commit c091682fe5a1d36ea2bbd359567e51bf7fe577ee · anil.recoil.org/oxsha

+18

LICENSE.md

···

       1
       1
       +
       (*

     

       2
       2
       +
        * ISC License

     

       3
       3
       +
        * 

     

       4
       4
       +
        * Copyright (c) 2025 Anil Madhavapeddy <anil@recoil.org>

     

       5
       5
       +
        *

     

       6
       6
       +
        * Permission to use, copy, modify, and distribute this software for any

     

       7
       7
       +
        * purpose with or without fee is hereby granted, provided that the above

     

       8
       8
       +
        * copyright notice and this permission notice appear in all copies.

     

       9
       9
       +
        *

     

       10
       10
       +
        * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

     

       11
       11
       +
        * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

     

       12
       12
       +
        * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

     

       13
       13
       +
        * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

     

       14
       14
       +
        * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

     

       15
       15
       +
        * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

     

       16
       16
       +
        * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

     

       17
       17
       +
        *

     

       18
       18
       +
        *)

+163 -1

README.md

···

       1
       1
       -
       A sha256 experiment

     

       1
       1
       +
       # Oxsha - Fast SHA256 Hashing for OCaml

     

       2
       2
       +
       

     

       3
       3
       +
       A high-performance SHA256 hashing library for OCaml with zero-copy C bindings using bigarrays.

     

       4
       4
       +
       

     

       5
       5
       +
       ## Features

     

       6
       6
       +
       

     

       7
       7
       +
       - **Zero-copy performance**: Uses bigarrays for efficient data transfer to C

     

       8
       8
       +
       - **Hardware acceleration**: Automatically detects and uses CPU SHA extensions (Intel SHA-NI, ARM Crypto)

     

       9
       9
       +
       - **Streaming API**: Incremental hashing with init/update/finalize pattern

     

       10
       10
       +
       - **Multiple interfaces**: Support for bigarrays, bytes, and strings

     

       11
       11
       +
       - **Memory-mapped files**: sha256sum example uses `Unix.map_file` for true zero-copy file hashing

     

       12
       12
       +
       - **Minimal dependencies**: Standalone library with no external dependencies

     

       13
       13
       +
       - **Well-documented**: Comprehensive API documentation

     

       14
       14
       +
       

     

       15
       15
       +
       ## Installation

     

       16
       16
       +
       

     

       17
       17
       +
       ```bash

     

       18
       18
       +
       opam install oxsha

     

       19
       19
       +
       ```

     

       20
       20
       +
       

     

       21
       21
       +
       Or build from source:

     

       22
       22
       +
       

     

       23
       23
       +
       ```bash

     

       24
       24
       +
       dune build

     

       25
       25
       +
       dune install

     

       26
       26
       +
       ```

     

       27
       27
       +
       

     

       28
       28
       +
       ## Quick Start

     

       29
       29
       +
       

     

       30
       30
       +
       ```ocaml

     

       31
       31
       +
       (* One-shot hashing *)

     

       32
       32
       +
       let digest = Oxsha.hash_string "Hello, World!" in

     

       33
       33
       +
       Printf.printf "SHA256: %s\n" (hex_of_bytes digest)

     

       34
       34
       +
       

     

       35
       35
       +
       (* Streaming API for large data *)

     

       36
       36
       +
       let ctx = Oxsha.create () in

     

       37
       37
       +
       Oxsha.update_string ctx "Hello, ";

     

       38
       38
       +
       Oxsha.update_string ctx "World!";

     

       39
       39
       +
       let digest = Oxsha.final ctx in

     

       40
       40
       +
       Printf.printf "SHA256: %s\n" (hex_of_bytes digest)

     

       41
       41
       +
       ```

     

       42
       42
       +
       

     

       43
       43
       +
       ## API Overview

     

       44
       44
       +
       

     

       45
       45
       +
       ### Low-Level API (`Oxsha.Raw`)

     

       46
       46
       +
       

     

       47
       47
       +
       The Raw module provides direct access to the C implementation:

     

       48
       48
       +
       

     

       49
       49
       +
       - `create : unit -> t` - Create a new SHA256 context

     

       50
       50
       +
       - `update : t -> bigarray -> unit` - Update with bigarray data (zero-copy)

     

       51
       51
       +
       - `update_bytes : t -> bytes -> unit` - Update with bytes

     

       52
       52
       +
       - `update_string : t -> string -> unit` - Update with string

     

       53
       53
       +
       - `final : t -> bytes` - Finalize and get 32-byte digest

     

       54
       54
       +
       - `hash : bigarray -> bytes` - One-shot hash for bigarrays

     

       55
       55
       +
       - `hash_bytes : bytes -> bytes` - One-shot hash for bytes

     

       56
       56
       +
       - `hash_string : string -> bytes` - One-shot hash for strings

     

       57
       57
       +
       

     

       58
       58
       +
       ### High-Level API

     

       59
       59
       +
       

     

       60
       60
       +
       All Raw module functions are re-exported at the top level for convenience:

     

       61
       61
       +
       

     

       62
       62
       +
       ```ocaml

     

       63
       63
       +
       Oxsha.create ()

     

       64
       64
       +
       Oxsha.update_string ctx "data"

     

       65
       65
       +
       Oxsha.final ctx

     

       66
       66
       +
       ```

     

       67
       67
       +
       

     

       68
       68
       +
       ## Performance Considerations

     

       69
       69
       +
       

     

       70
       70
       +
       For maximum performance:

     

       71
       71
       +
       1. Use the bigarray API directly when possible to avoid copying

     

       72
       72
       +
       2. Use the streaming API for large files to avoid loading everything in memory

     

       73
       73
       +
       3. Use `Unix.map_file` for hashing large files (see sha256sum example)

     

       74
       74
       +
       4. The C implementation is optimized and allocation-free

     

       75
       75
       +
       5. Hardware SHA extensions are automatically enabled when available

     

       76
       76
       +
       

     

       77
       77
       +
       ### Hardware Acceleration

     

       78
       78
       +
       

     

       79
       79
       +
       The library automatically detects your CPU architecture at build time and enables hardware SHA acceleration:

     

       80
       80
       +
       

     

       81
       81
       +
       - **x86/x86_64**: Uses Intel SHA Extensions (`-msse4.1 -msha`)

     

       82
       82
       +
       - **ARM64/AArch64**: Uses ARM Crypto Extensions (`-march=armv8-a+crypto`)

     

       83
       83
       +
       

     

       84
       84
       +
       This is handled transparently by a dune configurator script in `lib/discover/`.

     

       85
       85
       +
       

     

       86
       86
       +
       ## Examples

     

       87
       87
       +
       

     

       88
       88
       +
       ### Basic Usage

     

       89
       89
       +
       

     

       90
       90
       +
       See `examples/basic_usage.ml` for complete examples:

     

       91
       91
       +
       

     

       92
       92
       +
       ```bash

     

       93
       93
       +
       dune exec examples/basic_usage.exe

     

       94
       94
       +
       ```

     

       95
       95
       +
       

     

       96
       96
       +
       ### SHA256sum Utility

     

       97
       97
       +
       

     

       98
       98
       +
       A drop-in replacement for the `sha256sum` command that uses memory-mapped files for zero-copy hashing:

     

       99
       99
       +
       

     

       100
       100
       +
       ```bash

     

       101
       101
       +
       # Hash one or more files

     

       102
       102
       +
       dune exec examples/sha256sum.exe -- README.md lib/oxsha.mli

     

       103
       103
       +
       

     

       104
       104
       +
       # Output format is identical to sha256sum

     

       105
       105
       +
       5663d62d52903366546603da52d18ccbf36ef7265653b641b980ec36891c7afe  README.md

     

       106
       106
       +
       b4cbb3d0d18b90cc63c0e3e8c95f4e933d1a361a5eae142e64caf17724a1447f  lib/oxsha.mli

     

       107
       107
       +
       ```

     

       108
       108
       +
       

     

       109
       109
       +
       The sha256sum example demonstrates true zero-copy file hashing by memory-mapping files directly into bigarrays.

     

       110
       110
       +
       

     

       111
       111
       +
       ## Building

     

       112
       112
       +
       

     

       113
       113
       +
       ```bash

     

       114
       114
       +
       # Clean build

     

       115
       115
       +
       opam exec -- dune clean

     

       116
       116
       +
       

     

       117
       117
       +
       # Build library

     

       118
       118
       +
       opam exec -- dune build @check

     

       119
       119
       +
       

     

       120
       120
       +
       # Build documentation

     

       121
       121
       +
       opam exec -- dune build @doc

     

       122
       122
       +
       

     

       123
       123
       +
       # Build ignoring warnings (release mode)

     

       124
       124
       +
       opam exec -- dune build @check --profile=release

     

       125
       125
       +
       ```

     

       126
       126
       +
       

     

       127
       127
       +
       ## Project Structure

     

       128
       128
       +
       

     

       129
       129
       +
       ```

     

       130
       130
       +
       oxsha/

     

       131
       131
       +
       ├── lib/

     

       132
       132
       +
       │   ├── oxsha.ml          # OCaml implementation

     

       133
       133
       +
       │   ├── oxsha.mli         # Public interface

     

       134
       134
       +
       │   ├── oxsha_stubs.c     # C FFI bindings

     

       135
       135
       +
       │   ├── sha256.c          # SHA256 C implementation

     

       136
       136
       +
       │   ├── sha256.h          # C header

     

       137
       137
       +
       │   ├── dune              # Build rules

     

       138
       138
       +
       │   └── discover/

     

       139
       139
       +
       │       ├── discover.ml   # Architecture detection for C flags

     

       140
       140
       +
       │       └── dune          # Configurator build rules

     

       141
       141
       +
       ├── examples/

     

       142
       142
       +
       │   ├── basic_usage.ml    # API usage examples

     

       143
       143
       +
       │   ├── sha256sum.ml      # sha256sum utility with mmap

     

       144
       144
       +
       │   └── dune

     

       145
       145
       +
       ├── dune-project          # Project metadata

     

       146
       146
       +
       └── README.md

     

       147
       147
       +
       ```

     

       148
       148
       +
       

     

       149
       149
       +
       ## C Implementation

     

       150
       150
       +
       

     

       151
       151
       +
       The library uses Brad Conte's public domain SHA256 implementation. The C context is allocated on the C heap and wrapped in an OCaml custom block with proper finalization.

     

       152
       152
       +
       

     

       153
       153
       +
       ### Build-Time Configuration

     

       154
       154
       +
       

     

       155
       155
       +
       The build system uses `dune-configurator` to detect the CPU architecture and automatically add the appropriate compiler flags for hardware SHA acceleration. The configurator script (`lib/discover/discover.ml`) runs during the build and generates a `c_flags.sexp` file that dune includes in the C compilation flags.

     

       156
       156
       +
       

     

       157
       157
       +
       ## License

     

       158
       158
       +
       

     

       159
       159
       +
       ISC License

     

       160
       160
       +
       

     

       161
       161
       +
       ## Contributing

     

       162
       162
       +
       

     

       163
       163
       +
       Contributions welcome! Please ensure all tests pass before submitting PRs.

-173

bench/bench_sha256.ml

···

       1
       1
       -
       open Sha256

     

       2
       2
       -
       

     

       3
       3
       -
       (* Memory allocation tracking *)

     

       4
       4
       -
       let measure_allocations f =

     

       5
       5
       -
         let before = Gc.allocated_bytes () in

     

       6
       6
       -
         let result = f () in

     

       7
       7
       -
         let after = Gc.allocated_bytes () in

     

       8
       8
       -
         (result, after -. before)

     

       9
       9
       -
       

     

       10
       10
       -
       (* Benchmark different scenarios *)

     

       11
       11
       -
       let bench_sizes () =

     

       12
       12
       -
         print_endline "Benchmarking various input sizes:";

     

       13
       13
       -
         print_endline "Size (B) | Iterations | Time (s) | Throughput (MB/s) | Allocations (B)";

     

       14
       14
       -
         print_endline "---------|------------|----------|-------------------|----------------";

     

       15
       15
       -
         

     

       16
       16
       -
         let sizes = [

     

       17
       17
       -
           (16, 100000);

     

       18
       18
       -
           (64, 100000);

     

       19
       19
       -
           (256, 50000);

     

       20
       20
       -
           (1024, 20000);

     

       21
       21
       -
           (4096, 5000);

     

       22
       22
       -
           (16384, 1000);

     

       23
       23
       -
           (65536, 250);

     

       24
       24
       -
           (262144, 60);

     

       25
       25
       -
           (1048576, 15);

     

       26
       26
       -
         ] in

     

       27
       27
       -
         

     

       28
       28
       -
         List.iter (fun (size, iterations) ->

     

       29
       29
       -
           let data = String.make size 'x' in

     

       30
       30
       -
           

     

       31
       31
       -
           (* Warmup *)

     

       32
       32
       -
           for _ = 1 to 10 do

     

       33
       33
       -
             ignore (hash_string data)

     

       34
       34
       -
           done;

     

       35
       35
       -
           

     

       36
       36
       -
           (* Benchmark *)

     

       37
       37
       -
           let start = Unix.gettimeofday () in

     

       38
       38
       -
           let _, allocs = measure_allocations (fun () ->

     

       39
       39
       -
             for _ = 1 to iterations do

     

       40
       40
       -
               ignore (hash_string data)

     

       41
       41
       -
             done

     

       42
       42
       -
           ) in

     

       43
       43
       -
           let elapsed = Unix.gettimeofday () -. start in

     

       44
       44
       -
           

     

       45
       45
       -
           let throughput = (float_of_int (size * iterations)) /. elapsed /. 1_000_000.0 in

     

       46
       46
       -
           let allocs_per_op = allocs /. float_of_int iterations in

     

       47
       47
       -
           

     

       48
       48
       -
           Printf.printf "%8d | %10d | %8.3f | %17.1f | %14.0f\n"

     

       49
       49
       -
             size iterations elapsed throughput allocs_per_op

     

       50
       50
       -
         ) sizes

     

       51
       51
       -
       

     

       52
       52
       -
       let bench_parallel_scaling () =

     

       53
       53
       -
         print_endline "\nParallel scaling benchmark:";

     

       54
       54
       -
         print_endline "Threads | Hashes | Time (s) | Hashes/sec | Speedup";

     

       55
       55
       -
         print_endline "--------|--------|----------|------------|--------";

     

       56
       56
       -
         

     

       57
       57
       -
         let num_hashes = 10000 in

     

       58
       58
       -
         let data_size = 1024 in

     

       59
       59
       -
         let inputs = List.init num_hashes (fun i ->

     

       60
       60
       -
           Bytes.of_string (String.make data_size (Char.chr (65 + (i mod 26))))

     

       61
       61
       -
         ) in

     

       62
       62
       -
         

     

       63
       63
       -
         (* Sequential baseline *)

     

       64
       64
       -
         let start_seq = Unix.gettimeofday () in

     

       65
       65
       -
         let _ = List.map hash_bytes inputs in

     

       66
       66
       -
         let time_seq = Unix.gettimeofday () -. start_seq in

     

       67
       67
       -
         let hashes_per_sec_seq = float_of_int num_hashes /. time_seq in

     

       68
       68
       -
         

     

       69
       69
       -
         Printf.printf "%7d | %6d | %8.3f | %10.0f | %7.2fx\n"

     

       70
       70
       -
           1 num_hashes time_seq hashes_per_sec_seq 1.0;

     

       71
       71
       -
         

     

       72
       72
       -
         (* Parallel with different thread counts *)

     

       73
       73
       -
         let thread_counts = [2; 4; 8] in

     

       74
       74
       -
         List.iter (fun threads ->

     

       75
       75
       -
           (* Simulate parallel execution with multiple Parallel.fork_join2 calls *)

     

       76
       76
       -
           let par = Parallel.create () in

     

       77
       77
       -
           let chunk_size = num_hashes / threads in

     

       78
       78
       -
           

     

       79
       79
       -
           let start_par = Unix.gettimeofday () in

     

       80
       80
       -
           

     

       81
       81
       -
           (* Process in parallel chunks *)

     

       82
       82
       -
           let rec process_chunks remaining acc =

     

       83
       83
       -
             match remaining with

     

       84
       84
       -
             | [] -> acc

     

       85
       85
       -
             | chunk :: [] -> (List.map hash_bytes chunk) :: acc

     

       86
       86
       -
             | chunk1 :: chunk2 :: rest ->

     

       87
       87
       -
               let r1, r2 = Parallel.fork_join2 par

     

       88
       88
       -
                 (fun _ -> List.map hash_bytes chunk1)

     

       89
       89
       -
                 (fun _ -> List.map hash_bytes chunk2)

     

       90
       90
       -
               in

     

       91
       91
       -
               process_chunks rest (r2 :: r1 :: acc)

     

       92
       92
       -
           in

     

       93
       93
       -
           

     

       94
       94
       -
           (* Split inputs into chunks *)

     

       95
       95
       -
           let rec split_into_chunks lst n acc =

     

       96
       96
       -
             if n <= 0 || lst = [] then List.rev acc

     

       97
       97
       -
             else

     

       98
       98
       -
               let rec take k lst acc =

     

       99
       99
       -
                 if k = 0 || lst = [] then (List.rev acc, lst)

     

       100
       100
       -
                 else match lst with

     

       101
       101
       -
                   | h::t -> take (k-1) t (h::acc)

     

       102
       102
       -
                   | [] -> (List.rev acc, [])

     

       103
       103
       -
               in

     

       104
       104
       -
               let (chunk, rest) = take chunk_size lst [] in

     

       105
       105
       -
               split_into_chunks rest (n-1) (chunk :: acc)

     

       106
       106
       -
           in

     

       107
       107
       -
           

     

       108
       108
       -
           let chunks = split_into_chunks inputs threads [] in

     

       109
       109
       -
           let _ = process_chunks chunks [] in

     

       110
       110
       -
           

     

       111
       111
       -
           let time_par = Unix.gettimeofday () -. start_par in

     

       112
       112
       -
           let hashes_per_sec_par = float_of_int num_hashes /. time_par in

     

       113
       113
       -
           let speedup = time_seq /. time_par in

     

       114
       114
       -
           

     

       115
       115
       -
           Printf.printf "%7d | %6d | %8.3f | %10.0f | %7.2fx\n"

     

       116
       116
       -
             threads num_hashes time_par hashes_per_sec_par speedup

     

       117
       117
       -
         ) thread_counts

     

       118
       118
       -
       

     

       119
       119
       -
       let bench_zero_allocation () =

     

       120
       120
       -
         print_endline "\nZero-allocation verification:";

     

       121
       121
       -
         

     

       122
       122
       -
         (* Create aligned buffer *)

     

       123
       123
       -
         let size = 1024 in

     

       124
       124
       -
         let buffer = Bigarray.Array1.create Bigarray.int8_unsigned Bigarray.c_layout size in

     

       125
       125
       -
         for i = 0 to size - 1 do

     

       126
       126
       -
           Bigarray.Array1.set buffer i (65 + (i mod 26))

     

       127
       127
       -
         done;

     

       128
       128
       -
         

     

       129
       129
       -
         (* Measure allocations for direct oneshot call *)

     

       130
       130
       -
         Gc.full_major ();

     

       131
       131
       -
         let before = Gc.allocated_bytes () in

     

       132
       132
       -
         

     

       133
       133
       -
         for _ = 1 to 1000 do

     

       134
       134
       -
           ignore (oneshot buffer (Int64.of_int size))

     

       135
       135
       -
         done;

     

       136
       136
       -
         

     

       137
       137
       -
         let after = Gc.allocated_bytes () in

     

       138
       138
       -
         let allocs_per_hash = (after -. before) /. 1000.0 in

     

       139
       139
       -
         

     

       140
       140
       -
         Printf.printf "  Direct oneshot (bigarray): %.1f bytes/hash\n" allocs_per_hash;

     

       141
       141
       -
         

     

       142
       142
       -
         (* Compare with string version *)

     

       143
       143
       -
         let str = String.make size 'x' in

     

       144
       144
       -
         Gc.full_major ();

     

       145
       145
       -
         let before_str = Gc.allocated_bytes () in

     

       146
       146
       -
         

     

       147
       147
       -
         for _ = 1 to 1000 do

     

       148
       148
       -
           ignore (hash_string str)

     

       149
       149
       -
         done;

     

       150
       150
       -
         

     

       151
       151
       -
         let after_str = Gc.allocated_bytes () in

     

       152
       152
       -
         let allocs_per_hash_str = (after_str -. before_str) /. 1000.0 in

     

       153
       153
       -
         

     

       154
       154
       -
         Printf.printf "  String wrapper: %.1f bytes/hash\n" allocs_per_hash_str;

     

       155
       155
       -
         

     

       156
       156
       -
         if allocs_per_hash < 100.0 then

     

       157
       157
       -
           print_endline "  ✓ Near-zero allocation achieved!"

     

       158
       158
       -
         else

     

       159
       159
       -
           print_endline "  ⚠ Higher than expected allocations"

     

       160
       160
       -
       

     

       161
       161
       -
       let () =

     

       162
       162
       -
         print_endline "SHA256 Performance Benchmark Suite";

     

       163
       163
       -
         print_endline "===================================\n";

     

       164
       164
       -
         

     

       165
       165
       -
         (* Check CPU support *)

     

       166
       166
       -
         print_endline "System Information:";

     

       167
       167
       -
         Printf.printf "  OCaml version: %s\n" Sys.ocaml_version;

     

       168
       168
       -
         Printf.printf "  Word size: %d bits\n" Sys.word_size;

     

       169
       169
       -
         Printf.printf "  OS: %s\n\n" Sys.os_type;

     

       170
       170
       -
         

     

       171
       171
       -
         bench_sizes ();

     

       172
       172
       -
         bench_parallel_scaling ();

     

       173
       173
       -
         bench_zero_allocation ()

-4

bench/dune

···

       1
       1
       -
       (executable

     

       2
       2
       -
        (name bench_sha256)

     

       3
       3
       -
        (libraries sha256 unix)

     

       4
       4
       -
        (modes native))

bin/dune

···

       1
       1
       +
       (executable

     

       2
       2
       +
        (name osha256sum)

     

       3
       3
       +
        (libraries oxsha unix))

+53

bin/osha256sum.ml

···

       1
       1
       +
       let hex_of_bytes bytes =

     

       2
       2
       +
         let buf = Buffer.create (Bytes.length bytes * 2) in

     

       3
       3
       +
         Bytes.iter

     

       4
       4
       +
           (fun c -> Buffer.add_string buf (Printf.sprintf "%02x" (Char.code c)))

     

       5
       5
       +
           bytes;

     

       6
       6
       +
         Buffer.contents buf

     

       7
       7
       +
       

     

       8
       8
       +
       let hash_file filename =

     

       9
       9
       +
         try

     

       10
       10
       +
           let fd = Unix.openfile filename [ Unix.O_RDONLY ] 0 in

     

       11
       11
       +
           let stats = Unix.fstat fd in

     

       12
       12
       +
           let file_size = stats.Unix.st_size in

     

       13
       13
       +
       

     

       14
       14
       +
           if file_size = 0 then (

     

       15
       15
       +
             (* Handle empty files *)

     

       16
       16
       +
             Unix.close fd;

     

       17
       17
       +
             let digest = Oxsha.hash_string "" in

     

       18
       18
       +
             Ok (hex_of_bytes digest)

     

       19
       19
       +
           ) else (

     

       20
       20
       +
             let mapped =

     

       21
       21
       +
               Unix.map_file fd Bigarray.char Bigarray.c_layout false [| file_size |]

     

       22
       22
       +
             in

     

       23
       23
       +
             let ba = Bigarray.array1_of_genarray mapped in

     

       24
       24
       +
             Unix.close fd;

     

       25
       25
       +
       

     

       26
       26
       +
             let digest = Oxsha.hash ba in

     

       27
       27
       +
             Ok (hex_of_bytes digest)

     

       28
       28
       +
           )

     

       29
       29
       +
         with e -> Error e

     

       30
       30
       +
       

     

       31
       31
       +
       let () =

     

       32
       32
       +
         if Array.length Sys.argv < 2 then (

     

       33
       33
       +
           Printf.eprintf "Usage: %s FILE [FILE...]\n" Sys.argv.(0);

     

       34
       34
       +
           Printf.eprintf "Print SHA256 (256-bit) checksums.\n";

     

       35
       35
       +
           exit 1

     

       36
       36
       +
         );

     

       37
       37
       +
       

     

       38
       38
       +
         let exit_code = ref 0 in

     

       39
       39
       +
       

     

       40
       40
       +
         for i = 1 to Array.length Sys.argv - 1 do

     

       41
       41
       +
           let filename = Sys.argv.(i) in

     

       42
       42
       +
           match hash_file filename with

     

       43
       43
       +
           | Ok hash -> Printf.printf "%s  %s\n" hash filename

     

       44
       44
       +
           | Error (Sys_error msg) ->

     

       45
       45
       +
               Printf.eprintf "%s: %s\n" Sys.argv.(0) msg;

     

       46
       46
       +
               exit_code := 1

     

       47
       47
       +
           | Error e ->

     

       48
       48
       +
               Printf.eprintf "%s: %s: %s\n" Sys.argv.(0) filename

     

       49
       49
       +
                 (Printexc.to_string e);

     

       50
       50
       +
               exit_code := 1

     

       51
       51
       +
         done;

     

       52
       52
       +
       

     

       53
       53
       +
         exit !exit_code

+12 -9

dune-project

···

       1
       1
       -
       (lang dune 3.0)

     

       1
       1
       +
       (lang dune 3.20)

     

       2
       2
        
       (name oxsha)

     

       3
       3
       -
       (version 0.1.0)

     

       3
       3
       +
       (version 0.1)

     

       4
       4
       +
       

     

       5
       5
       +
       (generate_opam_files true)

     

       6
       6
       +
       

     

       7
       7
       +
       (source (github avsm/oxsha))

     

       8
       8
       +
       (license ISC)

     

       9
       9
       +
       (authors "Anil Madhavapeddy")

     

       10
       10
       +
       (maintainers "Anil Madhavapeddy")

     

       4
       11
        
       

     

       5
       12
        
       (package

     

       6
       13
        
        (name oxsha)

     

       7
       7
       -
        (synopsis "Blazingly fast SHA256 using AMD SHA-NI instructions")

     

       8
       8
       -
        (description "Hardware-accelerated SHA256 implementation for OxCaml using AMD SHA-NI instructions with zero-allocation design")

     

       9
       9
       -
        (depends

     

       10
       10
       -
         ocaml

     

       11
       11
       -
         (dune (>= 3.0))

     

       12
       12
       -
         bigarray

     

       13
       13
       -
         parallel))
     

       14
       14
       +
        (synopsis "Fast SHA256 hashing library")

     

       15
       15
       +
        (description "OCaml bindings to a C SHA256 implementation using bigarrays for efficient, zero-copy hashing")

     

       16
       16
       +
        (depends (ocaml (>= 5.3))))

+20

lib/discover/discover.ml

···

       1
       1
       +
       (** Dune configurator to detect architecture and set C compiler flags for SHA256 *)

     

       2
       2
       +
       

     

       3
       3
       +
       module C = Configurator.V1

     

       4
       4
       +
       

     

       5
       5
       +
       let get_arch_flags c =

     

       6
       6
       +
         let arch = C.ocaml_config_var_exn c "architecture" in

     

       7
       7
       +
         let base_flags = ["-O3"] in

     

       8
       8
       +
         let arch_flags =

     

       9
       9
       +
           match arch with

     

       10
       10
       +
           | "arm64" | "aarch64" ->

     

       11
       11
       +
               ["-march=armv8-a+crypto"]

     

       12
       12
       +
           | "amd64" | "i386" ->

     

       13
       13
       +
               ["-msse4.1"; "-msha"]

     

       14
       14
       +
           | _ -> []

     

       15
       15
       +
         in

     

       16
       16
       +
         base_flags @ arch_flags

     

       17
       17
       +
       

     

       18
       18
       +
       let () =

     

       19
       19
       +
         C.main ~name:"oxsha_discover"

     

       20
       20
       +
           (fun c -> C.Flags.write_sexp "c_flags.sexp" (get_arch_flags c))

lib/discover/dune

···

       1
       1
       +
       (executable

     

       2
       2
       +
        (name discover)

     

       3
       3
       +
        (libraries dune-configurator))

+13 -5

lib/dune

···

       1
       1
       +
       (rule

     

       2
       2
       +
        (targets c_flags.sexp)

     

       3
       3
       +
        (deps discover/discover.exe)

     

       4
       4
       +
        (action

     

       5
       5
       +
         (run %{deps})))

     

       6
       6
       +
       

     

       1
       7
        
       (library

     

       2
       2
       -
        (name sha256)

     

       8
       8
       +
        (name oxsha)

     

       3
       9
        
        (public_name oxsha)

     

       4
       4
       -
        (libraries bigarray parallel)

     

       10
       10
       +
        (modules oxsha)

     

       5
       11
        
        (foreign_stubs

     

       6
       12
        
         (language c)

     

       7
       7
       -
         (names sha256_stubs)

     

       8
       8
       -
         (flags :standard -msha -msse4.1 -O3 -march=native))

     

       9
       9
       -
        (modes native))
     

       13
       13
       +
         (names oxsha_stubs sha256)

     

       14
       14
       +
         (flags

     

       15
       15
       +
          (:standard

     

       16
       16
       +
           (:include c_flags.sexp))))

     

       17
       17
       +
        (c_library_flags :standard))

+56

lib/oxsha.ml

···

       1
       1
       +
       (** Fast SHA256 hashing library with zero-copy C bindings. *)

     

       2
       2
       +
       

     

       3
       3
       +
       module Raw = struct

     

       4
       4
       +
         (** The SHA256 context type wrapping the C SHA256_CTX structure. *)

     

       5
       5
       +
         type t

     

       6
       6
       +
       

     

       7
       7
       +
         (** External C functions *)

     

       8
       8
       +
         external create : unit -> t = "oxsha_create"

     

       9
       9
       +
       

     

       10
       10
       +
         external update :

     

       11
       11
       +
           t ->

     

       12
       12
       +
           (char, Bigarray.int8_unsigned_elt, Bigarray.c_layout) Bigarray.Array1.t ->

     

       13
       13
       +
           unit

     

       14
       14
       +
           = "oxsha_update"

     

       15
       15
       +
       

     

       16
       16
       +
         external final : t -> bytes = "oxsha_final"

     

       17
       17
       +
       

     

       18
       18
       +
         (** Convenience function: update with bytes *)

     

       19
       19
       +
         let update_bytes ctx data =

     

       20
       20
       +
           let len = Bytes.length data in

     

       21
       21
       +
           let ba = Bigarray.Array1.create Bigarray.char Bigarray.c_layout len in

     

       22
       22
       +
           for i = 0 to len - 1 do

     

       23
       23
       +
             Bigarray.Array1.unsafe_set ba i (Bytes.unsafe_get data i)

     

       24
       24
       +
           done;

     

       25
       25
       +
           update ctx ba

     

       26
       26
       +
       

     

       27
       27
       +
         (** Convenience function: update with string *)

     

       28
       28
       +
         let update_string ctx data =

     

       29
       29
       +
           let len = String.length data in

     

       30
       30
       +
           let ba = Bigarray.Array1.create Bigarray.char Bigarray.c_layout len in

     

       31
       31
       +
           for i = 0 to len - 1 do

     

       32
       32
       +
             Bigarray.Array1.unsafe_set ba i (String.unsafe_get data i)

     

       33
       33
       +
           done;

     

       34
       34
       +
           update ctx ba

     

       35
       35
       +
       

     

       36
       36
       +
         (** One-shot hash function for bigarrays *)

     

       37
       37
       +
         let hash data =

     

       38
       38
       +
           let ctx = create () in

     

       39
       39
       +
           update ctx data;

     

       40
       40
       +
           final ctx

     

       41
       41
       +
       

     

       42
       42
       +
         (** One-shot hash function for bytes *)

     

       43
       43
       +
         let hash_bytes data =

     

       44
       44
       +
           let ctx = create () in

     

       45
       45
       +
           update_bytes ctx data;

     

       46
       46
       +
           final ctx

     

       47
       47
       +
       

     

       48
       48
       +
         (** One-shot hash function for strings *)

     

       49
       49
       +
         let hash_string data =

     

       50
       50
       +
           let ctx = create () in

     

       51
       51
       +
           update_string ctx data;

     

       52
       52
       +
           final ctx

     

       53
       53
       +
       end

     

       54
       54
       +
       

     

       55
       55
       +
       (** Re-export Raw module contents at top level *)

     

       56
       56
       +
       include Raw

+89

lib/oxsha.mli

···

       1
       1
       +
       (** Fast SHA256 hashing library with zero-copy C bindings.

     

       2
       2
       +
       

     

       3
       3
       +
           This library provides OCaml bindings to a C SHA256 implementation

     

       4
       4
       +
           using bigarrays for efficient, zero-copy hashing. *)

     

       5
       5
       +
       

     

       6
       6
       +
       (** {1 Raw C Bindings} *)

     

       7
       7
       +
       

     

       8
       8
       +
       module Raw : sig

     

       9
       9
       +
         (** Low-level bindings to the C SHA256 implementation.

     

       10
       10
       +
       

     

       11
       11
       +
             This module provides direct access to the C functions with minimal

     

       12
       12
       +
             overhead. All operations work with bigarrays for zero-copy performance. *)

     

       13
       13
       +
       

     

       14
       14
       +
         (** The SHA256 context type. This is an abstract type wrapping the C

     

       15
       15
       +
             SHA256_CTX structure. *)

     

       16
       16
       +
         type t

     

       17
       17
       +
       

     

       18
       18
       +
         (** [create ()] allocates and initializes a new SHA256 context.

     

       19
       19
       +
       

     

       20
       20
       +
             @return A fresh context ready for hashing. *)

     

       21
       21
       +
         val create : unit -> t

     

       22
       22
       +
       

     

       23
       23
       +
         (** [update ctx data] updates the hash state with new data.

     

       24
       24
       +
       

     

       25
       25
       +
             This function processes the input data incrementally. It can be called

     

       26
       26
       +
             multiple times to hash data in chunks.

     

       27
       27
       +
       

     

       28
       28
       +
             @param ctx The SHA256 context to update

     

       29
       29
       +
             @param data A bigarray containing the data to hash. Uses bigarrays for

     

       30
       30
       +
                         zero-copy access from the C side. *)

     

       31
       31
       +
         val update :

     

       32
       32
       +
           t ->

     

       33
       33
       +
           (char, Bigarray.int8_unsigned_elt, Bigarray.c_layout) Bigarray.Array1.t ->

     

       34
       34
       +
           unit

     

       35
       35
       +
       

     

       36
       36
       +
         (** [update_bytes ctx data] updates the hash state with bytes data.

     

       37
       37
       +
       

     

       38
       38
       +
             This is a convenience function that wraps bytes in a bigarray view.

     

       39
       39
       +
       

     

       40
       40
       +
             @param ctx The SHA256 context to update

     

       41
       41
       +
             @param data Bytes to hash *)

     

       42
       42
       +
         val update_bytes : t -> bytes -> unit

     

       43
       43
       +
       

     

       44
       44
       +
         (** [update_string ctx data] updates the hash state with string data.

     

       45
       45
       +
       

     

       46
       46
       +
             This is a convenience function for hashing strings.

     

       47
       47
       +
       

     

       48
       48
       +
             @param ctx The SHA256 context to update

     

       49
       49
       +
             @param data String to hash *)

     

       50
       50
       +
         val update_string : t -> string -> unit

     

       51
       51
       +
       

     

       52
       52
       +
         (** [final ctx] finalizes the hash computation and returns the digest.

     

       53
       53
       +
       

     

       54
       54
       +
             After calling this function, the context should not be used again.

     

       55
       55
       +
       

     

       56
       56
       +
             @param ctx The SHA256 context to finalize

     

       57
       57
       +
             @return A 32-byte digest as a bytes value *)

     

       58
       58
       +
         val final : t -> bytes

     

       59
       59
       +
       

     

       60
       60
       +
         (** [hash data] is a convenience function that performs a complete hash

     

       61
       61
       +
             in one operation: create, update, and final.

     

       62
       62
       +
       

     

       63
       63
       +
             @param data The bigarray data to hash

     

       64
       64
       +
             @return A 32-byte digest *)

     

       65
       65
       +
         val hash :

     

       66
       66
       +
           (char, Bigarray.int8_unsigned_elt, Bigarray.c_layout) Bigarray.Array1.t ->

     

       67
       67
       +
           bytes

     

       68
       68
       +
       

     

       69
       69
       +
         (** [hash_bytes data] hashes bytes data in one operation.

     

       70
       70
       +
       

     

       71
       71
       +
             @param data The bytes to hash

     

       72
       72
       +
             @return A 32-byte digest *)

     

       73
       73
       +
         val hash_bytes : bytes -> bytes

     

       74
       74
       +
       

     

       75
       75
       +
         (** [hash_string data] hashes string data in one operation.

     

       76
       76
       +
       

     

       77
       77
       +
             @param data The string to hash

     

       78
       78
       +
             @return A 32-byte digest *)

     

       79
       79
       +
         val hash_string : string -> bytes

     

       80
       80
       +
       end

     

       81
       81
       +
       

     

       82
       82
       +
       (** {1 High-Level Interface} *)

     

       83
       83
       +
       

     

       84
       84
       +
       (** Re-export the Raw module as the main interface.

     

       85
       85
       +
       

     

       86
       86
       +
           The Raw module provides the most efficient interface using bigarrays.

     

       87
       87
       +
           Higher-level abstractions can be added in the future if needed. *)

     

       88
       88
       +
       

     

       89
       89
       +
       include module type of Raw

+92

lib/oxsha_stubs.c

···

       1
       1
       +
       /*

     

       2
       2
       +
        * OCaml bindings for SHA256 C implementation.

     

       3
       3
       +
        * Uses custom blocks and bigarrays for zero-copy performance.

     

       4
       4
       +
        */

     

       5
       5
       +
       

     

       6
       6
       +
       #include <string.h>

     

       7
       7
       +
       #include <caml/mlvalues.h>

     

       8
       8
       +
       #include <caml/memory.h>

     

       9
       9
       +
       #include <caml/alloc.h>

     

       10
       10
       +
       #include <caml/custom.h>

     

       11
       11
       +
       #include <caml/fail.h>

     

       12
       12
       +
       #include <caml/bigarray.h>

     

       13
       13
       +
       

     

       14
       14
       +
       #include "sha256.h"

     

       15
       15
       +
       

     

       16
       16
       +
       /* Custom block operations for SHA256_CTX */

     

       17
       17
       +
       

     

       18
       18
       +
       static void oxsha_ctx_finalize(value v_ctx)

     

       19
       19
       +
       {

     

       20
       20
       +
           SHA256_CTX *ctx = (SHA256_CTX *)Data_custom_val(v_ctx);

     

       21
       21
       +
           /* Just clear the memory for security */

     

       22
       22
       +
           memset(ctx, 0, sizeof(SHA256_CTX));

     

       23
       23
       +
       }

     

       24
       24
       +
       

     

       25
       25
       +
       static struct custom_operations oxsha_ctx_ops = {

     

       26
       26
       +
           "com.oxsha.sha256_ctx",

     

       27
       27
       +
           oxsha_ctx_finalize,

     

       28
       28
       +
           custom_compare_default,

     

       29
       29
       +
           custom_hash_default,

     

       30
       30
       +
           custom_serialize_default,

     

       31
       31
       +
           custom_deserialize_default,

     

       32
       32
       +
           custom_compare_ext_default,

     

       33
       33
       +
           custom_fixed_length_default

     

       34
       34
       +
       };

     

       35
       35
       +
       

     

       36
       36
       +
       /* Allocate and wrap a SHA256_CTX in an OCaml custom block */

     

       37
       37
       +
       static value alloc_oxsha_ctx(void)

     

       38
       38
       +
       {

     

       39
       39
       +
           value v_ctx = caml_alloc_custom(&oxsha_ctx_ops, sizeof(SHA256_CTX), 0, 1);

     

       40
       40
       +
           return v_ctx;

     

       41
       41
       +
       }

     

       42
       42
       +
       

     

       43
       43
       +
       /* Extract SHA256_CTX pointer from OCaml value */

     

       44
       44
       +
       #define Oxsha_ctx_val(v) ((SHA256_CTX *)Data_custom_val(v))

     

       45
       45
       +
       

     

       46
       46
       +
       /* FFI Functions */

     

       47
       47
       +
       

     

       48
       48
       +
       /* oxsha_create : unit -> t */

     

       49
       49
       +
       CAMLprim value oxsha_create(value unit)

     

       50
       50
       +
       {

     

       51
       51
       +
           CAMLparam1(unit);

     

       52
       52
       +
           CAMLlocal1(v_ctx);

     

       53
       53
       +
       

     

       54
       54
       +
           v_ctx = alloc_oxsha_ctx();

     

       55
       55
       +
           SHA256_CTX *ctx = Oxsha_ctx_val(v_ctx);

     

       56
       56
       +
           sha256_init(ctx);

     

       57
       57
       +
       

     

       58
       58
       +
           CAMLreturn(v_ctx);

     

       59
       59
       +
       }

     

       60
       60
       +
       

     

       61
       61
       +
       /* oxsha_update : t -> bigarray -> unit */

     

       62
       62
       +
       CAMLprim value oxsha_update(value v_ctx, value v_data)

     

       63
       63
       +
       {

     

       64
       64
       +
           CAMLparam2(v_ctx, v_data);

     

       65
       65
       +
       

     

       66
       66
       +
           SHA256_CTX *ctx = Oxsha_ctx_val(v_ctx);

     

       67
       67
       +
       

     

       68
       68
       +
           /* Extract bigarray data pointer and length */

     

       69
       69
       +
           unsigned char *data = (unsigned char *)Caml_ba_data_val(v_data);

     

       70
       70
       +
           size_t len = Caml_ba_array_val(v_data)->dim[0];

     

       71
       71
       +
       

     

       72
       72
       +
           sha256_update(ctx, data, len);

     

       73
       73
       +
       

     

       74
       74
       +
           CAMLreturn(Val_unit);

     

       75
       75
       +
       }

     

       76
       76
       +
       

     

       77
       77
       +
       /* oxsha_final : t -> bytes */

     

       78
       78
       +
       CAMLprim value oxsha_final(value v_ctx)

     

       79
       79
       +
       {

     

       80
       80
       +
           CAMLparam1(v_ctx);

     

       81
       81
       +
           CAMLlocal1(v_digest);

     

       82
       82
       +
       

     

       83
       83
       +
           SHA256_CTX *ctx = Oxsha_ctx_val(v_ctx);

     

       84
       84
       +
       

     

       85
       85
       +
           /* Allocate bytes for the 32-byte digest */

     

       86
       86
       +
           v_digest = caml_alloc_string(SHA256_BLOCK_SIZE);

     

       87
       87
       +
           unsigned char *digest = (unsigned char *)String_val(v_digest);

     

       88
       88
       +
       

     

       89
       89
       +
           sha256_final(ctx, digest);

     

       90
       90
       +
       

     

       91
       91
       +
           CAMLreturn(v_digest);

     

       92
       92
       +
       }

+638

lib/sha256.c

···

       1
       1
       +
       /*********************************************************************

     

       2
       2
       +
       * Filename:   sha256.c

     

       3
       3
       +
       * Author:     Brad Conte (brad AT bradconte.com)

     

       4
       4
       +
       * Copyright:

     

       5
       5
       +
       * Disclaimer: This code is presented "as is" without any guarantees.

     

       6
       6
       +
       * Details:    Implementation of the SHA-256 hashing algorithm.

     

       7
       7
       +
                     SHA-256 is one of the three algorithms in the SHA2

     

       8
       8
       +
                     specification. The others, SHA-384 and SHA-512, are not

     

       9
       9
       +
                     offered in this implementation.

     

       10
       10
       +
                     Algorithm specification can be found here:

     

       11
       11
       +
                      * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf

     

       12
       12
       +
                     This implementation uses little endian byte order.

     

       13
       13
       +
       *********************************************************************/

     

       14
       14
       +
       

     

       15
       15
       +
       /*************************** HEADER FILES ***************************/

     

       16
       16
       +
       #include <stdlib.h>

     

       17
       17
       +
       #include <stdio.h>

     

       18
       18
       +
       #include <memory.h>

     

       19
       19
       +
       #include "sha256.h"

     

       20
       20
       +
       

     

       21
       21
       +
       static const uint32_t K[] =

     

       22
       22
       +
       {

     

       23
       23
       +
           0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,

     

       24
       24
       +
           0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,

     

       25
       25
       +
           0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,

     

       26
       26
       +
           0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,

     

       27
       27
       +
           0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,

     

       28
       28
       +
           0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,

     

       29
       29
       +
           0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,

     

       30
       30
       +
           0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,

     

       31
       31
       +
           0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,

     

       32
       32
       +
           0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,

     

       33
       33
       +
           0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,

     

       34
       34
       +
           0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,

     

       35
       35
       +
           0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,

     

       36
       36
       +
           0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,

     

       37
       37
       +
           0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,

     

       38
       38
       +
           0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2

     

       39
       39
       +
       };

     

       40
       40
       +
       

     

       41
       41
       +
       #if defined(__arm__) || defined(__aarch32__) || defined(__arm64__) || defined(__aarch64__) || defined(_M_ARM)

     

       42
       42
       +
       // ============== ARM64 begin =======================

     

       43
       43
       +
       // All the ARM servers supports SHA256 instructions

     

       44
       44
       +
       # if defined(__GNUC__)

     

       45
       45
       +
       #  include <stdint.h>

     

       46
       46
       +
       # endif

     

       47
       47
       +
       # if defined(__ARM_NEON) || defined(_MSC_VER) || defined(__GNUC__)

     

       48
       48
       +
       #  include <arm_neon.h>

     

       49
       49
       +
       # endif

     

       50
       50
       +
       /* GCC and LLVM Clang, but not Apple Clang */

     

       51
       51
       +
       # if defined(__GNUC__) && !defined(__apple_build_version__)

     

       52
       52
       +
       #  if defined(__ARM_ACLE) || defined(__ARM_FEATURE_CRYPTO)

     

       53
       53
       +
       #   include <arm_acle.h>

     

       54
       54
       +
       #  endif

     

       55
       55
       +
       # endif

     

       56
       56
       +
       void sha256_process(uint32_t state[8], const uint8_t data[], uint32_t length)

     

       57
       57
       +
       {

     

       58
       58
       +
           uint32x4_t STATE0, STATE1, ABEF_SAVE, CDGH_SAVE;

     

       59
       59
       +
           uint32x4_t MSG0, MSG1, MSG2, MSG3;

     

       60
       60
       +
           uint32x4_t TMP0, TMP1, TMP2;

     

       61
       61
       +
       

     

       62
       62
       +
           /* Load state */

     

       63
       63
       +
           STATE0 = vld1q_u32(&state[0]);

     

       64
       64
       +
           STATE1 = vld1q_u32(&state[4]);

     

       65
       65
       +
       

     

       66
       66
       +
           while (length >= 64)

     

       67
       67
       +
           {

     

       68
       68
       +
               /* Save state */

     

       69
       69
       +
               ABEF_SAVE = STATE0;

     

       70
       70
       +
               CDGH_SAVE = STATE1;

     

       71
       71
       +
       

     

       72
       72
       +
               /* Load message */

     

       73
       73
       +
               MSG0 = vld1q_u32((const uint32_t *)(data +  0));

     

       74
       74
       +
               MSG1 = vld1q_u32((const uint32_t *)(data + 16));

     

       75
       75
       +
               MSG2 = vld1q_u32((const uint32_t *)(data + 32));

     

       76
       76
       +
               MSG3 = vld1q_u32((const uint32_t *)(data + 48));

     

       77
       77
       +
       

     

       78
       78
       +
               /* Reverse for little endian */

     

       79
       79
       +
               MSG0 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG0)));

     

       80
       80
       +
               MSG1 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG1)));

     

       81
       81
       +
               MSG2 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG2)));

     

       82
       82
       +
               MSG3 = vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(MSG3)));

     

       83
       83
       +
       

     

       84
       84
       +
               TMP0 = vaddq_u32(MSG0, vld1q_u32(&K[0x00]));

     

       85
       85
       +
       

     

       86
       86
       +
               /* Rounds 0-3 */

     

       87
       87
       +
               MSG0 = vsha256su0q_u32(MSG0, MSG1);

     

       88
       88
       +
               TMP2 = STATE0;

     

       89
       89
       +
               TMP1 = vaddq_u32(MSG1, vld1q_u32(&K[0x04]));

     

       90
       90
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       91
       91
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       92
       92
       +
               MSG0 = vsha256su1q_u32(MSG0, MSG2, MSG3);

     

       93
       93
       +
       

     

       94
       94
       +
               /* Rounds 4-7 */

     

       95
       95
       +
               MSG1 = vsha256su0q_u32(MSG1, MSG2);

     

       96
       96
       +
               TMP2 = STATE0;

     

       97
       97
       +
               TMP0 = vaddq_u32(MSG2, vld1q_u32(&K[0x08]));

     

       98
       98
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       99
       99
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       100
       100
       +
               MSG1 = vsha256su1q_u32(MSG1, MSG3, MSG0);

     

       101
       101
       +
       

     

       102
       102
       +
               /* Rounds 8-11 */

     

       103
       103
       +
               MSG2 = vsha256su0q_u32(MSG2, MSG3);

     

       104
       104
       +
               TMP2 = STATE0;

     

       105
       105
       +
               TMP1 = vaddq_u32(MSG3, vld1q_u32(&K[0x0c]));

     

       106
       106
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       107
       107
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       108
       108
       +
               MSG2 = vsha256su1q_u32(MSG2, MSG0, MSG1);

     

       109
       109
       +
       

     

       110
       110
       +
               /* Rounds 12-15 */

     

       111
       111
       +
               MSG3 = vsha256su0q_u32(MSG3, MSG0);

     

       112
       112
       +
               TMP2 = STATE0;

     

       113
       113
       +
               TMP0 = vaddq_u32(MSG0, vld1q_u32(&K[0x10]));

     

       114
       114
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       115
       115
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       116
       116
       +
               MSG3 = vsha256su1q_u32(MSG3, MSG1, MSG2);

     

       117
       117
       +
       

     

       118
       118
       +
               /* Rounds 16-19 */

     

       119
       119
       +
               MSG0 = vsha256su0q_u32(MSG0, MSG1);

     

       120
       120
       +
               TMP2 = STATE0;

     

       121
       121
       +
               TMP1 = vaddq_u32(MSG1, vld1q_u32(&K[0x14]));

     

       122
       122
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       123
       123
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       124
       124
       +
               MSG0 = vsha256su1q_u32(MSG0, MSG2, MSG3);

     

       125
       125
       +
       

     

       126
       126
       +
               /* Rounds 20-23 */

     

       127
       127
       +
               MSG1 = vsha256su0q_u32(MSG1, MSG2);

     

       128
       128
       +
               TMP2 = STATE0;

     

       129
       129
       +
               TMP0 = vaddq_u32(MSG2, vld1q_u32(&K[0x18]));

     

       130
       130
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       131
       131
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       132
       132
       +
               MSG1 = vsha256su1q_u32(MSG1, MSG3, MSG0);

     

       133
       133
       +
       

     

       134
       134
       +
               /* Rounds 24-27 */

     

       135
       135
       +
               MSG2 = vsha256su0q_u32(MSG2, MSG3);

     

       136
       136
       +
               TMP2 = STATE0;

     

       137
       137
       +
               TMP1 = vaddq_u32(MSG3, vld1q_u32(&K[0x1c]));

     

       138
       138
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       139
       139
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       140
       140
       +
               MSG2 = vsha256su1q_u32(MSG2, MSG0, MSG1);

     

       141
       141
       +
       

     

       142
       142
       +
               /* Rounds 28-31 */

     

       143
       143
       +
               MSG3 = vsha256su0q_u32(MSG3, MSG0);

     

       144
       144
       +
               TMP2 = STATE0;

     

       145
       145
       +
               TMP0 = vaddq_u32(MSG0, vld1q_u32(&K[0x20]));

     

       146
       146
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       147
       147
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       148
       148
       +
               MSG3 = vsha256su1q_u32(MSG3, MSG1, MSG2);

     

       149
       149
       +
       

     

       150
       150
       +
               /* Rounds 32-35 */

     

       151
       151
       +
               MSG0 = vsha256su0q_u32(MSG0, MSG1);

     

       152
       152
       +
               TMP2 = STATE0;

     

       153
       153
       +
               TMP1 = vaddq_u32(MSG1, vld1q_u32(&K[0x24]));

     

       154
       154
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       155
       155
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       156
       156
       +
               MSG0 = vsha256su1q_u32(MSG0, MSG2, MSG3);

     

       157
       157
       +
       

     

       158
       158
       +
               /* Rounds 36-39 */

     

       159
       159
       +
               MSG1 = vsha256su0q_u32(MSG1, MSG2);

     

       160
       160
       +
               TMP2 = STATE0;

     

       161
       161
       +
               TMP0 = vaddq_u32(MSG2, vld1q_u32(&K[0x28]));

     

       162
       162
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       163
       163
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       164
       164
       +
               MSG1 = vsha256su1q_u32(MSG1, MSG3, MSG0);

     

       165
       165
       +
       

     

       166
       166
       +
               /* Rounds 40-43 */

     

       167
       167
       +
               MSG2 = vsha256su0q_u32(MSG2, MSG3);

     

       168
       168
       +
               TMP2 = STATE0;

     

       169
       169
       +
               TMP1 = vaddq_u32(MSG3, vld1q_u32(&K[0x2c]));

     

       170
       170
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       171
       171
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       172
       172
       +
               MSG2 = vsha256su1q_u32(MSG2, MSG0, MSG1);

     

       173
       173
       +
       

     

       174
       174
       +
               /* Rounds 44-47 */

     

       175
       175
       +
               MSG3 = vsha256su0q_u32(MSG3, MSG0);

     

       176
       176
       +
               TMP2 = STATE0;

     

       177
       177
       +
               TMP0 = vaddq_u32(MSG0, vld1q_u32(&K[0x30]));

     

       178
       178
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       179
       179
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       180
       180
       +
               MSG3 = vsha256su1q_u32(MSG3, MSG1, MSG2);

     

       181
       181
       +
       

     

       182
       182
       +
               /* Rounds 48-51 */

     

       183
       183
       +
               TMP2 = STATE0;

     

       184
       184
       +
               TMP1 = vaddq_u32(MSG1, vld1q_u32(&K[0x34]));

     

       185
       185
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       186
       186
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       187
       187
       +
       

     

       188
       188
       +
               /* Rounds 52-55 */

     

       189
       189
       +
               TMP2 = STATE0;

     

       190
       190
       +
               TMP0 = vaddq_u32(MSG2, vld1q_u32(&K[0x38]));

     

       191
       191
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       192
       192
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       193
       193
       +
       

     

       194
       194
       +
               /* Rounds 56-59 */

     

       195
       195
       +
               TMP2 = STATE0;

     

       196
       196
       +
               TMP1 = vaddq_u32(MSG3, vld1q_u32(&K[0x3c]));

     

       197
       197
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP0);

     

       198
       198
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP0);

     

       199
       199
       +
       

     

       200
       200
       +
               /* Rounds 60-63 */

     

       201
       201
       +
               TMP2 = STATE0;

     

       202
       202
       +
               STATE0 = vsha256hq_u32(STATE0, STATE1, TMP1);

     

       203
       203
       +
               STATE1 = vsha256h2q_u32(STATE1, TMP2, TMP1);

     

       204
       204
       +
       

     

       205
       205
       +
               /* Combine state */

     

       206
       206
       +
               STATE0 = vaddq_u32(STATE0, ABEF_SAVE);

     

       207
       207
       +
               STATE1 = vaddq_u32(STATE1, CDGH_SAVE);

     

       208
       208
       +
       

     

       209
       209
       +
               data += 64;

     

       210
       210
       +
               length -= 64;

     

       211
       211
       +
           }

     

       212
       212
       +
       

     

       213
       213
       +
           /* Save state */

     

       214
       214
       +
           vst1q_u32(&state[0], STATE0);

     

       215
       215
       +
           vst1q_u32(&state[4], STATE1);

     

       216
       216
       +
       }

     

       217
       217
       +
       

     

       218
       218
       +
       // ============== ARM64 end =======================

     

       219
       219
       +
       #else

     

       220
       220
       +
       // ============== x86-64 begin =======================

     

       221
       221
       +
       /* Include the GCC super header */

     

       222
       222
       +
       #if defined(__GNUC__)

     

       223
       223
       +
       # include <stdint.h>

     

       224
       224
       +
       # include <x86intrin.h>

     

       225
       225
       +
       #endif

     

       226
       226
       +
       

     

       227
       227
       +
       /* Microsoft supports Intel SHA ACLE extensions as of Visual Studio 2015 */

     

       228
       228
       +
       #if defined(_MSC_VER)

     

       229
       229
       +
       # include <immintrin.h>

     

       230
       230
       +
       # define WIN32_LEAN_AND_MEAN

     

       231
       231
       +
       # include <Windows.h>

     

       232
       232
       +
       #endif

     

       233
       233
       +
       #define ROTATE(x,y)  (((x)>>(y)) | ((x)<<(32-(y))))

     

       234
       234
       +
       #define Sigma0(x)    (ROTATE((x), 2) ^ ROTATE((x),13) ^ ROTATE((x),22))

     

       235
       235
       +
       #define Sigma1(x)    (ROTATE((x), 6) ^ ROTATE((x),11) ^ ROTATE((x),25))

     

       236
       236
       +
       #define sigma0(x)    (ROTATE((x), 7) ^ ROTATE((x),18) ^ ((x)>> 3))

     

       237
       237
       +
       #define sigma1(x)    (ROTATE((x),17) ^ ROTATE((x),19) ^ ((x)>>10))

     

       238
       238
       +
       

     

       239
       239
       +
       #define Ch(x,y,z)    (((x) & (y)) ^ ((~(x)) & (z)))

     

       240
       240
       +
       #define Maj(x,y,z)   (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))

     

       241
       241
       +
       

     

       242
       242
       +
       /* Avoid undefined behavior                    */

     

       243
       243
       +
       /* https://stackoverflow.com/q/29538935/608639 */

     

       244
       244
       +
       uint32_t B2U32(uint8_t val, uint8_t sh)

     

       245
       245
       +
       {

     

       246
       246
       +
           return ((uint32_t)val) << sh;

     

       247
       247
       +
       }

     

       248
       248
       +
       

     

       249
       249
       +
       void sha256_process_c(uint32_t state[8], const uint8_t data[], size_t length)

     

       250
       250
       +
       {

     

       251
       251
       +
           uint32_t a, b, c, d, e, f, g, h, s0, s1, T1, T2;

     

       252
       252
       +
           uint32_t X[16], i;

     

       253
       253
       +
       

     

       254
       254
       +
           size_t blocks = length / 64;

     

       255
       255
       +
           while (blocks--)

     

       256
       256
       +
           {

     

       257
       257
       +
               a = state[0];

     

       258
       258
       +
               b = state[1];

     

       259
       259
       +
               c = state[2];

     

       260
       260
       +
               d = state[3];

     

       261
       261
       +
               e = state[4];

     

       262
       262
       +
               f = state[5];

     

       263
       263
       +
               g = state[6];

     

       264
       264
       +
               h = state[7];

     

       265
       265
       +
       

     

       266
       266
       +
               for (i = 0; i < 16; i++)

     

       267
       267
       +
               {

     

       268
       268
       +
                   X[i] = B2U32(data[0], 24) | B2U32(data[1], 16) | B2U32(data[2], 8) | B2U32(data[3], 0);

     

       269
       269
       +
                   data += 4;

     

       270
       270
       +
       

     

       271
       271
       +
                   T1 = h;

     

       272
       272
       +
                   T1 += Sigma1(e);

     

       273
       273
       +
                   T1 += Ch(e, f, g);

     

       274
       274
       +
                   T1 += K[i];

     

       275
       275
       +
                   T1 += X[i];

     

       276
       276
       +
       

     

       277
       277
       +
                   T2 = Sigma0(a);

     

       278
       278
       +
                   T2 += Maj(a, b, c);

     

       279
       279
       +
       

     

       280
       280
       +
                   h = g;

     

       281
       281
       +
                   g = f;

     

       282
       282
       +
                   f = e;

     

       283
       283
       +
                   e = d + T1;

     

       284
       284
       +
                   d = c;

     

       285
       285
       +
                   c = b;

     

       286
       286
       +
                   b = a;

     

       287
       287
       +
                   a = T1 + T2;

     

       288
       288
       +
               }

     

       289
       289
       +
       

     

       290
       290
       +
               for (; i < 64; i++)

     

       291
       291
       +
               {

     

       292
       292
       +
                   s0 = X[(i + 1) & 0x0f];

     

       293
       293
       +
                   s0 = sigma0(s0);

     

       294
       294
       +
                   s1 = X[(i + 14) & 0x0f];

     

       295
       295
       +
                   s1 = sigma1(s1);

     

       296
       296
       +
       

     

       297
       297
       +
                   T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];

     

       298
       298
       +
                   T1 += h + Sigma1(e) + Ch(e, f, g) + K[i];

     

       299
       299
       +
                   T2 = Sigma0(a) + Maj(a, b, c);

     

       300
       300
       +
                   h = g;

     

       301
       301
       +
                   g = f;

     

       302
       302
       +
                   f = e;

     

       303
       303
       +
                   e = d + T1;

     

       304
       304
       +
                   d = c;

     

       305
       305
       +
                   c = b;

     

       306
       306
       +
                   b = a;

     

       307
       307
       +
                   a = T1 + T2;

     

       308
       308
       +
               }

     

       309
       309
       +
       

     

       310
       310
       +
               state[0] += a;

     

       311
       311
       +
               state[1] += b;

     

       312
       312
       +
               state[2] += c;

     

       313
       313
       +
               state[3] += d;

     

       314
       314
       +
               state[4] += e;

     

       315
       315
       +
               state[5] += f;

     

       316
       316
       +
               state[6] += g;

     

       317
       317
       +
               state[7] += h;

     

       318
       318
       +
           }

     

       319
       319
       +
       }

     

       320
       320
       +
       

     

       321
       321
       +
       /* Process multiple blocks. The caller is responsible for setting the initial */

     

       322
       322
       +
       /*  state, and the caller is responsible for padding the final block.        */

     

       323
       323
       +
       void sha256_process_asm(uint32_t state[8], const uint8_t data[], size_t length)

     

       324
       324
       +
       {

     

       325
       325
       +
           __m128i STATE0, STATE1;

     

       326
       326
       +
           __m128i MSG, TMP;

     

       327
       327
       +
           __m128i MSG0, MSG1, MSG2, MSG3;

     

       328
       328
       +
           __m128i ABEF_SAVE, CDGH_SAVE;

     

       329
       329
       +
           const __m128i MASK = _mm_set_epi64x(0x0c0d0e0f08090a0bULL, 0x0405060700010203ULL);

     

       330
       330
       +
       

     

       331
       331
       +
           /* Load initial values */

     

       332
       332
       +
           TMP = _mm_loadu_si128((const __m128i*) &state[0]);

     

       333
       333
       +
           STATE1 = _mm_loadu_si128((const __m128i*) &state[4]);

     

       334
       334
       +
       

     

       335
       335
       +
       

     

       336
       336
       +
           TMP = _mm_shuffle_epi32(TMP, 0xB1);          /* CDAB */

     

       337
       337
       +
           STATE1 = _mm_shuffle_epi32(STATE1, 0x1B);    /* EFGH */

     

       338
       338
       +
           STATE0 = _mm_alignr_epi8(TMP, STATE1, 8);    /* ABEF */

     

       339
       339
       +
           STATE1 = _mm_blend_epi16(STATE1, TMP, 0xF0); /* CDGH */

     

       340
       340
       +
       

     

       341
       341
       +
           while (length >= 64)

     

       342
       342
       +
           {

     

       343
       343
       +
               /* Save current state */

     

       344
       344
       +
               ABEF_SAVE = STATE0;

     

       345
       345
       +
               CDGH_SAVE = STATE1;

     

       346
       346
       +
       

     

       347
       347
       +
               /* Rounds 0-3 */

     

       348
       348
       +
               MSG = _mm_loadu_si128((const __m128i*) (data+0));

     

       349
       349
       +
               MSG0 = _mm_shuffle_epi8(MSG, MASK);

     

       350
       350
       +
               MSG = _mm_add_epi32(MSG0, _mm_set_epi64x(0xE9B5DBA5B5C0FBCFULL, 0x71374491428A2F98ULL));

     

       351
       351
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       352
       352
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       353
       353
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       354
       354
       +
       

     

       355
       355
       +
               /* Rounds 4-7 */

     

       356
       356
       +
               MSG1 = _mm_loadu_si128((const __m128i*) (data+16));

     

       357
       357
       +
               MSG1 = _mm_shuffle_epi8(MSG1, MASK);

     

       358
       358
       +
               MSG = _mm_add_epi32(MSG1, _mm_set_epi64x(0xAB1C5ED5923F82A4ULL, 0x59F111F13956C25BULL));

     

       359
       359
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       360
       360
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       361
       361
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       362
       362
       +
               MSG0 = _mm_sha256msg1_epu32(MSG0, MSG1);

     

       363
       363
       +
       

     

       364
       364
       +
               /* Rounds 8-11 */

     

       365
       365
       +
               MSG2 = _mm_loadu_si128((const __m128i*) (data+32));

     

       366
       366
       +
               MSG2 = _mm_shuffle_epi8(MSG2, MASK);

     

       367
       367
       +
               MSG = _mm_add_epi32(MSG2, _mm_set_epi64x(0x550C7DC3243185BEULL, 0x12835B01D807AA98ULL));

     

       368
       368
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       369
       369
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       370
       370
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       371
       371
       +
               MSG1 = _mm_sha256msg1_epu32(MSG1, MSG2);

     

       372
       372
       +
       

     

       373
       373
       +
               /* Rounds 12-15 */

     

       374
       374
       +
               MSG3 = _mm_loadu_si128((const __m128i*) (data+48));

     

       375
       375
       +
               MSG3 = _mm_shuffle_epi8(MSG3, MASK);

     

       376
       376
       +
               MSG = _mm_add_epi32(MSG3, _mm_set_epi64x(0xC19BF1749BDC06A7ULL, 0x80DEB1FE72BE5D74ULL));

     

       377
       377
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       378
       378
       +
               TMP = _mm_alignr_epi8(MSG3, MSG2, 4);

     

       379
       379
       +
               MSG0 = _mm_add_epi32(MSG0, TMP);

     

       380
       380
       +
               MSG0 = _mm_sha256msg2_epu32(MSG0, MSG3);

     

       381
       381
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       382
       382
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       383
       383
       +
               MSG2 = _mm_sha256msg1_epu32(MSG2, MSG3);

     

       384
       384
       +
       

     

       385
       385
       +
               /* Rounds 16-19 */

     

       386
       386
       +
               MSG = _mm_add_epi32(MSG0, _mm_set_epi64x(0x240CA1CC0FC19DC6ULL, 0xEFBE4786E49B69C1ULL));

     

       387
       387
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       388
       388
       +
               TMP = _mm_alignr_epi8(MSG0, MSG3, 4);

     

       389
       389
       +
               MSG1 = _mm_add_epi32(MSG1, TMP);

     

       390
       390
       +
               MSG1 = _mm_sha256msg2_epu32(MSG1, MSG0);

     

       391
       391
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       392
       392
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       393
       393
       +
               MSG3 = _mm_sha256msg1_epu32(MSG3, MSG0);

     

       394
       394
       +
       

     

       395
       395
       +
               /* Rounds 20-23 */

     

       396
       396
       +
               MSG = _mm_add_epi32(MSG1, _mm_set_epi64x(0x76F988DA5CB0A9DCULL, 0x4A7484AA2DE92C6FULL));

     

       397
       397
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       398
       398
       +
               TMP = _mm_alignr_epi8(MSG1, MSG0, 4);

     

       399
       399
       +
               MSG2 = _mm_add_epi32(MSG2, TMP);

     

       400
       400
       +
               MSG2 = _mm_sha256msg2_epu32(MSG2, MSG1);

     

       401
       401
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       402
       402
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       403
       403
       +
               MSG0 = _mm_sha256msg1_epu32(MSG0, MSG1);

     

       404
       404
       +
       

     

       405
       405
       +
               /* Rounds 24-27 */

     

       406
       406
       +
               MSG = _mm_add_epi32(MSG2, _mm_set_epi64x(0xBF597FC7B00327C8ULL, 0xA831C66D983E5152ULL));

     

       407
       407
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       408
       408
       +
               TMP = _mm_alignr_epi8(MSG2, MSG1, 4);

     

       409
       409
       +
               MSG3 = _mm_add_epi32(MSG3, TMP);

     

       410
       410
       +
               MSG3 = _mm_sha256msg2_epu32(MSG3, MSG2);

     

       411
       411
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       412
       412
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       413
       413
       +
               MSG1 = _mm_sha256msg1_epu32(MSG1, MSG2);

     

       414
       414
       +
       

     

       415
       415
       +
               /* Rounds 28-31 */

     

       416
       416
       +
               MSG = _mm_add_epi32(MSG3, _mm_set_epi64x(0x1429296706CA6351ULL,  0xD5A79147C6E00BF3ULL));

     

       417
       417
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       418
       418
       +
               TMP = _mm_alignr_epi8(MSG3, MSG2, 4);

     

       419
       419
       +
               MSG0 = _mm_add_epi32(MSG0, TMP);

     

       420
       420
       +
               MSG0 = _mm_sha256msg2_epu32(MSG0, MSG3);

     

       421
       421
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       422
       422
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       423
       423
       +
               MSG2 = _mm_sha256msg1_epu32(MSG2, MSG3);

     

       424
       424
       +
       

     

       425
       425
       +
               /* Rounds 32-35 */

     

       426
       426
       +
               MSG = _mm_add_epi32(MSG0, _mm_set_epi64x(0x53380D134D2C6DFCULL, 0x2E1B213827B70A85ULL));

     

       427
       427
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       428
       428
       +
               TMP = _mm_alignr_epi8(MSG0, MSG3, 4);

     

       429
       429
       +
               MSG1 = _mm_add_epi32(MSG1, TMP);

     

       430
       430
       +
               MSG1 = _mm_sha256msg2_epu32(MSG1, MSG0);

     

       431
       431
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       432
       432
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       433
       433
       +
               MSG3 = _mm_sha256msg1_epu32(MSG3, MSG0);

     

       434
       434
       +
       

     

       435
       435
       +
               /* Rounds 36-39 */

     

       436
       436
       +
               MSG = _mm_add_epi32(MSG1, _mm_set_epi64x(0x92722C8581C2C92EULL, 0x766A0ABB650A7354ULL));

     

       437
       437
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       438
       438
       +
               TMP = _mm_alignr_epi8(MSG1, MSG0, 4);

     

       439
       439
       +
               MSG2 = _mm_add_epi32(MSG2, TMP);

     

       440
       440
       +
               MSG2 = _mm_sha256msg2_epu32(MSG2, MSG1);

     

       441
       441
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       442
       442
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       443
       443
       +
               MSG0 = _mm_sha256msg1_epu32(MSG0, MSG1);

     

       444
       444
       +
       

     

       445
       445
       +
               /* Rounds 40-43 */

     

       446
       446
       +
               MSG = _mm_add_epi32(MSG2, _mm_set_epi64x(0xC76C51A3C24B8B70ULL, 0xA81A664BA2BFE8A1ULL));

     

       447
       447
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       448
       448
       +
               TMP = _mm_alignr_epi8(MSG2, MSG1, 4);

     

       449
       449
       +
               MSG3 = _mm_add_epi32(MSG3, TMP);

     

       450
       450
       +
               MSG3 = _mm_sha256msg2_epu32(MSG3, MSG2);

     

       451
       451
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       452
       452
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       453
       453
       +
               MSG1 = _mm_sha256msg1_epu32(MSG1, MSG2);

     

       454
       454
       +
       

     

       455
       455
       +
               /* Rounds 44-47 */

     

       456
       456
       +
               MSG = _mm_add_epi32(MSG3, _mm_set_epi64x(0x106AA070F40E3585ULL, 0xD6990624D192E819ULL));

     

       457
       457
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       458
       458
       +
               TMP = _mm_alignr_epi8(MSG3, MSG2, 4);

     

       459
       459
       +
               MSG0 = _mm_add_epi32(MSG0, TMP);

     

       460
       460
       +
               MSG0 = _mm_sha256msg2_epu32(MSG0, MSG3);

     

       461
       461
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       462
       462
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       463
       463
       +
               MSG2 = _mm_sha256msg1_epu32(MSG2, MSG3);

     

       464
       464
       +
       

     

       465
       465
       +
               /* Rounds 48-51 */

     

       466
       466
       +
               MSG = _mm_add_epi32(MSG0, _mm_set_epi64x(0x34B0BCB52748774CULL, 0x1E376C0819A4C116ULL));

     

       467
       467
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       468
       468
       +
               TMP = _mm_alignr_epi8(MSG0, MSG3, 4);

     

       469
       469
       +
               MSG1 = _mm_add_epi32(MSG1, TMP);

     

       470
       470
       +
               MSG1 = _mm_sha256msg2_epu32(MSG1, MSG0);

     

       471
       471
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       472
       472
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       473
       473
       +
               MSG3 = _mm_sha256msg1_epu32(MSG3, MSG0);

     

       474
       474
       +
       

     

       475
       475
       +
               /* Rounds 52-55 */

     

       476
       476
       +
               MSG = _mm_add_epi32(MSG1, _mm_set_epi64x(0x682E6FF35B9CCA4FULL, 0x4ED8AA4A391C0CB3ULL));

     

       477
       477
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       478
       478
       +
               TMP = _mm_alignr_epi8(MSG1, MSG0, 4);

     

       479
       479
       +
               MSG2 = _mm_add_epi32(MSG2, TMP);

     

       480
       480
       +
               MSG2 = _mm_sha256msg2_epu32(MSG2, MSG1);

     

       481
       481
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       482
       482
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       483
       483
       +
       

     

       484
       484
       +
               /* Rounds 56-59 */

     

       485
       485
       +
               MSG = _mm_add_epi32(MSG2, _mm_set_epi64x(0x8CC7020884C87814ULL, 0x78A5636F748F82EEULL));

     

       486
       486
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       487
       487
       +
               TMP = _mm_alignr_epi8(MSG2, MSG1, 4);

     

       488
       488
       +
               MSG3 = _mm_add_epi32(MSG3, TMP);

     

       489
       489
       +
               MSG3 = _mm_sha256msg2_epu32(MSG3, MSG2);

     

       490
       490
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       491
       491
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       492
       492
       +
       

     

       493
       493
       +
               /* Rounds 60-63 */

     

       494
       494
       +
               MSG = _mm_add_epi32(MSG3, _mm_set_epi64x(0xC67178F2BEF9A3F7ULL, 0xA4506CEB90BEFFFAULL));

     

       495
       495
       +
               STATE1 = _mm_sha256rnds2_epu32(STATE1, STATE0, MSG);

     

       496
       496
       +
               MSG = _mm_shuffle_epi32(MSG, 0x0E);

     

       497
       497
       +
               STATE0 = _mm_sha256rnds2_epu32(STATE0, STATE1, MSG);

     

       498
       498
       +
       

     

       499
       499
       +
               /* Combine state  */

     

       500
       500
       +
               STATE0 = _mm_add_epi32(STATE0, ABEF_SAVE);

     

       501
       501
       +
               STATE1 = _mm_add_epi32(STATE1, CDGH_SAVE);

     

       502
       502
       +
       

     

       503
       503
       +
               data += 64;

     

       504
       504
       +
               length -= 64;

     

       505
       505
       +
           }

     

       506
       506
       +
       

     

       507
       507
       +
           TMP = _mm_shuffle_epi32(STATE0, 0x1B);       /* FEBA */

     

       508
       508
       +
           STATE1 = _mm_shuffle_epi32(STATE1, 0xB1);    /* DCHG */

     

       509
       509
       +
           STATE0 = _mm_blend_epi16(TMP, STATE1, 0xF0); /* DCBA */

     

       510
       510
       +
           STATE1 = _mm_alignr_epi8(STATE1, TMP, 8);    /* ABEF */

     

       511
       511
       +
       

     

       512
       512
       +
           /* Save state */

     

       513
       513
       +
           _mm_storeu_si128((__m128i*) &state[0], STATE0);

     

       514
       514
       +
           _mm_storeu_si128((__m128i*) &state[4], STATE1);

     

       515
       515
       +
       }

     

       516
       516
       +
       

     

       517
       517
       +
       #if defined(__clang__) || defined(__GNUC__) || defined(__INTEL_COMPILER)

     

       518
       518
       +
       

     

       519
       519
       +
       #include <cpuid.h>

     

       520
       520
       +
       int supports_sha_ni(void)

     

       521
       521
       +
       {

     

       522
       522
       +
           unsigned int CPUInfo[4];

     

       523
       523
       +
           __cpuid(0, CPUInfo[0], CPUInfo[1], CPUInfo[2], CPUInfo[3]);

     

       524
       524
       +
           if (CPUInfo[0] < 7)

     

       525
       525
       +
               return 0;

     

       526
       526
       +
       

     

       527
       527
       +
           __cpuid_count(7, 0, CPUInfo[0], CPUInfo[1], CPUInfo[2], CPUInfo[3]);

     

       528
       528
       +
           return CPUInfo[1] & (1 << 29); /* SHA */

     

       529
       529
       +
       }

     

       530
       530
       +
       

     

       531
       531
       +
       #else /* defined(__clang__) || defined(__GNUC__) */

     

       532
       532
       +
       

     

       533
       533
       +
       int supports_sha_ni(void)

     

       534
       534
       +
       {

     

       535
       535
       +
           unsigned int CPUInfo[4];

     

       536
       536
       +
           __cpuid(CPUInfo, 0);  

     

       537
       537
       +
           if (CPUInfo[0] < 7)

     

       538
       538
       +
               return 0;

     

       539
       539
       +
       

     

       540
       540
       +
           __cpuidex(CPUInfo, 7, 0);

     

       541
       541
       +
           return CPUInfo[1] & (1 << 29); /* Check SHA */

     

       542
       542
       +
       }

     

       543
       543
       +
       

     

       544
       544
       +
       #endif /* defined(__clang__) || defined(__GNUC__) */

     

       545
       545
       +
       

     

       546
       546
       +
       void sha256_process(uint32_t state[8], const uint8_t data[], size_t length) {

     

       547
       547
       +
           static int has_sha_ni = -1;

     

       548
       548
       +
           if(has_sha_ni == -1 ) {

     

       549
       549
       +
               has_sha_ni = supports_sha_ni();

     

       550
       550
       +
           }

     

       551
       551
       +
       

     

       552
       552
       +
           if(has_sha_ni) {

     

       553
       553
       +
               sha256_process_asm(state, data, length);

     

       554
       554
       +
       	//printf("In sha256_process_asm length %zu\n", length);

     

       555
       555
       +
           } else {

     

       556
       556
       +
               sha256_process_c(state, data, length);

     

       557
       557
       +
       	//printf("In sha256_process_c length %zu\n", length);

     

       558
       558
       +
           }

     

       559
       559
       +
       }

     

       560
       560
       +
       // ============== x86-64 end =======================

     

       561
       561
       +
       #endif

     

       562
       562
       +
       

     

       563
       563
       +
       void sha256_init(SHA256_CTX *ctx)

     

       564
       564
       +
       {

     

       565
       565
       +
       	ctx->datalen = 0;

     

       566
       566
       +
       	ctx->bitlen = 0;

     

       567
       567
       +
       	ctx->state[0] = 0x6a09e667;

     

       568
       568
       +
       	ctx->state[1] = 0xbb67ae85;

     

       569
       569
       +
       	ctx->state[2] = 0x3c6ef372;

     

       570
       570
       +
       	ctx->state[3] = 0xa54ff53a;

     

       571
       571
       +
       	ctx->state[4] = 0x510e527f;

     

       572
       572
       +
       	ctx->state[5] = 0x9b05688c;

     

       573
       573
       +
       	ctx->state[6] = 0x1f83d9ab;

     

       574
       574
       +
       	ctx->state[7] = 0x5be0cd19;

     

       575
       575
       +
       }

     

       576
       576
       +
       

     

       577
       577
       +
       void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len)

     

       578
       578
       +
       {

     

       579
       579
       +
       	WORD i;

     

       580
       580
       +
       

     

       581
       581
       +
       	size_t rounded = 64*(len/64);

     

       582
       582
       +
       	if(rounded != 0) {

     

       583
       583
       +
       		sha256_process(ctx->state, data, rounded);

     

       584
       584
       +
       	}

     

       585
       585
       +
       

     

       586
       586
       +
       	ctx->bitlen = rounded*8;

     

       587
       587
       +
       	ctx->datalen = 0;

     

       588
       588
       +
       	for (i = rounded; i < len; ++i) {

     

       589
       589
       +
       		ctx->data[ctx->datalen] = data[i];

     

       590
       590
       +
       		ctx->datalen++;

     

       591
       591
       +
       	}

     

       592
       592
       +
       }

     

       593
       593
       +
       

     

       594
       594
       +
       void sha256_final(SHA256_CTX *ctx, BYTE hash[])

     

       595
       595
       +
       {

     

       596
       596
       +
       	WORD i;

     

       597
       597
       +
       

     

       598
       598
       +
       	i = ctx->datalen;

     

       599
       599
       +
       

     

       600
       600
       +
       	// Pad whatever data is left in the buffer.

     

       601
       601
       +
       	if (ctx->datalen < 56) {

     

       602
       602
       +
       		ctx->data[i++] = 0x80;

     

       603
       603
       +
       		while (i < 56)

     

       604
       604
       +
       			ctx->data[i++] = 0x00;

     

       605
       605
       +
       	}

     

       606
       606
       +
       	else {

     

       607
       607
       +
       		ctx->data[i++] = 0x80;

     

       608
       608
       +
       		while (i < 64)

     

       609
       609
       +
       			ctx->data[i++] = 0x00;

     

       610
       610
       +
       		sha256_process(ctx->state, ctx->data, 64);

     

       611
       611
       +
       		memset(ctx->data, 0, 56);

     

       612
       612
       +
       	}

     

       613
       613
       +
       

     

       614
       614
       +
       	// Append to the padding the total message's length in bits and transform.

     

       615
       615
       +
       	ctx->bitlen += ctx->datalen * 8;

     

       616
       616
       +
       	ctx->data[63] = ctx->bitlen;

     

       617
       617
       +
       	ctx->data[62] = ctx->bitlen >> 8;

     

       618
       618
       +
       	ctx->data[61] = ctx->bitlen >> 16;

     

       619
       619
       +
       	ctx->data[60] = ctx->bitlen >> 24;

     

       620
       620
       +
       	ctx->data[59] = ctx->bitlen >> 32;

     

       621
       621
       +
       	ctx->data[58] = ctx->bitlen >> 40;

     

       622
       622
       +
       	ctx->data[57] = ctx->bitlen >> 48;

     

       623
       623
       +
       	ctx->data[56] = ctx->bitlen >> 56;

     

       624
       624
       +
       	sha256_process(ctx->state, ctx->data, 64);

     

       625
       625
       +
       

     

       626
       626
       +
       	// Since this implementation uses little endian byte ordering and SHA uses big endian,

     

       627
       627
       +
       	// reverse all the bytes when copying the final state to the output hash.

     

       628
       628
       +
       	for (i = 0; i < 4; ++i) {

     

       629
       629
       +
       		hash[i]      = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;

     

       630
       630
       +
       		hash[i + 4]  = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;

     

       631
       631
       +
       		hash[i + 8]  = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;

     

       632
       632
       +
       		hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;

     

       633
       633
       +
       		hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;

     

       634
       634
       +
       		hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;

     

       635
       635
       +
       		hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;

     

       636
       636
       +
       		hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;

     

       637
       637
       +
       	}

     

       638
       638
       +
       }

+35

lib/sha256.h

···

       1
       1
       +
       /*********************************************************************

     

       2
       2
       +
       * Filename:   sha256.h

     

       3
       3
       +
       * Author:     Brad Conte (brad AT bradconte.com)

     

       4
       4
       +
       * Copyright:

     

       5
       5
       +
       * Disclaimer: This code is presented "as is" without any guarantees.

     

       6
       6
       +
       * Details:    Defines the API for the corresponding SHA1 implementation.

     

       7
       7
       +
       *********************************************************************/

     

       8
       8
       +
       

     

       9
       9
       +
       #ifndef SHA256_H

     

       10
       10
       +
       #define SHA256_H

     

       11
       11
       +
       

     

       12
       12
       +
       /*************************** HEADER FILES ***************************/

     

       13
       13
       +
       #include <stddef.h>

     

       14
       14
       +
       #include <stdint.h>

     

       15
       15
       +
       

     

       16
       16
       +
       /****************************** MACROS ******************************/

     

       17
       17
       +
       #define SHA256_BLOCK_SIZE 32            // SHA256 outputs a 32 byte digest

     

       18
       18
       +
       

     

       19
       19
       +
       /**************************** DATA TYPES ****************************/

     

       20
       20
       +
       typedef uint8_t  BYTE;             // 8-bit byte

     

       21
       21
       +
       typedef uint32_t WORD;             // 32-bit word, change to "long" for 16-bit machines

     

       22
       22
       +
       

     

       23
       23
       +
       typedef struct {

     

       24
       24
       +
       	BYTE data[64];

     

       25
       25
       +
       	WORD datalen;

     

       26
       26
       +
       	unsigned long long bitlen;

     

       27
       27
       +
       	WORD state[8];

     

       28
       28
       +
       } SHA256_CTX;

     

       29
       29
       +
       

     

       30
       30
       +
       /*********************** FUNCTION DECLARATIONS **********************/

     

       31
       31
       +
       void sha256_init(SHA256_CTX *ctx);

     

       32
       32
       +
       void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len);

     

       33
       33
       +
       void sha256_final(SHA256_CTX *ctx, BYTE hash[]);

     

       34
       34
       +
       

     

       35
       35
       +
       #endif   // SHA256_H

-96

lib/sha256.ml

···

       1
       1
       -
       open Bigarray

     

       2
       2
       -
       

     

       3
       3
       -
       type state = (int32, int32_elt, c_layout) Array1.t

     

       4
       4
       -
       type digest = (int, int8_unsigned_elt, c_layout) Array1.t

     

       5
       5
       -
       type buffer = (int, int8_unsigned_elt, c_layout) Array1.t

     

       6
       6
       -
       

     

       7
       7
       -
       (* External C functions *)

     

       8
       8
       -
       external init : unit -> state = "oxcaml_sha256_init"

     

       9
       9
       -
       external process_block : state -> buffer -> unit = "oxcaml_sha256_process_block" [@@noalloc]

     

       10
       10
       -
       external finalize : state -> buffer -> int64 -> digest = "oxcaml_sha256_finalize"

     

       11
       11
       -
       external oneshot : buffer -> int64 -> digest = "oxcaml_sha256_oneshot"

     

       12
       12
       -
       

     

       13
       13
       -
       (* High-level interface *)

     

       14
       14
       -
       

     

       15
       15
       -
       let hash_bytes bytes =

     

       16
       16
       -
         let len = Bytes.length bytes in

     

       17
       17
       -
         let buffer = Array1.create int8_unsigned c_layout len in

     

       18
       18
       -
         for i = 0 to len - 1 do

     

       19
       19
       -
           Array1.set buffer i (Char.code (Bytes.get bytes i))

     

       20
       20
       -
         done;

     

       21
       21
       -
         oneshot buffer (Int64.of_int len)

     

       22
       22
       -
       

     

       23
       23
       -
       let hash_string str =

     

       24
       24
       -
         let len = String.length str in

     

       25
       25
       -
         let buffer = Array1.create int8_unsigned c_layout len in

     

       26
       26
       -
         for i = 0 to len - 1 do

     

       27
       27
       -
           Array1.set buffer i (Char.code str.[i])

     

       28
       28
       -
         done;

     

       29
       29
       -
         oneshot buffer (Int64.of_int len)

     

       30
       30
       -
       

     

       31
       31
       -
       (* Utilities *)

     

       32
       32
       -
       

     

       33
       33
       -
       let digest_to_hex digest =

     

       34
       34
       -
         let hex_of_byte b =

     

       35
       35
       -
           Printf.sprintf "%02x" b

     

       36
       36
       -
         in

     

       37
       37
       -
         let buf = Buffer.create 64 in

     

       38
       38
       -
         for i = 0 to 31 do

     

       39
       39
       -
           Buffer.add_string buf (hex_of_byte (Array1.get digest i))

     

       40
       40
       -
         done;

     

       41
       41
       -
         Buffer.contents buf

     

       42
       42
       -
       

     

       43
       43
       -
       let digest_to_bytes digest =

     

       44
       44
       -
         let bytes = Bytes.create 32 in

     

       45
       45
       -
         for i = 0 to 31 do

     

       46
       46
       -
           Bytes.set bytes i (Char.chr (Array1.get digest i))

     

       47
       47
       -
         done;

     

       48
       48
       -
         bytes

     

       49
       49
       -
       

     

       50
       50
       -
       let digest_equal d1 d2 =

     

       51
       51
       -
         let rec compare i =

     

       52
       52
       -
           if i >= 32 then true

     

       53
       53
       -
           else if Array1.get d1 i <> Array1.get d2 i then false

     

       54
       54
       -
           else compare (i + 1)

     

       55
       55
       -
         in

     

       56
       56
       -
         compare 0

     

       57
       57
       -
       

     

       58
       58
       -
       (* Zero-allocation variants using OxCaml features *)

     

       59
       59
       -
       

     

       60
       60
       -
       module Fast = struct

     

       61
       61
       -
         (* Stack-allocated processing for temporary computations *)

     

       62
       62
       -
         let[@inline] [@zero_alloc assume] process_block_local state block =

     

       63
       63
       -
           process_block state block

     

       64
       64
       -
         

     

       65
       65
       -
         (* Process multiple blocks efficiently *)

     

       66
       66
       -
         let[@zero_alloc assume] process_blocks state blocks num_blocks =

     

       67
       67
       -
           for i = 0 to num_blocks - 1 do

     

       68
       68
       -
             let offset = i * 64 in

     

       69
       69
       -
             let block = Array1.sub blocks offset 64 in

     

       70
       70
       -
             process_block state block

     

       71
       71
       -
           done

     

       72
       72
       -
         

     

       73
       73
       -
         (* Parallel hashing for multiple inputs *)

     

       74
       74
       -
         let parallel_hash_many par inputs =

     

       75
       75
       -
           match inputs with

     

       76
       76
       -
           | [] -> []

     

       77
       77
       -
           | [x] -> [hash_bytes x]

     

       78
       78
       -
           | _ ->

     

       79
       79
       -
             let process_batch batch =

     

       80
       80
       -
               List.map hash_bytes batch

     

       81
       81
       -
             in

     

       82
       82
       -
             let mid = List.length inputs / 2 in

     

       83
       83
       -
             let rec split n lst =

     

       84
       84
       -
               if n = 0 then ([], lst)

     

       85
       85
       -
               else match lst with

     

       86
       86
       -
                 | [] -> ([], [])

     

       87
       87
       -
                 | h::t -> let (l1, l2) = split (n-1) t in (h::l1, l2)

     

       88
       88
       -
             in

     

       89
       89
       -
             let (left, right) = split mid inputs in

     

       90
       90
       -
             let left_results, right_results = 

     

       91
       91
       -
               Parallel.fork_join2 par

     

       92
       92
       -
                 (fun _ -> process_batch left)

     

       93
       93
       -
                 (fun _ -> process_batch right)

     

       94
       94
       -
             in

     

       95
       95
       -
             left_results @ right_results

     

       96
       96
       -
       end

-47

lib/sha256.mli

···

       1
       1
       -
       (** SHA256 hardware-accelerated implementation using AMD SHA-NI instructions *)

     

       2
       2
       -
       

     

       3
       3
       -
       open Bigarray

     

       4
       4
       -
       

     

       5
       5
       -
       (** {1 Types} *)

     

       6
       6
       -
       

     

       7
       7
       -
       (** SHA256 state (8 x int32) *)

     

       8
       8
       -
       type state = (int32, int32_elt, c_layout) Array1.t

     

       9
       9
       -
       

     

       10
       10
       -
       (** SHA256 digest (32 bytes) *)

     

       11
       11
       -
       type digest = (int, int8_unsigned_elt, c_layout) Array1.t

     

       12
       12
       -
       

     

       13
       13
       -
       (** Input data buffer *)

     

       14
       14
       -
       type buffer = (int, int8_unsigned_elt, c_layout) Array1.t

     

       15
       15
       -
       

     

       16
       16
       -
       (** {1 Low-level interface} *)

     

       17
       17
       -
       

     

       18
       18
       -
       (** Initialize a new SHA256 state *)

     

       19
       19
       -
       val init : unit -> state

     

       20
       20
       -
       

     

       21
       21
       -
       (** Process a single 512-bit (64 byte) block. Buffer must be exactly 64 bytes. *)

     

       22
       22
       -
       val process_block : state -> buffer -> unit

     

       23
       23
       -
       

     

       24
       24
       -
       (** Finalize the hash computation with padding and return digest *)

     

       25
       25
       -
       val finalize : state -> buffer -> int64 -> digest

     

       26
       26
       -
       

     

       27
       27
       -
       (** {1 High-level interface} *)

     

       28
       28
       -
       

     

       29
       29
       -
       (** Compute SHA256 hash in one shot (fastest for single use) *)

     

       30
       30
       -
       val oneshot : buffer -> int64 -> digest

     

       31
       31
       -
       

     

       32
       32
       -
       (** Compute SHA256 hash from bytes *)

     

       33
       33
       -
       val hash_bytes : bytes -> digest

     

       34
       34
       -
       

     

       35
       35
       -
       (** Compute SHA256 hash from string *)

     

       36
       36
       -
       val hash_string : string -> digest

     

       37
       37
       -
       

     

       38
       38
       -
       (** {1 Utilities} *)

     

       39
       39
       -
       

     

       40
       40
       -
       (** Convert digest to hexadecimal string *)

     

       41
       41
       -
       val digest_to_hex : digest -> string

     

       42
       42
       -
       

     

       43
       43
       -
       (** Convert digest to bytes *)

     

       44
       44
       -
       val digest_to_bytes : digest -> bytes

     

       45
       45
       -
       

     

       46
       46
       -
       (** Compare two digests for equality *)

     

       47
       47
       -
       val digest_equal : digest -> digest -> bool

-382

lib/sha256_stubs.c

···

       1
       1
       -
       #include <immintrin.h>

     

       2
       2
       -
       #include <stdint.h>

     

       3
       3
       -
       #include <string.h>

     

       4
       4
       -
       #include <caml/mlvalues.h>

     

       5
       5
       -
       #include <caml/memory.h>

     

       6
       6
       -
       #include <caml/alloc.h>

     

       7
       7
       -
       #include <caml/bigarray.h>

     

       8
       8
       -
       

     

       9
       9
       -
       // Aligned storage for round constants

     

       10
       10
       -
       alignas(64) static const uint32_t K256[64] = {

     

       11
       11
       -
           0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,

     

       12
       12
       -
           0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,

     

       13
       13
       -
           0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,

     

       14
       14
       -
           0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,

     

       15
       15
       -
           0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,

     

       16
       16
       -
           0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,

     

       17
       17
       -
           0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,

     

       18
       18
       -
           0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,

     

       19
       19
       -
           0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,

     

       20
       20
       -
           0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,

     

       21
       21
       -
           0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,

     

       22
       22
       -
           0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,

     

       23
       23
       -
           0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,

     

       24
       24
       -
           0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,

     

       25
       25
       -
           0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,

     

       26
       26
       -
           0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

     

       27
       27
       -
       };

     

       28
       28
       -
       

     

       29
       29
       -
       // Initial SHA256 state values

     

       30
       30
       -
       alignas(16) static const uint32_t H256_INIT[8] = {

     

       31
       31
       -
           0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,

     

       32
       32
       -
           0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19

     

       33
       33
       -
       };

     

       34
       34
       -
       

     

       35
       35
       -
       // Byte swap for endianness

     

       36
       36
       -
       static const __m128i BSWAP_MASK = {0x0001020304050607ULL, 0x08090a0b0c0d0e0fULL};

     

       37
       37
       -
       

     

       38
       38
       -
       // Process a single 512-bit block using SHA-NI instructions

     

       39
       39
       -
       static void sha256_process_block_shani(uint32_t state[8], const uint8_t block[64]) {

     

       40
       40
       -
           __m128i msg0, msg1, msg2, msg3;

     

       41
       41
       -
           __m128i tmp;

     

       42
       42
       -
           __m128i state0, state1;

     

       43
       43
       -
           __m128i msg;

     

       44
       44
       -
           __m128i abef_save, cdgh_save;

     

       45
       45
       -
           

     

       46
       46
       -
           // Load initial state

     

       47
       47
       -
           tmp = _mm_loadu_si128((const __m128i*)&state[0]);

     

       48
       48
       -
           state1 = _mm_loadu_si128((const __m128i*)&state[4]);

     

       49
       49
       -
           

     

       50
       50
       -
           // Swap byte order for initial state

     

       51
       51
       -
           tmp = _mm_shuffle_epi32(tmp, 0xB1);  // CDAB

     

       52
       52
       -
           state1 = _mm_shuffle_epi32(state1, 0x1B); // EFGH

     

       53
       53
       -
           state0 = _mm_alignr_epi8(tmp, state1, 8); // ABEF

     

       54
       54
       -
           state1 = _mm_blend_epi16(state1, tmp, 0xF0); // CDGH

     

       55
       55
       -
           

     

       56
       56
       -
           // Save initial state

     

       57
       57
       -
           abef_save = state0;

     

       58
       58
       -
           cdgh_save = state1;

     

       59
       59
       -
           

     

       60
       60
       -
           // Load message blocks with byte swap

     

       61
       61
       -
           msg0 = _mm_loadu_si128((const __m128i*)(block + 0));

     

       62
       62
       -
           msg1 = _mm_loadu_si128((const __m128i*)(block + 16));

     

       63
       63
       -
           msg2 = _mm_loadu_si128((const __m128i*)(block + 32));

     

       64
       64
       -
           msg3 = _mm_loadu_si128((const __m128i*)(block + 48));

     

       65
       65
       -
           

     

       66
       66
       -
           msg0 = _mm_shuffle_epi8(msg0, BSWAP_MASK);

     

       67
       67
       -
           msg1 = _mm_shuffle_epi8(msg1, BSWAP_MASK);

     

       68
       68
       -
           msg2 = _mm_shuffle_epi8(msg2, BSWAP_MASK);

     

       69
       69
       -
           msg3 = _mm_shuffle_epi8(msg3, BSWAP_MASK);

     

       70
       70
       -
           

     

       71
       71
       -
           // Rounds 0-3

     

       72
       72
       -
           msg = _mm_add_epi32(msg0, _mm_load_si128((const __m128i*)&K256[0]));

     

       73
       73
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       74
       74
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       75
       75
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       76
       76
       -
           

     

       77
       77
       -
           // Rounds 4-7

     

       78
       78
       -
           msg = _mm_add_epi32(msg1, _mm_load_si128((const __m128i*)&K256[4]));

     

       79
       79
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       80
       80
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       81
       81
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       82
       82
       -
           msg0 = _mm_sha256msg1_epu32(msg0, msg1);

     

       83
       83
       -
           

     

       84
       84
       -
           // Rounds 8-11

     

       85
       85
       -
           msg = _mm_add_epi32(msg2, _mm_load_si128((const __m128i*)&K256[8]));

     

       86
       86
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       87
       87
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       88
       88
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       89
       89
       -
           msg1 = _mm_sha256msg1_epu32(msg1, msg2);

     

       90
       90
       -
           

     

       91
       91
       -
           // Rounds 12-15

     

       92
       92
       -
           msg = _mm_add_epi32(msg3, _mm_load_si128((const __m128i*)&K256[12]));

     

       93
       93
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       94
       94
       -
           tmp = _mm_alignr_epi8(msg3, msg2, 4);

     

       95
       95
       -
           msg0 = _mm_add_epi32(msg0, tmp);

     

       96
       96
       -
           msg0 = _mm_sha256msg2_epu32(msg0, msg3);

     

       97
       97
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       98
       98
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       99
       99
       -
           msg2 = _mm_sha256msg1_epu32(msg2, msg3);

     

       100
       100
       -
           

     

       101
       101
       -
           // Rounds 16-19

     

       102
       102
       -
           msg = _mm_add_epi32(msg0, _mm_load_si128((const __m128i*)&K256[16]));

     

       103
       103
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       104
       104
       -
           tmp = _mm_alignr_epi8(msg0, msg3, 4);

     

       105
       105
       -
           msg1 = _mm_add_epi32(msg1, tmp);

     

       106
       106
       -
           msg1 = _mm_sha256msg2_epu32(msg1, msg0);

     

       107
       107
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       108
       108
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       109
       109
       -
           msg3 = _mm_sha256msg1_epu32(msg3, msg0);

     

       110
       110
       -
           

     

       111
       111
       -
           // Rounds 20-23

     

       112
       112
       -
           msg = _mm_add_epi32(msg1, _mm_load_si128((const __m128i*)&K256[20]));

     

       113
       113
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       114
       114
       -
           tmp = _mm_alignr_epi8(msg1, msg0, 4);

     

       115
       115
       -
           msg2 = _mm_add_epi32(msg2, tmp);

     

       116
       116
       -
           msg2 = _mm_sha256msg2_epu32(msg2, msg1);

     

       117
       117
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       118
       118
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       119
       119
       -
           msg0 = _mm_sha256msg1_epu32(msg0, msg1);

     

       120
       120
       -
           

     

       121
       121
       -
           // Rounds 24-27

     

       122
       122
       -
           msg = _mm_add_epi32(msg2, _mm_load_si128((const __m128i*)&K256[24]));

     

       123
       123
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       124
       124
       -
           tmp = _mm_alignr_epi8(msg2, msg1, 4);

     

       125
       125
       -
           msg3 = _mm_add_epi32(msg3, tmp);

     

       126
       126
       -
           msg3 = _mm_sha256msg2_epu32(msg3, msg2);

     

       127
       127
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       128
       128
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       129
       129
       -
           msg1 = _mm_sha256msg1_epu32(msg1, msg2);

     

       130
       130
       -
           

     

       131
       131
       -
           // Rounds 28-31

     

       132
       132
       -
           msg = _mm_add_epi32(msg3, _mm_load_si128((const __m128i*)&K256[28]));

     

       133
       133
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       134
       134
       -
           tmp = _mm_alignr_epi8(msg3, msg2, 4);

     

       135
       135
       -
           msg0 = _mm_add_epi32(msg0, tmp);

     

       136
       136
       -
           msg0 = _mm_sha256msg2_epu32(msg0, msg3);

     

       137
       137
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       138
       138
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       139
       139
       -
           msg2 = _mm_sha256msg1_epu32(msg2, msg3);

     

       140
       140
       -
           

     

       141
       141
       -
           // Rounds 32-35

     

       142
       142
       -
           msg = _mm_add_epi32(msg0, _mm_load_si128((const __m128i*)&K256[32]));

     

       143
       143
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       144
       144
       -
           tmp = _mm_alignr_epi8(msg0, msg3, 4);

     

       145
       145
       -
           msg1 = _mm_add_epi32(msg1, tmp);

     

       146
       146
       -
           msg1 = _mm_sha256msg2_epu32(msg1, msg0);

     

       147
       147
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       148
       148
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       149
       149
       -
           msg3 = _mm_sha256msg1_epu32(msg3, msg0);

     

       150
       150
       -
           

     

       151
       151
       -
           // Rounds 36-39

     

       152
       152
       -
           msg = _mm_add_epi32(msg1, _mm_load_si128((const __m128i*)&K256[36]));

     

       153
       153
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       154
       154
       -
           tmp = _mm_alignr_epi8(msg1, msg0, 4);

     

       155
       155
       -
           msg2 = _mm_add_epi32(msg2, tmp);

     

       156
       156
       -
           msg2 = _mm_sha256msg2_epu32(msg2, msg1);

     

       157
       157
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       158
       158
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       159
       159
       -
           msg0 = _mm_sha256msg1_epu32(msg0, msg1);

     

       160
       160
       -
           

     

       161
       161
       -
           // Rounds 40-43

     

       162
       162
       -
           msg = _mm_add_epi32(msg2, _mm_load_si128((const __m128i*)&K256[40]));

     

       163
       163
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       164
       164
       -
           tmp = _mm_alignr_epi8(msg2, msg1, 4);

     

       165
       165
       -
           msg3 = _mm_add_epi32(msg3, tmp);

     

       166
       166
       -
           msg3 = _mm_sha256msg2_epu32(msg3, msg2);

     

       167
       167
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       168
       168
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       169
       169
       -
           msg1 = _mm_sha256msg1_epu32(msg1, msg2);

     

       170
       170
       -
           

     

       171
       171
       -
           // Rounds 44-47

     

       172
       172
       -
           msg = _mm_add_epi32(msg3, _mm_load_si128((const __m128i*)&K256[44]));

     

       173
       173
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       174
       174
       -
           tmp = _mm_alignr_epi8(msg3, msg2, 4);

     

       175
       175
       -
           msg0 = _mm_add_epi32(msg0, tmp);

     

       176
       176
       -
           msg0 = _mm_sha256msg2_epu32(msg0, msg3);

     

       177
       177
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       178
       178
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       179
       179
       -
           msg2 = _mm_sha256msg1_epu32(msg2, msg3);

     

       180
       180
       -
           

     

       181
       181
       -
           // Rounds 48-51

     

       182
       182
       -
           msg = _mm_add_epi32(msg0, _mm_load_si128((const __m128i*)&K256[48]));

     

       183
       183
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       184
       184
       -
           tmp = _mm_alignr_epi8(msg0, msg3, 4);

     

       185
       185
       -
           msg1 = _mm_add_epi32(msg1, tmp);

     

       186
       186
       -
           msg1 = _mm_sha256msg2_epu32(msg1, msg0);

     

       187
       187
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       188
       188
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       189
       189
       -
           msg3 = _mm_sha256msg1_epu32(msg3, msg0);

     

       190
       190
       -
           

     

       191
       191
       -
           // Rounds 52-55

     

       192
       192
       -
           msg = _mm_add_epi32(msg1, _mm_load_si128((const __m128i*)&K256[52]));

     

       193
       193
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       194
       194
       -
           tmp = _mm_alignr_epi8(msg1, msg0, 4);

     

       195
       195
       -
           msg2 = _mm_add_epi32(msg2, tmp);

     

       196
       196
       -
           msg2 = _mm_sha256msg2_epu32(msg2, msg1);

     

       197
       197
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       198
       198
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       199
       199
       -
           

     

       200
       200
       -
           // Rounds 56-59

     

       201
       201
       -
           msg = _mm_add_epi32(msg2, _mm_load_si128((const __m128i*)&K256[56]));

     

       202
       202
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       203
       203
       -
           tmp = _mm_alignr_epi8(msg2, msg1, 4);

     

       204
       204
       -
           msg3 = _mm_add_epi32(msg3, tmp);

     

       205
       205
       -
           msg3 = _mm_sha256msg2_epu32(msg3, msg2);

     

       206
       206
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       207
       207
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       208
       208
       -
           

     

       209
       209
       -
           // Rounds 60-63

     

       210
       210
       -
           msg = _mm_add_epi32(msg3, _mm_load_si128((const __m128i*)&K256[60]));

     

       211
       211
       -
           state1 = _mm_sha256rnds2_epu32(state1, state0, msg);

     

       212
       212
       -
           msg = _mm_shuffle_epi32(msg, 0x0E);

     

       213
       213
       -
           state0 = _mm_sha256rnds2_epu32(state0, state1, msg);

     

       214
       214
       -
           

     

       215
       215
       -
           // Add initial state

     

       216
       216
       -
           state0 = _mm_add_epi32(state0, abef_save);

     

       217
       217
       -
           state1 = _mm_add_epi32(state1, cdgh_save);

     

       218
       218
       -
           

     

       219
       219
       -
           // Swap byte order back and store

     

       220
       220
       -
           tmp = _mm_shuffle_epi32(state0, 0x1B);  // FEBA

     

       221
       221
       -
           state1 = _mm_shuffle_epi32(state1, 0xB1); // DCHG

     

       222
       222
       -
           state0 = _mm_blend_epi16(tmp, state1, 0xF0); // DCBA

     

       223
       223
       -
           state1 = _mm_alignr_epi8(state1, tmp, 8); // HGFE

     

       224
       224
       -
           

     

       225
       225
       -
           _mm_storeu_si128((__m128i*)&state[0], state0);

     

       226
       226
       -
           _mm_storeu_si128((__m128i*)&state[4], state1);

     

       227
       227
       -
       }

     

       228
       228
       -
       

     

       229
       229
       -
       // OCaml interface functions

     

       230
       230
       -
       

     

       231
       231
       -
       // Initialize SHA256 state

     

       232
       232
       -
       value oxcaml_sha256_init(value unit) {

     

       233
       233
       -
           CAMLparam1(unit);

     

       234
       234
       -
           CAMLlocal1(state);

     

       235
       235
       -
           

     

       236
       236
       -
           // Allocate bigarray for state (8 x int32)

     

       237
       237
       -
           long dims[1] = {8};

     

       238
       238
       -
           state = caml_ba_alloc_dims(CAML_BA_INT32 | CAML_BA_C_LAYOUT, 1, NULL, dims);

     

       239
       239
       -
           uint32_t* s = (uint32_t*)Caml_ba_data_val(state);

     

       240
       240
       -
           

     

       241
       241
       -
           // Copy initial values

     

       242
       242
       -
           memcpy(s, H256_INIT, 32);

     

       243
       243
       -
           

     

       244
       244
       -
           CAMLreturn(state);

     

       245
       245
       -
       }

     

       246
       246
       -
       

     

       247
       247
       -
       // Process a single 512-bit block

     

       248
       248
       -
       value oxcaml_sha256_process_block(value state, value block) {

     

       249
       249
       -
           CAMLparam2(state, block);

     

       250
       250
       -
           

     

       251
       251
       -
           uint32_t* s = (uint32_t*)Caml_ba_data_val(state);

     

       252
       252
       -
           uint8_t* b = (uint8_t*)Caml_ba_data_val(block);

     

       253
       253
       -
           

     

       254
       254
       -
           sha256_process_block_shani(s, b);

     

       255
       255
       -
           

     

       256
       256
       -
           CAMLreturn(Val_unit);

     

       257
       257
       -
       }

     

       258
       258
       -
       

     

       259
       259
       -
       // Finalize hash with padding and return digest

     

       260
       260
       -
       value oxcaml_sha256_finalize(value state, value data, value len_v) {

     

       261
       261
       -
           CAMLparam3(state, data, len_v);

     

       262
       262
       -
           CAMLlocal1(result);

     

       263
       263
       -
           

     

       264
       264
       -
           uint32_t* s = (uint32_t*)Caml_ba_data_val(state);

     

       265
       265
       -
           uint8_t* input = (uint8_t*)Caml_ba_data_val(data);

     

       266
       266
       -
           uint64_t len = Int64_val(len_v);

     

       267
       267
       -
           

     

       268
       268
       -
           // Process full blocks

     

       269
       269
       -
           uint64_t full_blocks = len / 64;

     

       270
       270
       -
           for (uint64_t i = 0; i < full_blocks; i++) {

     

       271
       271
       -
               sha256_process_block_shani(s, input + i * 64);

     

       272
       272
       -
           }

     

       273
       273
       -
           

     

       274
       274
       -
           // Handle final block with padding

     

       275
       275
       -
           uint8_t final_block[128] = {0};  // Max 2 blocks for padding

     

       276
       276
       -
           uint64_t remaining = len % 64;

     

       277
       277
       -
           

     

       278
       278
       -
           // Copy remaining bytes

     

       279
       279
       -
           if (remaining > 0) {

     

       280
       280
       -
               memcpy(final_block, input + full_blocks * 64, remaining);

     

       281
       281
       -
           }

     

       282
       282
       -
           

     

       283
       283
       -
           // Add padding

     

       284
       284
       -
           final_block[remaining] = 0x80;

     

       285
       285
       -
           

     

       286
       286
       -
           // Add length in bits at the end

     

       287
       287
       -
           uint64_t bit_len = len * 8;

     

       288
       288
       -
           if (remaining >= 56) {

     

       289
       289
       -
               // Need two blocks

     

       290
       290
       -
               sha256_process_block_shani(s, final_block);

     

       291
       291
       -
               memset(final_block, 0, 64);

     

       292
       292
       -
           }

     

       293
       293
       -
           

     

       294
       294
       -
           // Add bit length (big-endian)

     

       295
       295
       -
           final_block[56] = (bit_len >> 56) & 0xFF;

     

       296
       296
       -
           final_block[57] = (bit_len >> 48) & 0xFF;

     

       297
       297
       -
           final_block[58] = (bit_len >> 40) & 0xFF;

     

       298
       298
       -
           final_block[59] = (bit_len >> 32) & 0xFF;

     

       299
       299
       -
           final_block[60] = (bit_len >> 24) & 0xFF;

     

       300
       300
       -
           final_block[61] = (bit_len >> 16) & 0xFF;

     

       301
       301
       -
           final_block[62] = (bit_len >> 8) & 0xFF;

     

       302
       302
       -
           final_block[63] = bit_len & 0xFF;

     

       303
       303
       -
           

     

       304
       304
       -
           sha256_process_block_shani(s, final_block);

     

       305
       305
       -
           

     

       306
       306
       -
           // Create result bigarray (32 bytes)

     

       307
       307
       -
           long dims[1] = {32};

     

       308
       308
       -
           result = caml_ba_alloc_dims(CAML_BA_UINT8 | CAML_BA_C_LAYOUT, 1, NULL, dims);

     

       309
       309
       -
           uint8_t* res = (uint8_t*)Caml_ba_data_val(result);

     

       310
       310
       -
           

     

       311
       311
       -
           // Convert to big-endian bytes

     

       312
       312
       -
           for (int i = 0; i < 8; i++) {

     

       313
       313
       -
               res[i*4 + 0] = (s[i] >> 24) & 0xFF;

     

       314
       314
       -
               res[i*4 + 1] = (s[i] >> 16) & 0xFF;

     

       315
       315
       -
               res[i*4 + 2] = (s[i] >> 8) & 0xFF;

     

       316
       316
       -
               res[i*4 + 3] = s[i] & 0xFF;

     

       317
       317
       -
           }

     

       318
       318
       -
           

     

       319
       319
       -
           CAMLreturn(result);

     

       320
       320
       -
       }

     

       321
       321
       -
       

     

       322
       322
       -
       // Fast one-shot SHA256

     

       323
       323
       -
       value oxcaml_sha256_oneshot(value data, value len_v) {

     

       324
       324
       -
           CAMLparam2(data, len_v);

     

       325
       325
       -
           CAMLlocal1(result);

     

       326
       326
       -
           

     

       327
       327
       -
           uint8_t* input = (uint8_t*)Caml_ba_data_val(data);

     

       328
       328
       -
           uint64_t len = Int64_val(len_v);

     

       329
       329
       -
           

     

       330
       330
       -
           // Local state

     

       331
       331
       -
           alignas(16) uint32_t state[8];

     

       332
       332
       -
           memcpy(state, H256_INIT, 32);

     

       333
       333
       -
           

     

       334
       334
       -
           // Process full blocks

     

       335
       335
       -
           uint64_t full_blocks = len / 64;

     

       336
       336
       -
           for (uint64_t i = 0; i < full_blocks; i++) {

     

       337
       337
       -
               sha256_process_block_shani(state, input + i * 64);

     

       338
       338
       -
           }

     

       339
       339
       -
           

     

       340
       340
       -
           // Handle final block with padding

     

       341
       341
       -
           alignas(64) uint8_t final_block[128] = {0};

     

       342
       342
       -
           uint64_t remaining = len % 64;

     

       343
       343
       -
           

     

       344
       344
       -
           if (remaining > 0) {

     

       345
       345
       -
               memcpy(final_block, input + full_blocks * 64, remaining);

     

       346
       346
       -
           }

     

       347
       347
       -
           

     

       348
       348
       -
           final_block[remaining] = 0x80;

     

       349
       349
       -
           

     

       350
       350
       -
           uint64_t bit_len = len * 8;

     

       351
       351
       -
           if (remaining >= 56) {

     

       352
       352
       -
               sha256_process_block_shani(state, final_block);

     

       353
       353
       -
               memset(final_block, 0, 64);

     

       354
       354
       -
           }

     

       355
       355
       -
           

     

       356
       356
       -
           // Add bit length (big-endian)

     

       357
       357
       -
           final_block[56] = (bit_len >> 56) & 0xFF;

     

       358
       358
       -
           final_block[57] = (bit_len >> 48) & 0xFF;

     

       359
       359
       -
           final_block[58] = (bit_len >> 40) & 0xFF;

     

       360
       360
       -
           final_block[59] = (bit_len >> 32) & 0xFF;

     

       361
       361
       -
           final_block[60] = (bit_len >> 24) & 0xFF;

     

       362
       362
       -
           final_block[61] = (bit_len >> 16) & 0xFF;

     

       363
       363
       -
           final_block[62] = (bit_len >> 8) & 0xFF;

     

       364
       364
       -
           final_block[63] = bit_len & 0xFF;

     

       365
       365
       -
           

     

       366
       366
       -
           sha256_process_block_shani(state, final_block);

     

       367
       367
       -
           

     

       368
       368
       -
           // Create result bigarray

     

       369
       369
       -
           long dims[1] = {32};

     

       370
       370
       -
           result = caml_ba_alloc_dims(CAML_BA_UINT8 | CAML_BA_C_LAYOUT, 1, NULL, dims);

     

       371
       371
       -
           uint8_t* res = (uint8_t*)Caml_ba_data_val(result);

     

       372
       372
       -
           

     

       373
       373
       -
           // Convert to big-endian bytes

     

       374
       374
       -
           for (int i = 0; i < 8; i++) {

     

       375
       375
       -
               res[i*4 + 0] = (state[i] >> 24) & 0xFF;

     

       376
       376
       -
               res[i*4 + 1] = (state[i] >> 16) & 0xFF;

     

       377
       377
       -
               res[i*4 + 2] = (state[i] >> 8) & 0xFF;

     

       378
       378
       -
               res[i*4 + 3] = state[i] & 0xFF;

     

       379
       379
       -
           }

     

       380
       380
       -
           

     

       381
       381
       -
           CAMLreturn(result);

     

       382
       382
       -
       }

+32

oxsha.opam

···

       1
       1
       +
       # This file is generated by dune, edit dune-project instead

     

       2
       2
       +
       opam-version: "2.0"

     

       3
       3
       +
       version: "0.1"

     

       4
       4
       +
       synopsis: "Fast SHA256 hashing library"

     

       5
       5
       +
       description:

     

       6
       6
       +
         "OCaml bindings to a C SHA256 implementation using bigarrays for efficient, zero-copy hashing"

     

       7
       7
       +
       maintainer: ["Anil Madhavapeddy"]

     

       8
       8
       +
       authors: ["Anil Madhavapeddy"]

     

       9
       9
       +
       license: "ISC"

     

       10
       10
       +
       homepage: "https://github.com/avsm/oxsha"

     

       11
       11
       +
       bug-reports: "https://github.com/avsm/oxsha/issues"

     

       12
       12
       +
       depends: [

     

       13
       13
       +
         "dune" {>= "3.20"}

     

       14
       14
       +
         "ocaml" {>= "5.3"}

     

       15
       15
       +
         "odoc" {with-doc}

     

       16
       16
       +
       ]

     

       17
       17
       +
       build: [

     

       18
       18
       +
         ["dune" "subst"] {dev}

     

       19
       19
       +
         [

     

       20
       20
       +
           "dune"

     

       21
       21
       +
           "build"

     

       22
       22
       +
           "-p"

     

       23
       23
       +
           name

     

       24
       24
       +
           "-j"

     

       25
       25
       +
           jobs

     

       26
       26
       +
           "@install"

     

       27
       27
       +
           "@runtest" {with-test}

     

       28
       28
       +
           "@doc" {with-doc}

     

       29
       29
       +
         ]

     

       30
       30
       +
       ]

     

       31
       31
       +
       dev-repo: "git+https://github.com/avsm/oxsha.git"

     

       32
       32
       +
       x-maintenance-intent: ["(latest)"]

+3 -4

test/dune

···

       1
       1
       -
       (executable

     

       2
       2
       -
        (name test_sha256)

     

       3
       3
       -
        (libraries sha256 unix)

     

       4
       4
       -
        (modes native))
     

       1
       1
       +
       (test

     

       2
       2
       +
        (name speed_test)

     

       3
       3
       +
        (libraries cryptokit oxsha unix))

+171

test/speed_test.ml

···

       1
       1
       +
       (* Speed test comparing system sha256sum with Cryptokit and oxsha implementations *)

     

       2
       2
       +
       

     

       3
       3
       +
       let deadbeef_pattern = "\xde\xad\xbe\xef"

     

       4
       4
       +
       

     

       5
       5
       +
       (* Convert bytes to hex string *)

     

       6
       6
       +
       let hex_of_bytes bytes =

     

       7
       7
       +
         let buf = Buffer.create (Bytes.length bytes * 2) in

     

       8
       8
       +
         Bytes.iter

     

       9
       9
       +
           (fun c -> Buffer.add_string buf (Printf.sprintf "%02x" (Char.code c)))

     

       10
       10
       +
           bytes;

     

       11
       11
       +
         Buffer.contents buf

     

       12
       12
       +
       

     

       13
       13
       +
       (* Create a 2GB file filled with 0xdeadbeef pattern *)

     

       14
       14
       +
       let create_test_file filename size =

     

       15
       15
       +
         Printf.printf "Creating %s (%d bytes = %.2f GB)...\n%!"

     

       16
       16
       +
           filename size (float_of_int size /. (1024.0 *. 1024.0 *. 1024.0));

     

       17
       17
       +
       

     

       18
       18
       +
         let oc = open_out_bin filename in

     

       19
       19
       +
         let chunk_size = 1024 * 1024 in (* 1 MB chunks *)

     

       20
       20
       +
         let chunk = Bytes.make chunk_size '\x00' in

     

       21
       21
       +
       

     

       22
       22
       +
         (* Fill chunk with 0xdeadbeef pattern *)

     

       23
       23
       +
         for i = 0 to chunk_size - 1 do

     

       24
       24
       +
           Bytes.set chunk i deadbeef_pattern.[i mod 4]

     

       25
       25
       +
         done;

     

       26
       26
       +
       

     

       27
       27
       +
         let chunks = size / chunk_size in

     

       28
       28
       +
         let remainder = size mod chunk_size in

     

       29
       29
       +
       

     

       30
       30
       +
         for i = 0 to chunks - 1 do

     

       31
       31
       +
           output_bytes oc chunk;

     

       32
       32
       +
           if i mod 100 = 0 then (

     

       33
       33
       +
             Printf.printf "\rProgress: %.1f%%..."

     

       34
       34
       +
               (float_of_int i *. 100.0 /. float_of_int chunks);

     

       35
       35
       +
             flush stdout

     

       36
       36
       +
           )

     

       37
       37
       +
         done;

     

       38
       38
       +
       

     

       39
       39
       +
         if remainder > 0 then

     

       40
       40
       +
           output oc chunk 0 remainder;

     

       41
       41
       +
       

     

       42
       42
       +
         close_out oc;

     

       43
       43
       +
         Printf.printf "\rProgress: 100.0%%... Done!\n%!"

     

       44
       44
       +
       

     

       45
       45
       +
       (* SHA-256 using Cryptokit *)

     

       46
       46
       +
       let sha256sum_cryptokit filename =

     

       47
       47
       +
         let hash = Cryptokit.Hash.sha256 () in

     

       48
       48
       +
         let digest =

     

       49
       49
       +
           In_channel.with_open_bin filename

     

       50
       50
       +
             (Cryptokit.hash_channel hash)

     

       51
       51
       +
         in

     

       52
       52
       +
         let hex_digest =

     

       53
       53
       +
           Cryptokit.transform_string

     

       54
       54
       +
             (Cryptokit.Hexa.encode ()) digest

     

       55
       55
       +
         in

     

       56
       56
       +
         hex_digest

     

       57
       57
       +
       

     

       58
       58
       +
       (* SHA-256 using system command *)

     

       59
       59
       +
       let sha256sum_system filename =

     

       60
       60
       +
         let cmd = Printf.sprintf "sha256sum %s" (Filename.quote filename) in

     

       61
       61
       +
         let ic = Unix.open_process_in cmd in

     

       62
       62
       +
         let line = input_line ic in

     

       63
       63
       +
         let _ = Unix.close_process_in ic in

     

       64
       64
       +
         (* sha256sum outputs: "<hash>  <filename>" *)

     

       65
       65
       +
         let hash = String.sub line 0 64 in

     

       66
       66
       +
         hash

     

       67
       67
       +
       

     

       68
       68
       +
       (* SHA-256 using oxsha with Unix.map_file *)

     

       69
       69
       +
       let sha256sum_oxsha filename =

     

       70
       70
       +
         let fd = Unix.openfile filename [ Unix.O_RDONLY ] 0 in

     

       71
       71
       +
         let stats = Unix.fstat fd in

     

       72
       72
       +
         let file_size = stats.Unix.st_size in

     

       73
       73
       +
       

     

       74
       74
       +
         if file_size = 0 then (

     

       75
       75
       +
           (* Handle empty files *)

     

       76
       76
       +
           Unix.close fd;

     

       77
       77
       +
           let digest = Oxsha.hash_string "" in

     

       78
       78
       +
           hex_of_bytes digest

     

       79
       79
       +
         ) else (

     

       80
       80
       +
           let mapped =

     

       81
       81
       +
             Unix.map_file fd Bigarray.char Bigarray.c_layout false [| file_size |]

     

       82
       82
       +
           in

     

       83
       83
       +
           let ba = Bigarray.array1_of_genarray mapped in

     

       84
       84
       +
           Unix.close fd;

     

       85
       85
       +
       

     

       86
       86
       +
           let digest = Oxsha.hash ba in

     

       87
       87
       +
           hex_of_bytes digest

     

       88
       88
       +
         )

     

       89
       89
       +
       

     

       90
       90
       +
       (* Time a function execution *)

     

       91
       91
       +
       let time_function name f =

     

       92
       92
       +
         Printf.printf "\nRunning %s...\n%!" name;

     

       93
       93
       +
         let start = Unix.gettimeofday () in

     

       94
       94
       +
         let result = f () in

     

       95
       95
       +
         let elapsed = Unix.gettimeofday () -. start in

     

       96
       96
       +
         Printf.printf "%s completed in %.3f seconds\n%!" name elapsed;

     

       97
       97
       +
         (result, elapsed)

     

       98
       98
       +
       

     

       99
       99
       +
       let () =

     

       100
       100
       +
         let test_file = "test_2gb.bin" in

     

       101
       101
       +
         let file_size = 2 * 1024 * 1024 * 1024 in (* 2 GB *)

     

       102
       102
       +
       

     

       103
       103
       +
         Printf.printf "=== SHA-256 Speed Test ===\n\n";

     

       104
       104
       +
       

     

       105
       105
       +
         (* Create test file if it doesn't exist *)

     

       106
       106
       +
         if not (Sys.file_exists test_file) then

     

       107
       107
       +
           create_test_file test_file file_size

     

       108
       108
       +
         else

     

       109
       109
       +
           Printf.printf "Test file %s already exists, using existing file.\n%!" test_file;

     

       110
       110
       +
       

     

       111
       111
       +
         (* Test system sha256sum *)

     

       112
       112
       +
         let (hash_system, time_system) =

     

       113
       113
       +
           time_function "system sha256sum" (fun () -> sha256sum_system test_file) in

     

       114
       114
       +
         Printf.printf "Hash: %s\n" hash_system;

     

       115
       115
       +
       

     

       116
       116
       +
         (* Test Cryptokit implementation *)

     

       117
       117
       +
         let (hash_cryptokit, time_cryptokit) =

     

       118
       118
       +
           time_function "Cryptokit sha256sum" (fun () -> sha256sum_cryptokit test_file) in

     

       119
       119
       +
         Printf.printf "Hash: %s\n" hash_cryptokit;

     

       120
       120
       +
       

     

       121
       121
       +
         (* Test oxsha implementation *)

     

       122
       122
       +
         let (hash_oxsha, time_oxsha) =

     

       123
       123
       +
           time_function "oxsha (mmap)" (fun () -> sha256sum_oxsha test_file) in

     

       124
       124
       +
         Printf.printf "Hash: %s\n" hash_oxsha;

     

       125
       125
       +
       

     

       126
       126
       +
         (* Compare results *)

     

       127
       127
       +
         Printf.printf "\n=== Results ===\n";

     

       128
       128
       +
         Printf.printf "System sha256sum:     %.3f seconds (%.2f MB/s)\n"

     

       129
       129
       +
           time_system

     

       130
       130
       +
           (float_of_int file_size /. time_system /. (1024.0 *. 1024.0));

     

       131
       131
       +
         Printf.printf "Cryptokit sha256sum:  %.3f seconds (%.2f MB/s)\n"

     

       132
       132
       +
           time_cryptokit

     

       133
       133
       +
           (float_of_int file_size /. time_cryptokit /. (1024.0 *. 1024.0));

     

       134
       134
       +
         Printf.printf "oxsha (mmap):         %.3f seconds (%.2f MB/s)\n"

     

       135
       135
       +
           time_oxsha

     

       136
       136
       +
           (float_of_int file_size /. time_oxsha /. (1024.0 *. 1024.0));

     

       137
       137
       +
       

     

       138
       138
       +
         (* Find fastest *)

     

       139
       139
       +
         let times = [

     

       140
       140
       +
           ("System sha256sum", time_system);

     

       141
       141
       +
           ("Cryptokit", time_cryptokit);

     

       142
       142
       +
           ("oxsha (mmap)", time_oxsha)

     

       143
       143
       +
         ] in

     

       144
       144
       +
         let fastest_name, fastest_time =

     

       145
       145
       +
           List.fold_left (fun (n, t) (n', t') -> if t' < t then (n', t') else (n, t))

     

       146
       146
       +
             (List.hd times) (List.tl times)

     

       147
       147
       +
         in

     

       148
       148
       +
         Printf.printf "\nFastest: %s\n" fastest_name;

     

       149
       149
       +
         List.iter (fun (name, time) ->

     

       150
       150
       +
           if name <> fastest_name then

     

       151
       151
       +
             Printf.printf "  %s is %.2fx faster than %s\n"

     

       152
       152
       +
               fastest_name (time /. fastest_time) name

     

       153
       153
       +
         ) times;

     

       154
       154
       +
       

     

       155
       155
       +
         (* Verify hashes match *)

     

       156
       156
       +
         let hash_system_lower = String.lowercase_ascii hash_system in

     

       157
       157
       +
         let hash_cryptokit_lower = String.lowercase_ascii hash_cryptokit in

     

       158
       158
       +
         let hash_oxsha_lower = String.lowercase_ascii hash_oxsha in

     

       159
       159
       +
       

     

       160
       160
       +
         if hash_system_lower = hash_cryptokit_lower && hash_system_lower = hash_oxsha_lower then

     

       161
       161
       +
           Printf.printf "\n✓ All hashes match!\n"

     

       162
       162
       +
         else (

     

       163
       163
       +
           Printf.printf "\n✗ ERROR: Hashes do not match!\n";

     

       164
       164
       +
           Printf.printf "  System:    %s\n" hash_system;

     

       165
       165
       +
           Printf.printf "  Cryptokit: %s\n" hash_cryptokit;

     

       166
       166
       +
           Printf.printf "  oxsha:     %s\n" hash_oxsha;

     

       167
       167
       +
           exit 1

     

       168
       168
       +
         );

     

       169
       169
       +
       

     

       170
       170
       +
         Printf.printf "\nNote: Test file %s has been preserved for future runs.\n" test_file;

     

       171
       171
       +
         Printf.printf "      Delete it manually if you want to recreate it.\n"

-124

test/test_sha256.ml

···

       1
       1
       -
       open Sha256

     

       2
       2
       -
       

     

       3
       3
       -
       (* Test vectors from NIST *)

     

       4
       4
       -
       let test_vectors = [

     

       5
       5
       -
         ("", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");

     

       6
       6
       -
         ("abc", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad");

     

       7
       7
       -
         ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",

     

       8
       8
       -
          "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1");

     

       9
       9
       -
         ("The quick brown fox jumps over the lazy dog",

     

       10
       10
       -
          "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592");

     

       11
       11
       -
         (String.make 1000000 'a',

     

       12
       12
       -
          "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0");

     

       13
       13
       -
       ]

     

       14
       14
       -
       

     

       15
       15
       -
       let test_basic () =

     

       16
       16
       -
         print_endline "Testing basic SHA256 functionality...";

     

       17
       17
       -
         List.iter (fun (input, expected) ->

     

       18
       18
       -
           let digest = hash_string input in

     

       19
       19
       -
           let hex = digest_to_hex digest in

     

       20
       20
       -
           if hex = expected then

     

       21
       21
       -
             Printf.printf "  ✓ Test passed for input length %d\n" (String.length input)

     

       22
       22
       -
           else begin

     

       23
       23
       -
             Printf.printf "  ✗ Test FAILED for input: %S\n" 

     

       24
       24
       -
               (if String.length input > 50 then 

     

       25
       25
       -
                  String.sub input 0 50 ^ "..." 

     

       26
       26
       -
                else input);

     

       27
       27
       -
             Printf.printf "    Expected: %s\n" expected;

     

       28
       28
       -
             Printf.printf "    Got:      %s\n" hex

     

       29
       29
       -
           end

     

       30
       30
       -
         ) test_vectors

     

       31
       31
       -
       

     

       32
       32
       -
       let benchmark () =

     

       33
       33
       -
         print_endline "\nBenchmarking SHA256 performance...";

     

       34
       34
       -
         

     

       35
       35
       -
         (* Test different input sizes *)

     

       36
       36
       -
         let sizes = [64; 256; 1024; 4096; 16384; 65536; 1048576] in

     

       37
       37
       -
         

     

       38
       38
       -
         List.iter (fun size ->

     

       39
       39
       -
           let data = String.make size 'x' in

     

       40
       40
       -
           let start = Unix.gettimeofday () in

     

       41
       41
       -
           let iterations = if size > 10000 then 1000 else 10000 in

     

       42
       42
       -
           

     

       43
       43
       -
           for _ = 1 to iterations do

     

       44
       44
       -
             ignore (hash_string data)

     

       45
       45
       -
           done;

     

       46
       46
       -
           

     

       47
       47
       -
           let elapsed = Unix.gettimeofday () -. start in

     

       48
       48
       -
           let throughput = (float_of_int (size * iterations)) /. elapsed /. 1_000_000.0 in

     

       49
       49
       -
           Printf.printf "  Size: %7d bytes | Iterations: %6d | Time: %.3fs | Throughput: %.1f MB/s\n"

     

       50
       50
       -
             size iterations elapsed throughput

     

       51
       51
       -
         ) sizes

     

       52
       52
       -
       

     

       53
       53
       -
       let test_incremental () =

     

       54
       54
       -
         print_endline "\nTesting incremental hashing...";

     

       55
       55
       -
         

     

       56
       56
       -
         (* Create test data *)

     

       57
       57
       -
         let data = "The quick brown fox jumps over the lazy dog" in

     

       58
       58
       -
         let expected = "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592" in

     

       59
       59
       -
         

     

       60
       60
       -
         (* Hash using oneshot *)

     

       61
       61
       -
         let digest1 = hash_string data in

     

       62
       62
       -
         let hex1 = digest_to_hex digest1 in

     

       63
       63
       -
         

     

       64
       64
       -
         (* Hash using incremental API *)

     

       65
       65
       -
         let state = init () in

     

       66
       66
       -
         let bytes = Bytes.of_string data in

     

       67
       67
       -
         let buffer = Bigarray.Array1.create Bigarray.int8_unsigned Bigarray.c_layout (String.length data) in

     

       68
       68
       -
         for i = 0 to String.length data - 1 do

     

       69
       69
       -
           Bigarray.Array1.set buffer i (Char.code data.[i])

     

       70
       70
       -
         done;

     

       71
       71
       -
         

     

       72
       72
       -
         let digest2 = finalize state buffer (Int64.of_int (String.length data)) in

     

       73
       73
       -
         let hex2 = digest_to_hex digest2 in

     

       74
       74
       -
         

     

       75
       75
       -
         if hex1 = expected && hex2 = expected then

     

       76
       76
       -
           print_endline "  ✓ Incremental hashing works correctly"

     

       77
       77
       -
         else begin

     

       78
       78
       -
           print_endline "  ✗ Incremental hashing FAILED";

     

       79
       79
       -
           Printf.printf "    Expected: %s\n" expected;

     

       80
       80
       -
           Printf.printf "    Oneshot:  %s\n" hex1;

     

       81
       81
       -
           Printf.printf "    Incremental: %s\n" hex2

     

       82
       82
       -
         end

     

       83
       83
       -
       

     

       84
       84
       -
       let test_parallel () =

     

       85
       85
       -
         print_endline "\nTesting parallel hashing...";

     

       86
       86
       -
         

     

       87
       87
       -
         (* Create test data *)

     

       88
       88
       -
         let num_hashes = 100 in

     

       89
       89
       -
         let inputs = List.init num_hashes (fun i -> 

     

       90
       90
       -
           Printf.sprintf "Test string number %d with some padding to make it longer" i

     

       91
       91
       -
           |> Bytes.of_string

     

       92
       92
       -
         ) in

     

       93
       93
       -
         

     

       94
       94
       -
         (* Sequential hashing *)

     

       95
       95
       -
         let start_seq = Unix.gettimeofday () in

     

       96
       96
       -
         let results_seq = List.map hash_bytes inputs in

     

       97
       97
       -
         let time_seq = Unix.gettimeofday () -. start_seq in

     

       98
       98
       -
         

     

       99
       99
       -
         (* Parallel hashing *)

     

       100
       100
       -
         let par = Parallel.create () in

     

       101
       101
       -
         let start_par = Unix.gettimeofday () in

     

       102
       102
       -
         let results_par = Fast.parallel_hash_many par inputs in

     

       103
       103
       -
         let time_par = Unix.gettimeofday () -. start_par in

     

       104
       104
       -
         

     

       105
       105
       -
         (* Verify results match *)

     

       106
       106
       -
         let results_match = 

     

       107
       107
       -
           List.for_all2 (fun d1 d2 -> digest_equal d1 d2) results_seq results_par

     

       108
       108
       -
         in

     

       109
       109
       -
         

     

       110
       110
       -
         if results_match then begin

     

       111
       111
       -
           Printf.printf "  ✓ Parallel hashing produces correct results\n";

     

       112
       112
       -
           Printf.printf "    Sequential: %.3fs\n" time_seq;

     

       113
       113
       -
           Printf.printf "    Parallel:   %.3fs\n" time_par;

     

       114
       114
       -
           Printf.printf "    Speedup:    %.2fx\n" (time_seq /. time_par)

     

       115
       115
       -
         end else

     

       116
       116
       -
           print_endline "  ✗ Parallel hashing produced different results!"

     

       117
       117
       -
       

     

       118
       118
       -
       let () =

     

       119
       119
       -
         print_endline "SHA256 Hardware Accelerated Test Suite";

     

       120
       120
       -
         print_endline "======================================";

     

       121
       121
       -
         test_basic ();

     

       122
       122
       -
         test_incremental ();

     

       123
       123
       -
         test_parallel ();

     

       124
       124
       -
         benchmark ()