Merge pull request #4178 from libgit2/ethomson/enfasten_sha1

sha1dc: perf improvements from upstream

Merge pull request #4178 from libgit2/ethomson/enfasten_sha1
sha1dc: perf improvements from upstream
fa86a095 · Carlos Martín Nieto · GitHub · 69873685 · d6729635 · fa86a095
Commit fa86a095 authored Mar 23, 2017 by Carlos Martín Nieto Committed by GitHub Mar 23, 2017
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 59 additions and 45 deletions

src/hash/hash_collisiondetect.h
+1 -11

src/hash/sha1dc/sha1.c
+0 -0

src/hash/sha1dc/sha1.h
+42 -31

src/hash/sha1dc/ubc_check.c
+4 -2

src/hash/sha1dc/ubc_check.h
+12 -1

No files found.
--- a/src/hash/hash_collisiondetect.h
+++ b/src/hash/hash_collisiondetect.h
@@ -28,18 +28,8 @@ GIT_INLINE(int) git_hash_init(git_hash_ctx *ctx)
 GIT_INLINE(int) git_hash_update(git_hash_ctx *ctx, const void *data, size_t len)
 {
-    const char *p = data;
 	assert(ctx);
+	SHA1DCUpdate(&ctx->c, data, len);
-	/* We expect a size_t, but sha1dc only takes an int */
-	while (len > INT_MAX) {
-		SHA1DCUpdate(&ctx->c, p, INT_MAX);
-		p += INT_MAX;
-		len -= INT_MAX;
-	}
-	SHA1DCUpdate(&ctx->c, p, len);
 	return 0;
 }

--- a/src/hash/sha1dc/sha1.c
+++ b/src/hash/sha1dc/sha1.c
--- a/src/hash/sha1dc/sha1.h
+++ b/src/hash/sha1dc/sha1.h
@@ -5,19 +5,24 @@
 * https://opensource.org/licenses/MIT
 ***/
+#if defined(__cplusplus)
+extern "C" {
+#endif
 #include <stdint.h>
-// uses SHA-1 message expansion to expand the first 16 words of W[] to 80 words
+/* uses SHA-1 message expansion to expand the first 16 words of W[] to 80 words */
-void sha1_message_expansion(uint32_t W[80]);
+/* void sha1_message_expansion(uint32_t W[80]); */
-// sha-1 compression function; first version takes a message block pre-parsed as 16 32-bit integers, second version takes an already expanded message)
+/* sha-1 compression function; first version takes a message block pre-parsed as 16 32-bit integers, second version takes an already expanded message) */
-void sha1_compression(uint32_t ihv[5], const uint32_t m[16]);
+/* void sha1_compression(uint32_t ihv[5], const uint32_t m[16]);
-void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80]);
+void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80]); */
-// same as sha1_compression_W, but additionally store intermediate states
+/* same as sha1_compression_W, but additionally store intermediate states */
-// only stores states ii (the state between step ii-1 and step ii) when DOSTORESTATEii is defined in ubc_check.h
+/* only stores states ii (the state between step ii-1 and step ii) when DOSTORESTATEii is defined in ubc_check.h */
-void sha1_compression_states(uint32_t ihv[5], const uint32_t W[80], uint32_t states[80][5]);
+void sha1_compression_states(uint32_t[5], const uint32_t[16], uint32_t[80], uint32_t[80][5]);
+/*
 // function type for sha1_recompression_step_T (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
 // where 0 <= T < 80
 //       me2 is an expanded message (the expansion of an original message block XOR'ed with a disturbance vector's message block difference)
@@ -25,21 +30,21 @@ void sha1_compression_states(uint32_t ihv[5], const uint32_t W[80], uint32_t sta
 // the function will return:
 //       ihvin: the reconstructed input chaining value
 //       ihvout: the reconstructed output chaining value
+*/
 typedef void(*sha1_recompression_type)(uint32_t*, uint32_t*, const uint32_t*, const uint32_t*);
-// table of sha1_recompression_step_0, ... , sha1_recompression_step_79
+/* table of sha1_recompression_step_0, ... , sha1_recompression_step_79 */
-extern sha1_recompression_type sha1_recompression_step[80];
+/* extern sha1_recompression_type sha1_recompression_step[80];*/
-// a callback function type that can be set to be called when a collision block has been found:
+/* a callback function type that can be set to be called when a collision block has been found: */
-// void collision_block_callback(uint64_t byteoffset, const uint32_t ihvin1[5], const uint32_t ihvin2[5], const uint32_t m1[80], const uint32_t m2[80])
+/* void collision_block_callback(uint64_t byteoffset, const uint32_t ihvin1[5], const uint32_t ihvin2[5], const uint32_t m1[80], const uint32_t m2[80]) */
 typedef void(*collision_block_callback)(uint64_t, const uint32_t*, const uint32_t*, const uint32_t*, const uint32_t*);
-// the SHA-1 context
+/* the SHA-1 context */
 typedef struct {
 	uint64_t total;
 	uint32_t ihv[5];
 	unsigned char buffer[64];
-	int bigendian;
 	int found_collision;
 	int safe_hash;
 	int detect_coll;
@@ -54,41 +59,47 @@ typedef struct {
 	uint32_t states[80][5];
 } SHA1_CTX;
-// initialize SHA-1 context
+/* initialize SHA-1 context */
-void SHA1DCInit(SHA1_CTX*); 
+void SHA1DCInit(SHA1_CTX*);
+/*
 // function to enable safe SHA-1 hashing:
 // collision attacks are thwarted by hashing a detected near-collision block 3 times
 // think of it as extending SHA-1 from 80-steps to 240-steps for such blocks:
-//   the best collision attacks against SHA-1 have complexity about 2^60, 
+//   the best collision attacks against SHA-1 have complexity about 2^60,
 //   thus for 240-steps an immediate lower-bound for the best cryptanalytic attacks would 2^180
 //   an attacker would be better off using a generic birthday search of complexity 2^80
 //
 // enabling safe SHA-1 hashing will result in the correct SHA-1 hash for messages where no collision attack was detected
-// but it will result in a different SHA-1 hash for messages where a collision attack was detected 
+// but it will result in a different SHA-1 hash for messages where a collision attack was detected
 // this will automatically invalidate SHA-1 based digital signature forgeries
 // enabled by default
+*/
 void SHA1DCSetSafeHash(SHA1_CTX*, int);
-// function to disable or enable the use of Unavoidable Bitconditions (provides a significant speed up)
+/* function to disable or enable the use of Unavoidable Bitconditions (provides a significant speed up) */
-// enabled by default
+/* enabled by default */
 void SHA1DCSetUseUBC(SHA1_CTX*, int);
-// function to disable or enable the use of Collision Detection
+/* function to disable or enable the use of Collision Detection */
-// enabled by default
+/* enabled by default */
-void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll);
+void SHA1DCSetUseDetectColl(SHA1_CTX*, int);
-// function to disable or enable the detection of reduced-round SHA-1 collisions
+/* function to disable or enable the detection of reduced-round SHA-1 collisions */
-// disabled by default
+/* disabled by default */
 void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX*, int);
-// function to set a callback function, pass NULL to disable
+/* function to set a callback function, pass NULL to disable */
-// by default no callback set
+/* by default no callback set */
 void SHA1DCSetCallback(SHA1_CTX*, collision_block_callback);
-// update SHA-1 context with buffer contents
+/* update SHA-1 context with buffer contents */
-void SHA1DCUpdate(SHA1_CTX*, const char*, unsigned);
+void SHA1DCUpdate(SHA1_CTX*, const char*, size_t);
-// obtain SHA-1 hash from SHA-1 context
+/* obtain SHA-1 hash from SHA-1 context */
-// returns: 0 = no collision detected, otherwise = collision found => warn user for active attack
+/* returns: 0 = no collision detected, otherwise = collision found => warn user for active attack */
 int  SHA1DCFinal(unsigned char[20], SHA1_CTX*); 
+#if defined(__cplusplus)
+}
+#endif
--- a/src/hash/sha1dc/ubc_check.c
+++ b/src/hash/sha1dc/ubc_check.c
@@ -5,6 +5,7 @@
 * https://opensource.org/licenses/MIT
 ***/
+/*
 // this file was generated by the 'parse_bitrel' program in the tools section
 // using the data files from directory 'tools/data/3565'
 //
@@ -17,10 +18,11 @@
 // ubc_check takes as input an expanded message block and verifies the unavoidable bitconditions for all listed DVs
 // it returns a dvmask where each bit belonging to a DV is set if all unavoidable bitconditions for that DV have been met
 // thus one needs to do the recompression check for each DV that has its bit set
-// 
+//
 // ubc_check is programmatically generated and the unavoidable bitconditions have been hardcoded
 // a directly verifiable version named ubc_check_verify can be found in ubc_check_verify.c
 // ubc_check has been verified against ubc_check_verify using the 'ubc_check_test' program in the tools section
+*/
 #include <stdint.h>
 #include "ubc_check.h"
@@ -58,7 +60,7 @@ static const uint32_t DV_II_54_0_bit 	= (uint32_t)(1) << 29;
 static const uint32_t DV_II_55_0_bit 	= (uint32_t)(1) << 30;
 static const uint32_t DV_II_56_0_bit 	= (uint32_t)(1) << 31;
-dv_info_t sha1_dvs[] = 
+dv_info_t sha1_dvs[] =
 {
  {1,43,0,58,0,0, { 0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408,0x800000e6,0x8000004c,0x00000803,0x80000161,0x80000599 } }
 , {1,44,0,58,0,1, { 0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408,0x800000e6,0x8000004c,0x00000803,0x80000161 } }

--- a/src/hash/sha1dc/ubc_check.h
+++ b/src/hash/sha1dc/ubc_check.h
@@ -5,6 +5,7 @@
 * https://opensource.org/licenses/MIT
 ***/
+/*
 // this file was generated by the 'parse_bitrel' program in the tools section
 // using the data files from directory 'tools/data/3565'
 //
@@ -17,10 +18,15 @@
 // ubc_check takes as input an expanded message block and verifies the unavoidable bitconditions for all listed DVs
 // it returns a dvmask where each bit belonging to a DV is set if all unavoidable bitconditions for that DV have been met
 // thus one needs to do the recompression check for each DV that has its bit set
+*/
 #ifndef UBC_CHECK_H
 #define UBC_CHECK_H
+#if defined(__cplusplus)
+extern "C" {
+#endif
 #include <stdint.h>
 #define DVMASKSIZE 1
@@ -31,5 +37,10 @@ void ubc_check(const uint32_t W[80], uint32_t dvmask[DVMASKSIZE]);
 #define DOSTORESTATE58
 #define DOSTORESTATE65
+#define CHECK_DVMASK(_DVMASK) (0 != _DVMASK[0])
+#if defined(__cplusplus)
+}
+#endif
-#endif // UBC_CHECK_H
+#endif /* UBC_CHECK_H */