External/passt
1
0
Fork 0
mirror of https://passt.top/passt synced 2024-07-03 00:12:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
831067f483
passt/siphash.c
David Gibson 831067f483 siphash: Clean up hash finalisation with posthash_final() function 
The POSTAMBLE macro implements the finalisation steps of SipHash.  It
relies on some variables in the environment, including returning the final
hash value that way.  That isn't great hygeine.

In addition the PREAMBLE macro takes a length parameter which is used only
to initialize the 'b' value that's not used until the finalisation and is
also sometimes modified in a non-obvious way by the callers.

The 'b' value is always composed from the total length of the hash input
plus up to 7 bytes of "tail" data - that is the remainder of the hash input
after a multiple of 8 bytes has been consumed.

Simplify all this by replacing the POSTAMBLE macro with a siphash_final()
function which takes the length and tail data as parameters and returns the
final hash value.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-09-30 12:40:40 +02:00

236 lines
6.6 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0-or-later
/* PASST - Plug A Simple Socket Transport
* for qemu/UNIX domain socket mode
*
* PASTA - Pack A Subtle Tap Abstraction
* for network namespace/tap device mode
*
* siphash.c - SipHash routines
*
* Copyright (c) 2020-2021 Red Hat GmbH
* Author: Stefano Brivio <sbrivio@redhat.com>
*
* This is an implementation of the SipHash-2-4-64 functions needed for TCP
* initial sequence numbers and socket lookup table hash for IPv4 and IPv6, see:
*
* Aumasson, J.P. and Bernstein, D.J., 2012, December. SipHash: a fast
* short-input PRF. In International Conference on Cryptology in India
* (pp. 489-508). Springer, Berlin, Heidelberg.
*
* http://cr.yp.to/siphash/siphash-20120918.pdf
*
* This includes code from the reference SipHash implementation at
* https://github.com/veorq/SipHash/ originally licensed as follows:
*
* --
* SipHash reference C implementation
*
* Copyright (c) 2012-2021 Jean-Philippe Aumasson
* <jeanphilippe.aumasson@gmail.com>
* Copyright (c) 2012-2014 Daniel J. Bernstein <djb@cr.yp.to>
*
* To the extent possible under law, the author(s) have dedicated all copyright
* and related and neighboring rights to this software to the public domain
* worldwide. This software is distributed without any warranty.
*
* You should have received a copy of the CC0 Public Domain Dedication along
* with
* this software. If not, see
* <http://creativecommons.org/publicdomain/zero/1.0/>.
* --
*
* and from the Linux kernel implementation (lib/siphash.c), originally licensed
* as follows:
*
* --
* Copyright (C) 2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*
* This file is provided under a dual BSD/GPLv2 license.
* --
*
*/
#include <stddef.h>
#include <stdint.h>
#include "siphash.h"
#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
#define PREAMBLE \
uint64_t v[4] = { 0x736f6d6570736575ULL, 0x646f72616e646f6dULL, \
0x6c7967656e657261ULL, 0x7465646279746573ULL }; \
int __i; \
\
do { \
for (__i = sizeof(v) / sizeof(v[0]) - 1; __i >= 0; __i--) \
v[__i] = k[__i % 2]; \
} while (0)
/**
* sipround() - Perform rounds of SipHash scrambling
* @v: siphash state (4 x 64-bit integers)
* @n: Number of rounds to apply
*/
static inline void sipround(uint64_t *v, int n)
{
int i;
for (i = 0; i < n; i++) {
v[0] += v[1];
v[1] = ROTL(v[1], 13) ^ v[0];
v[0] = ROTL(v[0], 32);
v[2] += v[3];
v[3] = ROTL(v[3], 16) ^ v[2];
v[0] += v[3];
v[3] = ROTL(v[3], 21) ^ v[0];
v[2] += v[1];
v[1] = ROTL(v[1], 17) ^ v[2];
v[2] = ROTL(v[2], 32);
}
}
/**
* siphash_feed() - Fold 64-bits of data into the hash state
* @v: siphash state (4 x 64-bit integers)
* @in: New value to fold into hash
*/
static inline void siphash_feed(uint64_t *v, uint64_t in)
{
v[3] ^= in;
sipround(v, 2);
v[0] ^= in;
}
/**
* siphash_final - Finalize SipHash calculations
* @v: siphash state (4 x 64-bit integers)
* @len: Total length of input data
* @tail: Final data for the hash (<= 7 bytes)
*/
static inline uint64_t siphash_final(uint64_t *v, size_t len, uint64_t tail)
{
uint64_t b = (uint64_t)(len) << 56 | tail;
siphash_feed(v, b);
v[2] ^= 0xff;
sipround(v, 4);
return v[0] ^ v[1] ^ v[2] ^ v[3];
}
/**
* siphash_8b() - Table index or timestamp offset for TCP over IPv4 (8 bytes in)
* @in: Input data (remote address and two ports, or two addresses)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* Type-Based Alias Analysis (TBAA) optimisation in gcc 11 and 12 (-flto -O2)
* makes these functions essentially useless by allowing reordering of stores of
* input data across function calls. Not even declaring @in as char pointer is
* enough: disable gcc's interpretation of strict aliasing altogether. See also:
*
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106706
* https://stackoverflow.com/questions/2958633/gcc-strict-aliasing-and-horror-stories
* https://lore.kernel.org/all/alpine.LFD.2.00.0901121128080.6528__33422.5328093909$1232291247$gmane$org@localhost.localdomain/
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing")))
/* cppcheck-suppress unusedFunction */
uint64_t siphash_8b(const uint8_t *in, const uint64_t *k)
{
PREAMBLE;
siphash_feed(v, *(uint64_t *)in);
return siphash_final(v, 8, 0);
}
/**
* siphash_12b() - Initial sequence number for TCP over IPv4 (12 bytes in)
* @in: Input data (two addresses, two ports)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See siphash_8b() */
/* cppcheck-suppress unusedFunction */
uint64_t siphash_12b(const uint8_t *in, const uint64_t *k)
{
uint32_t *in32 = (uint32_t *)in;
PREAMBLE;
siphash_feed(v, (uint64_t)(*(in32 + 1)) << 32 | *in32);
return siphash_final(v, 12, *(in32 + 2));
}
/**
* siphash_20b() - Table index for TCP over IPv6 (20 bytes in)
* @in: Input data (remote address, two ports)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See siphash_8b() */
uint64_t siphash_20b(const uint8_t *in, const uint64_t *k)
{
uint32_t *in32 = (uint32_t *)in;
int i;
PREAMBLE;
for (i = 0; i < 2; i++, in32 += 2)
siphash_feed(v, (uint64_t)(*(in32 + 1)) << 32 | *in32);
return siphash_final(v, 20, *in32);
}
/**
* siphash_32b() - Timestamp offset for TCP over IPv6 (32 bytes in)
* @in: Input data (two addresses)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See siphash_8b() */
/* cppcheck-suppress unusedFunction */
uint64_t siphash_32b(const uint8_t *in, const uint64_t *k)
{
uint64_t *in64 = (uint64_t *)in;
int i;
PREAMBLE;
for (i = 0; i < 4; i++, in64++)
siphash_feed(v, *in64);
return siphash_final(v, 32, 0);
}
/**
* siphash_36b() - Initial sequence number for TCP over IPv6 (36 bytes in)
* @in: Input data (two addresses, two ports)
* @k: Hash function key, 128 bits
*
* Return: the 64-bit hash output
*/
/* NOLINTNEXTLINE(clang-diagnostic-unknown-attributes) */
__attribute__((optimize("-fno-strict-aliasing"))) /* See siphash_8b() */
uint64_t siphash_36b(const uint8_t *in, const uint64_t *k)
{
uint32_t *in32 = (uint32_t *)in;
int i;
PREAMBLE;
for (i = 0; i < 4; i++, in32 += 2)
siphash_feed(v, (uint64_t)(*(in32 + 1)) << 32 | *in32);
return siphash_final(v, 36, *in32);
}
Reference in New Issue View Git Blame Copy Permalink