| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D74384
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D70519
|
|
|
|
|
|
|
| |
Only some Arm32 supports neon, so let's introduce NSS_DISABLE_ARM32_NEON
to allow disabling Neon acceleration when building for Arm32.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
|
|
|
|
|
|
| |
supported by older compilers r=kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D68407
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chacha20Poly1305. r=kjacobs
***
Bug 1612493 - Import AVX2 code from HACL*
***
Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE
***
Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp
***
Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2
***
Bug 1612493 - Disable tests when the platform doesn't have support for AVX2
Differential Revision: https://phabricator.services.mozilla.com/D64718
|
|
|
|
| |
enable NEON code generation.
|
|
|
|
|
|
|
|
| |
At the moment NSS assumes that every PowerPC64 architecture supports
Altivec but it's not true and this leads to build failure. So add
NSS_DISABLE_ALTIVEC environment variable(and disable_altivec for
gyp) to disable Altivec extension on PowerPC build that don't support
Altivec.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite the code having runtime detection of NEON and crypto extensions,
the optimized code using those instructions is disabled at build time on
platforms where the compiler doesn't enable NEON by default of with the
flags it's given for the caller code.
In the case of gcm, this goes as far as causing a build error.
What is needed is for the optimized code to be enabled in every case,
letting the caller code choose whether to use that code based on the
existing runtime checks.
But this can't be simply done either, because those optimized parts of
the code need to be built with NEON enabled, unconditionally, but that
is not compatible with platforms using the softfloat ABI. For those,
we need to use the softfp ABI, which is compatible. However, the softfp
ABI is not compatible with the hardfp ABI, so we also can't
unconditionally use the softfp ABI, so we do so only when the compiler
targets the softfloat ABI, which confusingly enough is advertized via
the `__SOFTFP__` define.
Differential Revision: https://phabricator.services.mozilla.com/D59451
|
|
|
|
|
|
|
|
|
|
| |
This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
Differential Revision: https://phabricator.services.mozilla.com/D55414
|
| |
|
|
|
|
|
|
|
|
| |
aarch64 doesn't have `cpuid` like instruction set. Actually, we use getauxval system call on Linux/aarch64 to check CPU features.
Windows has `IsProcessorFeaturePresent` API to get CPU features, so we should use it to check whether current CPU supports ARM Crypto extension.
Differential Revision: https://phabricator.services.mozilla.com/D55270
|
|
|
|
|
|
|
|
|
|
| |
This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs:
* The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130.
* The hacl task on CI requires Bug 1593647 to get fixed.
Depends on D55413.
Differential Revision: https://phabricator.services.mozilla.com/D55414
|
|
|
|
|
|
| |
Optimize GCM perfomance using https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf via ARM's NEON.
Differential Revision: https://phabricator.services.mozilla.com/D40403
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implementation for POWER8 adapted from the ARM paper:
https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf
Benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 \
-v tests/aes_gcm/iv10 -k tests/aes_gcm/key10 -5 10` on POWER8 3.3GHz.
NSS_DISABLE_HW_CRYPTO=1
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_gcm_e 309Mb 192 5M 0 0.000 10000.000 10.001 30Mb
mode in symmkey opreps cxreps context op time(sec) thrgput
aes_gcm_e 829Mb 192 14M 0 0.000 10000.000 10.001 82Mb
Notable operf results, sw:
samples % image name symbol name
226033 59.3991 libfreeblpriv3.so bmul
80606 21.1824 libfreeblpriv3.so rijndael_encryptBlock128
28851 7.5817 libfreeblpriv3.so gcm_HashMult_sftw
hw:
213899 56.2037 libfreeblpriv3.so rijndael_encryptBlock128
45233 11.8853 libfreeblpriv3.so gcm_HashMult_hw
So the ghash part is ~5.6x faster.
Signed-off-by: Lauri Kasanen <cand@gmx.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This switches to using -std=c99 for compiling all C code. Previously, we only
enabled this option for lib/freebl and lib/ssl.
For Linux, this means we need to define _DEFAULT_SOURCE to access some of the
functions we use. On glibc 2.12 (our oldest supported version), we also need to
define _BSD_SOURCE to access these functions.
The only tricky part is dealing with partial C99 implementation in gcc 4.4.
From what I've seen, the only problem is that - in that mode - it doesn't
support nesting of unnamed fields:
https://gcc.gnu.org/onlinedocs/gcc-4.4.7/gcc/Unnamed-Fields.html
This also switches from -std=c++0x to -std=c++11 as the 0x variant, though
identical in meaning, is deprecated.
Differential Revision: https://phabricator.services.mozilla.com/D50421
|
|
|
|
|
|
|
|
| |
Adds an option to disable ARMv8 HW AES, if `-Ddisable_arm_hw_aes=1` is passed to build.sh.
Depends on D34473
Differential Revision: https://phabricator.services.mozilla.com/D44018
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D34473
|
|
|
|
|
|
| |
arm_aes_encrypt_cbc_128 on Android 8.0 Pixel2 pgo
See bug 1570991
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D34473
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implementation is from the paper of https://conradoplg.cryptoland.net/files/2010/12/gcm14.pdf
benchmark of `bltest -E -m aes_gcm -i tests/aes_gcm/plaintext10 -v tests/aes_gcm/iv10 -k tests/aes_gcm/key10 -5 10` on Cortex-A72 (AWS a1)
### Before
```
# mode in symmkey opreps cxreps context op time(sec) thrgput
aes_gcm_e 265Mb 192 4M 0 0.000 10000.000 10.000 26Mb
```
### After
```
# mode in symmkey opreps cxreps context op time(sec) thrgput
aes_gcm_e 659Mb 192 11M 0 0.000 10000.000 10.000 65Mb
```
Differential Revision: https://phabricator.services.mozilla.com/D34995
|
|
|
|
|
|
| |
Solaris SPARC r=jcj
Differential Revision: https://phabricator.services.mozilla.com/D30628
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D30380
|
|
|
|
|
|
| |
--static), remove Test builds from taskcluster since we exercise pk11_gtest and mpi_gtests in non-static builds already. r=mt,jcj
Differential Revision: https://phabricator.services.mozilla.com/D30998
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D30383
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
To compile ARM's NEON code, compiler may require -mfpu=neon.
Actually, since Gecko always turn on NEON (Bug 1469790), it already uses -mfpu.
But tier-3 platform such as Linux/armeabi doesn't set -mfpu=neon as default.
So it might require this command line option.
Reviewers: mt
Bug #: 1501542
Differential Revision: https://phabricator.services.mozilla.com/D11430
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D9493
|
|
|
|
| |
See https://bugzilla.mozilla.org/show_bug.cgi?id=1471566#c4
|
|
|
|
| |
Differential Revision: https://phabricator.services.mozilla.com/D7996
|
| |
|
|
|
|
| |
r=franziskus
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This adds the vectorized ChaCha20 implementation from HACL* to NSS and replaces the old vectorized code.
Note that this is not used on Android as we currently have no way of testing this for Android or use it on Android for Firefox.
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1424663
Differential Revision: https://phabricator.services.mozilla.com/D467
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
We accidentally disabled uint128_t for the HACL curve in GYP builds.
This is less nice but works.
Reviewers: ttaubert
Reviewed By: ttaubert
Bug #: 1419173
Differential Revision: https://phabricator.services.mozilla.com/D274
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This patch moves NSS to track HACL* master instead of the nss-production branch.
It also contains a new version of the Curve25519 HACL* code that resolved many of the style issues of the old version.
Reviewers: franziskus
Differential Revision: https://phabricator.services.mozilla.com/D268
|
|
|
|
|
|
|
|
|
|
|
|
| |
implementation, r=franziskus
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1400603
Differential Revision: https://phabricator.services.mozilla.com/D65
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This patch replaces the legacy curve25519_64.c code by the formally verified HaCl* code.
The new code has been proven to have functional correctness, memory safety and a set of side-channel resistance properties.
Note: All files from the new `verified` folder are formally verified in F* but for 'kremlib.h' that remains in the trusted code base.
Reviewers: franziskus, ekr, ttaubert, mt
Differential Revision: https://nss-review.dev.mozaws.net/D395
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r=mt,kaie
Summary:
Compilation of the HaCl* formally verified C code requires C99 syntax for loops.
This patch enables GNU C99 syntax on all C compilers for Linux by passing -std=gnu99.
Reviewers: kaie, franziskus
Subscribers: mt, bbeurdouche
Differential Revision: https://nss-review.dev.mozaws.net/D388
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D353
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D345
|
|
|
|
|
|
| |
r=mt,ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D291
|
| |
|
| |
|
| |
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D170
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D161
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D149
|
| |
|
|
|
|
| |
Differential Revision: https://nss-review.dev.mozaws.net/D131
|
|
|
|
| |
patch originally by sk <sk.alvin.x>
|