Catch-up merge main into wwdc25 branch

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,7 +9,7 @@ _[One line description of your change]_
 - [ ] I've updated the documentation if necessary
 
 #### If you've made changes to `gyb` files
-- [ ] I've run `.script/generate_boilerplate_files_with_gyb` and included updated generated files in a commit of this pull request
+- [ ] I've run `./scripts/generate_boilerplate_files_with_gyb.sh` and included updated generated files in a commit of this pull request
 
 ### Motivation:
 
@@ -21,4 +21,4 @@ _[Describe the modifications you've done.]_
 
 ### Result:
 
-_[After your change, what will change.]_
+_[After your change, what will change.]_

.github/workflows/main.yml

@@ -16,11 +16,32 @@ jobs:
       linux_6_1_arguments_override: "--explicit-target-dependency-import-check error"
       linux_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
       linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_6_0_enabled: true
+      windows_6_1_enabled: true
+      windows_nightly_next_enabled: true
+      windows_nightly_main_enabled: true
+      windows_6_0_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_6_1_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
+      windows_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
+
+  release-builds:
+    name: Release builds
+    uses: apple/swift-nio/.github/workflows/release_builds.yml@main
+    with:
+      windows_6_0_enabled: true
+      windows_6_1_enabled: true
+      windows_nightly_next_enabled: true
+      windows_nightly_main_enabled: true
 
   cxx-interop:
     name: Cxx interop
     uses: apple/swift-nio/.github/workflows/cxx_interop.yml@main
 
+  static-sdk:
+    name: Static SDK
+    uses: apple/swift-nio/.github/workflows/static_sdk.yml@main
+
   macos-tests:
     name: macOS tests
     uses: apple/swift-nio/.github/workflows/macos_tests.yml@main

.github/workflows/pull_request.yml

@@ -30,6 +30,15 @@ jobs:
       windows_nightly_next_arguments_override: "--explicit-target-dependency-import-check error"
       windows_nightly_main_arguments_override: "--explicit-target-dependency-import-check error"
 
+  release-builds:
+    name: Release builds
+    uses: apple/swift-nio/.github/workflows/release_builds.yml@main
+    with:
+      windows_6_0_enabled: true
+      windows_6_1_enabled: true
+      windows_nightly_next_enabled: true
+      windows_nightly_main_enabled: true
+
   cxx-interop:
     name: Cxx interop
     uses: apple/swift-nio/.github/workflows/cxx_interop.yml@main
@@ -58,3 +67,7 @@ jobs:
     with:
       runner_pool: general
       build_scheme: swift-crypto-Package
+
+  static-sdk:
+    name: Static SDK
+    uses: apple/swift-nio/.github/workflows/static_sdk.yml@main

.swiftformatignore

@@ -100,7 +100,6 @@ Sources/_CryptoExtras/OPRFs/VOPRFClient.swift
 Sources/_CryptoExtras/OPRFs/VOPRFServer.swift
 Sources/_CryptoExtras/RSA/RSA+BlindSigning.swift
 Sources/_CryptoExtras/RSA/RSA.swift
-Sources/_CryptoExtras/RSA/RSA_security.swift
 Sources/_CryptoExtras/Util/BoringSSLHelpers.swift
 Sources/_CryptoExtras/Util/DigestType.swift
 Sources/_CryptoExtras/Util/Error.swift

Benchmarks/Benchmarks/Benchmarks.swift

@@ -24,6 +24,65 @@ import Foundation
 let benchmarks = {
     let defaultMetrics: [BenchmarkMetric] = [.mallocCountTotal, .cpuTotal]
 
+    Benchmark(
+        "arc-issue-p256",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 3
+        )
+    ) { benchmark in
+        let privateKey = P256._ARCV1.PrivateKey()
+        let publicKey = privateKey.publicKey
+        let requestContext = Data("shared request context".utf8)
+        let precredential = try publicKey.prepareCredentialRequest(requestContext: requestContext)
+        let credentialRequest = precredential.credentialRequest
+
+        benchmark.startMeasurement()
+
+        for _ in benchmark.scaledIterations {
+            blackHole(try privateKey.issue(credentialRequest))
+        }
+    }
+
+    Benchmark(
+        "arc-verify-p256",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        let privateKey = P256._ARCV1.PrivateKey()
+        let publicKey = privateKey.publicKey
+        let requestContext = Data("shared request context".utf8)
+        let (presentationContext, presentationLimit) = (Data("shared presentation context".utf8), 2)
+        let precredential = try publicKey.prepareCredentialRequest(requestContext: requestContext)
+        let credentialRequest = precredential.credentialRequest
+        let credentialResponse = try privateKey.issue(credentialRequest)
+        var credential = try publicKey.finalize(credentialResponse, for: precredential)
+        let (presentation, nonce) = try credential.makePresentation(
+            context: presentationContext,
+            presentationLimit: presentationLimit
+        )
+
+        benchmark.startMeasurement()
+
+        for _ in benchmark.scaledIterations {
+            blackHole(
+                try privateKey.verify(
+                    presentation,
+                    requestContext: requestContext,
+                    presentationContext: presentationContext,
+                    presentationLimit: presentationLimit,
+                    nonce: nonce
+                )
+            )
+        }
+    }
+
     Benchmark(
         "arc-issue-p384",
         configuration: Benchmark.Configuration(
@@ -104,4 +163,49 @@ let benchmarks = {
             blackHole(try privateKey.evaluate(blindedElement))
         }
     }
+
+    Benchmark(
+        "key-exchange-p256",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        for _ in benchmark.scaledIterations {
+            let (key1, key2) = (P256.KeyAgreement.PrivateKey(), P256.KeyAgreement.PrivateKey())
+            blackHole(try key1.sharedSecretFromKeyAgreement(with: key2.publicKey))
+        }
+    }
+
+    Benchmark(
+        "key-exchange-p384",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        for _ in benchmark.scaledIterations {
+            let (key1, key2) = (P384.KeyAgreement.PrivateKey(), P384.KeyAgreement.PrivateKey())
+            blackHole(try key1.sharedSecretFromKeyAgreement(with: key2.publicKey))
+        }
+    }
+
+    Benchmark(
+        "key-exchange-p521",
+        configuration: Benchmark.Configuration(
+            metrics: defaultMetrics,
+            scalingFactor: .kilo,
+            maxDuration: .seconds(10_000_000),
+            maxIterations: 10
+        )
+    ) { benchmark in
+        for _ in benchmark.scaledIterations {
+            let (key1, key2) = (P521.KeyAgreement.PrivateKey(), P521.KeyAgreement.PrivateKey())
+            blackHole(try key1.sharedSecretFromKeyAgreement(with: key2.publicKey))
+        }
+    }
 }

CMakeLists.txt

@@ -14,6 +14,10 @@
 
 cmake_minimum_required(VERSION 3.15.1)
 
+if(POLICY CMP0157)
+  cmake_policy(SET CMP0157 NEW)
+endif()
+
 project(SwiftCrypto
   LANGUAGES ASM C CXX Swift)
 
@@ -47,6 +51,18 @@ if(CMAKE_SYSTEM_NAME STREQUAL Darwin AND NOT CMAKE_CROSSCOMPILING)
   set(CMAKE_RANLIB "/usr/bin/ranlib")
 endif()
 
+set(CMAKE_CXX_STANDARD 17)
+if(CMAKE_SYSTEM_NAME STREQUAL Windows)
+  # We need to ensure that we don't include the min/max macros from the Windows SDK.
+  add_compile_definitions(NOMINMAX)
+  # We can only link against the DLL version of the MSVC runtime library for now.
+  set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreadedDLL")
+  if(CMAKE_Swift_COMPILER_VERSION VERSION_EQUAL 0.0.0 OR CMAKE_Swift_COMPILER_VERSION VERSION_GREATER_EQUAL 6.2)
+    # We need to set the static library prefix to "lib" so that we can link against the static libraries.
+    set(CMAKE_STATIC_LIBRARY_PREFIX_Swift "lib")
+  endif()
+endif()
+
 if(NOT CMAKE_SYSTEM_NAME STREQUAL Darwin)
   find_package(dispatch CONFIG)
   find_package(Foundation CONFIG)

NOTICE.txt

@@ -34,7 +34,7 @@ This product contains test vectors from Google's wycheproof project.
 
 ---
 
-This product contains a derivation of various scripts from SwiftNIO.
+This product contains a derivation of various files from SwiftNIO.
 
   * LICENSE (Apache License 2.0):
     * https://www.apache.org/licenses/LICENSE-2.0

Package.swift

@@ -102,7 +102,6 @@ let package = Package(
             name: "CCryptoBoringSSL",
             exclude: privacyManifestExclude + [
                 "hash.txt",
-                "include/boringssl_prefix_symbols_nasm.inc",
                 "CMakeLists.txt",
                 /*
                  * These files are excluded to support WASI libc which doesn't provide <netdb.h>.

README.md

@@ -1,6 +1,6 @@
 # Swift Crypto
 
-Swift Crypto is an open-source implementation of a substantial portion of the API of [Apple CryptoKit](https://developer.apple.com/documentation/cryptokit) suitable for use on Linux platforms. It enables cross-platform or server applications with the advantages of CryptoKit.
+Swift Crypto is an open-source implementation of a substantial portion of the API of [Apple CryptoKit](https://developer.apple.com/documentation/cryptokit) suitable for use on Linux and ARM64 Windows platforms. It enables cross-platform or server applications with the advantages of CryptoKit.
 
 ## Using Swift Crypto
 
@@ -28,7 +28,7 @@ Swift Crypto compiles in two distinct modes depending on the platform for which
 
 When building Swift Crypto for use on an Apple platform where CryptoKit is already available, Swift Crypto compiles its entire API surface down to nothing and simply re-exports the API of CryptoKit. This means that when using Apple platforms Swift Crypto simply delegates all work to the core implementation of CryptoKit, as though Swift Crypto was not even there.
 
-When building Swift Crypto for use on Linux, Swift Crypto builds substantially more code. In particular, we build:
+When building Swift Crypto for use on Linux or Windows, Swift Crypto builds substantially more code. In particular, we build:
 
 1. A vendored copy of BoringSSL's libcrypto.
 2. The common API of Swift Crypto and CryptoKit.
@@ -129,7 +129,7 @@ What this means for you is that you should depend on Swift Crypto with a version
 In SwiftPM that can be easily done specifying for example `from: "1.0.0"` meaning that you support Swift Crypto in every version starting from 1.0.0 up to (excluding) 2.0.0.
 SemVer and Swift Crypto's Public API guarantees should result in a working program without having to worry about testing every single version for compatibility.
 
-Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the `CryptoKitError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 series of releases.
+Swift Crypto 2.0.0 was released in September 2021. The only breaking change between Swift Crypto 2.0.0 and 1.0.0 was the addition of new cases in the `CryptoError` enumeration. For most users, then, it's safe to depend on either the 1.0.0 _or_ 2.0.0 series of releases.
 
 To do so, please use the following dependency in your `Package.swift`:
 

Sources/CCryptoBoringSSL/CMakeLists.txt

@@ -342,8 +342,27 @@ elseif(CMAKE_SYSTEM_NAME MATCHES "Linux|Android|FreeBSD|OpenBSD" AND CMAKE_SYSTE
     gen/bcm/vpaes-armv8-linux.S
     gen/crypto/chacha-armv8-linux.S
     gen/crypto/chacha20_poly1305_armv8-linux.S)
+elseif(CMAKE_SYSTEM_NAME MATCHES "Windows" AND CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64|amd64|x86_64")
+  target_sources(CCryptoBoringSSL PRIVATE
+)
+elseif(CMAKE_SYSTEM_NAME MATCHES "Windows" AND CMAKE_SYSTEM_PROCESSOR MATCHES "ARM64|arm64|aarch64")
+  target_sources(CCryptoBoringSSL PRIVATE
+    gen/bcm/aesv8-armv8-win.S
+    gen/bcm/aesv8-gcm-armv8-win.S
+    gen/bcm/armv8-mont-win.S
+    gen/bcm/bn-armv8-win.S
+    gen/bcm/ghash-neon-armv8-win.S
+    gen/bcm/ghashv8-armv8-win.S
+    gen/bcm/p256-armv8-asm-win.S
+    gen/bcm/p256_beeu-armv8-asm-win.S
+    gen/bcm/sha1-armv8-win.S
+    gen/bcm/sha256-armv8-win.S
+    gen/bcm/sha512-armv8-win.S
+    gen/bcm/vpaes-armv8-win.S
+    gen/crypto/chacha-armv8-win.S
+    gen/crypto/chacha20_poly1305_armv8-win.S)
 else()
-   message(FATAL_ERROR "platform sources are not defined here")
+   message(FATAL_ERROR "platform sources are not defined here for ${CMAKE_SYSTEM_NAME} on ${CMAKE_SYSTEM_PROCESSOR}")
 endif()
 
 target_include_directories(CCryptoBoringSSL PUBLIC