2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #include <gnutls_int.h>
26 -------------------------------------------------------------------------------
27 lookup3.c, by Bob Jenkins, May 2006, Public Domain.
29 These are functions for producing 32-bit hashes for hash table lookup.
30 hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
31 are externally useful functions. Routines to test the hash are included
32 if SELF_TEST is defined. You can use this free for any purpose. It's in
33 the public domain. It has no warranty.
35 You probably want to use hashlittle(). hashlittle() and hashbig()
36 hash byte arrays. hashlittle() is faster than hashbig() on
37 little-endian machines. Intel and AMD are little-endian machines.
38 On second thought, you probably want hashlittle2(), which is identical to
39 hashlittle() except it returns two 32-bit hashes for the price of one.
40 You could implement hashbig2() if you wanted but I haven't bothered here.
42 If you want to find a hash of, say, exactly 7 integers, do
43 a = i1; b = i2; c = i3;
45 a += i4; b += i5; c += i6;
49 then use c as the hash value. If you have a variable length array of
50 4-byte integers to hash, use hashword(). If you have a byte array (like
51 a character string), use hashlittle(). If you have several byte arrays, or
52 a mix of things, see the comments above hashlittle().
54 Why is this so big? I read 12 bytes at a time into 3 4-byte integers,
55 then mix those integers. This is fast (you can do a lot more thorough
56 mixing with 12*3 instructions on 3 integers than you can with 3 instructions
57 on 1 byte), but shoehorning those bytes into integers efficiently is messy.
58 -------------------------------------------------------------------------------
60 #define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
63 -------------------------------------------------------------------------------
64 mix -- mix 3 32-bit values reversibly.
66 This is reversible, so any information in (a,b,c) before mix() is
67 still in (a,b,c) after mix().
69 If four pairs of (a,b,c) inputs are run through mix(), or through
70 mix() in reverse, there are at least 32 bits of the output that
71 are sometimes the same for one pair and different for another pair.
73 * pairs that differed by one bit, by two bits, in any combination
74 of top bits of (a,b,c), or in any combination of bottom bits of
76 * "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
77 the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
78 is commonly produced by subtraction) look like a single 1-bit
80 * the base values were pseudorandom, all zero but one bit set, or
81 all zero plus a counter that starts at zero.
83 Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that
88 Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing
89 for "differ" defined as + with a one-bit base and a two-bit delta. I
90 used http://burtleburtle.net/bob/hash/avalanche.html to choose
91 the operations, constants, and arrangements of the variables.
93 This does not achieve avalanche. There are input bits of (a,b,c)
94 that fail to affect some output bits of (a,b,c), especially of a. The
95 most thoroughly mixed value is c, but it doesn't really even achieve
98 This allows some parallelism. Read-after-writes are good at doubling
99 the number of bits affected, so the goal of mixing pulls in the opposite
100 direction as the goal of parallelism. I did what I could. Rotates
101 seem to cost as much as shifts on every machine I could lay my hands
102 on, and rotates are much kinder to the top and bottom bits, so I used
104 -------------------------------------------------------------------------------
108 a -= c; a ^= rot(c, 4); c += b; \
109 b -= a; b ^= rot(a, 6); a += c; \
110 c -= b; c ^= rot(b, 8); b += a; \
111 a -= c; a ^= rot(c,16); c += b; \
112 b -= a; b ^= rot(a,19); a += c; \
113 c -= b; c ^= rot(b, 4); b += a; \
117 -------------------------------------------------------------------------------
118 final -- final mixing of 3 32-bit values (a,b,c) into c
120 Pairs of (a,b,c) values differing in only a few bits will usually
121 produce values of c that look totally different. This was tested for
122 * pairs that differed by one bit, by two bits, in any combination
123 of top bits of (a,b,c), or in any combination of bottom bits of
125 * "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
126 the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
127 is commonly produced by subtraction) look like a single 1-bit
129 * the base values were pseudorandom, all zero but one bit set, or
130 all zero plus a counter that starts at zero.
132 These constants passed:
135 and these came close:
139 -------------------------------------------------------------------------------
141 #define final(a,b,c) \
143 c ^= b; c -= rot(b,14); \
144 a ^= c; a -= rot(c,11); \
145 b ^= a; b -= rot(a,25); \
146 c ^= b; c -= rot(b,16); \
147 a ^= c; a -= rot(c,4); \
148 b ^= a; b -= rot(a,14); \
149 c ^= b; c -= rot(b,24); \
154 -------------------------------------------------------------------------------
155 hashlittle() -- hash a variable-length key into a 32-bit value
156 k : the key (the unaligned variable-length array of bytes)
157 length : the length of the key, counting by bytes
158 initval : can be any 4-byte value
159 Returns a 32-bit value. Every bit of the key affects every bit of
160 the return value. Two keys differing by one or two bits will have
161 totally different hash values.
163 The best hash table sizes are powers of 2. There is no need to do
164 mod a prime (mod is sooo slow!). If you need less than 32 bits,
165 use a bitmask. For example, if you need only 10 bits, do
166 h = (h & hashmask(10));
167 In which case, the hash table should have hashsize(10) elements.
169 If you are hashing n strings (uint8_t **)k, do it like this:
170 for (i=0, h=0; i<n; ++i) h = hashlittle( k[i], len[i], h);
172 By Bob Jenkins, 2006. bob_jenkins@burtleburtle.net. You may use this
173 code any way you wish, private, educational, or commercial. It's free.
175 Use for hash table lookup, or anything where one collision in 2^^32 is
176 acceptable. Do NOT use for cryptographic purposes.
177 -------------------------------------------------------------------------------
180 uint32_t _gnutls_bhash( const void *key
, size_t length
, uint32_t initval
)
182 uint32_t a
,b
,c
; /* internal state */
185 /* Set up the internal state */
186 a
= b
= c
= 0xdeadbeef + ((uint32_t)length
) + initval
;
188 k
= (const uint8_t *)key
;
190 /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
194 a
+= ((uint32_t)k
[1])<<8;
195 a
+= ((uint32_t)k
[2])<<16;
196 a
+= ((uint32_t)k
[3])<<24;
198 b
+= ((uint32_t)k
[5])<<8;
199 b
+= ((uint32_t)k
[6])<<16;
200 b
+= ((uint32_t)k
[7])<<24;
202 c
+= ((uint32_t)k
[9])<<8;
203 c
+= ((uint32_t)k
[10])<<16;
204 c
+= ((uint32_t)k
[11])<<24;
210 /*-------------------------------- last block: affect all 32 bits of (c) */
211 switch(length
) /* all the case statements fall through */
213 case 12: c
+=((uint32_t)k
[11])<<24;
214 case 11: c
+=((uint32_t)k
[10])<<16;
215 case 10: c
+=((uint32_t)k
[9])<<8;
217 case 8 : b
+=((uint32_t)k
[7])<<24;
218 case 7 : b
+=((uint32_t)k
[6])<<16;
219 case 6 : b
+=((uint32_t)k
[5])<<8;
221 case 4 : a
+=((uint32_t)k
[3])<<24;
222 case 3 : a
+=((uint32_t)k
[2])<<16;
223 case 2 : a
+=((uint32_t)k
[1])<<8;