231 Commits

Author SHA1 Message Date
Brian Smith
89bcf8ed30 build.rs: Apply Clippy's advice regarding rustfmt::skip. 2020-11-11 16:46:41 -08:00
Brian Smith
ef7cf3bfc5 Merge BoringSSL 47b1e39: Tidy up third_party/fiat. 2020-06-02 14:02:26 -05:00
Brian Smith
e8bdd5b7b1 Make RSA work for WebAssembly targets when the "wasm32_c" feature is enabled.
Run the RSA and signature tests in WebAssembly.

Implement Elem*Elem multiplication for platforms for which we have no assembly
language implementation of it. Refactor the code to accomodate this.

`elem_reduced` was infallible previously as it always ensured the prerequisites
for the reduction were met. Make this clear in the return type, as a side-effect
of the refactoring needed for implementing the multiplication.

This implementation is far from efficient. More work needs to be done to make it
faster.
2020-05-29 21:07:20 -05:00
Brian Smith
fae863956b bigint: Replace GFp_bn_mul_add_word with GFp_limbs_mul_add_limb.
Replace `GFp_bn_mul_add_word` with a clearer, simpler implementation.
The new `GFp_limbs_mul_add_limb` avoid explicit branches at the C code
level, unlike the code it replaces. (Obviously, even with the new
"branchless" code the compiler might be able to synthesize branches.)
2020-05-29 21:07:20 -05:00
Brian Smith
0e7fdf5e91 Split ASSERT into dev_assert_secret and debug_assert_nonsecret. 2020-05-29 13:23:29 -05:00
Brian Smith
0c5f61b14f Merge BoringSSL c556d87: Add aes_nohw.c fallback AES implementation.
Add the BoringSSL aes_nohw implementation with minimal changes needed to
build. Enable the AES-GCM AEAD tests for wasm32 targets gated on the "wasm_c"
feature.
2020-05-28 10:51:03 -05:00
Brian Smith
742f0ebb11 Implement ASSERT() for wasm32 targets. 2020-05-27 15:09:15 -05:00
Brian Smith
10c4b68e63 Add new "wasm32_c" feature to enable more functionality for wasm32 targets. 2020-05-27 14:59:52 -05:00
Brian Smith
e2543e48d0 AES: Import ARMv7 VPAES implementation from BoringSSL.
Use the VPAES implementation from BoringSSL as of commit c556d87ddfe836294c8e04fc59d0c298951a4cc7,
with the 192-bit key handling and decryption removed.

Merge the VPAES and BSAES cases to VPAES_BSAES. Switch between the VPAES and BSAES implementation
on ARMv7 based on the amount of data being encrypted.

Clarify the dispatching logic in `ring::aead::aes`. In particular, avoid using `_` patterns
when matching on the result of `detect_implementation()`. Also rename Fallback to NOHW.
2020-05-21 18:44:42 -05:00
Brian Smith
192d946b82 Replace gcm_nohw.c with gcm_nohw.rs. 2020-05-06 10:57:33 -05:00
Brian Smith
d3cab43a4a Merge BoringSSL 9855c1c: Add a constant-time fallback GHASH
implementation.

*ring* tries to work without type-punning `memcpy`, so the use of that
in `GFp_gcm_ghash_nohw` was replaced by the use of `u64_from_be_bytes`.
This will (I hope) also help with the eventual support for big-endian
targets. Here's the diff from BoringSSL in that function:

```diff
-void gcm_ghash_nohw(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
-                    size_t len) {
+void GFp_gcm_ghash_nohw(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+                        size_t len) {
   uint64_t swapped[2];
   swapped[0] = CRYPTO_bswap8(Xi[1]);
   swapped[1] = CRYPTO_bswap8(Xi[0]);

   while (len >= 16) {
-    uint64_t block[2];
-    OPENSSL_memcpy(block, inp, 16);
-    swapped[0] ^= CRYPTO_bswap8(block[1]);
-    swapped[1] ^= CRYPTO_bswap8(block[0]);
+    swapped[0] ^= u64_from_be_bytes(&inp[8]);
+    swapped[1] ^= u64_from_be_bytes(inp);
     gcm_polyval_nohw(swapped, &Htable[0]);
     inp += 16;
     len -= 16;
```

I also had to add a couple of (uint32_t) truncating casts where
BoringSSL expects an implicit truncation to occur, to avoid
`-Werror=conversion`.

During the merge, I found that `GFp_gcm_gmult_clmul` had its
`.cfi_startproc` on the wrong line. I fixed that as part of the merge.

During my review of the BoringSSL changes, I noticed that BoringSSL had
left some of the dead code in ghash-x86_64.pl, which had previously been
removed in *ring*. That removal is being done in BoringSSL in [1].

[1] https://boringssl-review.googlesource.com/c/boringssl/+/41144
2020-05-04 10:54:19 -05:00
Brian Smith
a9705a1ec3 Remove more dead code. 2020-05-01 21:59:37 -05:00
Brian Smith
2f8b7e7568 Remove unused aes128gcmsiv-x86_64.pl. 2020-05-01 10:40:21 -05:00
Brian Smith
92f936bc3b Fix the case where a cargo environment variable is set in build.rs.
Previously, build.rs. would print "cargo:..." to stdout if a variable
`$cargo` was set. This conflicted with Cargo's interpretation of
"cargo:..." to direct it to do things; see [1].

Instead, write to stderr to avoid the conflict. Also change the
formatting of the the environment variable logging so that even if
stderr gets redirected to stdout, such conflicts won't occur.

[1]
https://doc.rust-lang.org/cargo/reference/build-scripts.html#outputs-of-the-build-script
2020-04-28 11:02:54 -05:00
Brian Smith
f15828a7a6 Stop disabling legacy_directory_ownership to fix Rust 1.41 beta channel builds. 2019-12-23 18:41:07 -06:00
Brian Smith
f6c0e0d1ea cargo fmt. 2019-12-23 15:25:24 -06:00
lzutao
c250e3125e Use array::iter
See clippy::into_iter lint and https://github.com/rust-lang/rust/pull/65819
2019-12-23 12:42:49 -06:00
Brian Smith
ffc0f9714e Always use release configuration for C code in published builds. 2019-07-22 12:08:35 -10:00
Brian Smith
8943885e63 build.rs: Remove redundant Target accessors. 2019-07-22 12:06:59 -10:00
Brian Smith
e32e46c922 Stop defining _XOPEN_SOURCE.
It is no longer needed.
2019-07-15 17:30:40 -10:00
Brian Smith
d367526a27 Remove 32-bit x86 SHA-2 assembly code. 2019-07-09 17:25:46 -10:00
Brian Smith
c53955ea8a Initial wasm32-unknown-unknown support. 2019-07-03 12:20:00 -10:00
Brian Smith
9a99848d74 Enable VPAES fallback implementation of AES for Aarch64. 2019-07-02 16:13:32 -10:00
Brian Smith
b1b75a241f Replace GFp_block128_xor with Rust code. 2019-06-14 14:36:59 -10:00
Brian Smith
f0d4d21e85 Use stable rustfmt. 2019-04-10 09:33:38 -10:00
Brian Smith
d712f6493b Avoid unnecessarily-named explicit lifetime parameters. 2019-03-06 14:04:39 -10:00
Brian Smith
31991cf8d5 Remove commented-out code line in build.rs. 2019-03-03 10:58:09 -10:00
Brian Smith
1d47ce821d Remove now-unused box_pointers linting hints in build.rs. 2019-03-03 10:29:57 -10:00
Brian Smith
0728827d2e Don't enable -Wmissing-prototypes and -Wmissing-declarations.
These really don't make much sense any more given most calls are from
Rust to C.
2019-02-13 08:28:30 -10:00
Brian Smith
ca9d638ca0 Update build.rs and Cargo.toml for the Fiat file renaming. 2019-02-12 10:26:20 -10:00
Brian Smith
fd06534dcd Merge BoringSSL 32e59d2: Switch to new fiat pipeline. 2019-02-12 09:56:51 -10:00
Brian Smith
c7f0eadf0f Move ARM CPU feature caching from C to Rust.
Some of the targets in Rust's `cross` toolchains have old libc headers
that don't have sys/auxv.h, and we want to do this in Rust anyway.

Unfortunately, in the process of doing so, I found out that
`libc::getauxval()` isn't available in enough places either, so we skip
dealing with *that* too.
2019-01-28 14:33:31 -10:00
Brian Smith
387a6965ff Move remaining AEAD feature detection from C to Rust. 2019-01-28 14:33:31 -10:00
Brian Smith
af1bd64d0f Stop disabling -Wcast-align. 2019-01-19 10:12:40 -10:00
Brian Smith
4c345bca47 Enable -Wconversion and -Wsign-conversion. 2019-01-19 10:12:40 -10:00
Brian Smith
06586b8056 Don't build currently-unused p256_beeu-x86_64-asm.pl. 2019-01-03 15:59:09 -10:00
Brian Smith
b989d3343d Implement high-level AES-GCM logic to Rust. 2018-12-14 11:39:34 -10:00
Brian Smith
2843931bb7 Switch to Rust 2018 Edition.
Switch to Rust 2018 Edition. Fix up some build breakage for different
configurations that were found in the process of testing this,
particularly `--no-default-features`.
2018-12-08 21:39:17 -10:00
Brian Smith
6206823c7f Unify asm vs C fallback implementation selection.
These functions are used mutually-exclusively and even compiled
mutually-exclusively.

This also removes a build warning on targets where aes.c is empty;
they were complaining that aes.o (rightly) doesn't define anything
for those targets.

This makes the code more like BoringSSL's; they had made a similar
change before.
2018-12-04 18:24:13 -10:00
Brian Smith
cda9d33d31 Use Rust for RSA exponentiation. 2018-11-29 16:01:00 -10:00
Brian Smith
8d42286d98 Merge BoringSSL 3d450d2: Speed up ECDSA verify on x86-64.
The new modular inversion code isn't hooked up yet. The other stuff was
already being done by *ring*.
2018-11-27 16:53:50 -10:00
Brian Smith
b82bf1c937 Remove references to removed file e_aesgcmsiv.c. 2018-11-25 16:34:54 -10:00
Brian Smith
ea8cba0d85 Re-run rustfmt on build.rs. 2018-11-15 16:43:24 -10:00
Brian Smith
5ae5f0b1df Reformat everything else except {chacha.rs, poly1305.rs, aead/**}.
chacha.rs, poly1305.rs, and aead/** will be reformatted later.
2018-11-15 16:17:50 -10:00
Brian Smith
5c8f13a721 Remove unused polyval.c. 2018-11-15 16:17:39 -10:00
Brian Smith
1bfdf24a7f Replace "=> {}" with "=> ()". 2018-11-12 16:51:43 -10:00
Brian Smith
0b4483785c Remove more unneeded 'static lifetime annotations. 2018-11-03 13:32:36 -10:00
Brian Smith
08ec4f374c Revert "Revert "Check __ANDROID_API__ instead of defining it""
Reland commit b2fd4fabee20e321c4f327f15e6de76dfb21eea2.
2018-05-22 08:18:53 -10:00
Brian Smith
b60250e47e Remove bn.h. 2018-05-16 13:13:47 -10:00
Brian Smith
737e61df7d Remove BIGNUM. 2018-05-16 11:47:28 -10:00