From 8463aef09fe4c6e3806e3b8a4c967c297302b96f Mon Sep 17 00:00:00 2001 From: Elichai Turkel Date: Tue, 28 Jan 2020 18:50:00 +0200 Subject: [PATCH 1/2] Optimized siphash implementation Github-Pull: #18014 Rebased-From: 409c2e345225716a29c856b24e1c232a643a52ef --- src/crypto/siphash.cpp | 60 +++++++++++++++++++++++++++++++----------- src/crypto/siphash.h | 4 +-- 2 files changed, 47 insertions(+), 17 deletions(-) diff --git a/src/crypto/siphash.cpp b/src/crypto/siphash.cpp index 8004a0548e..e2f196e1a9 100644 --- a/src/crypto/siphash.cpp +++ b/src/crypto/siphash.cpp @@ -2,8 +2,10 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. +#include #include +#include #include #define SIPROUND do { \ @@ -22,14 +24,14 @@ CSipHasher::CSipHasher(uint64_t k0, uint64_t k1) v[2] = 0x6c7967656e657261ULL ^ k0; v[3] = 0x7465646279746573ULL ^ k1; count = 0; - tmp = 0; + tail = 0; } CSipHasher& CSipHasher::Write(uint64_t data) { uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3]; - assert(count % 8 == 0); + assert((count & 0x07) == 0); v3 ^= data; SIPROUND; @@ -45,31 +47,57 @@ CSipHasher& CSipHasher::Write(uint64_t data) return *this; } + +/// Load a uint64_t from 0 to 7 bytes. +inline uint64_t ReadU64ByLenLE(const unsigned char* data, size_t len) +{ + assert(len < 8); + uint64_t out = 0; + for (size_t i = 0; i < len; ++i) { + out |= (uint64_t)data[i] << (i * 8); + } + return out; +} + CSipHasher& CSipHasher::Write(Span data) { uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3]; - uint64_t t = tmp; - uint8_t c = count; + auto ntail = count & 0x07; + count += data.size(); - while (data.size() > 0) { - t |= uint64_t{data.front()} << (8 * (c % 8)); - c++; - if ((c & 7) == 0) { - v3 ^= t; + size_t needed = 0; + + if (ntail != 0) { + needed = 8 - ntail; + tail |= ReadU64ByLenLE(data.data(), std::min(data.size(), needed)) << 8 * ntail; + if (data.size() < needed) { + return *this; + } else { + v3 ^= tail; SIPROUND; SIPROUND; - v0 ^= t; - t = 0; + v0 ^= tail; } - data = data.subspan(1); + } + + size_t len = data.size() - needed; + auto left = len & 0x07; + + auto i = needed; + while (i < len - left) { + uint64_t mi = ReadLE64(data.data() + i); + v3 ^= mi; + SIPROUND; + SIPROUND; + v0 ^= mi; + i += 8; } v[0] = v0; v[1] = v1; v[2] = v2; v[3] = v3; - count = c; - tmp = t; + tail = ReadU64ByLenLE(data.data() + i, left); return *this; } @@ -78,12 +106,14 @@ uint64_t CSipHasher::Finalize() const { uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3]; - uint64_t t = tmp | (((uint64_t)count) << 56); + + uint64_t t = tail | (((uint64_t)count) << 56); v3 ^= t; SIPROUND; SIPROUND; v0 ^= t; + v2 ^= 0xFF; SIPROUND; SIPROUND; diff --git a/src/crypto/siphash.h b/src/crypto/siphash.h index 4fb3dc2f25..4f174c944b 100644 --- a/src/crypto/siphash.h +++ b/src/crypto/siphash.h @@ -15,8 +15,8 @@ class CSipHasher { private: uint64_t v[4]; - uint64_t tmp; - uint8_t count; // Only the low 8 bits of the input size matter. + uint64_t tail; // bytes that weren't processed yet. + uint8_t count; // total amount of bytes inputted. public: /** Construct a SipHash calculator initialized with 128-bit key (k0, k1) */ From 21a3dd41987abe4652a78c8cce5f9d98796447cc Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Tue, 12 Dec 2023 23:35:05 +0000 Subject: [PATCH 2/2] Diff-minimise --- src/crypto/siphash.cpp | 16 +++++++--------- src/crypto/siphash.h | 4 ++-- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/src/crypto/siphash.cpp b/src/crypto/siphash.cpp index e2f196e1a9..2554d27a34 100644 --- a/src/crypto/siphash.cpp +++ b/src/crypto/siphash.cpp @@ -24,14 +24,14 @@ CSipHasher::CSipHasher(uint64_t k0, uint64_t k1) v[2] = 0x6c7967656e657261ULL ^ k0; v[3] = 0x7465646279746573ULL ^ k1; count = 0; - tail = 0; + tmp = 0; } CSipHasher& CSipHasher::Write(uint64_t data) { uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3]; - assert((count & 0x07) == 0); + assert(count % 8 == 0); v3 ^= data; SIPROUND; @@ -69,14 +69,14 @@ CSipHasher& CSipHasher::Write(Span data) if (ntail != 0) { needed = 8 - ntail; - tail |= ReadU64ByLenLE(data.data(), std::min(data.size(), needed)) << 8 * ntail; + tmp |= ReadU64ByLenLE(data.data(), std::min(data.size(), needed)) << 8 * ntail; if (data.size() < needed) { return *this; } else { - v3 ^= tail; + v3 ^= tmp; SIPROUND; SIPROUND; - v0 ^= tail; + v0 ^= tmp; } } @@ -97,7 +97,7 @@ CSipHasher& CSipHasher::Write(Span data) v[1] = v1; v[2] = v2; v[3] = v3; - tail = ReadU64ByLenLE(data.data() + i, left); + tmp = ReadU64ByLenLE(data.data() + i, left); return *this; } @@ -106,14 +106,12 @@ uint64_t CSipHasher::Finalize() const { uint64_t v0 = v[0], v1 = v[1], v2 = v[2], v3 = v[3]; - - uint64_t t = tail | (((uint64_t)count) << 56); + uint64_t t = tmp | (((uint64_t)count) << 56); v3 ^= t; SIPROUND; SIPROUND; v0 ^= t; - v2 ^= 0xFF; SIPROUND; SIPROUND; diff --git a/src/crypto/siphash.h b/src/crypto/siphash.h index 4f174c944b..4fb3dc2f25 100644 --- a/src/crypto/siphash.h +++ b/src/crypto/siphash.h @@ -15,8 +15,8 @@ class CSipHasher { private: uint64_t v[4]; - uint64_t tail; // bytes that weren't processed yet. - uint8_t count; // total amount of bytes inputted. + uint64_t tmp; + uint8_t count; // Only the low 8 bits of the input size matter. public: /** Construct a SipHash calculator initialized with 128-bit key (k0, k1) */