
|
|
@ -457,17 +454,13 @@ void bpf_gen__free(struct bpf_gen *gen)
|
|||
_val; \
|
||||
})
|
||||
|
||||
static int compute_sha_udpate_offsets(struct bpf_gen *gen)
|
||||
static void compute_sha_update_offsets(struct bpf_gen *gen)
|
||||
{
|
||||
__u64 sha[SHA256_DWORD_SIZE];
|
||||
__u64 sha_dw;
|
||||
int i, err;
|
||||
int i;
|
||||
|
||||
err = libbpf_sha256(gen->data_start, gen->data_cur - gen->data_start, sha, SHA256_DIGEST_LENGTH);
|
||||
if (err < 0) {
|
||||
pr_warn("sha256 computation of the metadata failed");
|
||||
return err;
|
||||
}
|
||||
libbpf_sha256(gen->data_start, gen->data_cur - gen->data_start, (__u8 *)sha);
|
||||
for (i = 0; i < SHA256_DWORD_SIZE; i++) {
|
||||
struct bpf_insn *insn =
|
||||
(struct bpf_insn *)(gen->insn_start + gen->hash_insn_offset[i]);
|
||||
|
|
@ -475,7 +468,6 @@ static int compute_sha_udpate_offsets(struct bpf_gen *gen)
|
|||
insn[0].imm = (__u32)sha_dw;
|
||||
insn[1].imm = sha_dw >> 32;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void bpf_gen__load_btf(struct bpf_gen *gen, const void *btf_raw_data,
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@
|
|||
#include <linux/perf_event.h>
|
||||
#include <linux/bpf_perf_event.h>
|
||||
#include <linux/ring_buffer.h>
|
||||
#include <linux/unaligned.h>
|
||||
#include <sys/epoll.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/mman.h>
|
||||
|
|
@ -43,9 +44,6 @@
|
|||
#include <sys/vfs.h>
|
||||
#include <sys/utsname.h>
|
||||
#include <sys/resource.h>
|
||||
#include <sys/socket.h>
|
||||
#include <linux/if_alg.h>
|
||||
#include <linux/socket.h>
|
||||
#include <libelf.h>
|
||||
#include <gelf.h>
|
||||
#include <zlib.h>
|
||||
|
|
@ -4491,7 +4489,7 @@ bpf_object__section_to_libbpf_map_type(const struct bpf_object *obj, int shndx)
|
|||
static int bpf_prog_compute_hash(struct bpf_program *prog)
|
||||
{
|
||||
struct bpf_insn *purged;
|
||||
int i, err;
|
||||
int i, err = 0;
|
||||
|
||||
purged = calloc(prog->insns_cnt, BPF_INSN_SZ);
|
||||
if (!purged)
|
||||
|
|
@ -4519,8 +4517,8 @@ static int bpf_prog_compute_hash(struct bpf_program *prog)
|
|||
purged[i].imm = 0;
|
||||
}
|
||||
}
|
||||
err = libbpf_sha256(purged, prog->insns_cnt * sizeof(struct bpf_insn),
|
||||
prog->hash, SHA256_DIGEST_LENGTH);
|
||||
libbpf_sha256(purged, prog->insns_cnt * sizeof(struct bpf_insn),
|
||||
prog->hash);
|
||||
out:
|
||||
free(purged);
|
||||
return err;
|
||||
|
|
@ -14288,58 +14286,99 @@ void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s)
|
|||
free(s);
|
||||
}
|
||||
|
||||
int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz)
|
||||
static inline __u32 ror32(__u32 v, int bits)
|
||||
{
|
||||
struct sockaddr_alg sa = {
|
||||
.salg_family = AF_ALG,
|
||||
.salg_type = "hash",
|
||||
.salg_name = "sha256"
|
||||
};
|
||||
int sock_fd = -1;
|
||||
int op_fd = -1;
|
||||
int err = 0;
|
||||
|
||||
if (sha_out_sz != SHA256_DIGEST_LENGTH) {
|
||||
pr_warn("sha_out_sz should be exactly 32 bytes for a SHA256 digest");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
sock_fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
|
||||
if (sock_fd < 0) {
|
||||
err = -errno;
|
||||
pr_warn("failed to create AF_ALG socket for SHA256: %s\n", errstr(err));
|
||||
return err;
|
||||
}
|
||||
|
||||
if (bind(sock_fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
|
||||
err = -errno;
|
||||
pr_warn("failed to bind to AF_ALG socket for SHA256: %s\n", errstr(err));
|
||||
goto out;
|
||||
}
|
||||
|
||||
op_fd = accept(sock_fd, NULL, 0);
|
||||
if (op_fd < 0) {
|
||||
err = -errno;
|
||||
pr_warn("failed to accept from AF_ALG socket for SHA256: %s\n", errstr(err));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (write(op_fd, data, data_sz) != data_sz) {
|
||||
err = -errno;
|
||||
pr_warn("failed to write data to AF_ALG socket for SHA256: %s\n", errstr(err));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (read(op_fd, sha_out, SHA256_DIGEST_LENGTH) != SHA256_DIGEST_LENGTH) {
|
||||
err = -errno;
|
||||
pr_warn("failed to read SHA256 from AF_ALG socket: %s\n", errstr(err));
|
||||
goto out;
|
||||
}
|
||||
|
||||
out:
|
||||
if (op_fd >= 0)
|
||||
close(op_fd);
|
||||
if (sock_fd >= 0)
|
||||
close(sock_fd);
|
||||
return err;
|
||||
return (v >> bits) | (v << (32 - bits));
|
||||
}
|
||||
|
||||
#define SHA256_BLOCK_LENGTH 64
|
||||
#define Ch(x, y, z) (((x) & (y)) ^ (~(x) & (z)))
|
||||
#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
|
||||
#define Sigma_0(x) (ror32((x), 2) ^ ror32((x), 13) ^ ror32((x), 22))
|
||||
#define Sigma_1(x) (ror32((x), 6) ^ ror32((x), 11) ^ ror32((x), 25))
|
||||
#define sigma_0(x) (ror32((x), 7) ^ ror32((x), 18) ^ ((x) >> 3))
|
||||
#define sigma_1(x) (ror32((x), 17) ^ ror32((x), 19) ^ ((x) >> 10))
|
||||
|
||||
static const __u32 sha256_K[64] = {
|
||||
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
|
||||
0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
|
||||
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
|
||||
0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
|
||||
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
|
||||
0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
|
||||
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
|
||||
0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
|
||||
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
|
||||
0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
|
||||
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
|
||||
};
|
||||
|
||||
#define SHA256_ROUND(i, a, b, c, d, e, f, g, h) \
|
||||
{ \
|
||||
__u32 tmp = h + Sigma_1(e) + Ch(e, f, g) + sha256_K[i] + w[i]; \
|
||||
d += tmp; \
|
||||
h = tmp + Sigma_0(a) + Maj(a, b, c); \
|
||||
}
|
||||
|
||||
static void sha256_blocks(__u32 state[8], const __u8 *data, size_t nblocks)
|
||||
{
|
||||
while (nblocks--) {
|
||||
__u32 a = state[0];
|
||||
__u32 b = state[1];
|
||||
__u32 c = state[2];
|
||||
__u32 d = state[3];
|
||||
__u32 e = state[4];
|
||||
__u32 f = state[5];
|
||||
__u32 g = state[6];
|
||||
__u32 h = state[7];
|
||||
__u32 w[64];
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 16; i++)
|
||||
w[i] = get_unaligned_be32(&data[4 * i]);
|
||||
for (; i < ARRAY_SIZE(w); i++)
|
||||
w[i] = sigma_1(w[i - 2]) + w[i - 7] +
|
||||
sigma_0(w[i - 15]) + w[i - 16];
|
||||
for (i = 0; i < ARRAY_SIZE(w); i += 8) {
|
||||
SHA256_ROUND(i + 0, a, b, c, d, e, f, g, h);
|
||||
SHA256_ROUND(i + 1, h, a, b, c, d, e, f, g);
|
||||
SHA256_ROUND(i + 2, g, h, a, b, c, d, e, f);
|
||||
SHA256_ROUND(i + 3, f, g, h, a, b, c, d, e);
|
||||
SHA256_ROUND(i + 4, e, f, g, h, a, b, c, d);
|
||||
SHA256_ROUND(i + 5, d, e, f, g, h, a, b, c);
|
||||
SHA256_ROUND(i + 6, c, d, e, f, g, h, a, b);
|
||||
SHA256_ROUND(i + 7, b, c, d, e, f, g, h, a);
|
||||
}
|
||||
state[0] += a;
|
||||
state[1] += b;
|
||||
state[2] += c;
|
||||
state[3] += d;
|
||||
state[4] += e;
|
||||
state[5] += f;
|
||||
state[6] += g;
|
||||
state[7] += h;
|
||||
data += SHA256_BLOCK_LENGTH;
|
||||
}
|
||||
}
|
||||
|
||||
void libbpf_sha256(const void *data, size_t len, __u8 out[SHA256_DIGEST_LENGTH])
|
||||
{
|
||||
__u32 state[8] = { 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
|
||||
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 };
|
||||
const __be64 bitcount = cpu_to_be64((__u64)len * 8);
|
||||
__u8 final_data[2 * SHA256_BLOCK_LENGTH] = { 0 };
|
||||
size_t final_len = len % SHA256_BLOCK_LENGTH;
|
||||
int i;
|
||||
|
||||
sha256_blocks(state, data, len / SHA256_BLOCK_LENGTH);
|
||||
|
||||
memcpy(final_data, data + len - final_len, final_len);
|
||||
final_data[final_len] = 0x80;
|
||||
final_len = round_up(final_len + 9, SHA256_BLOCK_LENGTH);
|
||||
memcpy(&final_data[final_len - 8], &bitcount, 8);
|
||||
|
||||
sha256_blocks(state, final_data, final_len / SHA256_BLOCK_LENGTH);
|
||||
|
||||
for (i = 0; i < ARRAY_SIZE(state); i++)
|
||||
put_unaligned_be32(state[i], &out[4 * i]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -739,5 +739,5 @@ int probe_fd(int fd);
|
|||
#define SHA256_DIGEST_LENGTH 32
|
||||
#define SHA256_DWORD_SIZE SHA256_DIGEST_LENGTH / sizeof(__u64)
|
||||
|
||||
int libbpf_sha256(const void *data, size_t data_sz, void *sha_out, size_t sha_out_sz);
|
||||
void libbpf_sha256(const void *data, size_t len, __u8 out[SHA256_DIGEST_LENGTH]);
|
||||
#endif /* __LIBBPF_LIBBPF_INTERNAL_H */
|
||||
|
|
|
|||
Loading…
Reference in New Issue