Migrate to blake2b_simd and blake2s_simd crates

The primary reason for migrating is that these crates provide APIs for
setting the personalisation string. This enables us to depend solely on
published crates, and thus publish our own crates.

The SIMD implementations are ported from libsodium.

Closes #67.

librustzcash/Cargo.toml

@@ -15,6 +15,8 @@ crate-type = ["staticlib"]
 
 [dependencies]
 bellman = { path = "../bellman" }
+blake2b_simd = "0.5"
+blake2s_simd = "0.5"
 ff = { path = "../ff" }
 libc = "0.2"
 pairing = { path = "../pairing" }
@@ -24,7 +26,3 @@ rand = "0.4"
 sapling-crypto = { path = "../sapling-crypto" }
 zcash_primitives = { path = "../zcash_primitives" }
 zcash_proofs = { path = "../zcash_proofs" }
-
-[dependencies.blake2-rfc]
-git = "https://github.com/gtank/blake2-rfc"
-rev = "7a5b5fc99ae483a0043db7547fb79a6fa44b88a9"

librustzcash/src/equihash.rs

@@ -1,4 +1,4 @@
-use blake2_rfc::blake2b::{Blake2b, Blake2bResult};
+use blake2b_simd::{Hash as Blake2bHash, Params as Blake2bParams, State as Blake2bState};
 use byteorder::{BigEndian, LittleEndian, ReadBytesExt, WriteBytesExt};
 use std::io::Cursor;
 use std::mem::size_of;
@@ -33,7 +33,7 @@ impl Params {
 }
 
 impl Node {
-    fn new(p: &Params, state: &Blake2b, i: u32) -> Self {
+    fn new(p: &Params, state: &Blake2bState, i: u32) -> Self {
         let hash = generate_hash(state, i / p.indices_per_hash_output());
         let start = ((i % p.indices_per_hash_output()) * p.n / 8) as usize;
         let end = start + (p.n as usize) / 8;
@@ -99,15 +99,18 @@ impl Node {
     }
 }
 
-fn initialise_state(n: u32, k: u32, digest_len: u8) -> Blake2b {
+fn initialise_state(n: u32, k: u32, digest_len: u8) -> Blake2bState {
     let mut personalization: Vec<u8> = Vec::from("ZcashPoW");
     personalization.write_u32::<LittleEndian>(n).unwrap();
     personalization.write_u32::<LittleEndian>(k).unwrap();
 
-    Blake2b::with_params(digest_len as usize, &[], &[], &personalization)
+    Blake2bParams::new()
+        .hash_length(digest_len as usize)
+        .personal(&personalization)
+        .to_state()
 }
 
-fn generate_hash(base_state: &Blake2b, i: u32) -> Blake2bResult {
+fn generate_hash(base_state: &Blake2bState, i: u32) -> Blake2bHash {
     let mut lei = [0u8; 4];
     (&mut lei[..]).write_u32::<LittleEndian>(i).unwrap();
 
@@ -249,7 +252,7 @@ pub fn is_valid_solution_iterative(
     return rows[0].is_zero(hash_len);
 }
 
-fn tree_validator(p: &Params, state: &Blake2b, indices: &[u32]) -> Option<Node> {
+fn tree_validator(p: &Params, state: &Blake2bState, indices: &[u32]) -> Option<Node> {
     if indices.len() > 1 {
         let end = indices.len();
         let mid = end / 2;

librustzcash/src/rustzcash.rs

@@ -1,5 +1,6 @@
 extern crate bellman;
-extern crate blake2_rfc;
+extern crate blake2b_simd;
+extern crate blake2s_simd;
 extern crate byteorder;
 extern crate ff;
 extern crate libc;
@@ -33,7 +34,7 @@ use bellman::groth16::{
     create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof,
 };
 
-use blake2_rfc::blake2s::Blake2s;
+use blake2s_simd::Params as Blake2sParams;
 
 use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
 
@@ -336,7 +337,10 @@ pub extern "system" fn librustzcash_crh_ivk(
     let ak = unsafe { &*ak };
     let nk = unsafe { &*nk };
 
-    let mut h = Blake2s::with_params(32, &[], &[], CRH_IVK_PERSONALIZATION);
+    let mut h = Blake2sParams::new()
+        .hash_length(32)
+        .personal(CRH_IVK_PERSONALIZATION)
+        .to_state();
     h.update(ak);
     h.update(nk);
     let mut h = h.finalize().as_ref().to_vec();