mirror of
https://github.com/python/cpython.git
synced 2024-11-30 18:51:15 +01:00
1fcc0efdaa
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224. This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree. @franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost! ``` --------------------------------------------------------------- Benchmark Time CPU Iterations --------------------------------------------------------------- Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently ``` The changes in this PR are as follows: - import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl` - rewire sha256module.c to use the HACL* implementation Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
1000 B
1000 B
Algorithm implementations used by the hashlib
module.
This code comes from the HACL* project.
HACL* is a cryptographic library that has been formally verified for memory safety, functional correctness, and secret independence.
Updating HACL*
Use the refresh.sh
script in this directory to pull in a new upstream code
version. The upstream git hash used for the most recent code pull is recorded
in the script. Modify the script as needed to bring in more if changes are
needed based on upstream code refactoring.
Never manually edit HACL* files. Always add transformation shell code to the
refresh.sh
script to perform any necessary edits. If there are serious code
changes needed, work with the upstream repository.
Local files
./include/python_hacl_namespaces.h
./README.md
./refresh.sh
ACKS
- Jonathan Protzenko aka @msprotz on Github contributed our HACL* based builtin code.