modernc.org/ccgo/v3@v3.16.14/lib/testdata/CompCert-3.6/test/c/siphash24.c (about) 1 /* 2 SipHash reference C implementation 3 4 Written in 2012 by 5 Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> 6 Daniel J. Bernstein <djb@cr.yp.to> 7 8 To the extent possible under law, the author(s) have dedicated all copyright 9 and related and neighboring rights to this software to the public domain 10 worldwide. This software is distributed without any warranty. 11 12 You should have received a copy of the CC0 Public Domain Dedication along with 13 this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. 14 */ 15 16 #include <stdio.h> 17 #include <string.h> 18 typedef unsigned long long u64; 19 typedef unsigned long u32; 20 typedef unsigned char u8; 21 22 #define ROTL(x,b) (u64)( ((x) << (b)) | ( (x) >> (64 - (b))) ) 23 24 #define U32TO8_LE(p, v) \ 25 (p)[0] = (u8)((v) ); (p)[1] = (u8)((v) >> 8); \ 26 (p)[2] = (u8)((v) >> 16); (p)[3] = (u8)((v) >> 24); 27 28 #define U64TO8_LE(p, v) \ 29 U32TO8_LE((p), (u32)((v) )); \ 30 U32TO8_LE((p) + 4, (u32)((v) >> 32)); 31 32 #define U8TO64_LE(p) \ 33 (((u64)((p)[0]) ) | \ 34 ((u64)((p)[1]) << 8) | \ 35 ((u64)((p)[2]) << 16) | \ 36 ((u64)((p)[3]) << 24) | \ 37 ((u64)((p)[4]) << 32) | \ 38 ((u64)((p)[5]) << 40) | \ 39 ((u64)((p)[6]) << 48) | \ 40 ((u64)((p)[7]) << 56)) 41 42 #define SIPROUND \ 43 do { \ 44 v0 += v1; v1=ROTL(v1,13); v1 ^= v0; v0=ROTL(v0,32); \ 45 v2 += v3; v3=ROTL(v3,16); v3 ^= v2; \ 46 v0 += v3; v3=ROTL(v3,21); v3 ^= v0; \ 47 v2 += v1; v1=ROTL(v1,17); v1 ^= v2; v2=ROTL(v2,32); \ 48 } while(0) 49 50 /* SipHash-2-4 */ 51 int crypto_auth( unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *k ) 52 { 53 /* "somepseudorandomlygeneratedbytes" */ 54 u64 v0 = 0x736f6d6570736575ULL; 55 u64 v1 = 0x646f72616e646f6dULL; 56 u64 v2 = 0x6c7967656e657261ULL; 57 u64 v3 = 0x7465646279746573ULL; 58 u64 b; 59 u64 k0 = U8TO64_LE( k ); 60 u64 k1 = U8TO64_LE( k + 8 ); 61 u64 m; 62 const u8 *end = in + inlen - ( inlen % sizeof( u64 ) ); 63 const int left = inlen & 7; 64 b = ( ( u64 )inlen ) << 56; 65 v3 ^= k1; 66 v2 ^= k0; 67 v1 ^= k1; 68 v0 ^= k0; 69 70 for ( ; in != end; in += 8 ) 71 { 72 m = U8TO64_LE( in ); 73 #ifdef DEBUG 74 printf( "(%3d) v0 %08x %08x\n", ( int )inlen, ( u32 )( v0 >> 32 ), ( u32 )v0 ); 75 printf( "(%3d) v1 %08x %08x\n", ( int )inlen, ( u32 )( v1 >> 32 ), ( u32 )v1 ); 76 printf( "(%3d) v2 %08x %08x\n", ( int )inlen, ( u32 )( v2 >> 32 ), ( u32 )v2 ); 77 printf( "(%3d) v3 %08x %08x\n", ( int )inlen, ( u32 )( v3 >> 32 ), ( u32 )v3 ); 78 printf( "(%3d) compress %08x %08x\n", ( int )inlen, ( u32 )( m >> 32 ), ( u32 )m ); 79 #endif 80 v3 ^= m; 81 SIPROUND; 82 SIPROUND; 83 v0 ^= m; 84 } 85 86 switch( left ) 87 { 88 case 7: b |= ( ( u64 )in[ 6] ) << 48; 89 90 case 6: b |= ( ( u64 )in[ 5] ) << 40; 91 92 case 5: b |= ( ( u64 )in[ 4] ) << 32; 93 94 case 4: b |= ( ( u64 )in[ 3] ) << 24; 95 96 case 3: b |= ( ( u64 )in[ 2] ) << 16; 97 98 case 2: b |= ( ( u64 )in[ 1] ) << 8; 99 100 case 1: b |= ( ( u64 )in[ 0] ); break; 101 102 case 0: break; 103 } 104 105 #ifdef DEBUG 106 printf( "(%3d) v0 %08x %08x\n", ( int )inlen, ( u32 )( v0 >> 32 ), ( u32 )v0 ); 107 printf( "(%3d) v1 %08x %08x\n", ( int )inlen, ( u32 )( v1 >> 32 ), ( u32 )v1 ); 108 printf( "(%3d) v2 %08x %08x\n", ( int )inlen, ( u32 )( v2 >> 32 ), ( u32 )v2 ); 109 printf( "(%3d) v3 %08x %08x\n", ( int )inlen, ( u32 )( v3 >> 32 ), ( u32 )v3 ); 110 printf( "(%3d) padding %08x %08x\n", ( int )inlen, ( u32 )( b >> 32 ), ( u32 )b ); 111 #endif 112 v3 ^= b; 113 SIPROUND; 114 SIPROUND; 115 v0 ^= b; 116 #ifdef DEBUG 117 printf( "(%3d) v0 %08x %08x\n", ( int )inlen, ( u32 )( v0 >> 32 ), ( u32 )v0 ); 118 printf( "(%3d) v1 %08x %08x\n", ( int )inlen, ( u32 )( v1 >> 32 ), ( u32 )v1 ); 119 printf( "(%3d) v2 %08x %08x\n", ( int )inlen, ( u32 )( v2 >> 32 ), ( u32 )v2 ); 120 printf( "(%3d) v3 %08x %08x\n", ( int )inlen, ( u32 )( v3 >> 32 ), ( u32 )v3 ); 121 #endif 122 v2 ^= 0xff; 123 SIPROUND; 124 SIPROUND; 125 SIPROUND; 126 SIPROUND; 127 b = v0 ^ v1 ^ v2 ^ v3; 128 U64TO8_LE( out, b ); 129 return 0; 130 } 131 132 /* 133 SipHash-2-4 output with 134 k = 00 01 02 ... 135 and 136 in = (empty string) 137 in = 00 (1 byte) 138 in = 00 01 (2 bytes) 139 in = 00 01 02 (3 bytes) 140 ... 141 in = 00 01 02 ... 3e (63 bytes) 142 */ 143 u8 vectors[64][8] = 144 { 145 { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, }, 146 { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, }, 147 { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, }, 148 { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, }, 149 { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, }, 150 { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, }, 151 { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, }, 152 { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, }, 153 { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, }, 154 { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, }, 155 { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, }, 156 { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, }, 157 { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, }, 158 { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, }, 159 { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, }, 160 { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, }, 161 { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, }, 162 { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, }, 163 { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, }, 164 { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, }, 165 { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, }, 166 { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, }, 167 { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, }, 168 { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, }, 169 { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, }, 170 { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, }, 171 { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, }, 172 { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, }, 173 { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, }, 174 { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, }, 175 { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, }, 176 { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, }, 177 { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, }, 178 { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, }, 179 { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, }, 180 { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, }, 181 { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, }, 182 { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, }, 183 { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, }, 184 { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, }, 185 { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, }, 186 { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, }, 187 { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, }, 188 { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, }, 189 { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, }, 190 { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, }, 191 { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, }, 192 { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, }, 193 { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, }, 194 { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, }, 195 { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, }, 196 { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, }, 197 { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, }, 198 { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, }, 199 { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, }, 200 { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, }, 201 { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, }, 202 { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, }, 203 { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, }, 204 { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, }, 205 { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, }, 206 { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, }, 207 { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, }, 208 { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, } 209 }; 210 211 212 int test_vectors() 213 { 214 #define MAXLEN 64 215 u8 in[MAXLEN], out[8], k[16]; 216 int i; 217 int ok = 1; 218 219 for( i = 0; i < 16; ++i ) k[i] = i; 220 221 for( i = 0; i < MAXLEN; ++i ) 222 { 223 in[i] = i; 224 crypto_auth( out, in, i, k ); 225 226 if ( memcmp( out, vectors[i], 8 ) ) 227 { 228 printf( "test vector failed for %d bytes\n", i ); 229 ok = 0; 230 } 231 } 232 233 return ok; 234 } 235 236 u8 testdata[100] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 12, 34, 56, 78, 90 }; 237 238 int speed_test(void) 239 { 240 u8 out[8], k[16]; 241 int i; 242 243 for(i = 0; i < 16; ++i ) k[i] = i; 244 for(i = 0; i < 1000000; i++) { 245 testdata[99] = (u8) i; 246 crypto_auth(out, testdata, 100, k); 247 } 248 return out[0]; 249 } 250 251 int main() 252 { 253 if ( test_vectors() ) printf( "test vectors ok\n" ); 254 (void) speed_test(); 255 return 0; 256 }