1 /*- 2 * Copyright © 2011, 2014 3 * Thorsten Glaser <tg@mirbsd.org> 4 * 5 * Provided that these terms and disclaimer and all copyright notices 6 * are retained or reproduced in an accompanying document, permission 7 * is granted to deal in this work without restriction, including un‐ 8 * limited rights to use, publicly perform, distribute, sell, modify, 9 * merge, give away, or sublicence. 10 * 11 * This work is provided “AS IS” and WITHOUT WARRANTY of any kind, to 12 * the utmost extent permitted by applicable law, neither express nor 13 * implied; without malicious intent or gross negligence. In no event 14 * may a licensor, author or contributor be held liable for indirect, 15 * direct, other damage, loss, or other issues arising in any way out 16 * of dealing in the work, even if advised of the possibility of such 17 * damage or existence of a defect, except proven that it results out 18 * of said person’s immediate fault when using the work as intended. 19 *- 20 * This file provides BAFH (Better Avalanche for the Jenkins Hash) as 21 * inline macro bodies that operate on “register uint32_t” variables, 22 * with variants that use their local intermediate registers. 23 * 24 * Usage note for BAFH with entropy distribution: input up to 4 bytes 25 * is best combined into a 32-bit unsigned integer, which is then run 26 * through BAFHFinish_reg for mixing and then used as context instead 27 * of 0. Longer input should be handled the same: take the first four 28 * bytes as IV after mixing then add subsequent bytes the same way. 29 * This needs counting input bytes and is endian-dependent, thus not, 30 * for speed reasons, specified for the regular stable hash, but very 31 * much recommended if the actual output value may differ across runs 32 * (so is using a random value instead of 0 for the IV). 33 *- 34 * Little quote gem: 35 * We are looking into it. Changing the core 36 * hash function in PHP isn't a trivial change 37 * and will take us some time. 38 * -- Rasmus Lerdorf 39 */ 40 41 #ifndef SYSKERN_MIRHASH_H 42 #define SYSKERN_MIRHASH_H 1 43 #define SYSKERN_MIRHASH_BAFH 44 45 #include <sys/types.h> 46 47 __RCSID("$MirOS: src/bin/mksh/mirhash.h,v 1.3 2014/10/02 19:34:06 tg Exp $"); 48 49 /*- 50 * BAFH itself is defined by the following primitives: 51 * 52 * • BAFHInit(ctx) initialises the hash context, which consists of a 53 * sole 32-bit unsigned integer (ideally in a register), to 0. 54 * It is possible to use any initial value out of [0; 2³²[ – which 55 * is, in fact, recommended if using BAFH for entropy distribution 56 * – but for a regular stable hash, the IV 0 is needed. 57 * 58 * • BAFHUpdateOctet(ctx,val) compresses the unsigned 8-bit quantity 59 * into the hash context. The algorithm used is Jenkins’ one-at-a- 60 * time, except that an additional constant 1 is added so that, if 61 * the context is (still) zero, adding a NUL byte is not ignored. 62 * 63 * • BAFHror(eax,cl) evaluates to the unsigned 32-bit integer “eax”, 64 * rotated right by “cl” ∈ [0;31]; no casting, be careful! 65 * 66 * • BAFHFinish(ctx) avalanches the context around so every sub-byte 67 * depends on all input octets; afterwards, the context variable’s 68 * value is the hash output. BAFH does not use any padding, nor is 69 * the input length added; this is due to the common use case (for 70 * quick entropy distribution and use with a hashtable). 71 * Warning: BAFHFinish uses the MixColumn algorithm of AES – which 72 * is reversible (to avoid introducing funnels and reducing entro‐ 73 * py), so blinding may need to be employed for some uses, e.g. in 74 * mksh, after a fork. 75 * 76 * The BAFHUpdateOctet and BAFHFinish are available in two flavours: 77 * suffixed with _reg (assumes the context is in a register) or _mem 78 * (which doesn’t). 79 * 80 * The following high-level macros (with _reg and _mem variants) are 81 * available: 82 * 83 * • BAFHUpdateMem(ctx,buf,len) adds a memory block to a context. 84 * • BAFHUpdateStr(ctx,buf) is equivalent to using len=strlen(buf). 85 * • BAFHHostMem(ctx,buf,len) calculates the hash of the memory buf‐ 86 * fer using the first 4 octets (mixed) for IV, as outlined above; 87 * the result is endian-dependent; “ctx” assumed to be a register. 88 * • BAFHHostStr(ctx,buf) does the same for C strings. 89 * 90 * All macros may use ctx multiple times in their expansion, but all 91 * other arguments are always evaluated at most once. 92 * 93 * To stay portable, never use the BAFHHost*() macros (these are for 94 * host-local entropy shuffling), and encode numbers using ULEB128. 95 */ 96 97 #define BAFHInit(h) do { \ 98 (h) = 0; \ 99 } while (/* CONSTCOND */ 0) 100 101 #define BAFHUpdateOctet_reg(h,b) do { \ 102 (h) += (uint8_t)(b); \ 103 ++(h); \ 104 (h) += (h) << 10; \ 105 (h) ^= (h) >> 6; \ 106 } while (/* CONSTCOND */ 0) 107 108 #define BAFHUpdateOctet_mem(m,b) do { \ 109 register uint32_t BAFH_h = (m); \ 110 \ 111 BAFHUpdateOctet_reg(BAFH_h, (b)); \ 112 (m) = BAFH_h; \ 113 } while (/* CONSTCOND */ 0) 114 115 #define BAFHror(eax,cl) (((eax) >> (cl)) | ((eax) << (32 - (cl)))) 116 117 #define BAFHFinish_reg(h) do { \ 118 register uint32_t BAFHFinish_v; \ 119 \ 120 BAFHFinish_v = ((h) >> 7) & 0x01010101U; \ 121 BAFHFinish_v += BAFHFinish_v << 1; \ 122 BAFHFinish_v += BAFHFinish_v << 3; \ 123 BAFHFinish_v ^= ((h) << 1) & 0xFEFEFEFEU; \ 124 \ 125 BAFHFinish_v ^= BAFHror(BAFHFinish_v, 8); \ 126 BAFHFinish_v ^= ((h) = BAFHror((h), 8)); \ 127 BAFHFinish_v ^= ((h) = BAFHror((h), 8)); \ 128 (h) = BAFHror((h), 8) ^ BAFHFinish_v; \ 129 } while (/* CONSTCOND */ 0) 130 131 #define BAFHFinish_mem(m) do { \ 132 register uint32_t BAFHFinish_v, BAFH_h = (m); \ 133 \ 134 BAFHFinish_v = (BAFH_h >> 7) & 0x01010101U; \ 135 BAFHFinish_v += BAFHFinish_v << 1; \ 136 BAFHFinish_v += BAFHFinish_v << 3; \ 137 BAFHFinish_v ^= (BAFH_h << 1) & 0xFEFEFEFEU; \ 138 \ 139 BAFHFinish_v ^= BAFHror(BAFHFinish_v, 8); \ 140 BAFHFinish_v ^= (BAFH_h = BAFHror(BAFH_h, 8)); \ 141 BAFHFinish_v ^= (BAFH_h = BAFHror(BAFH_h, 8)); \ 142 (m) = BAFHror(BAFH_h, 8) ^ BAFHFinish_v; \ 143 } while (/* CONSTCOND */ 0) 144 145 #define BAFHUpdateMem_reg(h,p,z) do { \ 146 register const uint8_t *BAFHUpdate_p; \ 147 register size_t BAFHUpdate_z = (z); \ 148 \ 149 BAFHUpdate_p = (const void *)(p); \ 150 while (BAFHUpdate_z--) \ 151 BAFHUpdateOctet_reg((h), *BAFHUpdate_p++); \ 152 } while (/* CONSTCOND */ 0) 153 154 /* meh should have named them _r/m but that’s not valid C */ 155 #define BAFHUpdateMem_mem(m,p,z) do { \ 156 register uint32_t BAFH_h = (m); \ 157 \ 158 BAFHUpdateMem_reg(BAFH_h, (p), (z)); \ 159 (m) = BAFH_h; \ 160 } while (/* CONSTCOND */ 0) 161 162 #define BAFHUpdateStr_reg(h,s) do { \ 163 register const uint8_t *BAFHUpdate_s; \ 164 register uint8_t BAFHUpdate_c; \ 165 \ 166 BAFHUpdate_s = (const void *)(s); \ 167 while ((BAFHUpdate_c = *BAFHUpdate_s++) != 0) \ 168 BAFHUpdateOctet_reg((h), BAFHUpdate_c); \ 169 } while (/* CONSTCOND */ 0) 170 171 #define BAFHUpdateStr_mem(m,s) do { \ 172 register uint32_t BAFH_h = (m); \ 173 \ 174 BAFHUpdateStr_reg(BAFH_h, (s)); \ 175 (m) = BAFH_h; \ 176 } while (/* CONSTCOND */ 0) 177 178 #define BAFHHostMem(h,p,z) do { \ 179 register const uint8_t *BAFHUpdate_p; \ 180 register size_t BAFHUpdate_z = (z); \ 181 size_t BAFHHost_z; \ 182 union { \ 183 uint8_t as_u8[4]; \ 184 uint32_t as_u32; \ 185 } BAFHHost_v; \ 186 \ 187 BAFHUpdate_p = (const void *)(p); \ 188 BAFHHost_v.as_u32 = 0; \ 189 BAFHHost_z = BAFHUpdate_z < 4 ? BAFHUpdate_z : 4; \ 190 memcpy(BAFHHost_v.as_u8, BAFHUpdate_p, BAFHHost_z); \ 191 BAFHUpdate_p += BAFHHost_z; \ 192 BAFHUpdate_z -= BAFHHost_z; \ 193 (h) = BAFHHost_v.as_u32; \ 194 BAFHFinish_reg(h); \ 195 while (BAFHUpdate_z--) \ 196 BAFHUpdateOctet_reg((h), *BAFHUpdate_p++); \ 197 BAFHFinish_reg(h); \ 198 } while (/* CONSTCOND */ 0) 199 200 #define BAFHHostStr(h,s) do { \ 201 register const uint8_t *BAFHUpdate_s; \ 202 register uint8_t BAFHUpdate_c; \ 203 union { \ 204 uint8_t as_u8[4]; \ 205 uint32_t as_u32; \ 206 } BAFHHost_v; \ 207 \ 208 BAFHUpdate_s = (const void *)(s); \ 209 if ((BAFHHost_v.as_u8[0] = *BAFHUpdate_s) != 0) \ 210 ++BAFHUpdate_s; \ 211 if ((BAFHHost_v.as_u8[1] = *BAFHUpdate_s) != 0) \ 212 ++BAFHUpdate_s; \ 213 if ((BAFHHost_v.as_u8[2] = *BAFHUpdate_s) != 0) \ 214 ++BAFHUpdate_s; \ 215 if ((BAFHHost_v.as_u8[3] = *BAFHUpdate_s) != 0) \ 216 ++BAFHUpdate_s; \ 217 (h) = BAFHHost_v.as_u32; \ 218 BAFHFinish_reg(h); \ 219 while ((BAFHUpdate_c = *BAFHUpdate_s++) != 0) \ 220 BAFHUpdateOctet_reg((h), BAFHUpdate_c); \ 221 BAFHFinish_reg(h); \ 222 } while (/* CONSTCOND */ 0) 223 224 #endif 225