Verify callback is run in either side.
[gnutls.git] / lib / hash.c
blob8ba36f52972d075aff5c139b5042693169ad8552
1 /*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #include <gnutls_int.h>
24 #include <hash.h>
26 -------------------------------------------------------------------------------
27 lookup3.c, by Bob Jenkins, May 2006, Public Domain.
29 These are functions for producing 32-bit hashes for hash table lookup.
30 hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
31 are externally useful functions. Routines to test the hash are included
32 if SELF_TEST is defined. You can use this free for any purpose. It's in
33 the public domain. It has no warranty.
35 You probably want to use hashlittle(). hashlittle() and hashbig()
36 hash byte arrays. hashlittle() is faster than hashbig() on
37 little-endian machines. Intel and AMD are little-endian machines.
38 On second thought, you probably want hashlittle2(), which is identical to
39 hashlittle() except it returns two 32-bit hashes for the price of one.
40 You could implement hashbig2() if you wanted but I haven't bothered here.
42 If you want to find a hash of, say, exactly 7 integers, do
43 a = i1; b = i2; c = i3;
44 mix(a,b,c);
45 a += i4; b += i5; c += i6;
46 mix(a,b,c);
47 a += i7;
48 final(a,b,c);
49 then use c as the hash value. If you have a variable length array of
50 4-byte integers to hash, use hashword(). If you have a byte array (like
51 a character string), use hashlittle(). If you have several byte arrays, or
52 a mix of things, see the comments above hashlittle().
54 Why is this so big? I read 12 bytes at a time into 3 4-byte integers,
55 then mix those integers. This is fast (you can do a lot more thorough
56 mixing with 12*3 instructions on 3 integers than you can with 3 instructions
57 on 1 byte), but shoehorning those bytes into integers efficiently is messy.
58 -------------------------------------------------------------------------------
60 #define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
63 -------------------------------------------------------------------------------
64 mix -- mix 3 32-bit values reversibly.
66 This is reversible, so any information in (a,b,c) before mix() is
67 still in (a,b,c) after mix().
69 If four pairs of (a,b,c) inputs are run through mix(), or through
70 mix() in reverse, there are at least 32 bits of the output that
71 are sometimes the same for one pair and different for another pair.
72 This was tested for:
73 * pairs that differed by one bit, by two bits, in any combination
74 of top bits of (a,b,c), or in any combination of bottom bits of
75 (a,b,c).
76 * "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
77 the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
78 is commonly produced by subtraction) look like a single 1-bit
79 difference.
80 * the base values were pseudorandom, all zero but one bit set, or
81 all zero plus a counter that starts at zero.
83 Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that
84 satisfy this are
85 4 6 8 16 19 4
86 9 15 3 18 27 15
87 14 9 3 7 17 3
88 Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing
89 for "differ" defined as + with a one-bit base and a two-bit delta. I
90 used http://burtleburtle.net/bob/hash/avalanche.html to choose
91 the operations, constants, and arrangements of the variables.
93 This does not achieve avalanche. There are input bits of (a,b,c)
94 that fail to affect some output bits of (a,b,c), especially of a. The
95 most thoroughly mixed value is c, but it doesn't really even achieve
96 avalanche in c.
98 This allows some parallelism. Read-after-writes are good at doubling
99 the number of bits affected, so the goal of mixing pulls in the opposite
100 direction as the goal of parallelism. I did what I could. Rotates
101 seem to cost as much as shifts on every machine I could lay my hands
102 on, and rotates are much kinder to the top and bottom bits, so I used
103 rotates.
104 -------------------------------------------------------------------------------
106 #define mix(a,b,c) \
108 a -= c; a ^= rot(c, 4); c += b; \
109 b -= a; b ^= rot(a, 6); a += c; \
110 c -= b; c ^= rot(b, 8); b += a; \
111 a -= c; a ^= rot(c,16); c += b; \
112 b -= a; b ^= rot(a,19); a += c; \
113 c -= b; c ^= rot(b, 4); b += a; \
117 -------------------------------------------------------------------------------
118 final -- final mixing of 3 32-bit values (a,b,c) into c
120 Pairs of (a,b,c) values differing in only a few bits will usually
121 produce values of c that look totally different. This was tested for
122 * pairs that differed by one bit, by two bits, in any combination
123 of top bits of (a,b,c), or in any combination of bottom bits of
124 (a,b,c).
125 * "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
126 the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
127 is commonly produced by subtraction) look like a single 1-bit
128 difference.
129 * the base values were pseudorandom, all zero but one bit set, or
130 all zero plus a counter that starts at zero.
132 These constants passed:
133 14 11 25 16 4 14 24
134 12 14 25 16 4 14 24
135 and these came close:
136 4 8 15 26 3 22 24
137 10 8 15 26 3 22 24
138 11 8 15 26 3 22 24
139 -------------------------------------------------------------------------------
141 #define final(a,b,c) \
143 c ^= b; c -= rot(b,14); \
144 a ^= c; a -= rot(c,11); \
145 b ^= a; b -= rot(a,25); \
146 c ^= b; c -= rot(b,16); \
147 a ^= c; a -= rot(c,4); \
148 b ^= a; b -= rot(a,14); \
149 c ^= b; c -= rot(b,24); \
154 -------------------------------------------------------------------------------
155 hashlittle() -- hash a variable-length key into a 32-bit value
156 k : the key (the unaligned variable-length array of bytes)
157 length : the length of the key, counting by bytes
158 initval : can be any 4-byte value
159 Returns a 32-bit value. Every bit of the key affects every bit of
160 the return value. Two keys differing by one or two bits will have
161 totally different hash values.
163 The best hash table sizes are powers of 2. There is no need to do
164 mod a prime (mod is sooo slow!). If you need less than 32 bits,
165 use a bitmask. For example, if you need only 10 bits, do
166 h = (h & hashmask(10));
167 In which case, the hash table should have hashsize(10) elements.
169 If you are hashing n strings (uint8_t **)k, do it like this:
170 for (i=0, h=0; i<n; ++i) h = hashlittle( k[i], len[i], h);
172 By Bob Jenkins, 2006. bob_jenkins@burtleburtle.net. You may use this
173 code any way you wish, private, educational, or commercial. It's free.
175 Use for hash table lookup, or anything where one collision in 2^^32 is
176 acceptable. Do NOT use for cryptographic purposes.
177 -------------------------------------------------------------------------------
180 uint32_t _gnutls_bhash( const void *key, size_t length, uint32_t initval)
182 uint32_t a,b,c; /* internal state */
183 const uint8_t *k;
185 /* Set up the internal state */
186 a = b = c = 0xdeadbeef + ((uint32_t)length) + initval;
188 k = (const uint8_t *)key;
190 /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
191 while (length > 12)
193 a += k[0];
194 a += ((uint32_t)k[1])<<8;
195 a += ((uint32_t)k[2])<<16;
196 a += ((uint32_t)k[3])<<24;
197 b += k[4];
198 b += ((uint32_t)k[5])<<8;
199 b += ((uint32_t)k[6])<<16;
200 b += ((uint32_t)k[7])<<24;
201 c += k[8];
202 c += ((uint32_t)k[9])<<8;
203 c += ((uint32_t)k[10])<<16;
204 c += ((uint32_t)k[11])<<24;
205 mix(a,b,c);
206 length -= 12;
207 k += 12;
210 /*-------------------------------- last block: affect all 32 bits of (c) */
211 switch(length) /* all the case statements fall through */
213 case 12: c+=((uint32_t)k[11])<<24;
214 case 11: c+=((uint32_t)k[10])<<16;
215 case 10: c+=((uint32_t)k[9])<<8;
216 case 9 : c+=k[8];
217 case 8 : b+=((uint32_t)k[7])<<24;
218 case 7 : b+=((uint32_t)k[6])<<16;
219 case 6 : b+=((uint32_t)k[5])<<8;
220 case 5 : b+=k[4];
221 case 4 : a+=((uint32_t)k[3])<<24;
222 case 3 : a+=((uint32_t)k[2])<<16;
223 case 2 : a+=((uint32_t)k[1])<<8;
224 case 1 : a+=k[0];
225 break;
226 case 0 : return c;
229 final(a,b,c);
230 return c;