Botan  2.6.0
Crypto and TLS for C++11
siphash.cpp
Go to the documentation of this file.
1 /*
2 * SipHash
3 * (C) 2014,2015 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/siphash.h>
9 
10 namespace Botan {
11 
12 namespace {
13 
14 void SipRounds(uint64_t M, secure_vector<uint64_t>& V, size_t r)
15  {
16  uint64_t V0 = V[0], V1 = V[1], V2 = V[2], V3 = V[3];
17 
18  V3 ^= M;
19  for(size_t i = 0; i != r; ++i)
20  {
21  V0 += V1; V2 += V3;
22  V1 = rotl<13>(V1);
23  V3 = rotl<16>(V3);
24  V1 ^= V0; V3 ^= V2;
25  V0 = rotl<32>(V0);
26 
27  V2 += V1; V0 += V3;
28  V1 = rotl<17>(V1);
29  V3 = rotl<21>(V3);
30  V1 ^= V2; V3 ^= V0;
31  V2 = rotl<32>(V2);
32  }
33  V0 ^= M;
34 
35  V[0] = V0; V[1] = V1; V[2] = V2; V[3] = V3;
36  }
37 
38 }
39 
40 void SipHash::add_data(const uint8_t input[], size_t length)
41  {
42  verify_key_set(m_V.empty() == false);
43 
44  // SipHash counts the message length mod 256
45  m_words += static_cast<uint8_t>(length);
46 
47  if(m_mbuf_pos)
48  {
49  while(length && m_mbuf_pos != 8)
50  {
51  m_mbuf = (m_mbuf >> 8) | (static_cast<uint64_t>(input[0]) << 56);
52  ++m_mbuf_pos;
53  ++input;
54  length--;
55  }
56 
57  if(m_mbuf_pos == 8)
58  {
59  SipRounds(m_mbuf, m_V, m_C);
60  m_mbuf_pos = 0;
61  m_mbuf = 0;
62  }
63  }
64 
65  while(length >= 8)
66  {
67  SipRounds(load_le<uint64_t>(input, 0), m_V, m_C);
68  input += 8;
69  length -= 8;
70  }
71 
72  for(size_t i = 0; i != length; ++i)
73  {
74  m_mbuf = (m_mbuf >> 8) | (static_cast<uint64_t>(input[i]) << 56);
75  m_mbuf_pos++;
76  }
77  }
78 
79 void SipHash::final_result(uint8_t mac[])
80  {
81  verify_key_set(m_V.empty() == false);
82 
83  if(m_mbuf_pos == 0)
84  {
85  m_mbuf = (static_cast<uint64_t>(m_words) << 56);
86  }
87  else if(m_mbuf_pos < 8)
88  {
89  m_mbuf = (m_mbuf >> (64-m_mbuf_pos*8)) | (static_cast<uint64_t>(m_words) << 56);
90  }
91 
92  SipRounds(m_mbuf, m_V, m_C);
93 
94  m_V[2] ^= 0xFF;
95  SipRounds(0, m_V, m_D);
96 
97  const uint64_t X = m_V[0] ^ m_V[1] ^ m_V[2] ^ m_V[3];
98 
99  store_le(X, mac);
100 
101  clear();
102  }
103 
104 void SipHash::key_schedule(const uint8_t key[], size_t)
105  {
106  const uint64_t K0 = load_le<uint64_t>(key, 0);
107  const uint64_t K1 = load_le<uint64_t>(key, 1);
108 
109  m_V.resize(4);
110  m_V[0] = K0 ^ 0x736F6D6570736575;
111  m_V[1] = K1 ^ 0x646F72616E646F6D;
112  m_V[2] = K0 ^ 0x6C7967656E657261;
113  m_V[3] = K1 ^ 0x7465646279746573;
114  }
115 
117  {
118  zap(m_V);
119  m_mbuf = 0;
120  m_mbuf_pos = 0;
121  m_words = 0;
122  }
123 
124 std::string SipHash::name() const
125  {
126  return "SipHash(" + std::to_string(m_C) + "," + std::to_string(m_D) + ")";
127  }
128 
130  {
131  return new SipHash(m_C, m_D);
132  }
133 
134 }
fe X
Definition: ge.cpp:27
void verify_key_set(bool cond) const
Definition: sym_algo.h:95
void zap(std::vector< T, Alloc > &vec)
Definition: secmem.h:193
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:145
std::string name() const override
Definition: siphash.cpp:124
SipHash(size_t c=2, size_t d=4)
Definition: siphash.h:18
MessageAuthenticationCode * clone() const override
Definition: siphash.cpp:129
uint64_t load_le< uint64_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:235
void clear() override
Definition: siphash.cpp:116
Definition: alg_id.cpp:13
void store_le(uint16_t in, uint8_t out[2])
Definition: loadstor.h:450