From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: Sasha Levin <sashal@kernel.org>, stable <stable@vger.kernel.org>
Subject: Re: [PATCH 4.4 10/13] siphash: implement HalfSipHash1-3 for hash tables
Date: Wed, 28 Aug 2019 10:38:57 +0200 [thread overview]
Message-ID: <20190828083857.GA29927@kroah.com> (raw)
In-Reply-To: <20190827231100.GJ11046@xylophone.i.decadent.org.uk>
On Wed, Aug 28, 2019 at 12:11:00AM +0100, Ben Hutchings wrote:
> From: Jason A. Donenfeld <Jason@zx2c4.com>
>
> commit 1ae2324f732c9c4e2fa4ebd885fa1001b70d52e1 upstream.
>
> HalfSipHash, or hsiphash, is a shortened version of SipHash, which
> generates 32-bit outputs using a weaker 64-bit key. It has *much* lower
> security margins, and shouldn't be used for anything too sensitive, but
> it could be used as a hashtable key function replacement, if the output
> is never exposed, and if the security requirement is not too high.
>
> The goal is to make this something that performance-critical jhash users
> would be willing to use.
>
> On 64-bit machines, HalfSipHash1-3 is slower than SipHash1-3, so we alias
> SipHash1-3 to HalfSipHash1-3 on those systems.
>
> 64-bit x86_64:
> [ 0.509409] test_siphash: SipHash2-4 cycles: 4049181
> [ 0.510650] test_siphash: SipHash1-3 cycles: 2512884
> [ 0.512205] test_siphash: HalfSipHash1-3 cycles: 3429920
> [ 0.512904] test_siphash: JenkinsHash cycles: 978267
> So, we map hsiphash() -> SipHash1-3
>
> 32-bit x86:
> [ 0.509868] test_siphash: SipHash2-4 cycles: 14812892
> [ 0.513601] test_siphash: SipHash1-3 cycles: 9510710
> [ 0.515263] test_siphash: HalfSipHash1-3 cycles: 3856157
> [ 0.515952] test_siphash: JenkinsHash cycles: 1148567
> So, we map hsiphash() -> HalfSipHash1-3
>
> hsiphash() is roughly 3 times slower than jhash(), but comes with a
> considerable security improvement.
>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Reviewed-by: Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> [bwh: Backported to 4.4 to avoid regression for WireGuard with only half
> the siphash API present]
> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
> ---
> Documentation/siphash.txt | 75 +++++++++
> include/linux/siphash.h | 57 ++++++-
> lib/siphash.c | 321 +++++++++++++++++++++++++++++++++++++-
> lib/test_siphash.c | 98 +++++++++++-
> 4 files changed, 546 insertions(+), 5 deletions(-)
Thank you for this patch, and this series, it was on my long-term todo
list that I had not gotten to yet (and probably never would have...)
greg k-h
next prev parent reply other threads:[~2019-08-28 8:39 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-27 23:09 [PATCH 4.4 01/13] GFS2: don't set rgrp gl_object until it's inserted into rgrp tree Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 02/13] net: arc_emac: fix koops caused by sk_buff free Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 03/13] vhost-net: set packet weight of tx polling to 2 * vq size Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 04/13] vhost_net: use packet weight for rx handler, too Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 05/13] vhost_net: introduce vhost_exceeds_weight() Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 06/13] vhost: " Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 07/13] vhost_net: fix possible infinite loop Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 08/13] vhost: scsi: add weight support Ben Hutchings
2019-08-27 23:10 ` [PATCH 4.4 09/13] siphash: add cryptographically secure PRF Ben Hutchings
2019-08-27 23:11 ` [PATCH 4.4 10/13] siphash: implement HalfSipHash1-3 for hash tables Ben Hutchings
2019-08-28 8:38 ` Greg Kroah-Hartman [this message]
2019-08-27 23:11 ` [PATCH 4.4 11/13] inet: switch IP ID generator to siphash Ben Hutchings
2019-08-27 23:11 ` [PATCH 4.4 12/13] netfilter: ctnetlink: don't use conntrack/expect object addresses as id Ben Hutchings
2019-08-27 23:11 ` [PATCH 4.4 13/13] netfilter: conntrack: Use consistent ct id hash calculation Ben Hutchings
2019-08-28 2:57 ` [PATCH 4.4 01/13] GFS2: don't set rgrp gl_object until it's inserted into rgrp tree Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190828083857.GA29927@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ben.hutchings@codethink.co.uk \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).