git.bitcoin.ninja Git - flowspec-xdp/blob - siphash.h

   1 /*
   2    SipHash reference C implementation
   3
   4    Copyright (c) 2012-2021 Jean-Philippe Aumasson
   5    <jeanphilippe.aumasson@gmail.com>
   6    Copyright (c) 2012-2014 Daniel J. Bernstein <djb@cr.yp.to>
   7    Slightly tweaked by the git author.
   8
   9    To the extent possible under law, the author(s) have dedicated all copyright
  10    and related and neighboring rights to this software to the public domain
  11    worldwide. This software is distributed without any warranty.
  12
  13    You should have received a copy of the CC0 Public Domain Dedication along
  14    with
  15    this software. If not, see
  16    <http://creativecommons.org/publicdomain/zero/1.0/>.
  17  */
  18
  19 #include <stddef.h>
  20 #include <stdint.h>
  21 #include <string.h>
  22
  23 /* default: SipHash-2-4 */
  24 #ifndef cROUNDS
  25 #define cROUNDS 1
  26 #endif
  27 #ifndef dROUNDS
  28 #define dROUNDS 3
  29 #endif
  30
  31 #define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
  32
  33 #define U32TO8_LE(p, v)                                                        \
  34     (p)[0] = (uint8_t)((v));                                                   \
  35     (p)[1] = (uint8_t)((v) >> 8);                                              \
  36     (p)[2] = (uint8_t)((v) >> 16);                                             \
  37     (p)[3] = (uint8_t)((v) >> 24);
  38
  39 #define U8TO64_LE(p)                                                           \
  40     (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) |                        \
  41      ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) |                 \
  42      ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) |                 \
  43      ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
  44
  45 #define SIPROUND                                                               \
  46     do {                                                                       \
  47         v0 += v1;                                                              \
  48         v1 = ROTL(v1, 13);                                                     \
  49         v1 ^= v0;                                                              \
  50         v0 = ROTL(v0, 32);                                                     \
  51         v2 += v3;                                                              \
  52         v3 = ROTL(v3, 16);                                                     \
  53         v3 ^= v2;                                                              \
  54         v0 += v3;                                                              \
  55         v3 = ROTL(v3, 21);                                                     \
  56         v3 ^= v0;                                                              \
  57         v2 += v1;                                                              \
  58         v1 = ROTL(v1, 17);                                                     \
  59         v1 ^= v2;                                                              \
  60         v2 = ROTL(v2, 32);                                                     \
  61     } while (0)
  62
  63 #ifdef DEBUG
  64 #include <stdio.h>
  65 #define TRACE                                                                  \
  66     do {                                                                       \
  67         printf("(%3zu) v0 %016" PRIx64 "\n", inlen, v0);                       \
  68         printf("(%3zu) v1 %016" PRIx64 "\n", inlen, v1);                       \
  69         printf("(%3zu) v2 %016" PRIx64 "\n", inlen, v2);                       \
  70         printf("(%3zu) v3 %016" PRIx64 "\n", inlen, v3);                       \
  71     } while (0)
  72 #else
  73 #define TRACE
  74 #endif
  75
  76 __attribute__((always_inline))
  77 static inline uint64_t siphash(const uint64_t *in, const size_t inwords, const uint8_t k[16]) {
  78     const unsigned char *kk = (const unsigned char *)k;
  79
  80     uint64_t v0 = UINT64_C(0x736f6d6570736575);
  81     uint64_t v1 = UINT64_C(0x646f72616e646f6d);
  82     uint64_t v2 = UINT64_C(0x6c7967656e657261);
  83     uint64_t v3 = UINT64_C(0x7465646279746573);
  84     uint64_t k0 = U8TO64_LE(kk);
  85     uint64_t k1 = U8TO64_LE(kk + 8);
  86     uint64_t m;
  87     int i;
  88     size_t j;
  89     uint64_t b = ((uint64_t)inwords) << (56 + 3);
  90     v3 ^= k1;
  91     v2 ^= k0;
  92     v1 ^= k1;
  93     v0 ^= k0;
  94
  95     for (j = 0; j < inwords; ++j) {
  96         m = *in;
  97         in += 1;
  98         v3 ^= m;
  99
 100         TRACE;
 101         for (i = 0; i < cROUNDS; ++i)
 102             SIPROUND;
 103
 104         v0 ^= m;
 105     }
 106
 107     // Generally, here siphash writes any extra bytes that weren't an even
 108     // multiple of eight as well as the length (in the form of `b`). Then,
 109     // because we've written fresh attacker-controlled data into our state, we
 110     // do an extra `cROUNDS` `SIPROUND`s. This ensures we have
 111     // `cROUNDS` + `dROUNDS` `SIPROUND`s between any attacker-controlled data
 112     // and the output, which for SipHash 1-3 means the four rounds required for
 113     // good mixing.
 114     //
 115     // However, in our use-case the input is always a multiple of eight bytes
 116     // and the attacker doesn't control the length. Thus, we skip the extra
 117     // round here, giving us a very slightly tweaked SipHash 1-2 which is
 118     // equivalent to SipHash 1-3 with a fixed input of N*8+7 bytes.
 119     /*v3 ^= b;
 120
 121     TRACE;
 122     for (i = 0; i < cROUNDS; ++i)
 123         SIPROUND;*/
 124
 125     v0 ^= b;
 126     v2 ^= 0xff;
 127
 128     TRACE;
 129     for (i = 0; i < dROUNDS; ++i)
 130         SIPROUND;
 131
 132     b = v0 ^ v1 ^ v2 ^ v3;
 133     return b;
 134 }
 135
 136 #include "rand.h"
 137 static uint64_t siphash_uint64_t(const uint64_t in) {
 138         return siphash(&in, 1, COMPILE_TIME_RAND);
 139 }
 140 static uint64_t siphash_uint128_t(const __uint128_t in) {
 141         uint64_t words[2];
 142         memcpy(words, &in, sizeof(__uint128_t));
 143         return siphash(words, 2, COMPILE_TIME_RAND);
 144 }