API tools faq
paste
Guest User

Untitled

a guest
Sep 20th, 2018
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 7.37 KB | None | 0 0
raw download clone embed print report
  1. #include <stdlib.h>
  2. /*
  3. #include "crypto_auth.h"
  4. #include "crypto_uint64.h"
  5. #include "crypto_uint32.h"
  6. #include "crypto_uint8.h"
  7.  
  8. typedef crypto_uint64 u64;
  9. typedef crypto_uint32 u32;
  10. typedef crypto_uint8 u8;
  11. */
  12.  
  13. #include <stdio.h>
  14. #include <stdint.h>
  15.  
  16. #define SIPHASH_ROUNDS 2
  17. #define SIPHASH_FINALROUNDS 4
  18.  
  19. typedef  uint8_t  u8;
  20. typedef uint32_t u32;
  21. typedef uint64_t u64;
  22.  
  23. #define rotl64(x, c) ( ((x) << (c)) ^ ((x) >> (64-(c))) )
  24.  
  25. static u64 siphash(const u8 key[16], const unsigned char *m, const u64 n)
  26. {
  27.     u64 v0, v1, v2, v3;
  28.     u64 k0, k1;
  29.     u64 mi, mask, len;
  30.     size_t i, k;
  31.  
  32.     k0 = *((u64*)(key + 0));
  33.     k1 = *((u64*)(key + 8));
  34.  
  35.     v0 = k0 ^ 0x736f6d6570736575ULL;
  36.     v1 = k1 ^ 0x646f72616e646f6dULL;
  37.     v2 = k0 ^ 0x6c7967656e657261ULL;
  38.     v3 = k1 ^ 0x7465646279746573ULL;
  39.  
  40. #define HALF_ROUND(a,b,c,d,s,t) \
  41.     do \
  42.     { \
  43.         a += b;  c += d; \
  44.         b = rotl64(b, s); d = rotl64(d, t); \
  45.         b ^= a;  d ^= c; \
  46.     } while(0)
  47.  
  48. #define COMPRESS(v0,v1,v2,v3) \
  49.     do \
  50.     { \
  51.         HALF_ROUND(v0,v1,v2,v3,13,16); \
  52.         v0 = rotl64(v0,32); \
  53.         HALF_ROUND(v2,v1,v0,v3,17,21); \
  54.         v2 = rotl64(v2, 32); \
  55.     } while(0)
  56.  
  57.     for(i = 0; i < (n-n%8); i += 8)
  58.     {
  59.         mi = *((u64*)(m + i));
  60.         v3 ^= mi;
  61.         for(k = 0; k < SIPHASH_ROUNDS; ++k) COMPRESS(v0,v1,v2,v3);
  62.         v0 ^= mi;
  63.     }
  64.  
  65.  
  66.     //mi = *((u64*)(m + i));
  67.     //len = (n&0xff) << 56;
  68.     //mask = n%8 == 0 ? 0 : 0xffffffffffffffffULL >> (8*(8-n%8));
  69.     //mi = (mi&mask) ^ len;
  70.         u8 *p = m + i;
  71.         mi = (n&0xff) << 56;
  72.     switch(n%8)
  73.         {
  74.         case 7: mi |= ( ( u64 )p[ 6] )  << 48;
  75.         case 6: mi |= ( ( u64 )p[ 5] )  << 40;
  76.         case 5: mi |= ( ( u64 )p[ 4] )  << 32;
  77.         case 4: mi |= ( ( u64 )p[ 3] )  << 24;
  78.         case 3: mi |= ( ( u64 )p[ 2] )  << 16;
  79.         case 2: mi |= ( ( u64 )p[ 1] )  <<  8;
  80.         case 1: mi |= ( ( u64 )p[ 0] ); break;
  81.         case 0: break;
  82.         }
  83.  
  84.     v3 ^= mi;
  85.     for(k = 0; k < SIPHASH_ROUNDS; ++k) COMPRESS(v0,v1,v2,v3);
  86.     v0 ^= mi;
  87.    
  88.     v2 ^= 0xff;
  89.     for(k = 0; k < SIPHASH_FINALROUNDS; ++k) COMPRESS(v0,v1,v2,v3);
  90.  
  91. #undef COMPRESS
  92. #undef HALF_ROUND
  93.     return (v0 ^ v1) ^ (v2 ^ v3);
  94. }
  95.  
  96. int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
  97. {
  98.   int i;
  99.   union
  100.   {
  101.     u8  bytes[8];
  102.     u64 gpr;
  103.   } hash;
  104.   hash.gpr = siphash(k, in, inlen);
  105.   for(i=0; i < 8; ++i) out[i] = hash.bytes[i];
  106.   return 0;
  107. }
  108.  
  109.  
  110. static int crypto_verify_8(const unsigned char *x,const unsigned char *y)
  111. {
  112.   unsigned int differentbits = 0;
  113. #define F(i) differentbits |= x[i] ^ y[i];
  114.   F(0)
  115.   F(1)
  116.   F(2)
  117.   F(3)
  118.   F(4)
  119.   F(5)
  120.   F(6)
  121.   F(7)
  122.   return (1 & ((differentbits - 1) >> 8)) - 1;
  123. }
  124.  
  125.  
  126. int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
  127. {
  128.   u8 correct[8];
  129.   crypto_auth(correct,in,inlen,k);
  130.   return crypto_verify_8(h,correct);
  131. }
  132.  
  133. /*
  134.    SipHash-2-4 output with
  135.    k = 00 01 02 ...
  136.    and
  137.    in = (empty string)
  138.    in = 00 (1 byte)
  139.    in = 00 01 (2 bytes)
  140.    in = 00 01 02 (3 bytes)
  141.    ...
  142.    in = 00 01 02 ... 3e (63 bytes)
  143. */
  144. u8 vectors[64][8] =
  145. {
  146.   { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
  147.   { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
  148.   { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
  149.   { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
  150.   { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
  151.   { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
  152.   { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
  153.   { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
  154.   { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
  155.   { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
  156.   { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
  157.   { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
  158.   { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
  159.   { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
  160.   { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
  161.   { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
  162.   { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
  163.   { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
  164.   { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
  165.   { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
  166.   { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
  167.   { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
  168.   { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
  169.   { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
  170.   { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
  171.   { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
  172.   { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
  173.   { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
  174.   { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
  175.   { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
  176.   { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
  177.   { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
  178.   { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
  179.   { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
  180.   { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
  181.   { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
  182.   { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
  183.   { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
  184.   { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
  185.   { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
  186.   { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
  187.   { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
  188.   { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
  189.   { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
  190.   { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
  191.   { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
  192.   { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
  193.   { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
  194.   { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
  195.   { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
  196.   { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
  197.   { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
  198.   { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
  199.   { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
  200.   { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
  201.   { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
  202.   { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
  203.   { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
  204.   { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
  205.   { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
  206.   { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
  207.   { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
  208.   { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
  209.   { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }
  210. };
  211.  
  212.  
  213. int test_vectors()
  214. {
  215. #define MAXLEN 64
  216.   u8 in[MAXLEN], out[8], k[16];
  217.   int i;
  218.   int ok = 1;
  219.  
  220.   for( i = 0; i < 16; ++i ) k[i] = i;
  221.  
  222.   for( i = 0; i < MAXLEN; ++i )
  223.   {
  224.     in[i] = i;
  225.     crypto_auth( out, in, i, k );
  226.  
  227.     if ( memcmp( out, vectors[i], 8 ) )
  228.     {
  229.       printf( "test vector failed for %d bytes\n", i );
  230.       ok = 0;
  231.     }
  232.   }
  233.  
  234.   return ok;
  235. }
  236.  
  237. int main()
  238. {
  239.   u64 hash;
  240.   u8 k[16];
  241.   u8 in2[16];
  242.   int i;
  243.   char *in;
  244.  
  245.   for( i = 0; i < 16; ++i ) k[i] = i;
  246.   in = malloc(16);
  247.   for( i = 0; i < 16; ++i ) in[i] = i;
  248.   for( i = 0; i < 16; ++i ) in2[i] = i;
  249.   hash = siphash(k, in, 16);
  250.   free(in);
  251.   printf("%llu\n", hash);
  252.   hash = siphash(k, in2, 16);
  253.   printf("%llu\n", hash);
  254.  
  255.   if ( test_vectors() ) printf( "test vectors ok\n" );
  256.  
  257.   return 0;
  258. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!