mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5439 Commits
49 Branches
Tree: 171f84a041
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '171f84a041'
${ noResults }
jgit/org.eclipse.jgit.test/tst/org/eclipse/jgit/util/sha1/SHA1Test.java

SHA1Test.java 7.6KB
Raw Normal View History

Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
Use constants from StandardCharsets instead of hard-coded strings Instead of hard-coding the charset strings "US-ASCII", "UTF-8", and "ISO-8859-1", use the corresponding constants from StandardCharsets. UnsupportedEncodingException is not thrown when the StandardCharset constants are used, so remove the now redundant handling. Because the encoding names are no longer hard-coded strings, also remove redundant $NON-NLS warning suppressions. Also replace existing usages of the constants with static imports. Change-Id: I0a4510d3d992db5e277f009a41434276f95bda4e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA-1: collision detection support Update SHA1 class to include a Java port of sha1dc[1]'s ubc_check, which can detect the attack pattern used by the SHAttered[2] authors. Given the shattered example files that have the same SHA-1, this modified implementation can identify there is risk of collision given only one file in the pair: $ jgit ... [main] WARN org.eclipse.jgit.util.sha1.SHA1 - SHA-1 collision 38762cf7f55934b34d179ae6a4c80cadccbb7f0a When JGit detects probability of a collision the SHA1 class now warns on the logger, reporting the object's SHA-1 hash, and then throws a Sha1CollisionException to the caller. From the paper[3] by Marc Stevens, the probability of a false positive identification of a collision is about 14 * 2^(-160), sufficiently low enough for any detected collision to likely be a real collision. git-core[4] may adopt sha1dc before the system migrates to an entirely new hash function. This commit enables JGit to remain compatible with that move to sha1dc, and help protect users by warning if similar attacks as SHAttered are identified. Performance declined about 8% (detection off), now: MessageDigest 238.41 MiB/s MessageDigest 244.52 MiB/s MessageDigest 244.06 MiB/s MessageDigest 242.58 MiB/s SHA1 216.77 MiB/s (was ~240.83 MiB/s) SHA1 220.98 MiB/s SHA1 221.76 MiB/s SHA1 221.34 MiB/s This decline in throughput is attributed to the step loop unrolling in compress(), which was necessary to easily fit the UbcCheck logic into the hash function. Using helper functions s1-s4 reduces the code explosion, providing acceptable throughput. With detection enabled (default): SHA1 detectCollision 180.12 MiB/s SHA1 detectCollision 181.59 MiB/s SHA1 detectCollision 181.64 MiB/s SHA1 detectCollision 182.24 MiB/s sha1dc (native C) ~206.28 MiB/s sha1dc (native C) ~204.47 MiB/s sha1dc (native C) ~203.74 MiB/s Average time across 100,000 calls to hash 4100 bytes (such as a commit or tree) for the various algorithms available to JGit also shows SHA1 is slower than MessageDigest, but by an acceptable margin: MessageDigest 17 usec SHA1 18 usec SHA1 detectCollision 22 usec Time to index-pack for git.git (217982 objects, 69 MiB) has increased: MessageDigest SHA1 w/ detectCollision ------------- ----------------------- 20.12s 25.25s 19.87s 25.48s 20.04s 25.26s avg 20.01s 25.33s +26% Being implemented in Java with these additional safety checks is clearly a penalty, but throughput is still acceptable given the increased security against object name collisions. [1] https://github.com/cr-marcstevens/sha1collisiondetection [2] https://shattered.it/ [3] https://marc-stevens.nl/research/papers/C13-S.pdf [4] https://public-inbox.org/git/20170223230621.43anex65ndoqbgnf@sigill.intra.peff.net/ Change-Id: I9fe4c6d8fc5e5a661af72cd3246c9e67b1b9fee6
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA-1: collision detection support Update SHA1 class to include a Java port of sha1dc[1]'s ubc_check, which can detect the attack pattern used by the SHAttered[2] authors. Given the shattered example files that have the same SHA-1, this modified implementation can identify there is risk of collision given only one file in the pair: $ jgit ... [main] WARN org.eclipse.jgit.util.sha1.SHA1 - SHA-1 collision 38762cf7f55934b34d179ae6a4c80cadccbb7f0a When JGit detects probability of a collision the SHA1 class now warns on the logger, reporting the object's SHA-1 hash, and then throws a Sha1CollisionException to the caller. From the paper[3] by Marc Stevens, the probability of a false positive identification of a collision is about 14 * 2^(-160), sufficiently low enough for any detected collision to likely be a real collision. git-core[4] may adopt sha1dc before the system migrates to an entirely new hash function. This commit enables JGit to remain compatible with that move to sha1dc, and help protect users by warning if similar attacks as SHAttered are identified. Performance declined about 8% (detection off), now: MessageDigest 238.41 MiB/s MessageDigest 244.52 MiB/s MessageDigest 244.06 MiB/s MessageDigest 242.58 MiB/s SHA1 216.77 MiB/s (was ~240.83 MiB/s) SHA1 220.98 MiB/s SHA1 221.76 MiB/s SHA1 221.34 MiB/s This decline in throughput is attributed to the step loop unrolling in compress(), which was necessary to easily fit the UbcCheck logic into the hash function. Using helper functions s1-s4 reduces the code explosion, providing acceptable throughput. With detection enabled (default): SHA1 detectCollision 180.12 MiB/s SHA1 detectCollision 181.59 MiB/s SHA1 detectCollision 181.64 MiB/s SHA1 detectCollision 182.24 MiB/s sha1dc (native C) ~206.28 MiB/s sha1dc (native C) ~204.47 MiB/s sha1dc (native C) ~203.74 MiB/s Average time across 100,000 calls to hash 4100 bytes (such as a commit or tree) for the various algorithms available to JGit also shows SHA1 is slower than MessageDigest, but by an acceptable margin: MessageDigest 17 usec SHA1 18 usec SHA1 detectCollision 22 usec Time to index-pack for git.git (217982 objects, 69 MiB) has increased: MessageDigest SHA1 w/ detectCollision ------------- ----------------------- 20.12s 25.25s 19.87s 25.48s 20.04s 25.26s avg 20.01s 25.33s +26% Being implemented in Java with these additional safety checks is clearly a penalty, but throughput is still acceptable given the increased security against object name collisions. [1] https://github.com/cr-marcstevens/sha1collisiondetection [2] https://shattered.it/ [3] https://marc-stevens.nl/research/papers/C13-S.pdf [4] https://public-inbox.org/git/20170223230621.43anex65ndoqbgnf@sigill.intra.peff.net/ Change-Id: I9fe4c6d8fc5e5a661af72cd3246c9e67b1b9fee6
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA-1: collision detection support Update SHA1 class to include a Java port of sha1dc[1]'s ubc_check, which can detect the attack pattern used by the SHAttered[2] authors. Given the shattered example files that have the same SHA-1, this modified implementation can identify there is risk of collision given only one file in the pair: $ jgit ... [main] WARN org.eclipse.jgit.util.sha1.SHA1 - SHA-1 collision 38762cf7f55934b34d179ae6a4c80cadccbb7f0a When JGit detects probability of a collision the SHA1 class now warns on the logger, reporting the object's SHA-1 hash, and then throws a Sha1CollisionException to the caller. From the paper[3] by Marc Stevens, the probability of a false positive identification of a collision is about 14 * 2^(-160), sufficiently low enough for any detected collision to likely be a real collision. git-core[4] may adopt sha1dc before the system migrates to an entirely new hash function. This commit enables JGit to remain compatible with that move to sha1dc, and help protect users by warning if similar attacks as SHAttered are identified. Performance declined about 8% (detection off), now: MessageDigest 238.41 MiB/s MessageDigest 244.52 MiB/s MessageDigest 244.06 MiB/s MessageDigest 242.58 MiB/s SHA1 216.77 MiB/s (was ~240.83 MiB/s) SHA1 220.98 MiB/s SHA1 221.76 MiB/s SHA1 221.34 MiB/s This decline in throughput is attributed to the step loop unrolling in compress(), which was necessary to easily fit the UbcCheck logic into the hash function. Using helper functions s1-s4 reduces the code explosion, providing acceptable throughput. With detection enabled (default): SHA1 detectCollision 180.12 MiB/s SHA1 detectCollision 181.59 MiB/s SHA1 detectCollision 181.64 MiB/s SHA1 detectCollision 182.24 MiB/s sha1dc (native C) ~206.28 MiB/s sha1dc (native C) ~204.47 MiB/s sha1dc (native C) ~203.74 MiB/s Average time across 100,000 calls to hash 4100 bytes (such as a commit or tree) for the various algorithms available to JGit also shows SHA1 is slower than MessageDigest, but by an acceptable margin: MessageDigest 17 usec SHA1 18 usec SHA1 detectCollision 22 usec Time to index-pack for git.git (217982 objects, 69 MiB) has increased: MessageDigest SHA1 w/ detectCollision ------------- ----------------------- 20.12s 25.25s 19.87s 25.48s 20.04s 25.26s avg 20.01s 25.33s +26% Being implemented in Java with these additional safety checks is clearly a penalty, but throughput is still acceptable given the increased security against object name collisions. [1] https://github.com/cr-marcstevens/sha1collisiondetection [2] https://shattered.it/ [3] https://marc-stevens.nl/research/papers/C13-S.pdf [4] https://public-inbox.org/git/20170223230621.43anex65ndoqbgnf@sigill.intra.peff.net/ Change-Id: I9fe4c6d8fc5e5a661af72cd3246c9e67b1b9fee6
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA-1: collision detection support Update SHA1 class to include a Java port of sha1dc[1]'s ubc_check, which can detect the attack pattern used by the SHAttered[2] authors. Given the shattered example files that have the same SHA-1, this modified implementation can identify there is risk of collision given only one file in the pair: $ jgit ... [main] WARN org.eclipse.jgit.util.sha1.SHA1 - SHA-1 collision 38762cf7f55934b34d179ae6a4c80cadccbb7f0a When JGit detects probability of a collision the SHA1 class now warns on the logger, reporting the object's SHA-1 hash, and then throws a Sha1CollisionException to the caller. From the paper[3] by Marc Stevens, the probability of a false positive identification of a collision is about 14 * 2^(-160), sufficiently low enough for any detected collision to likely be a real collision. git-core[4] may adopt sha1dc before the system migrates to an entirely new hash function. This commit enables JGit to remain compatible with that move to sha1dc, and help protect users by warning if similar attacks as SHAttered are identified. Performance declined about 8% (detection off), now: MessageDigest 238.41 MiB/s MessageDigest 244.52 MiB/s MessageDigest 244.06 MiB/s MessageDigest 242.58 MiB/s SHA1 216.77 MiB/s (was ~240.83 MiB/s) SHA1 220.98 MiB/s SHA1 221.76 MiB/s SHA1 221.34 MiB/s This decline in throughput is attributed to the step loop unrolling in compress(), which was necessary to easily fit the UbcCheck logic into the hash function. Using helper functions s1-s4 reduces the code explosion, providing acceptable throughput. With detection enabled (default): SHA1 detectCollision 180.12 MiB/s SHA1 detectCollision 181.59 MiB/s SHA1 detectCollision 181.64 MiB/s SHA1 detectCollision 182.24 MiB/s sha1dc (native C) ~206.28 MiB/s sha1dc (native C) ~204.47 MiB/s sha1dc (native C) ~203.74 MiB/s Average time across 100,000 calls to hash 4100 bytes (such as a commit or tree) for the various algorithms available to JGit also shows SHA1 is slower than MessageDigest, but by an acceptable margin: MessageDigest 17 usec SHA1 18 usec SHA1 detectCollision 22 usec Time to index-pack for git.git (217982 objects, 69 MiB) has increased: MessageDigest SHA1 w/ detectCollision ------------- ----------------------- 20.12s 25.25s 19.87s 25.48s 20.04s 25.26s avg 20.01s 25.33s +26% Being implemented in Java with these additional safety checks is clearly a penalty, but throughput is still acceptable given the increased security against object name collisions. [1] https://github.com/cr-marcstevens/sha1collisiondetection [2] https://shattered.it/ [3] https://marc-stevens.nl/research/papers/C13-S.pdf [4] https://public-inbox.org/git/20170223230621.43anex65ndoqbgnf@sigill.intra.peff.net/ Change-Id: I9fe4c6d8fc5e5a661af72cd3246c9e67b1b9fee6
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
Use constants from StandardCharsets instead of hard-coded strings Instead of hard-coding the charset strings "US-ASCII", "UTF-8", and "ISO-8859-1", use the corresponding constants from StandardCharsets. UnsupportedEncodingException is not thrown when the StandardCharset constants are used, so remove the now redundant handling. Because the encoding names are no longer hard-coded strings, also remove redundant $NON-NLS warning suppressions. Also replace existing usages of the constants with static imports. Change-Id: I0a4510d3d992db5e277f009a41434276f95bda4e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
Use constants from StandardCharsets instead of hard-coded strings Instead of hard-coding the charset strings "US-ASCII", "UTF-8", and "ISO-8859-1", use the corresponding constants from StandardCharsets. UnsupportedEncodingException is not thrown when the StandardCharset constants are used, so remove the now redundant handling. Because the encoding names are no longer hard-coded strings, also remove redundant $NON-NLS warning suppressions. Also replace existing usages of the constants with static imports. Change-Id: I0a4510d3d992db5e277f009a41434276f95bda4e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Use constants from StandardCharsets instead of hard-coded strings Instead of hard-coding the charset strings "US-ASCII", "UTF-8", and "ISO-8859-1", use the corresponding constants from StandardCharsets. UnsupportedEncodingException is not thrown when the StandardCharset constants are used, so remove the now redundant handling. Because the encoding names are no longer hard-coded strings, also remove redundant $NON-NLS warning suppressions. Also replace existing usages of the constants with static imports. Change-Id: I0a4510d3d992db5e277f009a41434276f95bda4e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
Use constants from StandardCharsets instead of hard-coded strings Instead of hard-coding the charset strings "US-ASCII", "UTF-8", and "ISO-8859-1", use the corresponding constants from StandardCharsets. UnsupportedEncodingException is not thrown when the StandardCharset constants are used, so remove the now redundant handling. Because the encoding names are no longer hard-coded strings, also remove redundant $NON-NLS warning suppressions. Also replace existing usages of the constants with static imports. Change-Id: I0a4510d3d992db5e277f009a41434276f95bda4e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
Use constants from StandardCharsets instead of hard-coded strings Instead of hard-coding the charset strings "US-ASCII", "UTF-8", and "ISO-8859-1", use the corresponding constants from StandardCharsets. UnsupportedEncodingException is not thrown when the StandardCharset constants are used, so remove the now redundant handling. Because the encoding names are no longer hard-coded strings, also remove redundant $NON-NLS warning suppressions. Also replace existing usages of the constants with static imports. Change-Id: I0a4510d3d992db5e277f009a41434276f95bda4e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Use constants from StandardCharsets instead of hard-coded strings Instead of hard-coding the charset strings "US-ASCII", "UTF-8", and "ISO-8859-1", use the corresponding constants from StandardCharsets. UnsupportedEncodingException is not thrown when the StandardCharset constants are used, so remove the now redundant handling. Because the encoding names are no longer hard-coded strings, also remove redundant $NON-NLS warning suppressions. Also replace existing usages of the constants with static imports. Change-Id: I0a4510d3d992db5e277f009a41434276f95bda4e Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
6 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA1: support reset() and reuse instances Allow SHA1 instances to be reused to compute another hash value, and resume caching them in ObjectInserter and PackParser. This shaves a small amount of running time off parsing git.git's pack file: before after ------ ------ 25.25s 25.55s 25.48s 25.06s 25.26s 24.94s Almost noise (small difference), but recycling the instances reduces some stress on the memory allocator finding two 80 word message block arrays needed for hashing and collision detection. Change-Id: I4af88a720e81460293bc5c5d1d3db1a831e7e228
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
SHA-1: collision detection support Update SHA1 class to include a Java port of sha1dc[1]'s ubc_check, which can detect the attack pattern used by the SHAttered[2] authors. Given the shattered example files that have the same SHA-1, this modified implementation can identify there is risk of collision given only one file in the pair: $ jgit ... [main] WARN org.eclipse.jgit.util.sha1.SHA1 - SHA-1 collision 38762cf7f55934b34d179ae6a4c80cadccbb7f0a When JGit detects probability of a collision the SHA1 class now warns on the logger, reporting the object's SHA-1 hash, and then throws a Sha1CollisionException to the caller. From the paper[3] by Marc Stevens, the probability of a false positive identification of a collision is about 14 * 2^(-160), sufficiently low enough for any detected collision to likely be a real collision. git-core[4] may adopt sha1dc before the system migrates to an entirely new hash function. This commit enables JGit to remain compatible with that move to sha1dc, and help protect users by warning if similar attacks as SHAttered are identified. Performance declined about 8% (detection off), now: MessageDigest 238.41 MiB/s MessageDigest 244.52 MiB/s MessageDigest 244.06 MiB/s MessageDigest 242.58 MiB/s SHA1 216.77 MiB/s (was ~240.83 MiB/s) SHA1 220.98 MiB/s SHA1 221.76 MiB/s SHA1 221.34 MiB/s This decline in throughput is attributed to the step loop unrolling in compress(), which was necessary to easily fit the UbcCheck logic into the hash function. Using helper functions s1-s4 reduces the code explosion, providing acceptable throughput. With detection enabled (default): SHA1 detectCollision 180.12 MiB/s SHA1 detectCollision 181.59 MiB/s SHA1 detectCollision 181.64 MiB/s SHA1 detectCollision 182.24 MiB/s sha1dc (native C) ~206.28 MiB/s sha1dc (native C) ~204.47 MiB/s sha1dc (native C) ~203.74 MiB/s Average time across 100,000 calls to hash 4100 bytes (such as a commit or tree) for the various algorithms available to JGit also shows SHA1 is slower than MessageDigest, but by an acceptable margin: MessageDigest 17 usec SHA1 18 usec SHA1 detectCollision 22 usec Time to index-pack for git.git (217982 objects, 69 MiB) has increased: MessageDigest SHA1 w/ detectCollision ------------- ----------------------- 20.12s 25.25s 19.87s 25.48s 20.04s 25.26s avg 20.01s 25.33s +26% Being implemented in Java with these additional safety checks is clearly a penalty, but throughput is still acceptable given the increased security against object name collisions. [1] https://github.com/cr-marcstevens/sha1collisiondetection [2] https://shattered.it/ [3] https://marc-stevens.nl/research/papers/C13-S.pdf [4] https://public-inbox.org/git/20170223230621.43anex65ndoqbgnf@sigill.intra.peff.net/ Change-Id: I9fe4c6d8fc5e5a661af72cd3246c9e67b1b9fee6
7 years ago
Pure Java SHA-1 This implementation is derived straight from the description written in RFC 3174. On Mac OS X with Java 1.8.0_91 it offers similar throughput as MessageDigest SHA-1: system 239.75 MiB/s system 244.71 MiB/s system 245.00 MiB/s system 244.92 MiB/s sha1 234.08 MiB/s sha1 244.50 MiB/s sha1 242.99 MiB/s sha1 241.73 MiB/s This is the fastest implementation I could come up with. Common SHA-1 implementation tricks such as unrolling loops creates a method too large for the JIT to effectively optimize, resulting in lower overall hashing throughput. Using a preprocessor to perform the register renaming of A-E also didn't help, as again the method was too large for the JIT to effectively optimize. Fortunately the fastest version is a naive, straight-forward implementation very close to the description in RFC 3174. Change-Id: I228b05c4a294ca2ad51386cf0e47978c68e1aa42
7 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238 
  1. /*

  2.  * Copyright (C) 2017, Google Inc.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. 

  44. package org.eclipse.jgit.util.sha1;

  45. 

  46. import static java.nio.charset.StandardCharsets.UTF_8;

  47. import static org.junit.Assert.assertEquals;

  48. import static org.junit.Assert.assertTrue;

  49. import static org.junit.Assert.fail;

  50. import static org.junit.Assume.assumeTrue;

  51. 

  52. import java.io.IOException;

  53. import java.io.InputStream;

  54. import java.nio.ByteBuffer;

  55. import java.security.MessageDigest;

  56. import java.security.NoSuchAlgorithmException;

  57. 

  58. import org.eclipse.jgit.lib.Constants;

  59. import org.eclipse.jgit.lib.ObjectId;

  60. import org.eclipse.jgit.util.IO;

  61. import org.junit.Test;

  62. 

  63. public class SHA1Test {

  64. 	private static final String TEST1 = "abc";

  65. 

  66. 	private static final String TEST2a = "abcdbcdecdefdefgefghfghighijhi";

  67. 	private static final String TEST2b = "jkijkljklmklmnlmnomnopnopq";

  68. 	private static final String TEST2 = TEST2a + TEST2b;

  69. 

  70. 	@Test

  71. 	public void test0() throws NoSuchAlgorithmException {

  72. 		ObjectId exp = ObjectId

  73. 				.fromString("da39a3ee5e6b4b0d3255bfef95601890afd80709");

  74. 

  75. 		MessageDigest m = MessageDigest.getInstance("SHA-1");

  76. 		m.update(new byte[] {});

  77. 		ObjectId m1 = ObjectId.fromRaw(m.digest());

  78. 

  79. 		SHA1 s = SHA1.newInstance();

  80. 		s.update(new byte[] {});

  81. 		ObjectId s1 = ObjectId.fromRaw(s.digest());

  82. 

  83. 		s.reset();

  84. 		s.update(new byte[] {});

  85. 		ObjectId s2 = s.toObjectId();

  86. 

  87. 		assertEquals(m1, s1);

  88. 		assertEquals(exp, s1);

  89. 		assertEquals(exp, s2);

  90. 	}

  91. 

  92. 	@Test

  93. 	public void test1() throws NoSuchAlgorithmException {

  94. 		ObjectId exp = ObjectId

  95. 				.fromString("a9993e364706816aba3e25717850c26c9cd0d89d");

  96. 

  97. 		MessageDigest m = MessageDigest.getInstance("SHA-1");

  98. 		m.update(TEST1.getBytes(UTF_8));

  99. 		ObjectId m1 = ObjectId.fromRaw(m.digest());

  100. 

  101. 		SHA1 s = SHA1.newInstance();

  102. 		s.update(TEST1.getBytes(UTF_8));

  103. 		ObjectId s1 = ObjectId.fromRaw(s.digest());

  104. 

  105. 		s.reset();

  106. 		s.update(TEST1.getBytes(UTF_8));

  107. 		ObjectId s2 = s.toObjectId();

  108. 

  109. 		assertEquals(m1, s1);

  110. 		assertEquals(exp, s1);

  111. 		assertEquals(exp, s2);

  112. 	}

  113. 

  114. 	@Test

  115. 	public void test2() throws NoSuchAlgorithmException {

  116. 		ObjectId exp = ObjectId

  117. 				.fromString("84983e441c3bd26ebaae4aa1f95129e5e54670f1");

  118. 

  119. 		MessageDigest m = MessageDigest.getInstance("SHA-1");

  120. 		m.update(TEST2.getBytes(UTF_8));

  121. 		ObjectId m1 = ObjectId.fromRaw(m.digest());

  122. 

  123. 		SHA1 s = SHA1.newInstance();

  124. 		s.update(TEST2.getBytes(UTF_8));

  125. 		ObjectId s1 = ObjectId.fromRaw(s.digest());

  126. 

  127. 		s.reset();

  128. 		s.update(TEST2.getBytes(UTF_8));

  129. 		ObjectId s2 = s.toObjectId();

  130. 

  131. 		assertEquals(m1, s1);

  132. 		assertEquals(exp, s1);

  133. 		assertEquals(exp, s2);

  134. 	}

  135. 

  136. 	@Test

  137. 	public void shatteredCollision()

  138. 			throws IOException, NoSuchAlgorithmException {

  139. 		byte[] pdf1 = read("shattered-1.pdf", 422435);

  140. 		byte[] pdf2 = read("shattered-2.pdf", 422435);

  141. 		MessageDigest md;

  142. 		SHA1 s;

  143. 

  144. 		// SHAttered attack generated these PDFs to have identical SHA-1.

  145. 		ObjectId bad = ObjectId

  146. 				.fromString("38762cf7f55934b34d179ae6a4c80cadccbb7f0a");

  147. 		md = MessageDigest.getInstance("SHA-1");

  148. 		md.update(pdf1);

  149. 		assertEquals("shattered-1 collides", bad,

  150. 				ObjectId.fromRaw(md.digest()));

  151. 		s = SHA1.newInstance().setDetectCollision(false);

  152. 		s.update(pdf1);

  153. 		assertEquals("shattered-1 collides", bad, s.toObjectId());

  154. 

  155. 		md = MessageDigest.getInstance("SHA-1");

  156. 		md.update(pdf2);

  157. 		assertEquals("shattered-2 collides", bad,

  158. 				ObjectId.fromRaw(md.digest()));

  159. 		s = SHA1.newInstance().setDetectCollision(false);

  160. 		s.update(pdf2);

  161. 		assertEquals("shattered-2 collides", bad, s.toObjectId());

  162. 

  163. 		// SHA1 with detectCollision shouldn't be fooled.

  164. 		s = SHA1.newInstance().setDetectCollision(true);

  165. 		s.update(pdf1);

  166. 		try {

  167. 			s.digest();

  168. 			fail("expected " + Sha1CollisionException.class.getSimpleName());

  169. 		} catch (Sha1CollisionException e) {

  170. 			assertEquals(e.getMessage(),

  171. 					"SHA-1 collision detected on " + bad.name());

  172. 		}

  173. 

  174. 		s = SHA1.newInstance().setDetectCollision(true);

  175. 		s.update(pdf2);

  176. 		try {

  177. 			s.digest();

  178. 			fail("expected " + Sha1CollisionException.class.getSimpleName());

  179. 		} catch (Sha1CollisionException e) {

  180. 			assertEquals(e.getMessage(),

  181. 					"SHA-1 collision detected on " + bad.name());

  182. 		}

  183. 	}

  184. 

  185. 	@Test

  186. 	public void shatteredStoredInGitBlob() throws IOException {

  187. 		byte[] pdf1 = read("shattered-1.pdf", 422435);

  188. 		byte[] pdf2 = read("shattered-2.pdf", 422435);

  189. 

  190. 		// Although the prior test detects the chance of a collision, adding

  191. 		// the Git blob header permutes the data enough for this specific

  192. 		// attack example to not be detected as a collision. (A different file

  193. 		// pair that takes the Git header into account however, would.)

  194. 		ObjectId id1 = blob(pdf1, SHA1.newInstance().setDetectCollision(true));

  195. 		ObjectId id2 = blob(pdf2, SHA1.newInstance().setDetectCollision(true));

  196. 

  197. 		assertEquals(

  198. 				ObjectId.fromString("ba9aaa145ccd24ef760cf31c74d8f7ca1a2e47b0"),

  199. 				id1);

  200. 		assertEquals(

  201. 				ObjectId.fromString("b621eeccd5c7edac9b7dcba35a8d5afd075e24f2"),

  202. 				id2);

  203. 	}

  204. 

  205. 	@Test

  206. 	public void detectsShatteredByDefault() throws IOException {

  207. 		assumeTrue(System.getProperty("org.eclipse.jgit.util.sha1.detectCollision") == null);

  208. 		assumeTrue(System.getProperty("org.eclipse.jgit.util.sha1.safeHash") == null);

  209. 

  210. 		byte[] pdf1 = read("shattered-1.pdf", 422435);

  211. 		SHA1 s = SHA1.newInstance();

  212. 		s.update(pdf1);

  213. 		try {

  214. 			s.digest();

  215. 			fail("expected " + Sha1CollisionException.class.getSimpleName());

  216. 		} catch (Sha1CollisionException e) {

  217. 			assertTrue("shattered-1 detected", true);

  218. 		}

  219. 	}

  220. 

  221. 	private static ObjectId blob(byte[] pdf1, SHA1 s) {

  222. 		s.update(Constants.encodedTypeString(Constants.OBJ_BLOB));

  223. 		s.update((byte) ' ');

  224. 		s.update(Constants.encodeASCII(pdf1.length));

  225. 		s.update((byte) 0);

  226. 		s.update(pdf1);

  227. 		return s.toObjectId();

  228. 	}

  229. 

  230. 	private byte[] read(String name, int sizeHint) throws IOException {

  231. 		try (InputStream in = getClass().getResourceAsStream(name)) {

  232. 			ByteBuffer buf = IO.readWholeStream(in, sizeHint);

  233. 			byte[] r = new byte[buf.remaining()];

  234. 			buf.get(r);

  235. 			return r;

  236. 		}

  237. 	}

  238. }