1 // SPDX-License-Identifier: BSD-3-Clause 1 // SPDX-License-Identifier: BSD-3-Clause 2 /* $OpenBSD: siphash.c,v 1.3 2015/02/20 1 2 /* $OpenBSD: siphash.c,v 1.3 2015/02/20 11:51:03 tedu Exp $ */ 3 3 4 /*- 4 /*- 5 * Copyright (c) 2013 Andre Oppermann <andre@F 5 * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org> 6 * All rights reserved. 6 * All rights reserved. 7 * 7 * 8 * Redistribution and use in source and binary 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that t 9 * modification, are permitted provided that the following conditions 10 * are met: 10 * are met: 11 * 1. Redistributions of source code must reta 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must repr 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials pro 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of the author may not be used t 16 * 3. The name of the author may not be used to endorse or promote 17 * products derived from this software with 17 * products derived from this software without specific prior written 18 * permission. 18 * permission. 19 * 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDIN 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND F 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTH 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECI 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PRO 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILI 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF AD 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 30 * SUCH DAMAGE. 31 */ 31 */ 32 32 33 /* 33 /* 34 * SipHash is a family of PRFs SipHash-c-d whe 34 * SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d 35 * are the number of compression rounds and th 35 * are the number of compression rounds and the number of finalization rounds. 36 * A compression round is identical to a final 36 * A compression round is identical to a finalization round and this round 37 * function is called SipRound. Given a 128-b 37 * function is called SipRound. Given a 128-bit key k and a (possibly empty) 38 * byte string m, SipHash-c-d returns a 64-bit 38 * byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m). 39 * 39 * 40 * Implemented from the paper "SipHash: a fast 40 * Implemented from the paper "SipHash: a fast short-input PRF", 2012.09.18, 41 * by Jean-Philippe Aumasson and Daniel J. Ber 41 * by Jean-Philippe Aumasson and Daniel J. Bernstein, 42 * Permanent Document ID b9a943a805fbfc6fde808 42 * Permanent Document ID b9a943a805fbfc6fde808af9fc0ecdfa 43 * https://131002.net/siphash/siphash.pdf 43 * https://131002.net/siphash/siphash.pdf 44 * https://131002.net/siphash/ 44 * https://131002.net/siphash/ 45 */ 45 */ 46 46 47 #include <asm/byteorder.h> 47 #include <asm/byteorder.h> 48 #include <linux/unaligned.h> 48 #include <linux/unaligned.h> 49 #include <linux/bitops.h> 49 #include <linux/bitops.h> 50 #include <linux/string.h> 50 #include <linux/string.h> 51 51 52 #include "siphash.h" 52 #include "siphash.h" 53 53 54 static void SipHash_Rounds(SIPHASH_CTX *ctx, i 54 static void SipHash_Rounds(SIPHASH_CTX *ctx, int rounds) 55 { 55 { 56 while (rounds--) { 56 while (rounds--) { 57 ctx->v[0] += ctx->v[1]; 57 ctx->v[0] += ctx->v[1]; 58 ctx->v[2] += ctx->v[3]; 58 ctx->v[2] += ctx->v[3]; 59 ctx->v[1] = rol64(ctx->v[1], 1 59 ctx->v[1] = rol64(ctx->v[1], 13); 60 ctx->v[3] = rol64(ctx->v[3], 1 60 ctx->v[3] = rol64(ctx->v[3], 16); 61 61 62 ctx->v[1] ^= ctx->v[0]; 62 ctx->v[1] ^= ctx->v[0]; 63 ctx->v[3] ^= ctx->v[2]; 63 ctx->v[3] ^= ctx->v[2]; 64 ctx->v[0] = rol64(ctx->v[0], 3 64 ctx->v[0] = rol64(ctx->v[0], 32); 65 65 66 ctx->v[2] += ctx->v[1]; 66 ctx->v[2] += ctx->v[1]; 67 ctx->v[0] += ctx->v[3]; 67 ctx->v[0] += ctx->v[3]; 68 ctx->v[1] = rol64(ctx->v[1], 1 68 ctx->v[1] = rol64(ctx->v[1], 17); 69 ctx->v[3] = rol64(ctx->v[3], 2 69 ctx->v[3] = rol64(ctx->v[3], 21); 70 70 71 ctx->v[1] ^= ctx->v[2]; 71 ctx->v[1] ^= ctx->v[2]; 72 ctx->v[3] ^= ctx->v[0]; 72 ctx->v[3] ^= ctx->v[0]; 73 ctx->v[2] = rol64(ctx->v[2], 3 73 ctx->v[2] = rol64(ctx->v[2], 32); 74 } 74 } 75 } 75 } 76 76 77 static void SipHash_CRounds(SIPHASH_CTX *ctx, 77 static void SipHash_CRounds(SIPHASH_CTX *ctx, const void *ptr, int rounds) 78 { 78 { 79 u64 m = get_unaligned_le64(ptr); 79 u64 m = get_unaligned_le64(ptr); 80 80 81 ctx->v[3] ^= m; 81 ctx->v[3] ^= m; 82 SipHash_Rounds(ctx, rounds); 82 SipHash_Rounds(ctx, rounds); 83 ctx->v[0] ^= m; 83 ctx->v[0] ^= m; 84 } 84 } 85 85 86 void SipHash_Init(SIPHASH_CTX *ctx, const SIPH 86 void SipHash_Init(SIPHASH_CTX *ctx, const SIPHASH_KEY *key) 87 { 87 { 88 u64 k0, k1; 88 u64 k0, k1; 89 89 90 k0 = le64_to_cpu(key->k0); 90 k0 = le64_to_cpu(key->k0); 91 k1 = le64_to_cpu(key->k1); 91 k1 = le64_to_cpu(key->k1); 92 92 93 ctx->v[0] = 0x736f6d6570736575ULL ^ k0 93 ctx->v[0] = 0x736f6d6570736575ULL ^ k0; 94 ctx->v[1] = 0x646f72616e646f6dULL ^ k1 94 ctx->v[1] = 0x646f72616e646f6dULL ^ k1; 95 ctx->v[2] = 0x6c7967656e657261ULL ^ k0 95 ctx->v[2] = 0x6c7967656e657261ULL ^ k0; 96 ctx->v[3] = 0x7465646279746573ULL ^ k1 96 ctx->v[3] = 0x7465646279746573ULL ^ k1; 97 97 98 memset(ctx->buf, 0, sizeof(ctx->buf)); 98 memset(ctx->buf, 0, sizeof(ctx->buf)); 99 ctx->bytes = 0; 99 ctx->bytes = 0; 100 } 100 } 101 101 102 void SipHash_Update(SIPHASH_CTX *ctx, int rc, 102 void SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf, 103 const void *src, size_t le 103 const void *src, size_t len) 104 { 104 { 105 const u8 *ptr = src; 105 const u8 *ptr = src; 106 size_t left, used; 106 size_t left, used; 107 107 108 if (len == 0) 108 if (len == 0) 109 return; 109 return; 110 110 111 used = ctx->bytes % sizeof(ctx->buf); 111 used = ctx->bytes % sizeof(ctx->buf); 112 ctx->bytes += len; 112 ctx->bytes += len; 113 113 114 if (used > 0) { 114 if (used > 0) { 115 left = sizeof(ctx->buf) - used 115 left = sizeof(ctx->buf) - used; 116 116 117 if (len >= left) { 117 if (len >= left) { 118 memcpy(&ctx->buf[used] 118 memcpy(&ctx->buf[used], ptr, left); 119 SipHash_CRounds(ctx, c 119 SipHash_CRounds(ctx, ctx->buf, rc); 120 len -= left; 120 len -= left; 121 ptr += left; 121 ptr += left; 122 } else { 122 } else { 123 memcpy(&ctx->buf[used] 123 memcpy(&ctx->buf[used], ptr, len); 124 return; 124 return; 125 } 125 } 126 } 126 } 127 127 128 while (len >= sizeof(ctx->buf)) { 128 while (len >= sizeof(ctx->buf)) { 129 SipHash_CRounds(ctx, ptr, rc); 129 SipHash_CRounds(ctx, ptr, rc); 130 len -= sizeof(ctx->buf); 130 len -= sizeof(ctx->buf); 131 ptr += sizeof(ctx->buf); 131 ptr += sizeof(ctx->buf); 132 } 132 } 133 133 134 if (len > 0) 134 if (len > 0) 135 memcpy(&ctx->buf[used], ptr, l 135 memcpy(&ctx->buf[used], ptr, len); 136 } 136 } 137 137 138 void SipHash_Final(void *dst, SIPHASH_CTX *ctx 138 void SipHash_Final(void *dst, SIPHASH_CTX *ctx, int rc, int rf) 139 { 139 { 140 u64 r; 140 u64 r; 141 141 142 r = SipHash_End(ctx, rc, rf); 142 r = SipHash_End(ctx, rc, rf); 143 143 144 *((__le64 *) dst) = cpu_to_le64(r); 144 *((__le64 *) dst) = cpu_to_le64(r); 145 } 145 } 146 146 147 u64 SipHash_End(SIPHASH_CTX *ctx, int rc, int 147 u64 SipHash_End(SIPHASH_CTX *ctx, int rc, int rf) 148 { 148 { 149 u64 r; 149 u64 r; 150 size_t left, used; 150 size_t left, used; 151 151 152 used = ctx->bytes % sizeof(ctx->buf); 152 used = ctx->bytes % sizeof(ctx->buf); 153 left = sizeof(ctx->buf) - used; 153 left = sizeof(ctx->buf) - used; 154 memset(&ctx->buf[used], 0, left - 1); 154 memset(&ctx->buf[used], 0, left - 1); 155 ctx->buf[7] = ctx->bytes; 155 ctx->buf[7] = ctx->bytes; 156 156 157 SipHash_CRounds(ctx, ctx->buf, rc); 157 SipHash_CRounds(ctx, ctx->buf, rc); 158 ctx->v[2] ^= 0xff; 158 ctx->v[2] ^= 0xff; 159 SipHash_Rounds(ctx, rf); 159 SipHash_Rounds(ctx, rf); 160 160 161 r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[ 161 r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]); 162 memset(ctx, 0, sizeof(*ctx)); 162 memset(ctx, 0, sizeof(*ctx)); 163 return r; 163 return r; 164 } 164 } 165 165 166 u64 SipHash(const SIPHASH_KEY *key, int rc, in 166 u64 SipHash(const SIPHASH_KEY *key, int rc, int rf, const void *src, size_t len) 167 { 167 { 168 SIPHASH_CTX ctx; 168 SIPHASH_CTX ctx; 169 169 170 SipHash_Init(&ctx, key); 170 SipHash_Init(&ctx, key); 171 SipHash_Update(&ctx, rc, rf, src, len) 171 SipHash_Update(&ctx, rc, rf, src, len); 172 return SipHash_End(&ctx, rc, rf); 172 return SipHash_End(&ctx, rc, rf); 173 } 173 } 174 174
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.