2014-02-12 16:09:45 +01:00
|
|
|
/* <MIT License>
|
2014-10-28 20:28:14 +01:00
|
|
|
Copyright (c) 2013-2014 Marek Majkowski <marek@popcount.org>
|
2014-02-12 16:09:45 +01:00
|
|
|
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
of this software and associated documentation files (the "Software"), to deal
|
|
|
|
in the Software without restriction, including without limitation the rights
|
|
|
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
copies of the Software, and to permit persons to whom the Software is
|
|
|
|
furnished to do so, subject to the following conditions:
|
|
|
|
|
|
|
|
The above copyright notice and this permission notice shall be included in
|
|
|
|
all copies or substantial portions of the Software.
|
|
|
|
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
THE SOFTWARE.
|
|
|
|
</MIT License>
|
|
|
|
|
|
|
|
Original location:
|
|
|
|
https://github.com/majek/csiphash/
|
|
|
|
|
|
|
|
Solution inspired by code from:
|
|
|
|
Samuel Neves (supercop/crypto_auth/siphash24/little)
|
|
|
|
djb (supercop/crypto_auth/siphash24/little2)
|
|
|
|
Jean-Philippe Aumasson (https://131002.net/siphash/siphash24.c)
|
|
|
|
*/
|
|
|
|
|
2014-02-12 16:24:04 +01:00
|
|
|
#include "torint.h"
|
|
|
|
#include "siphash.h"
|
2014-02-12 17:46:58 +01:00
|
|
|
/* for tor_assert */
|
|
|
|
#include "util.h"
|
|
|
|
/* for memcpy */
|
2014-02-12 16:39:22 +01:00
|
|
|
#include <string.h>
|
2017-03-14 19:20:15 +01:00
|
|
|
#include "byteorder.h"
|
2014-02-12 16:09:45 +01:00
|
|
|
|
|
|
|
#define ROTATE(x, b) (uint64_t)( ((x) << (b)) | ( (x) >> (64 - (b))) )
|
|
|
|
|
|
|
|
#define HALF_ROUND(a,b,c,d,s,t) \
|
|
|
|
a += b; c += d; \
|
|
|
|
b = ROTATE(b, s) ^ a; \
|
|
|
|
d = ROTATE(d, t) ^ c; \
|
|
|
|
a = ROTATE(a, 32);
|
|
|
|
|
|
|
|
#define DOUBLE_ROUND(v0,v1,v2,v3) \
|
|
|
|
HALF_ROUND(v0,v1,v2,v3,13,16); \
|
|
|
|
HALF_ROUND(v2,v1,v0,v3,17,21); \
|
|
|
|
HALF_ROUND(v0,v1,v2,v3,13,16); \
|
|
|
|
HALF_ROUND(v2,v1,v0,v3,17,21);
|
|
|
|
|
2014-03-18 15:43:46 +01:00
|
|
|
#if 0
|
|
|
|
/* This does not seem to save very much runtime in the fast case, and it's
|
|
|
|
* potentially a big loss in the slow case where we're misaligned and we cross
|
|
|
|
* a cache line. */
|
2014-02-12 16:39:22 +01:00
|
|
|
#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
|
|
|
|
defined(__x86_64) || defined(__x86_64__) || \
|
|
|
|
defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__))
|
|
|
|
# define UNALIGNED_OK 1
|
|
|
|
#endif
|
2014-03-18 15:43:46 +01:00
|
|
|
#endif
|
2014-02-12 16:09:45 +01:00
|
|
|
|
2014-02-12 16:24:04 +01:00
|
|
|
uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *key) {
|
2015-11-05 19:21:43 +01:00
|
|
|
const uint8_t *m = src;
|
2014-02-12 16:24:04 +01:00
|
|
|
uint64_t k0 = key->k0;
|
|
|
|
uint64_t k1 = key->k1;
|
2015-11-05 19:21:43 +01:00
|
|
|
uint64_t last7 = (uint64_t)(src_sz & 0xff) << 56;
|
|
|
|
size_t i, blocks;
|
2014-02-12 16:24:04 +01:00
|
|
|
|
2014-02-12 16:09:45 +01:00
|
|
|
uint64_t v0 = k0 ^ 0x736f6d6570736575ULL;
|
|
|
|
uint64_t v1 = k1 ^ 0x646f72616e646f6dULL;
|
|
|
|
uint64_t v2 = k0 ^ 0x6c7967656e657261ULL;
|
|
|
|
uint64_t v3 = k1 ^ 0x7465646279746573ULL;
|
|
|
|
|
2015-11-05 19:21:43 +01:00
|
|
|
for (i = 0, blocks = (src_sz & ~7); i < blocks; i+= 8) {
|
2014-02-12 16:39:22 +01:00
|
|
|
#ifdef UNALIGNED_OK
|
2015-11-05 19:21:43 +01:00
|
|
|
uint64_t mi = _le64toh(*(m + i));
|
2014-02-12 16:39:22 +01:00
|
|
|
#else
|
|
|
|
uint64_t mi;
|
2015-11-05 19:21:43 +01:00
|
|
|
memcpy(&mi, m + i, 8);
|
2014-02-12 16:39:22 +01:00
|
|
|
mi = _le64toh(mi);
|
|
|
|
#endif
|
2014-02-12 16:09:45 +01:00
|
|
|
v3 ^= mi;
|
|
|
|
DOUBLE_ROUND(v0,v1,v2,v3);
|
|
|
|
v0 ^= mi;
|
|
|
|
}
|
|
|
|
|
2015-11-05 19:21:43 +01:00
|
|
|
switch (src_sz - blocks) {
|
2017-05-28 23:49:31 +02:00
|
|
|
case 7: last7 |= (uint64_t)m[i + 6] << 48; /* Falls through. */
|
|
|
|
case 6: last7 |= (uint64_t)m[i + 5] << 40; /* Falls through. */
|
|
|
|
case 5: last7 |= (uint64_t)m[i + 4] << 32; /* Falls through. */
|
|
|
|
case 4: last7 |= (uint64_t)m[i + 3] << 24; /* Falls through. */
|
|
|
|
case 3: last7 |= (uint64_t)m[i + 2] << 16; /* Falls through. */
|
|
|
|
case 2: last7 |= (uint64_t)m[i + 1] << 8; /* Falls through. */
|
|
|
|
case 1: last7 |= (uint64_t)m[i + 0] ; /* Falls through. */
|
2015-11-05 19:21:43 +01:00
|
|
|
case 0:
|
|
|
|
default:;
|
2014-02-12 16:09:45 +01:00
|
|
|
}
|
2015-11-05 19:21:43 +01:00
|
|
|
v3 ^= last7;
|
2014-02-12 16:09:45 +01:00
|
|
|
DOUBLE_ROUND(v0,v1,v2,v3);
|
2015-11-05 19:21:43 +01:00
|
|
|
v0 ^= last7;
|
|
|
|
v2 ^= 0xff;
|
2014-02-12 16:09:45 +01:00
|
|
|
DOUBLE_ROUND(v0,v1,v2,v3);
|
|
|
|
DOUBLE_ROUND(v0,v1,v2,v3);
|
2015-11-05 19:21:43 +01:00
|
|
|
return v0 ^ v1 ^ v2 ^ v3;
|
2014-02-12 16:09:45 +01:00
|
|
|
}
|
2014-02-12 16:39:22 +01:00
|
|
|
|
2014-02-12 17:27:03 +01:00
|
|
|
|
|
|
|
static int the_siphash_key_is_set = 0;
|
|
|
|
static struct sipkey the_siphash_key;
|
|
|
|
|
|
|
|
uint64_t siphash24g(const void *src, unsigned long src_sz) {
|
2014-02-12 17:46:58 +01:00
|
|
|
tor_assert(the_siphash_key_is_set);
|
2014-02-12 17:27:03 +01:00
|
|
|
return siphash24(src, src_sz, &the_siphash_key);
|
|
|
|
}
|
|
|
|
|
|
|
|
void siphash_set_global_key(const struct sipkey *key)
|
|
|
|
{
|
2014-02-12 17:46:58 +01:00
|
|
|
tor_assert(! the_siphash_key_is_set);
|
2014-02-12 17:27:03 +01:00
|
|
|
the_siphash_key.k0 = key->k0;
|
|
|
|
the_siphash_key.k1 = key->k1;
|
|
|
|
the_siphash_key_is_set = 1;
|
|
|
|
}
|