LibCrypto: Update entire blocks in SHA*::update()

Instead of going byte by byte, copy entire blocks at once and only check if we need to update the state once per block. This pretty much eliminates `::update()` from profiles and measurably improves performance for utilities like `sha256sum`.
2025-07-27 12:07:45 +00:00 · 2023-03-24 01:43:32 +01:00 · 2023-03-24 01:43:32 +01:00 · ea9707ec29
commit ea9707ec29
parent 0606d371fe
2 changed files with 40 additions and 61 deletions
--- a/Userland/Libraries/LibCrypto/Hash/SHA1.cpp
+++ b/Userland/Libraries/LibCrypto/Hash/SHA1.cpp
@ -1,5 +1,6 @@
 /*
 * Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
 * Copyright (c) 2023, Jelle Raaijmakers <jelle@gmta.nl>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */
@ -68,13 +69,17 @@ inline void SHA1::transform(u8 const* data)
 void SHA1::update(u8 const* message, size_t length)
 {
-    for (size_t i = 0; i < length; ++i) {
+    while (length > 0) {
        size_t copy_bytes = AK::min(length, BlockSize - m_data_length);
        __builtin_memcpy(m_data_buffer + m_data_length, message, copy_bytes);
        message += copy_bytes;
        length -= copy_bytes;
        m_data_length += copy_bytes;
        if (m_data_length == BlockSize) {
            transform(m_data_buffer);
-            m_bit_length += 512;
+            m_bit_length += BlockSize * 8;
            m_data_length = 0;
        }
        m_data_buffer[m_data_length++] = message[i];
    }
 }
@ -96,13 +101,6 @@ SHA1::DigestType SHA1::peek()
    __builtin_memcpy(data, m_data_buffer, m_data_length);
    __builtin_memcpy(state, m_state, 20);
    if (BlockSize == m_data_length) {
        transform(m_data_buffer);
        m_bit_length += BlockSize * 8;
        m_data_length = 0;
        i = 0;
    }
    if (m_data_length < FinalBlockDataSize) {
        m_data_buffer[i++] = 0x80;
        while (i < FinalBlockDataSize)
--- a/Userland/Libraries/LibCrypto/Hash/SHA2.cpp
+++ b/Userland/Libraries/LibCrypto/Hash/SHA2.cpp
@ -1,5 +1,6 @@
 /*
 * Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
 * Copyright (c) 2023, Jelle Raaijmakers <jelle@gmta.nl>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */
@ -65,16 +66,28 @@ inline void SHA256::transform(u8 const* data)
    m_state[7] += h;
 }
 template<size_t BlockSize, typename Callback>
 void update_buffer(u8* buffer, u8 const* input, size_t length, size_t& data_length, Callback callback)
 {
    while (length > 0) {
        size_t copy_bytes = AK::min(length, BlockSize - data_length);
        __builtin_memcpy(buffer + data_length, input, copy_bytes);
        input += copy_bytes;
        length -= copy_bytes;
        data_length += copy_bytes;
        if (data_length == BlockSize) {
            callback();
            data_length = 0;
        }
    }
 }
 void SHA256::update(u8 const* message, size_t length)
 {
-    for (size_t i = 0; i < length; ++i) {
+    update_buffer<BlockSize>(m_data_buffer, message, length, m_data_length, [&]() {
        if (m_data_length == BlockSize) {
        transform(m_data_buffer);
-            m_bit_length += 512;
+        m_bit_length += BlockSize * 8;
-            m_data_length = 0;
+    });
        }
        m_data_buffer[m_data_length++] = message[i];
    }
 }
 SHA256::DigestType SHA256::digest()
@ -89,18 +102,10 @@ SHA256::DigestType SHA256::peek()
    DigestType digest;
    size_t i = m_data_length;
-    if (BlockSize == m_data_length) {
+    if (i < FinalBlockDataSize) {
        transform(m_data_buffer);
        m_bit_length += BlockSize * 8;
        m_data_length = 0;
        i = 0;
    }
    if (m_data_length < FinalBlockDataSize) {
        m_data_buffer[i++] = 0x80;
        while (i < FinalBlockDataSize)
            m_data_buffer[i++] = 0x00;
    } else {
        // First, complete a block with some padding.
        m_data_buffer[i++] = 0x80;
@ -185,14 +190,10 @@ inline void SHA384::transform(u8 const* data)
 void SHA384::update(u8 const* message, size_t length)
 {
-    for (size_t i = 0; i < length; ++i) {
+    update_buffer<BlockSize>(m_data_buffer, message, length, m_data_length, [&]() {
        if (m_data_length == BlockSize) {
        transform(m_data_buffer);
-            m_bit_length += 1024;
+        m_bit_length += BlockSize * 8;
-            m_data_length = 0;
+    });
        }
        m_data_buffer[m_data_length++] = message[i];
    }
 }
 SHA384::DigestType SHA384::digest()
@ -207,18 +208,10 @@ SHA384::DigestType SHA384::peek()
    DigestType digest;
    size_t i = m_data_length;
-    if (BlockSize == m_data_length) {
+    if (i < FinalBlockDataSize) {
        transform(m_data_buffer);
        m_bit_length += BlockSize * 8;
        m_data_length = 0;
        i = 0;
    }
    if (m_data_length < FinalBlockDataSize) {
        m_data_buffer[i++] = 0x80;
        while (i < FinalBlockDataSize)
            m_data_buffer[i++] = 0x00;
    } else {
        // First, complete a block with some padding.
        m_data_buffer[i++] = 0x80;
@ -309,14 +302,10 @@ inline void SHA512::transform(u8 const* data)
 void SHA512::update(u8 const* message, size_t length)
 {
-    for (size_t i = 0; i < length; ++i) {
+    update_buffer<BlockSize>(m_data_buffer, message, length, m_data_length, [&]() {
        if (m_data_length == BlockSize) {
        transform(m_data_buffer);
-            m_bit_length += 1024;
+        m_bit_length += BlockSize * 8;
-            m_data_length = 0;
+    });
        }
        m_data_buffer[m_data_length++] = message[i];
    }
 }
 SHA512::DigestType SHA512::digest()
@ -331,18 +320,10 @@ SHA512::DigestType SHA512::peek()
    DigestType digest;
    size_t i = m_data_length;
-    if (BlockSize == m_data_length) {
+    if (i < FinalBlockDataSize) {
        transform(m_data_buffer);
        m_bit_length += BlockSize * 8;
        m_data_length = 0;
        i = 0;
    }
    if (m_data_length < FinalBlockDataSize) {
        m_data_buffer[i++] = 0x80;
        while (i < FinalBlockDataSize)
            m_data_buffer[i++] = 0x00;
    } else {
        // First, complete a block with some padding.
        m_data_buffer[i++] = 0x80;