From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: David Laight <David.Laight@aculab.com>,
Netdev <netdev@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
"Daniel J . Bernstein" <djb@cr.yp.to>,
Linus Torvalds <torvalds@linux-foundation.org>,
Eric Biggers <ebiggers3@gmail.com>
Subject: Re: [PATCH v2 1/4] siphash: add cryptographically secure hashtable function
Date: Thu, 15 Dec 2016 22:25:57 +0100 [thread overview]
Message-ID: <CAHmME9p9cf1W3vhbu=YTRY1Xt=fmE1sVqY1XPt5iQwxfCfQUOA@mail.gmail.com> (raw)
On Thu, Dec 15, 2016 at 10:17 PM, Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
> And I was exactly questioning this.
>
> static unsigned int inet6_hash_frag(__be32 id, const struct in6_addr *saddr,
> const struct in6_addr *daddr)
> {
> net_get_random_once(&ip6_frags.rnd, sizeof(ip6_frags.rnd));
> return jhash_3words(ipv6_addr_hash(saddr), ipv6_addr_hash(daddr),
> (__force u32)id, ip6_frags.rnd);
> }
For this example, the replacement is the function entitled siphash_4u32:
static unsigned int inet6_hash_frag(__be32 id, const struct in6_addr *saddr,
const struct in6_addr *daddr)
{
net_get_random_once(&ip6_frags.rnd, sizeof(ip6_frags.rnd));
return siphash_4u32(ipv6_addr_hash(saddr), ipv6_addr_hash(daddr),
(__force u32)id, 0, ip6_frags.rnd);
}
And then you make ip6_frags.rnd be of type siphash_key_t. Then
everything is taken care of and works beautifully. Please see v5 of
this patchset.
> I would be interested if the compiler can actually constant-fold the
> address of the stack allocation with an simple if () or some
> __builtin_constant_p fiddeling, so we don't have this constant review
> overhead to which function we pass which data. This would also make
> this whole discussion moot.
I'll play with it to see if the compiler is capable of doing that.
Does anybody know off hand if it is or if there are other examples of
the compiler doing that?
In any case, for all current replacement of jhash_1word, jhash_2words,
jhash_3words, there's the siphash_2u32 or siphash_4u32 functions. This
covers the majority of cases.
For replacements of md5_transform, either the data is small and can
fit in siphash_Nu{32,64}, or it can be put into a struct explicitly
aligned on the stack.
For the remaining use of jhash_nwords, either siphash() can be used or
siphash_unaligned() can be used if the source is of unknown alignment.
Both functions have their alignment requirements (or lack thereof)
documented in a docbook comment.
I'll look into the constant folding to see if it actually works. If it
does, I'll use it. If not, I believe the current solution works.
How's that sound?
Jason
next reply other threads:[~2016-12-15 21:26 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-15 21:25 Jason A. Donenfeld [this message]
2016-12-15 21:45 ` [PATCH v2 1/4] siphash: add cryptographically secure hashtable function Hannes Frederic Sowa
2016-12-15 23:43 ` Jason A. Donenfeld
2016-12-16 0:03 ` Hannes Frederic Sowa
2016-12-15 23:47 ` Jason A. Donenfeld
-- strict thread matches above, loose matches on Subject: below --
2016-12-14 3:59 Jason A. Donenfeld
2016-12-14 11:21 ` Hannes Frederic Sowa
2016-12-14 13:10 ` Jason A. Donenfeld
2016-12-14 15:09 ` Hannes Frederic Sowa
2016-12-14 19:47 ` Jason A. Donenfeld
2016-12-15 7:57 ` Herbert Xu
2016-12-14 12:46 ` Jason A. Donenfeld
2016-12-14 22:03 ` Hannes Frederic Sowa
2016-12-14 23:29 ` Jason A. Donenfeld
2016-12-15 8:31 ` Hannes Frederic Sowa
2016-12-15 11:04 ` David Laight
2016-12-15 12:23 ` Hannes Frederic Sowa
2016-12-15 12:28 ` David Laight
2016-12-15 12:50 ` Hannes Frederic Sowa
2016-12-15 13:56 ` David Laight
2016-12-15 14:56 ` Hannes Frederic Sowa
2016-12-15 15:41 ` David Laight
2016-12-15 15:53 ` Hannes Frederic Sowa
2016-12-15 18:50 ` Jason A. Donenfeld
2016-12-15 20:31 ` Hannes Frederic Sowa
2016-12-15 20:43 ` Jason A. Donenfeld
2016-12-15 21:04 ` Peter Zijlstra
2016-12-15 21:09 ` Hannes Frederic Sowa
2016-12-15 21:17 ` Hannes Frederic Sowa
2016-12-15 21:09 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9p9cf1W3vhbu=YTRY1Xt=fmE1sVqY1XPt5iQwxfCfQUOA@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=David.Laight@aculab.com \
--cc=djb@cr.yp.to \
--cc=ebiggers3@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=jeanphilippe.aumasson@gmail.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).