From 7cff8b8809a052cdd10d0128f2521c7ab98f5b49 Mon Sep 17 00:00:00 2001 From: zyppe <210hcl@gmail.com> Date: Tue, 20 Feb 2024 14:17:56 +0800 Subject: [PATCH] Initialize for libnettle --- .gitignore | 1 + .libnettle.metadata | 1 + baselibs.conf | 3 + ...t-Poly1305-single-block-update-based.patch | 537 ++++++++++++++++++ ...ined-structure-constants-of-P1305-in.patch | 105 ++++ ...emu-bug-affecting-the-ppc-intruction.patch | 46 ++ libnettle-rpmlintrc | 2 + libnettle.changes | 451 +++++++++++++++ libnettle.keyring | 37 ++ libnettle.spec | 164 ++++++ nettle-3.8.1.tar.gz.sig | Bin 0 -> 374 bytes 11 files changed, 1347 insertions(+) create mode 100644 .gitignore create mode 100644 .libnettle.metadata create mode 100644 baselibs.conf create mode 100644 libnettle-PowerPC-Implement-Poly1305-single-block-update-based.patch create mode 100644 libnettle-PowerPC-Use-defined-structure-constants-of-P1305-in.patch create mode 100644 libnettle-Workaround-for-qemu-bug-affecting-the-ppc-intruction.patch create mode 100644 libnettle-rpmlintrc create mode 100644 libnettle.changes create mode 100644 libnettle.keyring create mode 100644 libnettle.spec create mode 100644 nettle-3.8.1.tar.gz.sig diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dca963f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +nettle-3.8.1.tar.gz diff --git a/.libnettle.metadata b/.libnettle.metadata new file mode 100644 index 0000000..213df42 --- /dev/null +++ b/.libnettle.metadata @@ -0,0 +1 @@ +87fa5e15984973ea6125b258edf9ec4bdc8fbf003325e1a8484c7f3a48023bbd nettle-3.8.1.tar.gz diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..378bb0c --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +libnettle8 +libnettle-devel +libhogweed6 diff --git a/libnettle-PowerPC-Implement-Poly1305-single-block-update-based.patch b/libnettle-PowerPC-Implement-Poly1305-single-block-update-based.patch new file mode 100644 index 0000000..995e881 --- /dev/null +++ b/libnettle-PowerPC-Implement-Poly1305-single-block-update-based.patch @@ -0,0 +1,537 @@ +From c4856c14c510afc2800d55deeba2a4537943906f Mon Sep 17 00:00:00 2001 +From: Maamoun TK +Date: Sun, 29 May 2022 03:34:44 +0200 +Subject: [PATCH 0929/1000] [PowerPC] Implement Poly1305 single block update + based on radix 2^64 + +--- + Makefile.in | 2 +- + configure.ac | 15 +- + fat-ppc.c | 54 ++++++ + fat-setup.h | 6 + + poly1305-internal.c | 22 +++ + powerpc64/fat/poly1305-internal-2.asm | 39 +++++ + powerpc64/p9/poly1305-internal.asm | 238 ++++++++++++++++++++++++++ + 7 files changed, 373 insertions(+), 3 deletions(-) + create mode 100644 powerpc64/fat/poly1305-internal-2.asm + create mode 100644 powerpc64/p9/poly1305-internal.asm + +diff --git a/Makefile.in b/Makefile.in +index 65911e2a..11c88114 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -607,7 +607,7 @@ distdir: $(DISTFILES) + x86_64 x86_64/aesni x86_64/sha_ni x86_64/pclmul x86_64/fat \ + arm arm/neon arm/v6 arm/fat \ + arm64 arm64/crypto arm64/fat \ +- powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/fat \ ++ powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/p9 powerpc64/fat \ + s390x s390x/vf s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 s390x/fat ; do \ + mkdir "$(distdir)/$$d" ; \ + find "$(srcdir)/$$d" -maxdepth 1 '(' -name '*.asm' -o -name '*.m4' -o -name README ')' \ +diff --git a/configure.ac b/configure.ac +index 73c6fc21..b68b9e23 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -105,6 +105,10 @@ AC_ARG_ENABLE(power-altivec, + AC_HELP_STRING([--enable-power-altivec], [Enable POWER altivec and vsx extensions. (default=no)]),, + [enable_altivec=no]) + ++AC_ARG_ENABLE(power9, ++ AC_HELP_STRING([--enable-power9], [Enable POWER ISA v3.0. (default=no)]),, ++ [enable_power9=no]) ++ + AC_ARG_ENABLE(s390x-vf, + AC_HELP_STRING([--enable-s390x-vf], [Enable vector facility on z/Architecture. (default=no)]),, + [enable_s390x_vf=no]) +@@ -539,9 +543,12 @@ if test "x$enable_assembler" = xyes ; then + if test "x$enable_fat" = xyes ; then + asm_path="powerpc64/fat $asm_path" + OPT_NETTLE_SOURCES="fat-ppc.c $OPT_NETTLE_SOURCES" +- FAT_TEST_LIST="none crypto_ext altivec" ++ FAT_TEST_LIST="none crypto_ext altivec power9" + else +- if test "$enable_power_crypto_ext" = yes ; then ++ if test "$enable_power9" = yes ; then ++ asm_path="powerpc64/p9 $asm_path" ++ fi ++ if test "$enable_power_crypto_ext" = yes ; then + asm_path="powerpc64/p8 $asm_path" + fi + if test "$enable_power_altivec" = yes ; then +@@ -605,6 +612,7 @@ asm_nettle_optional_list="cpuid.asm cpu-facility.asm \ + aes256-encrypt-2.asm aes256-decrypt-2.asm \ + cbc-aes128-encrypt-2.asm cbc-aes192-encrypt-2.asm cbc-aes256-encrypt-2.asm \ + chacha-2core.asm chacha-3core.asm chacha-4core.asm chacha-core-internal-2.asm \ ++ poly1305-internal-2.asm \ + ghash-set-key-2.asm ghash-update-2.asm \ + salsa20-2core.asm salsa20-core-internal-2.asm \ + sha1-compress-2.asm sha256-compress-2.asm \ +@@ -751,6 +759,9 @@ AH_VERBATIM([HAVE_NATIVE], + #undef HAVE_NATIVE_ecc_secp384r1_redc + #undef HAVE_NATIVE_ecc_secp521r1_modp + #undef HAVE_NATIVE_ecc_secp521r1_redc ++#undef HAVE_NATIVE_poly1305_set_key ++#undef HAVE_NATIVE_poly1305_block ++#undef HAVE_NATIVE_poly1305_digest + #undef HAVE_NATIVE_ghash_set_key + #undef HAVE_NATIVE_ghash_update + #undef HAVE_NATIVE_salsa20_core +diff --git a/fat-ppc.c b/fat-ppc.c +index bf622cf5..7569e44d 100644 +--- a/fat-ppc.c ++++ b/fat-ppc.c +@@ -65,6 +65,7 @@ + #include "aes-internal.h" + #include "chacha-internal.h" + #include "ghash-internal.h" ++#include "poly1305.h" + #include "fat-setup.h" + + /* Defines from arch/powerpc/include/uapi/asm/cputable.h in Linux kernel */ +@@ -77,11 +78,15 @@ + #ifndef PPC_FEATURE2_VEC_CRYPTO + #define PPC_FEATURE2_VEC_CRYPTO 0x02000000 + #endif ++#ifndef PPC_FEATURE2_ARCH_3_00 ++#define PPC_FEATURE2_ARCH_3_00 0x00800000 ++#endif + + struct ppc_features + { + int have_crypto_ext; + int have_altivec; ++ int have_power9; + }; + + #define MATCH(s, slen, literal, llen) \ +@@ -93,6 +98,7 @@ get_ppc_features (struct ppc_features *features) + const char *s; + features->have_crypto_ext = 0; + features->have_altivec = 0; ++ features->have_power9 = 0; + + s = secure_getenv (ENV_OVERRIDE); + if (s) +@@ -105,6 +111,8 @@ get_ppc_features (struct ppc_features *features) + features->have_crypto_ext = 1; + else if (MATCH(s, length, "altivec", 7)) + features->have_altivec = 1; ++ else if (MATCH(s, length, "power9", 6)) ++ features->have_power9 = 1; + if (!sep) + break; + s = sep + 1; +@@ -136,6 +144,9 @@ get_ppc_features (struct ppc_features *features) + features->have_crypto_ext + = ((hwcap2 & PPC_FEATURE2_VEC_CRYPTO) == PPC_FEATURE2_VEC_CRYPTO); + ++ features->have_power9 ++ = ((hwcap2 & PPC_FEATURE2_ARCH_3_00) == PPC_FEATURE2_ARCH_3_00); ++ + /* We also need VSX instructions, mainly for load and store. */ + features->have_altivec + = ((hwcap & (PPC_FEATURE_HAS_ALTIVEC | PPC_FEATURE_HAS_VSX)) +@@ -172,6 +183,18 @@ DECLARE_FAT_FUNC(nettle_chacha_crypt32, chacha_crypt_func) + DECLARE_FAT_FUNC_VAR(chacha_crypt32, chacha_crypt_func, 1core) + DECLARE_FAT_FUNC_VAR(chacha_crypt32, chacha_crypt_func, 3core) + ++DECLARE_FAT_FUNC(_nettle_poly1305_set_key, poly1305_set_key_func) ++DECLARE_FAT_FUNC_VAR(poly1305_set_key, poly1305_set_key_func, c) ++DECLARE_FAT_FUNC_VAR(poly1305_set_key, poly1305_set_key_func, ppc64) ++ ++DECLARE_FAT_FUNC(_nettle_poly1305_block, poly1305_block_func) ++DECLARE_FAT_FUNC_VAR(poly1305_block, poly1305_block_func, c) ++DECLARE_FAT_FUNC_VAR(poly1305_block, poly1305_block_func, ppc64) ++ ++DECLARE_FAT_FUNC(_nettle_poly1305_digest, poly1305_digest_func) ++DECLARE_FAT_FUNC_VAR(poly1305_digest, poly1305_digest_func, c) ++DECLARE_FAT_FUNC_VAR(poly1305_digest, poly1305_digest_func, ppc64) ++ + static void CONSTRUCTOR + fat_init (void) + { +@@ -220,6 +243,21 @@ fat_init (void) + nettle_chacha_crypt_vec = _nettle_chacha_crypt_1core; + nettle_chacha_crypt32_vec = _nettle_chacha_crypt32_1core; + } ++ ++ if (features.have_power9) ++ { ++ if (verbose) ++ fprintf (stderr, "libnettle: enabling arch 3.00 code.\n"); ++ _nettle_poly1305_set_key_vec = _nettle_poly1305_set_key_ppc64; ++ _nettle_poly1305_block_vec = _nettle_poly1305_block_ppc64; ++ _nettle_poly1305_digest_vec = _nettle_poly1305_digest_ppc64; ++ } ++ else ++ { ++ _nettle_poly1305_set_key_vec = _nettle_poly1305_set_key_c; ++ _nettle_poly1305_block_vec = _nettle_poly1305_block_c; ++ _nettle_poly1305_digest_vec = _nettle_poly1305_digest_c; ++ } + } + + DEFINE_FAT_FUNC(_nettle_aes_encrypt, void, +@@ -261,3 +299,19 @@ DEFINE_FAT_FUNC(nettle_chacha_crypt32, void, + uint8_t *dst, + const uint8_t *src), + (ctx, length, dst, src)) ++ ++DEFINE_FAT_FUNC(_nettle_poly1305_set_key, void, ++ (struct poly1305_ctx *ctx, ++ const uint8_t *key), ++ (ctx, key)) ++ ++DEFINE_FAT_FUNC(_nettle_poly1305_block, void, ++ (struct poly1305_ctx *ctx, ++ const uint8_t *m, ++ unsigned high), ++ (ctx, m, high)) ++ ++DEFINE_FAT_FUNC(_nettle_poly1305_digest, void, ++ (struct poly1305_ctx *ctx, ++ union nettle_block16 *s), ++ (ctx, s)) +diff --git a/fat-setup.h b/fat-setup.h +index e77cce02..ad3c10f0 100644 +--- a/fat-setup.h ++++ b/fat-setup.h +@@ -196,6 +196,12 @@ typedef void chacha_crypt_func(struct chacha_ctx *ctx, + uint8_t *dst, + const uint8_t *src); + ++struct poly1305_ctx; ++typedef void poly1305_set_key_func(struct poly1305_ctx *ctx, const uint8_t *key); ++typedef void poly1305_digest_func(struct poly1305_ctx *ctx, union nettle_block16 *s); ++typedef void poly1305_block_func(struct poly1305_ctx *ctx, const uint8_t *m, ++ unsigned high); ++ + struct aes128_ctx; + typedef void aes128_set_key_func (struct aes128_ctx *ctx, const uint8_t *key); + typedef void aes128_invert_key_func (struct aes128_ctx *dst, const struct aes128_ctx *src); +diff --git a/poly1305-internal.c b/poly1305-internal.c +index 490fdf71..380b934e 100644 +--- a/poly1305-internal.c ++++ b/poly1305-internal.c +@@ -85,6 +85,28 @@ + #define h3 h.h32[3] + #define h4 hh + ++/* For fat builds */ ++#if HAVE_NATIVE_poly1305_set_key ++void ++_nettle_poly1305_set_key_c(struct poly1305_ctx *ctx, ++ const uint8_t key[16]); ++# define _nettle_poly1305_set_key _nettle_poly1305_set_key_c ++#endif ++ ++#if HAVE_NATIVE_poly1305_block ++void ++_nettle_poly1305_block_c(struct poly1305_ctx *ctx, const uint8_t *m, ++ unsigned t4); ++# define _nettle_poly1305_block _nettle_poly1305_block_c ++#endif ++ ++#if HAVE_NATIVE_poly1305_digest ++void ++_nettle_poly1305_digest_c(struct poly1305_ctx *ctx, ++ union nettle_block16 *s); ++# define _nettle_poly1305_digest _nettle_poly1305_digest_c ++#endif ++ + void + _nettle_poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16]) + { +diff --git a/powerpc64/fat/poly1305-internal-2.asm b/powerpc64/fat/poly1305-internal-2.asm +new file mode 100644 +index 00000000..177a4563 +--- /dev/null ++++ b/powerpc64/fat/poly1305-internal-2.asm +@@ -0,0 +1,39 @@ ++C powerpc64/fat/poly1305-internal-2.asm ++ ++ifelse(` ++ Copyright (C) 2022 Mamone Tarsha ++ ++ This file is part of GNU Nettle. ++ ++ GNU Nettle is free software: you can redistribute it and/or ++ modify it under the terms of either: ++ ++ * the GNU Lesser General Public License as published by the Free ++ Software Foundation; either version 3 of the License, or (at your ++ option) any later version. ++ ++ or ++ ++ * the GNU General Public License as published by the Free ++ Software Foundation; either version 2 of the License, or (at your ++ option) any later version. ++ ++ or both in parallel, as here. ++ ++ GNU Nettle is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received copies of the GNU General Public License and ++ the GNU Lesser General Public License along with this program. If ++ not, see http://www.gnu.org/licenses/. ++') ++ ++dnl picked up by configure ++dnl PROLOGUE(_nettle_poly1305_set_key) ++dnl PROLOGUE(_nettle_poly1305_block) ++dnl PROLOGUE(_nettle_poly1305_digest) ++ ++define(`fat_transform', `$1_ppc64') ++include_src(`powerpc64/p9/poly1305-internal.asm') +diff --git a/powerpc64/p9/poly1305-internal.asm b/powerpc64/p9/poly1305-internal.asm +new file mode 100644 +index 00000000..238d6397 +--- /dev/null ++++ b/powerpc64/p9/poly1305-internal.asm +@@ -0,0 +1,238 @@ ++C powerpc64/p9/poly1305-internal.asm ++ ++ifelse(` ++ Copyright (C) 2013, 2022 Niels Möller ++ Copyright (C) 2022 Mamone Tarsha ++ This file is part of GNU Nettle. ++ ++ GNU Nettle is free software: you can redistribute it and/or ++ modify it under the terms of either: ++ ++ * the GNU Lesser General Public License as published by the Free ++ Software Foundation; either version 3 of the License, or (at your ++ option) any later version. ++ ++ or ++ ++ * the GNU General Public License as published by the Free ++ Software Foundation; either version 2 of the License, or (at your ++ option) any later version. ++ ++ or both in parallel, as here. ++ ++ GNU Nettle is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received copies of the GNU General Public License and ++ the GNU Lesser General Public License along with this program. If ++ not, see http://www.gnu.org/licenses/. ++') ++ ++C Register usage: ++ ++define(`SP', `r1') ++define(`TOCP', `r2') ++ ++C Argments ++define(`CTX', `r3') ++define(`M', `r4') ++define(`M128', `r5') ++ ++C Working state ++define(`H0', `r6') ++define(`H1', `r7') ++define(`H2', `r8') ++define(`T0', `r9') ++define(`T1', `r10') ++define(`T2', `r8') ++define(`T2A', `r9') ++define(`T2S', `r10') ++define(`IDX', `r6') ++define(`RZ', `r7') ++ ++define(`ZERO', `v0') ++define(`F0', `v1') ++define(`F1', `v2') ++define(`F0S', `v3') ++define(`T', `v4') ++ ++define(`R', `v5') ++define(`S', `v6') ++ ++define(`T00', `v7') ++define(`T10', `v8') ++define(`T11', `v9') ++define(`MU0', `v10') ++define(`MU1', `v11') ++define(`TMP', `v12') ++ ++.text ++ ++C _poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16]) ++define(`FUNC_ALIGN', `5') ++PROLOGUE(_nettle_poly1305_set_key) ++ li r9, 0 ++ addis r5, TOCP, .key_mask@got@ha ++ ld r5, .key_mask@got@l(r5) ++ ld r8, 0(r5) ++ ori r7, r8, 3 ++ ++ C Load R_0 and R_1 ++IF_LE(` ++ ld r5, 0(r4) ++ ld r6, 8(r4) ++') ++IF_BE(` ++ ldbrx r5, 0, r4 ++ addi r4, r4, 8 ++ ldbrx r6, 0, r4 ++') ++ and r5, r5, r7 C R_0 &= 0x0FFFFFFC0FFFFFFF ++ and r6, r6, r8 C R_1 &= 0x0FFFFFFC0FFFFFFC ++ ++ srdi r10, r6, 2 ++ sldi r7, r5, 2 ++ sldi r8, r10, 2 ++ add r7, r7, r5 ++ add r8, r8, r10 ++ ++ C Store key ++ std r5, 0(r3) ++ std r6, 8(r3) ++ std r7, 16(r3) ++ std r8, 24(r3) ++ C Reset state ++ std r9, 32(r3) ++ std r9, 40(r3) ++ std r9, 48(r3) ++ ++ blr ++EPILOGUE(_nettle_poly1305_set_key) ++ ++C void _nettle_poly1305_block(struct poly1305_ctx *ctx, const uint8_t *m, unsigned m128) ++define(`FUNC_ALIGN', `5') ++PROLOGUE(_nettle_poly1305_block) ++ ld H0, 32(CTX) ++ ld H1, 40(CTX) ++ ld H2, 48(CTX) ++IF_LE(` ++ ld T0, 0(M) ++ ld T1, 8(M) ++') ++IF_BE(` ++ ldbrx T0, 0, M ++ addi M, M, 8 ++ ldbrx T0, 0, M ++') ++ ++ addc T0, T0, H0 ++ adde T1, T1, H1 ++ adde T2, M128, H2 ++ ++ mtvsrdd VSR(T), T0, T1 ++ ++ li IDX, 16 ++ lxvd2x VSR(R), 0, CTX ++ lxvd2x VSR(S), IDX, CTX ++ ++ andi. T2A, T2, 3 ++ srdi T2S, T2, 2 ++ ++ li RZ, 0 ++ vxor ZERO, ZERO, ZERO ++ ++ xxpermdi VSR(MU0), VSR(R), VSR(S), 0b01 ++ xxswapd VSR(MU1), VSR(R) ++ ++ mtvsrdd VSR(T11), 0, T2A ++ mtvsrdd VSR(T00), T2S, RZ ++ mtvsrdd VSR(T10), 0, T2 ++ ++ vmsumudm F0, T, MU0, ZERO ++ vmsumudm F1, T, MU1, ZERO ++ vmsumudm TMP, T11, MU1, ZERO ++ ++ vmsumudm F0, T00, S, F0 ++ vmsumudm F1, T10, MU0, F1 ++ ++ xxmrgld VSR(TMP), VSR(TMP), VSR(ZERO) ++ xxswapd VSR(F0S), VSR(F0) ++ vadduqm F1, F1, TMP ++ stxsd F0S, 32(CTX) ++ ++ li IDX, 40 ++ xxmrghd VSR(F0), VSR(ZERO), VSR(F0) ++ vadduqm F1, F1, F0 ++ xxswapd VSR(F1), VSR(F1) ++ stxvd2x VSR(F1), IDX, CTX ++ ++ blr ++EPILOGUE(_nettle_poly1305_block) ++ ++C _poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s) ++define(`FUNC_ALIGN', `5') ++PROLOGUE(_nettle_poly1305_digest) ++ C Load current state ++ ld r5, 32(r3) ++ ld r6, 40(r3) ++ ld r7, 48(r3) ++ ++ C Fold high part of H2 ++ li r10, 0 ++ srdi r9, r7, 2 ++ sldi r8, r9, 2 ++ add r8, r8, r9 ++ andi. r7, r7, 3 ++ addc r5, r5, r8 ++ adde r6, r6, r10 ++ adde r7, r7, r10 ++ ++ C Add 5 to state, save result if it carries ++ li r8, 5 ++ li r9, 0 ++ li r10, -4 ++ addc r8, r8, r5 ++ adde r9, r9, r6 ++ adde. r10, r10, r7 ++ iseleq r5, r8, r5 ++ iseleq r6, r9, r6 ++ ++ C Load digest ++IF_LE(` ++ ld r7, 0(r4) ++ ld r8, 8(r4) ++') ++IF_BE(` ++ li r10, 8 ++ ldbrx r7, 0, r4 ++ ldbrx r8, r10, r4 ++') ++ ++ C Add hash to digest ++ addc r5, r5, r7 ++ adde r6, r6, r8 ++ ++ C Store digest ++IF_LE(` ++ std r5, 0(r4) ++ std r6, 8(r4) ++') ++IF_BE(` ++ stdbrx r5, 0, r4 ++ stdbrx r6, r10, r4 ++') ++ C Reset hash ++ li r9, 0 ++ std r9, 32(r3) ++ std r9, 40(r3) ++ std r9, 48(r3) ++ ++ blr ++EPILOGUE(_nettle_poly1305_digest) ++ ++.data ++.align 3 ++.key_mask: ++.quad 0x0FFFFFFC0FFFFFFC +-- +2.38.0 + diff --git a/libnettle-PowerPC-Use-defined-structure-constants-of-P1305-in.patch b/libnettle-PowerPC-Use-defined-structure-constants-of-P1305-in.patch new file mode 100644 index 0000000..27e8322 --- /dev/null +++ b/libnettle-PowerPC-Use-defined-structure-constants-of-P1305-in.patch @@ -0,0 +1,105 @@ +From 8c3c21180a9eadba6f946a193556832d1cdb6efa Mon Sep 17 00:00:00 2001 +From: Maamoun TK +Date: Sat, 6 Aug 2022 05:09:55 +0000 +Subject: [PATCH 0957/1000] [PowerPC] Use defined structure constants of P1305 + in asm.m4 + +--- + powerpc64/p9/poly1305-internal.asm | 40 +++++++++++++++--------------- + 1 file changed, 20 insertions(+), 20 deletions(-) + +diff --git a/powerpc64/p9/poly1305-internal.asm b/powerpc64/p9/poly1305-internal.asm +index 238d6397..a082fed2 100644 +--- a/powerpc64/p9/poly1305-internal.asm ++++ b/powerpc64/p9/poly1305-internal.asm +@@ -99,14 +99,14 @@ IF_BE(` + add r8, r8, r10 + + C Store key +- std r5, 0(r3) +- std r6, 8(r3) +- std r7, 16(r3) +- std r8, 24(r3) ++ std r5, P1305_R0 (r3) ++ std r6, P1305_R1 (r3) ++ std r7, P1305_S0 (r3) ++ std r8, P1305_S1 (r3) + C Reset state +- std r9, 32(r3) +- std r9, 40(r3) +- std r9, 48(r3) ++ std r9, P1305_H0 (r3) ++ std r9, P1305_H1 (r3) ++ std r9, P1305_H2 (r3) + + blr + EPILOGUE(_nettle_poly1305_set_key) +@@ -114,9 +114,9 @@ EPILOGUE(_nettle_poly1305_set_key) + C void _nettle_poly1305_block(struct poly1305_ctx *ctx, const uint8_t *m, unsigned m128) + define(`FUNC_ALIGN', `5') + PROLOGUE(_nettle_poly1305_block) +- ld H0, 32(CTX) +- ld H1, 40(CTX) +- ld H2, 48(CTX) ++ ld H0, P1305_H0 (CTX) ++ ld H1, P1305_H1 (CTX) ++ ld H2, P1305_H2 (CTX) + IF_LE(` + ld T0, 0(M) + ld T1, 8(M) +@@ -133,7 +133,7 @@ IF_BE(` + + mtvsrdd VSR(T), T0, T1 + +- li IDX, 16 ++ li IDX, P1305_S0 + lxvd2x VSR(R), 0, CTX + lxvd2x VSR(S), IDX, CTX + +@@ -160,9 +160,9 @@ IF_BE(` + xxmrgld VSR(TMP), VSR(TMP), VSR(ZERO) + xxswapd VSR(F0S), VSR(F0) + vadduqm F1, F1, TMP +- stxsd F0S, 32(CTX) ++ stxsd F0S, P1305_H0 (CTX) + +- li IDX, 40 ++ li IDX, P1305_H1 + xxmrghd VSR(F0), VSR(ZERO), VSR(F0) + vadduqm F1, F1, F0 + xxswapd VSR(F1), VSR(F1) +@@ -175,9 +175,9 @@ C _poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s) + define(`FUNC_ALIGN', `5') + PROLOGUE(_nettle_poly1305_digest) + C Load current state +- ld r5, 32(r3) +- ld r6, 40(r3) +- ld r7, 48(r3) ++ ld r5, P1305_H0 (r3) ++ ld r6, P1305_H1 (r3) ++ ld r7, P1305_H2 (r3) + + C Fold high part of H2 + li r10, 0 +@@ -225,14 +225,14 @@ IF_BE(` + ') + C Reset hash + li r9, 0 +- std r9, 32(r3) +- std r9, 40(r3) +- std r9, 48(r3) ++ std r9, P1305_H0 (r3) ++ std r9, P1305_H1 (r3) ++ std r9, P1305_H2 (r3) + + blr + EPILOGUE(_nettle_poly1305_digest) + +-.data ++.rodata + .align 3 + .key_mask: + .quad 0x0FFFFFFC0FFFFFFC +-- +2.38.0 + diff --git a/libnettle-Workaround-for-qemu-bug-affecting-the-ppc-intruction.patch b/libnettle-Workaround-for-qemu-bug-affecting-the-ppc-intruction.patch new file mode 100644 index 0000000..bd060a4 --- /dev/null +++ b/libnettle-Workaround-for-qemu-bug-affecting-the-ppc-intruction.patch @@ -0,0 +1,46 @@ +From d618864183ccfdcd0d1b5443111fbaf9a5934517 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Niels=20M=C3=B6ller?= +Date: Sun, 14 Aug 2022 20:53:10 +0200 +Subject: [PATCH 0960/1000] Workaround for qemu bug affecting the ppc + intruction vmsumudm + +Introduce overriding environment variable NETTLE_FAT_DISABLE_POWER9 +that disables use of power9 code. This makes poly1305 tests under qemu +pass. See https://gitlab.com/qemu-project/qemu/-/issues/1156. +--- + .gitlab-ci.yml | 4 ++-- + fat-ppc.c | 5 +++++ + fat-setup.h | 1 + + 3 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/fat-ppc.c b/fat-ppc.c +index 7569e44d..b0412e5a 100644 +--- a/fat-ppc.c ++++ b/fat-ppc.c +@@ -153,6 +153,11 @@ get_ppc_features (struct ppc_features *features) + == (PPC_FEATURE_HAS_ALTIVEC | PPC_FEATURE_HAS_VSX)); + #endif + } ++ /* NETTLE_FAT_DISABLE_POWER9 can be set to disable code that fails ++ in qemu, due to ++ https://gitlab.com/qemu-project/qemu/-/issues/1156. */ ++ if (secure_getenv (ENV_DISABLE_POWER9)) ++ features->have_power9 = 0; + } + + DECLARE_FAT_FUNC(_nettle_aes_encrypt, aes_crypt_internal_func) +diff --git a/fat-setup.h b/fat-setup.h +index ad3c10f0..a35b8b8c 100644 +--- a/fat-setup.h ++++ b/fat-setup.h +@@ -92,6 +92,7 @@ + + #define ENV_VERBOSE "NETTLE_FAT_VERBOSE" + #define ENV_OVERRIDE "NETTLE_FAT_OVERRIDE" ++#define ENV_DISABLE_POWER9 "NETTLE_FAT_DISABLE_POWER9" + + struct chacha_ctx; + struct salsa20_ctx; +-- +2.38.0 + diff --git a/libnettle-rpmlintrc b/libnettle-rpmlintrc new file mode 100644 index 0000000..7403087 --- /dev/null +++ b/libnettle-rpmlintrc @@ -0,0 +1,2 @@ +addFilter("libnettle.* hidden-file-or-dir .*hmac") +addFilter("libhogweed.* hidden-file-or-dir .*hmac") diff --git a/libnettle.changes b/libnettle.changes new file mode 100644 index 0000000..f4cd7e3 --- /dev/null +++ b/libnettle.changes @@ -0,0 +1,451 @@ +* Fri Oct 21 2022 pmonreal@suse.com +- POWER10 performance enhancements for cryptography [jsc#PED-546] + * Backport the P0 performance enhancements. + * Add patches: + - libnettle-PowerPC-Implement-Poly1305-single-block-update-based.patch + - libnettle-PowerPC-Use-defined-structure-constants-of-P1305-in.patch + - libnettle-Workaround-for-qemu-bug-affecting-the-ppc-intruction.patch +* Thu Jul 28 2022 dmueller@suse.com +- update to 3.8.1: + * Avoid non-posix m4 argument references in the chacha + implementation for arm64, powerpc64 and s390x. Reported by + Christian Weisgerber, fix contributed by Mamone Tarsha. + * Use explicit .machine pseudo-ops where needed in s390x + assembly files. Bug report by Andreas K. Huettel, fix + contributed by Mamone Tarsha. +* Mon Jul 11 2022 dmueller@suse.com +- update to 3.8: + This release includes a couple of new features, and many + performance improvements. It adds assembly code for two more + architectures: ARM64 and S390x. + The new version is intended to be fully source and binary + compatible with Nettle-3.6. The shared library names are + libnettle.so.8.5 and libhogweed.so.6.5, with sonames + libnettle.so.8 and libhogweed.so.6. + New features: + * AES keywrap (RFC 3394), contributed by Nicolas Mora. + * SM3 hash function, contributed by Tianjia Zhang. + * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, + cbc_aes256_encrypt. + On processors where AES is fast enough, e.g., x86_64 with + aesni instructions, the overhead of using Nettle's general + cbc_encrypt can be significant. The new functions can be + implemented in assembly, to do multiple blocks with reduced + per-block overhead. + Note that there's no corresponding new decrypt functions, + since the general cbc_decrypt doesn't suffer from the same + performance problem. + Bug fixes: + * Fix fat builds for x86_64 windows, these appear to never + have worked. + Optimizations: + * New ARM64 implementation of AES, GCM, Chacha, SHA1 and + SHA256, for processors supporting crypto extensions. Great + speedups, and fat builds are supported. Contributed by + Mamone Tarsha. + * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, + SHA256, SHA512 and SHA3. Great speedups, and fat builds are + supported. Contributed by Mamone Tarsha. + * New PPC64 assembly for ecc modulo/redc operations, + contributed by Amitay Isaacs, Martin Schwenke and Alastair + D´Silva. + * The x86_64 AES implementation using aesni instructions has + been reorganized with one separate function per key size, + each interleaving the processing of two blocks at a time + (when the caller processes multiple blocks with each call). + This gives a modest performance improvement on some + processors. + * Rewritten and faster x86_64 poly1305 assembly. +- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8) +* Wed Jun 15 2022 gmbr3@opensuse.org +- Make shared libraries executable +* Mon Aug 30 2021 pmonreal@suse.com +- Provide s390x CPACF/SHA/AES Support for Crypto Libraries + * Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733] +* Wed Jul 21 2021 pmonreal@suse.com +- Update to 3.7.3 in SLE-15-SP4: [SLE-19765, jsc#SLE-18132] + - Add libnettle-rpmlintrc + - Remove patches upstream: + * libnettle-CVE-2021-20305.patch + * libnettle-CVE-2021-3580-rsa_decrypt.patch + * libnettle-CVE-2021-3580-rsa_sec.patch + * nettle-respect-cflags.patch +* Thu Jun 10 2021 pmonreal@suse.com +- Security fix: [CVE-2021-3580, bsc#1187060] + * Remote crash in RSA decryption via manipulated ciphertext +- Add patches: + * libnettle-CVE-2021-3580-rsa_sec.patch + * libnettle-CVE-2021-3580-rsa_decrypt.patch +* Wed Jun 9 2021 info@paolostivanin.com +- GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060] + * Fix crash for zero input to rsa_sec_decrypt and + rsa_decrypt_tr. Potential denial of service vector. + * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return + failure for out of range inputs, instead of either crashing, + or silently reducing input modulo n. Potential denial of + service vector. + * Ensure that rsa_decrypt returns failure for out of range + inputs, instead of silently reducing input modulo n. + * Ensure that rsa_sec_decrypt returns failure if the message + size is too large for the given key. Unlike the other bugs, + this would typically be triggered by invalid local + configuration, rather than by processing untrusted remote + data. +* Mon Apr 19 2021 pmonreal@suse.com +- Security fix: [bsc#1184401, CVE-2021-20305] + * multiply function being called with out-of-range scalars + * Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash(). +- Add libnettle-CVE-2021-20305.patch +* Sun Mar 21 2021 andreas.stieger@gmx.de +- GNU Nettle 3.7.2: + * fix a bug in ECDSA signature verification that could lead to a + denial of service attack (via an assertion failure) or possibly + incorrect results (CVE-2021-20305, boo#1184401) + * fix a few related problems where scalars are required to be + canonically reduced modulo the ECC group order, but in fact may + be slightly larger +* Thu Feb 18 2021 andreas.stieger@gmx.de +- GNU Nettle 3.7.1: + * Fix bug in chacha counter update logic (ppc64 and ppc64el) + * Restore support for big-endian ARM platforms + * Fix corner case bug in ECDSA verify, it would produce incorrect + result in the unlikely case of an all-zero message hash + * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 + * Remove poorly performing ARM Neon code for doing single-block + Salsa20 and Chacha +* Mon Jan 4 2021 andreas.stieger@gmx.de +- GNU Nettle 3.7: + * add bcrypt password hashing + * add optimizations: PowerPC64 assembly +- remove deprecated texinfo packaing macros +* Sun May 10 2020 andreas.stieger@gmx.de +- GNU Nettle 3.6: + * removal of internal and undocumented poly1305 functions + * Support for Curve448 and ED448 signatures + * Support for SHAKE256, SIV-CMAC, CMAC64, "CryptoPro" variant of + the GOST hash (as gosthash94cp), GOST DSA signatures, including + GOST curves gc256b and gc512a + * Support for Intel CET in x86 and x86_64 assembly files, if + enabled via CFLAGS (gcc --fcf-protection=full) + * A few new functions to improve support for the Chacha + variant with 96-bit nonce and 32-bit block counter (the + existing functions use nonce and counter of 64-bit each), + and functions to set the counter. + * New interface, struct nettle_mac, for MAC (message + authentication code) algorithms. This abstraction is only + for MACs that don't require a per-message nonce. For HMAC, + the key size is fixed, and equal the digest size of the + underlying hash function + * multiple bug fixes +- drop nettle-respect-cflags.patch +- silence packaging warning raised by HMAC files + (bsc#1152692, jsc#SLE-9518) +* Tue Oct 1 2019 vcizek@suse.com +- Install checksums for binary integrity verification which are + required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) +* Thu Aug 1 2019 andreas.stieger@gmx.de +- update to 3.5.1: + * correct upstream source packaging problems +- new in 3.5: + * gcm_crypt will now call the underlying block cipher to process + more than one block at a time + * Support for CFB8 (Cipher Feedback Mode, processing a single + octet per block cipher operation) + * Support for CMAC (RFC 4493) + * Support for XTS mode + * various improvements +* Sun Mar 17 2019 jsikes@suse.de +- Update to 3.4.1 - FATE#327114 (bsc#1129598) + * Fix CVE-2018-16869 (bsc#1118086) + libnettle-CVE-2018-16869-3.4.patch (removed) + All functions using RSA private keys are now side-channel + silent, meaning that they try hard to avoid any branches or + memory accesses depending on secret data. This applies both to + the bignum calculations, which now use GMP's mpn_sec_* family + of functions, and the processing of PKCS#1 padding needed for + RSA decryption. + * Changes in behavior: + The functions rsa_decrypt and rsa_decrypt_tr may now clobber + all of the provided message buffer, independent of the + actual message length. They are side-channel silent, in that + branches and memory accesses don't depend on the validity or + length of the message. Side-channel leakage from the + caller's use of length and return value may still provide an + oracle useable for a Bleichenbacher-style chosen ciphertext + attack. Which is why the new function rsa_sec_decrypt is + recommended. + * New features: + A new function rsa_sec_decrypt. + * Bug fixes: + - Fix bug in pkcs1-conv, missing break statements in the + parsing of PEM input files. + - Fix link error on the pss-mgf1-test test, affecting builds + without public key support. +* Fri Dec 14 2018 pmonrealgonzalez@suse.com +- Security fix: [bsc#1118086, CVE-2018-16869] + * Leaky data conversion exposing a manager oracle + * Added libnettle-CVE-2018-16869-3.4.patch +* Thu Dec 6 2018 jengelh@inai.de +- Adjust SRPM group. +* Tue Dec 4 2018 pmonrealgonzalez@suse.com +- libnettle 3.4.1rc1: [bsc#1118086, CVE-2018-16869] + * pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around + _pkcs1_sec_decrypt_variable. Improves side-channel silence of the + only caller, rsa_decrypt. + * rsa-sec-compute-root.c (sec_mul, sec_mod_mul, sec_powm): New + local helper functions, with their own itch functions. + (_rsa_sec_compute_root_itch, _rsa_sec_compute_root): Rewrote to + use helpers, for clarity. + * rsa-decrypt-tr.c (rsa_decrypt_tr): Use NETTLE_OCTET_SIZE_TO_LIMB_SIZE. + * rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to + mpz_sizeinbase, since that potentially leaks most significant bits + of private key parameters a and b. + * rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use + _rsa_sec_compute_root. + * testsuite/rsa-sec-compute-root-test.c: Add more tests for new + side-channel silent functions. + * rsa-sign.c (rsa_private_key_prepare): Check that qn + cn >= pn, + since that is required for one of the GMP calls in + _rsa_sec_compute_root. + * rsa-decrypt-tr.c: Switch to use side-channel silent functions. + * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt_variable): New private + function. Variable size version for backwards compatibility. + * testsuite/rsa-sec-decrypt-test.c: Adds more tests. + * rsa-sec-decrypt.c (rsa_sec_decrypt): New function. + Fixed length side-channel silent version of rsa-decrypt. + * testsuite/rsa-encrypt-test.c: add tests for the new fucntion. + * testsuite/pkcs1-sec-decrypt-test.c: Adds tests for _pkcs1_sec_decrypt. + * gmp-glue.c (mpn_get_base256): New function. + * pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): New private function. + Fixed length side-channel silent version of pkcs1-decrypt. + * cnd-memcpy.c (cnd_memcpy): New function. + * testsuite/cnd-memcpy-test.c: New test case. + * rsa-sign-tr.c (rsa_sec_compute_root_tr): New function that uses + _rsa_sec_compute_root, as well as side-channel silent RSA blinding. + (rsa_compute_root_tr) Rewritten as a wrapper around rsa_sec_compute_root_tr. + (rsa_sec_blind, rsa_sec_unblind, sec_equal, rsa_sec_check_root) + (cnd_mpn_zero): New helper functions. + (rsa_sec_compute_root_tr) [NETTLE_USE_MINI_GMP]: Defined as a not + side-channel silent wrapper around rsa_compute_root_tr, and the + latter function left unchanged. + * rsa-sec-compute-root.c (_rsa_sec_compute_root_itch) + (_rsa_sec_compute_root): New file, new private functions. + Side-channel silent version of rsa_compute_root. + * rsa-internal.h: New header file with declarations. + * gmp-glue.h (NETTLE_OCTET_SIZE_TO_LIMB_SIZE): New macro. + * tools/pkcs1-conv.c (convert_file): Add missing break statements. + * nettle-internal.c (des_set_key_wrapper, des3_set_key_wrapper) + (blowfish128_set_key_wrapper): Wrapper functions, to avoid cast + between incompatible function types (which gcc-8 warns about). + Wrappers are expected to compile to a single jmp instruction. + * des-compat.c (des_compat_des3_decrypt): Change length argument type to size_t. +* Thu Feb 22 2018 fvogt@suse.com +- Use %%license (boo#1082318) +* Sun Nov 19 2017 astieger@suse.com +- libnettle 3.4: + * Fixed an improper use of GMP mpn_mul, breaking curve2559 and + eddsa on certain platforms + * Fixed memory leak when handling invalid signatures in + ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos. + * Reorganized the way certain data items are made available: + Nettle header files now define the symbols + nettle_hashes, nettle_ciphers, and nettle_aeads, as + preprocessor macros invoking a corresponding accessor + function. For backwards ABI compatibility, the symbols are + still present in the compiled libraries, and with the same + sizes as in nettle-3.3. + * Support for RSA-PSS signatures + * Support for the HKDF key derivation function, defined by RFC + 5869 + * Support for the Cipher Feedback Mode (CFB) + * New accessor functions: nettle_get_hashes, + nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1, + nettle_get_secp_224r1, nettle_get_secp_256r1, + nettle_get_secp_384r1, nettle_get_secp_521r1. + Direct access to data items is deprecated going forward. + * The base16 and base64 functions now use the type char * for + ascii data, rather than uint8_t *. This eliminates the last + pointer-signedness warnings when building Nettle + * The contents of the header file nettle/version.h is now + architecture independent, except in --enable-mini-gmp + * Prevent data sizes from leaking into the ABI +- Fixes previously carried as patches: + * Fix compilation error with --enable-fat om ARM + Drop nettle-3.3-fix-fat-arm.patch +* Mon Sep 4 2017 asn@cryptomilk.org +- Add patch to fix build of fat-arm: + * nettle-3.3-fix-fat-arm.patch +* Sun Sep 3 2017 asn@cryptomilk.org +- Build nettle with AES-NI support (bsc#1056980) +* Thu Feb 9 2017 dimstar@opensuse.org +- Explicitly BuildRequire m4 +* Fri Oct 28 2016 astieger@suse.com +- libnettle 3.3: + * Invalid private RSA keys, with an even modulo, are now + rejected by rsa_private_key_prepare. (Earlier versions + allowed such keys, even if results of using them were bogus). + Nettle applications are required to call + rsa_private_key_prepare and check the return value, before + using any other RSA private key functions; failing to do so + may result in crashes for invalid private keys. + * Ignore bit 255 of the x coordinate of the input point to + curve25519_mul, as required by RFC 7748. To differentiate at + compile time, curve25519.h defines the constant + NETTLE_CURVE25519_RFC7748. + * RSA and DSA now use side-channel silent modular + exponentiation, to defend against attacks on the private key + from evil processes sharing the same processor cache. This + attack scenario is of particular relevance when running an + HTTPS server on a virtual machine, where you don't know who + you share the cache hardware with. + bsc#991464 CVE-2016-6489 + * Fix sexp-conv crashes on invalid input + * Fix out-of-bounds read in des_weak_p + * Fix a couple of formally undefined shift operations + * Fix compilation with c89 + * New function memeql_sec, for side-channel silent comparison + of two memory areas. + * Building the public key support of nettle now requires GMP + version 5.0 or later (unless --enable-mini-gmp is used). +* Tue Feb 23 2016 tchvatal@suse.com +- Fix postun->preun on info packages regenerating +* Thu Jan 28 2016 tchvatal@suse.com +- Version update to 3.2 release bnc#964849 CVE-2015-8805 bnc#964847 + CVE-2015-8804 bnc#964845 CVE-2015-8803: + * New functions for RSA private key operations, identified by + the "_tr" suffix, with better resistance to side channel + attacks and to hardware or software failures which could + break the CRT optimization + * SHA3 implementation is updated according to the FIPS 202 standard + * New ARM Neon implementation of the chacha stream cipher + * Should be compatible binary with 3.1 series +- Add patch to fix build with cflags: + * nettle-respect-cflags.patch +* Mon Jun 22 2015 tchvatal@suse.com +- Remove off-by-one-test-suite.patch as it was fixed by upstream + differently +* Sun Apr 26 2015 astieger@suse.com +- nettle 3.1.1 + Non-critical bugfix release, binary compatible to 3.1 + * By accident, nettle-3.1 disabled the assembly code for the + secp_224r1 and secp_521r1 elliptic curves on all x86_64 + configurations, making signature operations on those curves + 10%%-30%% slower. This code is now re-enabled. + * The x86_64 assembly implementation of gcm hashing has been + fixed to work with the Sun/Oracle assembler. +* Thu Apr 23 2015 vpereira@suse.com + added patch: off-by-one-test-suite.patch +- Address Sanitizer, found a off-by-one error in the test suite (bnc#928328) +* Sat Apr 11 2015 astieger@suse.com +- nettle 3.1 (libnettle6, libhogweed4) +- bug fixes in 3.1: + * Fixed a missing include of , which made the camellia + implementation fail on all 64-bit non-x86 platforms. + * Eliminate out-of-bounds reads in the C implementation of memxor + (related to valgrind's --partial-loads-ok flag). [bso#926745) +- interface changes in 3.1: + * Declarations of many internal functions are moved from ecc.h to + ecc-internal.h. +- interface changes in 3.0: + * contains developer relevant incompatible interface changes +- Removed features: + * nettle_next_prime, use GMP's mpz_nextprime + * Deleted the RSAREF compatibility +- New features in 3.1: + * Support for curve25519 and for EdDSA25519 signatures. + * Support for "fat builds" on x86_64 and arm (not enabled) + * Support for building the hogweed library (public key support) + using "mini-gmp" (not enabled) + * The shared libraries are now built with versioned symbols. + * Support for "URL-safe" base64 encoding and decoding +- New features in 3.0: + * new DSA, AES, Camellia interfaces + * Support for Poly1305-AES MAC. + * Support for the ChaCha stream cipher and EXPERIMENTAL + support for the ChaCha-Poly1305 AEAD mode. + * Support for EAX mode. + * Support for CCM mode. + * Additional variants of SHA512 with output size of 224 and 256 bits + * New interface, struct nettle_aead, for mechanisms providing + authenticated encryption with associated data (AEAD). + * DSA: Support a wider range for the size of q and a wider + range for the digest size. + * New command line tool nettle-pbkdf2. +- Optimizations in 3.1: + * New x86_64 implementation of AES, using the "aesni" instructions +- Optimizations in 3.0: + * New x86_64 assembly for GCM and MD5. Modest speedups on the + order of 10%%-20%%. +* Fri Mar 13 2015 tchvatal@suse.com +- Add url to the spec +* Thu Mar 5 2015 mpluskal@suse.com +- Revert back to 2.7 +* Tue May 13 2014 tchvatal@suse.com +- Cleanup with spec-cleaner +- Paralelize test run +* Thu Dec 19 2013 meissner@suse.com +- also build baselibs for libnettle-devel (for wine 32bit development) +* Tue Jun 25 2013 meissner@suse.com +- Update to version 2.7.1 + * Fixed ecc_modp_mul call, to avoid invalid overlap of arguments to + mpn_mul_n. Problem tracked down by Magnus Holmgren. + * ARM fixes. +- reference gpg signatures and keyring. checking not enabled as to + avoid cycles. +* Thu May 16 2013 idonmez@suse.com +- Update to version 2.7 + * Support for the GOST R 34.11-94 hash algorithm + * Support for SHA3 + * Support for PKCS #5 PBKDF2 + * Fixed a small memory leak in nettle_realloc and + nettle_xrealloc. + * x86_64 assembly for SHA256, SHA512, and SHA3 + * ARM assembly code for several additional algorithms, + including AES, Salsa20, and the SHA family of hash + functions. + * Support for 12-round salsa20, "salsa20r12", as specified by + eSTREAM. + * Support for UMAC, including x86_64 and ARM assembly. + * Support for ECDSA signatures. Elliptic curve operations over + the following curves: secp192r1, secp224r1, secp256r1, + secp384r1 and secp521r1, including x86_64 and ARM assembly + for the most important primitives. +- Depend on makeinfo for info file generation. +- Don't disable static libs, they are needed at build time. +* Sun Nov 25 2012 andreas.stieger@gmx.de +- upgrade to 2.5: + * removed some internal undocumented functions + * pkcs1_signature_prefix renamed to _pkcs1_signature_prefix + with slightly different behavior + * nettle-internal.c is no longer included + * Support for the salsa20 block cipher + * Tentative interface for timing-resistant RSA functions + * A more general interface for PKCS#1 signatures + * Documentation, example programs for the base16 and base64 + * Use an additional table to avoid GF2^8 multiplications in + aes_invert_key (mainly used by aes_set_decrypt_key). Also + tabulate round constants in aes_set_encrypt_key. +- configure --enable-shared now default, no longer required +* Tue Jan 31 2012 jengelh@medozas.de +- Remove redundant tags/sections per specfile guideline suggestions +* Sat Sep 24 2011 crrodriguez@opensuse.org +- BuildRequire pkgconfig to fix rpmlint warning +* Mon Sep 19 2011 crrodriguez@opensuse.org +- Update to version 2.4 only two important changes + * ripemd160 was broken on all big endian machines + * add pkgconfig files +* Mon Aug 29 2011 coolo@novell.com +- use original source +- add baselibs.conf +- drop licenses +* Wed Aug 17 2011 crrodriguez@opensuse.org +- Fix licenses [bnc#712616] +- run make check +* Tue Aug 16 2011 crrodriguez@opensuse.org +- Update to version 2.2, bump sonames accordingly +- Fix build in factory +- Fix -devel package dependencies +- Tune up spec file in order to submit package to factory + as is needed for gnutls version 3.x +* Tue Jan 5 2010 pascal.bleser@opensuse.org +- initial package (2.0) diff --git a/libnettle.keyring b/libnettle.keyring new file mode 100644 index 0000000..33caa8e --- /dev/null +++ b/libnettle.keyring @@ -0,0 +1,37 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQFNBFDrIWMBCgCyyYoTAD/aL6Yl90eSJ1xuFpODTcwyRZsNSUZKSmKwnqXo9LgS +2B00yVZ2nO2OrSmWPiYikTciitv04bAqFaggSstx6hlni6n3h2PL0jXpf9EI6qOO +oKwi2IVtbBnJAhWpfRcAce6WEqvnav6KjuBM3lr8/5GzDV8tm6+X/G/paTnBqTB9 +pBxrH7smB+iRjDt/6ykWkbYLd6uBKzIkAp4HqAZb/aZMvxI28PeWGjZJQYq2nVPf +LroM6Ub/sNlXpv/bmHJusFQjUL368njhZD1+aVLCUfBCCDzvZc3EYt3wBkbmuCiA +xOb9ramHgiVkNENtzXR+sbQHtKRQv/jllY1qxROM2/rWmL+HohdxL5E0VPple2bg +U/zqX0Hg2byb8FbpzPJO5PnBD+1PME3Uirsly4N7XT80OvhXlYe4t+9X0QARAQAB +tCROaWVscyBNw7ZsbGVyIDxuaXNzZUBseXNhdG9yLmxpdS5zZT6JAX4EEwECACgF +AlDrIWMCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPNZn/go +xnKYqm0J/A4b6TE5qPWiWj0kriUBSmpys3qUz93gR6Ft7w2f478KJuzbSadvyn0u +PcnP26AGTOQq75RhtgCJgdYbvRocTjlMh9jOX584Hx8hi/QSrpCSYMnj6dQKbu0Y +QIFjZx8gPeYvzG8t34FCNEzZ09RQZqy/ukRyN99LkwEuP4FWq486b7dpgv7GC+SH +lZcMco6VW8FLOT7KMalH06cmdhFPrFSYAIHDu3CsYhC8knIQV99Xzno/KeSkEwkq +tYDOdz0x4HWdOwHrl2S2X6Ex1q3QRXcq84EYQwHz2WEGaPR7Vd76P5J1wiHN6rwO +4exfgsRyTvc6NDQPTFqmoCzwuPviYk6JNnHr9E5TkLT7lAnESEhMLyyIG/7Uwpgu +5C71IMaTpOpf8DEU9NU/zuxgHoMaKBZaeYKs0S26s1zwGOlQX0T9iEYEEBECAAYF +AlDvuDsACgkQkVrMRaj0wv1SdgCeO+ktq5mAY5lZA3lA/I6hAKIk2s4An0L5XXjR +vdHIxY5HSVNmRnyiIt9nuQFNBFDrIWMBCgDKlONI+5Bqcu69+72fmLZPizzEUsIR +A2Y0w2RE7+uJ5Es9/YTp5PnWANpPT7GS8JJnc6NJJeh6GkMkGGwq5Op7CDsjW9pQ +Z0vAW90XjnyniDa9W0W+m5+X/LPOzh+nis9Zcf17P91tprLCLi+TOOb35xt396pZ ++S+PwuV0dLiIYdVYV3e6LNCV0LjhEqp53TRwTrLTNPQVnt0DPYTh/Kn1x6d5zOS0 +MK4QybKN1WJU6nYIQRXyWKkixjbs++jcgV/juck96Ve0blvn6DfqfpG8YzbmqRCu +fLo683LtlBUZ0c+znrD1nouqX2Eb/CylG8Q8ZUHXimCJ+g6RfH9kOmtVH/208u/n +DofVL/Q0dvAXfU5MX49c7XYy7B2rTlk+4nuNeaHM0aU2Y14+SQy+sR6zydu7eGLd +qjzV0CX/ekgrjQARAQABiQFlBBgBAgAPBQJQ6yFjAhsMBQkSzAMAAAoJEPNZn/go +xnKYGUcJ/j+L0/uzfwCR1aTBZ6FBT9OdNyatVjmz20ahskF3BySmkT1R06K08YOG +J//LPajj0eKqU8WKgxMc7pWi5SG+yMFn2db5HnJDGiSmSjCXW/BzsSt1786LtO0m +0ehatj9kl6JrxQNXazOkRJ2ww13P6/91RBaV6R08BmFTrUco2P6w+djCF4NlnkOL +a7fM6QtNZM+yB+EzaPjSBFjZG52BVWZkcXEVN0cEjPuznuQOmx8Dny7lQikp49Nu +mrbamaxZEilx2Bi9gSbovNaKBuncKi9XboiEiNbAarGxP40Qvlk2AuXWvq+fiBnU +1e1nU2oV7/7nAWH7kj/Vr/JxcBeOpsNDGkW7Yrd3mkJCrhG+jMs1V2qNb9Uhr5ZL +OA40sIz2PHfDrR+gc8THm2p5OvCWEAeukYJ22XTUIt6XoPO0ERYD +=Skk6 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libnettle.spec b/libnettle.spec new file mode 100644 index 0000000..b29b96c --- /dev/null +++ b/libnettle.spec @@ -0,0 +1,164 @@ +# +# spec file for package libnettle +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +%define soname 8 +%define hogweed_soname 6 +Name: libnettle +Version: 3.8.1 +Release: 150500.2.25 +Summary: Cryptographic Library +License: GPL-2.0-or-later AND LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://www.lysator.liu.se/~nisse/nettle/ +Source0: https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz +Source1: https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz.sig +Source2: %{name}.keyring +Source3: baselibs.conf +Source4: %{name}-rpmlintrc +#PATCH-FIX-UPSTREAM jsc#PED-546 POWER10 performance enhancements for cryptography +Patch0: libnettle-PowerPC-Implement-Poly1305-single-block-update-based.patch +Patch1: libnettle-PowerPC-Use-defined-structure-constants-of-P1305-in.patch +Patch2: libnettle-Workaround-for-qemu-bug-affecting-the-ppc-intruction.patch +BuildRequires: autoconf +BuildRequires: fipscheck +BuildRequires: gmp-devel >= 6.1.0 +BuildRequires: m4 +BuildRequires: makeinfo +BuildRequires: pkgconfig + +%description +Nettle is a cryptographic library that is designed to fit easily in more or +less any context: In crypto toolkits for object-oriented languages (C++, +Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. + +%package -n libnettle%{soname} +Summary: Cryptographic Library +License: LGPL-2.1-or-later +Group: System/Libraries + +%description -n libnettle%{soname} +Nettle is a cryptographic library that is designed to fit easily in more or +less any context: In crypto toolkits for object-oriented languages (C++, +Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. + +%package -n libhogweed%{hogweed_soname} +Summary: Cryptographic Library for Public Key Algorithms +License: LGPL-2.1-or-later +Group: System/Libraries + +%description -n libhogweed%{hogweed_soname} +Nettle is a cryptographic library that is designed to fit easily in more or +less any context: In crypto toolkits for object-oriented languages (C++, +Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. + +The libhogweed library contains public key algorithms to use with libnettle. + +%package -n libnettle-devel +Summary: Cryptographic Library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: gmp-devel +Requires: libhogweed%{hogweed_soname} = %{version} +Requires: libnettle%{soname} = %{version} + +%description -n libnettle-devel +Nettle is a cryptographic library that is designed to fit easily in more or +less any context: In crypto toolkits for object-oriented languages (C++, +Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. + +%package -n nettle +Summary: Cryptographic Tools +License: GPL-2.0-or-later AND LGPL-2.1-or-later +Group: Productivity/Security + +%description -n nettle +Nettle is a cryptographic library that is designed to fit easily in more or +less any context: In crypto toolkits for object-oriented languages (C++, +Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. + +This package contains a few command-line tools to perform cryptographic +operations using the nettle library. + +%prep +%autosetup -p1 -n nettle-%{version} + +%build +autoreconf -fiv +%configure \ + --disable-static \ + --enable-shared \ + --enable-fat \ +%ifarch s390x + --enable-s390x-vf \ + --enable-s390x-msa \ +%endif + %{nil} + +%make_build + +%install +%make_install +chmod 0755 %{buildroot}%{_libdir}/libnettle.so.%{soname} +chmod 0755 %{buildroot}%{_libdir}/libhogweed.so.%{hogweed_soname} + +# the hmac hashes: +# +# this is a hack that re-defines the __os_install_post macro +# for a simple reason: the macro strips the binaries and thereby +# invalidates a HMAC that may have been created earlier. +# solution: create the hashes _after_ the macro runs. +# +# this shows up earlier because otherwise the %%expand of +# the macro is too late. +# remark: This is the same as running +# openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' +%{expand:%%global __os_install_post {%__os_install_post +%{_bindir}/fipshmac %{buildroot}%{_libdir}/libnettle.so.%{soname} +%{_bindir}/fipshmac %{buildroot}%{_libdir}/libhogweed.so.%{hogweed_soname} +}} + +%post -n libnettle%{soname} -p /sbin/ldconfig +%postun -n libnettle%{soname} -p /sbin/ldconfig +%post -n libhogweed%{hogweed_soname} -p /sbin/ldconfig +%postun -n libhogweed%{hogweed_soname} -p /sbin/ldconfig + +%check +%make_build check + +%files -n libnettle%{soname} +%license COPYING* +%{_libdir}/libnettle.so.%{soname} +%{_libdir}/libnettle.so.%{soname}.* +%{_libdir}/.libnettle.so.%{soname}.hmac + +%files -n libhogweed%{hogweed_soname} +%license COPYING* +%{_libdir}/libhogweed.so.%{hogweed_soname} +%{_libdir}/libhogweed.so.%{hogweed_soname}.* +%{_libdir}/.libhogweed.so.%{hogweed_soname}.hmac + +%files -n libnettle-devel +%license COPYING* +%doc AUTHORS ChangeLog NEWS README +%{_includedir}/nettle +%{_libdir}/libnettle.so +%{_libdir}/libhogweed.so +%{_infodir}/nettle.info%{?ext_info} +%{_libdir}/pkgconfig/hogweed.pc +%{_libdir}/pkgconfig/nettle.pc + +%files -n nettle +%license COPYING* +%doc AUTHORS ChangeLog NEWS README +%{_bindir}/nettle-lfib-stream +%{_bindir}/nettle-pbkdf2 +%{_bindir}/pkcs1-conv +%{_bindir}/sexp-conv +%{_bindir}/nettle-hash + +%changelog diff --git a/nettle-3.8.1.tar.gz.sig b/nettle-3.8.1.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000..bbb1e65a4084a3c9780b4c29a73174beb15d593a GIT binary patch literal 374 zcmV-+0g3*J0doWZ0SW*e79j*QJTLJ3?q0&}zVn&$S)ceQ#&Vbi0%GBjUjPaT5c64| z_$bD5n3R4B0GChNGekXl9;%lwai}G@x~IOq^w4i0Qzr5J933`o?zewqE$z|Kn`gyS z3zFXo4Ds!BY&-t(F?VC{Z>>d&3@#dytVnFDqgSM=zh(YTt?B?ME?7Z+)aUUG+>eO| zxO(U=Sxf#^Kia)M!bB|c{oMe$Ev{nuI|{sXzS!g+U1g6)zi%uq^#xh*!Az)@kYrzW zXA<+Jc*dcTQ8$eShtF2QibfYY`1-AjN0AG*^Ws=Rz2IE@f75|u*q-B*tFwm|UXZC> zu5NvSQ@NjRYk4an)>7TFrE26EdRUoa-Y277`A>~5upH=HPB@Gj0Aqi1@bZ^dWl-dj zk6ucjwYA!CJxiWfZpx9LGby8UidUJGBM8-_w`}xFsQ2#63?MPKdSur