/root/bitcoin/src/crypto/siphash.cpp

Source
// Copyright (c) 2016-present The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <crypto/siphash.h>

#include <uint256.h>

#include <bit>
#include <cassert>
#include <span>

#define SIPROUND do { \
    v0 += v1; v1 = std::rotl(v1, 13); v1 ^= v0; \
    v0 = std::rotl(v0, 32); \
    v2 += v3; v3 = std::rotl(v3, 16); v3 ^= v2; \
    v0 += v3; v3 = std::rotl(v3, 21); v3 ^= v0; \
    v2 += v1; v1 = std::rotl(v1, 17); v1 ^= v2; \
    v2 = std::rotl(v2, 32); \
} while (0)

CSipHasher::CSipHasher(uint64_t k0, uint64_t k1) : m_state{k0, k1} {}

CSipHasher& CSipHasher::Write(uint64_t data)
{
    uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];

    assert(m_count % 8 == 0);

    v3 ^= data;
    SIPROUND;
    SIPROUND;
    v0 ^= data;

    m_state.v[0] = v0;
    m_state.v[1] = v1;
    m_state.v[2] = v2;
    m_state.v[3] = v3;

    m_count += 8;
    return *this;
}

CSipHasher& CSipHasher::Write(std::span<const unsigned char> data)
{
    uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
    uint64_t t = m_tmp;
    uint8_t c = m_count;

    while (data.size() > 0) {
        t |= uint64_t{data.front()} << (8 * (c % 8));
        c++;
        if ((c & 7) == 0) {
            v3 ^= t;
            SIPROUND;
            SIPROUND;
            v0 ^= t;
            t = 0;
        }
        data = data.subspan(1);
    }

    m_state.v[0] = v0;
    m_state.v[1] = v1;
    m_state.v[2] = v2;
    m_state.v[3] = v3;
    m_count = c;
    m_tmp = t;

    return *this;
}

uint64_t CSipHasher::Finalize() const
{
    uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];

    uint64_t t = m_tmp | (((uint64_t)m_count) << 56);

    v3 ^= t;
    SIPROUND;
    SIPROUND;
    v0 ^= t;
    v2 ^= 0xFF;
    SIPROUND;
    SIPROUND;
    SIPROUND;
    SIPROUND;
    return v0 ^ v1 ^ v2 ^ v3;
}

uint64_t PresaltedSipHasher::operator()(const uint256& val) const noexcept
{
    uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
    uint64_t d = val.GetUint64(0);
    v3 ^= d;

    SIPROUND;
    SIPROUND;
    v0 ^= d;
    d = val.GetUint64(1);
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    d = val.GetUint64(2);
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    d = val.GetUint64(3);
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    v3 ^= (uint64_t{4}) << 59;
    SIPROUND;
    SIPROUND;
    v0 ^= (uint64_t{4}) << 59;
    v2 ^= 0xFF;
    SIPROUND;
    SIPROUND;
    SIPROUND;
    SIPROUND;
    return v0 ^ v1 ^ v2 ^ v3;
}

/** Specialized implementation for efficiency */
uint64_t PresaltedSipHasher::operator()(const uint256& val, uint32_t extra) const noexcept
{
    uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
    uint64_t d = val.GetUint64(0);
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    d = val.GetUint64(1);
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    d = val.GetUint64(2);
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    d = val.GetUint64(3);
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    d = ((uint64_t{36}) << 56) | extra;
    v3 ^= d;
    SIPROUND;
    SIPROUND;
    v0 ^= d;
    v2 ^= 0xFF;
    SIPROUND;
    SIPROUND;
    SIPROUND;
    SIPROUND;
    return v0 ^ v1 ^ v2 ^ v3;
}

Line	Count	Source
1		// Copyright (c) 2016-present The Bitcoin Core developers
2		// Distributed under the MIT software license, see the accompanying
3		// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5		#include <crypto/siphash.h>
6
7		#include <uint256.h>
8
9		#include <bit>
10		#include <cassert>
11		#include <span>
12
13	0	#define SIPROUND do { \
14	0	v0 += v1; v1 = std::rotl(v1, 13); v1 ^= v0; \
15	0	v0 = std::rotl(v0, 32); \
16	0	v2 += v3; v3 = std::rotl(v3, 16); v3 ^= v2; \
17	0	v0 += v3; v3 = std::rotl(v3, 21); v3 ^= v0; \
18	0	v2 += v1; v1 = std::rotl(v1, 17); v1 ^= v2; \
19	0	v2 = std::rotl(v2, 32); \
20	0	} while (0)
21
22	0	CSipHasher::CSipHasher(uint64_t k0, uint64_t k1) : m_state{k0, k1} {}
23
24		CSipHasher& CSipHasher::Write(uint64_t data)
25	0	{
26	0	uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
27
28	0	assert(m_count % 8 == 0);
29
30	0	v3 ^= data;
31	0	SIPROUND;
32	0	SIPROUND;
33	0	v0 ^= data;
34
35	0	m_state.v[0] = v0;
36	0	m_state.v[1] = v1;
37	0	m_state.v[2] = v2;
38	0	m_state.v[3] = v3;
39
40	0	m_count += 8;
41	0	return *this;
42	0	}
43
44		CSipHasher& CSipHasher::Write(std::span<const unsigned char> data)
45	0	{
46	0	uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
47	0	uint64_t t = m_tmp;
48	0	uint8_t c = m_count;
49
50	0	while (data.size() > 0) {
51	0	t \|= uint64_t{data.front()} << (8 * (c % 8));
52	0	c++;
53	0	if ((c & 7) == 0) {
54	0	v3 ^= t;
55	0	SIPROUND;
56	0	SIPROUND;
57	0	v0 ^= t;
58	0	t = 0;
59	0	}
60	0	data = data.subspan(1);
61	0	}
62
63	0	m_state.v[0] = v0;
64	0	m_state.v[1] = v1;
65	0	m_state.v[2] = v2;
66	0	m_state.v[3] = v3;
67	0	m_count = c;
68	0	m_tmp = t;
69
70	0	return *this;
71	0	}
72
73		uint64_t CSipHasher::Finalize() const
74	0	{
75	0	uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
76
77	0	uint64_t t = m_tmp \| (((uint64_t)m_count) << 56);
78
79	0	v3 ^= t;
80	0	SIPROUND;
81	0	SIPROUND;
82	0	v0 ^= t;
83	0	v2 ^= 0xFF;
84	0	SIPROUND;
85	0	SIPROUND;
86	0	SIPROUND;
87	0	SIPROUND;
88	0	return v0 ^ v1 ^ v2 ^ v3;
89	0	}
90
91		uint64_t PresaltedSipHasher::operator()(const uint256& val) const noexcept
92	0	{
93	0	uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
94	0	uint64_t d = val.GetUint64(0);
95	0	v3 ^= d;
96
97	0	SIPROUND;
98	0	SIPROUND;
99	0	v0 ^= d;
100	0	d = val.GetUint64(1);
101	0	v3 ^= d;
102	0	SIPROUND;
103	0	SIPROUND;
104	0	v0 ^= d;
105	0	d = val.GetUint64(2);
106	0	v3 ^= d;
107	0	SIPROUND;
108	0	SIPROUND;
109	0	v0 ^= d;
110	0	d = val.GetUint64(3);
111	0	v3 ^= d;
112	0	SIPROUND;
113	0	SIPROUND;
114	0	v0 ^= d;
115	0	v3 ^= (uint64_t{4}) << 59;
116	0	SIPROUND;
117	0	SIPROUND;
118	0	v0 ^= (uint64_t{4}) << 59;
119	0	v2 ^= 0xFF;
120	0	SIPROUND;
121	0	SIPROUND;
122	0	SIPROUND;
123	0	SIPROUND;
124	0	return v0 ^ v1 ^ v2 ^ v3;
125	0	}
126
127		/** Specialized implementation for efficiency */
128		uint64_t PresaltedSipHasher::operator()(const uint256& val, uint32_t extra) const noexcept
129	0	{
130	0	uint64_t v0 = m_state.v[0], v1 = m_state.v[1], v2 = m_state.v[2], v3 = m_state.v[3];
131	0	uint64_t d = val.GetUint64(0);
132	0	v3 ^= d;
133	0	SIPROUND;
134	0	SIPROUND;
135	0	v0 ^= d;
136	0	d = val.GetUint64(1);
137	0	v3 ^= d;
138	0	SIPROUND;
139	0	SIPROUND;
140	0	v0 ^= d;
141	0	d = val.GetUint64(2);
142	0	v3 ^= d;
143	0	SIPROUND;
144	0	SIPROUND;
145	0	v0 ^= d;
146	0	d = val.GetUint64(3);
147	0	v3 ^= d;
148	0	SIPROUND;
149	0	SIPROUND;
150	0	v0 ^= d;
151	0	d = ((uint64_t{36}) << 56) \| extra;
152	0	v3 ^= d;
153	0	SIPROUND;
154	0	SIPROUND;
155	0	v0 ^= d;
156	0	v2 ^= 0xFF;
157	0	SIPROUND;
158	0	SIPROUND;
159	0	SIPROUND;
160	0	SIPROUND;
161	0	return v0 ^ v1 ^ v2 ^ v3;
162	0	}

Coverage Report

Created: 2025-12-17 17:25