1 /* $OpenBSD: siphash.c,v 1.3 2015/02/20 11:51:03 tedu Exp $ */
4 * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote
16 * products derived from this software without specific prior written
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d
34 * are the number of compression rounds and the number of finalization rounds.
35 * A compression round is identical to a finalization round and this round
36 * function is called SipRound. Given a 128-bit key k and a (possibly empty)
37 * byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).
39 * Implemented from the paper "SipHash: a fast short-input PRF", 2012.09.18,
40 * by Jean-Philippe Aumasson and Daniel J. Bernstein,
41 * Permanent Document ID b9a943a805fbfc6fde808af9fc0ecdfa
42 * https://131002.net/siphash/siphash.pdf
43 * https://131002.net/siphash/
46 #include <asm/byteorder.h>
47 #include <asm/unaligned.h>
48 #include <linux/bitops.h>
49 #include <linux/string.h>
53 static void SipHash_Rounds(SIPHASH_CTX *ctx, int rounds)
56 ctx->v[0] += ctx->v[1];
57 ctx->v[2] += ctx->v[3];
58 ctx->v[1] = rol64(ctx->v[1], 13);
59 ctx->v[3] = rol64(ctx->v[3], 16);
61 ctx->v[1] ^= ctx->v[0];
62 ctx->v[3] ^= ctx->v[2];
63 ctx->v[0] = rol64(ctx->v[0], 32);
65 ctx->v[2] += ctx->v[1];
66 ctx->v[0] += ctx->v[3];
67 ctx->v[1] = rol64(ctx->v[1], 17);
68 ctx->v[3] = rol64(ctx->v[3], 21);
70 ctx->v[1] ^= ctx->v[2];
71 ctx->v[3] ^= ctx->v[0];
72 ctx->v[2] = rol64(ctx->v[2], 32);
76 static void SipHash_CRounds(SIPHASH_CTX *ctx, const void *ptr, int rounds)
78 u64 m = get_unaligned_le64(ptr);
81 SipHash_Rounds(ctx, rounds);
85 void SipHash_Init(SIPHASH_CTX *ctx, const SIPHASH_KEY *key)
89 k0 = le64_to_cpu(key->k0);
90 k1 = le64_to_cpu(key->k1);
92 ctx->v[0] = 0x736f6d6570736575ULL ^ k0;
93 ctx->v[1] = 0x646f72616e646f6dULL ^ k1;
94 ctx->v[2] = 0x6c7967656e657261ULL ^ k0;
95 ctx->v[3] = 0x7465646279746573ULL ^ k1;
97 memset(ctx->buf, 0, sizeof(ctx->buf));
101 void SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf,
102 const void *src, size_t len)
110 used = ctx->bytes % sizeof(ctx->buf);
114 left = sizeof(ctx->buf) - used;
117 memcpy(&ctx->buf[used], ptr, left);
118 SipHash_CRounds(ctx, ctx->buf, rc);
122 memcpy(&ctx->buf[used], ptr, len);
127 while (len >= sizeof(ctx->buf)) {
128 SipHash_CRounds(ctx, ptr, rc);
129 len -= sizeof(ctx->buf);
130 ptr += sizeof(ctx->buf);
134 memcpy(&ctx->buf[used], ptr, len);
137 void SipHash_Final(void *dst, SIPHASH_CTX *ctx, int rc, int rf)
141 r = SipHash_End(ctx, rc, rf);
143 *((__le64 *) dst) = cpu_to_le64(r);
146 u64 SipHash_End(SIPHASH_CTX *ctx, int rc, int rf)
151 used = ctx->bytes % sizeof(ctx->buf);
152 left = sizeof(ctx->buf) - used;
153 memset(&ctx->buf[used], 0, left - 1);
154 ctx->buf[7] = ctx->bytes;
156 SipHash_CRounds(ctx, ctx->buf, rc);
158 SipHash_Rounds(ctx, rf);
160 r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
161 memset(ctx, 0, sizeof(*ctx));
165 u64 SipHash(const SIPHASH_KEY *key, int rc, int rf, const void *src, size_t len)
169 SipHash_Init(&ctx, key);
170 SipHash_Update(&ctx, rc, rf, src, len);
171 return SipHash_End(&ctx, rc, rf);