Expose SHA512 to vats

[warner]

What is the Problem Being Solved?

The ongoing Endo "hashed archive" work means that vats (Zoe in particular) will soon need the ability to compute SHA512 over bytes. @kriskowal 's new "hashBundle" package will use this to accept a source-code archive and verify/return its hash. Zoe will then use this package to accept bundles and return an InstallationHandle with a "get hash" method.

Description of the Design

SHA512 is just an algorithm, and our vats are Turing-complete, so strictly speaking we don't need to do anything special. But for performance (and correctness) reasons we probably want to use native code to do the hashing.

We'll start with a platform-level SHA512 function: import ?? from 'crypto' on Node, something written in C on XS. Then the vat worker supervisor will need to expose it to the vat. We'll either make it a global, or attach it to vatPowers, depending on our confidence and patience.

Security Considerations

A C implementation of SHA512 will consume CPU time in proportion to the data you feed it, but won't cause the compute meter to change very much, so we must consider whether vats can use this for a metering attack.

The implementation must, of course, be memory safe and not expose any undue authority. To the vat. It should be just like an open-coded JS SHA512 library, but faster.

Test Plan

Normal unit tests.

[dckc]

The Moddable SDK includes a crypt module that includes sha512, so if/when we get build support for their module FFI system (#3510) we could slot that in.

[kriskowal]

That’s exciting and would save us the trouble of bouncing a message off the controlling process.