Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: risc0/RustCrypto-hashes
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: sha2-v0.10.8
Choose a base ref
...
head repository: risc0/RustCrypto-hashes
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: sha2-v0.10.8-risczero.0
Choose a head ref
  • 1 commit
  • 2 files changed
  • 1 contributor

Commits on Jan 19, 2024

  1. add support for the RISC Zero SHA-256 accelerator

    @nategraf
    nategraf committed Jan 19, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    244dc3b View commit details
Showing with 64 additions and 0 deletions.
  1. +3 −0 sha2/src/sha256.rs
  2. +61 −0 sha2/src/sha256/risc0.rs
3 changes: 3 additions & 0 deletions sha2/src/sha256.rs
View file
Original file line number Diff line number Diff line change
@@ -20,6 +20,9 @@ cfg_if::cfg_if! {
} else if #[cfg(all(feature = "loongarch64_asm", target_arch = "loongarch64"))] {
mod loongarch64_asm;
use loongarch64_asm::compress;
} else if #[cfg(all(target_os = "zkvm", target_arch = "riscv32"))] {
mod risc0;
use risc0::compress;
} else {
mod soft;
use soft::compress;
61 changes: 61 additions & 0 deletions sha2/src/sha256/risc0.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
extern crate alloc;

const DIGEST_BYTES: usize = 32;
const DIGEST_WORDS: usize = DIGEST_BYTES / 4;
const BLOCK_BYTES: usize = DIGEST_BYTES * 2;
const BLOCK_WORDS: usize = DIGEST_WORDS * 2;

extern "C" {
fn sys_sha_buffer(
out_state: *mut [u32; DIGEST_WORDS],
in_state: *const [u32; DIGEST_WORDS],
buf: *const u8,
count: u32,
);
}

use alloc::vec::Vec;

#[inline(always)]
fn compress_words(state: &mut [u32; DIGEST_WORDS], blocks: &[[u32; BLOCK_WORDS]]) {
unsafe {
sys_sha_buffer(
state,
state,
blocks.as_ptr() as *const u8,
blocks.len() as u32,
);
}
}

// When the blocks are unaligned they must be copied in order to align them on a u32 word boundary
// before they can be passed to sys_sha_buffer. This function does this, allocating a new Vec.
fn read_unaligned_blocks(blocks: &[[u8; BLOCK_BYTES]]) -> Vec<[u32; BLOCK_WORDS]> {
blocks
.iter()
.map(|block| unsafe { (block.as_ptr() as *const [u32; BLOCK_WORDS]).read_unaligned() })
.collect::<Vec<_>>()
}

/// SHA-256 compress implementation which calls into the RISZ Zero SHA-256 accelerator circuit.
/// Based on https://github.com/risc0/risc0/tree/main/risc0/zkvm/src/guest/sha.rs
#[inline]
pub fn compress(state: &mut [u32; DIGEST_WORDS], blocks: &[[u8; BLOCK_BYTES]]) {
// On little-endian architectures, flip from big-endian to little-endian.
// RISC Zero expects the state to always be big-endian, wheras this crate uses native-endian.
for word in state.iter_mut() {
*word = word.to_be();
}

// If aligned, reinterpret the u8 array blocks as u32 array blocks.
// If unaligned, the data needs to be copied.
match unsafe { blocks.align_to::<[u32; BLOCK_WORDS]>() } {
(&[], aligned_blocks, &[]) => compress_words(state, aligned_blocks),
_ => compress_words(state, &read_unaligned_blocks(&blocks)),
};

// On little-endian architectures, flip from big-endian to little-endian.
for word in state.iter_mut() {
*word = word.to_be();
}
}