diff options
| author | Jonathan Protzenko <protz@microsoft.com> | 2023-02-07 02:11:01 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-07 02:11:01 (GMT) |
| commit | 1fcc0efdaa84b3602c236391633b70ff36df149b (patch) | |
| tree | c3be6de92320d8e82e9d94849ec22f9268b6dfc3 /PCbuild/pythoncore.vcxproj | |
| parent | 914f8fd9f7fc5e48b54d938a68c932cc618ef3a6 (diff) | |
| download | cpython-1fcc0efdaa84b3602c236391633b70ff36df149b.zip cpython-1fcc0efdaa84b3602c236391633b70ff36df149b.tar.gz cpython-1fcc0efdaa84b3602c236391633b70ff36df149b.tar.bz2 | |
gh-99108: Replace SHA2-224 & 256 with verified code from HACL* (#99109)
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224.
This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree.
@franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost!
```
---------------------------------------------------------------
Benchmark Time CPU Iterations
---------------------------------------------------------------
Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR
LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently
```
The changes in this PR are as follows:
- import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl`
- rewire sha256module.c to use the HACL* implementation
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
Diffstat (limited to 'PCbuild/pythoncore.vcxproj')
| -rw-r--r-- | PCbuild/pythoncore.vcxproj | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/PCbuild/pythoncore.vcxproj b/PCbuild/pythoncore.vcxproj index 397d22a..e8e9ff0 100644 --- a/PCbuild/pythoncore.vcxproj +++ b/PCbuild/pythoncore.vcxproj @@ -100,7 +100,7 @@ <ItemDefinitionGroup> <ClCompile> <AdditionalOptions>/Zm200 %(AdditionalOptions)</AdditionalOptions> - <AdditionalIncludeDirectories>$(PySourcePath)Python;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <AdditionalIncludeDirectories>$(PySourcePath)Modules\_hacl\include;$(PySourcePath)Modules\_hacl\internal;$(PySourcePath)Python;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <AdditionalIncludeDirectories Condition="$(IncludeExternals)">$(zlibDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>_USRDLL;Py_BUILD_CORE;Py_BUILD_CORE_BUILTIN;Py_ENABLE_SHARED;MS_DLL_ID="$(SysWinVer)";%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions Condition="$(IncludeExternals)">_Py_HAVE_ZLIB;%(PreprocessorDefinitions)</PreprocessorDefinitions> @@ -407,6 +407,7 @@ <ClCompile Include="..\Modules\posixmodule.c" /> <ClCompile Include="..\Modules\rotatingtree.c" /> <ClCompile Include="..\Modules\sha1module.c" /> + <ClCompile Include="..\Modules\_hacl\Hacl_Streaming_SHA2.c" /> <ClCompile Include="..\Modules\sha256module.c" /> <ClCompile Include="..\Modules\sha512module.c" /> <ClCompile Include="..\Modules\signalmodule.c" /> |