gh-99108: Add HACL* Blake2 implementation to hashlib (GH-119316)

This replaces the existing hashlib Blake2 module with a single implementation that uses HACL\*'s Blake2b/Blake2s implementations. We added support for all the modes exposed by the Python API, including tree hashing, leaf nodes, and so on. We ported and merged all of these changes upstream in HACL\*, added test vectors based on Python's existing implementation, and exposed everything needed for hashlib. This was joint work done with @R1kM. See the PR for much discussion and benchmarking details. TL;DR: On many systems, 8-50% faster (!) than `libb2`, on some systems it appeared 10-20% slower than `libb2`.
2025-08-04 17:08:35 +00:00 · 2024-08-13 14:42:19 -07:00 · 2024-08-13 14:42:19 -07:00 · 325e9b8ef4
commit 325e9b8ef4
parent ee1b8ce26e
55 changed files with 11697 additions and 5236 deletions
--- a/Modules/_hacl/Lib_Memzero0.c
+++ b/Modules/_hacl/Lib_Memzero0.c
@ -0,0 +1,54 @@
+#if defined(__has_include)
+#if __has_include("config.h")
+#include "config.h"
+#endif
+#endif
+
+#ifdef _WIN32
+#include <windows.h>
+#endif
+
+#if (defined(__APPLE__) && defined(__MACH__)) || defined(__linux__)
+#define __STDC_WANT_LIB_EXT1__ 1
+#include <string.h>
+#endif
+
+#ifdef __FreeBSD__
+#include <strings.h>
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <limits.h>
+#include <inttypes.h>
+
+/* This is now a hand-written header */
+#include "lib_memzero0.h"
+#include "krml/internal/target.h"
+
+/* The F* formalization talks about the number of elements in the array. The C
+   implementation wants a number of bytes in the array. KaRaMeL is aware of this
+   and inserts a sizeof multiplication. */
+void Lib_Memzero0_memzero0(void *dst, uint64_t len) {
+  /* This is safe: karamel checks at run-time (if needed) that all object sizes
+     fit within a size_t, so the size we receive has been checked at
+     allocation-time, possibly via KRML_CHECK_SIZE, to fit in a size_t. */
+  size_t len_ = (size_t) len;
+
+  #ifdef _WIN32
+    SecureZeroMemory(dst, len);
+  #elif defined(__APPLE__) && defined(__MACH__)
+    memset_s(dst, len_, 0, len_);
+  #elif (defined(__linux__) && !defined(LINUX_NO_EXPLICIT_BZERO)) || defined(__FreeBSD__)
+    explicit_bzero(dst, len_);
+  #elif defined(__NetBSD__)
+    explicit_memset(dst, 0, len_);
+  #else
+    /* Default implementation for platforms with no particular support. */
+    #warning "Your platform does not support any safe implementation of memzero -- consider a pull request!"
+    volatile unsigned char *volatile dst_ = (volatile unsigned char *volatile) dst;
+    size_t i = 0U;
+    while (i < len)
+      dst_[i++] = 0U;
+  #endif
+}