2 SipHash reference C implementation
4 Copyright (c) 2012-2021 Jean-Philippe Aumasson
5 <jeanphilippe.aumasson@gmail.com>
6 Copyright (c) 2012-2014 Daniel J. Bernstein <djb@cr.yp.to>
7 Slightly tweaked by the git author.
9 To the extent possible under law, the author(s) have dedicated all copyright
10 and related and neighboring rights to this software to the public domain
11 worldwide. This software is distributed without any warranty.
13 You should have received a copy of the CC0 Public Domain Dedication along
15 this software. If not, see
16 <http://creativecommons.org/publicdomain/zero/1.0/>.
23 /* default: SipHash-2-4 */
31 #define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
33 #define U32TO8_LE(p, v) \
34 (p)[0] = (uint8_t)((v)); \
35 (p)[1] = (uint8_t)((v) >> 8); \
36 (p)[2] = (uint8_t)((v) >> 16); \
37 (p)[3] = (uint8_t)((v) >> 24);
39 #define U8TO64_LE(p) \
40 (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) | \
41 ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) | \
42 ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) | \
43 ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
67 printf("(%3zu) v0 %016" PRIx64 "\n", inlen, v0); \
68 printf("(%3zu) v1 %016" PRIx64 "\n", inlen, v1); \
69 printf("(%3zu) v2 %016" PRIx64 "\n", inlen, v2); \
70 printf("(%3zu) v3 %016" PRIx64 "\n", inlen, v3); \
76 __attribute__((always_inline))
77 static inline uint64_t siphash(const uint64_t *in, const size_t inwords, const uint8_t k[16]) {
78 const unsigned char *kk = (const unsigned char *)k;
80 uint64_t v0 = UINT64_C(0x736f6d6570736575);
81 uint64_t v1 = UINT64_C(0x646f72616e646f6d);
82 uint64_t v2 = UINT64_C(0x6c7967656e657261);
83 uint64_t v3 = UINT64_C(0x7465646279746573);
84 uint64_t k0 = U8TO64_LE(kk);
85 uint64_t k1 = U8TO64_LE(kk + 8);
89 uint64_t b = ((uint64_t)inwords) << (56 + 3);
95 for (j = 0; j < inwords; ++j) {
101 for (i = 0; i < cROUNDS; ++i)
107 // Generally, here siphash writes any extra bytes that weren't an even
108 // multiple of eight as well as the length (in the form of `b`). Then,
109 // because we've written fresh attacker-controlled data into our state, we
110 // do an extra `cROUNDS` `SIPROUND`s. This ensures we have
111 // `cROUNDS` + `dROUNDS` `SIPROUND`s between any attacker-controlled data
112 // and the output, which for SipHash 1-3 means the four rounds required for
115 // However, in our use-case the input is always a multiple of eight bytes
116 // and the attacker doesn't control the length. Thus, we skip the extra
117 // round here, giving us a very slightly tweaked SipHash 1-2 which is
118 // equivalent to SipHash 1-3 with a fixed input of N*8+7 bytes.
122 for (i = 0; i < cROUNDS; ++i)
129 for (i = 0; i < dROUNDS; ++i)
132 b = v0 ^ v1 ^ v2 ^ v3;
137 static uint64_t siphash_uint64_t(const uint64_t in) {
138 return siphash(&in, 1, COMPILE_TIME_RAND);
140 static uint64_t siphash_uint128_t(const __uint128_t in) {
142 memcpy(words, &in, sizeof(__uint128_t));
143 return siphash(words, 2, COMPILE_TIME_RAND);