Blame

Date:
Message:
portable: add siphash implementation Siphash is being used in place of murmurhash for object-id set as this is faster. However, this isn't really seen much in the non-BSD userspace, so provide an implementation for it portably, if one isn't found.
Actions:
History | Blob | Raw File
  1 ddd12270 2022-04-22 thomas /*	$OpenBSD: siphash.c,v 1.8 2019/01/20 03:53:47 bcook Exp $ */

  2 ddd12270 2022-04-22 thomas 

  3 ddd12270 2022-04-22 thomas /*-

  4 ddd12270 2022-04-22 thomas  * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>

  5 ddd12270 2022-04-22 thomas  * All rights reserved.

  6 ddd12270 2022-04-22 thomas  *

  7 ddd12270 2022-04-22 thomas  * Redistribution and use in source and binary forms, with or without

  8 ddd12270 2022-04-22 thomas  * modification, are permitted provided that the following conditions

  9 ddd12270 2022-04-22 thomas  * are met:

 10 ddd12270 2022-04-22 thomas  * 1. Redistributions of source code must retain the above copyright

 11 ddd12270 2022-04-22 thomas  *    notice, this list of conditions and the following disclaimer.

 12 ddd12270 2022-04-22 thomas  * 2. Redistributions in binary form must reproduce the above copyright

 13 ddd12270 2022-04-22 thomas  *    notice, this list of conditions and the following disclaimer in the

 14 ddd12270 2022-04-22 thomas  *    documentation and/or other materials provided with the distribution.

 15 ddd12270 2022-04-22 thomas  * 3. The name of the author may not be used to endorse or promote

 16 ddd12270 2022-04-22 thomas  *    products derived from this software without specific prior written

 17 ddd12270 2022-04-22 thomas  *    permission.

 18 ddd12270 2022-04-22 thomas  *

 19 ddd12270 2022-04-22 thomas  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

 20 ddd12270 2022-04-22 thomas  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 21 ddd12270 2022-04-22 thomas  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 22 ddd12270 2022-04-22 thomas  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

 23 ddd12270 2022-04-22 thomas  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 24 ddd12270 2022-04-22 thomas  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 25 ddd12270 2022-04-22 thomas  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 26 ddd12270 2022-04-22 thomas  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 27 ddd12270 2022-04-22 thomas  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 28 ddd12270 2022-04-22 thomas  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 29 ddd12270 2022-04-22 thomas  * SUCH DAMAGE.

 30 ddd12270 2022-04-22 thomas  */

 31 ddd12270 2022-04-22 thomas 

 32 ddd12270 2022-04-22 thomas /*

 33 ddd12270 2022-04-22 thomas  * SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d

 34 ddd12270 2022-04-22 thomas  * are the number of compression rounds and the number of finalization rounds.

 35 ddd12270 2022-04-22 thomas  * A compression round is identical to a finalization round and this round

 36 ddd12270 2022-04-22 thomas  * function is called SipRound.  Given a 128-bit key k and a (possibly empty)

 37 ddd12270 2022-04-22 thomas  * byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).

 38 ddd12270 2022-04-22 thomas  *

 39 ddd12270 2022-04-22 thomas  * Implemented from the paper "SipHash: a fast short-input PRF", 2012.09.18,

 40 ddd12270 2022-04-22 thomas  * by Jean-Philippe Aumasson and Daniel J. Bernstein,

 41 ddd12270 2022-04-22 thomas  * Permanent Document ID b9a943a805fbfc6fde808af9fc0ecdfa

 42 ddd12270 2022-04-22 thomas  * https://131002.net/siphash/siphash.pdf

 43 ddd12270 2022-04-22 thomas  * https://131002.net/siphash/

 44 ddd12270 2022-04-22 thomas  */

 45 ddd12270 2022-04-22 thomas 

 46 ddd12270 2022-04-22 thomas #include <stdint.h>

 47 ddd12270 2022-04-22 thomas #include <string.h>

 48 ddd12270 2022-04-22 thomas #include "siphash.h"

 49 ddd12270 2022-04-22 thomas 

 50 ddd12270 2022-04-22 thomas #include "got_compat.h"

 51 ddd12270 2022-04-22 thomas 

 52 ddd12270 2022-04-22 thomas static void	SipHash_CRounds(SIPHASH_CTX *, int);

 53 ddd12270 2022-04-22 thomas static void	SipHash_Rounds(SIPHASH_CTX *, int);

 54 ddd12270 2022-04-22 thomas 

 55 ddd12270 2022-04-22 thomas void

 56 ddd12270 2022-04-22 thomas SipHash_Init(SIPHASH_CTX *ctx, const SIPHASH_KEY *key)

 57 ddd12270 2022-04-22 thomas {

 58 ddd12270 2022-04-22 thomas 	uint64_t k0, k1;

 59 ddd12270 2022-04-22 thomas 

 60 ddd12270 2022-04-22 thomas 	k0 = le64toh(key->k0);

 61 ddd12270 2022-04-22 thomas 	k1 = le64toh(key->k1);

 62 ddd12270 2022-04-22 thomas 

 63 ddd12270 2022-04-22 thomas 	ctx->v[0] = 0x736f6d6570736575ULL ^ k0;

 64 ddd12270 2022-04-22 thomas 	ctx->v[1] = 0x646f72616e646f6dULL ^ k1;

 65 ddd12270 2022-04-22 thomas 	ctx->v[2] = 0x6c7967656e657261ULL ^ k0;

 66 ddd12270 2022-04-22 thomas 	ctx->v[3] = 0x7465646279746573ULL ^ k1;

 67 ddd12270 2022-04-22 thomas 

 68 ddd12270 2022-04-22 thomas 	memset(ctx->buf, 0, sizeof(ctx->buf));

 69 ddd12270 2022-04-22 thomas 	ctx->bytes = 0;

 70 ddd12270 2022-04-22 thomas }

 71 ddd12270 2022-04-22 thomas 

 72 ddd12270 2022-04-22 thomas void

 73 ddd12270 2022-04-22 thomas SipHash_Update(SIPHASH_CTX *ctx, int rc, int rf, const void *src, size_t len)

 74 ddd12270 2022-04-22 thomas {

 75 ddd12270 2022-04-22 thomas 	const uint8_t *ptr = src;

 76 ddd12270 2022-04-22 thomas 	size_t left, used;

 77 ddd12270 2022-04-22 thomas 

 78 ddd12270 2022-04-22 thomas 	if (len == 0)

 79 ddd12270 2022-04-22 thomas 		return;

 80 ddd12270 2022-04-22 thomas 

 81 ddd12270 2022-04-22 thomas 	used = ctx->bytes % sizeof(ctx->buf);

 82 ddd12270 2022-04-22 thomas 	ctx->bytes += len;

 83 ddd12270 2022-04-22 thomas 

 84 ddd12270 2022-04-22 thomas 	if (used > 0) {

 85 ddd12270 2022-04-22 thomas 		left = sizeof(ctx->buf) - used;

 86 ddd12270 2022-04-22 thomas 

 87 ddd12270 2022-04-22 thomas 		if (len >= left) {

 88 ddd12270 2022-04-22 thomas 			memcpy(&ctx->buf[used], ptr, left);

 89 ddd12270 2022-04-22 thomas 			SipHash_CRounds(ctx, rc);

 90 ddd12270 2022-04-22 thomas 			len -= left;

 91 ddd12270 2022-04-22 thomas 			ptr += left;

 92 ddd12270 2022-04-22 thomas 		} else {

 93 ddd12270 2022-04-22 thomas 			memcpy(&ctx->buf[used], ptr, len);

 94 ddd12270 2022-04-22 thomas 			return;

 95 ddd12270 2022-04-22 thomas 		}

 96 ddd12270 2022-04-22 thomas 	}

 97 ddd12270 2022-04-22 thomas 

 98 ddd12270 2022-04-22 thomas 	while (len >= sizeof(ctx->buf)) {

 99 ddd12270 2022-04-22 thomas 		memcpy(ctx->buf, ptr, sizeof(ctx->buf));

100 ddd12270 2022-04-22 thomas 		SipHash_CRounds(ctx, rc);

101 ddd12270 2022-04-22 thomas 		len -= sizeof(ctx->buf);

102 ddd12270 2022-04-22 thomas 		ptr += sizeof(ctx->buf);

103 ddd12270 2022-04-22 thomas 	}

104 ddd12270 2022-04-22 thomas 

105 ddd12270 2022-04-22 thomas 	if (len > 0)

106 ddd12270 2022-04-22 thomas 		memcpy(ctx->buf, ptr, len);

107 ddd12270 2022-04-22 thomas }

108 ddd12270 2022-04-22 thomas 

109 ddd12270 2022-04-22 thomas void

110 ddd12270 2022-04-22 thomas SipHash_Final(void *dst, SIPHASH_CTX *ctx, int rc, int rf)

111 ddd12270 2022-04-22 thomas {

112 ddd12270 2022-04-22 thomas 	uint64_t r;

113 ddd12270 2022-04-22 thomas 

114 ddd12270 2022-04-22 thomas 	r = htole64(SipHash_End(ctx, rc, rf));

115 ddd12270 2022-04-22 thomas 	memcpy(dst, &r, sizeof r);

116 ddd12270 2022-04-22 thomas }

117 ddd12270 2022-04-22 thomas 

118 ddd12270 2022-04-22 thomas uint64_t

119 ddd12270 2022-04-22 thomas SipHash_End(SIPHASH_CTX *ctx, int rc, int rf)

120 ddd12270 2022-04-22 thomas {

121 ddd12270 2022-04-22 thomas 	uint64_t r;

122 ddd12270 2022-04-22 thomas 	size_t left, used;

123 ddd12270 2022-04-22 thomas 

124 ddd12270 2022-04-22 thomas 	used = ctx->bytes % sizeof(ctx->buf);

125 ddd12270 2022-04-22 thomas 	left = sizeof(ctx->buf) - used;

126 ddd12270 2022-04-22 thomas 	memset(&ctx->buf[used], 0, left - 1);

127 ddd12270 2022-04-22 thomas 	ctx->buf[7] = ctx->bytes;

128 ddd12270 2022-04-22 thomas 

129 ddd12270 2022-04-22 thomas 	SipHash_CRounds(ctx, rc);

130 ddd12270 2022-04-22 thomas 	ctx->v[2] ^= 0xff;

131 ddd12270 2022-04-22 thomas 	SipHash_Rounds(ctx, rf);

132 ddd12270 2022-04-22 thomas 

133 ddd12270 2022-04-22 thomas 	r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);

134 ddd12270 2022-04-22 thomas 

135 ddd12270 2022-04-22 thomas #ifdef __APPLE__

136 ddd12270 2022-04-22 thomas 	memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx));

137 ddd12270 2022-04-22 thomas #elif defined(__NetBSD__)

138 ddd12270 2022-04-22 thomas 	explicit_memset(ctx, sizeof(*ctx), 0);

139 ddd12270 2022-04-22 thomas #else

140 ddd12270 2022-04-22 thomas 	explicit_bzero(ctx, sizeof(*ctx));

141 ddd12270 2022-04-22 thomas #endif

142 ddd12270 2022-04-22 thomas 	return (r);

143 ddd12270 2022-04-22 thomas }

144 ddd12270 2022-04-22 thomas 

145 ddd12270 2022-04-22 thomas uint64_t

146 ddd12270 2022-04-22 thomas SipHash(const SIPHASH_KEY *key, int rc, int rf, const void *src, size_t len)

147 ddd12270 2022-04-22 thomas {

148 ddd12270 2022-04-22 thomas 	SIPHASH_CTX ctx;

149 ddd12270 2022-04-22 thomas 

150 ddd12270 2022-04-22 thomas 	SipHash_Init(&ctx, key);

151 ddd12270 2022-04-22 thomas 	SipHash_Update(&ctx, rc, rf, src, len);

152 ddd12270 2022-04-22 thomas 	return (SipHash_End(&ctx, rc, rf));

153 ddd12270 2022-04-22 thomas }

154 ddd12270 2022-04-22 thomas 

155 ddd12270 2022-04-22 thomas #define SIP_ROTL(x, b) ((x) << (b)) | ( (x) >> (64 - (b)))

156 ddd12270 2022-04-22 thomas 

157 ddd12270 2022-04-22 thomas static void

158 ddd12270 2022-04-22 thomas SipHash_Rounds(SIPHASH_CTX *ctx, int rounds)

159 ddd12270 2022-04-22 thomas {

160 ddd12270 2022-04-22 thomas 	while (rounds--) {

161 ddd12270 2022-04-22 thomas 		ctx->v[0] += ctx->v[1];

162 ddd12270 2022-04-22 thomas 		ctx->v[2] += ctx->v[3];

163 ddd12270 2022-04-22 thomas 		ctx->v[1] = SIP_ROTL(ctx->v[1], 13);

164 ddd12270 2022-04-22 thomas 		ctx->v[3] = SIP_ROTL(ctx->v[3], 16);

165 ddd12270 2022-04-22 thomas 

166 ddd12270 2022-04-22 thomas 		ctx->v[1] ^= ctx->v[0];

167 ddd12270 2022-04-22 thomas 		ctx->v[3] ^= ctx->v[2];

168 ddd12270 2022-04-22 thomas 		ctx->v[0] = SIP_ROTL(ctx->v[0], 32);

169 ddd12270 2022-04-22 thomas 

170 ddd12270 2022-04-22 thomas 		ctx->v[2] += ctx->v[1];

171 ddd12270 2022-04-22 thomas 		ctx->v[0] += ctx->v[3];

172 ddd12270 2022-04-22 thomas 		ctx->v[1] = SIP_ROTL(ctx->v[1], 17);

173 ddd12270 2022-04-22 thomas 		ctx->v[3] = SIP_ROTL(ctx->v[3], 21);

174 ddd12270 2022-04-22 thomas 

175 ddd12270 2022-04-22 thomas 		ctx->v[1] ^= ctx->v[2];

176 ddd12270 2022-04-22 thomas 		ctx->v[3] ^= ctx->v[0];

177 ddd12270 2022-04-22 thomas 		ctx->v[2] = SIP_ROTL(ctx->v[2], 32);

178 ddd12270 2022-04-22 thomas 	}

179 ddd12270 2022-04-22 thomas }

180 ddd12270 2022-04-22 thomas 

181 ddd12270 2022-04-22 thomas static void

182 ddd12270 2022-04-22 thomas SipHash_CRounds(SIPHASH_CTX *ctx, int rounds)

183 ddd12270 2022-04-22 thomas {

184 ddd12270 2022-04-22 thomas 	uint64_t m = le64toh(*(uint64_t *)ctx->buf);

185 ddd12270 2022-04-22 thomas 

186 ddd12270 2022-04-22 thomas 	ctx->v[3] ^= m;

187 ddd12270 2022-04-22 thomas 	SipHash_Rounds(ctx, rounds);

188 ddd12270 2022-04-22 thomas 	ctx->v[0] ^= m;

189 ddd12270 2022-04-22 thomas }