| blob | 50da70c516830c47866356b570971b01216a515e |
1 /*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 #include <int.h>
25 #define INIT_VAL 0x33a1
26 /*
27 -------------------------------------------------------------------------------
28 lookup3.c, by Bob Jenkins, May 2006, Public Domain.
30 These are functions for producing 32-bit hashes for hash table lookup.
31 hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
32 are externally useful functions. Routines to test the hash are included
33 if SELF_TEST is defined. You can use this free for any purpose. It's in
34 the public domain. It has no warranty.
36 You probably want to use hashlittle(). hashlittle() and hashbig()
37 hash byte arrays. hashlittle() is faster than hashbig() on
38 little-endian machines. Intel and AMD are little-endian machines.
39 On second thought, you probably want hashlittle2(), which is identical to
40 hashlittle() except it returns two 32-bit hashes for the price of one.
41 You could implement hashbig2() if you wanted but I haven't bothered here.
43 If you want to find a hash of, say, exactly 7 integers, do
44 a = i1; b = i2; c = i3;
45 mix(a,b,c);
46 a += i4; b += i5; c += i6;
47 mix(a,b,c);
48 a += i7;
49 final(a,b,c);
50 then use c as the hash value. If you have a variable length array of
51 4-byte integers to hash, use hashword(). If you have a byte array (like
52 a character string), use hashlittle(). If you have several byte arrays, or
53 a mix of things, see the comments above hashlittle().
55 Why is this so big? I read 12 bytes at a time into 3 4-byte integers,
56 then mix those integers. This is fast (you can do a lot more thorough
57 mixing with 12*3 instructions on 3 integers than you can with 3 instructions
58 on 1 byte), but shoehorning those bytes into integers efficiently is messy.
59 -------------------------------------------------------------------------------
60 */
61 #define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
63 /*
64 -------------------------------------------------------------------------------
65 mix -- mix 3 32-bit values reversibly.
67 This is reversible, so any information in (a,b,c) before mix() is
68 still in (a,b,c) after mix().
70 If four pairs of (a,b,c) inputs are run through mix(), or through
71 mix() in reverse, there are at least 32 bits of the output that
72 are sometimes the same for one pair and different for another pair.
73 This was tested for:
74 * pairs that differed by one bit, by two bits, in any combination
75 of top bits of (a,b,c), or in any combination of bottom bits of
76 (a,b,c).
77 * "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
78 the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
79 is commonly produced by subtraction) look like a single 1-bit
80 difference.
81 * the base values were pseudorandom, all zero but one bit set, or
82 all zero plus a counter that starts at zero.
84 Some k values for my "a-=c; a^=rot(c,k); c+=b;" arrangement that
85 satisfy this are
86 4 6 8 16 19 4
87 9 15 3 18 27 15
88 14 9 3 7 17 3
89 Well, "9 15 3 18 27 15" didn't quite get 32 bits diffing
90 for "differ" defined as + with a one-bit base and a two-bit delta. I
91 used http://burtleburtle.net/bob/hash/avalanche.html to choose
92 the operations, constants, and arrangements of the variables.
94 This does not achieve avalanche. There are input bits of (a,b,c)
95 that fail to affect some output bits of (a,b,c), especially of a. The
96 most thoroughly mixed value is c, but it doesn't really even achieve
97 avalanche in c.
99 This allows some parallelism. Read-after-writes are good at doubling
100 the number of bits affected, so the goal of mixing pulls in the opposite
101 direction as the goal of parallelism. I did what I could. Rotates
102 seem to cost as much as shifts on every machine I could lay my hands
103 on, and rotates are much kinder to the top and bottom bits, so I used
104 rotates.
105 -------------------------------------------------------------------------------
106 */
107 #define mix(a,b,c) \
108 { \
109 a -= c; a ^= rot(c, 4); c += b; \
110 b -= a; b ^= rot(a, 6); a += c; \
111 c -= b; c ^= rot(b, 8); b += a; \
112 a -= c; a ^= rot(c,16); c += b; \
113 b -= a; b ^= rot(a,19); a += c; \
114 c -= b; c ^= rot(b, 4); b += a; \
115 }
117 /*
118 -------------------------------------------------------------------------------
119 final -- final mixing of 3 32-bit values (a,b,c) into c
121 Pairs of (a,b,c) values differing in only a few bits will usually
122 produce values of c that look totally different. This was tested for
123 * pairs that differed by one bit, by two bits, in any combination
124 of top bits of (a,b,c), or in any combination of bottom bits of
125 (a,b,c).
126 * "differ" is defined as +, -, ^, or ~^. For + and -, I transformed
127 the output delta to a Gray code (a^(a>>1)) so a string of 1's (as
128 is commonly produced by subtraction) look like a single 1-bit
129 difference.
130 * the base values were pseudorandom, all zero but one bit set, or
131 all zero plus a counter that starts at zero.
133 These constants passed:
134 14 11 25 16 4 14 24
135 12 14 25 16 4 14 24
136 and these came close:
137 4 8 15 26 3 22 24
138 10 8 15 26 3 22 24
139 11 8 15 26 3 22 24
140 -------------------------------------------------------------------------------
141 */
142 #define final(a,b,c) \
143 { \
144 c ^= b; c -= rot(b,14); \
145 a ^= c; a -= rot(c,11); \
146 b ^= a; b -= rot(a,25); \
147 c ^= b; c -= rot(b,16); \
148 a ^= c; a -= rot(c,4); \
149 b ^= a; b -= rot(a,14); \
150 c ^= b; c -= rot(b,24); \
151 }
154 /*
155 -------------------------------------------------------------------------------
156 hashlittle() -- hash a variable-length key into a 32-bit value
157 k : the key (the unaligned variable-length array of bytes)
158 length : the length of the key, counting by bytes
159 initval : can be any 4-byte value
160 Returns a 32-bit value. Every bit of the key affects every bit of
161 the return value. Two keys differing by one or two bits will have
162 totally different hash values.
164 The best hash table sizes are powers of 2. There is no need to do
165 mod a prime (mod is sooo slow!). If you need less than 32 bits,
166 use a bitmask. For example, if you need only 10 bits, do
167 h = (h & hashmask(10));
168 In which case, the hash table should have hashsize(10) elements.
170 If you are hashing n strings (uint8_t **)k, do it like this:
171 for (i=0, h=0; i<n; ++i) h = hashlittle( k[i], len[i], h);
173 By Bob Jenkins, 2006. bob_jenkins@burtleburtle.net. You may use this
174 code any way you wish, private, educational, or commercial. It's free.
176 Use for hash table lookup, or anything where one collision in 2^^32 is
177 acceptable. Do NOT use for cryptographic purposes.
178 -------------------------------------------------------------------------------
179 */
182 {
186 /* Set up the internal state */
191 /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
193 {
209 }
211 /*-------------------------------- last block: affect all 32 bits of (c) */
213 {
228 }
232 }