|
|
|
|
# This file contains source lists that are also consumed by
|
|
|
|
|
# generate_build_files.py.
|
|
|
|
|
#
|
|
|
|
|
# TODO(davidben): Move the other source lists into this file.
|
|
|
|
|
|
|
|
|
|
set(
|
|
|
|
|
CRYPTO_TEST_DATA
|
|
|
|
|
|
|
|
|
|
crypto/blake2/blake2b256_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_cbc_sha1_tls_implicit_iv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_cbc_sha1_tls_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ccm_bluetooth_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ccm_bluetooth_8_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ccm_matter_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_ctr_hmac_sha256.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_gcm_randnonce_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_128_gcm_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_192_gcm_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_cbc_sha1_tls_implicit_iv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_cbc_sha1_tls_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_ctr_hmac_sha256.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_gcm_randnonce_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/aes_256_gcm_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/chacha20_poly1305_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/xchacha20_poly1305_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/cipher_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/des_ede3_cbc_sha1_tls_implicit_iv_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/des_ede3_cbc_sha1_tls_tests.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_128_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_128_ctr.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_128_gcm.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_192_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_192_ctr.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_256_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_256_ctr.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/aes_256_gcm.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/tdes_cbc.txt
|
|
|
|
|
crypto/cipher_extra/test/nist_cavp/tdes_ecb.txt
|
|
|
|
|
crypto/curve25519/ed25519_tests.txt
|
|
|
|
|
crypto/ecdh_extra/ecdh_tests.txt
|
|
|
|
|
crypto/evp/evp_tests.txt
|
|
|
|
|
crypto/evp/scrypt_tests.txt
|
|
|
|
|
crypto/fipsmodule/aes/aes_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/bn_tests.txt
|
|
|
|
|
crypto/fipsmodule/bn/miller_rabin_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt
|
|
|
|
|
crypto/fipsmodule/ec/ec_scalar_base_mult_tests.txt
|
P-256 assembly optimisations for Aarch64.
The ARMv8 assembly code in this commit is mostly taken from OpenSSL's `ecp_nistz256-armv8.pl` at https://github.com/openssl/openssl/blob/19e277dd19f2897f6a7b7eb236abe46655e575bf/crypto/ec/asm/ecp_nistz256-armv8.pl (see Note 1), adapting it to the implementation in p256-x86_64.c.
Most of the assembly functions found in `crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl` required to support that code have their analogous functions in the imported OpenSSL ARMv8 Perl assembly implementation with the exception of the functions:
- ecp_nistz256_select_w5
- ecp_nistz256_select_w7
An implementation for these functions was added.
Summary of modifications to the imported code:
* Renamed to `p256-armv8-asm.pl`
* Modified the location of `arm-xlate.pl` and `arm_arch.h`
* Replaced the `scatter-gather subroutines` with `select subroutines`. The `select subroutines` are implemented for ARMv8 similarly to their x86_64 counterparts, `ecp_nistz256_select_w5` and `ecp_nistz256_select_w7`.
* `ecp_nistz256_add` is removed because it was conflicting during the static build with the function of the same name in p256-nistz.c. The latter calls another assembly function, `ecp_nistz256_point_add`.
* `__ecp_nistz256_add` renamed to `__ecp_nistz256_add_to` to avoid the conflict with the function `ecp_nistz256_add` during the static build.
* l. 924 `add sp,sp,#256` the calculation of the constant, 32*(12-4), is not left for the assembler to perform.
Other modifications:
* `beeu_mod_inverse_vartime()` was implemented for AArch64 in `p256_beeu-armv8-asm.pl` similarly to its implementation in `p256_beeu-x86_64-asm.pl`.
* The files containing `p256-x86_64` in their name were renamed to, `p256-nistz` since the functions and tests defined in them are hereby running on ARMv8 as well, if enabled.
* Updated `delocate.go` and `delocate.peg` to handle the offset calculation in the assembly instructions.
* Regenerated `delocate.peg.go`.
Notes:
1- The last commit in the history of the file is in master only, the previous commits are in OpenSSL 3.0.1
2- This change focuses on AArch64 (64-bit architecture of ARMv8). It does not support ARMv4 or ARMv7.
Testing the performance on Armv8 platform using -DCMAKE_BUILD_TYPE=Release:
Before:
```
Did 2596 ECDH P-256 operations in 1093956us (2373.0 ops/sec)
Did 6996 ECDSA P-256 signing operations in 1044630us (6697.1 ops/sec)
Did 2970 ECDSA P-256 verify operations in 1084848us (2737.7 ops/sec)
```
After:
```
Did 6699 ECDH P-256 operations in 1091684us (6136.4 ops/sec)
Did 20000 ECDSA P-256 signing operations in 1012944us (19744.4 ops/sec)
Did 7051 ECDSA P-256 verify operations in 1060000us (6651.9 ops/sec)
```
Change-Id: I9fdef12db365967a9264b5b32c07967b55ea48bd
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51805
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
3 years ago
|
|
|
crypto/fipsmodule/ec/p256-nistz_tests.txt
|
|
|
|
|
crypto/fipsmodule/ecdsa/ecdsa_sign_tests.txt
|
|
|
|
|
crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt
|
|
|
|
|
crypto/fipsmodule/modes/gcm_tests.txt
|
|
|
|
|
crypto/fipsmodule/rand/ctrdrbg_vectors.txt
|
|
|
|
|
crypto/hmac_extra/hmac_tests.txt
|
|
|
|
|
crypto/hpke/hpke_test_vectors.txt
|
|
|
|
|
crypto/pkcs8/test/empty_password.p12
|
|
|
|
|
crypto/pkcs8/test/no_encryption.p12
|
|
|
|
|
crypto/pkcs8/test/nss.p12
|
|
|
|
|
crypto/pkcs8/test/null_password.p12
|
|
|
|
|
crypto/pkcs8/test/openssl.p12
|
|
|
|
|
crypto/pkcs8/test/pbes2_sha1.p12
|
|
|
|
|
crypto/pkcs8/test/pbes2_sha256.p12
|
|
|
|
|
crypto/pkcs8/test/unicode_password.p12
|
|
|
|
|
crypto/pkcs8/test/windows.p12
|
|
|
|
|
crypto/poly1305/poly1305_tests.txt
|
|
|
|
|
crypto/siphash/siphash_tests.txt
|
|
|
|
|
crypto/x509/test/basic_constraints_ca.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_ca_pathlen_0.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_ca_pathlen_1.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_ca_pathlen_10.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_leaf.pem
|
|
|
|
|
crypto/x509/test/basic_constraints_none.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_name_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_intermediate_subject_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_name_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_leaf_subject_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_key_usage.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_name_constraints.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/invalid_extension_root_subject_key_identifier.pem
|
|
|
|
|
crypto/x509/test/many_constraints.pem
|
|
|
|
|
crypto/x509/test/many_names1.pem
|
|
|
|
|
crypto/x509/test/many_names2.pem
|
|
|
|
|
crypto/x509/test/many_names3.pem
|
Tighten up supported PSS combinations in X.509.
Matching Chromium, Go, and TLS 1.3, only allow SHA-256, SHA-384, and
SHA-512 RSA-PSS signatures, where MGF-1 and message hash match and salt
length is hash length. Sadly, we are stuck tolerating an explicit
trailerField for now. See the certificates in cl/362617931.
This also fixes an overflow bug in handling the salt length. On
platforms with 64-bit long and 32-bit int, we would misinterpret, e.g,
2^62 + 32 as 32. Also clean up the error-handling of maskHash. It was
previously handled in a very confusing way; syntax errors in maskHash
would succeed and only be noticed later, in rsa_mgf1_decode.
I haven't done it in this change, but as a followup, we can, like
Chromium, reduce X.509 signature algorithms down to a single enum.
Update-Note: Unusual RSA-PSS combinations in X.509 are no longer
accepted. This same change (actually a slightly stricter version) has
already landed in Chrome.
Bug: 489
Change-Id: I85ca3a4e14f76358cac13e66163887f6dade1ace
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53865
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
3 years ago
|
|
|
crypto/x509/test/pss_sha1_explicit.pem
|
|
|
|
|
crypto/x509/test/pss_sha1_mgf1_syntax_error.pem
|
|
|
|
|
crypto/x509/test/pss_sha1.pem
|
|
|
|
|
crypto/x509/test/pss_sha224.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_explicit_trailer.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_mgf1_sha384.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_mgf1_syntax_error.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_omit_nulls.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_salt_overflow.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_salt31.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_unknown_mgf.pem
|
|
|
|
|
crypto/x509/test/pss_sha256_wrong_trailer.pem
|
|
|
|
|
crypto/x509/test/pss_sha256.pem
|
|
|
|
|
crypto/x509/test/pss_sha384.pem
|
|
|
|
|
crypto/x509/test/pss_sha512.pem
|
|
|
|
|
crypto/x509/test/some_names1.pem
|
|
|
|
|
crypto/x509/test/some_names2.pem
|
|
|
|
|
crypto/x509/test/some_names3.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_authority_key_identifier.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_basic_constraints.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_ext_key_usage.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_key_usage.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_name_constraints.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_subject_alt_name.pem
|
|
|
|
|
crypto/x509/test/trailing_data_leaf_subject_key_identifier.pem
|
|
|
|
|
third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/aes_cmac_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/aes_gcm_siv_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/aes_gcm_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/chacha20_poly1305_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/dsa_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp224r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp256r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp384r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdh_secp521r1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp224r1_sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp224r1_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp224r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp256r1_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp256r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/eddsa_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hkdf_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/hmac_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/kwp_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/kw_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/primality_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha1_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha224_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha224_mgf1sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha256_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha256_mgf1sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha384_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha384_mgf1sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha512_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_2048_sha512_mgf1sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha256_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha256_mgf1sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha512_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_3072_sha512_mgf1sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha256_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha256_mgf1sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha512_mgf1sha1_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_4096_sha512_mgf1sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_oaep_misc_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pkcs1_2048_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pkcs1_3072_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pkcs1_4096_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_2048_sha1_mgf1_20_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_2048_sha256_mgf1_0_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_2048_sha256_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_3072_sha256_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_4096_sha256_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_4096_sha512_mgf1_32_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_pss_misc_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_sig_gen_misc_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha224_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_2048_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_3072_sha256_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_3072_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_3072_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_4096_sha384_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_4096_sha512_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/rsa_signature_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/x25519_test.txt
|
|
|
|
|
third_party/wycheproof_testvectors/xchacha20_poly1305_test.txt
|
|
|
|
|
)
|
