2022-07-27 19:51:53 +08:00
|
|
|
/****************************************************************************
|
|
|
|
* crypto/siphash.c
|
|
|
|
* $OpenBSD: siphash.c,v 1.5 2018/01/05 19:05:09 mikeb Exp $
|
|
|
|
*
|
2022-07-18 15:00:30 +08:00
|
|
|
* Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. The name of the author may not be used to endorse or promote
|
|
|
|
* products derived from this software without specific prior written
|
|
|
|
* permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
2022-07-27 19:51:53 +08:00
|
|
|
****************************************************************************/
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
/* SipHash is a family of PRFs SipHash-c-d where the integer parameters
|
|
|
|
* c and d are the number of compression rounds and the number of
|
|
|
|
* finalization rounds.
|
2022-07-18 15:00:30 +08:00
|
|
|
* A compression round is identical to a finalization round and this round
|
|
|
|
* function is called SipRound. Given a 128-bit key k and a (possibly empty)
|
|
|
|
* byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).
|
|
|
|
*
|
|
|
|
* Implemented from the paper "SipHash: a fast short-input PRF", 2012.09.18,
|
|
|
|
* by Jean-Philippe Aumasson and Daniel J. Bernstein,
|
|
|
|
* Permanent Document ID b9a943a805fbfc6fde808af9fc0ecdfa
|
|
|
|
* https://131002.net/siphash/siphash.pdf
|
|
|
|
* https://131002.net/siphash/
|
|
|
|
*/
|
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
/****************************************************************************
|
|
|
|
* Included Files
|
|
|
|
****************************************************************************/
|
|
|
|
|
2022-07-28 17:52:21 +08:00
|
|
|
#include <endian.h>
|
|
|
|
#include <string.h>
|
2022-07-18 15:00:30 +08:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
|
|
|
#include <crypto/siphash.h>
|
|
|
|
|
2023-07-11 20:36:33 +08:00
|
|
|
static void siphash_crounds(FAR SIPHASH_CTX *, int);
|
|
|
|
static void siphash_rounds(FAR SIPHASH_CTX *, int);
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
/****************************************************************************
|
|
|
|
* Public Functions
|
|
|
|
****************************************************************************/
|
|
|
|
|
|
|
|
void siphash_init(FAR SIPHASH_CTX *ctx, FAR const SIPHASH_KEY *key)
|
2022-07-18 15:00:30 +08:00
|
|
|
{
|
2022-07-27 19:51:53 +08:00
|
|
|
uint64_t k0, k1;
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
k0 = lemtoh64(&key->k0);
|
|
|
|
k1 = lemtoh64(&key->k1);
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
ctx->v[0] = 0x736f6d6570736575ull ^ k0;
|
|
|
|
ctx->v[1] = 0x646f72616e646f6dull ^ k1;
|
|
|
|
ctx->v[2] = 0x6c7967656e657261ull ^ k0;
|
|
|
|
ctx->v[3] = 0x7465646279746573ull ^ k1;
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
memset(ctx->buf, 0, sizeof(ctx->buf));
|
|
|
|
ctx->bytes = 0;
|
2022-07-18 15:00:30 +08:00
|
|
|
}
|
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
void siphash_update(FAR SIPHASH_CTX *ctx,
|
|
|
|
int rc, int rf,
|
|
|
|
FAR const void *src, size_t len)
|
2022-07-18 15:00:30 +08:00
|
|
|
{
|
2022-07-27 19:51:53 +08:00
|
|
|
FAR const uint8_t *ptr = src;
|
|
|
|
size_t left;
|
|
|
|
size_t used;
|
|
|
|
|
|
|
|
if (len == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
used = ctx->bytes % sizeof(ctx->buf);
|
|
|
|
ctx->bytes += len;
|
|
|
|
|
|
|
|
if (used > 0)
|
|
|
|
{
|
|
|
|
left = sizeof(ctx->buf) - used;
|
|
|
|
|
|
|
|
if (len >= left)
|
|
|
|
{
|
|
|
|
memcpy(&ctx->buf[used], ptr, left);
|
|
|
|
siphash_crounds(ctx, rc);
|
|
|
|
len -= left;
|
|
|
|
ptr += left;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
memcpy(&ctx->buf[used], ptr, len);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
while (len >= sizeof(ctx->buf))
|
|
|
|
{
|
|
|
|
memcpy(ctx->buf, ptr, sizeof(ctx->buf));
|
|
|
|
siphash_crounds(ctx, rc);
|
|
|
|
len -= sizeof(ctx->buf);
|
|
|
|
ptr += sizeof(ctx->buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (len > 0)
|
|
|
|
{
|
|
|
|
memcpy(ctx->buf, ptr, len);
|
|
|
|
}
|
2022-07-18 15:00:30 +08:00
|
|
|
}
|
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
void siphash_final(FAR void *dst, FAR SIPHASH_CTX *ctx, int rc, int rf)
|
2022-07-18 15:00:30 +08:00
|
|
|
{
|
2022-07-27 19:51:53 +08:00
|
|
|
uint64_t r;
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
htolem64(&r, siphash_end(ctx, rc, rf));
|
|
|
|
memcpy(dst, &r, sizeof r);
|
2022-07-18 15:00:30 +08:00
|
|
|
}
|
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
uint64_t siphash_end(FAR SIPHASH_CTX *ctx, int rc, int rf)
|
2022-07-18 15:00:30 +08:00
|
|
|
{
|
2022-07-27 19:51:53 +08:00
|
|
|
uint64_t r;
|
|
|
|
size_t left;
|
|
|
|
size_t used;
|
|
|
|
|
|
|
|
used = ctx->bytes % sizeof(ctx->buf);
|
|
|
|
left = sizeof(ctx->buf) - used;
|
|
|
|
memset(&ctx->buf[used], 0, left - 1);
|
|
|
|
ctx->buf[7] = ctx->bytes;
|
|
|
|
|
|
|
|
siphash_crounds(ctx, rc);
|
|
|
|
ctx->v[2] ^= 0xff;
|
|
|
|
siphash_rounds(ctx, rf);
|
|
|
|
|
|
|
|
r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
|
|
|
|
explicit_bzero(ctx, sizeof(*ctx));
|
|
|
|
return (r);
|
2022-07-18 15:00:30 +08:00
|
|
|
}
|
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
uint64_t siphash(FAR const SIPHASH_KEY *key,
|
|
|
|
int rc, int rf,
|
|
|
|
FAR const void *src, size_t len)
|
2022-07-18 15:00:30 +08:00
|
|
|
{
|
2022-07-27 19:51:53 +08:00
|
|
|
SIPHASH_CTX ctx;
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
siphash_init(&ctx, key);
|
|
|
|
siphash_update(&ctx, rc, rf, src, len);
|
|
|
|
return (siphash_end(&ctx, rc, rf));
|
2022-07-18 15:00:30 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
#define SIP_ROTL(x, b) ((x) << (b)) | ( (x) >> (64 - (b)))
|
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
static void siphash_rounds(FAR SIPHASH_CTX *ctx, int rounds)
|
2022-07-18 15:00:30 +08:00
|
|
|
{
|
2022-07-27 19:51:53 +08:00
|
|
|
while (rounds--)
|
|
|
|
{
|
|
|
|
ctx->v[0] += ctx->v[1];
|
|
|
|
ctx->v[2] += ctx->v[3];
|
|
|
|
ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
|
|
|
|
ctx->v[3] = SIP_ROTL(ctx->v[3], 16);
|
|
|
|
|
|
|
|
ctx->v[1] ^= ctx->v[0];
|
|
|
|
ctx->v[3] ^= ctx->v[2];
|
|
|
|
ctx->v[0] = SIP_ROTL(ctx->v[0], 32);
|
|
|
|
|
|
|
|
ctx->v[2] += ctx->v[1];
|
|
|
|
ctx->v[0] += ctx->v[3];
|
|
|
|
ctx->v[1] = SIP_ROTL(ctx->v[1], 17);
|
|
|
|
ctx->v[3] = SIP_ROTL(ctx->v[3], 21);
|
|
|
|
|
|
|
|
ctx->v[1] ^= ctx->v[2];
|
|
|
|
ctx->v[3] ^= ctx->v[0];
|
|
|
|
ctx->v[2] = SIP_ROTL(ctx->v[2], 32);
|
|
|
|
}
|
2022-07-18 15:00:30 +08:00
|
|
|
}
|
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
static void siphash_crounds(FAR SIPHASH_CTX *ctx, int rounds)
|
2022-07-18 15:00:30 +08:00
|
|
|
{
|
2022-07-27 19:51:53 +08:00
|
|
|
uint64_t m = lemtoh64((uint64_t *)ctx->buf);
|
2022-07-18 15:00:30 +08:00
|
|
|
|
2022-07-27 19:51:53 +08:00
|
|
|
ctx->v[3] ^= m;
|
|
|
|
siphash_rounds(ctx, rounds);
|
|
|
|
ctx->v[0] ^= m;
|
2022-07-18 15:00:30 +08:00
|
|
|
}
|