Re: [PATCH v4 1/3] target/arm: Implement an IMPDEF pauth algorithm

[Peter Maydell]

On Wed, 16 Dec 2020 at 22:12, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> Without hardware acceleration, a cryptographically strong
> algorithm is too expensive for pauth_computepac.
>
> Even with hardware accel, we are not currently expecting
> to link the linux-user binaries to any crypto libraries,
> and doing so would generally make the --static build fail.
>
> So choose XXH64 as a reasonably quick and decent hash.
>
> Tested-by: Mark Rutland <mark.rutland@arm.com>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> v2: Move the XXH64 bits to xxhash.h (ajb).
>     Create isar_feature_aa64_pauth_arch and fixup a comment
>     in isar_feature_aa64_pauth that no longer applies.
> ---

> +static uint64_t pauth_computepac_impdef(uint64_t data, uint64_t modifier,
> +                                        ARMPACKey key)
> +{
> +    /*
> +     * The XXH64 algorithmm, simplified for size 32.
> +     * See the description of the algorithm in xxhash.h.
> +     */
> +    uint64_t v1 = QEMU_XXHASH_SEED + XXH_PRIME64_1 + XXH_PRIME64_2;
> +    uint64_t v2 = QEMU_XXHASH_SEED + XXH_PRIME64_2;
> +    uint64_t v3 = QEMU_XXHASH_SEED + 0;
> +    uint64_t v4 = QEMU_XXHASH_SEED - XXH_PRIME64_1;
> +
> +    v1 = XXH64_round(v1, data);
> +    v2 = XXH64_round(v2, modifier);
> +    v3 = XXH64_round(v3, key.lo);
> +    v4 = XXH64_round(v4, key.hi);
> +
> +    return XXH64_avalanche(XXH64_mergerounds(v1, v2, v3, v4));

Since the only use of xxh64 we make is "feed in 4 64 bit inputs
and get a 64 bit result", why provide all the components and
stitch them together here rather than following the existing
pattern we have for qemu_xxhash* (the xxh32 algorithm) and
providing a function
 static inline uint64_t qemu_xxhash64_4(uint64_t a, uint64_t b,
                                        uint64_t c, uint64_t d)
in xxhash.h ?

thanks
-- PMM