Bug 1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf3…

…5d6 r=nss-reviewers,jschanck Differential Revision: https://phabricator.services.mozilla.com/D158327
ffontaine · Apr 17, 2023 · 6a1f5d1 · 6a1f5d1
1 parent f2b8548
commit 6a1f5d1
Show file tree

Hide file tree

Showing 62 changed files with 4,701 additions and 1,394 deletions.
diff --git a/automation/taskcluster/scripts/run_hacl.sh b/automation/taskcluster/scripts/run_hacl.sh
@@ -11,22 +11,34 @@ set -e -x -v
 # The docker image this is running in has NSS sources.
 # Get the HACL* source, containing a snapshot of the C code, extracted on the
 # HACL CI.
-# When bug 1593647 is resolved, extract the code on CI again.
-git clone -q "https://github.com/project-everest/hacl-star" ~/hacl-star
-git -C ~/hacl-star checkout -q c95ab70fcb2bc21025d8845281bc4bc8987ca683
+git clone -q "https://github.com/hacl-star/hacl-star" ~/hacl-star
+git -C ~/hacl-star checkout -q 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
 
 # Format the C snapshot.
 cd ~/hacl-star/dist/mozilla
 cp ~/nss/.clang-format .
 find . -type f -name '*.[ch]' -exec clang-format -i {} \+
-cd ~/hacl-star/dist/kremlin
+cd ~/hacl-star/dist/karamel
 cp ~/nss/.clang-format .
 find . -type f -name '*.[ch]' -exec clang-format -i {} \+
 
 # These diff commands will return 1 if there are differences and stop the script.
-files=($(find ~/nss/lib/freebl/verified/ -type f -name '*.[ch]'))
+
+# We have two checks in the script. 
+# The first one only checks the files in the verified/internal folder; the second one does for all the rest
+# It was implemented like this due to not uniqueness of the names in the verified folders
+# For instance, the files Hacl_Chacha20.h are present in both directories, but the content differs.
+
+files=($(find ~/nss/lib/freebl/verified/internal -type f -name '*.[ch]'))
+for f in "${files[@]}"; do
+    file_name=$(basename "$f")
+    hacl_file=($(find ~/hacl-star/dist/mozilla/internal/ -type f -name $file_name))
+    diff $hacl_file $f
+done
+
+files=($(find ~/nss/lib/freebl/verified/ -type f -name '*.[ch]' -not -path "*/freebl/verified/internal/*"))
 for f in "${files[@]}"; do
     file_name=$(basename "$f")
-    hacl_file=($(find ~/hacl-star/dist/mozilla/ ~/hacl-star/dist/kremlin/ -type f -name $file_name))
+    hacl_file=($(find ~/hacl-star/dist/mozilla/ ~/hacl-star/dist/karamel/ -type f -name $file_name -not -path "*/hacl-star/dist/mozilla/internal/*"))
     diff $hacl_file $f
 done
diff --git a/coreconf/config.mk b/coreconf/config.mk
@@ -131,6 +131,19 @@ endif
 #######################################################################
 # Master "Core Components" macros for Hardware features               #
 #######################################################################
+
+ifndef NSS_DISABLE_SSE3
+    NSS_DISABLE_SSE3 = 0
+    ifndef CC_IS_CLANG
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            NSS_DISABLE_SSE3 = 1
+        endif
+    endif
+    ifeq (1,$(NSS_DISABLE_SSE3))
+        export NSS_DISABLE_SSE3
+    endif
+endif #ndef NSS_DISABLE_SSE3
+
 ifndef NSS_DISABLE_AVX2
     ifneq ($(CPU_ARCH),x86_64)
         # Disable AVX2 entirely on non-Intel platforms
@@ -139,14 +152,9 @@ ifndef NSS_DISABLE_AVX2
     else
         # Clang reports its version as an older gcc, but it's OK
         ifndef CC_IS_CLANG
-            ifneq (,$(filter 0 1 2 3,$(word 1,$(GCC_VERSION))))
+            ifneq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
                 NSS_DISABLE_AVX2 = 1
             endif
-            ifeq (4,$(word 1,$(GCC_VERSION)))
-                ifeq (,$(filter 8 9,$(word 2,$(GCC_VERSION))))
-                    NSS_DISABLE_AVX2 = 1
-                endif
-            endif
         endif
         ifeq (1,$(NSS_DISABLE_AVX2))
             $(warning Unable to find gcc 4.8 or greater, disabling -mavx2)
@@ -179,6 +187,10 @@ ifdef NSS_DISABLE_AVX2
 DEFINES += -DNSS_DISABLE_AVX2
 endif
 
+ifdef NSS_DISABLE_SSE3
+DEFINES += -DNSS_DISABLE_SSE3
+endif
+
 ifdef NSS_DISABLE_CHACHAPOLY
 DEFINES += -DNSS_DISABLE_CHACHAPOLY
 endif

diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile
@@ -572,18 +572,18 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null </dev/null | sed -e 's/:.*//;1q'),lcc)
             HAVE_INT128_SUPPORT = 1
             DEFINES += -DHAVE_INT128_SUPPORT
         endif
-        ifneq (,$(filter 0 1 2 3,$(word 1,$(GCC_VERSION))))
+        ifneq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
             NSS_DISABLE_AVX2 = 1
         endif
-        ifeq (4,$(word 1,$(GCC_VERSION)))
-            ifeq (,$(filter 8 9,$(word 2,$(GCC_VERSION))))
-                NSS_DISABLE_AVX2 = 1
-            endif
-        endif
         ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
             HAVE_INT128_SUPPORT = 1
             DEFINES += -DHAVE_INT128_SUPPORT
         endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            NSS_DISABLE_SSE3 = 1
+            NSS_DISABLE_SSE4_1 = 1
+            NSS_DISABLE_SSE4_2 = 1
+        endif
     endif
 endif # lcc
 endif # USE_64
@@ -596,8 +596,12 @@ ifndef NSS_DISABLE_CHACHAPOLY
     ifeq ($(CPU_ARCH),x86_64)
         ifndef NSS_DISABLE_AVX2
             EXTRA_SRCS += Hacl_Poly1305_256.c Hacl_Chacha20_Vec256.c Hacl_Chacha20Poly1305_256.c
+            DEFINES += -DHACL_CAN_COMPILE_VEC256
         endif # NSS_DISABLE_AVX2
-        EXTRA_SRCS += Hacl_Poly1305_128.c Hacl_Chacha20_Vec128.c Hacl_Chacha20Poly1305_128.c
+        ifndef NSS_DISABLE_SSE3
+            EXTRA_SRCS += Hacl_Poly1305_128.c Hacl_Chacha20_Vec128.c Hacl_Chacha20Poly1305_128.c
+            DEFINES += -DHACL_CAN_COMPILE_VEC128 
+        endif
     endif # x86_64
 
     VERIFIED_SRCS += Hacl_Poly1305_32.c Hacl_Chacha20.c Hacl_Chacha20Poly1305_32.c
@@ -639,7 +643,7 @@ vpath %.c mpi ecl verified deprecated
 vpath %.S mpi ecl
 vpath %.s mpi ecl
 vpath %.asm mpi ecl
-INCLUDES += -Impi -Iecl -Iverified -Iverified/kremlin/include -Iverified/kremlin/kremlib/dist/minimal -Ideprecated
+INCLUDES += -Impi -Iecl -Iverified -Iverified/internal -Iverified/karamel/include -Iverified/karamel/krmllib/dist/minimal -Ideprecated
 
 
 DEFINES += -DMP_API_COMPATIBLE

diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
@@ -207,17 +207,18 @@ ChaCha20Xor(uint8_t *output, uint8_t *block, uint32_t len, uint8_t *k,
             uint8_t *nonce, uint32_t ctr)
 {
 #ifdef NSS_X64
+#ifndef NSS_DISABLE_AVX2
+    if (avx2_support()) {
+        Hacl_Chacha20_Vec256_chacha20_encrypt_256(len, output, block, k, nonce, ctr);
+    }
+#endif
+
+#ifndef NSS_DISABLE_SSE3
     if (ssse3_support() && sse4_1_support() && avx_support()) {
-#ifdef NSS_DISABLE_AVX2
         Hacl_Chacha20_Vec128_chacha20_encrypt_128(len, output, block, k, nonce, ctr);
-#else
-        if (avx2_support()) {
-            Hacl_Chacha20_Vec256_chacha20_encrypt_256(len, output, block, k, nonce, ctr);
-        } else {
-            Hacl_Chacha20_Vec128_chacha20_encrypt_128(len, output, block, k, nonce, ctr);
-        }
+    }
 #endif
-    } else
+
 #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
     !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
     if (ppc_crypto_support()) {
@@ -280,37 +281,41 @@ ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, unsigned char *output,
     }
 
 #ifdef NSS_X64
+#ifndef NSS_DISABLE_AVX2
+    if (avx2_support()) {
+        Hacl_Chacha20Poly1305_256_aead_encrypt(
+            (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
+            (uint8_t *)input, output, output + inputLen);
+        goto finish;
+    }
+#endif
+
+#ifndef NSS_DISABLE_SSE3
     if (ssse3_support() && sse4_1_support() && avx_support()) {
-#ifdef NSS_DISABLE_AVX2
         Hacl_Chacha20Poly1305_128_aead_encrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
             (uint8_t *)input, output, output + inputLen);
-#else
-        if (avx2_support()) {
-            Hacl_Chacha20Poly1305_256_aead_encrypt(
-                (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
-                (uint8_t *)input, output, output + inputLen);
-        } else {
-            Hacl_Chacha20Poly1305_128_aead_encrypt(
-                (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
-                (uint8_t *)input, output, output + inputLen);
-        }
+        goto finish;
+    }
 #endif
-    } else
+
 #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
     !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
     if (ppc_crypto_support()) {
         Chacha20Poly1305_vsx_aead_encrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
             (uint8_t *)input, output, output + inputLen);
-    } else
+        goto finish;
+    }
 #endif
     {
         Hacl_Chacha20Poly1305_32_aead_encrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
             (uint8_t *)input, output, output + inputLen);
+        goto finish;
     }
 
+finish:
     *outputLen = inputLen + ctx->tagLen;
     return SECSuccess;
 #endif
@@ -349,37 +354,41 @@ ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output,
 
     uint32_t res = 1;
 #ifdef NSS_X64
+#ifndef NSS_DISABLE_AVX2
+    if (avx2_support()) {
+        res = Hacl_Chacha20Poly1305_256_aead_decrypt(
+            (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
+            (uint8_t *)output, (uint8_t *)input, (uint8_t *)input + ciphertextLen);
+        goto finish;
+    }
+#endif
+
+#ifndef NSS_DISABLE_SSE3
     if (ssse3_support() && sse4_1_support() && avx_support()) {
-#ifdef NSS_DISABLE_AVX2
         res = Hacl_Chacha20Poly1305_128_aead_decrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
             (uint8_t *)output, (uint8_t *)input, (uint8_t *)input + ciphertextLen);
-#else
-        if (avx2_support()) {
-            res = Hacl_Chacha20Poly1305_256_aead_decrypt(
-                (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
-                (uint8_t *)output, (uint8_t *)input, (uint8_t *)input + ciphertextLen);
-        } else {
-            res = Hacl_Chacha20Poly1305_128_aead_decrypt(
-                (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
-                (uint8_t *)output, (uint8_t *)input, (uint8_t *)input + ciphertextLen);
-        }
+        goto finish;
+    }
 #endif
-    } else
+
 #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
     !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
     if (ppc_crypto_support()) {
         res = Chacha20Poly1305_vsx_aead_decrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
             (uint8_t *)output, (uint8_t *)input, (uint8_t *)input + ciphertextLen);
-    } else
+        goto finish;
+    }
 #endif
     {
         res = Hacl_Chacha20Poly1305_32_aead_decrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
             (uint8_t *)output, (uint8_t *)input, (uint8_t *)input + ciphertextLen);
+        goto finish;
     }
 
+finish:
     if (res) {
         PORT_SetError(SEC_ERROR_BAD_DATA);
         return SECFailure;
@@ -420,25 +429,42 @@ ChaCha20Poly1305_Encrypt(const ChaCha20Poly1305Context *ctx,
     }
 
 #ifdef NSS_X64
+#ifndef NSS_DISABLE_AVX2
+    if (avx2_support()) {
+        Hacl_Chacha20Poly1305_256_aead_encrypt(
+            (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
+            (uint8_t *)input, output, outTag);
+        goto finish;
+    }
+#endif
+
+#ifndef NSS_DISABLE_SSE3
     if (ssse3_support() && sse4_1_support() && avx_support()) {
         Hacl_Chacha20Poly1305_128_aead_encrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
             (uint8_t *)input, output, outTag);
-    } else
+        goto finish;
+    }
+#endif
+
+    else
 #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
     !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
     if (ppc_crypto_support()) {
         Chacha20Poly1305_vsx_aead_encrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
             (uint8_t *)input, output, outTag);
+        goto finish;
     } else
 #endif
     {
         Hacl_Chacha20Poly1305_32_aead_encrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, inputLen,
             (uint8_t *)input, output, outTag);
+        goto finish;
     }
 
+finish:
     *outputLen = inputLen;
     return SECSuccess;
 #endif
@@ -477,25 +503,41 @@ ChaCha20Poly1305_Decrypt(const ChaCha20Poly1305Context *ctx,
 
     uint32_t res = 1;
 #ifdef NSS_X64
+#ifndef NSS_DISABLE_AVX2
+    if (avx2_support()) {
+        res = Hacl_Chacha20Poly1305_256_aead_decrypt(
+            (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
+            (uint8_t *)output, (uint8_t *)input, (uint8_t *)tagIn);
+        goto finish;
+    }
+#endif
+
+#ifndef NSS_DISABLE_SSE3
     if (ssse3_support() && sse4_1_support() && avx_support()) {
         res = Hacl_Chacha20Poly1305_128_aead_decrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
             (uint8_t *)output, (uint8_t *)input, (uint8_t *)tagIn);
-    } else
+        goto finish;
+    }
+#endif
+
 #elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__) && \
     !defined(NSS_DISABLE_ALTIVEC) && !defined(NSS_DISABLE_CRYPTO_VSX)
     if (ppc_crypto_support()) {
         res = Chacha20Poly1305_vsx_aead_decrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
             (uint8_t *)output, (uint8_t *)input, (uint8_t *)tagIn);
-    } else
+        goto finish;
+    }
 #endif
     {
         res = Hacl_Chacha20Poly1305_32_aead_decrypt(
             (uint8_t *)ctx->key, (uint8_t *)nonce, adLen, (uint8_t *)ad, ciphertextLen,
             (uint8_t *)output, (uint8_t *)input, (uint8_t *)tagIn);
+        goto finish;
     }
 
+finish:
     if (res) {
         PORT_SetError(SEC_ERROR_BAD_DATA);
         return SECFailure;

diff --git a/lib/freebl/freebl.gyp b/lib/freebl/freebl.gyp
@@ -761,8 +761,9 @@
       'mpi',
       'ecl',
       'verified',
-      'verified/kremlin/include',
-      'verified/kremlin/kremlib/dist/minimal',
+      'verified/internal',
+      'verified/karamel/include',
+      'verified/karamel/krmllib/dist/minimal',
       'deprecated',
     ],
     'defines': [
@@ -833,6 +834,13 @@
           'MP_IS_LITTLE_ENDIAN',
          ],
       }],
+      # Poly1305_256 requires the flag to run
+      ['target_arch=="x64"', {
+        'defines':[
+          'HACL_CAN_COMPILE_VEC128',
+          'HACL_CAN_COMPILE_VEC256',
+        ],
+      }],
       # MSVC has no __int128 type. Use emulated int128 and leave
       # have_int128_support as-is for Curve25519 impl. selection.
       [ 'have_int128_support==1 and (OS!="win" or cc_is_clang==1 or cc_is_gcc==1)', {