1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-3-Clause)
2 /* Copyright (C) 2016-2022 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
3 *
4 * SipHash: a fast short-input PRF
5 * https://131002.net/siphash/
6 *
7 * This implementation is specifically for SipHash2-4 for a secure PRF
8 * and HalfSipHash1-3/SipHash1-3 for an insecure PRF only suitable for
9 * hashtables.
10 */
11
12 #include <linux/siphash.h>
13 #include <asm/unaligned.h>
14
15 #if defined(CONFIG_DCACHE_WORD_ACCESS) && BITS_PER_LONG == 64
16 #include <linux/dcache.h>
17 #include <asm/word-at-a-time.h>
18 #endif
19
20 #define SIPROUND SIPHASH_PERMUTATION(v0, v1, v2, v3)
21
22 #define PREAMBLE(len) \
23 u64 v0 = SIPHASH_CONST_0; \
24 u64 v1 = SIPHASH_CONST_1; \
25 u64 v2 = SIPHASH_CONST_2; \
26 u64 v3 = SIPHASH_CONST_3; \
27 u64 b = ((u64)(len)) << 56; \
28 v3 ^= key->key[1]; \
29 v2 ^= key->key[0]; \
30 v1 ^= key->key[1]; \
31 v0 ^= key->key[0];
32
33 #define POSTAMBLE \
34 v3 ^= b; \
35 SIPROUND; \
36 SIPROUND; \
37 v0 ^= b; \
38 v2 ^= 0xff; \
39 SIPROUND; \
40 SIPROUND; \
41 SIPROUND; \
42 SIPROUND; \
43 return (v0 ^ v1) ^ (v2 ^ v3);
44
45 #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
46 u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key)
47 {
48 const u8 *end = data + len - (len % sizeof(u64));
49 const u8 left = len & (sizeof(u64) - 1);
50 u64 m;
51 PREAMBLE(len)
52 for (; data != end; data += sizeof(u64)) {
53 m = le64_to_cpup(data);
54 v3 ^= m;
55 SIPROUND;
56 SIPROUND;
57 v0 ^= m;
58 }
59 #if defined(CONFIG_DCACHE_WORD_ACCESS) && BITS_PER_LONG == 64
60 if (left)
61 b |= le64_to_cpu((__force __le64)(load_unaligned_zeropad(data) &
62 bytemask_from_count(left)));
63 #else
64 switch (left) {
65 case 7: b |= ((u64)end[6]) << 48; fallthrough;
66 case 6: b |= ((u64)end[5]) << 40; fallthrough;
67 case 5: b |= ((u64)end[4]) << 32; fallthrough;
68 case 4: b |= le32_to_cpup(data); break;
69 case 3: b |= ((u64)end[2]) << 16; fallthrough;
70 case 2: b |= le16_to_cpup(data); break;
71 case 1: b |= end[0];
72 }
73 #endif
74 POSTAMBLE
75 }
76 EXPORT_SYMBOL(__siphash_aligned);
77 #endif
78
79 u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key)
80 {
81 const u8 *end = data + len - (len % sizeof(u64));
82 const u8 left = len & (sizeof(u64) - 1);
83 u64 m;
84 PREAMBLE(len)
85 for (; data != end; data += sizeof(u64)) {
86 m = get_unaligned_le64(data);
87 v3 ^= m;
88 SIPROUND;
89 SIPROUND;
90 v0 ^= m;
91 }
92 #if defined(CONFIG_DCACHE_WORD_ACCESS) && BITS_PER_LONG == 64
93 if (left)
94 b |= le64_to_cpu((__force __le64)(load_unaligned_zeropad(data) &
95 bytemask_from_count(left)));
96 #else
97 switch (left) {
98 case 7: b |= ((u64)end[6]) << 48; fallthrough;
99 case 6: b |= ((u64)end[5]) << 40; fallthrough;
100 case 5: b |= ((u64)end[4]) << 32; fallthrough;
101 case 4: b |= get_unaligned_le32(end); break;
102 case 3: b |= ((u64)end[2]) << 16; fallthrough;
103 case 2: b |= get_unaligned_le16(end); break;
104 case 1: b |= end[0];
105 }
106 #endif
107 POSTAMBLE
108 }
109 EXPORT_SYMBOL(__siphash_unaligned);
110
111 /**
112 * siphash_1u64 - compute 64-bit siphash PRF value of a u64
113 * @first: first u64
114 * @key: the siphash key
115 */
116 u64 siphash_1u64(const u64 first, const siphash_key_t *key)
117 {
118 PREAMBLE(8)
119 v3 ^= first;
120 SIPROUND;
121 SIPROUND;
122 v0 ^= first;
123 POSTAMBLE
124 }
125 EXPORT_SYMBOL(siphash_1u64);
126
127 /**
128 * siphash_2u64 - compute 64-bit siphash PRF value of 2 u64
129 * @first: first u64
130 * @second: second u64
131 * @key: the siphash key
132 */
133 u64 siphash_2u64(const u64 first, const u64 second, const siphash_key_t *key)
134 {
135 PREAMBLE(16)
136 v3 ^= first;
137 SIPROUND;
138 SIPROUND;
139 v0 ^= first;
140 v3 ^= second;
141 SIPROUND;
142 SIPROUND;
143 v0 ^= second;
144 POSTAMBLE
145 }
146 EXPORT_SYMBOL(siphash_2u64);
147
148 /**
149 * siphash_3u64 - compute 64-bit siphash PRF value of 3 u64
150 * @first: first u64
151 * @second: second u64
152 * @third: third u64
153 * @key: the siphash key
154 */
155 u64 siphash_3u64(const u64 first, const u64 second, const u64 third,
156 const siphash_key_t *key)
157 {
158 PREAMBLE(24)
159 v3 ^= first;
160 SIPROUND;
161 SIPROUND;
162 v0 ^= first;
163 v3 ^= second;
164 SIPROUND;
165 SIPROUND;
166 v0 ^= second;
167 v3 ^= third;
168 SIPROUND;
169 SIPROUND;
170 v0 ^= third;
171 POSTAMBLE
172 }
173 EXPORT_SYMBOL(siphash_3u64);
174
175 /**
176 * siphash_4u64 - compute 64-bit siphash PRF value of 4 u64
177 * @first: first u64
178 * @second: second u64
179 * @third: third u64
180 * @forth: forth u64
181 * @key: the siphash key
182 */
183 u64 siphash_4u64(const u64 first, const u64 second, const u64 third,
184 const u64 forth, const siphash_key_t *key)
185 {
186 PREAMBLE(32)
187 v3 ^= first;
188 SIPROUND;
189 SIPROUND;
190 v0 ^= first;
191 v3 ^= second;
192 SIPROUND;
193 SIPROUND;
194 v0 ^= second;
195 v3 ^= third;
196 SIPROUND;
197 SIPROUND;
198 v0 ^= third;
199 v3 ^= forth;
200 SIPROUND;
201 SIPROUND;
202 v0 ^= forth;
203 POSTAMBLE
204 }
205 EXPORT_SYMBOL(siphash_4u64);
206
207 u64 siphash_1u32(const u32 first, const siphash_key_t *key)
208 {
209 PREAMBLE(4)
210 b |= first;
211 POSTAMBLE
212 }
213 EXPORT_SYMBOL(siphash_1u32);
214
215 u64 siphash_3u32(const u32 first, const u32 second, const u32 third,
216 const siphash_key_t *key)
217 {
218 u64 combined = (u64)second << 32 | first;
219 PREAMBLE(12)
220 v3 ^= combined;
221 SIPROUND;
222 SIPROUND;
223 v0 ^= combined;
224 b |= third;
225 POSTAMBLE
226 }
227 EXPORT_SYMBOL(siphash_3u32);
228
229 #if BITS_PER_LONG == 64
230 /* Note that on 64-bit, we make HalfSipHash1-3 actually be SipHash1-3, for
231 * performance reasons. On 32-bit, below, we actually implement HalfSipHash1-3.
232 */
233
234 #define HSIPROUND SIPROUND
235 #define HPREAMBLE(len) PREAMBLE(len)
236 #define HPOSTAMBLE \
237 v3 ^= b; \
238 HSIPROUND; \
239 v0 ^= b; \
240 v2 ^= 0xff; \
241 HSIPROUND; \
242 HSIPROUND; \
243 HSIPROUND; \
244 return (v0 ^ v1) ^ (v2 ^ v3);
245
246 #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
247 u32 __hsiphash_aligned(const void *data, size_t len, const hsiphash_key_t *key)
248 {
249 const u8 *end = data + len - (len % sizeof(u64));
250 const u8 left = len & (sizeof(u64) - 1);
251 u64 m;
252 HPREAMBLE(len)
253 for (; data != end; data += sizeof(u64)) {
254 m = le64_to_cpup(data);
255 v3 ^= m;
256 HSIPROUND;
257 v0 ^= m;
258 }
259 #if defined(CONFIG_DCACHE_WORD_ACCESS) && BITS_PER_LONG == 64
260 if (left)
261 b |= le64_to_cpu((__force __le64)(load_unaligned_zeropad(data) &
262 bytemask_from_count(left)));
263 #else
264 switch (left) {
265 case 7: b |= ((u64)end[6]) << 48; fallthrough;
266 case 6: b |= ((u64)end[5]) << 40; fallthrough;
267 case 5: b |= ((u64)end[4]) << 32; fallthrough;
268 case 4: b |= le32_to_cpup(data); break;
269 case 3: b |= ((u64)end[2]) << 16; fallthrough;
270 case 2: b |= le16_to_cpup(data); break;
271 case 1: b |= end[0];
272 }
273 #endif
274 HPOSTAMBLE
275 }
276 EXPORT_SYMBOL(__hsiphash_aligned);
277 #endif
278
279 u32 __hsiphash_unaligned(const void *data, size_t len,
280 const hsiphash_key_t *key)
281 {
282 const u8 *end = data + len - (len % sizeof(u64));
283 const u8 left = len & (sizeof(u64) - 1);
284 u64 m;
285 HPREAMBLE(len)
286 for (; data != end; data += sizeof(u64)) {
287 m = get_unaligned_le64(data);
288 v3 ^= m;
289 HSIPROUND;
290 v0 ^= m;
291 }
292 #if defined(CONFIG_DCACHE_WORD_ACCESS) && BITS_PER_LONG == 64
293 if (left)
294 b |= le64_to_cpu((__force __le64)(load_unaligned_zeropad(data) &
295 bytemask_from_count(left)));
296 #else
297 switch (left) {
298 case 7: b |= ((u64)end[6]) << 48; fallthrough;
299 case 6: b |= ((u64)end[5]) << 40; fallthrough;
300 case 5: b |= ((u64)end[4]) << 32; fallthrough;
301 case 4: b |= get_unaligned_le32(end); break;
302 case 3: b |= ((u64)end[2]) << 16; fallthrough;
303 case 2: b |= get_unaligned_le16(end); break;
304 case 1: b |= end[0];
305 }
306 #endif
307 HPOSTAMBLE
308 }
309 EXPORT_SYMBOL(__hsiphash_unaligned);
310
311 /**
312 * hsiphash_1u32 - compute 64-bit hsiphash PRF value of a u32
313 * @first: first u32
314 * @key: the hsiphash key
315 */
316 u32 hsiphash_1u32(const u32 first, const hsiphash_key_t *key)
317 {
318 HPREAMBLE(4)
319 b |= first;
320 HPOSTAMBLE
321 }
322 EXPORT_SYMBOL(hsiphash_1u32);
323
324 /**
325 * hsiphash_2u32 - compute 32-bit hsiphash PRF value of 2 u32
326 * @first: first u32
327 * @second: second u32
328 * @key: the hsiphash key
329 */
330 u32 hsiphash_2u32(const u32 first, const u32 second, const hsiphash_key_t *key)
331 {
332 u64 combined = (u64)second << 32 | first;
333 HPREAMBLE(8)
334 v3 ^= combined;
335 HSIPROUND;
336 v0 ^= combined;
337 HPOSTAMBLE
338 }
339 EXPORT_SYMBOL(hsiphash_2u32);
340
341 /**
342 * hsiphash_3u32 - compute 32-bit hsiphash PRF value of 3 u32
343 * @first: first u32
344 * @second: second u32
345 * @third: third u32
346 * @key: the hsiphash key
347 */
348 u32 hsiphash_3u32(const u32 first, const u32 second, const u32 third,
349 const hsiphash_key_t *key)
350 {
351 u64 combined = (u64)second << 32 | first;
352 HPREAMBLE(12)
353 v3 ^= combined;
354 HSIPROUND;
355 v0 ^= combined;
356 b |= third;
357 HPOSTAMBLE
358 }
359 EXPORT_SYMBOL(hsiphash_3u32);
360
361 /**
362 * hsiphash_4u32 - compute 32-bit hsiphash PRF value of 4 u32
363 * @first: first u32
364 * @second: second u32
365 * @third: third u32
366 * @forth: forth u32
367 * @key: the hsiphash key
368 */
369 u32 hsiphash_4u32(const u32 first, const u32 second, const u32 third,
370 const u32 forth, const hsiphash_key_t *key)
371 {
372 u64 combined = (u64)second << 32 | first;
373 HPREAMBLE(16)
374 v3 ^= combined;
375 HSIPROUND;
376 v0 ^= combined;
377 combined = (u64)forth << 32 | third;
378 v3 ^= combined;
379 HSIPROUND;
380 v0 ^= combined;
381 HPOSTAMBLE
382 }
383 EXPORT_SYMBOL(hsiphash_4u32);
384 #else
385 #define HSIPROUND HSIPHASH_PERMUTATION(v0, v1, v2, v3)
386
387 #define HPREAMBLE(len) \
388 u32 v0 = HSIPHASH_CONST_0; \
389 u32 v1 = HSIPHASH_CONST_1; \
390 u32 v2 = HSIPHASH_CONST_2; \
391 u32 v3 = HSIPHASH_CONST_3; \
392 u32 b = ((u32)(len)) << 24; \
393 v3 ^= key->key[1]; \
394 v2 ^= key->key[0]; \
395 v1 ^= key->key[1]; \
396 v0 ^= key->key[0];
397
398 #define HPOSTAMBLE \
399 v3 ^= b; \
400 HSIPROUND; \
401 v0 ^= b; \
402 v2 ^= 0xff; \
403 HSIPROUND; \
404 HSIPROUND; \
405 HSIPROUND; \
406 return v1 ^ v3;
407
408 #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
409 u32 __hsiphash_aligned(const void *data, size_t len, const hsiphash_key_t *key)
410 {
411 const u8 *end = data + len - (len % sizeof(u32));
412 const u8 left = len & (sizeof(u32) - 1);
413 u32 m;
414 HPREAMBLE(len)
415 for (; data != end; data += sizeof(u32)) {
416 m = le32_to_cpup(data);
417 v3 ^= m;
418 HSIPROUND;
419 v0 ^= m;
420 }
421 switch (left) {
422 case 3: b |= ((u32)end[2]) << 16; fallthrough;
423 case 2: b |= le16_to_cpup(data); break;
424 case 1: b |= end[0];
425 }
426 HPOSTAMBLE
427 }
428 EXPORT_SYMBOL(__hsiphash_aligned);
429 #endif
430
431 u32 __hsiphash_unaligned(const void *data, size_t len,
432 const hsiphash_key_t *key)
433 {
434 const u8 *end = data + len - (len % sizeof(u32));
435 const u8 left = len & (sizeof(u32) - 1);
436 u32 m;
437 HPREAMBLE(len)
438 for (; data != end; data += sizeof(u32)) {
439 m = get_unaligned_le32(data);
440 v3 ^= m;
441 HSIPROUND;
442 v0 ^= m;
443 }
444 switch (left) {
445 case 3: b |= ((u32)end[2]) << 16; fallthrough;
446 case 2: b |= get_unaligned_le16(end); break;
447 case 1: b |= end[0];
448 }
449 HPOSTAMBLE
450 }
451 EXPORT_SYMBOL(__hsiphash_unaligned);
452
453 /**
454 * hsiphash_1u32 - compute 32-bit hsiphash PRF value of a u32
455 * @first: first u32
456 * @key: the hsiphash key
457 */
458 u32 hsiphash_1u32(const u32 first, const hsiphash_key_t *key)
459 {
460 HPREAMBLE(4)
461 v3 ^= first;
462 HSIPROUND;
463 v0 ^= first;
464 HPOSTAMBLE
465 }
466 EXPORT_SYMBOL(hsiphash_1u32);
467
468 /**
469 * hsiphash_2u32 - compute 32-bit hsiphash PRF value of 2 u32
470 * @first: first u32
471 * @second: second u32
472 * @key: the hsiphash key
473 */
474 u32 hsiphash_2u32(const u32 first, const u32 second, const hsiphash_key_t *key)
475 {
476 HPREAMBLE(8)
477 v3 ^= first;
478 HSIPROUND;
479 v0 ^= first;
480 v3 ^= second;
481 HSIPROUND;
482 v0 ^= second;
483 HPOSTAMBLE
484 }
485 EXPORT_SYMBOL(hsiphash_2u32);
486
487 /**
488 * hsiphash_3u32 - compute 32-bit hsiphash PRF value of 3 u32
489 * @first: first u32
490 * @second: second u32
491 * @third: third u32
492 * @key: the hsiphash key
493 */
494 u32 hsiphash_3u32(const u32 first, const u32 second, const u32 third,
495 const hsiphash_key_t *key)
496 {
497 HPREAMBLE(12)
498 v3 ^= first;
499 HSIPROUND;
500 v0 ^= first;
501 v3 ^= second;
502 HSIPROUND;
503 v0 ^= second;
504 v3 ^= third;
505 HSIPROUND;
506 v0 ^= third;
507 HPOSTAMBLE
508 }
509 EXPORT_SYMBOL(hsiphash_3u32);
510
511 /**
512 * hsiphash_4u32 - compute 32-bit hsiphash PRF value of 4 u32
513 * @first: first u32
514 * @second: second u32
515 * @third: third u32
516 * @forth: forth u32
517 * @key: the hsiphash key
518 */
519 u32 hsiphash_4u32(const u32 first, const u32 second, const u32 third,
520 const u32 forth, const hsiphash_key_t *key)
521 {
522 HPREAMBLE(16)
523 v3 ^= first;
524 HSIPROUND;
525 v0 ^= first;
526 v3 ^= second;
527 HSIPROUND;
528 v0 ^= second;
529 v3 ^= third;
530 HSIPROUND;
531 v0 ^= third;
532 v3 ^= forth;
533 HSIPROUND;
534 v0 ^= forth;
535 HPOSTAMBLE
536 }
537 EXPORT_SYMBOL(hsiphash_4u32);
538 #endif
539
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.