Merge remote-tracking branch 'public/bug11750'

changes/bug11750

@@ -0,0 +1,5 @@
+  o Minor features (security):
+    - Apply the secure SipHash-2-4 function to the hash table mapping
+      circuit IDs and channels to circuits. We missed this one when we
+      were converting all the other hash functions to use SipHash back
+      in 0.2.5.3-alpha. Resolves ticket 11750.

src/or/circuitlist.c

@@ -76,7 +76,15 @@ chan_circid_entries_eq_(chan_circid_circuit_map_t *a,
 static INLINE unsigned int
 chan_circid_entry_hash_(chan_circid_circuit_map_t *a)
 {
-  return ((unsigned)a->circ_id) ^ (unsigned)(uintptr_t)(a->chan);
+  /* Try to squeze the siphash input into 8 bytes to save any extra siphash
+   * rounds.  This hash function is in the critical path. */
+  uintptr_t chan = (uintptr_t) (void*) a->chan;
+  uint32_t array[2];
+  array[0] = a->circ_id;
+  /* The low bits of the channel pointer are uninteresting, since the channel
+   * is a pretty big structure. */
+  array[1] = (uint32_t) (chan >> 6);
+  return (unsigned) siphash24g(array, sizeof(array));
 }
 
 /** Map from [chan,circid] to circuit. */

src/test/bench.c

@@ -337,6 +337,30 @@ bench_dmap(void)
   smartlist_free(sl2);
 }
 
+static void
+bench_siphash(void)
+{
+  char buf[128];
+  int lens[] = { 7, 8, 15, 16, 20, 32, 111, 128, -1 };
+  int i, j;
+  uint64_t total;
+  uint64_t start, end;
+  const int N = 300000;
+  crypto_rand(buf, sizeof(buf));
+
+  for (i = 0; lens[i] > 0; ++i) {
+    total = 0;
+    reset_perftime();
+    start = perftime();
+    for (j = 0; j < N; ++j) {
+      total += siphash24g(buf, lens[i]);
+    }
+    end = perftime();
+    printf("siphash24g(%d): %.2f ns per call\n",
+           lens[i], NANOCOUNT(start,end,N));
+  }
+}
+
 static void
 bench_cell_ops(void)
 {
@@ -487,6 +511,7 @@ typedef struct benchmark_t {
 
 static struct benchmark_t benchmarks[] = {
   ENT(dmap),
+  ENT(siphash),
   ENT(aes),
   ENT(onion_TAP),
 #ifdef CURVE25519_ENABLED