• Keith Randall's avatar
    runtime: make aeshash more DOS-proof · 91059de0
    Keith Randall authored
    Improve the aeshash implementation to make it harder to engineer collisions.
    
    1) Scramble the seed before xoring with the input string.  This
       makes it harder to cancel known portions of the seed (like the size)
       because it mixes the per-table seed into those other parts.
    
    2) Use table-dependent seeds for all stripes when hashing >16 byte strings.
    
    For small strings this change uses 4 aesenc ops instead of 3, so it
    is somewhat slower.  The first two can run in parallel, though, so
    it isn't 33% slower.
    
    benchmark                            old ns/op     new ns/op     delta
    BenchmarkHash64-12                   10.2          11.2          +9.80%
    BenchmarkHash16-12                   5.71          6.13          +7.36%
    BenchmarkHash5-12                    6.64          7.01          +5.57%
    BenchmarkHashBytesSpeed-12           30.3          31.9          +5.28%
    BenchmarkHash65536-12                2785          2882          +3.48%
    BenchmarkHash1024-12                 53.6          55.4          +3.36%
    BenchmarkHashStringArraySpeed-12     54.9          56.5          +2.91%
    BenchmarkHashStringSpeed-12          18.7          19.2          +2.67%
    BenchmarkHashInt32Speed-12           14.8          15.1          +2.03%
    BenchmarkHashInt64Speed-12           14.5          14.5          +0.00%
    
    Change-Id: I59ea124b5cb92b1c7e8584008257347f9049996c
    Reviewed-on: https://go-review.googlesource.com/14124Reviewed-by: 's avatarjcd . <jcd@golang.org>
    Run-TryBot: Keith Randall <khr@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    91059de0
asm_amd64.s 40.6 KB