Implement Poseidon, Poseidon2 (#1618)

### What

Implements Poseidon, Poseidon:
- two new hash functions under `Crypto` which performs
Poseidon/Poseidon2 hashing. Underneath they wrap the permutation host
function call with a sponge implementation
- provide reference parameters for Poseidon/Poseidon2 for bn254
- results match both circom (for Poseidon) and noir (for Poseidon2) with
test cases
- also expose the two permutation host functions in `CryptoHazmat`, to
support custom sponge implementation / parameter sets.

### Why

[TODO: Why this change is being made. Include any context required to
understand the why.]

### Known limitations

For Poseidon only supports `hash2` (t=3, hashing two inputs into one
output) for now.
Only support BN254 for now.
To add support for the rest, need to generate and import those
parameters, which will be done in a followup.

Author: jayz22

soroban-sdk/src/crypto.rs

@@ -3,11 +3,19 @@
 use crate::{
     env::internal::{self, BytesObject},
     unwrap::UnwrapInfallible,
-    Bytes, BytesN, ConversionError, Env, IntoVal, TryFromVal, Val,
+    Bytes, BytesN, ConversionError, Env, IntoVal, Symbol, TryFromVal, TryIntoVal, Val, Vec, U256,
 };
 
 pub mod bls12_381;
 pub mod bn254;
+pub(crate) mod poseidon2_params;
+pub mod poseidon2_sponge;
+pub(crate) mod poseidon_params;
+pub mod poseidon_sponge;
+pub use bn254::Fr as BnScalar;
+pub use poseidon2_sponge::Poseidon2Sponge;
+pub use poseidon_sponge::PoseidonSponge;
+
 /// A `BytesN<N>` generated by a cryptographic hash function.
 ///
 /// The `Hash<N>` type contains a `BytesN<N>` and can only be constructed in
@@ -189,6 +197,28 @@ impl Crypto {
     pub fn bn254(&self) -> bn254::Bn254 {
         bn254::Bn254::new(self.env())
     }
+
+    /// Performs a Poseidon hash using a sponge construction
+    pub fn poseidon_hash(&self, inputs: &Vec<U256>, field: Symbol) -> U256 {
+        // The initial value for the capacity element initialized with 0 for standard Poseidon
+        let iv = U256::from_u32(&self.env, 0);
+        let mut sponge = PoseidonSponge::new(&self.env, iv, field);
+        for input in inputs.iter() {
+            sponge.absorb(input);
+        }
+        sponge.squeeze()
+    }
+
+    /// Performs a poseidon2 hash with a sponge construction equivalent to the one in the Barretenberg proving system
+    pub fn poseidon2_hash(&self, inputs: &Vec<U256>, field: Symbol) -> U256 {
+        // The initial value for the capacity element initialized with `input.len() * 2^24` for Poseidon2
+        let iv = U256::from_u128(&self.env, (inputs.len() as u128) << 64);
+        let mut sponge = Poseidon2Sponge::new(&self.env, iv, field);
+        for input in inputs.iter() {
+            sponge.absorb(input);
+        }
+        sponge.squeeze()
+    }
 }
 
 /// # ⚠️ Hazardous Materials
@@ -265,4 +295,68 @@ impl CryptoHazmat {
         )
         .unwrap_infallible();
     }
+
+    /// Performs a Poseidon permutation on the input state vector.
+    ///
+    /// WARNING: This is a low-level permutation function. Most users should use
+    /// the higher-level `poseidon_hash` function instead.
+    pub fn poseidon_permutation(
+        &self,
+        input: &Vec<U256>,
+        field: Symbol,
+        t: u32,
+        d: u32,
+        rounds_f: u32,
+        rounds_p: u32,
+        mds: &Vec<Vec<U256>>,
+        round_constants: &Vec<Vec<U256>>,
+    ) -> Vec<U256> {
+        let env = self.env();
+        let result = internal::Env::poseidon_permutation(
+            env,
+            input.to_object(),
+            field.to_symbol_val(),
+            t.into(),
+            d.into(),
+            rounds_f.into(),
+            rounds_p.into(),
+            mds.to_object(),
+            round_constants.to_object(),
+        )
+        .unwrap_infallible();
+
+        result.try_into_val(env).unwrap_infallible()
+    }
+
+    /// Performs a Poseidon2 permutation on the input state vector.
+    ///
+    /// WARNING: This is a low-level permutation function. Most users should use
+    /// the higher-level `poseidon2_hash` function instead.
+    pub fn poseidon2_permutation(
+        &self,
+        input: &Vec<U256>,
+        field: Symbol,
+        t: u32,
+        d: u32,
+        rounds_f: u32,
+        rounds_p: u32,
+        mat_internal_diag_m_1: &Vec<U256>,
+        round_constants: &Vec<Vec<U256>>,
+    ) -> Vec<U256> {
+        let env = self.env();
+        let result = internal::Env::poseidon2_permutation(
+            env,
+            input.to_object(),
+            field.to_symbol_val(),
+            t.into(),
+            d.into(),
+            rounds_f.into(),
+            rounds_p.into(),
+            mat_internal_diag_m_1.to_object(),
+            round_constants.to_object(),
+        )
+        .unwrap_infallible();
+
+        result.try_into_val(env).unwrap_infallible()
+    }
 }