feat!: replace keccak with sha-256

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 - Added a "--jobs" option to "uarch-riscv-tests.lua" test
 - add-created-files.diff should now be applied with `-p1`
+- keccak hash algorithm replaced by sha-256
 
 ### Fixed
 - Fixed --skip-root-hash-store not skipping root hash computation when using the cli

src/Makefile

@@ -157,6 +157,7 @@ INCS+= \
 	-I../third-party/tiny_sha3 \
 	-I../third-party/nlohmann-json \
 	-I../third-party/downloads \
+	-I../third-party/SHA256 \
 	$(BOOST_INC)
 
 # Use 64-bit offsets for file operations in POSIX APIs
@@ -363,7 +364,8 @@ LIBCARTESI_OBJS:= \
 	uarch-pristine-ram.o \
 	uarch-pristine-state-hash.o \
 	uarch-pristine-hash.o \
-	send-cmio-response.o
+	send-cmio-response.o \
+	sha256.o
 
 CARTESI_CLUA_OBJS:= \
 	clua.o \
@@ -385,7 +387,8 @@ LIBCARTESI_MERKLE_TREE_OBJS:= \
 	back-merkle-tree.o \
 	pristine-merkle-tree.o \
 	complete-merkle-tree.o \
-	full-merkle-tree.o
+	full-merkle-tree.o \
+	sha256.o
 
 MERKLE_TREE_HASH_OBJS:= \
 	merkle-tree-hash.o
@@ -545,6 +548,9 @@ jsonrpc-discover.cpp: jsonrpc-discover.json
 sha3.o: ../third-party/tiny_sha3/sha3.c
 	$(CC) $(CFLAGS) $(SHA3_CFLAGS) -c -o $@ $<
 
+sha256.o: ../third-party/SHA256/sha256.c
+	$(CC) $(CFLAGS) $(SHA3_CFLAGS) -c -o $@ $<
+
 uarch-pristine-ram.o: $(UARCH_PRISTINE_RAM_C)
 	$(CC) $(CFLAGS) -c -o $@ $<
 

src/back-merkle-tree.h

@@ -17,7 +17,7 @@
 #ifndef BACK_MERKLE_TREE_H
 #define BACK_MERKLE_TREE_H
 
-#include "keccak-256-hasher.h"
+#include "machine-hasher.h"
 #include "merkle-tree-proof.h"
 #include "pristine-merkle-tree.h"
 
@@ -37,7 +37,7 @@ namespace cartesi {
 class back_merkle_tree {
 public:
     /// \brief Hasher class.
-    using hasher_type = keccak_256_hasher;
+    using hasher_type = machine_hasher_type;
 
     /// \brief Storage for a hash.
     using hash_type = hasher_type::hash_type;

src/cartesi-machine.lua

@@ -2062,14 +2062,14 @@ local function check_outputs_root_hash(root_hash, hashes)
             if not c1 then break end
             local c2 = hashes[child + 1]
             if c2 then
-                parent_output_hashes[parent] = cartesi.keccak(c1, c2)
+                parent_output_hashes[parent] = cartesi.hash(c1, c2)
             else
-                parent_output_hashes[parent] = cartesi.keccak(c1, z)
+                parent_output_hashes[parent] = cartesi.hash(c1, z)
             end
             parent = parent + 1
             child = child + 2
         end
-        z = cartesi.keccak(z, z)
+        z = cartesi.hash(z, z)
         hashes = parent_output_hashes
     end
     assert(root_hash == hashes[1], "output root hash mismatch")
@@ -2254,7 +2254,7 @@ while math.ult(machine:read_mcycle(), max_mcycle) do
         if cmio_advance and cmio_advance.next_input_index > cmio_advance.input_index_begin then
             if reason == cartesi.machine.HTIF_YIELD_AUTOMATIC_REASON_TX_OUTPUT then
                 local output = save_cmio_output(machine, cmio_advance, length)
-                local output_hash = cartesi.keccak(output)
+                local output_hash = cartesi.hash(output)
                 output_hashes[#output_hashes + 1] = output_hash
                 cmio_advance.output_index = cmio_advance.output_index + 1
             elseif reason == cartesi.machine.HTIF_YIELD_AUTOMATIC_REASON_TX_REPORT then

src/cartesi/proof.lua

@@ -13,7 +13,7 @@ function _M.roll_hash_up_tree(proof, target_hash)
         else
             first, second = hash, proof.sibling_hashes[i]
         end
-        hash = cartesi.keccak(first, second)
+        hash = cartesi.hash(first, second)
     end
     return hash
 end
@@ -26,7 +26,7 @@ end
 function _M.word_slice_assert(root_hash, proof, word)
     assert(proof.log2_target_size == 3, "not a word proof")
     assert(root_hash == proof.root_hash, "proof root_hash mismatch")
-    assert(cartesi.keccak(word) == proof.target_hash, "proof target_hash mismatch")
+    assert(cartesi.hash(word) == proof.target_hash, "proof target_hash mismatch")
     assert(_M.roll_hash_up_tree(proof, proof.target_hash) == root_hash, "node not in tree")
 end
 
@@ -37,7 +37,7 @@ end
 
 function _M.word_splice_assert(root_hash, proof, old_word, new_word, new_root_hash)
     _M.word_slice_assert(root_hash, proof, old_word)
-    assert(_M.roll_hash_up_tree(proof, cartesi.keccak(new_word)) == new_root_hash, "new root hash mismatch")
+    assert(_M.roll_hash_up_tree(proof, cartesi.hash(new_word)) == new_root_hash, "new root hash mismatch")
 end
 
 return _M

src/clua-cartesi.cpp

@@ -17,8 +17,8 @@
 #include "clua-i-virtual-machine.h"
 #include "clua-machine.h"
 #include "clua.h"
-#include "keccak-256-hasher.h"
 #include "machine-c-api.h"
+#include "machine-merkle-tree.h"
 #include "riscv-constants.h"
 #include "uarch-constants.h"
 #include "uarch-pristine.h"
@@ -41,12 +41,12 @@ static const auto gperf_meta = cartesi::clua_make_luaL_Reg_array({
 });
 #endif
 
-/// \brief This is the cartesi.keccak() function implementation.
+/// \brief This is the cartesi.hash() function implementation.
 /// \param L Lua state.
-static int cartesi_mod_keccak(lua_State *L) {
+static int cartesi_mod_hash(lua_State *L) {
     using namespace cartesi;
-    keccak_256_hasher h;
-    keccak_256_hasher::hash_type hash;
+    machine_merkle_tree::hasher_type h;
+    machine_merkle_tree::hash_type hash;
     if (lua_gettop(L) > 2) {
         luaL_argerror(L, 3, "too many arguments");
     }
@@ -84,7 +84,7 @@ static int cartesi_mod_keccak(lua_State *L) {
 
 /// \brief Contents of the cartesi module table.
 static const auto cartesi_mod = cartesi::clua_make_luaL_Reg_array({
-    {"keccak", cartesi_mod_keccak},
+    {"hash", cartesi_mod_hash},
 });
 
 extern "C" {

src/complete-merkle-tree.h

@@ -17,10 +17,10 @@
 #ifndef COMPLETE_MERKLE_TREE_H
 #define COMPLETE_MERKLE_TREE_H
 
-#include "keccak-256-hasher.h"
 #include "merkle-tree-proof.h"
 #include "meta.h"
 #include "pristine-merkle-tree.h"
+#include <machine-merkle-tree.h>
 
 /// \file
 /// \brief Complete Merkle tree interface.
@@ -35,7 +35,7 @@ namespace cartesi {
 class complete_merkle_tree {
 public:
     /// \brief Hasher class.
-    using hasher_type = keccak_256_hasher;
+    using hasher_type = machine_merkle_tree::hasher_type;
 
     /// \brief Storage for a hash.
     using hash_type = hasher_type::hash_type;

src/full-merkle-tree.h

@@ -17,7 +17,7 @@
 #ifndef FULL_MERKLE_TREE_H
 #define FULL_MERKLE_TREE_H
 
-#include "keccak-256-hasher.h"
+#include "machine-hasher.h"
 #include "merkle-tree-proof.h"
 #include "pristine-merkle-tree.h"
 
@@ -31,7 +31,7 @@ namespace cartesi {
 class full_merkle_tree {
 public:
     /// \brief Hasher class.
-    using hasher_type = keccak_256_hasher;
+    using hasher_type = machine_hasher_type;
 
     /// \brief Storage for a hash.
     using hash_type = hasher_type::hash_type;

src/machine-hasher.h

@@ -0,0 +1,28 @@
+// Copyright Cartesi and individual authors (see AUTHORS)
+// SPDX-License-Identifier: LGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify it under
+// the terms of the GNU Lesser General Public License as published by the Free
+// Software Foundation, either version 3 of the License, or (at your option) any
+// later version.
+//
+// This program is distributed in the hope that it will be useful, but WITHOUT ANY
+// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+// PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License along
+// with this program (see COPYING). If not, see <https://www.gnu.org/licenses/>.
+//
+
+#ifndef MACHINE_HASHER_H
+#define MACHINE_HASHER_H
+
+#include "sha-256-hasher.h"
+
+namespace cartesi {
+
+using machine_hasher_type = sha_256_hasher;
+
+}
+
+#endif

src/machine-merkle-tree.h

@@ -26,7 +26,7 @@
 #include <iosfwd>
 #include <unordered_map>
 
-#include "keccak-256-hasher.h"
+#include "machine-hasher.h"
 #include "merkle-tree-proof.h"
 #include "pristine-merkle-tree.h"
 
@@ -49,7 +49,7 @@ namespace cartesi {
 /// original data whenever needed and never stored.
 /// Pages are divided into *words* that cover LOG2_WORD_SIZE
 /// bits of address space.
-/// Tree leaves contain Keccak-256 hashes of individual words.
+/// Tree leaves contain sha256 hashes of individual words.
 ///
 /// Tree contents are updated page-by-page using calls to
 /// machine_merkle_tree#begin_update, machine_merkle_tree#update_page, ...,
@@ -110,7 +110,7 @@ class machine_merkle_tree final {
     }
 
     /// \brief Hasher class.
-    using hasher_type = keccak_256_hasher;
+    using hasher_type = machine_hasher_type;
 
     /// \brief Storage for a hash.
     using hash_type = hasher_type::hash_type;

src/merkle-tree-hash.cpp

@@ -24,11 +24,11 @@
 #include <iostream>
 
 #include "back-merkle-tree.h"
-#include "keccak-256-hasher.h"
+#include "machine-hasher.h"
 #include "unique-c-ptr.h"
 
 using namespace cartesi;
-using hasher_type = keccak_256_hasher;
+using hasher_type = machine_hasher_type;
 using hash_type = hasher_type::hash_type;
 
 /// \brief Checks if string matches prefix and captures remaninder
@@ -173,7 +173,7 @@ the hash of the data in the range.
 The Merkle tree root hash is simply the node hash corresponding to the
 entire 2^log2_root_size range.
 
-The hash function used is Keccak-256.
+The hash function used is defined in the machine_hasher.h header file.
 
 Options:
 

src/merkle-tree-proof.h

@@ -23,6 +23,8 @@
 #include <cstdint>
 #include <vector>
 
+#include "i-hasher.h"
+
 namespace cartesi {
 
 /// \brief Merkle tree proof structure

src/pristine-merkle-tree.h

@@ -20,7 +20,7 @@
 #include <cstdint>
 #include <vector>
 
-#include "keccak-256-hasher.h"
+#include "machine-hasher.h"
 
 /// \file
 /// \brief Pristine Merkle tree interface.
@@ -31,7 +31,7 @@ namespace cartesi {
 class pristine_merkle_tree {
 public:
     /// \brief Hasher class.
-    using hasher_type = keccak_256_hasher;
+    using hasher_type = machine_hasher_type;
 
     /// \brief Storage for a hash.
     using hash_type = hasher_type::hash_type;

src/sha-256-hasher.h

@@ -0,0 +1,66 @@
+// Copyright Cartesi and individual authors (see AUTHORS)
+// SPDX-License-Identifier: LGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify it under
+// the terms of the GNU Lesser General Public License as published by the Free
+// Software Foundation, either version 3 of the License, or (at your option) any
+// later version.
+//
+// This program is distributed in the hope that it will be useful, but WITHOUT ANY
+// WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+// PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License along
+// with this program (see COPYING). If not, see <https://www.gnu.org/licenses/>.
+//
+
+#ifndef SHA256_HASHER_H
+#define SHA256_HASHER_H
+
+#include <type_traits>
+
+#include "i-hasher.h"
+
+extern "C" {
+#include "sha256.h"
+}
+
+namespace cartesi {
+
+class sha_256_hasher final : public i_hasher<sha_256_hasher, std::integral_constant<int, 32>> {
+    sha256_context m_ctx{};
+
+    friend i_hasher<sha_256_hasher, std::integral_constant<int, 32>>;
+
+    void do_begin(void) {
+        sha256_init(&m_ctx);
+    }
+
+    void do_add_data(const unsigned char *data, size_t length) {
+        sha256_hash(&m_ctx, data, length);
+    }
+
+    void do_end(hash_type &hash) {
+        sha256_done(&m_ctx, hash.data());
+    }
+
+public:
+    /// \brief Default constructor
+    sha_256_hasher(void) = default;
+
+    /// \brief Default destructor
+    ~sha_256_hasher(void) = default;
+
+    /// \brief No copy constructor
+    sha_256_hasher(const sha_256_hasher &) = delete;
+    /// \brief No move constructor
+    sha_256_hasher(sha_256_hasher &&) = delete;
+    /// \brief No copy assignment
+    sha_256_hasher &operator=(const sha_256_hasher &) = delete;
+    /// \brief No move assignment
+    sha_256_hasher &operator=(sha_256_hasher &&) = delete;
+};
+
+} // namespace cartesi
+
+#endif