Litecoin: Add a simplified SSE2 version of scrypt

pooler: Ported from tarsnap upstream, fixed aliasing issue
cfields: break apart sse2/non-sse2 into separate objects
This commit is contained in:
pooler 2013-08-29 15:14:34 +02:00 committed by Warren Togami
parent 3689088c6d
commit 4b82dceb7b
4 changed files with 184 additions and 22 deletions

View File

@ -144,6 +144,12 @@ OBJS= \
obj/leveldb.o \ obj/leveldb.o \
obj/txdb.o obj/txdb.o
OBJS_SSE2= obj/scrypt-sse2.o
ifdef SSE2
DEFS += -DUSE_SSE2
OBJS += $(OBJS_SSE2)
endif
all: litecoind all: litecoind
@ -169,6 +175,13 @@ obj/build.h: FORCE
version.cpp: obj/build.h version.cpp: obj/build.h
DEFS += -DHAVE_BUILD_INFO DEFS += -DHAVE_BUILD_INFO
obj/%-sse2.o: %-sse2.cpp
$(CXX) -c $(xCXXFLAGS) -msse2 -MMD -MF $(@:%.o=%.d) -o $@ $<
@cp $(@:%.o=%.d) $(@:%.o=%.P); \
sed -e 's/#.*//' -e 's/^[^:]*: *//' -e 's/ *\\$$//' \
-e '/^$$/ d' -e 's/$$/ :/' < $(@:%.o=%.d) >> $(@:%.o=%.P); \
rm -f $(@:%.o=%.d)
obj/%.o: %.cpp obj/%.o: %.cpp
$(CXX) -c $(xCXXFLAGS) -MMD -MF $(@:%.o=%.d) -o $@ $< $(CXX) -c $(xCXXFLAGS) -MMD -MF $(@:%.o=%.d) -o $@ $<
@cp $(@:%.o=%.d) $(@:%.o=%.P); \ @cp $(@:%.o=%.d) $(@:%.o=%.P); \

138
src/scrypt-sse2.cpp Normal file
View File

@ -0,0 +1,138 @@
/*
* Copyright 2009 Colin Percival, 2011 ArtForz, 2012-2013 pooler
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file was originally written by Colin Percival as part of the Tarsnap
* online backup system.
*/
#ifdef __SSE2__
#include "scrypt.h"
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <openssl/sha.h>
#include <emmintrin.h>
static inline void xor_salsa8_sse2(__m128i B[4], const __m128i Bx[4])
{
__m128i X0, X1, X2, X3;
__m128i T;
int i;
X0 = B[0] = _mm_xor_si128(B[0], Bx[0]);
X1 = B[1] = _mm_xor_si128(B[1], Bx[1]);
X2 = B[2] = _mm_xor_si128(B[2], Bx[2]);
X3 = B[3] = _mm_xor_si128(B[3], Bx[3]);
for (i = 0; i < 8; i += 2) {
/* Operate on "columns". */
T = _mm_add_epi32(X0, X3);
X1 = _mm_xor_si128(X1, _mm_slli_epi32(T, 7));
X1 = _mm_xor_si128(X1, _mm_srli_epi32(T, 25));
T = _mm_add_epi32(X1, X0);
X2 = _mm_xor_si128(X2, _mm_slli_epi32(T, 9));
X2 = _mm_xor_si128(X2, _mm_srli_epi32(T, 23));
T = _mm_add_epi32(X2, X1);
X3 = _mm_xor_si128(X3, _mm_slli_epi32(T, 13));
X3 = _mm_xor_si128(X3, _mm_srli_epi32(T, 19));
T = _mm_add_epi32(X3, X2);
X0 = _mm_xor_si128(X0, _mm_slli_epi32(T, 18));
X0 = _mm_xor_si128(X0, _mm_srli_epi32(T, 14));
/* Rearrange data. */
X1 = _mm_shuffle_epi32(X1, 0x93);
X2 = _mm_shuffle_epi32(X2, 0x4E);
X3 = _mm_shuffle_epi32(X3, 0x39);
/* Operate on "rows". */
T = _mm_add_epi32(X0, X1);
X3 = _mm_xor_si128(X3, _mm_slli_epi32(T, 7));
X3 = _mm_xor_si128(X3, _mm_srli_epi32(T, 25));
T = _mm_add_epi32(X3, X0);
X2 = _mm_xor_si128(X2, _mm_slli_epi32(T, 9));
X2 = _mm_xor_si128(X2, _mm_srli_epi32(T, 23));
T = _mm_add_epi32(X2, X3);
X1 = _mm_xor_si128(X1, _mm_slli_epi32(T, 13));
X1 = _mm_xor_si128(X1, _mm_srli_epi32(T, 19));
T = _mm_add_epi32(X1, X2);
X0 = _mm_xor_si128(X0, _mm_slli_epi32(T, 18));
X0 = _mm_xor_si128(X0, _mm_srli_epi32(T, 14));
/* Rearrange data. */
X1 = _mm_shuffle_epi32(X1, 0x39);
X2 = _mm_shuffle_epi32(X2, 0x4E);
X3 = _mm_shuffle_epi32(X3, 0x93);
}
B[0] = _mm_add_epi32(B[0], X0);
B[1] = _mm_add_epi32(B[1], X1);
B[2] = _mm_add_epi32(B[2], X2);
B[3] = _mm_add_epi32(B[3], X3);
}
#endif
void scrypt_1024_1_1_256_sp_sse2(const char *input, char *output, char *scratchpad)
{
#ifdef __SSE2__
uint8_t B[128];
union {
__m128i i128[8];
uint32_t u32[32];
} X;
__m128i *V;
uint32_t i, j, k;
V = (__m128i *)(((uintptr_t)(scratchpad) + 63) & ~ (uintptr_t)(63));
PBKDF2_SHA256((const uint8_t *)input, 80, (const uint8_t *)input, 80, 1, B, 128);
for (k = 0; k < 2; k++) {
for (i = 0; i < 16; i++) {
X.u32[k * 16 + i] = le32dec(&B[(k * 16 + (i * 5 % 16)) * 4]);
}
}
for (i = 0; i < 1024; i++) {
for (k = 0; k < 8; k++)
V[i * 8 + k] = X.i128[k];
xor_salsa8_sse2(&X.i128[0], &X.i128[4]);
xor_salsa8_sse2(&X.i128[4], &X.i128[0]);
}
for (i = 0; i < 1024; i++) {
j = 8 * (X.u32[16] & 1023);
for (k = 0; k < 8; k++)
X.i128[k] = _mm_xor_si128(X.i128[k], V[j + k]);
xor_salsa8_sse2(&X.i128[0], &X.i128[4]);
xor_salsa8_sse2(&X.i128[4], &X.i128[0]);
}
for (k = 0; k < 2; k++) {
for (i = 0; i < 16; i++) {
le32enc(&B[(k * 16 + (i * 5 % 16)) * 4], X.u32[k * 16 + i]);
}
}
PBKDF2_SHA256((const uint8_t *)input, 80, B, 128, 1, (uint8_t *)output, 32);
#endif
}

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2009 Colin Percival, 2011 ArtForz * Copyright 2009 Colin Percival, 2011 ArtForz, 2012-2013 pooler
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
@ -49,23 +49,6 @@ static inline void be32enc(void *pp, uint32_t x)
p[0] = (x >> 24) & 0xff; p[0] = (x >> 24) & 0xff;
} }
static inline uint32_t le32dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) +
((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24));
}
static inline void le32enc(void *pp, uint32_t x)
{
uint8_t *p = (uint8_t *)pp;
p[0] = x & 0xff;
p[1] = (x >> 8) & 0xff;
p[2] = (x >> 16) & 0xff;
p[3] = (x >> 24) & 0xff;
}
typedef struct HMAC_SHA256Context { typedef struct HMAC_SHA256Context {
SHA256_CTX ictx; SHA256_CTX ictx;
SHA256_CTX octx; SHA256_CTX octx;
@ -139,7 +122,7 @@ HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX *ctx)
* Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
* write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1).
*/ */
static void void
PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt, PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt,
size_t saltlen, uint64_t c, uint8_t *buf, size_t dkLen) size_t saltlen, uint64_t c, uint8_t *buf, size_t dkLen)
{ {
@ -191,7 +174,6 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt,
memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX)); memset(&PShctx, 0, sizeof(HMAC_SHA256_CTX));
} }
#define ROTL(a, b) (((a) << (b)) | ((a) >> (32 - (b)))) #define ROTL(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
static inline void xor_salsa8(uint32_t B[16], const uint32_t Bx[16]) static inline void xor_salsa8(uint32_t B[16], const uint32_t Bx[16])
@ -296,5 +278,11 @@ void scrypt_1024_1_1_256_sp(const char *input, char *output, char *scratchpad)
void scrypt_1024_1_1_256(const char *input, char *output) void scrypt_1024_1_1_256(const char *input, char *output)
{ {
char scratchpad[SCRYPT_SCRATCHPAD_SIZE]; char scratchpad[SCRYPT_SCRATCHPAD_SIZE];
#ifdef USE_SSE2
// todo: runtime detection at startup and use function pointer
if(1)
scrypt_1024_1_1_256_sp_sse2(input, output, scratchpad);
else
#endif
scrypt_1024_1_1_256_sp(input, output, scratchpad); scrypt_1024_1_1_256_sp(input, output, scratchpad);
} }

View File

@ -1,9 +1,32 @@
#ifndef SCRYPT_H #ifndef SCRYPT_H
#define SCRYPT_H #define SCRYPT_H
#include <stdlib.h>
#include <stdint.h>
static const int SCRYPT_SCRATCHPAD_SIZE = 131072 + 63; static const int SCRYPT_SCRATCHPAD_SIZE = 131072 + 63;
void scrypt_1024_1_1_256_sp_sse2(const char *input, char *output, char *scratchpad);
void scrypt_1024_1_1_256_sp(const char *input, char *output, char *scratchpad); void scrypt_1024_1_1_256_sp(const char *input, char *output, char *scratchpad);
void scrypt_1024_1_1_256(const char *input, char *output); void scrypt_1024_1_1_256(const char *input, char *output);
void
PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt,
size_t saltlen, uint64_t c, uint8_t *buf, size_t dkLen);
static inline uint32_t le32dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) +
((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24));
}
static inline void le32enc(void *pp, uint32_t x)
{
uint8_t *p = (uint8_t *)pp;
p[0] = x & 0xff;
p[1] = (x >> 8) & 0xff;
p[2] = (x >> 16) & 0xff;
p[3] = (x >> 24) & 0xff;
}
#endif #endif