repo-sync-2025-04-22T17:16:18+0800 (#519)

Author: shaojian-ant

.bazelrc

@@ -58,3 +58,5 @@ build:gm --define BRPC_WITH_TONGSUO=true
 
 # make sure yacl is built with tongsuo in gm mode
 build:gm --define YACL_WITH_TONGSUO=true
+
+build:gmp --define BIGNUM_WITH_GMP=true

STANDARDS.md

@@ -3,43 +3,43 @@
 This library provides full implementation of the following NIST-standardized cryptography specifications:
 
 ## **Core Algorithms**
-- **AES** (FIPS 197)  
+- **AES** (FIPS 197)
 
 - **SM3** (GM/T 0004-2012)
 
 - **SM4** (GM/T 0002-2012)
 
-- **SHA2/SHA3 Family** (FIPS 180-4, FIPS 202)  
+- **SHA2/SHA3 Family** (FIPS 180-4, FIPS 202)
 
-- **HMAC** (FIPS 198-1)  
+- **HMAC** (FIPS 198-1)
 
-- **KMAC** (SP 800-56B)  
+- **KMAC** (SP 800-56B)
 
 ## **Post-Quantum Cryptography**
-- **ML-KEM** (FIPS 203)  
+- **ML-KEM** (FIPS 203)
 
-- **ML-DSA** (FIPS 204)  
+- **ML-DSA** (FIPS 204)
 
 ## **Digital Signatures**
-- **DSA** (FIPS 186)  
+- **DSA** (FIPS 186)
 
 ## Public Key Cryptography
 - **RSA**  (SP 800-185)
 
 ## **Elliptic Curve Cryptography**
 - **ECC** (GM/T 0003-2012, FIPS 186-4, RFC 7748, RFC 8032)
-- **Hash-to-Curve** (RFC 9380)  
+- **Hash-to-Curve** (RFC 9380)
 
 ## **Secure Randomness**
-- **Hash-DRBG** (SP 800-90A)  
- 
-- **CTR-DRBG** (SP 800-90A)  
- 
+- **Hash-DRBG** (SP 800-90A)
+
+- **CTR-DRBG** (SP 800-90A)
+
 - **Entropy Sources** (SP 800-90B)
 
 ## **Authenticated Encryption**
-- **AES-GCM** (SP 800-38D)  
- 
-- **AEAD** (RFC 5116)  
+- **AES-GCM** (SP 800-38D)
+
+- **AEAD** (RFC 5116)
 
 ---

bazel/config/BUILD.bazel

@@ -17,3 +17,9 @@ config_setting(
     define_values = {"YACL_WITH_TONGSUO": "true"},
     visibility = ["//visibility:public"],
 )
+
+config_setting(
+    name = "gmp",
+    define_values = {"BIGNUM_WITH_GMP": "true"},
+    visibility = ["//visibility:public"],
+)

yacl/crypto/experimental/sse/README.md

@@ -13,13 +13,13 @@ This paper proposes a highly scalable searchable symmetric encryption (SSE) sche
 ## Implemention
 
 1. **T-Set Instantiation**
-   - `tset.h`
-   - `tset.cc`
-   - `tset_test.cc`
+    - `tset.h`
+    - `tset.cc`
+    - `tset_test.cc`
 2. **OXT: Oblivious Cross-Tags Protocol**
-   - `sse.h`
-   - `sse.cc`
-   - Test:`sse_test.cc`
+    - `sse.h`
+    - `sse.cc`
+    - Test:`sse_test.cc`
 
 ## Test
 
@@ -30,11 +30,3 @@ This paper proposes a highly scalable searchable symmetric encryption (SSE) sche
 
 Census Income Dataset
 https://tianchi.aliyun.com/dataset/111479
-
-
-
-
-
-
-
-### 

yacl/crypto/hash/BUILD.bazel

@@ -28,6 +28,18 @@ yacl_cc_library(
     ],
 )
 
+yacl_cc_library(
+    name = "ssl_hash_xof",
+    srcs = ["ssl_hash_xof.cc"],
+    hdrs = ["ssl_hash_xof.h"],
+    deps = [
+        ":hash_interface",
+        "//yacl/base:exception",
+        "//yacl/crypto:openssl_wrappers",
+        "//yacl/utils:scope_guard",
+    ],
+)
+
 yacl_cc_test(
     name = "ssl_hash_all_test",
     srcs = ["ssl_hash_all_test.cc"],
@@ -36,6 +48,14 @@ yacl_cc_test(
     ],
 )
 
+yacl_cc_test(
+    name = "ssl_hash_xof_test",
+    srcs = ["ssl_hash_xof_test.cc"],
+    deps = [
+        ":ssl_hash_xof",
+    ],
+)
+
 yacl_cc_library(
     name = "blake3",
     srcs = ["blake3.cc"],
@@ -81,6 +101,7 @@ yacl_cc_library(
     hdrs = ["hash_utils.h"],
     deps = [
         ":ssl_hash",
+        ":ssl_hash_xof",
         "//yacl/base:int128",
         "@blake3",
     ],

yacl/crypto/hash/hash_interface.h

@@ -42,8 +42,8 @@ enum class HashAlgorithm : int {
   BLAKE2B = 7,  // blake2 is disabled by tongsuo
 #endif
   BLAKE3 = 8,
-
-  SHAKE512 = 9,
+  SHAKE128 = 9,
+  SHAKE256 = 10,
 };
 
 // HashInterface defines an interface for hash functions.
@@ -107,8 +107,10 @@ inline const char *ToString(HashAlgorithm hash_algo) {
     case HashAlgorithm::BLAKE2B:
       return "blake2b-512";
 #endif
-    case HashAlgorithm::SHAKE512:
-      return "shake-512";
+    case HashAlgorithm::SHAKE128:
+      return "shake-128";
+    case HashAlgorithm::SHAKE256:
+      return "shake-256";
     default:
       YACL_THROW("Unsupported hash algo: {}", static_cast<int>(hash_algo));
   }

yacl/crypto/hash/hash_utils.cc

@@ -20,7 +20,10 @@
 
 #include "c/blake3.h"
 
+#include "yacl/base/byte_container_view.h"
 #include "yacl/base/exception.h"
+#include "yacl/crypto/hash/ssl_hash.h"
+#include "yacl/crypto/hash/ssl_hash_xof.h"
 
 namespace yacl::crypto {
 
@@ -40,6 +43,20 @@ std::array<uint8_t, 32> Sm3(ByteContainerView data) {
   return out;
 }
 
+std::vector<uint8_t> Shake128(ByteContainerView data, size_t output_length) {
+  YACL_ENFORCE(output_length > 0, "Output length must be positive");
+  SslHashXof hash(HashAlgorithm::SHAKE128);
+  hash.Update(data);
+  return hash.CumulativeHash(output_length);
+}
+
+std::vector<uint8_t> Shake256(ByteContainerView data, size_t output_length) {
+  YACL_ENFORCE(output_length > 0, "Output length must be positive");
+  SslHashXof hash(HashAlgorithm::SHAKE256);
+  hash.Update(data);
+  return hash.CumulativeHash(output_length);
+}
+
 #ifndef YACL_WITH_TONGSUO
 std::array<uint8_t, 64> Blake2(ByteContainerView data) {
   auto buf = SslHash(HashAlgorithm::BLAKE2B).Update(data).CumulativeHash();

yacl/crypto/hash/hash_utils.h

@@ -18,6 +18,7 @@
 
 #include "yacl/base/int128.h"
 #include "yacl/crypto/hash/ssl_hash.h"
+#include "yacl/crypto/hash/ssl_hash_xof.h"
 
 namespace yacl::crypto {
 
@@ -27,6 +28,12 @@ std::array<uint8_t, 32> Sm3(ByteContainerView data);  // 256-bits
 
 std::array<uint8_t, 32> Blake3(ByteContainerView data);  // 256-bits
 
+// XOF (Extendable Output Function) hash functions
+std::vector<uint8_t> Shake128(ByteContainerView data,
+                              size_t output_length = 16);  // default 128-bits
+std::vector<uint8_t> Shake256(ByteContainerView data,
+                              size_t output_length = 32);  // default 256-bits
+
 #define DECLARE_HASH_OUT_128(func)                                   \
   inline uint128_t func##_128(ByteContainerView data) {              \
     auto hash_bytes = func(data);                                    \
@@ -39,7 +46,6 @@ std::array<uint8_t, 32> Blake3(ByteContainerView data);  // 256-bits
 
 DECLARE_HASH_OUT_128(Sha256);  // uint128_t Sha256_128(ByteContainerView data);
 DECLARE_HASH_OUT_128(Sm3);     // uint128_t Sm3_128(ByteContainerView data);
-
 DECLARE_HASH_OUT_128(Blake3);  // uint128_t Blake3_128(ByteContainerView data);
 
 #ifndef YACL_WITH_TONGSUO

yacl/crypto/hash/ssl_hash_xof.cc

@@ -0,0 +1,69 @@
+// Copyright 2025 Ant Group Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "yacl/crypto/hash/ssl_hash_xof.h"
+
+#include <openssl/evp.h>
+
+#include "yacl/base/exception.h"
+
+namespace yacl::crypto {
+
+SslHashXof::SslHashXof(HashAlgorithm hash_algo)
+    : hash_algo_(hash_algo),
+      md_(openssl::FetchEvpMd(ToString(hash_algo))),
+      context_(EVP_MD_CTX_new()) {
+  YACL_ENFORCE(context_ != nullptr, "Failed to create EVP_MD_CTX");
+  YACL_ENFORCE(EVP_DigestInit_ex(context_.get(), md_.get(), nullptr) == 1,
+               "Failed to initialize XOF hash");
+  switch (hash_algo) {
+    case HashAlgorithm::SHAKE128:
+      digest_size_ = 32;
+      break;
+    case HashAlgorithm::SHAKE256:
+      digest_size_ = 64;
+      break;
+    default:
+      YACL_THROW("Unsupported XOF algorithm: {}", static_cast<int>(hash_algo));
+  }
+}
+
+HashInterface& SslHashXof::Reset() {
+  OSSL_RET_1(EVP_DigestInit_ex(context_.get(), md_.get(), nullptr));
+  return *this;
+}
+
+HashInterface& SslHashXof::Update(ByteContainerView data) {
+  OSSL_RET_1(EVP_DigestUpdate(context_.get(), data.data(), data.size()));
+  return *this;
+}
+
+std::vector<uint8_t> SslHashXof::CumulativeHash() const {
+  return CumulativeHash(digest_size_);
+}
+
+std::vector<uint8_t> SslHashXof::CumulativeHash(size_t output_length) const {
+  std::vector<uint8_t> output(output_length);
+  auto ctx_snapshot = openssl::UniqueMdCtx(EVP_MD_CTX_new());
+  YACL_ENFORCE(ctx_snapshot != nullptr);
+
+  EVP_MD_CTX_init(ctx_snapshot.get());
+  OSSL_RET_1(EVP_MD_CTX_copy_ex(ctx_snapshot.get(), context_.get()));
+  OSSL_RET_1(
+      EVP_DigestFinalXOF(ctx_snapshot.get(), output.data(), output_length));
+
+  return output;
+}
+
+}  // namespace yacl::crypto

yacl/crypto/hash/ssl_hash_xof.h

@@ -0,0 +1,60 @@
+// Copyright 2025 Ant Group Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#pragma once
+
+#include "yacl/base/byte_container_view.h"
+#include "yacl/crypto/hash/hash_interface.h"
+#include "yacl/crypto/openssl_wrappers.h"
+
+namespace yacl::crypto {
+
+class SslHashXof : public HashInterface {
+ public:
+  explicit SslHashXof(HashAlgorithm hash_algo);
+  // From HashInterface.
+  HashAlgorithm GetHashAlgorithm() const override { return hash_algo_; }
+  size_t DigestSize() const override { return digest_size_; }
+  HashInterface& Reset() override;
+  HashInterface& Update(ByteContainerView data) override;
+  std::vector<uint8_t> CumulativeHash() const override;
+
+  // For XOF hash functions, this method allows requesting a specific output
+  // length.
+  std::vector<uint8_t> CumulativeHash(size_t output_length) const;
+
+ private:
+  HashAlgorithm hash_algo_;
+  openssl::UniqueMd md_;
+  openssl::UniqueMdCtx context_;
+  size_t digest_size_ = 32;
+};
+
+// Shake128Hash implements HashInterface for the Shake128 hash function,
+// which is an extendable-output function (XOF) defined in FIPS 202.
+// SHAKE128 allows for variable-length output.
+class Shake128Hash final : public SslHashXof {
+ public:
+  Shake128Hash() : SslHashXof(HashAlgorithm::SHAKE128) {}
+};
+
+// Shake256Hash implements HashInterface for the Shake256 hash function,
+// which is an extendable-output function (XOF) defined in FIPS 202.
+// SHAKE256 allows for variable-length output.
+class Shake256Hash final : public SslHashXof {
+ public:
+  Shake256Hash() : SslHashXof(HashAlgorithm::SHAKE256) {}
+};
+
+}  // namespace yacl::crypto