perf util: add a basic SHA-1 implementation

SHA-1 can be written in fewer than 100 lines of code.  Just add a basic
SHA-1 implementation so that there's no need to use an external library
or try to pull in the kernel's SHA-1 implementation.  The kernel's SHA-1
implementation is not really intended to be pulled into userspace
programs in the way that it was proposed to do so for perf
(https://lore.kernel.org/r/20250521225307.743726-3-yuzhuo@google.com/),
and it's also likely to undergo some refactoring in the future.  There's
no need to tie userspace tools to it.

Include a test for sha1() in the util test suite.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Ian Rogers <irogers@google.com>
Link: https://lore.kernel.org/r/20250625202311.23244-3-ebiggers@kernel.org
Signed-off-by: Namhyung Kim <namhyung@kernel.org>

diff --git a/tools/perf/tests/util.c b/tools/perf/tests/util.c
index 6366db5cbf8ce8ab64739692c06ff7e9488ca1cf..b273d287e16493c525734cc08f0d63cb959d06c9 100644 (file)
--- a/tools/perf/tests/util.c
+++ b/tools/perf/tests/util.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0
 #include "tests.h"
 #include "util/debug.h"
+#include "util/sha1.h"
 
 #include <linux/compiler.h>
 #include <stdlib.h>
@@ -16,6 +17,48 @@ static int test_strreplace(char needle, const char *haystack,
        return ret == 0;
 }
 
+#define MAX_LEN 512
+
+/* Test sha1() for all lengths from 0 to MAX_LEN inclusively. */
+static int test_sha1(void)
+{
+       u8 data[MAX_LEN];
+       size_t digests_size = (MAX_LEN + 1) * SHA1_DIGEST_SIZE;
+       u8 *digests;
+       u8 digest_of_digests[SHA1_DIGEST_SIZE];
+       /*
+        * The correctness of this value was verified by running this test with
+        * sha1() replaced by OpenSSL's SHA1().
+        */
+       static const u8 expected_digest_of_digests[SHA1_DIGEST_SIZE] = {
+               0x74, 0xcd, 0x4c, 0xb9, 0xd8, 0xa6, 0xd5, 0x95, 0x22, 0x8b,
+               0x7e, 0xd6, 0x8b, 0x7e, 0x46, 0x95, 0x31, 0x9b, 0xa2, 0x43,
+       };
+       size_t i;
+
+       digests = malloc(digests_size);
+       TEST_ASSERT_VAL("failed to allocate digests", digests != NULL);
+
+       /* Generate MAX_LEN bytes of data. */
+       for (i = 0; i < MAX_LEN; i++)
+               data[i] = i;
+
+       /* Calculate a SHA-1 for each length 0 through MAX_LEN inclusively. */
+       for (i = 0; i <= MAX_LEN; i++)
+               sha1(data, i, &digests[i * SHA1_DIGEST_SIZE]);
+
+       /* Calculate digest of all digests calculated above. */
+       sha1(digests, digests_size, digest_of_digests);
+
+       free(digests);
+
+       /* Check for the expected result. */
+       TEST_ASSERT_VAL("wrong output from sha1()",
+                       memcmp(digest_of_digests, expected_digest_of_digests,
+                              SHA1_DIGEST_SIZE) == 0);
+       return 0;
+}
+
 static int test__util(struct test_suite *t __maybe_unused, int subtest __maybe_unused)
 {
        TEST_ASSERT_VAL("empty string", test_strreplace(' ', "", "123", ""));
@@ -25,7 +68,7 @@ static int test__util(struct test_suite *t __maybe_unused, int subtest __maybe_u
        TEST_ASSERT_VAL("replace long", test_strreplace('a', "abcabc", "longlong",
                                                        "longlongbclonglongbc"));
 
-       return 0;
+       return test_sha1();
 }
 
 DEFINE_SUITE("util", util);

diff --git a/tools/perf/util/Build b/tools/perf/util/Build
index 07dc1e704f906e7814c5e89eefffbba8e77dc83f..45515b8f615ab8c807454981a038780eda219333 100644 (file)
--- a/tools/perf/util/Build
+++ b/tools/perf/util/Build
@@ -41,6 +41,7 @@ perf-util-y += rbtree.o
 perf-util-y += libstring.o
 perf-util-y += bitmap.o
 perf-util-y += hweight.o
+perf-util-y += sha1.o
 perf-util-y += smt.o
 perf-util-y += strbuf.o
 perf-util-y += string.o

diff --git a/tools/perf/util/sha1.c b/tools/perf/util/sha1.c
new file mode 100644 (file)
index 0000000..7032fa4
--- /dev/null
+++ b/tools/perf/util/sha1.c
@@ -0,0 +1,97 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * SHA-1 message digest algorithm
+ *
+ * Copyright 2025 Google LLC
+ */
+#include <linux/bitops.h>
+#include <linux/kernel.h>
+#include <linux/unaligned.h>
+#include <string.h>
+
+#include "sha1.h"
+
+#define SHA1_BLOCK_SIZE 64
+
+static const u32 sha1_K[4] = { 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6 };
+
+#define SHA1_ROUND(i, a, b, c, d, e)                                          \
+       do {                                                                  \
+               if ((i) >= 16)                                                \
+                       w[i] = rol32(w[(i) - 16] ^ w[(i) - 14] ^ w[(i) - 8] ^ \
+                                            w[(i) - 3],                      \
+                                    1);                                      \
+               e += w[i] + rol32(a, 5) + sha1_K[(i) / 20];                   \
+               if ((i) < 20)                                                 \
+                       e += (b & (c ^ d)) ^ d;                               \
+               else if ((i) < 40 || (i) >= 60)                               \
+                       e += b ^ c ^ d;                                       \
+               else                                                          \
+                       e += (c & d) ^ (b & (c ^ d));                         \
+               b = rol32(b, 30);                                             \
+               /* The new (a, b, c, d, e) is the old (e, a, b, c, d). */     \
+       } while (0)
+
+#define SHA1_5ROUNDS(i)                             \
+       do {                                        \
+               SHA1_ROUND((i) + 0, a, b, c, d, e); \
+               SHA1_ROUND((i) + 1, e, a, b, c, d); \
+               SHA1_ROUND((i) + 2, d, e, a, b, c); \
+               SHA1_ROUND((i) + 3, c, d, e, a, b); \
+               SHA1_ROUND((i) + 4, b, c, d, e, a); \
+       } while (0)
+
+#define SHA1_20ROUNDS(i)                \
+       do {                            \
+               SHA1_5ROUNDS((i) + 0);  \
+               SHA1_5ROUNDS((i) + 5);  \
+               SHA1_5ROUNDS((i) + 10); \
+               SHA1_5ROUNDS((i) + 15); \
+       } while (0)
+
+static void sha1_blocks(u32 h[5], const u8 *data, size_t nblocks)
+{
+       while (nblocks--) {
+               u32 a = h[0];
+               u32 b = h[1];
+               u32 c = h[2];
+               u32 d = h[3];
+               u32 e = h[4];
+               u32 w[80];
+
+               for (int i = 0; i < 16; i++)
+                       w[i] = get_unaligned_be32(&data[i * 4]);
+               SHA1_20ROUNDS(0);
+               SHA1_20ROUNDS(20);
+               SHA1_20ROUNDS(40);
+               SHA1_20ROUNDS(60);
+
+               h[0] += a;
+               h[1] += b;
+               h[2] += c;
+               h[3] += d;
+               h[4] += e;
+               data += SHA1_BLOCK_SIZE;
+       }
+}
+
+/* Calculate the SHA-1 message digest of the given data. */
+void sha1(const void *data, size_t len, u8 out[SHA1_DIGEST_SIZE])
+{
+       u32 h[5] = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476,
+                    0xC3D2E1F0 };
+       u8 final_data[2 * SHA1_BLOCK_SIZE] = { 0 };
+       size_t final_len = len % SHA1_BLOCK_SIZE;
+
+       sha1_blocks(h, data, len / SHA1_BLOCK_SIZE);
+
+       memcpy(final_data, data + len - final_len, final_len);
+       final_data[final_len] = 0x80;
+       final_len = round_up(final_len + 9, SHA1_BLOCK_SIZE);
+       put_unaligned_be64((u64)len * 8, &final_data[final_len - 8]);
+
+       sha1_blocks(h, final_data, final_len / SHA1_BLOCK_SIZE);
+
+       for (int i = 0; i < 5; i++)
+               put_unaligned_be32(h[i], &out[i * 4]);
+}

diff --git a/tools/perf/util/sha1.h b/tools/perf/util/sha1.h
new file mode 100644 (file)
index 0000000..e92c996
--- /dev/null
+++ b/tools/perf/util/sha1.h
@@ -0,0 +1,6 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#include <linux/types.h>
+
+#define SHA1_DIGEST_SIZE 20
+
+void sha1(const void *data, size_t len, u8 out[SHA1_DIGEST_SIZE]);