On Wed, Aug 28, 2019 at 12:11:00AM +0100, Ben Hutchings wrote: > From: Jason A. Donenfeld <Jason@xxxxxxxxx> > > commit 1ae2324f732c9c4e2fa4ebd885fa1001b70d52e1 upstream. > > HalfSipHash, or hsiphash, is a shortened version of SipHash, which > generates 32-bit outputs using a weaker 64-bit key. It has *much* lower > security margins, and shouldn't be used for anything too sensitive, but > it could be used as a hashtable key function replacement, if the output > is never exposed, and if the security requirement is not too high. > > The goal is to make this something that performance-critical jhash users > would be willing to use. > > On 64-bit machines, HalfSipHash1-3 is slower than SipHash1-3, so we alias > SipHash1-3 to HalfSipHash1-3 on those systems. > > 64-bit x86_64: > [ 0.509409] test_siphash: SipHash2-4 cycles: 4049181 > [ 0.510650] test_siphash: SipHash1-3 cycles: 2512884 > [ 0.512205] test_siphash: HalfSipHash1-3 cycles: 3429920 > [ 0.512904] test_siphash: JenkinsHash cycles: 978267 > So, we map hsiphash() -> SipHash1-3 > > 32-bit x86: > [ 0.509868] test_siphash: SipHash2-4 cycles: 14812892 > [ 0.513601] test_siphash: SipHash1-3 cycles: 9510710 > [ 0.515263] test_siphash: HalfSipHash1-3 cycles: 3856157 > [ 0.515952] test_siphash: JenkinsHash cycles: 1148567 > So, we map hsiphash() -> HalfSipHash1-3 > > hsiphash() is roughly 3 times slower than jhash(), but comes with a > considerable security improvement. > > Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> > Reviewed-by: Jean-Philippe Aumasson <jeanphilippe.aumasson@xxxxxxxxx> > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> > [bwh: Backported to 4.4 to avoid regression for WireGuard with only half > the siphash API present] > Signed-off-by: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx> > --- > Documentation/siphash.txt | 75 +++++++++ > include/linux/siphash.h | 57 ++++++- > lib/siphash.c | 321 +++++++++++++++++++++++++++++++++++++- > lib/test_siphash.c | 98 +++++++++++- > 4 files changed, 546 insertions(+), 5 deletions(-) Thank you for this patch, and this series, it was on my long-term todo list that I had not gotten to yet (and probably never would have...) greg k-h
