diff options
Diffstat (limited to 'security/nss/automation/taskcluster/scripts')
4 files changed, 115 insertions, 1 deletions
diff --git a/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.c.patch b/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.c.patch new file mode 100644 index 0000000000..dc2ffc04a7 --- /dev/null +++ b/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.c.patch @@ -0,0 +1,50 @@ +28d27 +< #include "internal/Hacl_Hash_SHA2.h" +33a33,34 +> #include "../Hacl_Hash_SHA2_shim.h" +> +1670,1713d1670 +< } +< +< static inline void +< sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len, uint8_t *input) +< { +< uint8_t buf[128U] = { 0U }; +< uint64_t block_state[8U] = { 0U }; +< Hacl_Streaming_MD_state_64 +< s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; +< Hacl_Streaming_MD_state_64 p = s; +< Hacl_SHA2_Scalar32_sha512_init(block_state); +< Hacl_Streaming_MD_state_64 *st = &p; +< Hacl_Streaming_Types_error_code +< err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U); +< Hacl_Streaming_Types_error_code err1 = Hacl_Streaming_SHA2_update_512(st, input, len); +< KRML_HOST_IGNORE(err0); +< KRML_HOST_IGNORE(err1); +< Hacl_Streaming_SHA2_finish_512(st, hash); +< } +< +< static inline void +< sha512_pre_pre2_msg( +< uint8_t *hash, +< uint8_t *prefix, +< uint8_t *prefix2, +< uint32_t len, +< uint8_t *input) +< { +< uint8_t buf[128U] = { 0U }; +< uint64_t block_state[8U] = { 0U }; +< Hacl_Streaming_MD_state_64 +< s = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; +< Hacl_Streaming_MD_state_64 p = s; +< Hacl_SHA2_Scalar32_sha512_init(block_state); +< Hacl_Streaming_MD_state_64 *st = &p; +< Hacl_Streaming_Types_error_code +< err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U); +< Hacl_Streaming_Types_error_code +< err1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U); +< Hacl_Streaming_Types_error_code err2 = Hacl_Streaming_SHA2_update_512(st, input, len); +< KRML_HOST_IGNORE(err0); +< KRML_HOST_IGNORE(err1); +< KRML_HOST_IGNORE(err2); +< Hacl_Streaming_SHA2_finish_512(st, hash); diff --git a/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.h.internal.patch b/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.h.internal.patch new file mode 100644 index 0000000000..f79016fcf9 --- /dev/null +++ b/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.h.internal.patch @@ -0,0 +1,2 @@ +38d37 +< #include "internal/Hacl_Hash_SHA2.h" diff --git a/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.h.patch b/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.h.patch new file mode 100644 index 0000000000..781bde532e --- /dev/null +++ b/security/nss/automation/taskcluster/scripts/patches/Hacl_Ed25519.h.patch @@ -0,0 +1,2 @@ +39d38 +< #include "Hacl_Hash_SHA2.h" diff --git a/security/nss/automation/taskcluster/scripts/run_hacl.sh b/security/nss/automation/taskcluster/scripts/run_hacl.sh index f9831d24fd..f2c20a0ae3 100755 --- a/security/nss/automation/taskcluster/scripts/run_hacl.sh +++ b/security/nss/automation/taskcluster/scripts/run_hacl.sh @@ -12,7 +12,7 @@ set -e -x -v # Get the HACL* source, containing a snapshot of the C code, extracted on the # HACL CI. git clone -q "https://github.com/hacl-star/hacl-star" ~/hacl-star -git -C ~/hacl-star checkout -q 72f9d0c783cb716add714344604d591106dfbf7f +git -C ~/hacl-star checkout -q 0f136f28935822579c244f287e1d2a1908a7e552 # Format the C snapshot. cd ~/hacl-star/dist/mozilla @@ -33,6 +33,11 @@ files=($(find ~/nss/lib/freebl/verified/internal -type f -name '*.[ch]')) for f in "${files[@]}"; do file_name=$(basename "$f") hacl_file=($(find ~/hacl-star/dist/mozilla/internal/ -type f -name $file_name)) + if [ $file_name == "Hacl_Ed25519.h" \ + -o $file_name == "Hacl_Ed25519_PrecompTable.h" ] + then + continue; + fi diff $hacl_file $f done @@ -49,5 +54,60 @@ for f in "${files[@]}"; do then continue; fi + + if [ $file_name == "Hacl_Ed25519.h" \ + -o $file_name == "Hacl_Ed25519.c" ] + then + continue; + fi diff $hacl_file $f done + +# Here we process the code that's not located in /hacl-star/dist/mozilla/ but +# /hacl-star/dist/gcc-compatible. + +cd ~/hacl-star/dist/gcc-compatible +cp ~/nss/.clang-format . +find . -type f -name '*.[ch]' -exec clang-format -i {} \+ + +patches=($(find ~/nss/automation/taskcluster/scripts/patches/ -type f -name '*.patch')) +for f in "${patches[@]}"; do + file_name=$(basename "$f") + file_name="${file_name%.*}" + if_internal="${file_name##*.}" + if [ $if_internal == "internal" ] + then + file_name="${file_name%.*}" + patch_file=($(find ~/hacl-star/dist/gcc-compatible/internal/ -type f -name $file_name)) + else + patch_file=($(find ~/hacl-star/dist/gcc-compatible/ -type f -name $file_name -not -path "*/hacl-star/dist/gcc-compatible/internal/*")) + fi + if [ ! -z "$patch_file" ] + then + patch $patch_file $f + fi +done + +files=($(find ~/nss/lib/freebl/verified/internal -type f -name '*.[ch]')) +for f in "${files[@]}"; do + file_name=$(basename "$f") + hacl_file=($(find ~/hacl-star/dist/gcc-compatible/internal/ -type f -name $file_name)) + if [ $file_name != "Hacl_Ed25519.h" \ + -a $file_name != "Hacl_Ed25519_PrecompTable.h" ] + then + continue; + fi + diff $hacl_file $f +done + +files=($(find ~/nss/lib/freebl/verified/ -type f -name '*.[ch]' -not -path "*/freebl/verified/internal/*")) +for f in "${files[@]}"; do + file_name=$(basename "$f") + hacl_file=($(find ~/hacl-star/dist/gcc-compatible/ -type f -name $file_name -not -path "*/hacl-star/dist/gcc-compatible/internal/*")) + if [ $file_name != "Hacl_Ed25519.h" \ + -a $file_name != "Hacl_Ed25519.c" ] + then + continue; + fi + diff $hacl_file $f +done
\ No newline at end of file |