Add Cryptonight Fast support (zone117x#60)

Author: frozennova

binding.gyp

@@ -9,6 +9,7 @@
                 "boolberry.cc",
                 "c11.c",
                 "cryptonight.c",
+				"cryptonight_fast.c",
                 "fresh.c",
                 "fugue.c",
                 "groestl.c",

cryptonight_fast.c

@@ -0,0 +1,215 @@
+// Copyright (c) 2012-2013 The Cryptonote developers
+// Distributed under the MIT/X11 software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+// Portions Copyright (c) 2018 The Monero developers
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "crypto/oaes_lib.h"
+#include "crypto/c_keccak.h"
+#include "crypto/c_groestl.h"
+#include "crypto/c_blake256.h"
+#include "crypto/c_jh.h"
+#include "crypto/c_skein.h"
+#include "crypto/int-util.h"
+#include "crypto/hash-ops.h"
+
+#define MEMORY         (1 << 21) /* 2 MiB */
+#define ITER           (1 << 19)
+#define AES_BLOCK_SIZE  16
+#define AES_KEY_SIZE    32 /*16*/
+#define INIT_SIZE_BLK   8
+#define INIT_SIZE_BYTE (INIT_SIZE_BLK * AES_BLOCK_SIZE)
+
+#define VARIANT1_1(p) \
+  do if (variant > 0) \
+  { \
+    const uint8_t tmp = ((const uint8_t*)(p))[11]; \
+    static const uint32_t table = 0x75310; \
+    const uint8_t index = (((tmp >> 3) & 6) | (tmp & 1)) << 1; \
+    ((uint8_t*)(p))[11] = tmp ^ ((table >> index) & 0x30); \
+  } while(0)
+
+#define VARIANT1_2(p) \
+   do if (variant > 0) \
+   { \
+     ((uint64_t*)p)[1] ^= tweak1_2; \
+   } while(0)
+
+#define VARIANT1_INIT() \
+  if (variant > 0 && len < 43) \
+  { \
+    fprintf(stderr, "Cryptonight variants need at least 43 bytes of data"); \
+    _exit(1); \
+  } \
+  const uint64_t tweak1_2 = variant > 0 ? *(const uint64_t*)(((const uint8_t*)input)+35) ^ ctx->state.hs.w[24] : 0
+
+#pragma pack(push, 1)
+union cn_slow_hash_state {
+    union hash_state hs;
+    struct {
+        uint8_t k[64];
+        uint8_t init[INIT_SIZE_BYTE];
+    };
+};
+#pragma pack(pop)
+
+static void do_fast_blake_hash(const void* input, size_t len, char* output) {
+    blake256_hash((uint8_t*)output, input, len);
+}
+
+void do_fast_groestl_hash(const void* input, size_t len, char* output) {
+    groestl(input, len * 8, (uint8_t*)output);
+}
+
+static void do_fast_jh_hash(const void* input, size_t len, char* output) {
+    int r = jh_hash(HASH_SIZE * 8, input, 8 * len, (uint8_t*)output);
+    assert(SUCCESS == r);
+}
+
+static void do_fast_skein_hash(const void* input, size_t len, char* output) {
+    int r = c_skein_hash(8 * HASH_SIZE, input, 8 * len, (uint8_t*)output);
+    assert(SKEIN_SUCCESS == r);
+}
+
+static void (* const extra_hashes[4])(const void *, size_t, char *) = {
+    do_fast_blake_hash, do_fast_groestl_hash, do_fast_jh_hash, do_fast_skein_hash
+};
+
+extern int aesb_single_round(const uint8_t *in, uint8_t*out, const uint8_t *expandedKey);
+extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey);
+
+static inline size_t e2i(const uint8_t* a) {
+    return (*((uint64_t*) a) / AES_BLOCK_SIZE) & (MEMORY / AES_BLOCK_SIZE - 1);
+}
+
+static void mul(const uint8_t* a, const uint8_t* b, uint8_t* res) {
+    ((uint64_t*) res)[1] = mul128(((uint64_t*) a)[0], ((uint64_t*) b)[0], (uint64_t*) res);
+}
+
+static void mul_sum_xor_dst(const uint8_t* a, uint8_t* c, uint8_t* dst) {
+    uint64_t hi, lo = mul128(((uint64_t*) a)[0], ((uint64_t*) dst)[0], &hi) + ((uint64_t*) c)[1];
+    hi += ((uint64_t*) c)[0];
+
+    ((uint64_t*) c)[0] = ((uint64_t*) dst)[0] ^ hi;
+    ((uint64_t*) c)[1] = ((uint64_t*) dst)[1] ^ lo;
+    ((uint64_t*) dst)[0] = hi;
+    ((uint64_t*) dst)[1] = lo;
+}
+
+static void sum_half_blocks(uint8_t* a, const uint8_t* b) {
+    uint64_t a0, a1, b0, b1;
+
+    a0 = SWAP64LE(((uint64_t*) a)[0]);
+    a1 = SWAP64LE(((uint64_t*) a)[1]);
+    b0 = SWAP64LE(((uint64_t*) b)[0]);
+    b1 = SWAP64LE(((uint64_t*) b)[1]);
+    a0 += b0;
+    a1 += b1;
+    ((uint64_t*) a)[0] = SWAP64LE(a0);
+    ((uint64_t*) a)[1] = SWAP64LE(a1);
+}
+
+static inline void copy_block(uint8_t* dst, const uint8_t* src) {
+    ((uint64_t*) dst)[0] = ((uint64_t*) src)[0];
+    ((uint64_t*) dst)[1] = ((uint64_t*) src)[1];
+}
+
+static void swap_blocks(uint8_t* a, uint8_t* b) {
+    size_t i;
+    uint8_t t;
+    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+        t = a[i];
+        a[i] = b[i];
+        b[i] = t;
+    }
+}
+
+static inline void xor_blocks(uint8_t* a, const uint8_t* b) {
+    ((uint64_t*) a)[0] ^= ((uint64_t*) b)[0];
+    ((uint64_t*) a)[1] ^= ((uint64_t*) b)[1];
+}
+
+static inline void xor_blocks_dst(const uint8_t* a, const uint8_t* b, uint8_t* dst) {
+    ((uint64_t*) dst)[0] = ((uint64_t*) a)[0] ^ ((uint64_t*) b)[0];
+    ((uint64_t*) dst)[1] = ((uint64_t*) a)[1] ^ ((uint64_t*) b)[1];
+}
+
+struct cryptonightfast_ctx {
+    uint8_t long_state[MEMORY];
+    union cn_slow_hash_state state;
+    uint8_t text[INIT_SIZE_BYTE];
+    uint8_t a[AES_BLOCK_SIZE];
+    uint8_t b[AES_BLOCK_SIZE];
+    uint8_t c[AES_BLOCK_SIZE];
+    uint8_t aes_key[AES_KEY_SIZE];
+    oaes_ctx* aes_ctx;
+};
+
+void cryptonightfast_hash(const char* input, char* output, uint32_t len, int variant) {
+    struct cryptonightfast_ctx *ctx = alloca(sizeof(struct cryptonightfast_ctx));
+    hash_process(&ctx->state.hs, (const uint8_t*) input, len);
+    memcpy(ctx->text, ctx->state.init, INIT_SIZE_BYTE);
+    memcpy(ctx->aes_key, ctx->state.hs.b, AES_KEY_SIZE);
+    ctx->aes_ctx = (oaes_ctx*) oaes_alloc();
+    size_t i, j;
+
+    VARIANT1_INIT();
+
+    oaes_key_import_data(ctx->aes_ctx, ctx->aes_key, AES_KEY_SIZE);
+    for (i = 0; i < MEMORY / INIT_SIZE_BYTE; i++) {
+        for (j = 0; j < INIT_SIZE_BLK; j++) {
+            aesb_pseudo_round(&ctx->text[AES_BLOCK_SIZE * j],
+                    &ctx->text[AES_BLOCK_SIZE * j],
+                    ctx->aes_ctx->key->exp_data);
+        }
+        memcpy(&ctx->long_state[i * INIT_SIZE_BYTE], ctx->text, INIT_SIZE_BYTE);
+    }
+
+    for (i = 0; i < 16; i++) {
+        ctx->a[i] = ctx->state.k[i] ^ ctx->state.k[32 + i];
+        ctx->b[i] = ctx->state.k[16 + i] ^ ctx->state.k[48 + i];
+    }
+
+    for (i = 0; i < ITER / 2; i++) {
+        /* Dependency chain: address -> read value ------+
+         * written value <-+ hard function (AES or MUL) <+
+         * next address  <-+
+         */
+        /* Iteration 1 */
+        j = e2i(ctx->a);
+        aesb_single_round(&ctx->long_state[j * AES_BLOCK_SIZE], ctx->c, ctx->a);
+        xor_blocks_dst(ctx->c, ctx->b, &ctx->long_state[j * AES_BLOCK_SIZE]);
+	VARIANT1_1((uint8_t*)&ctx->long_state[j * AES_BLOCK_SIZE]);
+        /* Iteration 2 */
+        mul_sum_xor_dst(ctx->c, ctx->a,
+                &ctx->long_state[e2i(ctx->c) * AES_BLOCK_SIZE]);
+        copy_block(ctx->b, ctx->c);
+	VARIANT1_2((uint8_t*)
+                &ctx->long_state[e2i(ctx->c) * AES_BLOCK_SIZE]);
+    }
+
+    memcpy(ctx->text, ctx->state.init, INIT_SIZE_BYTE);
+    oaes_key_import_data(ctx->aes_ctx, &ctx->state.hs.b[32], AES_KEY_SIZE);
+    for (i = 0; i < MEMORY / INIT_SIZE_BYTE; i++) {
+        for (j = 0; j < INIT_SIZE_BLK; j++) {
+            xor_blocks(&ctx->text[j * AES_BLOCK_SIZE],
+                    &ctx->long_state[i * INIT_SIZE_BYTE + j * AES_BLOCK_SIZE]);
+            aesb_pseudo_round(&ctx->text[j * AES_BLOCK_SIZE],
+                    &ctx->text[j * AES_BLOCK_SIZE],
+                    ctx->aes_ctx->key->exp_data);
+        }
+    }
+    memcpy(ctx->state.init, ctx->text, INIT_SIZE_BYTE);
+    hash_permutation(&ctx->state.hs);
+    /*memcpy(hash, &state, 32);*/
+    extra_hashes[ctx->state.hs.b[0] & 3](&ctx->state, 200, output);
+    oaes_free((OAES_CTX **) &ctx->aes_ctx);
+}
+
+void cryptonightfast_fast_hash(const char* input, char* output, uint32_t len) {
+    union hash_state state;
+    hash_process(&state, (const uint8_t*) input, len);
+    memcpy(output, &state, HASH_SIZE);
+}

cryptonight_fast.h

@@ -0,0 +1,17 @@
+#ifndef CRYPTONIGHTFAST_H
+#define CRYPTONIGHTFAST_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+void cryptonightfast_hash(const char* input, char* output, uint32_t len, int variant);
+void cryptonightfast_fast_hash(const char* input, char* output, uint32_t len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

multihashing.cc

@@ -8,6 +8,7 @@ extern "C" {
     #include "blake.h"
     #include "c11.h"
     #include "cryptonight.h"
+	#include "cryptonight_fast.h"
     #include "fresh.h"
     #include "fugue.h"
     #include "groestl.h"
@@ -234,7 +235,43 @@ DECLARE_FUNC(cryptonight) {
     }
     SET_BUFFER_RETURN(output, 32);
 }
+DECLARE_FUNC(cryptonightfast) {
+    DECLARE_SCOPE;
 
+    bool fast = false;
+    uint32_t cn_variant = 0;
+
+    if (args.Length() < 1)
+        RETURN_EXCEPT("You must provide one argument.");
+
+    if (args.Length() >= 2) {
+        if(args[1]->IsBoolean())
+            fast = args[1]->BooleanValue();
+        else if(args[1]->IsUint32())
+            cn_variant = args[1]->Uint32Value();
+        else
+            RETURN_EXCEPT("Argument 2 should be a boolean or uint32_t");
+    }
+
+    Local<Object> target = args[0]->ToObject();
+
+    if(!Buffer::HasInstance(target))
+        RETURN_EXCEPT("Argument should be a buffer object.");
+
+    char * input = Buffer::Data(target);
+    char output[32];
+
+    uint32_t input_len = Buffer::Length(target);
+
+    if(fast)
+        cryptonightfast_fast_hash(input, output, input_len);
+    else {
+        if (cn_variant > 0 && input_len < 43)
+            RETURN_EXCEPT("Argument must be 43 bytes for monero variant 1+");
+        cryptonightfast_hash(input, output, input_len, cn_variant);
+    }
+    SET_BUFFER_RETURN(output, 32);
+}
 DECLARE_FUNC(boolberry) {
     DECLARE_SCOPE;
 
@@ -276,6 +313,7 @@ DECLARE_INIT(init) {
     NODE_SET_METHOD(exports, "boolberry", boolberry);
     NODE_SET_METHOD(exports, "c11", c11);
     NODE_SET_METHOD(exports, "cryptonight", cryptonight);
+	NODE_SET_METHOD(exports, "cryptonightfast", cryptonightfast);
     NODE_SET_METHOD(exports, "fresh", fresh);
     NODE_SET_METHOD(exports, "fugue", fugue);
     NODE_SET_METHOD(exports, "groestl", groestl);
@@ -296,4 +334,4 @@ DECLARE_INIT(init) {
     NODE_SET_METHOD(exports, "x15", x15);
 }
 
-NODE_MODULE(multihashing, init)
+NODE_MODULE(multihashing, init)