mirror of
https://github.com/python/cpython.git
synced 2024-11-24 17:47:13 +01:00
1fcc0efdaa
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224. This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree. @franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost! ``` --------------------------------------------------------------- Benchmark Time CPU Iterations --------------------------------------------------------------- Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently ``` The changes in this PR are as follows: - import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl` - rewire sha256module.c to use the HACL* implementation Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
30 lines
1000 B
Markdown
30 lines
1000 B
Markdown
# Algorithm implementations used by the `hashlib` module.
|
|
|
|
This code comes from the
|
|
[HACL\*](https://github.com/hacl-star/hacl-star/) project.
|
|
|
|
HACL\* is a cryptographic library that has been formally verified for memory
|
|
safety, functional correctness, and secret independence.
|
|
|
|
## Updating HACL*
|
|
|
|
Use the `refresh.sh` script in this directory to pull in a new upstream code
|
|
version. The upstream git hash used for the most recent code pull is recorded
|
|
in the script. Modify the script as needed to bring in more if changes are
|
|
needed based on upstream code refactoring.
|
|
|
|
Never manually edit HACL\* files. Always add transformation shell code to the
|
|
`refresh.sh` script to perform any necessary edits. If there are serious code
|
|
changes needed, work with the upstream repository.
|
|
|
|
## Local files
|
|
|
|
1. `./include/python_hacl_namespaces.h`
|
|
1. `./README.md`
|
|
1. `./refresh.sh`
|
|
|
|
## ACKS
|
|
|
|
* Jonathan Protzenko aka [@msprotz on Github](https://github.com/msprotz)
|
|
contributed our HACL\* based builtin code.
|