Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] master from RustCrypto:master #2

Open
wants to merge 422 commits into
base: master
Choose a base branch
from

Conversation

pull[bot]
Copy link

@pull pull bot commented Nov 6, 2019

See Commits and Changes for more details.


Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull bot added the ⤵️ pull label Nov 6, 2019
@pull pull bot added the merge-conflict Resolve conflicts manually label Feb 19, 2020
dependabot bot and others added 27 commits January 29, 2021 10:10
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.84 to 0.2.85.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](rust-lang/libc@0.2.84...0.2.85)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Originally from https://gitlab.com/rawler/tiger

Relicensed as MIT+Apache2.0 with permission:

    From: Ulrik Mikaelsson
    Date: Fri, 5 Feb 2021 07:35:53 +0100
    Subject: Re: Relicense rust tiger under MIT?

    Fun to hear you're using it! I'm ok with licensing it under MIT
Wasn't respecting the pinned MSRV, causing an error on #240 since a new
lint was introduced.
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.86 to 0.2.88.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](rust-lang/libc@0.2.86...0.2.88)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Formats all crates using Rust 1.51's rustfmt:

rustfmt 1.4.36-stable (7de6968e 2021-02-07)
Expands the test suite to be similar to the one used by the `sha2` crate
which tests the following platforms:

- Linux: i686/x86_64/aarch64 (latter w\ cross)
- Windows: x86_64
- macOS: x86_64

Additionally tests the `asm` feature on all Linux platforms as well as
on macOS.

Tests on i686 and cross-based tests for aarch64 are currently disabled
because the `asm` feature is failing. See RustCrypto/hashes#251
Bumps [byteorder](https://github.com/BurntSushi/byteorder) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/BurntSushi/byteorder/releases)
- [Changelog](https://github.com/BurntSushi/byteorder/blob/master/CHANGELOG.md)
- [Commits](BurntSushi/byteorder@1.4.2...1.4.3)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.88 to 0.2.93.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](rust-lang/libc@0.2.88...0.2.93)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This release includes support for Apple M1 CPUs:

RustCrypto/asm-hashes#35
Adds docs, tests all features in CI, and adds doc_cfg setup for docs.rs.
Uses the newly added `aarch64` support in the `cpufeatures` crate for
`sha2` CPU feature detection on Linux and macOS/M1.
Uses the newly added `aarch64` support in the `cpufeatures` crate for
`sha1` CPU feature detection on Linux and macOS/M1.
newpavlov and others added 30 commits May 23, 2024 05:15
This change improves codegen for the `update_sigma` function on x86-64
targets as can be seen by comparing https://rust.godbolt.org/z/3Pa9deedT
and https://rust.godbolt.org/z/Mdod5WPx4. On RISC-V both compile into
the same assembly.
Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.7.0 to
1.8.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/RustCrypto/utils/commit/7050a8402b44344023cd8d27fe6e0e4055d6bdde"><code>7050a84</code></a>
zeroize v1.8.1 (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1075">#1075</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/4b7b782b89800109dfa51d1fbdd7389d607dcdaa"><code>4b7b782</code></a>
zeroize: move <code>zeroize_derive</code> to toplevel (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1074">#1074</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/6b341bbacc58e6bfc1c260bbc88a7ca19221ef6f"><code>6b341bb</code></a>
zeroize: feature-gate AVX-512 under <code>simd</code>; MSRV 1.60 (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1073">#1073</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/f46a14777a6cb1c553dcc6dbdce26de8e1baf04e"><code>f46a147</code></a>
zeroize: note v1.8.0 was yanked in CHANGELOG.md (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1071">#1071</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/a7eddc620ed683216b97d924deeab7ea4f84a5af"><code>a7eddc6</code></a>
zeroize: fix unnecessary qualifications (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1072">#1072</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/9bbfb49e6541d710aea6f7a95c68c9f3d99140e2"><code>9bbfb49</code></a>
zeroize 1.8.0 (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1065">#1065</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/c0eab7f7abfc244e9fcd482520542329da31f87c"><code>c0eab7f</code></a>
cpufeatures: fix macOS build (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1066">#1066</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/6d383a554b76df2c6796d8d2982a6a8535342617"><code>6d383a5</code></a>
zeroize: always enable AArch64 support (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1064">#1064</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/24decb93793936110ae564b6c8e475d91f4e4e44"><code>24decb9</code></a>
zeroize: use <code>doc_auto_cfg</code> (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1063">#1063</a>)</li>
<li><a
href="https://github.com/RustCrypto/utils/commit/cd3a147d62f5f2bf8d5bd10185a52c90f842395b"><code>cd3a147</code></a>
build(deps): bump prettyplease from 0.2.16 to 0.2.19 (<a
href="https://redirect.github.com/RustCrypto/utils/issues/1061">#1061</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/RustCrypto/utils/compare/zeroize-v1.7.0...zeroize-v1.8.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zeroize&package-manager=cargo&previous-version=1.7.0&new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- `sha1` had vestiges of a removed `asm` feature
- `blake2` has a lot of code relating to a commented out `simd` feature,
so for now the lint has been ignored
Cuts a new release of every crate which previously received a pre.3
prerelease (in #559), i.e. is used as a (dev-)dependency in downstream
projects that need to be upgraded.

This includes the following:

- `belt-hash` v0.2.0-pre.4
- `md-5` v0.11.0-pre.4
- `sha1` v0.11.0-pre.4
- `sha2` v0.11.0-pre.4
- `sha3` v0.11.0-pre.4
- `sm3` v0.5.0-pre.4
- `streebog` v0.11.0-pre.4
We were previously using inline assembly to "emulate" these intrinsics
since the ones in `core::arch` had not yet been stabilized.

They are now stable as of Rust 1.79.

Redux of #570.
Currently AsconXofReader has type
XofReaderCoreWrapper<AsconAXofReaderCore>, this is incorrect the type
should be XofReaderCoreWrapper<AsconXofReaderCore>.
The support is Nightly-only and requires to enable the `sha2_backend`
configuration flag with a value equal to `riscv-zknh` or `riscv-zknh-compact`.

The resulting assembly and binary size of the `compress` function (not
counting the `K32` and `K64` statics):
- SHA-256, unrolled: https://rust.godbolt.org/z/177bqKd3h (5280 bytes)
- SHA-256, compact: https://rust.godbolt.org/z/Kzx59bsdP (1308 bytes)
- SHA-512, unrolled: https://rust.godbolt.org/z/ExqqrfE1r (7964 bytes)
- SHA-512: compact: https://rust.godbolt.org/z/z41v6d4do (2852 bytes)
To force use of the software backend users now have to use
`RUSTFLAGS='--cfg sha2_backend="soft"'`.
Annoyingly, RISC-V is really inconvenient when we have to deal with
misaligned loads/stores. LLVM by default generates very [inefficient
code](https://rust.godbolt.org/z/3Yaj4fq5o) which loads every byte
separately and combines them into a 32/64 bit integer. The `ld`
instruction "may" support misaligned loads and for Linux user-space it's
even
[guaranteed](https://www.kernel.org/doc/html/v6.10/arch/riscv/uabi.html#misaligned-accesses),
but it can be (and IIUC often in practice is) "extremely slow", so we
should not rely on it while writing performant code.

After asking around, it looks like this mess is here to stay, so we have
no choice but to work around it. To do that this PR introduces two
separate paths for loading block data: aligned and misaligned. The
aligned path should be the most common one. In the misaligned path we
have to rely on inline assembly since we have to load some bits outside
of the block.

Additionally, this PR makes inlining in the `riscv-zknh` backend less
aggressive, which makes generated binary code 3-4 times smaller at the
cost of one additional branch.

Generated assembly for RV64:
- SHA-256, unrolled: https://rust.godbolt.org/z/GxPM8PE3P (2278 bytes)
- SHA-256, compact: https://rust.godbolt.org/z/4KWrcve9E (538 bytes)
- SHA-512, unrolled: https://rust.godbolt.org/z/Th8ro8Tbo (2278 bytes)
- SHA-512: compact: https://rust.godbolt.org/z/dqrv48ax3 (530 bytes)
Moves `cargo install cross` prior to the installation of `nightly`,
because `cross` no longer compiles on nightly.
New Ubuntu images are being deployed, which is causing the cached
binaries not to work due to a GLIBC upgrade:

https://github.blog/changelog/2024-09-25-actions-new-images-and-ubuntu-latest-changes/

To ensure we're caching consistently on the new image, switches from
using `ubuntu-latest` to `ubuntu-24.04`.

We can revert this change after October 30th, when the blog post says
the deployment is complete.
This PR ports the AVX implementation of SHA-512 to simd128. It also
implements the related version of SHA-256 from
https://github.com/aws-samples/sha2-with-c-intrinsic/blob/master/src/sha256_compress_x86_64_avx.c
in simd128.
Also added wasm32 testing in CI using wasmtime. Since wasm does not have
feature detection, this backend is only used if the `-C
target-feature=+simd128` flag is set.


Benchmarks on AMD Ryzen 9 7950X3D, running with wasmtime 26.0.0
(c92317bcc 2024-10-22) on rustc 1.84.0-nightly (b3f75cc87 2024-11-02):

```
+ RUSTFLAGS='-C target-feature=+simd128'
+ cargo +nightly bench -q --bench mod --target wasm32-wasip1

running 8 tests
test sha256_10    ... bench:          18.71 ns/iter (+/- 1.62) = 555 MB/s
test sha256_100   ... bench:         167.94 ns/iter (+/- 0.62) = 598 MB/s
test sha256_1000  ... bench:       1,656.93 ns/iter (+/- 142.75) = 603 MB/s
test sha256_10000 ... bench:      15,601.30 ns/iter (+/- 1,268.65) = 640 MB/s
test sha512_10    ... bench:          14.35 ns/iter (+/- 0.09) = 714 MB/s
test sha512_100   ... bench:         137.37 ns/iter (+/- 0.87) = 729 MB/s
test sha512_1000  ... bench:       1,261.63 ns/iter (+/- 105.65) = 793 MB/s
test sha512_10000 ... bench:      12,434.24 ns/iter (+/- 24.46) = 804 MB/s

test result: ok. 0 passed; 0 failed; 0 ignored; 8 measured; 0 filtered out; finished in 4.40s

+ RUSTFLAGS='-C target-feature=-simd128'
+ cargo +nightly bench -q --bench mod --target wasm32-wasip1

running 8 tests
test sha256_10    ... bench:         155.59 ns/iter (+/- 1.08) = 64 MB/s
test sha256_100   ... bench:       1,539.48 ns/iter (+/- 9.18) = 64 MB/s
test sha256_1000  ... bench:      15,207.34 ns/iter (+/- 81.67) = 65 MB/s
test sha256_10000 ... bench:     151,547.98 ns/iter (+/- 1,170.30) = 65 MB/s
test sha512_10    ... bench:          98.59 ns/iter (+/- 0.45) = 102 MB/s
test sha512_100   ... bench:         980.99 ns/iter (+/- 3.43) = 102 MB/s
test sha512_1000  ... bench:       9,622.94 ns/iter (+/- 29.97) = 103 MB/s
test sha512_10000 ... bench:      95,977.25 ns/iter (+/- 310.30) = 104 MB/s

test result: ok. 0 passed; 0 failed; 0 ignored; 8 measured; 0 filtered out; finished in 6.55s

+ RUSTFLAGS='--cfg sha2_backend="soft" -C target-feature=+simd128'
+ cargo +nightly bench -q --bench mod --target wasm32-wasip1

running 8 tests
test sha256_10    ... bench:         142.07 ns/iter (+/- 13.71) = 70 MB/s
test sha256_100   ... bench:       1,404.58 ns/iter (+/- 10.83) = 71 MB/s
test sha256_1000  ... bench:      14,823.81 ns/iter (+/- 1,346.05) = 67 MB/s
test sha256_10000 ... bench:     139,001.94 ns/iter (+/- 978.58) = 71 MB/s
test sha512_10    ... bench:          90.39 ns/iter (+/- 7.82) = 111 MB/s
test sha512_100   ... bench:         893.20 ns/iter (+/- 72.22) = 111 MB/s
test sha512_1000  ... bench:       8,812.46 ns/iter (+/- 878.60) = 113 MB/s
test sha512_10000 ... bench:      87,887.02 ns/iter (+/- 394.70) = 113 MB/s

test result: ok. 0 passed; 0 failed; 0 ignored; 8 measured; 0 filtered out; finished in 8.62s

```
This introduces unkeyed hashing for blake2 as specified in [Section 2.5
of RFC 7693](https://www.rfc-editor.org/rfc/rfc7693.html#section-2.5)
states the following:

The second (little-endian) byte of the parameter block, "kk", specifies
the key size in bytes. Set kk = 00 for unkeyed hashing.

I propose to make the key an `Option<&[u8]>`:
```rust
pub fn new_with_salt_and_personal(
    key: Option<&[u8]>, 
    salt: &[u8], 
    persona: &[u8],
) -> Result<Self, InvalidLength>
```

By making the key an `Option<&[u8]>` - rather than opting for the
unkeyed usage in case of an empty `key` - we make the unkeyed usage
explicit and avoid inadvertent usages.

This closes #482.
See also #509.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
⤵️ pull merge-conflict Resolve conflicts manually
Projects
None yet
Development

Successfully merging this pull request may close these issues.