Upgrade blst (#1682)

* Bump BLST * Test for supranational/blst#22 regression * Use SHA256 from BLST + bump nim-blscurve to reenable fno-tree-vectorize * SHA256 on non-blst platforms import fixes * import fixes again * can't prefix with nimcrypto * address review comment [skip ci] * {.noInit.} on the digests
status-im · Sep 18, 2020 · ea4ec6a · ea4ec6a
1 parent e106549
commit ea4ec6a
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 16 deletions.
diff --git a/beacon_chain/spec/digest.nim b/beacon_chain/spec/digest.nim
@@ -22,18 +22,27 @@
 {.push raises: [Defect].}
 
 import
+  # Standard library
+  std/hashes,
+  #Status libraries
   chronicles,
   nimcrypto/[sha2, hash],
   stew/byteutils,
   hashes,
-  eth/common/eth_types_json_serialization
+  eth/common/eth_types_json_serialization,
+  blscurve
 
 export
   hash.`$`, sha2, readValue, writeValue
 
 type
   Eth2Digest* = MDigest[32 * 8] ## `hash32` from spec
-  Eth2Hash* = sha256            ## Context for hash function
+
+when BLS_BACKEND == BLST:
+  export blscurve.update
+  type Eth2DigestCtx* = BLST_SHA256_CTX
+else:
+  type Eth2DigestCtx* = sha2.sha256
 
 func shortLog*(x: Eth2Digest): string =
   x.data.toOpenArray(0, 3).toHex()
@@ -44,26 +53,52 @@ chronicles.formatIt Eth2Digest:
 # TODO: expose an in-place digest function
 #       when hashing in loop or into a buffer
 #       See: https://github.com/cheatfate/nimcrypto/blob/b90ba3abd/nimcrypto/sha2.nim#L570
-func eth2digest*(v: openArray[byte]): Eth2Digest {.inline.} =
-  # We use the init-update-finish interface to avoid
-  # the expensive burning/clearing memory (20~30% perf)
-  # TODO: security implication?
-  var ctx: sha256
-  ctx.init()
-  ctx.update(v)
-  ctx.finish()
+func eth2digest*(v: openArray[byte]): Eth2Digest {.noInit.} =
+  ## Apply the Eth2 Hash function
+  ## Do NOT use for secret data.
+  when BLS_BACKEND == BLST:
+    # BLST has a fast assembly optimized SHA256
+    result.data.bls_sha256_digest(v)
+  else:
+    # We use the init-update-finish interface to avoid
+    # the expensive burning/clearing memory (20~30% perf)
+    var ctx: Eth2DigestCtx
+    ctx.init()
+    ctx.update(v)
+    ctx.finish()
 
-func update*(ctx: var Sha2Context; digest: Eth2Digest) =
+when BLS_BACKEND == BLST:
+  func update*(ctx: var BLST_SHA256_CTX; digest: Eth2Digest) =
+    ctx.update digest.data
+func update*(ctx: var sha256; digest: Eth2Digest) =
   ctx.update digest.data
 
 template withEth2Hash*(body: untyped): Eth2Digest =
   ## This little helper will init the hash function and return the sliced
   ## hash:
   ## let hashOfData = withHash: h.update(data)
-  var h  {.inject.}: sha256
-  init(h)
-  body
-  finish(h)
+  when nimvm:
+    # In SSZ, computeZeroHashes require compile-time SHA256
+    block:
+      var h {.inject.}: sha256
+      init(h)
+      body
+      finish(h)
+  else:
+    when BLS_BACKEND == BLST:
+      block:
+        var h  {.inject, noInit.}: Eth2DigestCtx
+        init(h)
+        body
+        var res {.noInit.}: Eth2Digest
+        finalize(res.data, h)
+        res
+    else:
+      block:
+        var h  {.inject, noInit.}: Eth2DigestCtx
+        init(h)
+        body
+        finish(h)
 
 func hash*(x: Eth2Digest): Hash =
   ## Hash for digests for Nim hash tables

diff --git a/vendor/nim-blscurve b/vendor/nim-blscurve
+217 −0		.github/workflows/ci.yml
+6 −0		.travis.yml
+18 −6		README.md
+11 −0		azure-pipelines.yml
+36 −0		benchmarks/bench_sha256.nim
+2 −2		benchmarks/bench_templates.nim
+9 −1		blscurve.nimble
+9 −2		blscurve/bls_backend.nim
+16 −20		blscurve/blst/bls_sig_min_pubkey_size_pop.nim
+85 −49		blscurve/blst/blst_abi.nim
+5 −0		blscurve/blst/blst_lowlevel.nim
+56 −0		blscurve/blst/sha256_abi.nim
+5 −2		blscurve/eth2_keygen/hkdf.nim
+1 −1		blscurve/eth2_keygen/hkdf_mod_r_blst.nim
+4 −0		blscurve/miracl/hash_to_curve.md
+8 −12		blscurve/miracl/hash_to_curve.nim
+31 −0		tests/blst_sha256.nim
+1 −1		vendor/blst