SipHash is a cryptographically strong pseudo-random function (a.k.a. keyed

hash function) optimized for speed on short messages returning a 64bit hash/
digest value.

SipHash is simpler and much faster than other secure MACs and competitive
in speed with popular non-cryptographic hash functions.  It uses a 128-bit
key without the hidden cost of a key expansion step.  SipHash iterates a
simple round function consisting of four additions, four xors, and six
rotations, interleaved with xors of message blocks for a pre-defined number
of compression and finalization rounds.  The absence of  secret load/store
addresses or secret branch conditions avoid timing attacks.  No state is
shared between messages.  Hashing is deterministic and doesn't use nonces.
It is not susceptible to length extension attacks.

Target applications include network traffic authentication, message
authentication (MAC) and hash-tables protection against hash-flooding
denial-of-service attacks.

The number of update/finalization rounds is defined during initialization:

 SipHash24_Init() for the fast and reasonable strong version.
 SipHash48_Init() for the strong version (half as fast).

SipHash usage is similar to other hash functions:

 struct SIPHASH_CTX ctx;
 char *k = "16bytes long key"
 char *s = "string";
 uint64_t h = 0;
 SipHash24_Init(&ctx);
 SipHash_SetKey(&ctx, k);
 SipHash_Update(&ctx, s, strlen(s));
 SipHash_Final(&h, &ctx);  /* or */
 h = SipHash_End(&ctx);    /* or */
 h = SipHash24(&ctx, k, s, strlen(s));

It was designed by Jean-Philippe Aumasson and Daniel J. Bernstein and
is described in the paper "SipHash: a fast short-input PRF", 2012.09.18:
 https://131002.net/siphash/siphash.pdf
 Permanent ID: b9a943a805fbfc6fde808af9fc0ecdfa

Implemented by:	andre (based on the paper)
Reviewed by:	cperciva

3 files changed, 464 insertions, 0 deletions

diff --git a/sys/crypto/siphash/siphash.c b/sys/crypto/siphash/siphash.c
new file mode 100644
index 0000000..293396f
--- /dev/null
+++ b/sys/crypto/siphash/siphash.c
@@ -0,0 +1,241 @@
+/*-
+ * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d
+ * are the number of compression rounds and the number of finalization rounds.
+ * A compression round is identical to a finalization round and this round
+ * function is called SipRound.  Given a 128-bit key k and a (possibly empty)
+ * byte string m, SipHash-c-d returns a 64-bit value SipHash-c-d(k; m).
+ *
+ * Implemented from the paper "SipHash: a fast short-input PRF", 2012.09.18,
+ * by Jean-Philippe Aumasson and Daniel J. Bernstein,
+ * Permanent Document ID b9a943a805fbfc6fde808af9fc0ecdfa
+ * https://131002.net/siphash/siphash.pdf
+ * https://131002.net/siphash/
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/systm.h>
+#include <sys/libkern.h>
+#include <sys/endian.h>
+
+#include <crypto/siphash/siphash.h>
+
+static void	SipRounds(SIPHASH_CTX *ctx, int final);
+
+void
+SipHash_InitX(SIPHASH_CTX *ctx, int rc, int rf)
+{
+
+	ctx->v[0] = 0x736f6d6570736575ull;
+	ctx->v[1] = 0x646f72616e646f6dull;
+	ctx->v[2] = 0x6c7967656e657261ull;
+	ctx->v[3] = 0x7465646279746573ull;
+	ctx->buf.b64 = 0;
+	ctx->bytes = 0;
+	ctx->buflen = 0;
+	ctx->rounds_compr = rc;
+	ctx->rounds_final = rf;
+	ctx->initialized = 1;
+}
+
+void
+SipHash_SetKey(SIPHASH_CTX *ctx, const uint8_t key[16])
+{
+	uint64_t k[2];
+
+	KASSERT(ctx->v[0] == 0x736f6d6570736575ull &&
+	    ctx->initialized == 1,
+	    ("%s: context %p not properly initialized", __func__, ctx));
+
+	k[0] = le64dec(&key[0]);
+	k[1] = le64dec(&key[8]);
+
+	ctx->v[0] ^= k[0];
+	ctx->v[1] ^= k[1];
+	ctx->v[2] ^= k[0];
+	ctx->v[3] ^= k[1];
+
+	ctx->initialized = 2;
+}
+
+static size_t
+SipBuf(SIPHASH_CTX *ctx, const uint8_t **src, size_t len, int final)
+{
+	size_t x = 0;
+
+	KASSERT((!final && len > 0) || (final && len == 0),
+	    ("%s: invalid parameters", __func__));
+
+	if (!final) {
+		x = MIN(len, sizeof(ctx->buf.b64) - ctx->buflen);
+		bcopy(*src, &ctx->buf.b8[ctx->buflen], x);
+		ctx->buflen += x;
+		*src += x;
+	} else
+		ctx->buf.b8[7] = (uint8_t)ctx->bytes;
+
+	if (ctx->buflen == 8 || final) {
+		ctx->v[3] ^= le64toh(ctx->buf.b64);
+		SipRounds(ctx, 0);
+		ctx->v[0] ^= le64toh(ctx->buf.b64);
+		ctx->buf.b64 = 0;
+		ctx->buflen = 0;
+	}
+	return (x);
+}
+
+void
+SipHash_Update(SIPHASH_CTX *ctx, const void *src, size_t len)
+{
+	uint64_t m, *p;
+	const uint8_t *s;
+	size_t rem;
+
+	KASSERT(ctx->initialized == 2,
+	    ("%s: context %p not properly initialized", __func__, ctx));
+
+	s = src;
+	ctx->bytes += len;
+
+	/*
+	 * Push length smaller than block size into buffer or
+	 * fill up the buffer if there is already something
+	 * in it.
+	 */
+	if (ctx->buflen > 0 || len < 8)
+		len -= SipBuf(ctx, &s, len, 0);
+	if (len == 0)
+		return;
+
+	rem = len & 0x7;
+	len >>= 3;
+
+	/* Optimze for 64bit aligned/unaligned access. */
+	if (((uintptr_t)s & 0x7) == 0) {
+		for (p = (uint64_t *)s; len > 0; len--, p++) {
+			m = le64toh(*p);
+			ctx->v[3] ^= m;
+			SipRounds(ctx, 0);
+			ctx->v[0] ^= m;
+		}
+		s = (uint8_t *)p;
+	} else {
+		for (; len > 0; len--, s += 8) {
+			m = le64dec(s);
+			ctx->v[3] ^= m;
+			SipRounds(ctx, 0);
+			ctx->v[0] ^= m;
+		}
+	}
+
+	/* Push remainder into buffer. */
+	if (rem > 0)
+		(void)SipBuf(ctx, &s, rem, 0);
+}
+
+void
+SipHash_Final(void *dst, SIPHASH_CTX *ctx)
+{
+	uint64_t r;
+
+	KASSERT(ctx->initialized == 2,
+	    ("%s: context %p not properly initialized", __func__, ctx));
+
+	r = SipHash_End(ctx);
+	le64enc(dst, r);
+}
+
+uint64_t
+SipHash_End(SIPHASH_CTX *ctx)
+{
+	uint64_t r;
+
+	KASSERT(ctx->initialized == 2,
+	    ("%s: context %p not properly initialized", __func__, ctx));
+
+	SipBuf(ctx, NULL, 0, 1);
+	ctx->v[2] ^= 0xff;
+	SipRounds(ctx, 1);
+	r = (ctx->v[0] ^ ctx->v[1]) ^ (ctx->v[2] ^ ctx->v[3]);
+
+	bzero(ctx, sizeof(*ctx));
+	return (r);
+}
+
+uint64_t
+SipHashX(SIPHASH_CTX *ctx, int rc, int rf, const uint8_t key[16],
+    const void *src, size_t len)
+{
+
+	SipHash_InitX(ctx, rc, rf);
+	SipHash_SetKey(ctx, key);
+	SipHash_Update(ctx, src, len);
+
+	return (SipHash_End(ctx));
+}
+
+#define SIP_ROTL(x, b)	(uint64_t)(((x) << (b)) | ( (x) >> (64 - (b))))
+
+static void
+SipRounds(SIPHASH_CTX *ctx, int final)
+{
+	int rounds;
+
+	if (!final)
+		rounds = ctx->rounds_compr;
+	else
+		rounds = ctx->rounds_final;
+
+	while (rounds--) {
+		ctx->v[0] += ctx->v[1];
+		ctx->v[2] += ctx->v[3];
+		ctx->v[1] = SIP_ROTL(ctx->v[1], 13);
+		ctx->v[3] = SIP_ROTL(ctx->v[3], 16);
+
+		ctx->v[1] ^= ctx->v[0];
+		ctx->v[3] ^= ctx->v[2];
+		ctx->v[0] = SIP_ROTL(ctx->v[0], 32);
+
+		ctx->v[2] += ctx->v[1];
+		ctx->v[0] += ctx->v[3];
+		ctx->v[1] = SIP_ROTL(ctx->v[1], 17);
+		ctx->v[3] = SIP_ROTL(ctx->v[3], 21);
+
+		ctx->v[1] ^= ctx->v[2];
+		ctx->v[3] ^= ctx->v[0];
+		ctx->v[2] = SIP_ROTL(ctx->v[2], 32);
+	}
+}
+
diff --git a/sys/crypto/siphash/siphash.h b/sys/crypto/siphash/siphash.h
new file mode 100644
index 0000000..bfa01cb
--- /dev/null
+++ b/sys/crypto/siphash/siphash.h
@@ -0,0 +1,83 @@
+/*-
+ * Copyright (c) 2013 Andre Oppermann <andre@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+/*
+ * SipHash is a family of pseudorandom functions (a.k.a. keyed hash functions)
+ * optimized for speed on short messages returning a 64bit hash/digest value.
+ *
+ * The number of rounds is defined during the initialization:
+ *  SipHash24_Init() for the fast and resonable strong version
+ *  SipHash48_Init() for the strong version (half as fast)
+ *
+ * struct SIPHASH_CTX ctx;
+ * SipHash24_Init(&ctx);
+ * SipHash_SetKey(&ctx, "16bytes long key");
+ * SipHash_Update(&ctx, pointer_to_string, length_of_string);
+ * SipHash_Final(output, &ctx);
+ */
+
+#ifndef _SIPHASH_H_
+#define _SIPHASH_H_
+
+#define SIPHASH_BLOCK_LENGTH	 8
+#define SIPHASH_KEY_LENGTH	16
+#define SIPHASH_DIGEST_LENGTH	 8
+
+typedef struct _SIPHASH_CTX {
+	uint64_t	v[4];
+	union {
+		uint64_t	b64;
+		uint8_t		b8[8];
+	} buf;
+	uint64_t	bytes;
+	uint8_t		buflen;
+	uint8_t		rounds_compr;
+	uint8_t		rounds_final;
+	uint8_t		initialized;
+} SIPHASH_CTX;
+
+
+#define SipHash24_Init(x)	SipHash_InitX((x), 2, 4)
+#define SipHash48_Init(x)	SipHash_InitX((x), 4, 8)
+void SipHash_InitX(SIPHASH_CTX *, int, int);
+void SipHash_SetKey(SIPHASH_CTX *, const uint8_t [16]);
+void SipHash_Update(SIPHASH_CTX *, const void *, size_t);
+void SipHash_Final(void *, SIPHASH_CTX *);
+uint64_t SipHash_End(SIPHASH_CTX *);
+
+#define SipHash24(x, y, z, i)	SipHashX((x), 2, 4, (y), (z), (i));
+#define SipHash48(x, y, z, i)	SipHashX((x), 4, 8, (y), (z), (i));
+uint64_t SipHashX(SIPHASH_CTX *, int, int, const uint8_t [16], const void *,
+    size_t);
+
+int SipHash24_TestVectors(void);
+
+#endif /* _SIPHASH_H_ */
diff --git a/sys/crypto/siphash/siphash_test.c b/sys/crypto/siphash/siphash_test.c
new file mode 100644
index 0000000..093f228
--- /dev/null
+++ b/sys/crypto/siphash/siphash_test.c
@@ -0,0 +1,140 @@
+/*-
+ * Test Vectors from the SipHash reference C implementation:
+ *
+ * Written in 2012 by 
+ * Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
+ * Daniel J. Bernstein <djb@cr.yp.to>
+ *
+ * Adjusted by Andre Oppermann <andre@freebsd.org> to use function calls in
+ * line with other hash implementations.
+ *
+ * To the extent possible under law, the author(s) have dedicated all copyright
+ * and related and neighboring rights to this software to the public domain
+ * worldwide. This software is distributed without any warranty.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication along with
+ * this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+ *
+ * SipHash-2-4 output with
+ * k = 00 01 02 ...
+ * and
+ * in = (empty string)
+ * in = 00 (1 byte)
+ * in = 00 01 (2 bytes)
+ * in = 00 01 02 (3 bytes)
+ * ...
+ * in = 00 01 02 ... 3e (63 bytes)
+ */
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/systm.h>
+#include <sys/libkern.h>
+#include <sys/endian.h>
+
+#include <crypto/siphash/siphash.h>
+
+uint8_t vectors[64][8] =
+{
+  { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
+  { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
+  { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
+  { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
+  { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
+  { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
+  { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
+  { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
+  { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
+  { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
+  { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
+  { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
+  { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
+  { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
+  { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
+  { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
+  { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
+  { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
+  { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
+  { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
+  { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
+  { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
+  { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
+  { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
+  { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
+  { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
+  { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
+  { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
+  { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
+  { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
+  { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
+  { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
+  { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
+  { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
+  { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
+  { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
+  { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
+  { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
+  { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
+  { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
+  { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
+  { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
+  { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
+  { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
+  { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
+  { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
+  { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
+  { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
+  { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
+  { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
+  { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
+  { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
+  { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
+  { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
+  { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
+  { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
+  { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
+  { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
+  { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
+  { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
+  { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
+  { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
+  { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
+  { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }
+};
+
+#define MAXLEN 64
+
+int
+SipHash24_TestVectors(void)
+{
+	int i, fail = 0;
+	uint8_t in[MAXLEN], out[8], k[16];
+	SIPHASH_CTX ctx;
+
+	/* Initialize key. */
+	for (i = 0; i < 16; ++i)
+		k[i] = i;
+
+	/* Step through differnet length. */
+	for (i = 0; i < MAXLEN; ++i) {
+		in[i] = i;
+
+		SipHash24_Init(&ctx);
+		SipHash_SetKey(&ctx, k);
+		SipHash_Update(&ctx, in, i);
+		SipHash_Final(out, &ctx);
+
+		if (memcmp(out, vectors[i], 8))
+#if 0
+			printf("%i: test vector failed\n", i);
+		else
+			printf("%i: test vector correct\n", i);
+#else
+			fail++;
+#endif
+	}
+
+	return ((fail == 0));
+}