diff options
| -rw-r--r-- | changes/bug11750 | 5 | ||||
| -rw-r--r-- | src/or/circuitlist.c | 10 | ||||
| -rw-r--r-- | src/test/bench.c | 25 |
3 files changed, 39 insertions, 1 deletions
diff --git a/changes/bug11750 b/changes/bug11750 new file mode 100644 index 000000000..f779ac8fe --- /dev/null +++ b/changes/bug11750 @@ -0,0 +1,5 @@ + o Minor features (security): + - Apply the secure SipHash-2-4 function to the hash table mapping + circuit IDs and channels to circuits. We missed this one when we + were converting all the other hash functions to use SipHash back + in 0.2.5.3-alpha. Resolves ticket 11750. diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 90fc93f3a..e5ed9c04f 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -76,7 +76,15 @@ chan_circid_entries_eq_(chan_circid_circuit_map_t *a, static INLINE unsigned int chan_circid_entry_hash_(chan_circid_circuit_map_t *a) { - return ((unsigned)a->circ_id) ^ (unsigned)(uintptr_t)(a->chan); + /* Try to squeze the siphash input into 8 bytes to save any extra siphash + * rounds. This hash function is in the critical path. */ + uintptr_t chan = (uintptr_t) (void*) a->chan; + uint32_t array[2]; + array[0] = a->circ_id; + /* The low bits of the channel pointer are uninteresting, since the channel + * is a pretty big structure. */ + array[1] = (uint32_t) (chan >> 6); + return (unsigned) siphash24g(array, sizeof(array)); } /** Map from [chan,circid] to circuit. */ diff --git a/src/test/bench.c b/src/test/bench.c index c9cc101b7..a3fa7fe31 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -338,6 +338,30 @@ bench_dmap(void) } static void +bench_siphash(void) +{ + char buf[128]; + int lens[] = { 7, 8, 15, 16, 20, 32, 111, 128, -1 }; + int i, j; + uint64_t total; + uint64_t start, end; + const int N = 300000; + crypto_rand(buf, sizeof(buf)); + + for (i = 0; lens[i] > 0; ++i) { + total = 0; + reset_perftime(); + start = perftime(); + for (j = 0; j < N; ++j) { + total += siphash24g(buf, lens[i]); + } + end = perftime(); + printf("siphash24g(%d): %.2f ns per call\n", + lens[i], NANOCOUNT(start,end,N)); + } +} + +static void bench_cell_ops(void) { const int iters = 1<<16; @@ -487,6 +511,7 @@ typedef struct benchmark_t { static struct benchmark_t benchmarks[] = { ENT(dmap), + ENT(siphash), ENT(aes), ENT(onion_TAP), #ifdef CURVE25519_ENABLED |