From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: Sasha Levin <sashal@kernel.org>, stable <stable@vger.kernel.org>
Subject: Re: [PATCH 4.4 10/13] siphash: implement HalfSipHash1-3 for hash tables
Date: Wed, 28 Aug 2019 10:38:57 +0200 [thread overview]
Message-ID: <20190828083857.GA29927@kroah.com> (raw)
In-Reply-To: <20190827231100.GJ11046@xylophone.i.decadent.org.uk>
On Wed, Aug 28, 2019 at 12:11:00AM +0100, Ben Hutchings wrote:
> From: Jason A. Donenfeld <Jason@zx2c4.com>
>
> commit 1ae2324f732c9c4e2fa4ebd885fa1001b70d52e1 upstream.
>
> HalfSipHash, or hsiphash, is a shortened version of SipHash, which
> generates 32-bit outputs using a weaker 64-bit key. It has *much* lower
> security margins, and shouldn't be used for anything too sensitive, but
> it could be used as a hashtable key function replacement, if the output
> is never exposed, and if the security requirement is not too high.
>
> The goal is to make this something that performance-critical jhash users
> would be willing to use.
>
> On 64-bit machines, HalfSipHash1-3 is slower than SipHash1-3, so we alias
> SipHash1-3 to HalfSipHash1-3 on those systems.
>
> 64-bit x86_64:
> [ 0.509409] test_siphash: SipHash2-4 cycles: 4049181
> [ 0.510650] test_siphash: SipHash1-3 cycles: 2512884
> [ 0.512205] test_siphash: HalfSipHash1-3 cycles: 3429920
> [ 0.512904] test_siphash: JenkinsHash cycles: 978267
> So, we map hsiphash() -> SipHash1-3
>
> 32-bit x86:
> [ 0.509868] test_siphash: SipHash2-4 cycles: 14812892
> [ 0.513601] test_siphash: SipHash1-3 cycles: 9510710
> [ 0.515263] test_siphash: HalfSipHash1-3 cycles: 3856157
> [ 0.515952] test_siphash: JenkinsHash cycles: 1148567
> So, we map hsiphash() -> HalfSipHash1-3
>
> hsiphash() is roughly 3 times slower than jhash(), but comes with a
> considerable security improvement.
>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Reviewed-by: Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> [bwh: Backported to 4.4 to avoid regression for WireGuard with only half
> the siphash API present]
> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
> ---
> Documentation/siphash.txt | 75 +++++++++
> include/linux/siphash.h | 57 ++++++-
> lib/siphash.c | 321 +++++++++++++++++++++++++++++++++++++-
> lib/test_siphash.c | 98 +++++++++++-
> 4 files changed, 546 insertions(+), 5 deletions(-)
Thank you for this patch, and this series, it was on my long-term todo
list that I had not gotten to yet (and probably never would have...)
greg k-h
next prev parent reply other threads:[~2019-08-28 8:39 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-27 23:09 [PATCH 4.4 01/13] GFS2: don't set rgrp gl_object until it's inserted into rgrp tree Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 02/13] net: arc_emac: fix koops caused by sk_buff free Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 03/13] vhost-net: set packet weight of tx polling to 2 * vq size Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 04/13] vhost_net: use packet weight for rx handler, too Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 05/13] vhost_net: introduce vhost_exceeds_weight() Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 06/13] vhost: " Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 07/13] vhost_net: fix possible infinite loop Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 08/13] vhost: scsi: add weight support Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 09/13] siphash: add cryptographically secure PRF Ben Hutchings
2019-08-27 23:11 ` [PATCH 4.4 10/13] siphash: implement HalfSipHash1-3 for hash tables Ben Hutchings
2019-08-28 8:38 ` Greg Kroah-Hartman [this message]
2019-08-27 23:11 ` [PATCH 4.4 11/13] inet: switch IP ID generator to siphash Ben Hutchings
2019-08-27 23:11 ` [PATCH 4.4 12/13] netfilter: ctnetlink: don't use conntrack/expect object addresses as id Ben Hutchings
2019-08-27 23:11 ` [PATCH 4.4 13/13] netfilter: conntrack: Use consistent ct id hash calculation Ben Hutchings
2019-08-28 2:57 ` [PATCH 4.4 01/13] GFS2: don't set rgrp gl_object until it's inserted into rgrp tree Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190828083857.GA29927@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ben.hutchings@codethink.co.uk \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.