From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 169365A0271
	for <passt-dev@passt.top>; Thu, 28 Sep 2023 03:21:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1695864065;
	bh=HKAdz01TsEDkzQrmFtiaXyZqt8mZoQymnEw6qNM3rPc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=hZZ4tJ4ARpryS0SpCoezCqj6V8iWLwC565ycafQVBXIgL+fTk6krla/NZW1BY4PeT
	 TW57DTfASER8L+kpJkCQZgsO1tKZyLS0lZqrydcgyRWE8vwXMbYUBxpYxzY9Du9USn
	 SlI0WUo9LTbKS8llUkVWhIOvJ7GEZgchTsT38r+k=
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4RwwfT050Xz4xRx; Thu, 28 Sep 2023 11:21:05 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>,
	passt-dev@passt.top
Subject: [PATCH v2 05/10] siphash: Fix bug in state initialisation
Date: Thu, 28 Sep 2023 11:20:57 +1000
Message-ID: <20230928012102.1446180-6-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230928012102.1446180-1-david@gibson.dropbear.id.au>
References: <20230928012102.1446180-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: JMI5TVDK55L47BC5MRX3YV6USZU3TUJG
X-Message-ID-Hash: JMI5TVDK55L47BC5MRX3YV6USZU3TUJG
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20230928012102.1446180-6-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/JMI5TVDK55L47BC5MRX3YV6USZU3TUJG/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

The SipHash algorithm starts with initializing the 32 bytes of internal
state with some magic numbers XORed with the hash key.  However, our
implementation has a bug - rather than XORing the hash key, it *sets* the
initial state to copies of the key.

I don't know if that affects any of the cryptographic properties of SipHash
but it's not what we should be doing.  Fix it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 siphash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/siphash.c b/siphash.c
index ec39793..6932da2 100644
--- a/siphash.c
+++ b/siphash.c
@@ -65,7 +65,7 @@
 									  \
 	do {								  \
 		for (__i = sizeof(v) / sizeof(v[0]) - 1; __i >= 0; __i--) \
-			v[__i] = k[__i % 2];				  \
+			v[__i] ^= k[__i % 2];				  \
 	} while (0)
 
 /**
-- 
2.41.0