Expose SHA512 to vats #3512
Labels
enhancement
New feature or request
liveslots
requires vat-upgrade to deploy changes
moddable-P2
Moddable collaboration: future priority
SwingSet
package: SwingSet
xsnap
the XS execution tool
What is the Problem Being Solved?
The ongoing Endo "hashed archive" work means that vats (Zoe in particular) will soon need the ability to compute SHA512 over bytes. @kriskowal 's new "hashBundle" package will use this to accept a source-code archive and verify/return its hash. Zoe will then use this package to accept bundles and return an InstallationHandle with a "get hash" method.
Description of the Design
SHA512 is just an algorithm, and our vats are Turing-complete, so strictly speaking we don't need to do anything special. But for performance (and correctness) reasons we probably want to use native code to do the hashing.
We'll start with a platform-level SHA512 function:
import ?? from 'crypto'
on Node, something written in C on XS. Then the vat worker supervisor will need to expose it to the vat. We'll either make it a global, or attach it tovatPowers
, depending on our confidence and patience.Security Considerations
A C implementation of SHA512 will consume CPU time in proportion to the data you feed it, but won't cause the compute meter to change very much, so we must consider whether vats can use this for a metering attack.
The implementation must, of course, be memory safe and not expose any undue authority. To the vat. It should be just like an open-coded JS SHA512 library, but faster.
Test Plan
Normal unit tests.
The text was updated successfully, but these errors were encountered: