/src/boringssl/crypto/siphash/siphash.cc

Source (jump to first uncovered line)
// Copyright 2019 The BoringSSL Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <stdint.h>
#include <string.h>

#include <openssl/siphash.h>

#include "../internal.h"


static void siphash_round(uint64_t v[4]) {
  v[0] += v[1];
  v[2] += v[3];
  v[1] = CRYPTO_rotl_u64(v[1], 13);
  v[3] = CRYPTO_rotl_u64(v[3], 16);
  v[1] ^= v[0];
  v[3] ^= v[2];
  v[0] = CRYPTO_rotl_u64(v[0], 32);
  v[2] += v[1];
  v[0] += v[3];
  v[1] = CRYPTO_rotl_u64(v[1], 17);
  v[3] = CRYPTO_rotl_u64(v[3], 21);
  v[1] ^= v[2];
  v[3] ^= v[0];
  v[2] = CRYPTO_rotl_u64(v[2], 32);
}

uint64_t SIPHASH_24(const uint64_t key[2], const uint8_t *input,
                    size_t input_len) {
  const size_t orig_input_len = input_len;

  uint64_t v[4];
  v[0] = key[0] ^ UINT64_C(0x736f6d6570736575);
  v[1] = key[1] ^ UINT64_C(0x646f72616e646f6d);
  v[2] = key[0] ^ UINT64_C(0x6c7967656e657261);
  v[3] = key[1] ^ UINT64_C(0x7465646279746573);

  while (input_len >= sizeof(uint64_t)) {
    uint64_t m = CRYPTO_load_u64_le(input);
    v[3] ^= m;
    siphash_round(v);
    siphash_round(v);
    v[0] ^= m;

    input += sizeof(uint64_t);
    input_len -= sizeof(uint64_t);
  }

  uint8_t last_block[8];
  OPENSSL_memset(last_block, 0, sizeof(last_block));
  OPENSSL_memcpy(last_block, input, input_len);
  last_block[7] = orig_input_len & 0xff;

  uint64_t last_block_word = CRYPTO_load_u64_le(last_block);
  v[3] ^= last_block_word;
  siphash_round(v);
  siphash_round(v);
  v[0] ^= last_block_word;

  v[2] ^= 0xff;
  siphash_round(v);
  siphash_round(v);
  siphash_round(v);
  siphash_round(v);

  return v[0] ^ v[1] ^ v[2] ^ v[3];
}

Coverage Report

Created: 2025-06-11 06:41

Line	Count	Source (jump to first uncovered line)
1		// Copyright 2019 The BoringSSL Authors
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <stdint.h>
16		#include <string.h>
17
18		#include <openssl/siphash.h>
19
20		#include "../internal.h"
21
22
23	0	static void siphash_round(uint64_t v[4]) {
24	0	v[0] += v[1];
25	0	v[2] += v[3];
26	0	v[1] = CRYPTO_rotl_u64(v[1], 13);
27	0	v[3] = CRYPTO_rotl_u64(v[3], 16);
28	0	v[1] ^= v[0];
29	0	v[3] ^= v[2];
30	0	v[0] = CRYPTO_rotl_u64(v[0], 32);
31	0	v[2] += v[1];
32	0	v[0] += v[3];
33	0	v[1] = CRYPTO_rotl_u64(v[1], 17);
34	0	v[3] = CRYPTO_rotl_u64(v[3], 21);
35	0	v[1] ^= v[2];
36	0	v[3] ^= v[0];
37	0	v[2] = CRYPTO_rotl_u64(v[2], 32);
38	0	}
39
40		uint64_t SIPHASH_24(const uint64_t key[2], const uint8_t *input,
41	0	size_t input_len) {
42	0	const size_t orig_input_len = input_len;
43
44	0	uint64_t v[4];
45	0	v[0] = key[0] ^ UINT64_C(0x736f6d6570736575);
46	0	v[1] = key[1] ^ UINT64_C(0x646f72616e646f6d);
47	0	v[2] = key[0] ^ UINT64_C(0x6c7967656e657261);
48	0	v[3] = key[1] ^ UINT64_C(0x7465646279746573);
49
50	0	while (input_len >= sizeof(uint64_t)) {
51	0	uint64_t m = CRYPTO_load_u64_le(input);
52	0	v[3] ^= m;
53	0	siphash_round(v);
54	0	siphash_round(v);
55	0	v[0] ^= m;
56
57	0	input += sizeof(uint64_t);
58	0	input_len -= sizeof(uint64_t);
59	0	}
60
61	0	uint8_t last_block[8];
62	0	OPENSSL_memset(last_block, 0, sizeof(last_block));
63	0	OPENSSL_memcpy(last_block, input, input_len);
64	0	last_block[7] = orig_input_len & 0xff;
65
66	0	uint64_t last_block_word = CRYPTO_load_u64_le(last_block);
67	0	v[3] ^= last_block_word;
68	0	siphash_round(v);
69	0	siphash_round(v);
70	0	v[0] ^= last_block_word;
71
72	0	v[2] ^= 0xff;
73	0	siphash_round(v);
74	0	siphash_round(v);
75	0	siphash_round(v);
76	0	siphash_round(v);
77
78	0	return v[0] ^ v[1] ^ v[2] ^ v[3];
79	0	}