Add HalfSipHash 2-4 reference implementation

The HalfSipHash implementation has 32-bit keys and returns 32-bit value.

Add HalfSipHash 2-4 reference implementation
The HalfSipHash implementation has 32-bit keys and returns 32-bit value.
344d66aa · Ondřej Surý · 21d751df · 344d66aa · 344d66aa · 344d66aa
Commit 344d66aa authored Jul 16, 2020 by Ondřej Surý
4 changed files
--- a/lib/isc/include/isc/siphash.h
+++ b/lib/isc/include/isc/siphash.h
@@ -20,10 +20,16 @@
 #define ISC_SIPHASH24_KEY_LENGTH 128 / 8
 #define ISC_SIPHASH24_TAG_LENGTH 64 / 8

+#define ISC_HALFSIPHASH24_KEY_LENGTH 64 / 8
+#define ISC_HALFSIPHASH24_TAG_LENGTH 32 / 8
+
 ISC_LANG_BEGINDECLS

 void
 isc_siphash24(const uint8_t *key, const uint8_t *in, const size_t inlen,
 	      uint8_t *out);
+void
+isc_halfsiphash24(const uint8_t *key, const uint8_t *in, const size_t inlen,
+		  uint8_t *out);

 ISC_LANG_ENDDECLS
--- a/lib/isc/siphash.c
+++ b/lib/isc/siphash.c
@@ -34,24 +34,35 @@
 #define cROUNDS 2
 #define dROUNDS 4

-#define ROTATE(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
+#define ROTATE64(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))

-#define HALF_ROUND(a, b, c, d, s, t) \
-	a += b;                      \
-	c += d;                      \
-	b = ROTATE(b, s) ^ a;        \
-	d = ROTATE(d, t) ^ c;        \
-	a = ROTATE(a, 32);
+#define HALF_ROUND64(a, b, c, d, s, t) \
+	a += b;                        \
+	c += d;                        \
+	b = ROTATE64(b, s) ^ a;        \
+	d = ROTATE64(d, t) ^ c;        \
+	a = ROTATE64(a, 32);

-#define FULL_ROUND(v0, v1, v2, v3)          \
-	HALF_ROUND(v0, v1, v2, v3, 13, 16); \
-	HALF_ROUND(v2, v1, v0, v3, 17, 21);
+#define FULL_ROUND64(v0, v1, v2, v3)          \
+	HALF_ROUND64(v0, v1, v2, v3, 13, 16); \
+	HALF_ROUND64(v2, v1, v0, v3, 17, 21);

-#define DOUBLE_ROUND(v0, v1, v2, v3) \
-	FULL_ROUND(v0, v1, v2, v3)   \
-	FULL_ROUND(v0, v1, v2, v3)
+#define SIPROUND FULL_ROUND64

-#define SIPROUND FULL_ROUND
+#define ROTATE32(x, b) (uint32_t)(((x) << (b)) | ((x) >> (32 - (b))))
+
+#define HALF_ROUND32(a, b, c, d, s, t) \
+	a += b;                        \
+	c += d;                        \
+	b = ROTATE32(b, s) ^ a;        \
+	d = ROTATE32(d, t) ^ c;        \
+	a = ROTATE32(a, 16);
+
+#define FULL_ROUND32(v0, v1, v2, v3)        \
+	HALF_ROUND32(v0, v1, v2, v3, 5, 8); \
+	HALF_ROUND32(v2, v1, v0, v3, 13, 7);
+
+#define HALFSIPROUND FULL_ROUND32

 #define U32TO8_LE(p, v)                \
 	(p)[0] = (uint8_t)((v));       \
@@ -59,6 +70,10 @@
 	(p)[2] = (uint8_t)((v) >> 16); \
 	(p)[3] = (uint8_t)((v) >> 24);

+#define U8TO32_LE(p)                                        \
+	(((uint32_t)((p)[0])) | ((uint32_t)((p)[1]) << 8) | \
+	 ((uint32_t)((p)[2]) << 16) | ((uint32_t)((p)[3]) << 24))
+
 #define U64TO8_LE(p, v)                  \
 	U32TO8_LE((p), (uint32_t)((v))); \
 	U32TO8_LE((p) + 4, (uint32_t)((v) >> 32));
@@ -78,10 +93,10 @@ isc_siphash24(const uint8_t *k, const uint8_t *in, const size_t inlen,
 	uint64_t k0 = U8TO64_LE(k);
 	uint64_t k1 = U8TO64_LE(k + 8);

-	uint64_t v0 = 0x736f6d6570736575ULL ^ k0;
-	uint64_t v1 = 0x646f72616e646f6dULL ^ k1;
-	uint64_t v2 = 0x6c7967656e657261ULL ^ k0;
-	uint64_t v3 = 0x7465646279746573ULL ^ k1;
+	uint64_t v0 = UINT64_C(0x736f6d6570736575) ^ k0;
+	uint64_t v1 = UINT64_C(0x646f72616e646f6d) ^ k1;
+	uint64_t v2 = UINT64_C(0x6c7967656e657261) ^ k0;
+	uint64_t v3 = UINT64_C(0x7465646279746573) ^ k1;

 	uint64_t b = ((uint64_t)inlen) << 56;

@@ -147,3 +162,68 @@ isc_siphash24(const uint8_t *k, const uint8_t *in, const size_t inlen,

 	U64TO8_LE(out, b);
 }
+
+void
+isc_halfsiphash24(const uint8_t *k, const uint8_t *in, const size_t inlen,
+		  uint8_t *out) {
+	REQUIRE(k != NULL);
+	REQUIRE(out != NULL);
+
+	uint32_t k0 = U8TO32_LE(k);
+	uint32_t k1 = U8TO32_LE(k + 4);
+
+	uint32_t v0 = UINT32_C(0x00000000) ^ k0;
+	uint32_t v1 = UINT32_C(0x00000000) ^ k1;
+	uint32_t v2 = UINT32_C(0x6c796765) ^ k0;
+	uint32_t v3 = UINT32_C(0x74656462) ^ k1;
+
+	uint32_t b = ((uint32_t)inlen) << 24;
+
+	const uint8_t *end = in + inlen - (inlen % sizeof(uint32_t));
+	const int left = inlen & 3;
+
+	for (; in != end; in += 4) {
+		uint32_t m = U8TO32_LE(in);
+		v3 ^= m;
+
+		for (size_t i = 0; i < cROUNDS; ++i) {
+			HALFSIPROUND(v0, v1, v2, v3);
+		}
+
+		v0 ^= m;
+	}
+
+	switch (left) {
+	case 3:
+		b |= ((uint32_t)in[2]) << 16;
+	/* FALLTHROUGH */
+	case 2:
+		b |= ((uint32_t)in[1]) << 8;
+	/* FALLTHROUGH */
+	case 1:
+		b |= ((uint32_t)in[0]);
+	/* FALLTHROUGH */
+	case 0:
+		break;
+	default:
+		INSIST(0);
+		ISC_UNREACHABLE();
+	}
+
+	v3 ^= b;
+
+	for (size_t i = 0; i < cROUNDS; ++i) {
+		HALFSIPROUND(v0, v1, v2, v3);
+	}
+
+	v0 ^= b;
+
+	v2 ^= 0xff;
+
+	for (size_t i = 0; i < dROUNDS; ++i) {
+		HALFSIPROUND(v0, v1, v2, v3);
+	}
+
+	b = v1 ^ v3;
+	U32TO8_LE(out, b);
+}
--- a/lib/isc/tests/siphash_test.c
+++ b/lib/isc/tests/siphash_test.c
@@ -24,647 +24,106 @@

 #include "../siphash.c"

-const uint8_t vectors[64][8] = {
-	{
-		0x31,
-		0x0e,
-		0x0e,
-		0xdd,
-		0x47,
-		0xdb,
-		0x6f,
-		0x72,
-	},
-	{
-		0xfd,
-		0x67,
-		0xdc,
-		0x93,
-		0xc5,
-		0x39,
-		0xf8,
-		0x74,
-	},
-	{
-		0x5a,
-		0x4f,
-		0xa9,
-		0xd9,
-		0x09,
-		0x80,
-		0x6c,
-		0x0d,
-	},
-	{
-		0x2d,
-		0x7e,
-		0xfb,
-		0xd7,
-		0x96,
-		0x66,
-		0x67,
-		0x85,
-	},
-	{
-		0xb7,
-		0x87,
-		0x71,
-		0x27,
-		0xe0,
-		0x94,
-		0x27,
-		0xcf,
-	},
-	{
-		0x8d,
-		0xa6,
-		0x99,
-		0xcd,
-		0x64,
-		0x55,
-		0x76,
-		0x18,
-	},
-	{
-		0xce,
-		0xe3,
-		0xfe,
-		0x58,
-		0x6e,
-		0x46,
-		0xc9,
-		0xcb,
-	},
-	{
-		0x37,
-		0xd1,
-		0x01,
-		0x8b,
-		0xf5,
-		0x00,
-		0x02,
-		0xab,
-	},
-	{
-		0x62,
-		0x24,
-		0x93,
-		0x9a,
-		0x79,
-		0xf5,
-		0xf5,
-		0x93,
-	},
-	{
-		0xb0,
-		0xe4,
-		0xa9,
-		0x0b,
-		0xdf,
-		0x82,
-		0x00,
-		0x9e,
-	},
-	{
-		0xf3,
-		0xb9,
-		0xdd,
-		0x94,
-		0xc5,
-		0xbb,
-		0x5d,
-		0x7a,
-	},
-	{
-		0xa7,
-		0xad,
-		0x6b,
-		0x22,
-		0x46,
-		0x2f,
-		0xb3,
-		0xf4,
-	},
-	{
-		0xfb,
-		0xe5,
-		0x0e,
-		0x86,
-		0xbc,
-		0x8f,
-		0x1e,
-		0x75,
-	},
-	{
-		0x90,
-		0x3d,
-		0x84,
-		0xc0,
-		0x27,
-		0x56,
-		0xea,
-		0x14,
-	},
-	{
-		0xee,
-		0xf2,
-		0x7a,
-		0x8e,
-		0x90,
-		0xca,
-		0x23,
-		0xf7,
-	},
-	{
-		0xe5,
-		0x45,
-		0xbe,
-		0x49,
-		0x61,
-		0xca,
-		0x29,
-		0xa1,
-	},
-	{
-		0xdb,
-		0x9b,
-		0xc2,
-		0x57,
-		0x7f,
-		0xcc,
-		0x2a,
-		0x3f,
-	},
-	{
-		0x94,
-		0x47,
-		0xbe,
-		0x2c,
-		0xf5,
-		0xe9,
-		0x9a,
-		0x69,
-	},
-	{
-		0x9c,
-		0xd3,
-		0x8d,
-		0x96,
-		0xf0,
-		0xb3,
-		0xc1,
-		0x4b,
-	},
-	{
-		0xbd,
-		0x61,
-		0x79,
-		0xa7,
-		0x1d,
-		0xc9,
-		0x6d,
-		0xbb,
-	},
-	{
-		0x98,
-		0xee,
-		0xa2,
-		0x1a,
-		0xf2,
-		0x5c,
-		0xd6,
-		0xbe,
-	},
-	{
-		0xc7,
-		0x67,
-		0x3b,
-		0x2e,
-		0xb0,
-		0xcb,
-		0xf2,
-		0xd0,
-	},
-	{
-		0x88,
-		0x3e,
-		0xa3,
-		0xe3,
-		0x95,
-		0x67,
-		0x53,
-		0x93,
-	},
-	{
-		0xc8,
-		0xce,
-		0x5c,
-		0xcd,
-		0x8c,
-		0x03,
-		0x0c,
-		0xa8,
-	},
-	{
-		0x94,
-		0xaf,
-		0x49,
-		0xf6,
-		0xc6,
-		0x50,
-		0xad,
-		0xb8,
-	},
-	{
-		0xea,
-		0xb8,
-		0x85,
-		0x8a,
-		0xde,
-		0x92,
-		0xe1,
-		0xbc,
-	},
-	{
-		0xf3,
-		0x15,
-		0xbb,
-		0x5b,
-		0xb8,
-		0x35,
-		0xd8,
-		0x17,
-	},
-	{
-		0xad,
-		0xcf,
-		0x6b,
-		0x07,
-		0x63,
-		0x61,
-		0x2e,
-		0x2f,
-	},
-	{
-		0xa5,
-		0xc9,
-		0x1d,
-		0xa7,
-		0xac,
-		0xaa,
-		0x4d,
-		0xde,
-	},
-	{
-		0x71,
-		0x65,
-		0x95,
-		0x87,
-		0x66,
-		0x50,
-		0xa2,
-		0xa6,
-	},
-	{
-		0x28,
-		0xef,
-		0x49,
-		0x5c,
-		0x53,
-		0xa3,
-		0x87,
-		0xad,
-	},
-	{
-		0x42,
-		0xc3,
-		0x41,
-		0xd8,
-		0xfa,
-		0x92,
-		0xd8,
-		0x32,
-	},
-	{
-		0xce,
-		0x7c,
-		0xf2,
-		0x72,
-		0x2f,
-		0x51,
-		0x27,
-		0x71,
-	},
-	{
-		0xe3,
-		0x78,
-		0x59,
-		0xf9,
-		0x46,
-		0x23,
-		0xf3,
-		0xa7,
-	},
-	{
-		0x38,
-		0x12,
-		0x05,
-		0xbb,
-		0x1a,
-		0xb0,
-		0xe0,
-		0x12,
-	},
-	{
-		0xae,
-		0x97,
-		0xa1,
-		0x0f,
-		0xd4,
-		0x34,
-		0xe0,
-		0x15,
-	},
-	{
-		0xb4,
-		0xa3,
-		0x15,
-		0x08,
-		0xbe,
-		0xff,
-		0x4d,
-		0x31,
-	},
-	{
-		0x81,
-		0x39,
-		0x62,
-		0x29,
-		0xf0,
-		0x90,
-		0x79,
-		0x02,
-	},
-	{
-		0x4d,
-		0x0c,
-		0xf4,
-		0x9e,
-		0xe5,
-		0xd4,
-		0xdc,
-		0xca,
-	},
-	{
-		0x5c,
-		0x73,
-		0x33,
-		0x6a,
-		0x76,
-		0xd8,
-		0xbf,
-		0x9a,
-	},
-	{
-		0xd0,
-		0xa7,
-		0x04,
-		0x53,
-		0x6b,
-		0xa9,
-		0x3e,
-		0x0e,
-	},
-	{
-		0x92,
-		0x59,
-		0x58,
-		0xfc,
-		0xd6,
-		0x42,
-		0x0c,
-		0xad,
-	},
-	{
-		0xa9,
-		0x15,
-		0xc2,
-		0x9b,
-		0xc8,
-		0x06,
-		0x73,
-		0x18,
-	},
-	{
-		0x95,
-		0x2b,
-		0x79,
-		0xf3,
-		0xbc,
-		0x0a,
-		0xa6,
-		0xd4,
-	},
-	{
-		0xf2,
-		0x1d,
-		0xf2,
-		0xe4,
-		0x1d,
-		0x45,
-		0x35,
-		0xf9,
-	},
-	{
-		0x87,
-		0x57,
-		0x75,
-		0x19,
-		0x04,
-		0x8f,
-		0x53,
-		0xa9,
-	},
-	{
-		0x10,
-		0xa5,
-		0x6c,
-		0xf5,
-		0xdf,
-		0xcd,
-		0x9a,
-		0xdb,
-	},
-	{
-		0xeb,
-		0x75,
-		0x09,
-		0x5c,
-		0xcd,
-		0x98,
-		0x6c,
-		0xd0,
-	},
-	{
-		0x51,
-		0xa9,
-		0xcb,
-		0x9e,
-		0xcb,
-		0xa3,
-		0x12,
-		0xe6,
-	},
-	{
-		0x96,
-		0xaf,
-		0xad,
-		0xfc,
-		0x2c,
-		0xe6,
-		0x66,
-		0xc7,
-	},
-	{
-		0x72,
-		0xfe,