summaryrefslogtreecommitdiffstats
path: root/Modules/_hacl/internal
Commit message (Collapse)AuthorAgeFilesLines
* gh-126433: Update hacl-star (GH-126791)Victor Stinner2024-11-151-0/+2
| | | | Retrieve the change: "Lib_Memzero0.c: Fix compiler warning on 32-bit Windows".
* gh-99108: Add HACL* Blake2 implementation to hashlib (GH-119316)Jonathan Protzenko2024-08-136-4/+415
| | | | | | | This replaces the existing hashlib Blake2 module with a single implementation that uses HACL\*'s Blake2b/Blake2s implementations. We added support for all the modes exposed by the Python API, including tree hashing, leaf nodes, and so on. We ported and merged all of these changes upstream in HACL\*, added test vectors based on Python's existing implementation, and exposed everything needed for hashlib. This was joint work done with @R1kM. See the PR for much discussion and benchmarking details. TL;DR: On many systems, 8-50% faster (!) than `libb2`, on some systems it appeared 10-20% slower than `libb2`.
* gh-99108: Refresh HACL*; update modules accordingly; fix namespacing (GH-117237)Jonathan Protzenko2024-03-264-103/+73
| | | Pulls in a new update from https://github.com/hacl-star/hacl-star and fixes our C "namespacing" done by `Modules/_hacl/refresh.sh`.
* gh-99108: Refresh HACL* (#104808)Jonathan Protzenko2023-05-241-3/+55
| | | Refresh HACL* from upstream to improve SHA2 performance and fix a 32-bit issue in SHA3.
* gh-99108: Replace SHA3 implementation HACL* version (#103597)Jonathan Protzenko2023-05-081-0/+65
| | | | | | | | | | | Replaces our built-in SHA3 implementation with a verified one from the HACL* project. This implementation is used when OpenSSL does not provide SHA3 or is not present. 3.11 shiped with a very slow tiny sha3 implementation to get off of the <=3.10 reference implementation that wound up having serious bugs. This brings us back to a reasonably performing built-in implementation consistent with what we've just replaced our other guaranteed available standard hash algorithms with: code from the HACL* project. --------- Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-99108: Import MD5 and SHA1 from HACL* (#102089)Jonathan Protzenko2023-02-222-0/+122
| | | Replaces our fallback non-OpenSSL MD5 and SHA1 implementations with those from HACL* as we've already done with SHA2.
* gh-99108: Import SHA2-384/512 from HACL* (#101707)Jonathan Protzenko2023-02-141-4/+1
| | | | | | Replace the builtin hashlib implementations of SHA2-384 and SHA2-512 originally from LibTomCrypt with formally verified, side-channel resistant code from the [HACL*](https://github.com/hacl-star/hacl-star/) project. The builtins remain a fallback only used when OpenSSL does not provide them.
* gh-99108: Replace SHA2-224 & 256 with verified code from HACL* (#99109)Jonathan Protzenko2023-02-071-0/+135
replacing hashlib primitives (for the non-OpenSSL case) with verified implementations from HACL*. This is the first PR in the series, and focuses specifically on SHA2-256 and SHA2-224. This PR imports Hacl_Streaming_SHA2 into the Python tree. This is the HACL* implementation of SHA2, which combines a core implementation of SHA2 along with a layer of buffer management that allows updating the digest with any number of bytes. This supersedes the previous implementation in the tree. @franziskuskiefer was kind enough to benchmark the changes: in addition to being verified (thus providing significant safety and security improvements), this implementation also provides a sizeable performance boost! ``` --------------------------------------------------------------- Benchmark Time CPU Iterations --------------------------------------------------------------- Sha2_256_Streaming 3163 ns 3160 ns 219353 // this PR LibTomCrypt_Sha2_256 5057 ns 5056 ns 136234 // library used by Python currently ``` The changes in this PR are as follows: - import the subset of HACL* that covers SHA2-256/224 into `Modules/_hacl` - rewire sha256module.c to use the HACL* implementation Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>