1 // Copyright 2012-2015 The Rust Project Developers. See the COPYRIGHT
2 // file at the top-level directory of this distribution and at
3 // http://rust-lang.org/COPYRIGHT.
5 // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
6 // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
7 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
8 // option. This file may not be copied, modified, or distributed
9 // except according to those terms.
11 //! An implementation of SipHash.
15 use core
::marker
::PhantomData
;
19 /// An implementation of SipHash 1-3.
21 /// See: <https://131002.net/siphash/>
22 #[derive(Debug, Clone, Copy, Default)]
23 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
24 pub struct SipHasher13
{
25 hasher
: Hasher
<Sip13Rounds
>,
28 /// An implementation of SipHash 2-4.
30 /// See: <https://131002.net/siphash/>
31 #[derive(Debug, Clone, Copy, Default)]
32 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
33 pub struct SipHasher24
{
34 hasher
: Hasher
<Sip24Rounds
>,
37 /// An implementation of SipHash 2-4.
39 /// See: <https://131002.net/siphash/>
41 /// SipHash is a general-purpose hashing function: it runs at a good
42 /// speed (competitive with Spooky and City) and permits strong _keyed_
43 /// hashing. This lets you key your hashtables from a strong RNG, such as
44 /// [`rand::os::OsRng`](https://doc.rust-lang.org/rand/rand/os/struct.OsRng.html).
46 /// Although the SipHash algorithm is considered to be generally strong,
47 /// it is not intended for cryptographic purposes. As such, all
48 /// cryptographic uses of this implementation are _strongly discouraged_.
49 #[derive(Debug, Clone, Copy, Default)]
50 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
51 pub struct SipHasher(SipHasher24
);
53 #[derive(Debug, Clone, Copy)]
54 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
55 struct Hasher
<S
: Sip
> {
58 length
: usize, // how many bytes we've processed
59 state
: State
, // hash State
60 tail
: u64, // unprocessed bytes le
61 ntail
: usize, // how many bytes in tail are valid
62 _marker
: PhantomData
<S
>,
65 #[derive(Debug, Clone, Copy)]
66 #[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
68 // v0, v2 and v1, v3 show up in pairs in the algorithm,
69 // and simd implementations of SipHash will use vectors
70 // of v02 and v13. By placing them in this order in the struct,
71 // the compiler can pick up on just a few simd optimizations by itself.
78 macro_rules
! compress
{
80 compress
!($state
.v0
, $state
.v1
, $state
.v2
, $state
.v3
)
82 ($v0
:expr
, $v1
:expr
, $v2
:expr
, $v3
:expr
) => {{
83 $v0
= $v0
.wrapping_add($v1
);
84 $v1
= $v1
.rotate_left(13);
86 $v0
= $v0
.rotate_left(32);
87 $v2
= $v2
.wrapping_add($v3
);
88 $v3
= $v3
.rotate_left(16);
90 $v0
= $v0
.wrapping_add($v3
);
91 $v3
= $v3
.rotate_left(21);
93 $v2
= $v2
.wrapping_add($v1
);
94 $v1
= $v1
.rotate_left(17);
96 $v2
= $v2
.rotate_left(32);
100 /// Loads an integer of the desired type from a byte stream, in LE order. Uses
101 /// `copy_nonoverlapping` to let the compiler generate the most efficient way
102 /// to load it from a possibly unaligned address.
104 /// Unsafe because: unchecked indexing at `i..i+size_of(int_ty)`
105 macro_rules
! load_int_le
{
106 ($buf
:expr
, $i
:expr
, $int_ty
:ident
) => {{
107 debug_assert
!($i
+ mem
::size_of
::<$int_ty
>() <= $buf
.len());
108 let mut data
= 0 as $int_ty
;
109 ptr
::copy_nonoverlapping(
110 $buf
.get_unchecked($i
),
111 &mut data
as *mut _
as *mut u8,
112 mem
::size_of
::<$int_ty
>(),
118 /// Loads a u64 using up to 7 bytes of a byte slice. It looks clumsy but the
119 /// `copy_nonoverlapping` calls that occur (via `load_int_le!`) all have fixed
120 /// sizes and avoid calling `memcpy`, which is good for speed.
122 /// Unsafe because: unchecked indexing at start..start+len
124 unsafe fn u8to64_le(buf
: &[u8], start
: usize, len
: usize) -> u64 {
125 debug_assert
!(len
< 8);
126 let mut i
= 0; // current byte index (from LSB) in the output u64
129 out
= load_int_le
!(buf
, start
+ i
, u32) as u64;
133 out
|= (load_int_le
!(buf
, start
+ i
, u16) as u64) << (i
* 8);
137 out
|= (*buf
.get_unchecked(start
+ i
) as u64) << (i
* 8);
140 debug_assert_eq
!(i
, len
);
145 /// Creates a new `SipHasher` with the two initial keys set to 0.
147 pub fn new() -> SipHasher
{
148 SipHasher
::new_with_keys(0, 0)
151 /// Creates a `SipHasher` that is keyed off the provided keys.
153 pub fn new_with_keys(key0
: u64, key1
: u64) -> SipHasher
{
154 SipHasher(SipHasher24
::new_with_keys(key0
, key1
))
157 /// Get the keys used by this hasher
158 pub fn keys(&self) -> (u64, u64) {
159 (self.0.hasher
.k0
, self.0.hasher
.k1
)
164 /// Creates a new `SipHasher13` with the two initial keys set to 0.
166 pub fn new() -> SipHasher13
{
167 SipHasher13
::new_with_keys(0, 0)
170 /// Creates a `SipHasher13` that is keyed off the provided keys.
172 pub fn new_with_keys(key0
: u64, key1
: u64) -> SipHasher13
{
174 hasher
: Hasher
::new_with_keys(key0
, key1
),
178 /// Get the keys used by this hasher
179 pub fn keys(&self) -> (u64, u64) {
180 (self.hasher
.k0
, self.hasher
.k1
)
185 /// Creates a new `SipHasher24` with the two initial keys set to 0.
187 pub fn new() -> SipHasher24
{
188 SipHasher24
::new_with_keys(0, 0)
191 /// Creates a `SipHasher24` that is keyed off the provided keys.
193 pub fn new_with_keys(key0
: u64, key1
: u64) -> SipHasher24
{
195 hasher
: Hasher
::new_with_keys(key0
, key1
),
199 /// Get the keys used by this hasher
200 pub fn keys(&self) -> (u64, u64) {
201 (self.hasher
.k0
, self.hasher
.k1
)
205 impl<S
: Sip
> Hasher
<S
> {
207 fn new_with_keys(key0
: u64, key1
: u64) -> Hasher
<S
> {
208 let mut state
= Hasher
{
220 _marker
: PhantomData
,
227 fn reset(&mut self) {
229 self.state
.v0
= self.k0 ^
0x736f6d6570736575;
230 self.state
.v1
= self.k1 ^
0x646f72616e646f6d;
231 self.state
.v2
= self.k0 ^
0x6c7967656e657261;
232 self.state
.v3
= self.k1 ^
0x7465646279746573;
236 // A specialized write function for values with size <= 8.
238 // The hashing of multi-byte integers depends on endianness. E.g.:
239 // - little-endian: `write_u32(0xDDCCBBAA)` == `write([0xAA, 0xBB, 0xCC, 0xDD])`
240 // - big-endian: `write_u32(0xDDCCBBAA)` == `write([0xDD, 0xCC, 0xBB, 0xAA])`
242 // This function does the right thing for little-endian hardware. On
243 // big-endian hardware `x` must be byte-swapped first to give the right
244 // behaviour. After any byte-swapping, the input must be zero-extended to
245 // 64-bits. The caller is responsible for the byte-swapping and
248 fn short_write
<T
>(&mut self, _x
: T
, x
: u64) {
249 let size
= mem
::size_of
::<T
>();
252 // The original number must be zero-extended, not sign-extended.
253 debug_assert
!(if size
< 8 { x >> (8 * size) == 0 }
else { true }
);
255 // The number of bytes needed to fill `self.tail`.
256 let needed
= 8 - self.ntail
;
258 self.tail
|= x
<< (8 * self.ntail
);
264 // `self.tail` is full, process it.
265 self.state
.v3 ^
= self.tail
;
266 S
::c_rounds(&mut self.state
);
267 self.state
.v0 ^
= self.tail
;
269 self.ntail
= size
- needed
;
270 self.tail
= if needed
< 8 { x >> (8 * needed) }
else { 0 }
;
274 impl hash
::Hasher
for SipHasher
{
276 fn write(&mut self, msg
: &[u8]) {
281 fn finish(&self) -> u64 {
286 impl hash
::Hasher
for SipHasher13
{
288 fn write(&mut self, msg
: &[u8]) {
289 self.hasher
.write(msg
)
293 fn finish(&self) -> u64 {
298 impl hash
::Hasher
for SipHasher24
{
300 fn write(&mut self, msg
: &[u8]) {
301 self.hasher
.write(msg
)
305 fn finish(&self) -> u64 {
310 impl<S
: Sip
> hash
::Hasher
for Hasher
<S
> {
312 fn write_usize(&mut self, i
: usize) {
313 self.short_write(i
, i
.to_le() as u64);
317 fn write_u8(&mut self, i
: u8) {
318 self.short_write(i
, i
as u64);
322 fn write_u32(&mut self, i
: u32) {
323 self.short_write(i
, i
.to_le() as u64);
327 fn write_u64(&mut self, i
: u64) {
328 self.short_write(i
, i
.to_le() as u64);
332 fn write(&mut self, msg
: &[u8]) {
333 let length
= msg
.len();
334 self.length
+= length
;
339 needed
= 8 - self.ntail
;
340 self.tail
|= unsafe { u8to64_le(msg, 0, cmp::min(length, needed)) }
<< (8 * self.ntail
);
342 self.ntail
+= length
;
345 self.state
.v3 ^
= self.tail
;
346 S
::c_rounds(&mut self.state
);
347 self.state
.v0 ^
= self.tail
;
352 // Buffered tail is now flushed, process new input.
353 let len
= length
- needed
;
354 let left
= len
& 0x7;
357 while i
< len
- left
{
358 let mi
= unsafe { load_int_le!(msg, i, u64) }
;
361 S
::c_rounds(&mut self.state
);
367 self.tail
= unsafe { u8to64_le(msg, i, left) }
;
372 fn finish(&self) -> u64 {
373 let mut state
= self.state
;
375 let b
: u64 = ((self.length
as u64 & 0xff) << 56) | self.tail
;
378 S
::c_rounds(&mut state
);
382 S
::d_rounds(&mut state
);
384 state
.v0 ^ state
.v1 ^ state
.v2 ^ state
.v3
388 impl<S
: Sip
> Default
for Hasher
<S
> {
389 /// Creates a `Hasher<S>` with the two initial keys set to 0.
391 fn default() -> Hasher
<S
> {
392 Hasher
::new_with_keys(0, 0)
398 fn c_rounds(_
: &mut State
);
399 fn d_rounds(_
: &mut State
);
402 #[derive(Debug, Clone, Copy, Default)]
405 impl Sip
for Sip13Rounds
{
407 fn c_rounds(state
: &mut State
) {
412 fn d_rounds(state
: &mut State
) {
419 #[derive(Debug, Clone, Copy, Default)]
422 impl Sip
for Sip24Rounds
{
424 fn c_rounds(state
: &mut State
) {
430 fn d_rounds(state
: &mut State
) {