diff options
| -rw-r--r-- | Makefile | 29 | ||||
| -rw-r--r-- | git.git-authors | 2 | ||||
| -rw-r--r-- | src/block-sha1/sha1.c | 280 | ||||
| -rw-r--r-- | src/block-sha1/sha1.h | 22 | ||||
| -rw-r--r-- | src/bswap.h | 50 | ||||
| -rw-r--r-- | src/common.h | 1 | ||||
| -rw-r--r-- | src/hash.c | 28 | ||||
| -rw-r--r-- | src/ppc/sha1.c | 72 | ||||
| -rw-r--r-- | src/ppc/sha1.h | 25 | ||||
| -rw-r--r-- | src/ppc/sha1ppc.S | 224 | ||||
| -rw-r--r-- | src/sha1.h | 10 | ||||
| -rw-r--r-- | src/sha1/sha1.c | 170 | ||||
| -rw-r--r-- | src/sha1/sha1.h | 64 |
13 files changed, 713 insertions, 264 deletions
@@ -3,10 +3,6 @@ all:: # Define NO_VISIBILITY if your compiler does not support symbol # visibility in general (and the -fvisibility switch in particular). # -# Define NO_OPENSSL if you do not have OpenSSL, or if you simply want -# to use the bundled (Mozilla) SHA1 routines. (The bundled SHA1 -# routines are reported to be faster than OpenSSL on some platforms) -# DOXYGEN = doxygen INSTALL = install @@ -28,6 +24,7 @@ OS = unix EXTRA_SRC = EXTRA_OBJ = +EXTRA_CFLAGS = AR_OUT= CC_OUT=-o # add a space @@ -60,7 +57,7 @@ endif SRC_C = $(wildcard src/*.c) OS_SRC = $(wildcard src/$(OS)/*.c) SRC_C += $(OS_SRC) -OBJS = $(patsubst %.c,%.o,$(SRC_C)) +OBJS = $(patsubst %.c,%.o,$(SRC_C)) $(EXTRA_OBJ) HDRS = $(wildcard src/*.h) PUBLIC_HEADERS = $(wildcard src/git/*.h) HDRS += $(PUBLIC_HEADERS) @@ -73,22 +70,21 @@ TEST_EXE = $(patsubst %.o,%.exe,$(TEST_OBJ)) TEST_RUN = $(patsubst %.exe,%.run,$(TEST_EXE)) TEST_VAL = $(patsubst %.exe,%.val,$(TEST_EXE)) -ifndef NO_OPENSSL - SHA1_HEADER = <openssl/sha.h> +ifdef PPC_SHA1 + EXTRA_SRC += src/ppc/sha1.c src/ppc/sha1ppc.S + EXTRA_OBJ += src/ppc/sha1.o src/ppc/sha1ppc.o + EXTRA_CFLAGS += -DPPC_SHA1 else - SHA1_HEADER = "sha1/sha1.h" - EXTRA_SRC += src/sha1/sha1.c - EXTRA_OBJ += src/sha1/sha1.o + EXTRA_SRC += src/block-sha1/sha1.c + EXTRA_OBJ += src/block-sha1/sha1.o endif -BASIC_CFLAGS := -Isrc -DSHA1_HEADER='$(SHA1_HEADER)' +BASIC_CFLAGS := -Isrc ifndef NO_VISIBILITY BASIC_CFLAGS += -fvisibility=hidden endif -ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) -SRC_C += $(EXTRA_SRC) -OBJ += $(EXTRA_OBJ) +ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) $(EXTRA_CFLAGS) all:: $(GIT_LIB) @@ -96,7 +92,7 @@ clean: rm -f $(GIT_LIB) rm -f libgit2.pc rm -f *.pdb - rm -f src/*.o src/sha1/*.o src/unix/*.o src/win32/*.o + rm -f src/*.o src/*/*.o rm -rf apidocs rm -f *~ src/*~ src/git/*~ src/sha1/*~ src/unix/*~ src/win32/*~ @$(MAKE) -C tests -s --no-print-directory clean @@ -143,6 +139,9 @@ uninstall: .c.o: $(CC) $(ALL_CFLAGS) -c $< $(CC_OUT)$@ +.S.o: + $(CC) $(ALL_CFLAGS) -c $< $(CC_OUT)$@ + $(OBJS): $(HDRS) $(GIT_LIB): $(OBJS) rm -f $(GIT_LIB) diff --git a/git.git-authors b/git.git-authors index 458c271d8..086ab3e18 100644 --- a/git.git-authors +++ b/git.git-authors @@ -38,7 +38,7 @@ # (Paul Kocher is the author of the mozilla-sha1 implementation # but has otherwise not contributed to git.) # -ok Simpkins <adam@adamsimpkins.net> (http transport) +ok Adam Simpkins <adam@adamsimpkins.net> (http transport) ok Andreas Ericsson <ae@op5.se> ok Boyd Lynn Gerber <gerberb@zenez.com> ok Brian Gernhardt <benji@silverinsanity.com> diff --git a/src/block-sha1/sha1.c b/src/block-sha1/sha1.c new file mode 100644 index 000000000..50b20c4bd --- /dev/null +++ b/src/block-sha1/sha1.c @@ -0,0 +1,280 @@ +/* + * SHA1 routine optimized to do word accesses rather than byte accesses, + * and to avoid unnecessary copies into the context array. + * + * This was initially based on the Mozilla SHA1 implementation, although + * none of the original Mozilla code remains. + */ + +#include "common.h" +#include "sha1.h" + +#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) + +/* + * Force usage of rol or ror by selecting the one with the smaller constant. + * It _can_ generate slightly smaller code (a constant of 1 is special), but + * perhaps more importantly it's possibly faster on any uarch that does a + * rotate with a loop. + */ + +#define SHA_ASM(op, x, n) ({ unsigned int __res; __asm__(op " %1,%0":"=r" (__res):"i" (n), "0" (x)); __res; }) +#define SHA_ROL(x,n) SHA_ASM("rol", x, n) +#define SHA_ROR(x,n) SHA_ASM("ror", x, n) + +#else + +#define SHA_ROT(X,l,r) (((X) << (l)) | ((X) >> (r))) +#define SHA_ROL(X,n) SHA_ROT(X,n,32-(n)) +#define SHA_ROR(X,n) SHA_ROT(X,32-(n),n) + +#endif + +/* + * If you have 32 registers or more, the compiler can (and should) + * try to change the array[] accesses into registers. However, on + * machines with less than ~25 registers, that won't really work, + * and at least gcc will make an unholy mess of it. + * + * So to avoid that mess which just slows things down, we force + * the stores to memory to actually happen (we might be better off + * with a 'W(t)=(val);asm("":"+m" (W(t))' there instead, as + * suggested by Artur Skawina - that will also make gcc unable to + * try to do the silly "optimize away loads" part because it won't + * see what the value will be). + * + * Ben Herrenschmidt reports that on PPC, the C version comes close + * to the optimized asm with this (ie on PPC you don't want that + * 'volatile', since there are lots of registers). + * + * On ARM we get the best code generation by forcing a full memory barrier + * between each SHA_ROUND, otherwise gcc happily get wild with spilling and + * the stack frame size simply explode and performance goes down the drain. + */ + +#if defined(__i386__) || defined(__x86_64__) + #define setW(x, val) (*(volatile unsigned int *)&W(x) = (val)) +#elif defined(__GNUC__) && defined(__arm__) + #define setW(x, val) do { W(x) = (val); __asm__("":::"memory"); } while (0) +#else + #define setW(x, val) (W(x) = (val)) +#endif + +/* + * Performance might be improved if the CPU architecture is OK with + * unaligned 32-bit loads and a fast ntohl() is available. + * Otherwise fall back to byte loads and shifts which is portable, + * and is faster on architectures with memory alignment issues. + */ + +#if defined(__i386__) || defined(__x86_64__) || \ + defined(__ppc__) || defined(__ppc64__) || \ + defined(__powerpc__) || defined(__powerpc64__) || \ + defined(__s390__) || defined(__s390x__) + +#define get_be32(p) ntohl(*(unsigned int *)(p)) +#define put_be32(p, v) do { *(unsigned int *)(p) = htonl(v); } while (0) + +#else + +#define get_be32(p) ( \ + (*((unsigned char *)(p) + 0) << 24) | \ + (*((unsigned char *)(p) + 1) << 16) | \ + (*((unsigned char *)(p) + 2) << 8) | \ + (*((unsigned char *)(p) + 3) << 0) ) +#define put_be32(p, v) do { \ + unsigned int __v = (v); \ + *((unsigned char *)(p) + 0) = __v >> 24; \ + *((unsigned char *)(p) + 1) = __v >> 16; \ + *((unsigned char *)(p) + 2) = __v >> 8; \ + *((unsigned char *)(p) + 3) = __v >> 0; } while (0) + +#endif + +/* This "rolls" over the 512-bit array */ +#define W(x) (array[(x)&15]) + +/* + * Where do we get the source from? The first 16 iterations get it from + * the input data, the next mix it from the 512-bit array. + */ +#define SHA_SRC(t) get_be32(data + t) +#define SHA_MIX(t) SHA_ROL(W(t+13) ^ W(t+8) ^ W(t+2) ^ W(t), 1) + +#define SHA_ROUND(t, input, fn, constant, A, B, C, D, E) do { \ + unsigned int TEMP = input(t); setW(t, TEMP); \ + E += TEMP + SHA_ROL(A,5) + (fn) + (constant); \ + B = SHA_ROR(B, 2); } while (0) + +#define T_0_15(t, A, B, C, D, E) SHA_ROUND(t, SHA_SRC, (((C^D)&B)^D) , 0x5a827999, A, B, C, D, E ) +#define T_16_19(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (((C^D)&B)^D) , 0x5a827999, A, B, C, D, E ) +#define T_20_39(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0x6ed9eba1, A, B, C, D, E ) +#define T_40_59(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, ((B&C)+(D&(B^C))) , 0x8f1bbcdc, A, B, C, D, E ) +#define T_60_79(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0xca62c1d6, A, B, C, D, E ) + +static void blk_SHA1_Block(blk_SHA_CTX *ctx, const unsigned int *data) +{ + unsigned int A,B,C,D,E; + unsigned int array[16]; + + A = ctx->H[0]; + B = ctx->H[1]; + C = ctx->H[2]; + D = ctx->H[3]; + E = ctx->H[4]; + + /* Round 1 - iterations 0-16 take their input from 'data' */ + T_0_15( 0, A, B, C, D, E); + T_0_15( 1, E, A, B, C, D); + T_0_15( 2, D, E, A, B, C); + T_0_15( 3, C, D, E, A, B); + T_0_15( 4, B, C, D, E, A); + T_0_15( 5, A, B, C, D, E); + T_0_15( 6, E, A, B, C, D); + T_0_15( 7, D, E, A, B, C); + T_0_15( 8, C, D, E, A, B); + T_0_15( 9, B, C, D, E, A); + T_0_15(10, A, B, C, D, E); + T_0_15(11, E, A, B, C, D); + T_0_15(12, D, E, A, B, C); + T_0_15(13, C, D, E, A, B); + T_0_15(14, B, C, D, E, A); + T_0_15(15, A, B, C, D, E); + + /* Round 1 - tail. Input from 512-bit mixing array */ + T_16_19(16, E, A, B, C, D); + T_16_19(17, D, E, A, B, C); + T_16_19(18, C, D, E, A, B); + T_16_19(19, B, C, D, E, A); + + /* Round 2 */ + T_20_39(20, A, B, C, D, E); + T_20_39(21, E, A, B, C, D); + T_20_39(22, D, E, A, B, C); + T_20_39(23, C, D, E, A, B); + T_20_39(24, B, C, D, E, A); + T_20_39(25, A, B, C, D, E); + T_20_39(26, E, A, B, C, D); + T_20_39(27, D, E, A, B, C); + T_20_39(28, C, D, E, A, B); + T_20_39(29, B, C, D, E, A); + T_20_39(30, A, B, C, D, E); + T_20_39(31, E, A, B, C, D); + T_20_39(32, D, E, A, B, C); + T_20_39(33, C, D, E, A, B); + T_20_39(34, B, C, D, E, A); + T_20_39(35, A, B, C, D, E); + T_20_39(36, E, A, B, C, D); + T_20_39(37, D, E, A, B, C); + T_20_39(38, C, D, E, A, B); + T_20_39(39, B, C, D, E, A); + + /* Round 3 */ + T_40_59(40, A, B, C, D, E); + T_40_59(41, E, A, B, C, D); + T_40_59(42, D, E, A, B, C); + T_40_59(43, C, D, E, A, B); + T_40_59(44, B, C, D, E, A); + T_40_59(45, A, B, C, D, E); + T_40_59(46, E, A, B, C, D); + T_40_59(47, D, E, A, B, C); + T_40_59(48, C, D, E, A, B); + T_40_59(49, B, C, D, E, A); + T_40_59(50, A, B, C, D, E); + T_40_59(51, E, A, B, C, D); + T_40_59(52, D, E, A, B, C); + T_40_59(53, C, D, E, A, B); + T_40_59(54, B, C, D, E, A); + T_40_59(55, A, B, C, D, E); + T_40_59(56, E, A, B, C, D); + T_40_59(57, D, E, A, B, C); + T_40_59(58, C, D, E, A, B); + T_40_59(59, B, C, D, E, A); + + /* Round 4 */ + T_60_79(60, A, B, C, D, E); + T_60_79(61, E, A, B, C, D); + T_60_79(62, D, E, A, B, C); + T_60_79(63, C, D, E, A, B); + T_60_79(64, B, C, D, E, A); + T_60_79(65, A, B, C, D, E); + T_60_79(66, E, A, B, C, D); + T_60_79(67, D, E, A, B, C); + T_60_79(68, C, D, E, A, B); + T_60_79(69, B, C, D, E, A); + T_60_79(70, A, B, C, D, E); + T_60_79(71, E, A, B, C, D); + T_60_79(72, D, E, A, B, C); + T_60_79(73, C, D, E, A, B); + T_60_79(74, B, C, D, E, A); + T_60_79(75, A, B, C, D, E); + T_60_79(76, E, A, B, C, D); + T_60_79(77, D, E, A, B, C); + T_60_79(78, C, D, E, A, B); + T_60_79(79, B, C, D, E, A); + + ctx->H[0] += A; + ctx->H[1] += B; + ctx->H[2] += C; + ctx->H[3] += D; + ctx->H[4] += E; +} + +void blk_SHA1_Init(blk_SHA_CTX *ctx) +{ + ctx->size = 0; + + /* Initialize H with the magic constants (see FIPS180 for constants) */ + ctx->H[0] = 0x67452301; + ctx->H[1] = 0xefcdab89; + ctx->H[2] = 0x98badcfe; + ctx->H[3] = 0x10325476; + ctx->H[4] = 0xc3d2e1f0; +} + +void blk_SHA1_Update(blk_SHA_CTX *ctx, const void *data, unsigned long len) +{ + int lenW = ctx->size & 63; + + ctx->size += len; + + /* Read the data into W and process blocks as they get full */ + if (lenW) { + int left = 64 - lenW; + if (len < left) + left = len; + memcpy(lenW + (char *)ctx->W, data, left); + lenW = (lenW + left) & 63; + len -= left; + data = ((const char *)data + left); + if (lenW) + return; + blk_SHA1_Block(ctx, ctx->W); + } + while (len >= 64) { + blk_SHA1_Block(ctx, data); + data = ((const char *)data + 64); + len -= 64; + } + if (len) + memcpy(ctx->W, data, len); +} + +void blk_SHA1_Final(unsigned char hashout[20], blk_SHA_CTX *ctx) +{ + static const unsigned char pad[64] = { 0x80 }; + unsigned int padlen[2]; + int i; + + /* Pad with a binary 1 (ie 0x80), then zeroes, then length */ + padlen[0] = htonl(ctx->size >> 29); + padlen[1] = htonl(ctx->size << 3); + + i = ctx->size & 63; + blk_SHA1_Update(ctx, pad, 1+ (63 & (55 - i))); + blk_SHA1_Update(ctx, padlen, 8); + + /* Output hash */ + for (i = 0; i < 5; i++) + put_be32(hashout + i*4, ctx->H[i]); +} diff --git a/src/block-sha1/sha1.h b/src/block-sha1/sha1.h new file mode 100644 index 000000000..b864df623 --- /dev/null +++ b/src/block-sha1/sha1.h @@ -0,0 +1,22 @@ +/* + * SHA1 routine optimized to do word accesses rather than byte accesses, + * and to avoid unnecessary copies into the context array. + * + * This was initially based on the Mozilla SHA1 implementation, although + * none of the original Mozilla code remains. + */ + +typedef struct { + unsigned long long size; + unsigned int H[5]; + unsigned int W[16]; +} blk_SHA_CTX; + +void blk_SHA1_Init(blk_SHA_CTX *ctx); +void blk_SHA1_Update(blk_SHA_CTX *ctx, const void *dataIn, unsigned long len); +void blk_SHA1_Final(unsigned char hashout[20], blk_SHA_CTX *ctx); + +#define git_SHA_CTX blk_SHA_CTX +#define git_SHA1_Init blk_SHA1_Init +#define git_SHA1_Update blk_SHA1_Update +#define git_SHA1_Final blk_SHA1_Final diff --git a/src/bswap.h b/src/bswap.h new file mode 100644 index 000000000..0dac883d0 --- /dev/null +++ b/src/bswap.h @@ -0,0 +1,50 @@ +/* + * Let's make sure we always have a sane definition for ntohl()/htonl(). + * Some libraries define those as a function call, just to perform byte + * shifting, bringing significant overhead to what should be a simple + * operation. + */ + +#include "common.h" + +/* + * Default version that the compiler ought to optimize properly with + * constant values. + */ +static inline uint32_t default_swab32(uint32_t val) +{ + return (((val & 0xff000000) >> 24) | + ((val & 0x00ff0000) >> 8) | + ((val & 0x0000ff00) << 8) | + ((val & 0x000000ff) << 24)); +} + +#undef bswap32 + +#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) + +#define bswap32(x) ({ \ + uint32_t __res; \ + if (__builtin_constant_p(x)) { \ + __res = default_swab32(x); \ + } else { \ + __asm__("bswap %0" : "=r" (__res) : "0" ((uint32_t)(x))); \ + } \ + __res; }) + +#elif defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_X64)) + +#include <stdlib.h> + +#define bswap32(x) _byteswap_ulong(x) + +#endif + +#ifdef bswap32 + +#undef ntohl +#undef htonl +#define ntohl(x) bswap32(x) +#define htonl(x) bswap32(x) + +#endif diff --git a/src/common.h b/src/common.h index 18c321ca3..ff87c872c 100644 --- a/src/common.h +++ b/src/common.h @@ -50,6 +50,7 @@ typedef SSIZE_T ssize_t; #include "util.h" #include "thread-utils.h" #include "errors.h" +#include "bswap.h" #define GIT_PATH_MAX 4096 diff --git a/src/hash.c b/src/hash.c index 0051f0975..784b10b4b 100644 --- a/src/hash.c +++ b/src/hash.c @@ -25,10 +25,10 @@ #include "common.h" #include "hash.h" -#include SHA1_HEADER +#include "sha1.h" struct git_hash_ctx { - SHA_CTX c; + git_SHA_CTX c; }; git_hash_ctx *git_hash_new_ctx(void) @@ -38,7 +38,7 @@ git_hash_ctx *git_hash_new_ctx(void) if (!ctx) return NULL; - SHA1_Init(&ctx->c); + git_SHA1_Init(&ctx->c); return ctx; } @@ -51,37 +51,37 @@ void git_hash_free_ctx(git_hash_ctx *ctx) void git_hash_init(git_hash_ctx *ctx) { assert(ctx); - SHA1_Init(&ctx->c); + git_SHA1_Init(&ctx->c); } void git_hash_update(git_hash_ctx *ctx, const void *data, size_t len) { assert(ctx); - SHA1_Update(&ctx->c, data, len); + git_SHA1_Update(&ctx->c, data, len); } void git_hash_final(git_oid *out, git_hash_ctx *ctx) { assert(ctx); - SHA1_Final(out->id, &ctx->c); + git_SHA1_Final(out->id, &ctx->c); } void git_hash_buf(git_oid *out, const void *data, size_t len) { - SHA_CTX c; + git_SHA_CTX c; - SHA1_Init(&c); - SHA1_Update(&c, data, len); - SHA1_Final(out->id, &c); + git_SHA1_Init(&c); + git_SHA1_Update(&c, data, len); + git_SHA1_Final(out->id, &c); } void git_hash_vec(git_oid *out, git_buf_vec *vec, size_t n) { - SHA_CTX c; + git_SHA_CTX c; size_t i; - SHA1_Init(&c); + git_SHA1_Init(&c); for (i = 0; i < n; i++) - SHA1_Update(&c, vec[i].data, vec[i].len); - SHA1_Final(out->id, &c); + git_SHA1_Update(&c, vec[i].data, vec[i].len); + git_SHA1_Final(out->id, &c); } diff --git a/src/ppc/sha1.c b/src/ppc/sha1.c new file mode 100644 index 000000000..ec6a1926d --- /dev/null +++ b/src/ppc/sha1.c @@ -0,0 +1,72 @@ +/* + * SHA-1 implementation. + * + * Copyright (C) 2005 Paul Mackerras <paulus@samba.org> + * + * This version assumes we are running on a big-endian machine. + * It calls an external sha1_core() to process blocks of 64 bytes. + */ +#include <stdio.h> +#include <string.h> +#include "sha1.h" + +extern void ppc_sha1_core(uint32_t *hash, const unsigned char *p, + unsigned int nblocks); + +int ppc_SHA1_Init(ppc_SHA_CTX *c) +{ + c->hash[0] = 0x67452301; + c->hash[1] = 0xEFCDAB89; + c->hash[2] = 0x98BADCFE; + c->hash[3] = 0x10325476; + c->hash[4] = 0xC3D2E1F0; + c->len = 0; + c->cnt = 0; + return 0; +} + +int ppc_SHA1_Update(ppc_SHA_CTX *c, const void *ptr, unsigned long n) +{ + unsigned long nb; + const unsigned char *p = ptr; + + c->len += (uint64_t) n << 3; + while (n != 0) { + if (c->cnt || n < 64) { + nb = 64 - c->cnt; + if (nb > n) + nb = n; + memcpy(&c->buf.b[c->cnt], p, nb); + if ((c->cnt += nb) == 64) { + ppc_sha1_core(c->hash, c->buf.b, 1); + c->cnt = 0; + } + } else { + nb = n >> 6; + ppc_sha1_core(c->hash, p, nb); + nb <<= 6; + } + n -= nb; + p += nb; + } + return 0; +} + +int ppc_SHA1_Final(unsigned char *hash, ppc_SHA_CTX *c) +{ + unsigned int cnt = c->cnt; + + c->buf.b[cnt++] = 0x80; + if (cnt > 56) { + if (cnt < 64) + memset(&c->buf.b[cnt], 0, 64 - cnt); + ppc_sha1_core(c->hash, c->buf.b, 1); + cnt = 0; + } + if (cnt < 56) + memset(&c->buf.b[cnt], 0, 56 - cnt); + c->buf.l[7] = c->len; + ppc_sha1_core(c->hash, c->buf.b, 1); + memcpy(hash, c->hash, 20); + return 0; +} diff --git a/src/ppc/sha1.h b/src/ppc/sha1.h new file mode 100644 index 000000000..c405f734c --- /dev/null +++ b/src/ppc/sha1.h @@ -0,0 +1,25 @@ +/* + * SHA-1 implementation. + * + * Copyright (C) 2005 Paul Mackerras <paulus@samba.org> + */ +#include <stdint.h> + +typedef struct { + uint32_t hash[5]; + uint32_t cnt; + uint64_t len; + union { + unsigned char b[64]; + uint64_t l[8]; + } buf; +} ppc_SHA_CTX; + +int ppc_SHA1_Init(ppc_SHA_CTX *c); +int ppc_SHA1_Update(ppc_SHA_CTX *c, const void *p, unsigned long n); +int ppc_SHA1_Final(unsigned char *hash, ppc_SHA_CTX *c); + +#define git_SHA_CTX ppc_SHA_CTX +#define git_SHA1_Init ppc_SHA1_Init +#define git_SHA1_Update ppc_SHA1_Update +#define git_SHA1_Final ppc_SHA1_Final diff --git a/src/ppc/sha1ppc.S b/src/ppc/sha1ppc.S new file mode 100644 index 000000000..1711eef6e --- /dev/null +++ b/src/ppc/sha1ppc.S @@ -0,0 +1,224 @@ +/* + * SHA-1 implementation for PowerPC. + * + * Copyright (C) 2005 Paul Mackerras <paulus@samba.org> + */ + +/* + * PowerPC calling convention: + * %r0 - volatile temp + * %r1 - stack pointer. + * %r2 - reserved + * %r3-%r12 - Incoming arguments & return values; volatile. + * %r13-%r31 - Callee-save registers + * %lr - Return address, volatile + * %ctr - volatile + * + * Register usage in this routine: + * %r0 - temp + * %r3 - argument (pointer to 5 words of SHA state) + * %r4 - argument (pointer to data to hash) + * %r5 - Constant K in SHA round (initially number of blocks to hash) + * %r6-%r10 - Working copies of SHA variables A..E (actually E..A order) + * %r11-%r26 - Data being hashed W[]. + * %r27-%r31 - Previous copies of A..E, for final add back. + * %ctr - loop count + */ + + +/* + * We roll the registers for A, B, C, D, E around on each + * iteration; E on iteration t is D on iteration t+1, and so on. + * We use registers 6 - 10 for this. (Registers 27 - 31 hold + * the previous values.) + */ +#define RA(t) (((t)+4)%5+6) +#define RB(t) (((t)+3)%5+6) +#define RC(t) (((t)+2)%5+6) +#define RD(t) (((t)+1)%5+6) +#define RE(t) (((t)+0)%5+6) + +/* We use registers 11 - 26 for the W values */ +#define W(t) ((t)%16+11) + +/* Register 5 is used for the constant k */ + +/* + * The basic SHA-1 round function is: + * E += ROTL(A,5) + F(B,C,D) + W[i] + K; B = ROTL(B,30) + * Then the variables are renamed: (A,B,C,D,E) = (E,A,B,C,D). + * + * Every 20 rounds, the function F() and the constant K changes: + * - 20 rounds of f0(b,c,d) = "bit wise b ? c : d" = (^b & d) + (b & c) + * - 20 rounds of f1(b,c,d) = b^c^d = (b^d)^c + * - 20 rounds of f2(b,c,d) = majority(b,c,d) = (b&d) + ((b^d)&c) + * - 20 more rounds of f1(b,c,d) + * + * These are all scheduled for near-optimal performance on a G4. + * The G4 is a 3-issue out-of-order machine with 3 ALUs, but it can only + * *consider* starting the oldest 3 instructions per cycle. So to get + * maximum performance out of it, you have to treat it as an in-order + * machine. Which means interleaving the computation round t with the + * computation of W[t+4]. + * + * The first 16 rounds use W values loaded directly from memory, while the + * remaining 64 use values computed from those first 16. We preload + * 4 values before starting, so there are three kinds of rounds: + * - The first 12 (all f0) also load the W values from memory. + * - The next 64 compute W(i+4) in parallel. 8*f0, 20*f1, 20*f2, 16*f1. + * - The last 4 (all f1) do not do anything with W. + * + * Therefore, we have 6 different round functions: + * STEPD0_LOAD(t,s) - Perform round t and load W(s). s < 16 + * STEPD0_UPDATE(t,s) - Perform round t and compute W(s). s >= 16. + * STEPD1_UPDATE(t,s) + * STEPD2_UPDATE(t,s) + * STEPD1(t) - Perform round t with no load or update. + * + * The G5 is more fully out-of-order, and can find the parallelism + * by itself. The big limit is that it has a 2-cycle ALU latency, so + * even though it's 2-way, the code has to be scheduled as if it's + * 4-way, which can be a limit. To help it, we try to schedule the + * read of RA(t) as late as possible so it doesn't stall waiting for + * the previous round's RE(t-1), and we try to rotate RB(t) as early + * as possible while reading RC(t) (= RB(t-1)) as late as possible. + */ + +/* the initial loads. */ +#define LOADW(s) \ + lwz W(s),(s)*4(%r4) + +/* + * Perform a step with F0, and load W(s). Uses W(s) as a temporary + * before loading it. + * This is actually 10 instructions, which is an awkward fit. + * It can execute grouped as listed, or delayed one instruction. + * (If delayed two instructions, there is a stall before the start of the + * second line.) Thus, two iterations take 7 cycles, 3.5 cycles per round. + */ +#define STEPD0_LOAD(t,s) \ +add RE(t),RE(t),W(t); andc %r0,RD(t),RB(t); and W(s),RC(t),RB(t); \ +add RE(t),RE(t),%r0; rotlwi %r0,RA(t),5; rotlwi RB(t),RB(t),30; \ +add RE(t),RE(t),W(s); add %r0,%r0,%r5; lwz W(s),(s)*4(%r4); \ +add RE(t),RE(t),%r0 + +/* + * This is likewise awkward, 13 instructions. However, it can also + * execute starting with 2 out of 3 possible moduli, so it does 2 rounds + * in 9 cycles, 4.5 cycles/round. + */ +#define STEPD0_UPDATE(t,s,loadk...) \ +add RE(t),RE(t),W(t); andc %r0,RD(t),RB(t); xor W(s),W((s)-16),W((s)-3); \ +add RE(t),RE(t),%r0; and %r0,RC(t),RB(t); xor W(s),W(s),W((s)-8); \ +add RE(t),RE(t),%r0; rotlwi %r0,RA(t),5; xor W(s),W(s),W((s)-14); \ +add RE(t),RE(t),%r5; loadk; rotlwi RB(t),RB(t),30; rotlwi W(s),W(s),1; \ +add RE(t),RE(t),%r0 + +/* Nicely optimal. Conveniently, also the most common. */ +#define STEPD1_UPDATE(t,s,loadk...) \ +add RE(t),RE(t),W(t); xor %r0,RD(t),RB(t); xor W(s),W((s)-16),W((s)-3); \ +add RE(t),RE(t),%r5; loadk; xor %r0,%r0,RC(t); xor W(s),W(s),W((s)-8); \ +add RE(t),RE(t),%r0; rotlwi %r0,RA(t),5; xor W(s),W(s),W((s)-14); \ +add RE(t),RE(t),%r0; rotlwi RB(t),RB(t),30; rotlwi W(s),W(s),1 + +/* + * The naked version, no UPDATE, for the last 4 rounds. 3 cycles per. + * We could use W(s) as a temp register, but we don't need it. + */ +#define STEPD1(t) \ + add RE(t),RE(t),W(t); xor %r0,RD(t),RB(t); \ +rotlwi RB(t),RB(t),30; add RE(t),RE(t),%r5; xor %r0,%r0,RC(t); \ +add RE(t),RE(t),%r0; rotlwi %r0,RA(t),5; /* spare slot */ \ +add RE(t),RE(t),%r0 + +/* + * 14 instructions, 5 cycles per. The majority function is a bit + * awkward to compute. This can execute with a 1-instruction delay, + * but it causes a 2-instruction delay, which triggers a stall. + */ +#define STEPD2_UPDATE(t,s,loadk...) \ +add RE(t),RE(t),W(t); and %r0,RD(t),RB(t); xor W(s),W((s)-16),W((s)-3); \ +add RE(t),RE(t),%r0; xor %r0,RD(t),RB(t); xor W(s),W(s),W((s)-8); \ +add RE(t),RE(t),%r5; loadk; and %r0,%r0,RC(t); xor W(s),W(s),W((s)-14); \ +add RE(t),RE(t),%r0; rotlwi %r0,RA(t),5; rotlwi W(s),W(s),1; \ +add RE(t),RE(t),%r0; rotlwi RB(t),RB(t),30 + +#define STEP0_LOAD4(t,s) \ + STEPD0_LOAD(t,s); \ + STEPD0_LOAD((t+1),(s)+1); \ + STEPD0_LOAD((t)+2,(s)+2); \ + STEPD0_LOAD((t)+3,(s)+3) + +#define STEPUP4(fn, t, s, loadk...) \ + STEP##fn##_UPDATE(t,s,); \ + STEP##fn##_UPDATE((t)+1,(s)+1,); \ + STEP##fn##_UPDATE((t)+2,(s)+2,); \ + STEP##fn##_UPDATE((t)+3,(s)+3,loadk) + +#define STEPUP20(fn, t, s, loadk...) \ + STEPUP4(fn, t, s,); \ + STEPUP4(fn, (t)+4, (s)+4,); \ + STEPUP4(fn, (t)+8, (s)+8,); \ + STEPUP4(fn, (t)+12, (s)+12,); \ + STEPUP4(fn, (t)+16, (s)+16, loadk) + + .globl ppc_sha1_core +ppc_sha1_core: + stwu %r1,-80(%r1) + stmw %r13,4(%r1) + + /* Load up A - E */ + lmw %r27,0(%r3) + + mtctr %r5 + +1: + LOADW(0) + lis %r5,0x5a82 + mr RE(0),%r31 + LOADW(1) + mr RD(0),%r30 + mr RC(0),%r29 + LOADW(2) + ori %r5,%r5,0x7999 /* K0-19 */ + mr RB(0),%r28 + LOADW(3) + mr RA(0),%r27 + + STEP0_LOAD4(0, 4) + STEP0_LOAD4(4, 8) + STEP0_LOAD4(8, 12) + STEPUP4(D0, 12, 16,) + STEPUP4(D0, 16, 20, lis %r5,0x6ed9) + + ori %r5,%r5,0xeba1 /* K20-39 */ + STEPUP20(D1, 20, 24, lis %r5,0x8f1b) + + ori %r5,%r5,0xbcdc /* K40-59 */ + STEPUP20(D2, 40, 44, lis %r5,0xca62) + + ori %r5,%r5,0xc1d6 /* K60-79 */ + STEPUP4(D1, 60, 64,) + STEPUP4(D1, 64, 68,) + STEPUP4(D1, 68, 72,) + STEPUP4(D1, 72, 76,) + addi %r4,%r4,64 + STEPD1(76) + STEPD1(77) + STEPD1(78) + STEPD1(79) + + /* Add results to original values */ + add %r31,%r31,RE(0) + add %r30,%r30,RD(0) + add %r29,%r29,RC(0) + add %r28,%r28,RB(0) + add %r27,%r27,RA(0) + + bdnz 1b + + /* Save final hash, restore registers, and return */ + stmw %r27,0(%r3) + lmw %r13,4(%r1) + addi %r1,%r1,80 + blr diff --git a/src/sha1.h b/src/sha1.h new file mode 100644 index 000000000..ac3e84651 --- /dev/null +++ b/src/sha1.h @@ -0,0 +1,10 @@ +#ifndef INCLUDE_sha1_h__ +#define INCLUDE_sha1_h__ + +#ifdef PPC_SHA1 +# include "ppc/sha1.h" +#else +# include "block-sha1/sha1.h" +#endif + +#endif /* INCLUDE_sha1_h__ */ diff --git a/src/sha1/sha1.c b/src/sha1/sha1.c deleted file mode 100644 index 833ae912e..000000000 --- a/src/sha1/sha1.c +++ /dev/null @@ -1,170 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is SHA 180-1 Reference Implementation (Compact version) - * - * The Initial Developer of the Original Code is Paul Kocher of - * Cryptography Research. Portions created by Paul Kocher are - * Copyright (C) 1995-9 by Cryptography Research, Inc. All - * Rights Reserved. - * - * Contributor(s): - * - * Paul Kocher - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License, version 2, (the "GPL") - * as published by the Free Software Foundation. - * - * In addition to the permissions in the GNU General Public License, - * the authors give you unlimited permission to link the compiled - * version of this file into combinations with other programs, - * and to distribute those combinations without any restriction - * coming from the use of this file. (The General Public License - * restrictions do apply in other respects; for example, they cover - * modification of the file, and distribution when not linked into - * a combined executable.) - * - * This file is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; see the file COPYING. If not, write to - * the Free Software Foundation, 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - * - * If you wish to allow use of your version of this file only under - * the terms of the GPL and not to allow others to use your version - * of this file under the MPL, indicate your decision by deleting - * the provisions above and replace them with the notice and other - * provisions required by the GPL. If you do not delete the - * provisions above, a recipient may use your version of this file - * under either the MPL or the GPL. - */ - -#include "sha1.h" - -static void shaHashBlock(SHA_CTX *ctx); - -void SHA1_Init(SHA_CTX *ctx) { - int i; - - ctx->lenW = 0; - ctx->sizeHi = ctx->sizeLo = 0; - - /* Initialize H with the magic constants (see FIPS180 for constants) - */ - ctx->H[0] = 0x67452301; - ctx->H[1] = 0xefcdab89; - ctx->H[2] = 0x98badcfe; - ctx->H[3] = 0x10325476; - ctx->H[4] = 0xc3d2e1f0; - - for (i = 0; i < 80; i++) - ctx->W[i] = 0; -} - - -void SHA1_Update(SHA_CTX *ctx, const void *_dataIn, int len) { - const unsigned char *dataIn = _dataIn; - int i; - - /* Read the data into W and process blocks as they get full - */ - for (i = 0; i < len; i++) { - ctx->W[ctx->lenW / 4] <<= 8; - ctx->W[ctx->lenW / 4] |= (unsigned int)dataIn[i]; - if ((++ctx->lenW) % 64 == 0) { - shaHashBlock(ctx); - ctx->lenW = 0; - } - ctx->sizeLo += 8; - ctx->sizeHi += (ctx->sizeLo < 8); - } -} - - -void SHA1_Final(unsigned char hashout[20], SHA_CTX *ctx) { - unsigned char pad0x80 = 0x80; - unsigned char pad0x00 = 0x00; - unsigned char padlen[8]; - int i; - - /* Pad with a binary 1 (e.g. 0x80), then zeroes, then length - */ - padlen[0] = (unsigned char)((ctx->sizeHi >> 24) & 255); - padlen[1] = (unsigned char)((ctx->sizeHi >> 16) & 255); - padlen[2] = (unsigned char)((ctx->sizeHi >> 8) & 255); - padlen[3] = (unsigned char)((ctx->sizeHi >> 0) & 255); - padlen[4] = (unsigned char)((ctx->sizeLo >> 24) & 255); - padlen[5] = (unsigned char)((ctx->sizeLo >> 16) & 255); - padlen[6] = (unsigned char)((ctx->sizeLo >> 8) & 255); - padlen[7] = (unsigned char)((ctx->sizeLo >> 0) & 255); - SHA1_Update(ctx, &pad0x80, 1); - while (ctx->lenW != 56) - SHA1_Update(ctx, &pad0x00, 1); - SHA1_Update(ctx, padlen, 8); - - /* Output hash - */ - for (i = 0; i < 20; i++) { - hashout[i] = (unsigned char)(ctx->H[i / 4] >> 24); - ctx->H[i / 4] <<= 8; - } - - /* - * Re-initialize the context (also zeroizes contents) - */ - SHA1_Init(ctx); -} - - -#define SHA_ROT(X,n) (((X) << (n)) | ((X) >> (32-(n)))) - -static void shaHashBlock(SHA_CTX *ctx) { - int t; - unsigned int A,B,C,D,E,TEMP; - - for (t = 16; t <= 79; t++) - ctx->W[t] = - SHA_ROT(ctx->W[t-3] ^ ctx->W[t-8] ^ ctx->W[t-14] ^ ctx->W[t-16], 1); - - A = ctx->H[0]; - B = ctx->H[1]; - C = ctx->H[2]; - D = ctx->H[3]; - E = ctx->H[4]; - - for (t = 0; t <= 19; t++) { - TEMP = SHA_ROT(A,5) + (((C^D)&B)^D) + E + ctx->W[t] + 0x5a827999; - E = D; D = C; C = SHA_ROT(B, 30); B = A; A = TEMP; - } - for (t = 20; t <= 39; t++) { - TEMP = SHA_ROT(A,5) + (B^C^D) + E + ctx->W[t] + 0x6ed9eba1; - E = D; D = C; C = SHA_ROT(B, 30); B = A; A = TEMP; - } - for (t = 40; t <= 59; t++) { - TEMP = SHA_ROT(A,5) + ((B&C)|(D&(B|C))) + E + ctx->W[t] + 0x8f1bbcdc; - E = D; D = C; C = SHA_ROT(B, 30); B = A; A = TEMP; - } - for (t = 60; t <= 79; t++) { - TEMP = SHA_ROT(A,5) + (B^C^D) + E + ctx->W[t] + 0xca62c1d6; - E = D; D = C; C = SHA_ROT(B, 30); B = A; A = TEMP; - } - - ctx->H[0] += A; - ctx->H[1] += B; - ctx->H[2] += C; - ctx->H[3] += D; - ctx->H[4] += E; -} diff --git a/src/sha1/sha1.h b/src/sha1/sha1.h deleted file mode 100644 index cb5245e80..000000000 --- a/src/sha1/sha1.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is SHA 180-1 Header File - * - * The Initial Developer of the Original Code is Paul Kocher of - * Cryptography Research. Portions created by Paul Kocher are - * Copyright (C) 1995-9 by Cryptography Research, Inc. All - * Rights Reserved. - * - * Contributor(s): - * - * Paul Kocher - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License, version 2, (the "GPL") - * as published by the Free Software Foundation. - * - * In addition to the permissions in the GNU General Public License, - * the authors give you unlimited permission to link the compiled - * version of this file into combinations with other programs, - * and to distribute those combinations without any restriction - * coming from the use of this file. (The General Public License - * restrictions do apply in other respects; for example, they cover - * modification of the file, and distribution when not linked into - * a combined executable.) - * - * This file is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; see the file COPYING. If not, write to - * the Free Software Foundation, 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - * - * If you wish to allow use of your version of this file only under - * the terms of the GPL and not to allow others to use your version - * of this file under the MPL, indicate your decision by deleting - * the provisions above and replace them with the notice and other - * provisions required by the GPL. If you do not delete the - * provisions above, a recipient may use your version of this file - * under either the MPL or the GPL. - */ - -typedef struct { - unsigned int H[5]; - unsigned int W[80]; - int lenW; - unsigned int sizeHi,sizeLo; -} SHA_CTX; - -void SHA1_Init(SHA_CTX *ctx); -void SHA1_Update(SHA_CTX *ctx, const void *dataIn, int len); -void SHA1_Final(unsigned char hashout[20], SHA_CTX *ctx); |