Line data Source code
1 : #include "fd_sha256.h"
2 :
3 : ulong
4 921300 : fd_sha256_align( void ) {
5 921300 : return FD_SHA256_ALIGN;
6 921300 : }
7 :
8 : ulong
9 460641 : fd_sha256_footprint( void ) {
10 460641 : return FD_SHA256_FOOTPRINT;
11 460641 : }
12 :
13 : void *
14 460644 : fd_sha256_new( void * shmem ) {
15 460644 : fd_sha256_t * sha = (fd_sha256_t *)shmem;
16 :
17 460644 : if( FD_UNLIKELY( !shmem ) ) {
18 3 : FD_LOG_WARNING(( "NULL shmem" ));
19 3 : return NULL;
20 3 : }
21 :
22 460641 : if( FD_UNLIKELY( !fd_ulong_is_aligned( (ulong)shmem, fd_sha256_align() ) ) ) {
23 3 : FD_LOG_WARNING(( "misaligned shmem" ));
24 3 : return NULL;
25 3 : }
26 :
27 460638 : ulong footprint = fd_sha256_footprint();
28 :
29 460638 : fd_memset( sha, 0, footprint );
30 :
31 460638 : FD_COMPILER_MFENCE();
32 460638 : FD_VOLATILE( sha->magic ) = FD_SHA256_MAGIC;
33 460638 : FD_COMPILER_MFENCE();
34 :
35 460638 : return (void *)sha;
36 460641 : }
37 :
38 : fd_sha256_t *
39 460644 : fd_sha256_join( void * shsha ) {
40 :
41 460644 : if( FD_UNLIKELY( !shsha ) ) {
42 3 : FD_LOG_WARNING(( "NULL shsha" ));
43 3 : return NULL;
44 3 : }
45 :
46 460641 : if( FD_UNLIKELY( !fd_ulong_is_aligned( (ulong)shsha, fd_sha256_align() ) ) ) {
47 3 : FD_LOG_WARNING(( "misaligned shsha" ));
48 3 : return NULL;
49 3 : }
50 :
51 460638 : fd_sha256_t * sha = (fd_sha256_t *)shsha;
52 :
53 460638 : if( FD_UNLIKELY( sha->magic!=FD_SHA256_MAGIC ) ) {
54 0 : FD_LOG_WARNING(( "bad magic" ));
55 0 : return NULL;
56 0 : }
57 :
58 460638 : return sha;
59 460638 : }
60 :
61 : void *
62 15 : fd_sha256_leave( fd_sha256_t * sha ) {
63 :
64 15 : if( FD_UNLIKELY( !sha ) ) {
65 3 : FD_LOG_WARNING(( "NULL sha" ));
66 3 : return NULL;
67 3 : }
68 :
69 12 : return (void *)sha;
70 15 : }
71 :
72 : void *
73 18 : fd_sha256_delete( void * shsha ) {
74 :
75 18 : if( FD_UNLIKELY( !shsha ) ) {
76 3 : FD_LOG_WARNING(( "NULL shsha" ));
77 3 : return NULL;
78 3 : }
79 :
80 15 : if( FD_UNLIKELY( !fd_ulong_is_aligned( (ulong)shsha, fd_sha256_align() ) ) ) {
81 3 : FD_LOG_WARNING(( "misaligned shsha" ));
82 3 : return NULL;
83 3 : }
84 :
85 12 : fd_sha256_t * sha = (fd_sha256_t *)shsha;
86 :
87 12 : if( FD_UNLIKELY( sha->magic!=FD_SHA256_MAGIC ) ) {
88 0 : FD_LOG_WARNING(( "bad magic" ));
89 0 : return NULL;
90 0 : }
91 :
92 12 : FD_COMPILER_MFENCE();
93 12 : FD_VOLATILE( sha->magic ) = 0UL;
94 12 : FD_COMPILER_MFENCE();
95 :
96 12 : return (void *)sha;
97 12 : }
98 :
99 : #ifndef FD_SHA256_CORE_IMPL
100 : #if FD_HAS_SHANI
101 : #define FD_SHA256_CORE_IMPL 1
102 : #else
103 : #define FD_SHA256_CORE_IMPL 0
104 : #endif
105 : #endif
106 :
107 : #if FD_SHA256_CORE_IMPL==0
108 :
109 : /* The implementation below was derived from OpenSSL's SHA-256
110 : implementation (Apache-2.0 licensed). See in particular:
111 :
112 : https://github.com/openssl/openssl/blob/master/crypto/sha/sha256.c
113 :
114 : (link valid circa 2022-Dec). It has been made more strict with more
115 : extensive implementation documentation, has been simplified and has
116 : been streamlined specifically for use inside Firedancer base machine
117 : model (no machine specific capabilities required).
118 :
119 : In particular, fd_sha256_core_ref is based on OpenSSL's
120 : OPENSSL_SMALL_FOOTPRINT SHA-256 implementation (Apache licensed).
121 : This should work anywhere but it is not the highest performance
122 : implementation possible.
123 :
124 : It is also straightforward to replace these implementations with HPC
125 : implementations that target specific machine capabilities without
126 : requiring any changes to caller code. */
127 :
128 : static void
129 : fd_sha256_core_ref( uint * state,
130 : uchar const * block,
131 385492344 : ulong block_cnt ) {
132 :
133 385492344 : static uint const K[64] = {
134 385492344 : 0x428a2f98U, 0x71374491U, 0xb5c0fbcfU, 0xe9b5dba5U, 0x3956c25bU, 0x59f111f1U, 0x923f82a4U, 0xab1c5ed5U,
135 385492344 : 0xd807aa98U, 0x12835b01U, 0x243185beU, 0x550c7dc3U, 0x72be5d74U, 0x80deb1feU, 0x9bdc06a7U, 0xc19bf174U,
136 385492344 : 0xe49b69c1U, 0xefbe4786U, 0x0fc19dc6U, 0x240ca1ccU, 0x2de92c6fU, 0x4a7484aaU, 0x5cb0a9dcU, 0x76f988daU,
137 385492344 : 0x983e5152U, 0xa831c66dU, 0xb00327c8U, 0xbf597fc7U, 0xc6e00bf3U, 0xd5a79147U, 0x06ca6351U, 0x14292967U,
138 385492344 : 0x27b70a85U, 0x2e1b2138U, 0x4d2c6dfcU, 0x53380d13U, 0x650a7354U, 0x766a0abbU, 0x81c2c92eU, 0x92722c85U,
139 385492344 : 0xa2bfe8a1U, 0xa81a664bU, 0xc24b8b70U, 0xc76c51a3U, 0xd192e819U, 0xd6990624U, 0xf40e3585U, 0x106aa070U,
140 385492344 : 0x19a4c116U, 0x1e376c08U, 0x2748774cU, 0x34b0bcb5U, 0x391c0cb3U, 0x4ed8aa4aU, 0x5b9cca4fU, 0x682e6ff3U,
141 385492344 : 0x748f82eeU, 0x78a5636fU, 0x84c87814U, 0x8cc70208U, 0x90befffaU, 0xa4506cebU, 0xbef9a3f7U, 0xc67178f2U,
142 385492344 : };
143 :
144 >30648*10^7 : # define ROTATE fd_uint_rotate_left
145 34053377792 : # define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
146 34053377792 : # define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
147 25540033344 : # define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
148 25540033344 : # define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
149 34053377792 : # define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
150 34053377792 : # define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
151 :
152 385492344 : uint const * W = (uint const *)block;
153 532084028 : do {
154 532084028 : uint a = state[0];
155 532084028 : uint b = state[1];
156 532084028 : uint c = state[2];
157 532084028 : uint d = state[3];
158 532084028 : uint e = state[4];
159 532084028 : uint f = state[5];
160 532084028 : uint g = state[6];
161 532084028 : uint h = state[7];
162 :
163 532084028 : uint X[16];
164 :
165 532084028 : ulong i;
166 9045428476 : for( i=0UL; i<16UL; i++ ) {
167 8513344448 : X[i] = fd_uint_bswap( W[i] );
168 8513344448 : uint T1 = X[i] + h + Sigma1(e) + Ch(e, f, g) + K[i];
169 8513344448 : uint T2 = Sigma0(a) + Maj(a, b, c);
170 8513344448 : h = g;
171 8513344448 : g = f;
172 8513344448 : f = e;
173 8513344448 : e = d + T1;
174 8513344448 : d = c;
175 8513344448 : c = b;
176 8513344448 : b = a;
177 8513344448 : a = T1 + T2;
178 8513344448 : }
179 26072117372 : for( ; i<64UL; i++ ) {
180 25540033344 : uint s0 = X[(i + 1UL) & 0x0fUL];
181 25540033344 : uint s1 = X[(i + 14UL) & 0x0fUL];
182 25540033344 : s0 = sigma0(s0);
183 25540033344 : s1 = sigma1(s1);
184 25540033344 : X[i & 0xfUL] += s0 + s1 + X[(i + 9UL) & 0xfUL];
185 25540033344 : uint T1 = X[i & 0xfUL ] + h + Sigma1(e) + Ch(e, f, g) + K[i];
186 25540033344 : uint T2 = Sigma0(a) + Maj(a, b, c);
187 25540033344 : h = g;
188 25540033344 : g = f;
189 25540033344 : f = e;
190 25540033344 : e = d + T1;
191 25540033344 : d = c;
192 25540033344 : c = b;
193 25540033344 : b = a;
194 25540033344 : a = T1 + T2;
195 25540033344 : }
196 :
197 532084028 : state[0] += a;
198 532084028 : state[1] += b;
199 532084028 : state[2] += c;
200 532084028 : state[3] += d;
201 532084028 : state[4] += e;
202 532084028 : state[5] += f;
203 532084028 : state[6] += g;
204 532084028 : state[7] += h;
205 :
206 532084028 : W += 16UL;
207 532084028 : } while( --block_cnt );
208 :
209 385492344 : # undef ROTATE
210 385492344 : # undef Sigma0
211 385492344 : # undef Sigma1
212 385492344 : # undef sigma0
213 385492344 : # undef sigma1
214 385492344 : # undef Ch
215 385492344 : # undef Maj
216 :
217 385492344 : }
218 :
219 385492344 : #define fd_sha256_core fd_sha256_core_ref
220 :
221 : #elif FD_SHA256_CORE_IMPL==1
222 :
223 : __attribute__((sysv_abi))
224 : void
225 : fd_sha256_core_shaext( uint * state, /* 64-byte aligned, 8 entries */
226 : uchar const * block, /* ideally 128-byte aligned (but not required), 128*block_cnt in size */
227 : ulong block_cnt ); /* positive */
228 :
229 194100733 : #define fd_sha256_core fd_sha256_core_shaext
230 :
231 : #else
232 : #error "Unsupported FD_SHA256_CORE_IMPL"
233 : #endif
234 :
235 : fd_sha256_t *
236 1554381 : fd_sha256_init( fd_sha256_t * sha ) {
237 1554381 : sha->state[0] = 0x6a09e667U;
238 1554381 : sha->state[1] = 0xbb67ae85U;
239 1554381 : sha->state[2] = 0x3c6ef372U;
240 1554381 : sha->state[3] = 0xa54ff53aU;
241 1554381 : sha->state[4] = 0x510e527fU;
242 1554381 : sha->state[5] = 0x9b05688cU;
243 1554381 : sha->state[6] = 0x1f83d9abU;
244 1554381 : sha->state[7] = 0x5be0cd19U;
245 1554381 : sha->buf_used = 0UL;
246 1554381 : sha->bit_cnt = 0UL;
247 1554381 : return sha;
248 1554381 : }
249 :
250 : fd_sha256_t *
251 : fd_sha256_append( fd_sha256_t * sha,
252 : void const * _data,
253 5700150 : ulong sz ) {
254 :
255 : /* If no data to append, we are done */
256 :
257 5700150 : if( FD_UNLIKELY( !sz ) ) return sha; /* optimize for non-trivial append */
258 :
259 : /* Unpack inputs */
260 :
261 5699892 : uint * state = sha->state;
262 5699892 : uchar * buf = sha->buf;
263 5699892 : ulong buf_used = sha->buf_used;
264 5699892 : ulong bit_cnt = sha->bit_cnt;
265 :
266 5699892 : uchar const * data = (uchar const *)_data;
267 :
268 : /* Update bit_cnt */
269 : /* FIXME: could accumulate bytes here and do bit conversion in append */
270 : /* FIXME: Overflow handling if more than 2^64 bits (unlikely) */
271 :
272 5699892 : sha->bit_cnt = bit_cnt + (sz<<3);
273 :
274 : /* Handle buffered bytes from previous appends */
275 :
276 5699892 : if( FD_UNLIKELY( buf_used ) ) { /* optimized for well aligned use of append */
277 :
278 : /* If the append isn't large enough to complete the current block,
279 : buffer these bytes too and return */
280 :
281 78888 : ulong buf_rem = FD_SHA256_PRIVATE_BUF_MAX - buf_used; /* In (0,FD_SHA256_PRIVATE_BUF_MAX) */
282 78888 : if( FD_UNLIKELY( sz < buf_rem ) ) { /* optimize for large append */
283 531 : fd_memcpy( buf + buf_used, data, sz );
284 531 : sha->buf_used = buf_used + sz;
285 531 : return sha;
286 531 : }
287 :
288 : /* Otherwise, buffer enough leading bytes of data to complete the
289 : block, update the hash and then continue processing any remaining
290 : bytes of data. */
291 :
292 78357 : fd_memcpy( buf + buf_used, data, buf_rem );
293 78357 : data += buf_rem;
294 78357 : sz -= buf_rem;
295 :
296 78357 : fd_sha256_core( state, buf, 1UL );
297 78357 : sha->buf_used = 0UL;
298 78357 : }
299 :
300 : /* Append the bulk of the data */
301 :
302 5699361 : ulong block_cnt = sz >> FD_SHA256_PRIVATE_LG_BUF_MAX;
303 5699361 : if( FD_LIKELY( block_cnt ) ) fd_sha256_core( state, data, block_cnt ); /* optimized for large append */
304 :
305 : /* Buffer any leftover bytes */
306 :
307 5699361 : buf_used = sz & (FD_SHA256_PRIVATE_BUF_MAX-1UL); /* In [0,FD_SHA256_PRIVATE_BUF_MAX) */
308 5699361 : if( FD_UNLIKELY( buf_used ) ) { /* optimized for well aligned use of append */
309 1332633 : fd_memcpy( buf, data + (block_cnt << FD_SHA256_PRIVATE_LG_BUF_MAX), buf_used );
310 1332633 : sha->buf_used = buf_used; /* In (0,FD_SHA256_PRIVATE_BUF_MAX) */
311 1332633 : }
312 :
313 5699361 : return sha;
314 5699892 : }
315 :
316 : void *
317 : fd_sha256_fini( fd_sha256_t * sha,
318 1602555 : void * _hash ) {
319 :
320 : /* Unpack inputs */
321 :
322 1602555 : uint * state = sha->state;
323 1602555 : uchar * buf = sha->buf;
324 1602555 : ulong buf_used = sha->buf_used; /* In [0,FD_SHA256_PRIVATE_BUF_MAX) */
325 1602555 : ulong bit_cnt = sha->bit_cnt;
326 :
327 : /* Append the terminating message byte */
328 :
329 1602555 : buf[ buf_used ] = (uchar)0x80;
330 1602555 : buf_used++;
331 :
332 : /* If there isn't enough room to save the message length in bits at
333 : the end of the in progress block, clear the rest of the in progress
334 : block, update the hash and start a new block. */
335 :
336 1602555 : if( FD_UNLIKELY( buf_used > (FD_SHA256_PRIVATE_BUF_MAX-8UL) ) ) { /* optimize for well aligned use of append */
337 12048 : fd_memset( buf + buf_used, 0, FD_SHA256_PRIVATE_BUF_MAX-buf_used );
338 12048 : fd_sha256_core( state, buf, 1UL );
339 12048 : buf_used = 0UL;
340 12048 : }
341 :
342 : /* Clear in progress block up to last 64-bits, append the message
343 : size in bytes in the last 64-bits of the in progress block and
344 : update the hash to finalize it. */
345 :
346 1602555 : fd_memset( buf + buf_used, 0, FD_SHA256_PRIVATE_BUF_MAX-8UL-buf_used );
347 1602555 : FD_STORE( ulong, buf+FD_SHA256_PRIVATE_BUF_MAX-8UL, fd_ulong_bswap( bit_cnt ) );
348 1602555 : fd_sha256_core( state, buf, 1UL );
349 :
350 : /* Unpack the result into md (annoying bswaps here) */
351 :
352 1602555 : state[0] = fd_uint_bswap( state[0] );
353 1602555 : state[1] = fd_uint_bswap( state[1] );
354 1602555 : state[2] = fd_uint_bswap( state[2] );
355 1602555 : state[3] = fd_uint_bswap( state[3] );
356 1602555 : state[4] = fd_uint_bswap( state[4] );
357 1602555 : state[5] = fd_uint_bswap( state[5] );
358 1602555 : state[6] = fd_uint_bswap( state[6] );
359 1602555 : state[7] = fd_uint_bswap( state[7] );
360 1602555 : return memcpy( _hash, state, 32 );
361 1602555 : }
362 :
363 : void *
364 : fd_sha256_hash( void const * _data,
365 : ulong sz,
366 139414040 : void * _hash ) {
367 139414040 : uchar const * data = (uchar const *)_data;
368 :
369 : /* This is just the above streamlined to eliminate all the overheads
370 : to support incremental hashing. */
371 :
372 139414040 : uchar buf[ FD_SHA256_PRIVATE_BUF_MAX ] __attribute__((aligned(128)));
373 139414040 : uint state[8] __attribute__((aligned(32)));
374 :
375 139414040 : state[0] = 0x6a09e667U;
376 139414040 : state[1] = 0xbb67ae85U;
377 139414040 : state[2] = 0x3c6ef372U;
378 139414040 : state[3] = 0xa54ff53aU;
379 139414040 : state[4] = 0x510e527fU;
380 139414040 : state[5] = 0x9b05688cU;
381 139414040 : state[6] = 0x1f83d9abU;
382 139414040 : state[7] = 0x5be0cd19U;
383 :
384 139414040 : ulong block_cnt = sz >> FD_SHA256_PRIVATE_LG_BUF_MAX;
385 139414040 : if( FD_LIKELY( block_cnt ) ) fd_sha256_core( state, data, block_cnt );
386 :
387 139414040 : ulong buf_used = sz & (FD_SHA256_PRIVATE_BUF_MAX-1UL);
388 139414040 : if( FD_UNLIKELY( buf_used ) ) fd_memcpy( buf, data + (block_cnt << FD_SHA256_PRIVATE_LG_BUF_MAX), buf_used );
389 139414040 : buf[ buf_used ] = (uchar)0x80;
390 139414040 : buf_used++;
391 :
392 139414040 : if( FD_UNLIKELY( buf_used > (FD_SHA256_PRIVATE_BUF_MAX-8UL) ) ) {
393 1176942 : fd_memset( buf + buf_used, 0, FD_SHA256_PRIVATE_BUF_MAX-buf_used );
394 1176942 : fd_sha256_core( state, buf, 1UL );
395 1176942 : buf_used = 0UL;
396 1176942 : }
397 :
398 139414040 : ulong bit_cnt = sz << 3;
399 139414040 : fd_memset( buf + buf_used, 0, FD_SHA256_PRIVATE_BUF_MAX-8UL-buf_used );
400 139414040 : FD_STORE( ulong, buf+FD_SHA256_PRIVATE_BUF_MAX-8UL, fd_ulong_bswap( bit_cnt ) );
401 139414040 : fd_sha256_core( state, buf, 1UL );
402 :
403 139414040 : state[0] = fd_uint_bswap( state[0] );
404 139414040 : state[1] = fd_uint_bswap( state[1] );
405 139414040 : state[2] = fd_uint_bswap( state[2] );
406 139414040 : state[3] = fd_uint_bswap( state[3] );
407 139414040 : state[4] = fd_uint_bswap( state[4] );
408 139414040 : state[5] = fd_uint_bswap( state[5] );
409 139414040 : state[6] = fd_uint_bswap( state[6] );
410 139414040 : state[7] = fd_uint_bswap( state[7] );
411 139414040 : return memcpy( _hash, state, 32 );
412 139414040 : }
413 :
414 : void *
415 : fd_sha256_hash_32( void const * _data,
416 315071994 : void * _hash ) {
417 315071994 : uchar const * data = (uchar const *)_data;
418 :
419 : /* This is just the above streamlined to eliminate all the overheads
420 : to support incremental hashing. */
421 :
422 315071994 : uchar buf[ FD_SHA256_PRIVATE_BUF_MAX ] __attribute__((aligned(128)));
423 315071994 : uint state[8] __attribute__((aligned(32)));
424 :
425 315071994 : state[0] = 0x6a09e667U;
426 315071994 : state[1] = 0xbb67ae85U;
427 315071994 : state[2] = 0x3c6ef372U;
428 315071994 : state[3] = 0xa54ff53aU;
429 315071994 : state[4] = 0x510e527fU;
430 315071994 : state[5] = 0x9b05688cU;
431 315071994 : state[6] = 0x1f83d9abU;
432 315071994 : state[7] = 0x5be0cd19U;
433 :
434 315071994 : ulong sz = 32;
435 :
436 315071994 : ulong block_cnt = sz >> FD_SHA256_PRIVATE_LG_BUF_MAX;
437 315071994 : if( FD_LIKELY( block_cnt ) ) fd_sha256_core( state, data, block_cnt );
438 :
439 315071994 : ulong buf_used = sz & (FD_SHA256_PRIVATE_BUF_MAX-1UL);
440 315071994 : if( FD_UNLIKELY( buf_used ) ) memcpy( buf, data + (block_cnt << FD_SHA256_PRIVATE_LG_BUF_MAX), buf_used );
441 315071994 : buf[ buf_used ] = (uchar)0x80;
442 315071994 : buf_used++;
443 :
444 315071994 : if( FD_UNLIKELY( buf_used > (FD_SHA256_PRIVATE_BUF_MAX-8UL) ) ) {
445 0 : memset( buf + buf_used, 0, FD_SHA256_PRIVATE_BUF_MAX-buf_used );
446 0 : fd_sha256_core( state, buf, 1UL );
447 0 : buf_used = 0UL;
448 0 : }
449 :
450 315071994 : ulong bit_cnt = sz << 3;
451 315071994 : memset( buf + buf_used, 0, FD_SHA256_PRIVATE_BUF_MAX-8UL-buf_used );
452 315071994 : FD_STORE( ulong, buf+FD_SHA256_PRIVATE_BUF_MAX-8UL, fd_ulong_bswap( bit_cnt ) );
453 315071994 : fd_sha256_core( state, buf, 1UL );
454 :
455 315071994 : state[0] = fd_uint_bswap( state[0] );
456 315071994 : state[1] = fd_uint_bswap( state[1] );
457 315071994 : state[2] = fd_uint_bswap( state[2] );
458 315071994 : state[3] = fd_uint_bswap( state[3] );
459 315071994 : state[4] = fd_uint_bswap( state[4] );
460 315071994 : state[5] = fd_uint_bswap( state[5] );
461 315071994 : state[6] = fd_uint_bswap( state[6] );
462 315071994 : state[7] = fd_uint_bswap( state[7] );
463 315071994 : return memcpy( _hash, state, 32 );
464 315071994 : }
465 :
466 : #undef fd_sha256_core
|
