On Wed, 16 Dec 2020 at 22:12, Richard Henderson
<richard.hender...@linaro.org> wrote:
>
> Without hardware acceleration, a cryptographically strong
> algorithm is too expensive for pauth_computepac.
>
> Even with hardware accel, we are not currently expecting
> to link the linux-user binaries to any crypto libraries,
> and doing so would generally make the --static build fail.
>
> So choose XXH64 as a reasonably quick and decent hash.
>
> Tested-by: Mark Rutland <mark.rutl...@arm.com>
> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
> ---
> v2: Move the XXH64 bits to xxhash.h (ajb).
> Create isar_feature_aa64_pauth_arch and fixup a comment
> in isar_feature_aa64_pauth that no longer applies.
> ---
> +static uint64_t pauth_computepac_impdef(uint64_t data, uint64_t modifier,
> + ARMPACKey key)
> +{
> + /*
> + * The XXH64 algorithmm, simplified for size 32.
> + * See the description of the algorithm in xxhash.h.
> + */
> + uint64_t v1 = QEMU_XXHASH_SEED + XXH_PRIME64_1 + XXH_PRIME64_2;
> + uint64_t v2 = QEMU_XXHASH_SEED + XXH_PRIME64_2;
> + uint64_t v3 = QEMU_XXHASH_SEED + 0;
> + uint64_t v4 = QEMU_XXHASH_SEED - XXH_PRIME64_1;
> +
> + v1 = XXH64_round(v1, data);
> + v2 = XXH64_round(v2, modifier);
> + v3 = XXH64_round(v3, key.lo);
> + v4 = XXH64_round(v4, key.hi);
> +
> + return XXH64_avalanche(XXH64_mergerounds(v1, v2, v3, v4));
Since the only use of xxh64 we make is "feed in 4 64 bit inputs
and get a 64 bit result", why provide all the components and
stitch them together here rather than following the existing
pattern we have for qemu_xxhash* (the xxh32 algorithm) and
providing a function
static inline uint64_t qemu_xxhash64_4(uint64_t a, uint64_t b,
uint64_t c, uint64_t d)
in xxhash.h ?
thanks
-- PMM
