microsoft
/
SymCrypt
зеркало из https://github.com/microsoft/SymCrypt.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merged PR 6315721: OACR fixups 

+ Resolves all issues flagged by runoacr in symcrypt\lib
  + Leaves some oacr issues in test code
+ Also includes some unrelated fixes to typos etc.

Related work items: #35052770
This commit is contained in:
Samuel Lee 2021-08-04 15:18:36 +00:00
Родитель c747d20d3d
Коммит 0e232d4392
66 изменённых файлов: 806 добавлений и 927 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

155
inc/symcrypt.h
Просмотреть файл

@ -187,7 +187,12 @@ extern "C" {
// occur at once (e.g. multiple invalid parameters) the exact error symbol returned
// could change between versions of the library.
//
typedef enum {
#ifndef _Return_type_success_
#define _Return_type_success_(expr)
#endif
typedef _Return_type_success_( return == SYMCRYPT_NO_ERROR ) enum {
SYMCRYPT_NO_ERROR = 0,
SYMCRYPT_UNUSED = SYMCRYPT_API_VERSION << 5, // This value changes all the time!
SYMCRYPT_WRONG_KEY_SIZE,
@ -863,7 +868,6 @@ SymCryptMd2StateExport(
_In_ PCSYMCRYPT_MD2_STATE pState,
_Out_writes_bytes_( SYMCRYPT_MD2_STATE_EXPORT_SIZE ) PBYTE pbBlob );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMd2StateImport(
@ -927,7 +931,6 @@ SymCryptMd4StateExport(
_In_ PCSYMCRYPT_MD4_STATE pState,
_Out_writes_bytes_( SYMCRYPT_MD4_STATE_EXPORT_SIZE ) PBYTE pbBlob );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMd4StateImport(
@ -991,7 +994,6 @@ SymCryptMd5StateExport(
_In_ PCSYMCRYPT_MD5_STATE pState,
_Out_writes_bytes_( SYMCRYPT_MD5_STATE_EXPORT_SIZE ) PBYTE pbBlob );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMd5StateImport(
@ -1065,7 +1067,6 @@ SymCryptSha1StateExport(
_In_ PCSYMCRYPT_SHA1_STATE pState,
_Out_writes_bytes_( SYMCRYPT_SHA1_STATE_EXPORT_SIZE ) PBYTE pbBlob );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha1StateImport(
@ -1131,7 +1132,6 @@ SymCryptSha256StateExport(
_In_ PCSYMCRYPT_SHA256_STATE pState,
_Out_writes_bytes_( SYMCRYPT_SHA256_STATE_EXPORT_SIZE ) PBYTE pbBlob );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha256StateImport(
@ -1197,7 +1197,6 @@ SymCryptSha384StateExport(
_In_ PCSYMCRYPT_SHA384_STATE pState,
_Out_writes_bytes_( SYMCRYPT_SHA384_STATE_EXPORT_SIZE ) PBYTE pbBlob );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha384StateImport(
@ -1263,7 +1262,6 @@ SymCryptSha512StateExport(
_In_ PCSYMCRYPT_SHA512_STATE pState,
_Out_writes_bytes_( SYMCRYPT_SHA512_STATE_EXPORT_SIZE ) PBYTE pbBlob );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha512StateImport(
@ -1653,7 +1651,6 @@ SymCryptParallelSha512Selftest();
#define SYMCRYPT_HMAC_MD5_RESULT_SIZE SYMCRYPT_MD5_RESULT_SIZE
#define SYMCRYPT_HMAC_MD5_INPUT_BLOCK_SIZE SYMCRYPT_MD5_INPUT_BLOCK_SIZE
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHmacMd5ExpandKey(
@ -1719,7 +1716,6 @@ extern const PCSYMCRYPT_MAC SymCryptHmacMd5Algorithm;
#define SYMCRYPT_HMAC_SHA1_RESULT_SIZE SYMCRYPT_SHA1_RESULT_SIZE
#define SYMCRYPT_HMAC_SHA1_INPUT_BLOCK_SIZE SYMCRYPT_SHA1_INPUT_BLOCK_SIZE
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHmacSha1ExpandKey(
@ -1785,7 +1781,6 @@ extern const PCSYMCRYPT_MAC SymCryptHmacSha1Algorithm;
#define SYMCRYPT_HMAC_SHA256_RESULT_SIZE SYMCRYPT_SHA256_RESULT_SIZE
#define SYMCRYPT_HMAC_SHA256_INPUT_BLOCK_SIZE SYMCRYPT_SHA256_INPUT_BLOCK_SIZE
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHmacSha256ExpandKey(
@ -1850,7 +1845,6 @@ extern const PCSYMCRYPT_MAC SymCryptHmacSha256Algorithm;
#define SYMCRYPT_HMAC_SHA384_RESULT_SIZE SYMCRYPT_SHA384_RESULT_SIZE
#define SYMCRYPT_HMAC_SHA384_INPUT_BLOCK_SIZE SYMCRYPT_SHA384_INPUT_BLOCK_SIZE
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHmacSha384ExpandKey(
@ -1915,7 +1909,6 @@ extern const PCSYMCRYPT_MAC SymCryptHmacSha384Algorithm;
#define SYMCRYPT_HMAC_SHA512_RESULT_SIZE SYMCRYPT_SHA512_RESULT_SIZE
#define SYMCRYPT_HMAC_SHA512_INPUT_BLOCK_SIZE SYMCRYPT_SHA512_INPUT_BLOCK_SIZE
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHmacSha512ExpandKey(
@ -1982,7 +1975,6 @@ extern const PCSYMCRYPT_MAC SymCryptHmacSha512Algorithm;
#define SYMCRYPT_AES_CMAC_RESULT_SIZE (16)
#define SYMCRYPT_AES_CMAC_INPUT_BLOCK_SIZE (16)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptAesCmacExpandKey(
@ -2110,7 +2102,6 @@ SymCryptPoly1305Selftest();
// are not supported.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptChaCha20Poly1305Encrypt(
@ -2126,7 +2117,6 @@ SymCryptChaCha20Poly1305Encrypt(
_Out_writes_( cbTag ) PBYTE pbTag,
SIZE_T cbTag ); // Required. Tag size MUST be 16 bytes.
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptChaCha20Poly1305Decrypt(
@ -2186,7 +2176,6 @@ SymCryptChaCha20Poly1305Selftest();
#define SYMCRYPT_MARVIN32_SEED_SIZE (8)
#define SYMCRYPT_MARVIN32_INPUT_BLOCK_SIZE (4)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMarvin32ExpandSeed(
@ -2445,7 +2434,6 @@ SymCryptMarvin32Selftest();
#define SYMCRYPT_AES_BLOCK_SIZE (16)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptAesExpandKey(
@ -2458,7 +2446,6 @@ SymCryptAesExpandKey(
// for AES encryption operations. There are no safeguards when you use it for decryption; you get the wrong
// result if you try.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptAesExpandKeyEncryptOnly(
@ -2577,7 +2564,6 @@ extern const PCSYMCRYPT_BLOCKCIPHER SymCryptAesBlockCipher;
#define SYMCRYPT_DES_BLOCK_SIZE (8)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDesExpandKey(
@ -2633,7 +2619,6 @@ extern const PCSYMCRYPT_BLOCKCIPHER SymCryptDesBlockCipher;
#define SYMCRYPT_3DES_BLOCK_SIZE (8)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCrypt3DesExpandKey(
@ -2694,7 +2679,6 @@ extern const PCSYMCRYPT_BLOCKCIPHER SymCrypt3DesBlockCipher;
#define SYMCRYPT_DESX_BLOCK_SIZE (8)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDesxExpandKey(
@ -2738,7 +2722,6 @@ extern const PCSYMCRYPT_BLOCKCIPHER SymCryptDesxBlockCipher;
#define SYMCRYPT_RC2_BLOCK_SIZE (8)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRc2ExpandKey(
@ -2752,7 +2735,6 @@ SymCryptRc2ExpandKey(
// our choice provides slightly better mixing of the key bytes into the expanded key.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRc2ExpandKeyEx(
@ -3103,7 +3085,6 @@ SymCryptPaddingPkcs7Remove(
// CCM
////////////////////////////
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCcmValidateParameters(
@ -3157,7 +3138,6 @@ SymCryptCcmEncrypt(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCcmDecrypt(
@ -3238,7 +3218,6 @@ SymCryptCcmDecryptPart(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCcmDecryptFinal(
@ -3266,7 +3245,6 @@ SymCryptCcmSelftest();
// GMAC is just GCM with an empty data string; all the data is put in the pbAuthData buffer.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptGcmValidateParameters(
@ -3285,7 +3263,6 @@ SymCryptGcmValidateParameters(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptGcmExpandKey(
@ -3340,7 +3317,6 @@ SymCryptGcmEncrypt(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptGcmDecrypt(
@ -3437,7 +3413,6 @@ SymCryptGcmDecryptPart(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptGcmDecryptFinal(
@ -3473,7 +3448,6 @@ SymCryptGcmSelftest();
// through information leakage via the memory caching system of the CPU.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRc4Init(
@ -3516,7 +3490,6 @@ SymCryptRc4Selftest();
// to use.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptChaCha20Init(
@ -3595,7 +3568,6 @@ SymCryptChaCha20Selftest();
// - iterationCnt is set to 1.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptPbkdf2ExpandKey(
@ -3604,7 +3576,6 @@ SymCryptPbkdf2ExpandKey(
_In_reads_(cbKey) PCBYTE pbKey,
SIZE_T cbKey );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptPbkdf2Derive(
@ -3615,7 +3586,6 @@ SymCryptPbkdf2Derive(
_Out_writes_(cbResult) PBYTE pbResult,
SIZE_T cbResult);
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptPbkdf2(
@ -3657,7 +3627,6 @@ SymCryptPbkdf2_HmacSha256SelfTest();
// - pbContext/cbContext = generic parameter
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSp800_108ExpandKey(
@ -3666,7 +3635,6 @@ SymCryptSp800_108ExpandKey(
_In_reads_(cbKey) PCBYTE pbKey,
SIZE_T cbKey );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSp800_108Derive(
@ -3678,7 +3646,6 @@ SymCryptSp800_108Derive(
_Out_writes_(cbResult) PBYTE pbResult,
SIZE_T cbResult);
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSp800_108(
@ -3717,7 +3684,6 @@ SymCryptSp800_108_HmacSha256SelfTest();
//
// Version 1.0/1.1
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_1ExpandKey(
@ -3725,7 +3691,6 @@ SymCryptTlsPrf1_1ExpandKey(
_In_reads_(cbKey) PCBYTE pbKey,
SIZE_T cbKey);
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_1Derive(
@ -3737,7 +3702,6 @@ SymCryptTlsPrf1_1Derive(
_Out_writes_(cbResult) PBYTE pbResult,
SIZE_T cbResult);
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_1(
@ -3757,7 +3721,6 @@ SymCryptTlsPrf1_1SelfTest();
//
// Version 1.2
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_2ExpandKey(
@ -3766,7 +3729,6 @@ SymCryptTlsPrf1_2ExpandKey(
_In_reads_(cbKey) PCBYTE pbKey,
SIZE_T cbKey);
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_2Derive(
@ -3778,7 +3740,6 @@ SymCryptTlsPrf1_2Derive(
_Out_writes_(cbResult) PBYTE pbResult,
SIZE_T cbResult);
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_2(
@ -3816,7 +3777,6 @@ SymCryptTlsPrf1_2SelfTest();
// "HKDF-Expand" function.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdfExpandKey(
@ -3827,7 +3787,6 @@ SymCryptHkdfExpandKey(
_In_reads_opt_(cbSalt) PCBYTE pbSalt,
SIZE_T cbSalt );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdfPrkExpandKey(
@ -3836,7 +3795,6 @@ SymCryptHkdfPrkExpandKey(
_In_reads_(cbPrk) PCBYTE pbPrk,
SIZE_T cbPrk );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdfDerive(
@ -3846,7 +3804,6 @@ SymCryptHkdfDerive(
_Out_writes_(cbResult) PBYTE pbResult,
SIZE_T cbResult);
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdf(
@ -3885,7 +3842,6 @@ SymCryptHkdfSelfTest();
#define SYMCRYPT_RNG_AES_MIN_RESEED_SIZE (32)
#define SYMCRYPT_RNG_AES_MAX_SEED_SIZE (64)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRngAesInstantiate(
@ -3938,7 +3894,6 @@ SymCryptRngAesGenerate(
// If the caller were to succeed, the 2^48'th call will result in a fatal error.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRngAesReseed(
@ -4004,7 +3959,6 @@ SymCryptRngAesGenerateSelftest();
// These functions are functionally equivalent to the ones for AES-CTR_DRBG.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRngAesFips140_2Instantiate(
@ -4021,7 +3975,6 @@ SymCryptRngAesFips140_2Generate(
_Out_writes_(cbRandom) PBYTE pbRandom,
SIZE_T cbRandom );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRngAesFips140_2Reseed(
@ -4082,7 +4035,6 @@ SymCryptProvideEntropy(
// The RdRand instruction reseeds its internal DRBG every 8 kB (or faster)
#define SYMCRYPT_RDRAND_RESEED_SIZE (1<<13)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdrandStatus();
@ -4093,7 +4045,6 @@ SymCryptRdrandStatus();
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdrandGetBytes(
@ -4138,7 +4089,6 @@ SymCryptRdrandGet(
#if SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_AMD64
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdseedStatus();
@ -4149,7 +4099,6 @@ SymCryptRdseedStatus();
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdseedGetBytes(
@ -4185,7 +4134,6 @@ SymCryptRdseedGet(
// AES-XTS
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptXtsAesExpandKey(
@ -4384,7 +4332,6 @@ SymCryptCallbackFree( VOID * pMem );
// from the SymCrypt API are freed with SymCryptFree* functions, not this function.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SYMCRYPT_WEAK_SYMBOL
@ -5088,7 +5035,6 @@ SymCryptRsakeyGetNumberOfPrimes( _In_ PCSYMCRYPT_RSAKEY pkRsakey );
// Returns the number of primes stored in the key.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeyGenerate(
@ -5107,7 +5053,6 @@ SymCryptRsakeyGenerate(
// Flags: none currently defined
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeySetValue(
@ -5115,8 +5060,8 @@ SymCryptRsakeySetValue(
SIZE_T cbModulus,
_In_reads_( nPubExp ) PCUINT64 pu64PubExp,
UINT32 nPubExp,
_In_ PCBYTE * ppPrimes,
_In_ SIZE_T * pcbPrimes,
_In_reads_( nPrimes ) PCBYTE * ppPrimes,
_In_reads_( nPrimes ) SIZE_T * pcbPrimes,
UINT32 nPrimes,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags,
@ -5147,17 +5092,16 @@ SymCryptRsakeySetValue(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeyGetValue(
_In_ PCSYMCRYPT_RSAKEY pkRsakey,
_Out_writes_bytes_( cbModulus ) PBYTE pbModulus,
SIZE_T cbModulus,
_Out_writes_( nPubExp ) PUINT64 pu64PubExp,
_Out_writes_opt_( nPubExp ) PUINT64 pu64PubExp,
UINT32 nPubExp,
_Out_opt_ PBYTE * ppPrimes,
_In_opt_ SIZE_T * pcbPrimes,
_Out_writes_opt_( nPrimes ) PBYTE * ppPrimes,
_In_reads_opt_( nPrimes ) SIZE_T * pcbPrimes,
UINT32 nPrimes,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags );
@ -5173,28 +5117,25 @@ SymCryptRsakeyGetValue(
// - All parameters are stored in the same format specified by numFormat.
// - ppPrimes, pcbPrimes, and nPrimes can be NULL, NULL, and 0 respectively, when
// exporting a public key.
// - Currently, the only acceptable value of nPubExps is 1.
// - Currently, the only acceptable value of nPubExp is 1 or 0.
// - Currently, the only acceptable value of nPrimes is 2 or 0.
// We use separate sizes for each prime. This supports the tight encoding
// used by CNG export blobs, and uses the same format as RsakeySetValue
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeyGetCrtValue(
_In_ PCSYMCRYPT_RSAKEY pkRsakey,
_Out_ PBYTE * ppCrtExponents,
_In_ SIZE_T * pcbCrtExponents,
UINT32 nCrtExponents,
_Out_writes_bytes_(cbCrtCoefficient)
PBYTE pbCrtCoefficient,
SIZE_T cbCrtCoefficient,
_Out_writes_bytes_(cbPrivateExponent)
PBYTE pbPrivateExponent,
SIZE_T cbPrivateExponent,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags);
_In_ PCSYMCRYPT_RSAKEY pkRsakey,
_Out_writes_(nCrtExponents) PBYTE * ppCrtExponents,
_In_reads_(nCrtExponents) SIZE_T * pcbCrtExponents,
UINT32 nCrtExponents,
_Out_writes_bytes_(cbCrtCoefficient) PBYTE pbCrtCoefficient,
SIZE_T cbCrtCoefficient,
_Out_writes_bytes_(cbPrivateExponent) PBYTE pbPrivateExponent,
SIZE_T cbPrivateExponent,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags);
//
// Export Crt key material from an RSAKEY object. The arguments are the following:
// ppCrtExponents is an array of nCrtExponent pointers that point to byte buffers
@ -5213,7 +5154,6 @@ SymCryptRsakeyGetCrtValue(
#define SYMCRYPT_DLGROUP_FIPS_LATEST (SYMCRYPT_DLGROUP_FIPS_186_3)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupGenerate(
@ -5263,7 +5203,6 @@ SymCryptDlgroupGenerate(
// return SYMCRYPT_INVALID_ARGUMENT.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupSetValueSafePrime(
@ -5318,7 +5257,6 @@ SymCryptDlgroupGetSizes(
// *pcbSeed will be 0.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupSetValue(
@ -5366,7 +5304,6 @@ SymCryptDlgroupSetValue(
// - Primes P and (when provided) Q must represent prime numbers.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupGetValue(
@ -5443,7 +5380,6 @@ SymCryptDlkeyHasPrivateKey( _In_ PCSYMCRYPT_DLKEY pkDlkey );
// Returns TRUE if the pkDlkey object has a private key set.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlkeyGenerate(
@ -5470,7 +5406,6 @@ SymCryptDlkeyGenerate(
// returned, as Private key range validation requires the default generation behavior
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlkeySetValue(
@ -5493,7 +5428,6 @@ SymCryptDlkeySetValue(
// Described in the key validation flag definitions above.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlkeyGetValue(
@ -5649,7 +5583,6 @@ SymCryptEckeyHasPrivateKey( _In_ PCSYMCRYPT_ECKEY pkEckey );
// Returns TRUE if the pkEckey object has a private key set.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEckeySetValue(
@ -5700,7 +5633,6 @@ SymCryptEckeySetValue(
// Described in the key validation flag definitions above.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEckeySetRandom(
@ -5725,7 +5657,6 @@ SymCryptEckeySetRandom(
// affecting the results.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEckeyGetValue(
@ -5776,7 +5707,6 @@ SymCryptEckeyGetValue(
// RSA Encryption Algorithms
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaRawEncrypt(
@ -5804,7 +5734,6 @@ SymCryptRsaRawEncrypt(
// None
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaRawDecrypt(
@ -5833,7 +5762,6 @@ SymCryptRsaRawDecrypt(
// None
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Encrypt(
@ -5846,7 +5774,7 @@ SymCryptRsaPkcs1Encrypt(
SIZE_T cbDst,
_Out_ SIZE_T *pcbDst );
//
// This function encrypts the buffer pbSrc under the pkRsakey key using RSA PKSC1 v1.5.
// This function encrypts the buffer pbSrc under the pkRsakey key using RSA PKCS1 v1.5.
// The output is stored in the pbDst buffer and the number of bytes written in *pcbDst.
//
// If pbDst == NULL then only the *pcbDst is output.
@ -5857,7 +5785,6 @@ SymCryptRsaPkcs1Encrypt(
// None
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Decrypt(
@ -5888,7 +5815,6 @@ SymCryptRsaPkcs1Decrypt(
// None
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepEncrypt(
@ -5915,7 +5841,6 @@ SymCryptRsaOaepEncrypt(
// None
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepDecrypt(
@ -5986,7 +5911,6 @@ extern const SYMCRYPT_OID SymCryptSha512OidList[SYMCRYPT_SHA512_OID_COUNT];
// SYMCRYPT_FLAG_RSA_PKCS1_NO_ASN1: For RSA PKCS1 to not use the OID on signing or verifying.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Sign(
@ -6016,7 +5940,6 @@ SymCryptRsaPkcs1Sign(
// SYMCRYPT_FLAG_RSA_PKCS1_NO_ASN1
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Verify(
@ -6026,7 +5949,7 @@ SymCryptRsaPkcs1Verify(
_In_reads_bytes_( cbSignature ) PCBYTE pbSignature,
SIZE_T cbSignature,
SYMCRYPT_NUMBER_FORMAT nfSignature,
_In_reads_opt_(nOIDCount) PCSYMCRYPT_OID pHashOID,
_In_reads_opt_( nOIDCount ) PCSYMCRYPT_OID pHashOID,
_In_ SIZE_T nOIDCount,
UINT32 flags );
//
@ -6049,7 +5972,6 @@ SymCryptRsaPkcs1Verify(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssSign(
@ -6086,7 +6008,6 @@ SymCryptRsaPssSign(
// None
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssVerify(
@ -6130,7 +6051,6 @@ SymCryptRsaSelftest( );
// DSA
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDsaSign(
@ -6152,7 +6072,6 @@ SymCryptDsaSign(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDsaVerify(
@ -6188,12 +6107,12 @@ SymCryptDsaSelftest( );
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDhSecretAgreement(
_In_ PCSYMCRYPT_DLKEY pkPrivate,
_In_ PCSYMCRYPT_DLKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_ PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret );
_In_ PCSYMCRYPT_DLKEY pkPrivate,
_In_ PCSYMCRYPT_DLKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_writes_( cbAgreedSecret ) PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret );
//
// Calculates the agreed secret of a DH key exchange and stores it
// in the pbAgreedSecret buffer under the specified number format.
@ -6224,7 +6143,6 @@ SymCryptDhSecretAgreementSelftest();
// ECDSA
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaSign(
@ -6246,7 +6164,6 @@ SymCryptEcDsaSign(
// not be truncated.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaVerify(
@ -6283,12 +6200,12 @@ SymCryptEcDsaSelftest( );
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDhSecretAgreement(
_In_ PCSYMCRYPT_ECKEY pkPrivate,
_In_ PCSYMCRYPT_ECKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_ PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret );
_In_ PCSYMCRYPT_ECKEY pkPrivate,
_In_ PCSYMCRYPT_ECKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_writes_( cbAgreedSecret ) PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret );
//
// Calculates the agreed secret of a DH key exchange and stores it

102
inc/symcrypt_internal.h
Просмотреть файл

@ -434,37 +434,37 @@ SymCryptCpuFeaturesNeverPresent();
#if SYMCRYPT_MS_VC // Microsoft VC++ Compiler
#if SYMCRYPT_CPU_ARM || SYMCRYPT_CPU_ARM64
#define SYMCRYPT_INTERNAL_FORCE_READ8( _p ) ( __iso_volatile_load8( (const volatile char*)(_p) ) )
#define SYMCRYPT_INTERNAL_FORCE_READ16( _p ) ( __iso_volatile_load16( (const volatile short*)(_p) ) )
#define SYMCRYPT_INTERNAL_FORCE_READ32( _p ) ( __iso_volatile_load32( (const volatile int*)(_p) ) )
#define SYMCRYPT_INTERNAL_FORCE_READ64( _p ) ( __iso_volatile_load64( (const volatile __int64*)(_p) ) )
#if SYMCRYPT_CPU_ARM || SYMCRYPT_CPU_ARM64
#define SYMCRYPT_INTERNAL_FORCE_READ8( _p ) ( __iso_volatile_load8( (const volatile char*)(_p) ) )
#define SYMCRYPT_INTERNAL_FORCE_READ16( _p ) ( __iso_volatile_load16( (const volatile short*)(_p) ) )
#define SYMCRYPT_INTERNAL_FORCE_READ32( _p ) ( __iso_volatile_load32( (const volatile int*)(_p) ) )
#define SYMCRYPT_INTERNAL_FORCE_READ64( _p ) ( __iso_volatile_load64( (const volatile __int64*)(_p) ) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE8( _p, _v ) ( __iso_volatile_store8( (volatile char*)(_p), (_v) ) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE16( _p, _v ) ( __iso_volatile_store16( (volatile short*)(_p), (_v) ) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE32( _p, _v ) ( __iso_volatile_store32( (volatile int*)(_p), (_v) ) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE64( _p, _v ) ( __iso_volatile_store64( (volatile __int64*)(_p), (_v) ) )
#elif SYMCRYPT_CPU_X86 || SYMCRYPT_CPU_AMD64
#define SYMCRYPT_INTERNAL_FORCE_READ8( _p ) ( *((const volatile BYTE*) (_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ16( _p ) ( *((const volatile UINT16*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ32( _p ) ( *((const volatile UINT32*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ64( _p ) ( *((const volatile UINT64*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE8( _p, _v ) ( __iso_volatile_store8( (volatile char*)(_p), (_v) ) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE16( _p, _v ) ( __iso_volatile_store16( (volatile short*)(_p), (_v) ) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE32( _p, _v ) ( __iso_volatile_store32( (volatile int*)(_p), (_v) ) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE64( _p, _v ) ( __iso_volatile_store64( (volatile __int64*)(_p), (_v) ) )
#elif SYMCRYPT_CPU_X86 || SYMCRYPT_CPU_AMD64
#define SYMCRYPT_INTERNAL_FORCE_READ8( _p ) ( *((const volatile BYTE*) (_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ16( _p ) ( *((const volatile UINT16*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ32( _p ) ( *((const volatile UINT32*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ64( _p ) ( *((const volatile UINT64*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE8( _p, _v ) ( *((volatile BYTE*) (_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE16( _p, _v ) ( *((volatile UINT16*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE32( _p, _v ) ( *((volatile UINT32*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE64( _p, _v ) ( *((volatile UINT64*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE8( _p, _v ) ( *((volatile BYTE*) (_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE16( _p, _v ) ( *((volatile UINT16*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE32( _p, _v ) ( *((volatile UINT32*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE64( _p, _v ) ( *((volatile UINT64*)(_p)) = (_v) )
#else // Temporary workaround for CMake compilation issues on Windows. Assume X86/ADM64.
#define SYMCRYPT_INTERNAL_FORCE_READ8( _p ) ( *((const volatile BYTE*) (_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ16( _p ) ( *((const volatile UINT16*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ32( _p ) ( *((const volatile UINT32*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ64( _p ) ( *((const volatile UINT64*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ8( _p ) ( *((const volatile BYTE*) (_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ16( _p ) ( *((const volatile UINT16*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ32( _p ) ( *((const volatile UINT32*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_READ64( _p ) ( *((const volatile UINT64*)(_p)) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE8( _p, _v ) ( *((volatile BYTE*) (_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE16( _p, _v ) ( *((volatile UINT16*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE32( _p, _v ) ( *((volatile UINT32*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE64( _p, _v ) ( *((volatile UINT64*)(_p)) = (_v) )
#endif
#define SYMCRYPT_INTERNAL_FORCE_WRITE8( _p, _v ) ( *((volatile BYTE*) (_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE16( _p, _v ) ( *((volatile UINT16*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE32( _p, _v ) ( *((volatile UINT32*)(_p)) = (_v) )
#define SYMCRYPT_INTERNAL_FORCE_WRITE64( _p, _v ) ( *((volatile UINT64*)(_p)) = (_v) )
#endif
#elif SYMCRYPT_APPLE_CC || SYMCRYPT_GNUC
@ -1236,18 +1236,18 @@ typedef const SYMCRYPT_RC2_EXPANDED_KEY * PCSYMCRYPT_RC2_EXPANDED_KEY;
#define SYMCRYPT_CCM_BLOCK_SIZE (16)
typedef SYMCRYPT_ALIGN_STRUCT _SYMCRYPT_CCM_STATE {
PCSYMCRYPT_BLOCKCIPHER pBlockCipher;
PCVOID pExpandedKey;
UINT64 cbData; // exact length of data
SIZE_T cbTag;
SIZE_T cbNonce;
SIZE_T cbCounter; // # bytes in counter field
UINT64 bytesProcessed; // data bytes processed so far
SIZE_T bytesInMacBlock;
SYMCRYPT_ALIGN BYTE counterBlock[SYMCRYPT_CCM_BLOCK_SIZE]; // Current counter block value
SYMCRYPT_ALIGN BYTE macBlock[SYMCRYPT_CCM_BLOCK_SIZE]; // Current state of the CBC-MAC part of CCM
SYMCRYPT_ALIGN BYTE keystreamBlock[SYMCRYPT_CCM_BLOCK_SIZE]; // Remaining key stream if partial block has been processed
SYMCRYPT_MAGIC_FIELD
PCSYMCRYPT_BLOCKCIPHER pBlockCipher;
PCVOID pExpandedKey;
UINT64 cbData; // exact length of data
SIZE_T cbTag;
SIZE_T cbNonce;
SIZE_T cbCounter; // # bytes in counter field
UINT64 bytesProcessed; // data bytes processed so far
_Field_range_( 0, SYMCRYPT_CCM_BLOCK_SIZE-1 ) SIZE_T bytesInMacBlock;
SYMCRYPT_ALIGN BYTE counterBlock[SYMCRYPT_CCM_BLOCK_SIZE]; // Current counter block value
SYMCRYPT_ALIGN BYTE macBlock[SYMCRYPT_CCM_BLOCK_SIZE]; // Current state of the CBC-MAC part of CCM
SYMCRYPT_ALIGN BYTE keystreamBlock[SYMCRYPT_CCM_BLOCK_SIZE]; // Remaining key stream if partial block has been processed
SYMCRYPT_MAGIC_FIELD
} SYMCRYPT_CCM_STATE, *PSYMCRYPT_CCM_STATE;
@ -1345,15 +1345,15 @@ typedef const SYMCRYPT_GCM_EXPANDED_KEY * PCSYMCRYPT_GCM_EXPANDED_KEY;
typedef SYMCRYPT_ALIGN_STRUCT _SYMCRYPT_GCM_STATE {
PCSYMCRYPT_GCM_EXPANDED_KEY pKey;
UINT64 cbData; // Number of data bytes
UINT64 cbAuthData; // Number of AAD bytes
SIZE_T bytesInMacBlock;
SYMCRYPT_GF128_ELEMENT ghashState;
SYMCRYPT_ALIGN BYTE counterBlock[SYMCRYPT_GCM_BLOCK_SIZE];
SYMCRYPT_ALIGN BYTE macBlock[SYMCRYPT_GCM_BLOCK_SIZE];
SYMCRYPT_ALIGN BYTE keystreamBlock[SYMCRYPT_GCM_BLOCK_SIZE];
SYMCRYPT_MAGIC_FIELD
PCSYMCRYPT_GCM_EXPANDED_KEY pKey;
UINT64 cbData; // Number of data bytes
UINT64 cbAuthData; // Number of AAD bytes
_Field_range_( 0, SYMCRYPT_GCM_BLOCK_SIZE-1 ) SIZE_T bytesInMacBlock;
SYMCRYPT_GF128_ELEMENT ghashState;
SYMCRYPT_ALIGN BYTE counterBlock[SYMCRYPT_GCM_BLOCK_SIZE];
SYMCRYPT_ALIGN BYTE macBlock[SYMCRYPT_GCM_BLOCK_SIZE];
SYMCRYPT_ALIGN BYTE keystreamBlock[SYMCRYPT_GCM_BLOCK_SIZE];
SYMCRYPT_MAGIC_FIELD
} SYMCRYPT_GCM_STATE, * PSYMCRYPT_GCM_STATE;
typedef const SYMCRYPT_GCM_STATE * PCSYMCRYPT_GCM_STATE;
@ -1662,7 +1662,7 @@ typedef const SYMCRYPT_ECPOINT * PCSYMCRYPT_ECPOINT;
SYMCRYPT_ASYM_ALIGN_STRUCT _SYMCRYPT_INT {
UINT32 type;
UINT32 nDigits; // digit size depends on run-time decisions...
UINT32 cbSize; // currently unused
UINT32 cbSize;
SYMCRYPT_MAGIC_FIELD
SYMCRYPT_ASYM_ALIGN union {
@ -1744,7 +1744,7 @@ SYMCRYPT_ASYM_ALIGN_STRUCT _SYMCRYPT_MODELEMENT {
//
// The following 14 scratch size computation macros are all of the form:
// Some SIZEOF macros + max( some other scratch macros )
// and all depend on some number of digits. (Slight expceptions are
// and all depend on some number of digits. (Slight exceptions are
// INT_TO_MODULUS and INT_PRIME_GEN but they can fit into the below
// rationale.)
//
@ -2022,7 +2022,7 @@ SymCryptTestTrialdivisionMaxSmallPrime( PCSYMCRYPT_TRIALDIVISION_CONTEXT pContex
//
#define SYMCRYPT_DLGROUP_MIN_BITSIZE_P (32)
#define SYMCRYPT_DLGROUP_MIN_BITSIZE_Q (32)
#define SYMCRYPT_DLGROUP_MIN_BITSIZE_Q (31) // Q must always be at least 1 bit shorter than P
// Minimum allowable bit sizes for generated and imported parameters for both P and
// Q primes.

69
inc/symcrypt_low_level.h
Просмотреть файл

@ -554,7 +554,6 @@ SymCryptEcpointMaskedCopy(
// Integer operations
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptIntCopyMixedSize(
@ -612,7 +611,6 @@ SymCryptIntSetValueUint64(
// Read/write INTegers in defined formats
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptIntSetValue(
@ -645,7 +643,6 @@ SymCryptIntSetValue(
// in one case, we might as well handle it in all cases.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptIntGetValue(
@ -1183,17 +1180,15 @@ SymCryptUint64Gcd( UINT64 a, UINT64 b, UINT32 flags );
#define SYMCRYPT_SCRATCH_BYTES_FOR_CRT_GENERATION( _nDigits ) SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_CRT_GENERATION( _nDigits )
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCrtGenerateInverses(
UINT32 nCoprimes,
_In_ PCSYMCRYPT_MODULUS * ppmCoprimes,
UINT32 flags,
_Out_ PSYMCRYPT_MODELEMENT * ppeCrtInverses,
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
UINT32 nCoprimes,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODULUS * ppmCoprimes,
UINT32 flags,
_Out_writes_( nCoprimes ) PSYMCRYPT_MODELEMENT * ppeCrtInverses,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
//
// Compute the Chinese Remainder Theorem (CRT) constants for a set of nCoprimes
// pairwise coprime moduli. Pointers to the input numbers are stored in the array of
@ -1225,19 +1220,17 @@ SymCryptCrtGenerateInverses(
#define SYMCRYPT_SCRATCH_BYTES_FOR_CRT_SOLUTION( _nDigits ) SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_CRT_SOLUTION( _nDigits )
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCrtSolve(
UINT32 nCoprimes,
_In_ PCSYMCRYPT_MODULUS * ppmCoprimes,
_In_ PCSYMCRYPT_MODELEMENT * ppeCrtInverses,
_In_ PCSYMCRYPT_MODELEMENT * ppeCrtRemainders,
UINT32 flags,
_Out_ PSYMCRYPT_INT piSolution,
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
UINT32 nCoprimes,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODULUS * ppmCoprimes,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODELEMENT * ppeCrtInverses,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODELEMENT * ppeCrtRemainders,
UINT32 flags,
_Out_ PSYMCRYPT_INT piSolution,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
//
// Solve for x the system of nCoprimes congruences of the form
// x = ppeCrtRemainders[0] (mod ppmCoprimes[0])
@ -1505,7 +1498,6 @@ SymCryptModElementToInt(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptModElementSetValue(
@ -1529,7 +1521,7 @@ VOID
SYMCRYPT_CALL
SymCryptModElementSetValueUint32(
UINT32 value,
PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODULUS pmMod,
_Out_ PSYMCRYPT_MODELEMENT peDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
@ -1547,7 +1539,7 @@ VOID
SYMCRYPT_CALL
SymCryptModElementSetValueNegUint32(
UINT32 value,
PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODULUS pmMod,
_Out_ PSYMCRYPT_MODELEMENT peDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
@ -1562,7 +1554,6 @@ SymCryptModElementSetValueNegUint32(
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptModElementGetValue(
@ -1773,7 +1764,7 @@ SymCryptModInv(
// - peSrc: Source value, modulu pmMod
// - peDst: Destination value, mod element modulu pmMod
// - flags: SYMCRYPT_FLAG_DATA_PUBLIC signals that peSrc is a public value.
// - pbScatch/cbScratch: scratch space >= SYMCRYPT_SCRATCH_BYTES_FOR_MODINV( nDigits( pmMod ) )
// - pbScratch/cbScratch: scratch space >= SYMCRYPT_SCRATCH_BYTES_FOR_MODINV( nDigits( pmMod ) )
//
// Returns an error if
// - GCD( Src, Mod ) != 1
@ -1832,8 +1823,8 @@ VOID
SYMCRYPT_CALL
SymCryptModMultiExp(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_ PCSYMCRYPT_INT * piExpArray,
_In_reads_( nBases ) PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_reads_( nBases ) PCSYMCRYPT_INT * piExpArray,
UINT32 nBases,
UINT32 nBitsExp,
UINT32 flags,
@ -2024,22 +2015,20 @@ SymCryptRoundUpPow2Sizet( SIZE_T v );
//=====================================================
//=====================================================
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1ApplyEncryptionPadding(
_In_reads_bytes_( cbPlaintext ) PCBYTE pbPlaintext,
SIZE_T cbPlaintext,
_Out_writes_bytes_( cbPKCS1Format ) PBYTE pbPkcs1Format,
_Out_writes_bytes_( cbPkcs1Format ) PBYTE pbPkcs1Format,
SIZE_T cbPkcs1Format );
//
// Applies the RSA PKCS1 v1.5 encryption padding to the plaintext buffer.
// - Plaintext buffer containing plaintext to be encoded
// - Pkcs1Format Output buffer, typicaly the size of the RSA modulus
// - Pkcs1Format Output buffer, typically the size of the RSA modulus
// Requirement: cbPkcs1Format >= cbPlaintext + 11 due to the PKCS1 overhead.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1RemoveEncryptionPadding(
@ -2066,7 +2055,6 @@ SymCryptRsaPkcs1RemoveEncryptionPadding(
#define SYMCRYPT_SCRATCH_BYTES_FOR_RSA_OAEP( _hashAlgorithm, _nBytesOAEP ) SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_RSA_OAEP( _hashAlgorithm, _nBytesOAEP )
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepApplyEncryptionPadding(
@ -2077,7 +2065,7 @@ SymCryptRsaOaepApplyEncryptionPadding(
SIZE_T cbLabel,
_In_reads_bytes_opt_( cbSeed ) PCBYTE pbSeed,
SIZE_T cbSeed,
_Out_writes_bytes_( cbOAEPFormat ) PBYTE pbOaepFormat,
_Out_writes_bytes_( cbOaepFormat ) PBYTE pbOaepFormat,
SIZE_T cbOaepFormat,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
@ -2097,7 +2085,6 @@ SymCryptRsaOaepApplyEncryptionPadding(
// cbScratch >= SYMCRYPT_SCRATCH_BYTES_FOR_RSA_OAEP( hashAlgorithm, cbOAEPFormat )
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepRemoveEncryptionPadding(
@ -2131,7 +2118,6 @@ SymCryptRsaOaepRemoveEncryptionPadding(
#define SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PKCS1( _nBytesPKCS1 ) SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_RSA_PKCS1( _nBytesPKCS1 )
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1ApplySignaturePadding(
@ -2152,7 +2138,6 @@ SymCryptRsaPkcs1ApplySignaturePadding(
// SYMCRYPT_FLAG_RSA_PKCS1_NO_ASN1
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1VerifySignaturePadding(
@ -2182,7 +2167,6 @@ SymCryptRsaPkcs1VerifySignaturePadding(
#define SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PSS( _hashAlgorithm, _nBytesMessage, _nBytesPSS ) SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_RSA_PSS( _hashAlgorithm, _nBytesMessage, _nBytesPSS )
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssApplySignaturePadding(
@ -2215,7 +2199,6 @@ SymCryptRsaPssApplySignaturePadding(
// cbScratch >= SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PSS( hashAlgorithm, cbHash, cbPSSFormat )
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssVerifySignaturePadding(
@ -2279,7 +2262,6 @@ SymCryptEcurveDigitsofFieldElement( _In_ PCSYMCRYPT_ECURVE pCurve );
#define SYMCRYPT_SCRATCH_BYTES_FOR_GETSET_VALUE_ECURVE_OPERATIONS( _pCurve ) SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_GETSET_VALUE_ECURVE_OPERATIONS( _pCurve )
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointSetValue(
@ -2321,7 +2303,6 @@ SymCryptEcpointSetValue(
// eformat = SYMCRYPT_ECPOINT_AFFINE
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointGetValue(
@ -2661,7 +2642,6 @@ SymCryptEcpointMultiScalarMul(
// ECDSA-EX
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaSignEx(
@ -2710,7 +2690,6 @@ typedef const SYMCRYPT_802_11_SAE_CUSTOM_STATE *PCSYMCRYPT_802_11_SAE_CUSTOM_STA
// change at any time.
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomInit(
_Out_ PSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -2750,7 +2729,6 @@ SymCrypt802_11SaeCustomInit(
// of the other functions.
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomCreatePT(
_In_reads_( cbSsid ) PCBYTE pbSsid,
@ -2774,7 +2752,6 @@ SymCrypt802_11SaeCustomCreatePT(
// As above, we only support NIST P256.
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomInitH2E(
_Out_ PSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -2798,7 +2775,6 @@ SymCrypt802_11SaeCustomInitH2E(
// parameters
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomCommitCreate(
_In_ PCSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -2814,7 +2790,6 @@ SymCrypt802_11SaeCustomCommitCreate(
// (x,y) in order, each value in MSByte first.
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomCommitProcess(
_In_ PCSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,

22
lib/3des.c
Просмотреть файл

@ -119,7 +119,6 @@ static const BYTE SymCryptDesDoubleShift[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
// People using DES have bigger problems than bad performance.
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDesExpandKey(
@ -194,8 +193,8 @@ SymCrypt3DesCbcDecrypt(
VOID
SYMCRYPT_CALL
SymCryptDesExpandSingleKey(
_Out_ UINT32 expandedKeyTable[16][2],
_In_reads_(8) PCBYTE pKey )
_Out_writes_bytes_(128) UINT32 expandedKeyTable[16][2],
_In_reads_(8) PCBYTE pKey )
{
UINT32 Cr, Dr; // The C_r D_r values of FIPS 43 for round value r
UINT32 r; // round
@ -219,8 +218,8 @@ SymCryptDesExpandSingleKey(
// they have expired by now.
// The expression of the algorithm in code is purely MS generated, and so not encumbered
// by external copyrights.
// This algorithm is really just a transposition of the bits when viewed as an 8x8 matrix
// with an additional permutation on the output side.
// This algorithm is really just a transposition of the bits when viewed as an 8x8 matrix
// with an additional permutation on the output side.
//
SWAP_BITS_BETWEEN_UINT32( Cr, Dr, 4, 0x0f0f0f0f );
SWAP_BITS_WITHIN_UINT32( Dr, 18, 0x00003333 );
@ -290,7 +289,6 @@ SymCryptDesExpandSingleKey(
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL
@ -501,12 +499,12 @@ SymCrypt3DesDecrypt(
R ^= Ta;
L = ROL32(L, 14);
Ta = (L ^ R) & 0x33333333;
Ta = (L ^ R) & 0x33333333;
L ^= Ta;
R ^= Ta;
R = ROL32(R, 22);
Ta = (L ^ R) & 0x03fc03fc;
Ta = (L ^ R) & 0x03fc03fc;
L ^= Ta;
R ^= Ta;
@ -542,7 +540,7 @@ SymCrypt3DesDecrypt(
/* Inverse permutation, also from Hoey via Outerbridge and Schneier */
R = ROR32(R, 1);
Ta = (L ^ R) & 0xaaaaaaaa;
Ta = (L ^ R) & 0xaaaaaaaa;
L ^= Ta;
R ^= Ta;
@ -552,17 +550,17 @@ SymCrypt3DesDecrypt(
R ^= Ta;
L = ROR32(L, 22);
Ta = (L ^ R) & 0x33333333;
Ta = (L ^ R) & 0x33333333;
L ^= Ta;
R ^= Ta;
R = ROR32(R, 14);
Ta = (L ^ R) & 0xfff0000f;
Ta = (L ^ R) & 0xfff0000f;
L ^= Ta;
R ^= Ta;
R = ROR32(R, 20);
Ta = (L ^ R) & 0xf0f0f0f0;
Ta = (L ^ R) & 0xf0f0f0f0;
L ^= Ta;
R ^= Ta;

90
lib/IEEE802_11SaeCustom.c
Просмотреть файл

@ -3,13 +3,13 @@
//
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
//
//
//
#include "precomp.h"
#define PRIME_LENGTH_BITS 256
//
//
// Calculate sqrt(peVal) if it exists. If so, *puIsQuadraticResidue is set to 0xFFFF`FFFF.
// Otherwise, *puIsQuadraticResidue is set to 0.
// WARNING: *peSqrtArg is set even if the square root doesn't exist. Use masked copy functions
@ -21,7 +21,6 @@
// - peSqrtArg: optional out argument for square root value
// - pbScratch, cbScratch: scratch space >= SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP( pmMod->nDigits )
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCryptModSqrt(
_In_ PSYMCRYPT_MODULUS pmMod,
@ -94,7 +93,6 @@ cleanup:
// - popP: point on the curve found by SSWU.
// - pbScratch, cbScratch: scratch space >= SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_ECURVE_OPERATIONS( pCurve )
//
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCryptSswu(
_In_ PSYMCRYPT_ECURVE pCurve,
@ -124,7 +122,7 @@ SymCryptSswu(
PSYMCRYPT_MODELEMENT peGX2 = NULL;
BYTE pointBuf[64] = { 0 };
piTmp = SymCryptIntAllocate( SymCryptDigitsFromBits( PRIME_LENGTH_BITS ) );
peTmp = SymCryptModElementAllocate( pCurve->FMod );
@ -163,7 +161,7 @@ SymCryptSswu(
SymCryptModExp( pCurve->FMod, peM, piTmp, PRIME_LENGTH_BITS, 0, peT, pbScratch, cbScratch );
//x1 = CSEL( l, ( b / ( z * a ) modulo p ), ( ( – b / a ) * ( 1 + t ) ) modulo p )
// where CSEL(x,y,z) operates in constant time and returns y if x is true and z otherwise.
// where CSEL(x,y,z) operates in constant time and returns y if x is true and z otherwise.
SymCryptModMul( pCurve->FMod, peZ, pCurve->A, peTmp, pbScratch, cbScratch ); // tmp = z * a
SymCryptModInv( pCurve->FMod, peTmp, peTmp, SYMCRYPT_FLAG_DATA_PUBLIC | SYMCRYPT_FLAG_MODULUS_PRIME, pbScratch, cbScratch ); // tmp = 1/(z * a)
SymCryptModMul( pCurve->FMod, pCurve->B, peTmp, peX1, pbScratch, cbScratch ); // x1A = B * 1/(z * a)
@ -186,7 +184,7 @@ SymCryptSswu(
// gx1 = ( x1^3 + a * x1 + b ) = (x1^2 + a)*x1 + b modulo p
SymCryptModSquare( pCurve->FMod, peX1, peGX1, pbScratch, cbScratch ); // gx1 = x1^2
SymCryptModAdd( pCurve->FMod, peGX1, pCurve->A, peGX1, pbScratch, cbScratch ); // gx1 = x1^2 + a
SymCryptModMul( pCurve->FMod, peGX1, peX1, peGX1, pbScratch, cbScratch ); // gx1 = (x1^2 + a)*x1
SymCryptModMul( pCurve->FMod, peGX1, peX1, peGX1, pbScratch, cbScratch ); // gx1 = (x1^2 + a)*x1
SymCryptModAdd( pCurve->FMod, peGX1, pCurve->B, peGX1, pbScratch, cbScratch ); // gx1 = (x1^2 + a)*x1 + b
//x2 = ( z * u^2 * x1 ) modulo p
@ -218,7 +216,7 @@ SymCryptSswu(
// y = sqrt( v ) = v^{(P+1)/4}
// (Using gx1 as a temporary for y)
scError = SymCryptModSqrt( pCurve->FMod, peGX1, &selectionMask, peGX1, pbScratch, cbScratch );
// l = CEQ( LSB( u ), LSB( y ) )
// LSB returns the least significant *BIT* of its argument
SymCryptModElementToInt( pCurve->FMod, peU, piTmp, pbScratch, cbScratch );
@ -226,7 +224,7 @@ SymCryptSswu(
SymCryptModElementToInt( pCurve->FMod, peGX1, piTmp, pbScratch, cbScratch );
UINT32 y = SymCryptIntGetValueLsbits32( piTmp );
selectionMask = SYMCRYPT_MASK32_EQ( u & 1, y & 1 );
// P = CSEL( l, ( x, y ), ( x, p – y ) )
@ -313,7 +311,6 @@ cleanup:
return scError;
}
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomSetRandMask(
_Inout_ PSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -387,7 +384,6 @@ cleanup:
return scError;
}
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomInit(
_Out_ PSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -417,7 +413,7 @@ SymCrypt802_11SaeCustomInit(
SIZE_T cbScratch = 0;
UINT64 minMac;
UINT64 maxMac;
UINT32 nDigits;
PSYMCRYPT_ECURVE pCurve; // Only a cache, pState->pCurve owns the allocation
PSYMCRYPT_INT piTmp = NULL;
@ -430,7 +426,7 @@ SymCrypt802_11SaeCustomInit(
// Set state to 0 so that our pointers have valid values.
SymCryptWipe( pState, sizeof( *pState ) );
// Per IEEE 802.11-2016 section 12.4.4.1 the madatory-to-implement curve is
// Per IEEE 802.11-2016 section 12.4.4.1 the madatory-to-implement curve is
// number 19 from the IANA Group description for RFC 2409 (IKE)
// The IANA website maps this to a 256-bit Random ECP group in RFC 5903.
// RFC 5903 specifies this group to be identical to the NIST P256 curve.
@ -465,7 +461,7 @@ SymCrypt802_11SaeCustomInit(
nDigits = SymCryptDigitsFromBits( PRIME_LENGTH_BITS );
cbScratch = SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ),
cbScratch = SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ),
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP( nDigits ),
SYMCRYPT_SCRATCH_BYTES_FOR_GETSET_VALUE_ECURVE_OPERATIONS( pCurve ) ) );
pbScratch = SymCryptCallbackAlloc( cbScratch );
@ -511,7 +507,7 @@ SymCrypt802_11SaeCustomInit(
// We exit the loop only after 40 or more iterations
// This greatly reduces the side-channel of how often we run this loop.
while( notFoundMask != 0 || counter < 40 )
while( notFoundMask != 0 || counter < 40 )
{
counter += 1;
SYMCRYPT_HARD_ASSERT( counter != 0 );
@ -576,12 +572,12 @@ SymCrypt802_11SaeCustomInit(
SymCryptModElementGetValue( pCurve->FMod, peX, &pointBuf[ 0], 32, SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, pbScratch, cbScratch );
SymCryptModElementGetValue( pCurve->FMod, peY, &pointBuf[32], 32, SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, pbScratch, cbScratch );
scError = SymCryptEcpointSetValue( pCurve,
pointBuf,
sizeof( pointBuf ),
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
poPWECandidate,
scError = SymCryptEcpointSetValue( pCurve,
pointBuf,
sizeof( pointBuf ),
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
poPWECandidate,
0,
pbScratch,
cbScratch );
@ -663,7 +659,6 @@ cleanup:
return scError;
}
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomCreatePT(
_In_reads_( cbSsid ) PCBYTE pbSsid,
@ -696,7 +691,7 @@ SymCrypt802_11SaeCustomCreatePT(
PSYMCRYPT_ECPOINT poP2 = NULL;
PSYMCRYPT_ECPOINT poPT = NULL;
// Per IEEE 802.11-2016 section 12.4.4.1 the madatory-to-implement curve is
// Per IEEE 802.11-2016 section 12.4.4.1 the madatory-to-implement curve is
// number 19 from the IANA Group description for RFC 2409 (IKE)
// The IANA website maps this to a 256-bit Random ECP group in RFC 5903.
// RFC 5903 specifies this group to be identical to the NIST P256 curve.
@ -867,7 +862,6 @@ cleanup:
return scError;
}
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomInitH2E(
_Out_ PSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -904,7 +898,7 @@ SymCrypt802_11SaeCustomInitH2E(
// Set state to 0 so that our pointers have valid values.
SymCryptWipeKnownSize( pState, sizeof( *pState ) );
// Per IEEE 802.11-2016 section 12.4.4.1 the madatory-to-implement curve is
// Per IEEE 802.11-2016 section 12.4.4.1 the madatory-to-implement curve is
// number 19 from the IANA Group description for RFC 2409 (IKE)
// The IANA website maps this to a 256-bit Random ECP group in RFC 5903.
// RFC 5903 specifies this group to be identical to the NIST P256 curve.
@ -1080,7 +1074,7 @@ cleanup:
}
VOID
SymCrypt802_11SaeCustomDestroy(
SymCrypt802_11SaeCustomDestroy(
_Inout_ PSYMCRYPT_802_11_SAE_CUSTOM_STATE pState )
{
PSYMCRYPT_ECURVE pCurve = pState->pCurve;
@ -1108,7 +1102,6 @@ SymCrypt802_11SaeCustomDestroy(
SymCryptWipeKnownSize( pState, sizeof( *pState ) );
}
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomCommitCreate(
_In_ PCSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -1126,7 +1119,7 @@ SymCrypt802_11SaeCustomCommitCreate(
PCSYMCRYPT_ECURVE pCurve = pState->pCurve;
nDigits = SymCryptDigitsFromBits( 256 );
cbScratch = SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ),
cbScratch = SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ),
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_SCALAR_ECURVE_OPERATIONS( pCurve ),
SYMCRYPT_SCRATCH_BYTES_FOR_GETSET_VALUE_ECURVE_OPERATIONS( pCurve ) ) );
@ -1165,11 +1158,11 @@ SymCrypt802_11SaeCustomCommitCreate(
// Now we have mask * PWE, but we need the negative...
SymCryptEcpointNegate( pCurve, poPoint, (UINT32)-1, pbScratch, cbScratch );
scError = SymCryptEcpointGetValue( pCurve,
poPoint,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
pbCommitElement,
scError = SymCryptEcpointGetValue( pCurve,
poPoint,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
pbCommitElement,
64,
0,
pbScratch,
@ -1209,7 +1202,6 @@ cleanup:
return scError;
}
_Success_( return == SYMCRYPT_NO_ERROR )
SYMCRYPT_ERROR
SymCrypt802_11SaeCustomCommitProcess(
_In_ PCSYMCRYPT_802_11_SAE_CUSTOM_STATE pState,
@ -1231,9 +1223,9 @@ SymCrypt802_11SaeCustomCommitProcess(
SIZE_T cbScratch;
nDigits = SymCryptDigitsFromBits( 256 );
cbScratch = SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ),
cbScratch = SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ),
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_SCALAR_ECURVE_OPERATIONS( pCurve ),
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_ECURVE_OPERATIONS( pCurve ),
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_ECURVE_OPERATIONS( pCurve ),
SYMCRYPT_SCRATCH_BYTES_FOR_GETSET_VALUE_ECURVE_OPERATIONS( pCurve ) ) ) );
pbScratch = SymCryptCallbackAlloc( cbScratch );
@ -1270,11 +1262,11 @@ SymCrypt802_11SaeCustomCommitProcess(
SymCryptModAdd( pCurve->GOrd, peCommitScalarSum, pState->peRand, peCommitScalarSum, pbScratch, cbScratch );
SymCryptModAdd( pCurve->GOrd, peCommitScalarSum, pState->peMask, peCommitScalarSum, pbScratch, cbScratch );
scError = SymCryptEcpointSetValue( pCurve,
pbPeerCommitElement,
64,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
scError = SymCryptEcpointSetValue( pCurve,
pbPeerCommitElement,
64,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
poPeerCommitElement,
0,
pbScratch,
@ -1323,14 +1315,14 @@ SymCrypt802_11SaeCustomCommitProcess(
goto cleanup;
}
scError = SymCryptEcpointGetValue( pCurve,
poTmp,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_X,
pbSharedSecret,
32,
0,
pbScratch,
scError = SymCryptEcpointGetValue( pCurve,
poTmp,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_X,
pbSharedSecret,
32,
0,
pbScratch,
cbScratch );
if( scError != SYMCRYPT_NO_ERROR )
{

3
lib/ScsTable.c
Просмотреть файл

@ -6,7 +6,7 @@
//
//
// These functions implement an table of large elements.
// Reading an element fromt he table is done in a way that does not reveal the
// Reading an element from the table is done in a way that does not reveal the
// element accessed through memory side channels.
// Basically, the whole table is read by the CPU, and the required data is selected
// using boolean operations.
@ -205,6 +205,7 @@ SymCryptScsTableLoadC(
SYMCRYPT_ASSERT( groupSize == pScsTable->groupSize );
SYMCRYPT_ASSERT( interleaveSize == pScsTable->interleaveSize );
SYMCRYPT_ASSERT( cbData >= sizeof( SYMCRYPT_SCSTABLE_TYPE ) * SYMCRYPT_SCSTABLE_GROUP_SIZE );
SYMCRYPT_ASSERT( cbData == pScsTable->elementSize );
UNREFERENCED_PARAMETER( cbData );

16
lib/a_dispatch.c
Просмотреть файл

@ -43,9 +43,9 @@ const SYMCRYPT_MODULAR_FUNCTIONS g_SymCryptModFns[] = {
#define SymCryptModFntableMontgomery (1 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntable369Montgomery (2 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomery256 (3 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomeryMulx (4 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomery512 (5 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomery1024 (6 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomeryMulx (4 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomery512 (5 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomery1024 (6 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
#define SymCryptModFntableMontgomeryMulx1024 (7 * SYMCRYPT_MODULAR_FUNCTIONS_SIZE)
C_ASSERT( (sizeof( g_SymCryptModFns ) & (sizeof( g_SymCryptModFns) - 1 )) == 0 ); // size of the table must be a power of 2 to be CFG-safe.
@ -55,7 +55,7 @@ const UINT32 g_SymCryptModFnsMask = sizeof( g_SymCryptModFns ) - sizeof( g_SymCr
//
// Tweaking the selection & function tables allows different tradeoffs of performance vs codesize
//
const SYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY SymCryptModulusTypeSelections[] =
const SYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY SymCryptModulusTypeSelections[] =
{
#if SYMCRYPT_CPU_AMD64
// Mulx used for 257-512 and 577-... bits
@ -645,7 +645,7 @@ SYMCRYPT_CALL
SymCryptModElementCreate(
_Out_writes_bytes_( cbBuffer ) PBYTE pbBuffer,
SIZE_T cbBuffer,
PCSYMCRYPT_MODULUS pmMod )
_In_ PCSYMCRYPT_MODULUS pmMod )
{
return SymCryptFdefModElementCreate( pbBuffer, cbBuffer, pmMod );
}
@ -947,7 +947,7 @@ SymCryptModExp(
_In_ PCSYMCRYPT_MODELEMENT peBase,
_In_ PCSYMCRYPT_INT piExp,
UINT32 nBitsExp,
_In_ UINT32 flags,
UINT32 flags,
_Out_ PSYMCRYPT_MODELEMENT peDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
@ -959,8 +959,8 @@ VOID
SYMCRYPT_CALL
SymCryptModMultiExp(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_ PCSYMCRYPT_INT * piExpArray,
_In_reads_( nBases ) PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_reads_( nBases ) PCSYMCRYPT_INT * piExpArray,
UINT32 nBases,
UINT32 nBitsExp,
UINT32 flags,

43
lib/aes-key.c
Просмотреть файл

@ -7,7 +7,7 @@
// assembler ones. They are used on platforms that don't have assembler implementations
// and for various testing purposes.
//
// This code derives from the orignal fast AES code that Niels Ferguson wrote
// This code derives from the orignal fast AES code that Niels Ferguson wrote
// for BitLocker in Windows Vista.
// The C code is derived from the AES that was already in the RSA32 library,
// the assembler code was created new at that time.
@ -29,11 +29,10 @@ static BYTE g_SymCryptAesRoundConstant[11] =
0, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36,
};
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptAesExpandKeyInternal(
SymCryptAesExpandKeyInternal(
_Out_ PSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
_In_reads_(cbKey) PCBYTE pbKey,
SIZE_T cbKey,
@ -178,7 +177,7 @@ SymCryptAesExpandKeyInternal(
*(UINT32 *)(p+12) = *(UINT32 *)(p + 8) ^ *(UINT32 *)(p - 20);
break;
default:
status = SYMCRYPT_WRONG_KEY_SIZE;
goto cleanup;
@ -189,7 +188,7 @@ SymCryptAesExpandKeyInternal(
{
p = &pExpandedKey->RoundKey[0][0][0];
q = (PBYTE)(pExpandedKey->lastDecRoundKey);
// The first encryption round key is the last decryption round key
memcpy( q, p, SYMCRYPT_AES_BLOCK_SIZE );
p += 16;
@ -215,22 +214,20 @@ cleanup:
return status;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptAesExpandKey(
_Out_ PSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
_In_reads_(cbKey) PCBYTE pbKey,
SIZE_T cbKey )
{
return SymCryptAesExpandKeyInternal( pExpandedKey, pbKey, cbKey, TRUE );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptAesExpandKeyEncryptOnly(
SymCryptAesExpandKeyEncryptOnly(
_Out_ PSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
_In_reads_(cbKey) PCBYTE pbKey,
SIZE_T cbKey )
@ -240,7 +237,7 @@ SymCryptAesExpandKeyEncryptOnly(
VOID
SYMCRYPT_CALL
SymCryptAesKeyCopy( _In_ PCSYMCRYPT_AES_EXPANDED_KEY pSrc,
SymCryptAesKeyCopy( _In_ PCSYMCRYPT_AES_EXPANDED_KEY pSrc,
_Out_ PSYMCRYPT_AES_EXPANDED_KEY pDst )
{
SYMCRYPT_CHECK_MAGIC( pSrc );
@ -258,7 +255,7 @@ SymCryptAesKeyCopy( _In_ PCSYMCRYPT_AES_EXPANDED_KEY pSrc,
const BYTE SymCryptAesNistTestVector128Ciphertext[16] = {
0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
};
@ -272,7 +269,7 @@ const BYTE SymCryptAesNistTestVector128Ciphertext[16] = {
*
//
//
// Prototype; on some platforms this function is in assembler.
//
VOID
@ -288,7 +285,7 @@ SymCryptAesCreateRotatedTables( _Inout_ BYTE MatrixMult[4][256][4] )
//
// We do this byte-by-byte, which is easiest.
// It would be faster to use UINT32 operations,
// but that is endian-specific, and therefore platform-specific.
// but that is endian-specific, and therefore platform-specific.
// Endian-agnostic UINT32-based code would be a lot more complicated.
// All this is extremely easy to do in assembler, which we do on those
// platforms that have assembler implementations.
@ -307,7 +304,7 @@ SymCryptAesCreateRotatedTables( _Inout_ BYTE MatrixMult[4][256][4] )
//
// SymCryptAesInitMatrixMultiplyTable
//
// Initialize a matrix multiplication table.
// Initialize a matrix multiplication table.
// Each matrix multiplication table consists of 4 tables of 256 entries of 4 bytes each.
// The four tables are rotated copies of each other.
// This funciton generates the first of those four tables from the init
@ -324,7 +321,7 @@ SymCryptAesCreateRotatedTables( _Inout_ BYTE MatrixMult[4][256][4] )
// using repeated multiplication by x in the finite field.
//
// It is safe to call this function on two separate threads for the same table.
// All invocations will write the same data to the table, and within a tread each entry is written
// All invocations will write the same data to the table, and within a tread each entry is written
// before it is read. Doing parallel initializations of the same table can be very inefficient
// as multiple cores will be fighting over the cache lines, but the result will be correct.
// We use this property to initialize the tables lazilly.
@ -332,7 +329,7 @@ SymCryptAesCreateRotatedTables( _Inout_ BYTE MatrixMult[4][256][4] )
static
VOID
SYMCRYPT_CALL
SymCryptAesInitMatrixMultiplyTable( _Out_ SYMCRYPT_ALIGN BYTE MatrixMult[256][4],
SymCryptAesInitMatrixMultiplyTable( _Out_ SYMCRYPT_ALIGN BYTE MatrixMult[256][4],
_In_ SYMCRYPT_ALIGN BYTE init[4]
)
{
@ -350,11 +347,11 @@ SymCryptAesInitMatrixMultiplyTable( _Out_ SYMCRYPT_ALIGN BYTE MatrixMult[256][
for( i=1; i<256; i<<=1 )
{
initCopyAsUint32 = *(UINT32 *)initCopy;
for( j=0; j<i; j++ )
for( j=0; j<i; j++ )
{
*(UINT32 *)MatrixMult[i+j] = *(UINT32 *)MatrixMult[j] ^ initCopyAsUint32;
}
for( j=0; j<4; j++ )
for( j=0; j<4; j++ )
{
initCopy[j] = MULT_BY_X( initCopy[j] );
}
@ -370,14 +367,14 @@ SymCryptAesInitMatrixMultiplyTable( _Out_ SYMCRYPT_ALIGN BYTE MatrixMult[256][
// tables not initialized.
//
// This leads to an interesting case where multiple threads running on multiple
// CPUs run this initialization code at the same time.
// CPUs run this initialization code at the same time.
// This code is carefully structured to allow that. When global data is written it is
// always with the final value, and we never read uninitialized global data.
// Thus, even if two CPUs run this code at the same time, they will both initialize each
// memory location to the same correct value and the end result will be correct.
// (Performance will suffer due to the fact that cache lines will be bounced back and force
// between the two CPUs, but that is not a significant concern as this code is used only once.)
//
//
// At the end of the initialization the flag is set to indicate that further
// key expansion invocations do not need to re-run the initialization.
// We use memory barriers to keep this multi-thread safe.
@ -414,14 +411,14 @@ SymCryptAesInitialize()
*(UINT32 *)SymCryptAesSboxMatrixMult[0][i] = *(UINT32 *)MatrixScratch[S];
*(UINT32 *)SymCryptAesInvSboxMatrixMult[0][S] = *(UINT32 *)SymCryptAesInvMatrixMult[0][i];
}
//
// Now we generate the byte rotations of the tables
//
SymCryptAesCreateRotatedTables( SymCryptAesSboxMatrixMult );
SymCryptAesCreateRotatedTables( SymCryptAesInvSboxMatrixMult );
SymCryptAesCreateRotatedTables( SymCryptAesInvMatrixMult );
//
// This is a memory barrier. It ensures that all the memory writes we do before the barrier
// are globally visible to other CPUs before the memory writes we do after the fence.
@ -432,7 +429,7 @@ SymCryptAesInitialize()
//
// Set the flag to signal that the tables are initialized.
//
//
SymCryptAesTablesInitialized = TRUE;
}

4
lib/aes-neon.c
Просмотреть файл

@ -1468,6 +1468,8 @@ SymCryptAesGcmEncryptStitchedNeon(
SIZE_T nBlocks = cbData / SYMCRYPT_GF128_BLOCK_SIZE;
SIZE_T todo;
SYMCRYPT_ASSERT( (cbData & SYMCRYPT_GCM_BLOCK_MOD_MASK) == 0 ); // cbData is multiple of block size
// Our chain variable is in integer format, not the MSBfirst format loaded from memory.
ctr0 = vrev64q_u8( chain );
ctr1 = vaddq_u64( ctr0, chainIncrement1 );
@ -1713,6 +1715,8 @@ SymCryptAesGcmDecryptStitchedNeon(
SIZE_T nBlocks = cbData / SYMCRYPT_GF128_BLOCK_SIZE;
SIZE_T todo;
SYMCRYPT_ASSERT( (cbData & SYMCRYPT_GCM_BLOCK_MOD_MASK) == 0 ); // cbData is multiple of block size
// Our chain variable is in integer format, not the MSBfirst format loaded from memory.
ctr0 = vrev64q_u8( chain );
ctr1 = vaddq_u64( ctr0, chainIncrement1 );

4
lib/aes-xmm.c
Просмотреть файл

@ -1388,6 +1388,8 @@ SymCryptAesGcmEncryptStitchedXmm(
SIZE_T todo;
PCBYTE pbGhashSrc = pbDst;
SYMCRYPT_ASSERT( (cbData & SYMCRYPT_GCM_BLOCK_MOD_MASK) == 0 ); // cbData is multiple of block size
chain = _mm_shuffle_epi8( chain, BYTE_REVERSE_ORDER );
state = _mm_loadu_si128( (__m128i *) pState );
@ -1628,6 +1630,8 @@ SymCryptAesGcmDecryptStitchedXmm(
SIZE_T todo = 0;
PCBYTE pbGhashSrc = pbSrc;
SYMCRYPT_ASSERT( (cbData & SYMCRYPT_GCM_BLOCK_MOD_MASK) == 0 ); // cbData is multiple of block size
chain = _mm_shuffle_epi8( chain, BYTE_REVERSE_ORDER );
state = _mm_loadu_si128( (__m128i *) pState );

6
lib/aes-ymm.c
Просмотреть файл

@ -459,6 +459,8 @@ SymCryptAesGcmEncryptStitchedYmm_2048(
SIZE_T todo;
PCBYTE pbGhashSrc = pbDst;
SYMCRYPT_ASSERT( (cbData & SYMCRYPT_GCM_BLOCK_MOD_MASK) == 0 ); // cbData is multiple of block size
if ( nBlocks < GCM_YMM_MINBLOCKS )
{
SymCryptAesGcmEncryptStitchedXmm( pExpandedKey, pbChainingValue, expandedKeyTable, pState, pbSrc, pbDst, cbData);
@ -619,6 +621,7 @@ SymCryptAesGcmEncryptStitchedYmm_2048(
_mm_storeu_si128((__m128i *) pState, state );
cbData &= ( GCM_YMM_MINBLOCKS*SYMCRYPT_AES_BLOCK_SIZE ) - 1;
SYMCRYPT_ASSERT( cbData == nBlocks*SYMCRYPT_AES_BLOCK_SIZE );
if ( cbData >= SYMCRYPT_AES_BLOCK_SIZE )
{
SymCryptAesGcmEncryptStitchedXmm( pExpandedKey, pbChainingValue, expandedKeyTable, pState, pbSrc, pbDst, cbData);
@ -658,6 +661,8 @@ SymCryptAesGcmDecryptStitchedYmm_2048(
SIZE_T todo;
PCBYTE pbGhashSrc = pbSrc;
SYMCRYPT_ASSERT( (cbData & SYMCRYPT_GCM_BLOCK_MOD_MASK) == 0 ); // cbData is multiple of block size
if ( nBlocks < GCM_YMM_MINBLOCKS )
{
SymCryptAesGcmDecryptStitchedXmm( pExpandedKey, pbChainingValue, expandedKeyTable, pState, pbSrc, pbDst, cbData);
@ -745,6 +750,7 @@ SymCryptAesGcmDecryptStitchedYmm_2048(
_mm_storeu_si128((__m128i *) pState, state );
cbData &= ( GCM_YMM_MINBLOCKS*SYMCRYPT_AES_BLOCK_SIZE ) - 1;
SYMCRYPT_ASSERT( cbData == nBlocks*SYMCRYPT_AES_BLOCK_SIZE );
if ( cbData >= SYMCRYPT_AES_BLOCK_SIZE )
{
SymCryptAesGcmDecryptStitchedXmm( pExpandedKey, pbChainingValue, expandedKeyTable, pState, pbSrc, pbDst, cbData);

1
lib/aesCtrDrbg.c
Просмотреть файл

@ -432,7 +432,6 @@ SymCryptRngAesUpdate(
}
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRngAesGenerateSmall(

1
lib/aescmac.c
Просмотреть файл

@ -39,7 +39,6 @@ SymCryptCmacMunge(
buf[15] ^= (0 - carry) & 0x87; // This is the R_128 value from SP 800-38B 5.3
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptAesCmacExpandKey(

5
lib/ccm.c
Просмотреть файл

@ -19,7 +19,6 @@
#define CCM_BLOCK_MOD_MASK (SYMCRYPT_CCM_BLOCK_SIZE - 1)
#define CCM_BLOCK_ROUND_MASK (~CCM_BLOCK_MOD_MASK)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCcmValidateParameters(
@ -248,7 +247,6 @@ SymCryptCcmEncrypt(
SymCryptCcmEncryptFinal( &state, pbTag, cbTag );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL
@ -492,6 +490,7 @@ SymCryptCcmEncryptFinal(
memcpy( pbTag, &pState->macBlock[0], cbTag );
SymCryptWipeKnownSize( pState, sizeof( *pState ) );
SYMCRYPT_ASSERT( pState->bytesInMacBlock == 0 );
}
SYMCRYPT_NOINLINE
@ -533,7 +532,6 @@ SymCryptCcmDecryptPart(
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL
@ -574,6 +572,7 @@ SymCryptCcmDecryptFinal(
}
SymCryptWipeKnownSize( pState, sizeof( *pState ) );
SYMCRYPT_ASSERT( pState->bytesInMacBlock == 0 );
return status;
}

33
lib/chacha20.c
Просмотреть файл

@ -8,7 +8,7 @@
VOID
SYMCRYPT_CALL
SymCryptChaCha20CryptBlocks(
SymCryptChaCha20CryptBlocks(
_Inout_ PSYMCRYPT_CHACHA20_STATE pState,
_In_reads_( cbData ) PCBYTE pbSrc,
_Out_writes_( cbData ) PBYTE pbDst,
@ -21,7 +21,6 @@ SymCryptChaCha20CryptBlocks(
#define OFFSET_MASK (((UINT64)1 << 38) - 1)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptChaCha20Init(
@ -39,7 +38,7 @@ SymCryptChaCha20Init(
scError = SYMCRYPT_WRONG_KEY_SIZE;
goto cleanup;
}
if (cbNonce != 12)
{
scError = SYMCRYPT_WRONG_NONCE_SIZE;
@ -67,7 +66,7 @@ SymCryptChaCha20SetOffset(
VOID
SYMCRYPT_CALL
SymCryptChaCha20Crypt(
SymCryptChaCha20Crypt(
_Inout_ PSYMCRYPT_CHACHA20_STATE pState,
_In_reads_( cbData ) PCBYTE pbSrc,
_Out_writes_( cbData ) PBYTE pbDst,
@ -76,9 +75,9 @@ SymCryptChaCha20Crypt(
UINT32 blockOffset;
SIZE_T nBytes;
blockOffset = pState->offset & 0x3f;
blockOffset = pState->offset & 0x3f;
// If the offset is in the middle of the block, we first crypt until the end
// If the offset is in the middle of the block, we first crypt until the end
// of the block
if( blockOffset != 0 )
{
@ -86,9 +85,9 @@ SymCryptChaCha20Crypt(
{
// Generate a block of key stream
SymCryptWipe( &pState->keystream[0], 64 );
SymCryptChaCha20CryptBlocks( pState,
&pState->keystream[0],
&pState->keystream[0],
SymCryptChaCha20CryptBlocks( pState,
&pState->keystream[0],
&pState->keystream[0],
64 );
pState->offset -= 64; // Don't update the offset yet
}
@ -129,9 +128,9 @@ SymCryptChaCha20Crypt(
{
// Generate a block of key stream
SymCryptWipe( &pState->keystream[0], 64 );
SymCryptChaCha20CryptBlocks( pState,
&pState->keystream[0],
&pState->keystream[0],
SymCryptChaCha20CryptBlocks( pState,
&pState->keystream[0],
&pState->keystream[0],
64 );
pState->offset -= 64; // Don't update the offset yet
pState->keystreamBufferValid = TRUE;
@ -154,7 +153,7 @@ SymCryptChaCha20Crypt(
VOID
SYMCRYPT_CALL
SymCryptChaCha20CryptBlocks(
SymCryptChaCha20CryptBlocks(
_Inout_ PSYMCRYPT_CHACHA20_STATE pState,
_In_reads_( cbData ) PCBYTE pbSrc,
_Out_writes_( cbData ) PBYTE pbDst,
@ -163,7 +162,7 @@ SymCryptChaCha20CryptBlocks(
UINT32 counter;
UINT32 s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15;
int i;
counter = (UINT32)(pState->offset >> 6);
while( cbData >= 64 )
@ -245,7 +244,7 @@ SymCryptChaCha20CryptBlocks(
pState->offset += 64;
}
}
static const BYTE chacha20KatAnswer[ 3 ] = { 0xb5, 0xe0, 0x54 };
VOID
@ -255,8 +254,8 @@ SymCryptChaCha20Selftest()
BYTE buf[3];
SYMCRYPT_CHACHA20_STATE state;
SymCryptChaCha20Init( &state,
SymCryptTestKey32, sizeof( SymCryptTestKey32 ),
SymCryptChaCha20Init( &state,
SymCryptTestKey32, sizeof( SymCryptTestKey32 ),
SymCryptTestMsg16, 12,
0 );

4
lib/chacha20_poly1305.c
Просмотреть файл

@ -1,7 +1,7 @@
//
// ChaCha20_Poly1305.c
//
// Copyright (c) Microsoft Corporation.
// Copyright (c) Microsoft Corporation.
//
#include "precomp.h"
@ -58,7 +58,6 @@ SymCryptChaCha20Poly1305ComputeTag(
SymCryptPoly1305Result( pState, pbTag );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL
@ -129,7 +128,6 @@ cleanup:
return status;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL

50
lib/crt.c
Просмотреть файл

@ -6,7 +6,6 @@
#include "precomp.h"
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCrtGenerateForTwoCoprimes(
@ -39,11 +38,11 @@ SymCryptCrtGenerateForTwoCoprimes(
nDigits = SYMCRYPT_MAX( SymCryptModulusDigitsizeOfObject( pmP ), SymCryptModulusDigitsizeOfObject( pmQ ));
SYMCRYPT_ASSERT( cbScratch >= 2*SymCryptSizeofIntFromDigits( nDigits ) +
SYMCRYPT_SCRATCH_BYTES_FOR_EXTENDED_GCD( nDigits ));
// Create two temporary integers
cbInt = SymCryptSizeofIntFromDigits( nDigits );
SYMCRYPT_ASSERT( cbScratch >= 2*cbInt + SYMCRYPT_SCRATCH_BYTES_FOR_EXTENDED_GCD( nDigits ));
piInvSrc1ModSrc2 = SymCryptIntCreate( pbScratch, cbInt, nDigits ); pbScratch += cbInt; cbScratch -= cbInt;
piInvSrc2ModSrc1 = SymCryptIntCreate( pbScratch, cbInt, nDigits ); pbScratch += cbInt; cbScratch -= cbInt;
@ -88,17 +87,15 @@ cleanup:
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCrtGenerateInverses(
UINT32 nCoprimes,
_In_ PCSYMCRYPT_MODULUS * ppmCoprimes,
UINT32 flags,
_Out_ PSYMCRYPT_MODELEMENT * ppeCrtInverses,
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
UINT32 nCoprimes,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODULUS * ppmCoprimes,
UINT32 flags,
_Out_writes_( nCoprimes ) PSYMCRYPT_MODELEMENT * ppeCrtInverses,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
{
SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
@ -123,19 +120,17 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptCrtSolve(
UINT32 nCoprimes,
_In_ PCSYMCRYPT_MODULUS * ppmCoprimes,
_In_ PCSYMCRYPT_MODELEMENT * ppeCrtInverses,
_In_ PCSYMCRYPT_MODELEMENT * ppeCrtRemainders,
UINT32 flags,
_Out_ PSYMCRYPT_INT piSolution,
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
UINT32 nCoprimes,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODULUS * ppmCoprimes,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODELEMENT * ppeCrtInverses,
_In_reads_( nCoprimes ) PCSYMCRYPT_MODELEMENT * ppeCrtRemainders,
UINT32 flags,
_Out_ PSYMCRYPT_INT piSolution,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
{
SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
@ -158,21 +153,20 @@ SymCryptCrtSolve(
nDigitsMax = SYMCRYPT_MAX( SymCryptModulusDigitsizeOfObject( ppmCoprimes[0] ), SymCryptModulusDigitsizeOfObject( ppmCoprimes[1] ) );
SYMCRYPT_ASSERT( cbScratch >= SymCryptSizeofIntFromDigits( nDigitsMax ) +
SymCryptSizeofModElementFromModulus( ppmCoprimes[0] ) +
SymCryptSizeofIntFromDigits( 2*nDigitsMax ) +
cbInt = SymCryptSizeofIntFromDigits( nDigitsMax );
cbModElement = SymCryptSizeofModElementFromModulus( ppmCoprimes[0] );
cbDouble = SymCryptSizeofIntFromDigits( 2*nDigitsMax );
SYMCRYPT_ASSERT( cbScratch >= cbInt + cbModElement + cbDouble +
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigitsMax ),
SYMCRYPT_SCRATCH_BYTES_FOR_INT_MUL( 2*nDigitsMax ) )
);
// Create temporaries
cbInt = SymCryptSizeofIntFromDigits( nDigitsMax );
piTmp = SymCryptIntCreate( pbScratch, cbInt, nDigitsMax ); pbScratch += cbInt; cbScratch -= cbInt;
cbModElement = SymCryptSizeofModElementFromModulus( ppmCoprimes[0] );
peTmp = SymCryptModElementCreate( pbScratch, cbModElement, ppmCoprimes[0] ); pbScratch += cbModElement; cbScratch -= cbModElement;
cbDouble = SymCryptSizeofIntFromDigits( 2*nDigitsMax );
piDouble = SymCryptIntCreate( pbScratch, cbDouble, 2*nDigitsMax ); pbScratch += cbDouble; cbScratch -= cbDouble;
if (nCoprimes == 2)

1
lib/desx.c
Просмотреть файл

@ -26,7 +26,6 @@ const SYMCRYPT_BLOCKCIPHER SymCryptDesxBlockCipher_default = {
const PCSYMCRYPT_BLOCKCIPHER SymCryptDesxBlockCipher = &SymCryptDesxBlockCipher_default;
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDesxExpandKey( _Out_ PSYMCRYPT_DESX_EXPANDED_KEY pExpandedKey,

12
lib/dh.c
Просмотреть файл

@ -84,12 +84,12 @@ Niels, 20190704
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDhSecretAgreement(
_In_ PCSYMCRYPT_DLKEY pkPrivate,
_In_ PCSYMCRYPT_DLKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_ PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret )
_In_ PCSYMCRYPT_DLKEY pkPrivate,
_In_ PCSYMCRYPT_DLKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_writes_( cbAgreedSecret ) PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret )
{
SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

54
lib/dlgroup.c
Просмотреть файл

@ -121,16 +121,12 @@ SymCryptDlgroupCreate(
{
PSYMCRYPT_DLGROUP pDlgroup = NULL;
UINT32 cbModP = 0;
UINT32 cbModQ = 0;
UINT32 cbModElement = 0;
UNREFERENCED_PARAMETER( cbBuffer ); // only referenced in an ASSERT...
// dcl - you have to calculate exactly this about 10 lines below, so why not do it
// here, and have a runtime check?
// I understand the need for perf, but this isn't a gain.
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofDlgroupFromBitsizes( nBitsOfP, nBitsOfQ ) );
UINT32 cbModP;
UINT32 cbModQ;
UINT32 cbModElement;
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofDlgroupFromBitsizes( nBitsOfP, nBitsOfQ ) );
UNREFERENCED_PARAMETER( cbBuffer ); // only referenced in ASSERTs...
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );
// Invalid parameters
@ -148,6 +144,8 @@ SymCryptDlgroupCreate(
pDlgroup = (PSYMCRYPT_DLGROUP) pbBuffer;
SYMCRYPT_ASSERT( cbBuffer > sizeof(SYMCRYPT_DLGROUP) );
// DLGROUP parameters
pDlgroup->cbTotalSize = SymCryptSizeofDlgroupFromBitsizes( nBitsOfP, nBitsOfQ );
pDlgroup->fHasPrimeQ = FALSE;
@ -177,6 +175,7 @@ SymCryptDlgroupCreate(
pbBuffer += sizeof(SYMCRYPT_DLGROUP);
cbModP = SymCryptSizeofModulusFromDigits( pDlgroup->nDigitsOfP );
SYMCRYPT_ASSERT( cbBuffer > sizeof(SYMCRYPT_DLGROUP) + cbModP );
pDlgroup->pmP = SymCryptModulusCreate( pbBuffer, cbModP, pDlgroup->nDigitsOfP );
pbBuffer += cbModP;
@ -193,11 +192,13 @@ SymCryptDlgroupCreate(
{
cbModQ = cbModP;
}
SYMCRYPT_ASSERT( cbBuffer > sizeof(SYMCRYPT_DLGROUP) + cbModP + cbModQ );
pDlgroup->pbQ = pbBuffer; // Set the aligned buffer
pDlgroup->pmQ = NULL;
pbBuffer += cbModQ;
cbModElement = SymCryptSizeofModElementFromModulus( pDlgroup->pmP );
SYMCRYPT_ASSERT( cbBuffer > sizeof(SYMCRYPT_DLGROUP) + cbModP + cbModQ + cbModElement );
pDlgroup->peG = SymCryptModElementCreate( pbBuffer, cbModElement, pDlgroup->pmP );
pbBuffer += cbModElement;
@ -301,6 +302,7 @@ SymCryptDlgroupGeneratePrimeQ_FIPS(
if (pDlgroup->eFipsStandard == SYMCRYPT_DLGROUP_FIPS_186_2)
{
SYMCRYPT_ASSERT( hashAlgorithm == SymCryptSha1Algorithm );
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_MAX(2*cbHash, cbSeed) );
// Hash buffers
pbTrHash = pbScratch;
@ -344,6 +346,7 @@ SymCryptDlgroupGeneratePrimeQ_FIPS(
}
else if (pDlgroup->eFipsStandard == SYMCRYPT_DLGROUP_FIPS_186_3)
{
SYMCRYPT_ASSERT( cbScratch >= cbHash );
pbTrHash = pbScratch;
SymCryptHash( hashAlgorithm, pbSeed, cbSeed, pbTrHash, cbHash );
}
@ -651,7 +654,9 @@ SymCryptDlgroupGenerateGenG_FIPS(
BYTE bIndexGenG = pDlgroup->bIndexGenG;
SIZE_T cbHash = SymCryptHashResultSize( hashAlgorithm );
SYMCRYPT_ASSERT( cbHash == hashAlgorithm->resultSize );
SIZE_T cbState = SymCryptHashStateSize( hashAlgorithm );
SYMCRYPT_ASSERT( cbState == hashAlgorithm->stateSize );
UINT16 count = 0;
BYTE bTmp = 0;
@ -676,16 +681,14 @@ SymCryptDlgroupGenerateGenG_FIPS(
UNREFERENCED_PARAMETER( cbScratch );
UNREFERENCED_PARAMETER( nDigitsOfQ );
SYMCRYPT_ASSERT( cbScratch >= cbExp + SYMCRYPT_MAX(cbRem, cbModElement + cbState + cbHash) +
SYMCRYPT_MAX(SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP( nDigitsOfP ),
SYMCRYPT_MAX(SYMCRYPT_SCRATCH_BYTES_FOR_INT_DIVMOD( nDigitsOfP, nDigitsOfQ ),
SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigitsOfP ) )) );
// Create temporaries
pbScratchInternal = pbScratch;
cbScratchInternal = SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP( nDigitsOfP ),
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_INT_DIVMOD( nDigitsOfP, nDigitsOfQ ),
SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigitsOfP ) ));
SYMCRYPT_ASSERT( cbScratch >= cbScratchInternal + cbExp + cbRem );
SYMCRYPT_ASSERT( cbScratch >= cbScratchInternal + cbExp + cbModElement + cbHash + cbState );
pbScratch += cbScratchInternal;
piExp = SymCryptIntCreate( pbScratch, cbExp, nDigitsOfP );
@ -840,7 +843,6 @@ SymCryptDlgroupScratchSpace_FIPS( UINT32 nBitsOfP, UINT32 nBitsOfQ, PCSYMCRYPT_H
SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigitsOfP ) )) ));
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupGenerate(
@ -1075,7 +1077,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupSetValueSafePrime(
@ -1282,23 +1283,21 @@ SymCryptDlgroupGetSizes(
}
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupAutoCompleteNamedSafePrimeGroup(
_Inout_ PSYMCRYPT_DLGROUP pDlgroup,
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
{
SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
PBYTE pbScratchInternal = pbScratch;
SIZE_T cbScratchInternal = cbScratch;
PBYTE pbScratchInternal;
SIZE_T cbScratchInternal;
UINT32 cbTemp = SymCryptSizeofIntFromDigits( pDlgroup->nDigitsOfP );
PSYMCRYPT_INT piTemp = NULL;
UINT32 i = 0;
UINT32 cbTemp;
UINT32 i;
UINT32 nBitsOfQ;
PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS safePrimeParams = NULL;
@ -1308,10 +1307,13 @@ SymCryptDlgroupAutoCompleteNamedSafePrimeGroup(
goto cleanup; // Not a named safe-prime group
}
cbTemp = SymCryptSizeofIntFromDigits( pDlgroup->nDigitsOfP );
SYMCRYPT_ASSERT( cbScratch >= cbTemp );
// Create an integer piTemp
piTemp = SymCryptIntCreate( pbScratchInternal, cbTemp, pDlgroup->nDigitsOfP );
pbScratchInternal += cbTemp;
cbScratchInternal -= cbTemp;
piTemp = SymCryptIntCreate( pbScratch, cbTemp, pDlgroup->nDigitsOfP );
pbScratchInternal = pbScratch + cbTemp;
cbScratchInternal = cbScratch - cbTemp;
// Set piTemp to the generator G (this will fail if the number cannot fit in the object)
SymCryptModElementToInt( pDlgroup->pmP, pDlgroup->peG, piTemp, pbScratchInternal, cbScratchInternal );
@ -1399,7 +1401,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupSetValue(
@ -1890,7 +1891,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlgroupGetValue(

17
lib/dlkey.c
Просмотреть файл

@ -55,11 +55,11 @@ SymCryptDlkeyCreate(
_In_ PCSYMCRYPT_DLGROUP pDlgroup )
{
PSYMCRYPT_DLKEY pkRes = NULL;
UINT32 cbModElement = 0;
UNREFERENCED_PARAMETER( cbBuffer ); // only referenced in an ASSERT...
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofDlkeyFromDlgroup( pDlgroup ) );
UINT32 cbModElement = SymCryptSizeofModElementFromModulus( pDlgroup->pmP );
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofDlkeyFromDlgroup( pDlgroup ) );
SYMCRYPT_ASSERT( cbBuffer >= sizeof(SYMCRYPT_DLKEY) + cbModElement );
UNREFERENCED_PARAMETER( cbBuffer ); // only referenced in above ASSERTs...
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );
pkRes = (PSYMCRYPT_DLKEY) pbBuffer;
@ -72,7 +72,6 @@ SymCryptDlkeyCreate(
// Create SymCrypt objects
pbBuffer += sizeof(SYMCRYPT_DLKEY);
cbModElement = SymCryptSizeofModElementFromModulus( pDlgroup->pmP );
pkRes->pePublicKey = SymCryptModElementCreate( pbBuffer, cbModElement, pDlgroup->pmP );
if (pkRes->pePublicKey == NULL)
{
@ -174,7 +173,6 @@ SymCryptDlkeyHasPrivateKey( _In_ PCSYMCRYPT_DLKEY pkDlkey )
return pkDlkey->fHasPrivateKey;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlkeyPerformPublicKeyValidation(
@ -189,8 +187,8 @@ SymCryptDlkeyPerformPublicKeyValidation(
PSYMCRYPT_MODELEMENT peTmpPublicKeyExpQ = NULL;
UINT32 cbModElement = SymCryptSizeofModElementFromModulus( pDlgroup->pmP );
SYMCRYPT_ASSERT( cbScratch >= (2 * SymCryptSizeofModElementFromModulus( pDlgroup->pmP )) +
SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP(pDlgroup->nDigitsOfP) )
SYMCRYPT_ASSERT( cbScratch >= (2 * cbModElement) +
SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP(pDlgroup->nDigitsOfP) );
// Check if Public key is 0
if ( SymCryptModElementIsZero( pDlgroup->pmP, pkDlkey->pePublicKey ) )
@ -252,7 +250,6 @@ SymCryptDlkeyPerformPublicKeyValidation(
#define DLKEY_GEN_RANDOM_GENERIC_LIMIT (1000)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlkeyGenerate(
@ -443,7 +440,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlkeySetValue(
@ -682,7 +678,6 @@ cleanup:
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDlkeyGetValue(

4
lib/dsa.c
Просмотреть файл

@ -8,7 +8,6 @@
#include "precomp.h"
// Truncating function according to the FIPS 186-4 standard
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDsaTruncateHash(
@ -53,7 +52,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDsaSignEx(
@ -360,7 +358,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDsaSign(
@ -376,7 +373,6 @@ SymCryptDsaSign(
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptDsaVerify(

12
lib/ec_dh.c
Просмотреть файл

@ -10,12 +10,12 @@
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDhSecretAgreement(
_In_ PCSYMCRYPT_ECKEY pkPrivate,
_In_ PCSYMCRYPT_ECKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_ PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret )
_In_ PCSYMCRYPT_ECKEY pkPrivate,
_In_ PCSYMCRYPT_ECKEY pkPublic,
SYMCRYPT_NUMBER_FORMAT format,
UINT32 flags,
_Out_writes_( cbAgreedSecret ) PBYTE pbAgreedSecret,
SIZE_T cbAgreedSecret )
{
SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

4
lib/ec_dsa.c
Просмотреть файл

@ -79,7 +79,6 @@ integer (MSB_FIRST). See Section 5.5.5 of P1363.
// topmost bits of the hash.
// In the same example as before we would zero out the top 7 bits.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaTruncateHash(
@ -140,7 +139,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaSignEx(
@ -381,7 +379,6 @@ cleanup:
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaSign(
@ -396,7 +393,6 @@ SymCryptEcDsaSign(
return SymCryptEcDsaSignEx( pKey, pbHashValue, cbHashValue, NULL, format, flags, pbSignature, cbSignature );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaVerify(

11
lib/ec_montgomery.c
Просмотреть файл

@ -79,7 +79,7 @@ SymCryptMontgomeryIsEqual(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch)
{
@ -97,6 +97,9 @@ SymCryptMontgomeryIsEqual(
UNREFERENCED_PARAMETER( flags );
nBytes = SymCryptSizeofModElementFromModulus( pmMod );
SYMCRYPT_ASSERT( cbScratch >= 2 * nBytes );
for (UINT32 i = 0; i < 2; ++i)
{
peTemp[i] = SymCryptModElementCreate( pbScratch, nBytes, pmMod );
@ -124,7 +127,7 @@ SYMCRYPT_CALL
SymCryptMontgomeryIsZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -155,7 +158,7 @@ SymCryptMontgomeryDoubleAndAdd(
_Inout_ PSYMCRYPT_MODELEMENT peZ3,
_Inout_ PSYMCRYPT_MODELEMENT peTemp1,
_Inout_ PSYMCRYPT_MODELEMENT peTemp2,
_Out_writes_bytes_(cbScratch) PBYTE pbScratch,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch)
/*
We use the notation of ladd-1987-m-3, this is a generic Montgomery ladder implementation.
@ -297,7 +300,7 @@ SymCryptMontgomeryPointScalarMul(
PCSYMCRYPT_ECPOINT poSrc,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch)
{

96
lib/ec_mul.c
Просмотреть файл

@ -35,7 +35,7 @@ SymCryptPrecomputation(
_In_reads_( SYMCRYPT_ECURVE_SW_MAX_NPRECOMP_POINTS )
PSYMCRYPT_ECPOINT * poPIs,
_Out_ PSYMCRYPT_ECPOINT poQ,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -53,7 +53,7 @@ SymCryptPrecomputation(
VOID
SYMCRYPT_CALL
SymCryptOfflinePrecomputation(
_In_ PSYMCRYPT_ECURVE pCurve,
_In_ PSYMCRYPT_ECURVE pCurve,
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
@ -85,7 +85,6 @@ SymCryptOfflinePrecomputation(
// The following is an adaptation of algorithm 1: "Variable-base scalar multiplication
// using the fixed-window method"
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointScalarMulFixedWindow(
@ -95,7 +94,7 @@ SymCryptEcpointScalarMulFixedWindow(
PCSYMCRYPT_ECPOINT poSrc,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -135,6 +134,9 @@ SymCryptEcpointScalarMulFixedWindow(
PSYMCRYPT_MODELEMENT peQY = NULL;
PSYMCRYPT_MODELEMENT peQZ = NULL;
SIZE_T cbEcpoint = SymCryptSizeofEcpointFromCurve( pCurve );
SIZE_T cbScalar = SymCryptSizeofIntFromDigits( pCurve->GOrdDigits );
// Make sure we only specify the correct flags
if ((flags & ~SYMCRYPT_FLAG_ECC_LL_COFACTOR_MUL) != 0)
{
@ -154,6 +156,13 @@ SymCryptEcpointScalarMulFixedWindow(
SYMCRYPT_ASSERT( SymCryptEcurveIsSame(pCurve, poSrc->pCurve) && SymCryptEcurveIsSame(pCurve, poDst->pCurve) );
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_SCALAR_ECURVE_OPERATIONS(pCurve, 1) );
SYMCRYPT_ASSERT( cbScratch >=
pCurve->cbModElement +
(nPrecompPoints+2)*cbEcpoint +
2*cbScalar +
((2*nRecodedDigits*sizeof(UINT32) + SYMCRYPT_ASYM_ALIGN_VALUE - 1)/SYMCRYPT_ASYM_ALIGN_VALUE )*SYMCRYPT_ASYM_ALIGN_VALUE +
SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_ECURVE_OPERATIONS( pCurve ) );
// Creating temporary modelement
peT = SymCryptModElementCreate( pbScratch, pCurve->cbModElement, FMod );
SYMCRYPT_ASSERT( peT != NULL );
@ -169,34 +178,29 @@ SymCryptEcpointScalarMulFixedWindow(
}
else
{
poPIs[i] = SymCryptEcpointCreate( pbScratch, SymCryptSizeofEcpointFromCurve( pCurve ), pCurve );
poPIs[i] = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poPIs[i] != NULL );
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
}
}
// Creating temporary points
// dcl - there is a pattern of calling a function to get a parameter for SymCryptEcpointCreate
// and then calling it again to increment pbScratch. A nice compiler might optimize this out for
// you. I am not sure you should assume the compiler is always that nice, and a temporary variable
// would be better. Also, if there is some error return, or out of bounds return, that could be checked
// prior to possibly incrementing a pointer into an undefined space.
poQ = SymCryptEcpointCreate( pbScratch, SymCryptSizeofEcpointFromCurve( pCurve ), pCurve );
poQ = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poQ != NULL );
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
poTmp = SymCryptEcpointCreate( pbScratch, SymCryptSizeofEcpointFromCurve( pCurve ), pCurve );
poTmp = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poTmp != NULL );
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
// Creating temporary scalar for the remainder
piRem = SymCryptIntCreate( pbScratch, SymCryptSizeofIntFromDigits( pCurve->GOrdDigits ), pCurve->GOrdDigits );
piRem = SymCryptIntCreate( pbScratch, cbScalar, pCurve->GOrdDigits );
SYMCRYPT_ASSERT( piRem != NULL);
pbScratch += SymCryptSizeofIntFromDigits( pCurve->GOrdDigits );
pbScratch += cbScalar;
piTmp = SymCryptIntCreate( pbScratch, SymCryptSizeofIntFromDigits( pCurve->GOrdDigits ), pCurve->GOrdDigits );
piTmp = SymCryptIntCreate( pbScratch, cbScalar, pCurve->GOrdDigits );
SYMCRYPT_ASSERT( piTmp != NULL);
pbScratch += SymCryptSizeofIntFromDigits( pCurve->GOrdDigits );
pbScratch += cbScalar;
// Fixing pointers to recoded digits (be careful that the remaining space is SYMCRYPT_ASYM_ALIGNed)
absofKIs = (PUINT32) pbScratch;
@ -206,7 +210,7 @@ SymCryptEcpointScalarMulFixedWindow(
pbScratch = (PBYTE) ( ((ULONG_PTR)pbScratch + SYMCRYPT_ASYM_ALIGN_VALUE - 1) & ~(SYMCRYPT_ASYM_ALIGN_VALUE - 1) );
// Fixing remaining scratch space size
cbScratch -= ( pCurve->cbModElement + (nPrecompPoints+2)*SymCryptSizeofEcpointFromCurve( pCurve ) + 2*SymCryptSizeofIntFromDigits( pCurve->GOrdDigits ) );
cbScratch -= ( pCurve->cbModElement + (nPrecompPoints+2)*cbEcpoint + 2*cbScalar );
cbScratch -= (((2*nRecodedDigits*sizeof(UINT32) + SYMCRYPT_ASYM_ALIGN_VALUE - 1)/SYMCRYPT_ASYM_ALIGN_VALUE )*SYMCRYPT_ASYM_ALIGN_VALUE);
//
@ -330,19 +334,17 @@ exit:
// The following is an adaptation of algorithm 9: "Double-scalar multiplication using the
// width-w NAF with interleaving"
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointMultiScalarMulWnafWithInterleaving(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_INT * piSrcScalarArray,
_Inout_ PCSYMCRYPT_ECPOINT * poSrcEcpointArray,
_In_ UINT32 nPoints,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_reads_( nPoints ) PCSYMCRYPT_INT * piSrcScalarArray,
_In_reads_( nPoints ) PCSYMCRYPT_ECPOINT * poSrcEcpointArray,
_In_ UINT32 nPoints,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
{
SYMCRYPT_ERROR scError = SYMCRYPT_MEMORY_ALLOCATION_FAILURE;
@ -370,6 +372,12 @@ SymCryptEcpointMultiScalarMulWnafWithInterleaving(
PUINT32 sigofKIs = NULL;
// ===================================================
SIZE_T cbEcpoint = SymCryptSizeofEcpointFromCurve( pCurve );
SIZE_T cbScalar = SymCryptSizeofIntFromDigits( pCurve->GOrdDigits );
PBYTE pbScratchEnd = pbScratch + cbScratch;
UNREFERENCED_PARAMETER( pbScratchEnd ); // Used in asserts
// Make sure we only specify the correct flags
if ((flags & ~(SYMCRYPT_FLAG_DATA_PUBLIC | SYMCRYPT_FLAG_ECC_LL_COFACTOR_MUL)) != 0)
{
@ -404,7 +412,6 @@ SymCryptEcpointMultiScalarMulWnafWithInterleaving(
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_SCALAR_ECURVE_OPERATIONS(pCurve, nPoints) );
// Creating temporary precomputed points (if needed for the first point)
SYMCRYPT_ASSERT( nPoints*nPrecompPoints <= SYMCRYPT_ECURVE_SW_MAX_NPRECOMP_POINTS );
for (i=0; i<nPoints*nPrecompPoints; i++)
{
if ((i<nPrecompPoints) && bPrecompOffline)
@ -413,29 +420,31 @@ SymCryptEcpointMultiScalarMulWnafWithInterleaving(
}
else
{
poPIs[i] = SymCryptEcpointCreate( pbScratch, SymCryptSizeofEcpointFromCurve( pCurve ), pCurve );
SYMCRYPT_ASSERT( pbScratch + cbEcpoint <= pbScratchEnd );
poPIs[i] = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poPIs[i] != NULL );
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
}
}
SYMCRYPT_ASSERT( pbScratch + 2*cbEcpoint + 2*cbScalar + 2*nPoints*nRecodedDigits*sizeof(UINT32) <= pbScratchEnd );
// Creating temporary points
poQ = SymCryptEcpointCreate( pbScratch, SymCryptSizeofEcpointFromCurve( pCurve ), pCurve );
poQ = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poQ != NULL );
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
poTmp = SymCryptEcpointCreate( pbScratch, SymCryptSizeofEcpointFromCurve( pCurve ), pCurve );
poTmp = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poTmp != NULL );
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
// Creating temporary scalar for the remainder
piRem = SymCryptIntCreate( pbScratch, SymCryptSizeofIntFromDigits( pCurve->GOrdDigits ), pCurve->GOrdDigits );
piRem = SymCryptIntCreate( pbScratch, cbScalar, pCurve->GOrdDigits );
SYMCRYPT_ASSERT( piRem != NULL);
pbScratch += SymCryptSizeofIntFromDigits( pCurve->GOrdDigits );
pbScratch += cbScalar;
piTmp = SymCryptIntCreate( pbScratch, SymCryptSizeofIntFromDigits( pCurve->GOrdDigits ), pCurve->GOrdDigits );
piTmp = SymCryptIntCreate( pbScratch, cbScalar, pCurve->GOrdDigits );
SYMCRYPT_ASSERT( piTmp != NULL);
pbScratch += SymCryptSizeofIntFromDigits( pCurve->GOrdDigits );
pbScratch += cbScalar;
// Fixing pointers to recoded digits (be careful that the remaining space is SYMCRYPT_ASYM_ALIGNed)
absofKIs = (PUINT32) pbScratch;
@ -447,7 +456,7 @@ SymCryptEcpointMultiScalarMulWnafWithInterleaving(
// Fixing remaining scratch space size
// dcl - my guess is that the values here are small enough that there should not be a problem, but
// would be better if that were documented.
cbScratch -= ( (nPoints*nPrecompPoints+2)*SymCryptSizeofEcpointFromCurve( pCurve ) + 2*SymCryptSizeofIntFromDigits( pCurve->GOrdDigits ) );
cbScratch -= ( (nPoints*nPrecompPoints+2)*cbEcpoint + 2*cbScalar );
cbScratch -= (((2*nPoints*nRecodedDigits*sizeof(UINT32) + SYMCRYPT_ASYM_ALIGN_VALUE - 1)/SYMCRYPT_ASYM_ALIGN_VALUE )*SYMCRYPT_ASYM_ALIGN_VALUE);
//
@ -538,13 +547,14 @@ SymCryptEcpointGenericSetRandom(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_INT piScalar,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
PSYMCRYPT_MODELEMENT peScalar = NULL;
SYMCRYPT_ASSERT( SymCryptEcurveIsSame(pCurve, poDst->pCurve) );
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_SCALAR_ECURVE_OPERATIONS(pCurve, 1) );
SYMCRYPT_ASSERT( cbScratch >= pCurve->cbModElement );
peScalar = SymCryptModElementCreate( pbScratch, pCurve->cbModElement, pCurve->GOrd );
SYMCRYPT_ASSERT( peScalar != NULL );

40
lib/ec_short_weierstrass.c
Просмотреть файл

@ -119,7 +119,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassSetZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -154,7 +154,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassSetDistinguished(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -182,7 +182,7 @@ SymCryptShortWeierstrassIsEqual(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
UINT32 flags,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -261,7 +261,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassIsZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -290,7 +290,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassOnCurve(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -382,7 +382,7 @@ SymCryptShortWeierstrassDouble(
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -491,7 +491,7 @@ SymCryptShortWeierstrassAddDiffNonZero(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -583,7 +583,7 @@ SymCryptShortWeierstrassAddSideChannelUnsafe(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -734,7 +734,7 @@ SymCryptShortWeierstrassAdd(
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -746,10 +746,14 @@ SymCryptShortWeierstrassAdd(
PSYMCRYPT_ECPOINT poQ0 = NULL;
PSYMCRYPT_ECPOINT poQ1 = NULL;
SIZE_T cbEcpoint = SymCryptSizeofEcpointFromCurve( pCurve );
SYMCRYPT_ASSERT( pCurve->type == SYMCRYPT_ECURVE_TYPE_SHORT_WEIERSTRASS );
SYMCRYPT_ASSERT( SymCryptEcurveIsSame(pCurve, poSrc1->pCurve) && SymCryptEcurveIsSame(pCurve, poSrc2->pCurve) && SymCryptEcurveIsSame(pCurve, poDst->pCurve) );
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_COMMON_ECURVE_OPERATIONS( pCurve ) ); // We will need the entire scratch space
SYMCRYPT_ASSERT( cbScratch > 2*cbEcpoint );
if ((flags & SYMCRYPT_FLAG_DATA_PUBLIC) != 0)
{
SymCryptShortWeierstrassAddSideChannelUnsafe( pCurve, poSrc1, poSrc2, poDst, pbScratch, cbScratch );
@ -758,22 +762,16 @@ SymCryptShortWeierstrassAdd(
{
// Creating temporary points
poQ0 = SymCryptEcpointCreate(
pbScratch,
SymCryptSizeofEcpointFromCurve( pCurve ),
pCurve );
poQ0 = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poQ0 != NULL);
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
poQ1 = SymCryptEcpointCreate(
pbScratch,
SymCryptSizeofEcpointFromCurve( pCurve ),
pCurve );
poQ1 = SymCryptEcpointCreate( pbScratch, cbEcpoint, pCurve );
SYMCRYPT_ASSERT( poQ1 != NULL);
pbScratch += SymCryptSizeofEcpointFromCurve( pCurve );
pbScratch += cbEcpoint;
// Fixing remaining scratch space size
cbScratch -= 2*SymCryptSizeofEcpointFromCurve( pCurve );
cbScratch -= 2*cbEcpoint;
// Calculate the masks
dSrc1Zero = SymCryptShortWeierstrassIsZero( pCurve, poSrc1, pbScratch, cbScratch );
@ -799,7 +797,7 @@ SymCryptShortWeierstrassNegate(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Inout_ PSYMCRYPT_ECPOINT poSrc,
UINT32 mask,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{

27
lib/ec_twisted_edwards.c
Просмотреть файл

@ -59,7 +59,7 @@ SYMCRYPT_CALL
SymCryptTwistedEdwardsSetDistinguished(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -77,7 +77,7 @@ SYMCRYPT_CALL
SymCryptTwistedEdwardsIsZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch)
{
@ -112,7 +112,7 @@ SYMCRYPT_CALL
SymCryptTwistedEdwardsOnCurve(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch)
{
@ -126,6 +126,8 @@ SymCryptTwistedEdwardsOnCurve(
nBytes = SymCryptSizeofModElementFromModulus( pmMod );
SYMCRYPT_ASSERT( cbScratch >= 4*nBytes );
for (UINT32 i = 0; i < 4; ++i)
{
peTemp[i] = SymCryptModElementCreate( pbScratch, nBytes, pmMod );
@ -194,7 +196,7 @@ SymCryptTwistedEdwardsDouble(
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch)
{
@ -210,6 +212,8 @@ SymCryptTwistedEdwardsDouble(
nBytes = SymCryptSizeofModElementFromModulus( pmMod );
SYMCRYPT_ASSERT( cbScratch >= 8*nBytes );
for (UINT32 i = 0; i < 8; ++i)
{
peTemp[i] = SymCryptModElementCreate( pbScratch, nBytes, pmMod );
@ -311,7 +315,7 @@ SymCryptTwistedEdwardsAdd(
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -327,6 +331,8 @@ SymCryptTwistedEdwardsAdd(
nBytes = SymCryptSizeofModElementFromModulus( pmMod );
SYMCRYPT_ASSERT( cbScratch >= 8*nBytes );
for (UINT32 i = 0; i < 8; ++i)
{
peTemp[i] = SymCryptModElementCreate( pbScratch, nBytes, pmMod );
@ -420,7 +426,7 @@ SymCryptTwistedEdwardsAddDiffNonZero(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_(cbScratch)
PBYTE pbScratch,
SIZE_T cbScratch )
{
@ -442,7 +448,7 @@ SymCryptTwistedEdwardsIsEqual(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_(cbScratch)
PBYTE pbScratch,
SIZE_T cbScratch)
{
@ -460,6 +466,9 @@ SymCryptTwistedEdwardsIsEqual(
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_COMMON_ECURVE_OPERATIONS( pCurve ) );
nBytes = SymCryptSizeofModElementFromModulus( pmMod );
SYMCRYPT_ASSERT( cbScratch >= 2*nBytes );
for (UINT32 i = 0; i < 2; ++i)
{
peTemp[i] = SymCryptModElementCreate( pbScratch, nBytes, pmMod );
@ -507,7 +516,7 @@ SYMCRYPT_CALL
SymCryptTwistedEdwardsSetZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_(cbScratch)
PBYTE pbScratch,
SIZE_T cbScratch)
{
@ -534,7 +543,7 @@ SymCryptTwistedEdwardsNegate(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Inout_ PSYMCRYPT_ECPOINT poSrc,
UINT32 mask,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch )
{

26
lib/eckey.c
Просмотреть файл

@ -63,10 +63,17 @@ SymCryptEckeyCreate(
PSYMCRYPT_ECKEY pkObj = NULL;
UINT32 privateKeyDigits = SymCryptEcurveDigitsofScalarMultiplier(pCurve);
UNREFERENCED_PARAMETER( cbBuffer ); // only referenced in an ASSERT...
SIZE_T cbPublicKey = SymCryptSizeofEcpointFromCurve( pCurve );
SIZE_T cbPrivateKey = SymCryptSizeofIntFromDigits( privateKeyDigits );
UNREFERENCED_PARAMETER( cbBuffer ); // only referenced in ASSERTs...
SYMCRYPT_ASSERT( pCurve != NULL );
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofEckeyFromCurve( pCurve ) );
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofEckeyFromCurve( pCurve ) );
SYMCRYPT_ASSERT( cbBuffer >= sizeof(SYMCRYPT_ECKEY) +
cbPublicKey +
cbPrivateKey );
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );
@ -77,13 +84,13 @@ SymCryptEckeyCreate(
pkObj->poPublicKey = SymCryptEcpointCreate(
pbBuffer + sizeof(SYMCRYPT_ECKEY),
SymCryptSizeofEcpointFromCurve( pCurve ),
cbPublicKey,
pCurve );
SYMCRYPT_ASSERT( pkObj->poPublicKey != NULL );
pkObj->piPrivateKey = SymCryptIntCreate(
pbBuffer + sizeof(SYMCRYPT_ECKEY) + SymCryptSizeofEcpointFromCurve( pCurve ),
SymCryptSizeofIntFromDigits( privateKeyDigits ),
pbBuffer + sizeof(SYMCRYPT_ECKEY) + cbPublicKey,
cbPrivateKey,
privateKeyDigits );
SYMCRYPT_ASSERT( pkObj->piPrivateKey );
@ -153,7 +160,6 @@ SymCryptEckeyHasPrivateKey( _In_ PCSYMCRYPT_ECKEY pkEckey )
return pkEckey->hasPrivateKey;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEckeyPerformPublicKeyValidation(
@ -167,11 +173,13 @@ SymCryptEckeyPerformPublicKeyValidation(
PCSYMCRYPT_ECURVE pCurve = pEckey->pCurve;
PSYMCRYPT_ECPOINT poNPub = NULL;
UINT32 cbNPub = 0;
UINT32 cbNPub = SymCryptSizeofEcpointFromCurve( pCurve );
// This is an excessive amount of space to require, but all callers can currently provide it, and it's easy to phrase
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_INTERNAL_SCRATCH_BYTES_FOR_ECKEY_ECURVE_OPERATIONS( pCurve ) );
SYMCRYPT_ASSERT( cbScratch >= cbNPub );
// Check if Public key is O
if ( SymCryptEcpointIsZero( pCurve, pEckey->poPublicKey, pbScratch, cbScratch ) )
{
@ -203,7 +211,6 @@ SymCryptEckeyPerformPublicKeyValidation(
else
{
// Ensure GOrd*(Public key) == O
cbNPub = SymCryptSizeofEcpointFromCurve( pCurve );
poNPub = SymCryptEcpointCreate( pbScratch, cbNPub, pCurve );
pbScratch += cbNPub;
cbScratch -= cbNPub;
@ -234,7 +241,6 @@ SymCryptEckeyPerformPublicKeyValidation(
return SYMCRYPT_NO_ERROR;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEckeySetValue(
@ -530,7 +536,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEckeyGetValue(
@ -672,7 +677,6 @@ cleanup:
#define SYMCRYPT_ECPOINT_SET_RANDOM_MAX_TRIES (1000)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEckeySetRandom(

31
lib/ecpoint.c
Просмотреть файл

@ -20,7 +20,7 @@ SymCryptSizeofEcpointEx(
UINT32 cbModElement,
UINT32 numOfCoordinates )
{
if ( numOfCoordinates > SYMCRYPT_ECPOINT_FORMAT_MAX_LENGTH )
if ( numOfCoordinates > SYMCRYPT_ECPOINT_FORMAT_MAX_LENGTH )
{
SymCryptFatal( 'ecp4' );
}
@ -83,18 +83,17 @@ SymCryptEcpointCreateEx(
PSYMCRYPT_ECPOINT poPoint = NULL;
PSYMCRYPT_MODELEMENT pmTmp = NULL;
UINT32 cbModElement = 0;
UINT32 cbModElement = pCurve->cbModElement;
UNREFERENCED_PARAMETER( cbBuffer ); // only referenced in an ASSERT...
PBYTE pbBufferEnd = pbBuffer + cbBuffer;
UNREFERENCED_PARAMETER( pbBufferEnd ); // only referenced in an ASSERT...
SYMCRYPT_ASSERT( pCurve->FMod != 0 );
SYMCRYPT_ASSERT( pCurve->cbModElement != 0 );
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofEcpointEx( pCurve->cbModElement, numOfCoordinates ) );
SYMCRYPT_ASSERT( cbBuffer >= SymCryptSizeofEcpointEx( pCurve->cbModElement, numOfCoordinates ) );
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );
cbModElement = pCurve->cbModElement;
poPoint = (PSYMCRYPT_ECPOINT) pbBuffer;
pbBuffer += sizeof(SYMCRYPT_ECPOINT);
@ -102,6 +101,7 @@ SymCryptEcpointCreateEx(
// Setting the point coordinates
for (UINT32 i=0; i<numOfCoordinates; i++)
{
SYMCRYPT_ASSERT( pbBuffer + cbModElement <= pbBufferEnd );
pmTmp = SymCryptModElementCreate( pbBuffer, cbModElement, pCurve->FMod );
if ( pmTmp == NULL )
{
@ -129,7 +129,7 @@ SYMCRYPT_CALL
SymCryptEcpointCreate(
_Out_writes_bytes_( cbBuffer ) PBYTE pbBuffer,
SIZE_T cbBuffer,
PCSYMCRYPT_ECURVE pCurve )
_In_ PCSYMCRYPT_ECURVE pCurve )
{
SYMCRYPT_ASSERT( pCurve->eCoordinates != 0 );
@ -203,7 +203,6 @@ SymCryptEcpointMaskedCopy(
// format of the curve. If setValue = FALSE the roles are reversed.
// This function is only called by the Get / Set Value functions.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointTransform(
@ -588,7 +587,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointSetValue(
@ -627,7 +625,7 @@ SymCryptEcpointSetValue(
cbSrc = cbSrc / SymCryptEcpointFormatNumberofElements[ eformat ];
cbTemp = SymCryptSizeofIntFromDigits( publicKeyDigits );
SYMCRYPT_ASSERT( cbTemp < cbScratch );
SYMCRYPT_ASSERT( cbScratch > cbTemp );
piTemp = SymCryptIntCreate( pbScratch, cbTemp, publicKeyDigits );
@ -649,6 +647,7 @@ SymCryptEcpointSetValue(
// Create the large point
cbLarge = SymCryptSizeofEcpointEx( pCurve->cbModElement, SYMCRYPT_ECPOINT_FORMAT_MAX_LENGTH );
SYMCRYPT_ASSERT( cbScratch > cbLarge );
poLarge = SymCryptEcpointCreateEx( pbScratch, cbLarge, pCurve, SYMCRYPT_ECPOINT_FORMAT_MAX_LENGTH );
if ( poLarge == NULL )
{
@ -688,7 +687,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointGetValue(
@ -706,6 +704,7 @@ SymCryptEcpointGetValue(
PSYMCRYPT_MODELEMENT peTmp = NULL; // Temporary MODELEMENT handle
PSYMCRYPT_ECPOINT poLarge = NULL; // ECPOINT with the largest format available
UINT32 cbLarge = 0;
SIZE_T cbDstElem;
SYMCRYPT_ASSERT( (flags & ~SYMCRYPT_FLAG_DATA_PUBLIC) == 0 );
SYMCRYPT_ASSERT( pCurve->FMod != 0 );
@ -720,10 +719,12 @@ SymCryptEcpointGetValue(
scError = SYMCRYPT_BUFFER_TOO_SMALL;
goto cleanup;
}
cbDst = cbDst / SymCryptEcpointFormatNumberofElements[ eformat ];
SYMCRYPT_ASSERT( SymCryptEcpointFormatNumberofElements[ eformat ] > 0 );
cbDstElem = cbDst / SymCryptEcpointFormatNumberofElements[ eformat ];
// Create the big point
cbLarge = SymCryptSizeofEcpointEx( pCurve->cbModElement, SYMCRYPT_ECPOINT_FORMAT_MAX_LENGTH );
SYMCRYPT_ASSERT( cbScratch > cbLarge );
poLarge = SymCryptEcpointCreateEx( pbScratch, cbLarge, pCurve, SYMCRYPT_ECPOINT_FORMAT_MAX_LENGTH );
if ( poLarge == NULL )
{
@ -741,6 +742,7 @@ SymCryptEcpointGetValue(
// Getting the point coordinates into the destination buffer
for (UINT32 i=0; i<SymCryptEcpointFormatNumberofElements[eformat]; i++)
{
SYMCRYPT_ASSERT( cbDst >= cbDstElem );
peTmp = (PSYMCRYPT_MODELEMENT)( (PBYTE)poLarge + SYMCRYPT_INTERNAL_ECPOINT_COORDINATE_OFFSET( pCurve, i ) );
if ( peTmp == NULL )
{
@ -752,7 +754,7 @@ SymCryptEcpointGetValue(
pCurve->FMod,
peTmp,
pbDst,
cbDst,
cbDstElem,
nformat,
pbScratch + cbLarge,
cbScratch - cbLarge );
@ -760,7 +762,8 @@ SymCryptEcpointGetValue(
{
goto cleanup;
}
pbDst += cbDst;
pbDst += cbDstElem;
cbDst -= cbDstElem;
}
cleanup:

24
lib/fdef369_mod.c
Просмотреть файл

@ -41,11 +41,12 @@ SymCryptFdef369ModAddGeneric(
UINT32 nDigits = pmMod->nDigits;
SymCryptFdefClaimScratch( pbScratch, cbScratch, SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( cbScratch >= nDigits*SYMCRYPT_FDEF_DIGIT_SIZE );
//
// Doing add/cmp/sub might be faster or not.
// Masked add is hard because the mask operations destroy the carry flag.
//
//
// dcl - cleanup?
// c = SymCryptFdefRawAdd( &pSrc1->uint32[0], &pSrc2->uint32[0], &pDst->uint32[0], nDigits);
// d = SymCryptFdefRawSub( &pDst->uint32[0], &pMod->Divisor.Int.uint32[0], &pDst->uint32[0], nDigits );
@ -55,7 +56,7 @@ SymCryptFdef369ModAddGeneric(
d = SymCryptFdef369RawSubAsm( &peDst->d.uint32[0], SYMCRYPT_FDEF_INT_PUINT32( &pmMod->Divisor.Int ), (PUINT32) pbScratch, nDigits );
SymCryptFdef369MaskedCopyAsm( pbScratch, (PBYTE) &peDst->d.uint32[0], nDigits, (c^d) - 1 );
// We can't have a carry in the first addition, and no carry in the subtraction.
// We can't have a carry in the first addition, and no carry in the subtraction.
SYMCRYPT_ASSERT( !( c == 1 && d == 0 ) );
}
@ -75,6 +76,7 @@ SymCryptFdef369ModSubGeneric(
UINT32 nDigits = pmMod->nDigits;
SymCryptFdefClaimScratch( pbScratch, cbScratch, SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( cbScratch >= nDigits*SYMCRYPT_FDEF_DIGIT_SIZE );
c = SymCryptFdef369RawSubAsm( &peSrc1->d.uint32[0], &peSrc2->d.uint32[0], &peDst->d.uint32[0], nDigits );
d = SymCryptFdef369RawAddAsm( &peDst->d.uint32[0], SYMCRYPT_FDEF_INT_PUINT32( &pmMod->Divisor.Int ), (PUINT32) pbScratch, nDigits );
@ -93,8 +95,8 @@ SymCryptFdef369ModulusInitMontgomery(
SymCryptFdefModulusInitMontgomeryInternal( pmMod, SYMCRYPT_FDEF369_DIGITS_TO_NUINT32( pmMod->nDigits ), pbScratch, cbScratch );
}
VOID
SYMCRYPT_CALL
VOID
SYMCRYPT_CALL
SymCryptFdef369ModMulMontgomery(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT peSrc1,
@ -107,13 +109,14 @@ SymCryptFdef369ModMulMontgomery(
PUINT32 pTmp = (PUINT32) pbScratch;
UNREFERENCED_PARAMETER( cbScratch );
SYMCRYPT_ASSERT( cbScratch >= nDigits * 2 * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdef369RawMul( &peSrc1->d.uint32[0], nDigits, &peSrc2->d.uint32[0], nDigits, pTmp );
SymCryptFdef369MontgomeryReduce( pmMod, pTmp, &peDst->d.uint32[0] );
}
VOID
SYMCRYPT_CALL
VOID
SYMCRYPT_CALL
SymCryptFdef369ModSquareMontgomery(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT peSrc,
@ -124,8 +127,8 @@ SymCryptFdef369ModSquareMontgomery(
SymCryptFdef369ModMulMontgomery( pmMod, peSrc, peSrc, peDst, pbScratch, cbScratch );
}
VOID
SYMCRYPT_CALL
VOID
SYMCRYPT_CALL
SymCryptFdef369ModSetPostMontgomery(
_In_ PCSYMCRYPT_MODULUS pmMod,
_Inout_ PSYMCRYPT_MODELEMENT peObj,
@ -175,7 +178,7 @@ SymCryptFdef369ModPreGetMontgomery(
VOID
SymCryptFdef369MontgomeryReduce(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PUINT32 pSrc,
_Inout_ PUINT32 pSrc,
_Out_ PUINT32 pDst )
{
SymCryptFdef369MontgomeryReduceAsm( pmMod, pSrc, pDst );
@ -194,7 +197,7 @@ SymCryptFdef369RawMul(
}
SYMCRYPT_ERROR
SYMCRYPT_CALL
SYMCRYPT_CALL
SymCryptFdef369ModInvMontgomery(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT peSrc,
@ -209,6 +212,7 @@ SymCryptFdef369ModInvMontgomery(
PUINT32 pTmp = (PUINT32) pbScratch;
SYMCRYPT_ASSERT_ASYM_ALIGNED( pTmp );
SYMCRYPT_ASSERT( cbScratch >= 2 * nBytes );
//
// We have R*X; we first apply the montgomery reduction twice to get X/R, and then invert that

14
lib/fdef_general.c
Просмотреть файл

@ -209,6 +209,8 @@ SymCryptFdefIntCreate(
{
SymCryptFatal( 'intc' );
}
SYMCRYPT_ASSERT( cb >= sizeof(SYMCRYPT_INT) );
SYMCRYPT_ASSERT( cbBuffer >= cb );
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );
pInt = (PSYMCRYPT_INT) pbBuffer;
@ -614,7 +616,7 @@ SYMCRYPT_CALL
SymCryptFdefRawGetValue(
_In_reads_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32) PCUINT32 pSrc,
UINT32 nDigits,
_Out_writes_bytes_(cbBytes) PBYTE pbDst,
_Out_writes_bytes_(cbDst) PBYTE pbDst,
SIZE_T cbDst,
SYMCRYPT_NUMBER_FORMAT format )
{
@ -689,7 +691,7 @@ SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptFdefIntGetValue(
_In_ PCSYMCRYPT_INT piSrc,
_Out_writes_bytes_( cbBytes)PBYTE pbDst,
_Out_writes_bytes_(cbDst) PBYTE pbDst,
SIZE_T cbDst,
SYMCRYPT_NUMBER_FORMAT format )
{
@ -723,9 +725,9 @@ SymCryptFdefIntGetValueLsbits64( _In_ PCSYMCRYPT_INT piSrc )
UINT32
SYMCRYPT_CALL
SymCryptFdefRawIsEqualUint32(
_In_ PCUINT32 pSrc1,
UINT32 nDigits,
_In_ UINT32 u32Src2 )
_In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PCUINT32 pSrc1,
UINT32 nDigits,
_In_ UINT32 u32Src2 )
{
UINT32 d;
UINT32 nWords = nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32;
@ -838,6 +840,8 @@ SymCryptFdefDivisorCreate(
{
SymCryptFatal( 'divc' );
}
SYMCRYPT_ASSERT( cb >= sizeof(SYMCRYPT_DIVISOR) );
SYMCRYPT_ASSERT( cbBuffer >= cb );
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );

7
lib/fdef_int.c
Просмотреть файл

@ -850,7 +850,7 @@ SYMCRYPT_CALL
SymCryptFdefRawSquare(
_In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PCUINT32 pSrc,
UINT32 nDigits,
_Out_writes_(2*nDigits1*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32 pDst )
_Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32 pDst )
{
#if SYMCRYPT_CPU_AMD64
if( SYMCRYPT_CPU_FEATURES_PRESENT( SYMCRYPT_CPU_FEATURES_FOR_MULX ) )
@ -984,8 +984,8 @@ SymCryptFdefIntToDivisor(
UINT32
SYMCRYPT_CALL
SymCryptFdefRawMultSubUint32(
_Inout_updates_( nUInt32 + 1 ) PUINT32 pAcc,
_In_reads_(nUInt32) PCUINT32 pSrc1,
_Inout_updates_( nUint32 + 1 ) PUINT32 pAcc,
_In_reads_( nUint32 ) PCUINT32 pSrc1,
UINT32 Src2,
UINT32 nUint32 )
{
@ -1124,6 +1124,7 @@ SymCryptFdefRawDivMod(
if( pRemainder != NULL )
{
SYMCRYPT_ASSERT( remainderWords >= nWords );
memcpy( pRemainder, pNum, nWords * sizeof( UINT32 ) );
SymCryptWipe( &pRemainder[nWords], (remainderWords - nWords) * sizeof( UINT32 ) ); // clear the rest of the remainder words
}

52
lib/fdef_mod.c
Просмотреть файл

@ -69,6 +69,8 @@ SymCryptFdefModulusCreate(
{
SymCryptFatal( 'modc' );
}
SYMCRYPT_ASSERT( cb >= sizeof(SYMCRYPT_MODULUS) );
SYMCRYPT_ASSERT( cbBuffer >= cb );
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );
@ -198,6 +200,7 @@ SymCryptFdefModElementCreate(
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbBuffer );
SYMCRYPT_ASSERT( cbBuffer >= SymCryptFdefSizeofModElementFromModulus( pmMod ) );
SYMCRYPT_ASSERT( cbBuffer >= pmMod->nDigits*SYMCRYPT_FDEF_DIGIT_SIZE );
//
// We have various optimizations where we use only part of the last digit
@ -382,7 +385,8 @@ VOID
SYMCRYPT_CALL
SymCryptFdefModElementToIntGeneric(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCUINT32 pSrc,
_In_reads_bytes_( pmMod->nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )
PCUINT32 pSrc,
_Out_ PSYMCRYPT_INT piDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
@ -512,6 +516,7 @@ SymCryptFdefModAddGeneric(
UINT32 nDigits = pmMod->nDigits;
SymCryptFdefClaimScratch( pbScratch, cbScratch, SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( cbScratch >= nDigits*SYMCRYPT_FDEF_DIGIT_SIZE );
//
// Doing add/cmp/sub might be faster or not.
@ -547,6 +552,7 @@ SymCryptFdefModSubGeneric(
UINT32 nDigits = pmMod->nDigits;
SymCryptFdefClaimScratch( pbScratch, cbScratch, SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( cbScratch >= nDigits*SYMCRYPT_FDEF_DIGIT_SIZE );
c = SymCryptFdefRawSub( &peSrc1->d.uint32[0], &peSrc2->d.uint32[0], &peDst->d.uint32[0], nDigits );
d = SymCryptFdefRawAdd( &peDst->d.uint32[0], SYMCRYPT_FDEF_INT_PUINT32( &pmMod->Divisor.Int ), (PUINT32) pbScratch, nDigits );
@ -817,6 +823,7 @@ SymCryptFdefModMulGeneric(
UINT32 scratchOffset = 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE;
SymCryptFdefClaimScratch( pbScratch, cbScratch, SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) >= scratchOffset + SYMCRYPT_FDEF_SCRATCH_BYTES_FOR_INT_DIVMOD( 2 * nDigits, nDigits ) );
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbScratch );
@ -841,6 +848,7 @@ SymCryptFdefModSquareGeneric(
UINT32 scratchOffset = 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE;
SymCryptFdefClaimScratch( pbScratch, cbScratch, SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) );
SYMCRYPT_ASSERT( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( nDigits ) >= scratchOffset + SYMCRYPT_FDEF_SCRATCH_BYTES_FOR_INT_DIVMOD( 2 * nDigits, nDigits ) );
SYMCRYPT_ASSERT_ASYM_ALIGNED( pbScratch );
@ -1069,6 +1077,7 @@ SymCryptFdefModulusInitMontgomeryInternal(
pR2 = (PUINT32) pbScratch;
cbR2 = (2*nDigits + 1) * SYMCRYPT_FDEF_DIGIT_SIZE;
SYMCRYPT_ASSERT( cbScratch >= cbR2 );
SYMCRYPT_ASSERT( cbScratch >= 2 * nUint32Used * sizeof(UINT32) );
// Set it to R^2
SymCryptWipe( pR2, cbR2 );
@ -1090,9 +1099,9 @@ SymCryptFdefModulusInitMontgomery(
VOID
SymCryptFdefMontgomeryReduceC(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PUINT32 pSrc,
_Out_ PUINT32 pDst )
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_reads_( 2 * pmMod->nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32 ) PUINT32 pSrc,
_Out_writes_( pmMod->nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32 ) PUINT32 pDst )
{
UINT32 nDigits = pmMod->nDigits;
UINT32 nWords = nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32;
@ -1129,9 +1138,9 @@ SymCryptFdefMontgomeryReduceC(
VOID
SymCryptFdefMontgomeryReduce(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PUINT32 pSrc,
_Out_ PUINT32 pDst )
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_reads_( pmMod->nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32 ) PUINT32 pSrc,
_Out_writes_( pmMod->nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32 ) PUINT32 pDst )
{
#if SYMCRYPT_CPU_AMD64
if( SYMCRYPT_CPU_FEATURES_PRESENT( SYMCRYPT_CPU_FEATURES_FOR_MULX ) )
@ -1218,6 +1227,7 @@ SymCryptFdefModMulMontgomery(
// dcl - missing assert?
UNREFERENCED_PARAMETER( cbScratch );
SYMCRYPT_ASSERT( cbScratch >= 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdefRawMul( &peSrc1->d.uint32[0], nDigits, &peSrc2->d.uint32[0], nDigits, pTmp );
SymCryptFdefMontgomeryReduce( pmMod, pTmp, &peDst->d.uint32[0] );
@ -1238,6 +1248,7 @@ SymCryptFdefModMulMontgomeryMulx(
PUINT32 pTmp = (PUINT32) pbScratch;
UNREFERENCED_PARAMETER( cbScratch );
SYMCRYPT_ASSERT( cbScratch >= 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdefRawMulMulx( &peSrc1->d.uint32[0], nDigits, &peSrc2->d.uint32[0], nDigits, pTmp );
SymCryptFdefMontgomeryReduceMulx( pmMod, pTmp, &peDst->d.uint32[0] );
@ -1257,6 +1268,7 @@ SymCryptFdefModMulMontgomeryMulx1024(
PUINT32 pTmp = (PUINT32) pbScratch;
UNREFERENCED_PARAMETER( cbScratch );
SYMCRYPT_ASSERT( cbScratch >= 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdefRawMulMulx1024( &peSrc1->d.uint32[0], &peSrc2->d.uint32[0], nDigits, pTmp );
SymCryptFdefMontgomeryReduceMulx1024( pmMod, pTmp, &peDst->d.uint32[0] );
@ -1277,6 +1289,7 @@ SymCryptFdefModSquareMontgomery(
PUINT32 pTmp = (PUINT32) pbScratch;
UNREFERENCED_PARAMETER( cbScratch );
SYMCRYPT_ASSERT( cbScratch >= 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdefRawSquare( &peSrc->d.uint32[0], nDigits, pTmp );
SymCryptFdefMontgomeryReduce( pmMod, pTmp, &peDst->d.uint32[0] );
@ -1297,6 +1310,7 @@ SymCryptFdefModSquareMontgomeryMulx(
PUINT32 pTmp = (PUINT32) pbScratch;
UNREFERENCED_PARAMETER( cbScratch );
SYMCRYPT_ASSERT( cbScratch >= 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdefRawSquareMulx( &peSrc->d.uint32[0], nDigits, pTmp );
SymCryptFdefMontgomeryReduceMulx( pmMod, pTmp, &peDst->d.uint32[0] );
@ -1315,6 +1329,7 @@ SymCryptFdefModSquareMontgomeryMulx1024(
PUINT32 pTmp = (PUINT32) pbScratch;
UNREFERENCED_PARAMETER( cbScratch );
SYMCRYPT_ASSERT( cbScratch >= 2 * nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdefRawSquareMulx1024( &peSrc->d.uint32[0], nDigits, pTmp );
SymCryptFdefMontgomeryReduceMulx1024( pmMod, pTmp, &peDst->d.uint32[0] );
@ -1421,7 +1436,6 @@ SymCryptFdefModSetPostMontgomery256(
// This function converts to the internal representation by multiplying by R^2 mod M and then performing a Montgomery reduction
UINT32 nDigits = pmMod->nDigits;
// dcl - consider runtime check?
SYMCRYPT_ASSERT( cbScratch >= nDigits * 2 * SYMCRYPT_FDEF_DIGIT_SIZE );
UNREFERENCED_PARAMETER( cbScratch );
UNREFERENCED_PARAMETER( nDigits );
@ -1440,17 +1454,21 @@ SymCryptFdefModPreGetMontgomery256(
PUINT32 pTmp = (PUINT32) pbScratch;
UINT32 nDigits = 1;
// dcl - consider runtime check?
SYMCRYPT_ASSERT( cbScratch >= nDigits * 2 * SYMCRYPT_FDEF_DIGIT_SIZE );
SYMCRYPT_ASSERT( cbScratch >= nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
UNREFERENCED_PARAMETER( cbScratch );
memcpy( pTmp, &peObj->d.uint32[0], nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptWipe( pTmp + nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32, nDigits * SYMCRYPT_FDEF_DIGIT_SIZE );
SymCryptFdefMontgomeryReduce256Asm( pmMod, pTmp, pTmp );
// This gives the right result, but it isn't the size that is expected
// on AMD64 when digits are 512 bits. Wipe the extra bytes
SymCryptWipeKnownSize( pTmp + 32, 32 );
// This gives the right result, but relies on peObj having zeroed upper half
// on AMD64 when digits are 512 bits. This should be true - check in a CHKed build.
for( UINT32 i=8; i<16; ++i )
{
SYMCRYPT_ASSERT( pTmp[i] == 0 );
}
// Wipe the extra bytes
// SymCryptWipeKnownSize( pTmp + (SYMCRYPT_FDEF_DIGIT_NUINT32 / 2), 32 );
return pTmp;
}
@ -1482,7 +1500,7 @@ SymCryptFdefModMulMontgomery512(
UINT32 nDigits = pmMod->nDigits;
PUINT32 pTmp = (PUINT32) pbScratch;
// dcl - missing assert?
SYMCRYPT_ASSERT( cbScratch >= nDigits * 2 * SYMCRYPT_FDEF_DIGIT_SIZE );
UNREFERENCED_PARAMETER( cbScratch );
SymCryptFdefRawMul512Asm( &peSrc1->d.uint32[0], &peSrc2->d.uint32[0], nDigits, pTmp );
@ -1501,6 +1519,7 @@ SymCryptFdefModSquareMontgomery512(
UINT32 nDigits = pmMod->nDigits;
PUINT32 pTmp = (PUINT32) pbScratch;
SYMCRYPT_ASSERT( cbScratch >= nDigits * 2 * SYMCRYPT_FDEF_DIGIT_SIZE );
UNREFERENCED_PARAMETER( cbScratch );
SymCryptFdefRawSquare512Asm( &peSrc->d.uint32[0], nDigits, pTmp );
@ -1524,7 +1543,7 @@ SymCryptFdefModMulMontgomery1024(
UINT32 nDigits = pmMod->nDigits;
PUINT32 pTmp = (PUINT32) pbScratch;
// dcl - missing assert?
SYMCRYPT_ASSERT( cbScratch >= nDigits * 2 * SYMCRYPT_FDEF_DIGIT_SIZE );
UNREFERENCED_PARAMETER( cbScratch );
SymCryptFdefRawMul1024Asm( &peSrc1->d.uint32[0], &peSrc2->d.uint32[0], nDigits, pTmp );
@ -1543,6 +1562,7 @@ SymCryptFdefModSquareMontgomery1024(
UINT32 nDigits = pmMod->nDigits;
PUINT32 pTmp = (PUINT32) pbScratch;
SYMCRYPT_ASSERT( cbScratch >= nDigits * 2 * SYMCRYPT_FDEF_DIGIT_SIZE );
UNREFERENCED_PARAMETER( cbScratch );
SymCryptFdefRawSquare1024Asm( &peSrc->d.uint32[0], nDigits, pTmp );

33
lib/fips_selftest.c
Просмотреть файл

@ -29,8 +29,7 @@ typedef struct _SYMCRYPT_SELFTEST_DLGROUP_2048
typedef struct _SYMCRYPT_SELFTEST_ECKEY_P256
{
BYTE Qx[32];
BYTE Qy[32];
BYTE Qxy[64]; // 32B of Qx followed by 32B of Qy
BYTE d[32];
} SYMCRYPT_SELFTEST_ECKEY_P256;
@ -333,15 +332,14 @@ const SYMCRYPT_SELFTEST_DLKEY_2048 dsaKey =
const SYMCRYPT_SELFTEST_ECKEY_P256 eckey1 =
{
// Qx
// Qxy
{
//Qx
0xdd, 0xd5, 0x15, 0x20, 0x43, 0x8d, 0x41, 0xa9,
0x18, 0xcf, 0x62, 0xc2, 0x13, 0xf7, 0xed, 0xb2,
0xf9, 0x8f, 0x02, 0xa3, 0x78, 0x30, 0x7e, 0x22,
0x8f, 0xc1, 0x44, 0xbe, 0xde, 0xc6, 0x65, 0x91
},
//Qy
{
0x8f, 0xc1, 0x44, 0xbe, 0xde, 0xc6, 0x65, 0x91,
//Qy
0x72, 0xad, 0x17, 0xad, 0x51, 0x8c, 0xd3, 0x60,
0x0f, 0x54, 0xc0, 0xf4, 0xc3, 0x22, 0x5b, 0x44,
0xab, 0xad, 0x28, 0xb5, 0x56, 0x8e, 0x78, 0x0a,
@ -358,15 +356,14 @@ const SYMCRYPT_SELFTEST_ECKEY_P256 eckey1 =
const SYMCRYPT_SELFTEST_ECKEY_P256 eckey2 =
{
//Qx
// Qxy
{
//Qx
0x21, 0xf2, 0xf7, 0x08, 0x8c, 0x71, 0x59, 0xa7,
0x0c, 0xe1, 0xb9, 0x1a, 0xe0, 0xed, 0x69, 0xbe,
0x44, 0xeb, 0xa3, 0x51, 0xfd, 0x32, 0x4a, 0x90,
0xdc, 0xde, 0xa4, 0x10, 0xe4, 0x44, 0x69, 0x29
},
//Qy
{
0xdc, 0xde, 0xa4, 0x10, 0xe4, 0x44, 0x69, 0x29,
//Qy
0x74, 0xd0, 0xc6, 0xbd, 0xe5, 0x13, 0x68, 0x07,
0x9f, 0x40, 0x5e, 0xbf, 0x9e, 0x61, 0x7c, 0x3f,
0xc8, 0x16, 0xe2, 0xd5, 0x0e, 0xf8, 0x09, 0x15,
@ -583,8 +580,8 @@ SymCryptEcDhSecretAgreementSelftest( )
scError = SymCryptEckeySetValue(
eckey1.d,
sizeof(eckey1.d),
eckey1.Qx,
sizeof(eckey1.Qx) + sizeof(eckey1.Qy),
eckey1.Qxy,
sizeof(eckey1.Qxy),
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
SYMCRYPT_FLAG_KEY_RANGE_AND_PUBLIC_KEY_ORDER_VALIDATION |
@ -599,8 +596,8 @@ SymCryptEcDhSecretAgreementSelftest( )
scError = SymCryptEckeySetValue(
eckey2.d,
sizeof(eckey2.d),
eckey2.Qx,
sizeof(eckey2.Qx) + sizeof(eckey2.Qy),
eckey2.Qxy,
sizeof(eckey2.Qxy),
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
SYMCRYPT_FLAG_KEY_RANGE_AND_PUBLIC_KEY_ORDER_VALIDATION |
@ -717,8 +714,8 @@ SymCryptEcDsaSelftest( )
scError = SymCryptEckeySetValue(
eckey1.d,
sizeof(eckey1.d),
eckey1.Qx,
sizeof(eckey1.Qx) + sizeof(eckey1.Qy),
eckey1.Qxy,
sizeof(eckey1.Qxy),
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
SYMCRYPT_ECPOINT_FORMAT_XY,
SYMCRYPT_FLAG_KEY_RANGE_AND_PUBLIC_KEY_ORDER_VALIDATION |

8
lib/gcm.c
Просмотреть файл

@ -11,7 +11,6 @@
#define GCM_MAX_TAG_SIZE (16)
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptGcmValidateParameters(
@ -271,7 +270,6 @@ SymCryptGcmComputeTag(
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL
@ -433,6 +431,7 @@ SymCryptGcmEncryptPart(
// Use optimized implementation if available
//
(*pState->pKey->pBlockCipher->gcmEncryptPartFunc) ( pState, pbSrc, pbDst, cbData );
SYMCRYPT_ASSERT( pState->bytesInMacBlock <= 15 );
}
else
{
@ -494,6 +493,7 @@ SymCryptGcmDecryptPart(
// Use optimized implementation if available
//
(*pState->pKey->pBlockCipher->gcmDecryptPartFunc) ( pState, pbSrc, pbDst, cbData );
SYMCRYPT_ASSERT( pState->bytesInMacBlock <= 15 );
}
else
{
@ -540,9 +540,9 @@ SymCryptGcmEncryptFinal(
SymCryptWipeKnownSize( buf, sizeof( buf ) );
SymCryptWipeKnownSize( pState, sizeof( *pState ) );
SYMCRYPT_ASSERT( pState->bytesInMacBlock == 0 );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL
@ -570,6 +570,7 @@ SymCryptGcmDecryptFinal(
SymCryptWipeKnownSize( buf, sizeof( buf ) );
SymCryptWipeKnownSize( pState, sizeof( *pState ) );
SYMCRYPT_ASSERT( pState->bytesInMacBlock == 0 );
return status;
}
@ -695,7 +696,6 @@ SymCryptGcmEncrypt(
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_NOINLINE
SYMCRYPT_ERROR
SYMCRYPT_CALL

65
lib/gen_int.c
Просмотреть файл

@ -7,7 +7,7 @@
#include "precomp.h"
UINT64
UINT64
SYMCRYPT_CALL
SymCryptUint64Gcd( UINT64 a, UINT64 b, UINT32 flags )
{
@ -19,7 +19,7 @@ SymCryptUint64Gcd( UINT64 a, UINT64 b, UINT32 flags )
/*
Algorithm outline:
if( b even )
swap (a,b)
@ -28,13 +28,13 @@ SymCryptUint64Gcd( UINT64 a, UINT64 b, UINT32 flags )
if( a even )
a = a/2
else
if a < b
if a < b
swap (a,b)
a = (a - b) / 2
We ignore the data_public flag as we currently always use a side-channel safe implementation
to compute (a < b) on 64-bit values is hard if we want to avoid
to compute (a < b) on 64-bit values is hard if we want to avoid
*/
SYMCRYPT_HARD_ASSERT( (flags & SYMCRYPT_FLAG_GCD_INPUTS_NOT_BOTH_EVEN) != 0 && ((a | b) & 1) != 0 );
@ -42,11 +42,11 @@ SymCryptUint64Gcd( UINT64 a, UINT64 b, UINT32 flags )
// If b even: swap (a,b)
swap = ~(0 - (b & 1));
tmp = (a ^ b) & swap;
a ^= tmp;
a ^= tmp;
b ^= tmp;
// Each loop iteration reduces len(a) + len(b) by at least 1, so looping 127 times is enough.
// For inputs (2^63, 2^63 + 1) we get 63 iterations to reduce a to 1, and then another 63 to get
// For inputs (2^63, 2^63 + 1) we get 63 iterations to reduce a to 1, and then another 63 to get
// the other value to 1, plus one more to make it 0.
for( i=0; i < 127; i++ )
{
@ -62,12 +62,12 @@ SymCryptUint64Gcd( UINT64 a, UINT64 b, UINT32 flags )
tmp = (a ^ b) & swap;
a2 = a ^ tmp;
b2 = b ^ tmp;
//
//
a2 = (a2 - b2) / 2;
// Compute the (a is odd) condition
tmp = 0 - (a & 1);
tmp = 0 - (a & 1);
// Assemble the final result
a = (tmp & a2) | (~tmp & a/2);
@ -192,7 +192,9 @@ SymCryptIntExtendedGcd(
PSYMCRYPT_INT piTmpDbl; // size 2*nDigits
PSYMCRYPT_DIVISOR pdGcd; // size nDigits
PSYMCRYPT_DIVISOR pdTmp; // size nDigits
UINT32 cb;
UINT32 cbInt;
UINT32 cbWideInt;
UINT32 cbDivisor;
SIZE_T cbFnScratch;
UINT32 t;
UINT32 c;
@ -205,33 +207,34 @@ SymCryptIntExtendedGcd(
cbFnScratch = SYMCRYPT_MAX( cbFnScratch, SYMCRYPT_SCRATCH_BYTES_FOR_INT_MUL( 2*nDigits ) );
cbFnScratch = SYMCRYPT_MAX( cbFnScratch, SYMCRYPT_SCRATCH_BYTES_FOR_INT_TO_DIVISOR( nDigits ) );
SYMCRYPT_ASSERT( cbScratch >= 4 * SymCryptSizeofIntFromDigits( nDigits ) +
1 * SymCryptSizeofIntFromDigits( 2*nDigits ) +
2 * SymCryptSizeofDivisorFromDigits( nDigits ) +
cbInt = SymCryptSizeofIntFromDigits( nDigits );
cbWideInt = SymCryptSizeofIntFromDigits( 2*nDigits );
cbDivisor = SymCryptSizeofDivisorFromDigits( nDigits );
SYMCRYPT_ASSERT( cbScratch >= 4 * cbInt +
1 * cbWideInt +
2 * cbDivisor +
cbFnScratch );
cb = SymCryptSizeofIntFromDigits( nDigits );
piA = SymCryptIntCreate( pbScratch, cb, nDigits );
pbScratch += cb; cbScratch -= cb;
piA = SymCryptIntCreate( pbScratch, cbInt, nDigits );
pbScratch += cbInt; cbScratch -= cbInt;
// piB is stored inside the pdGcd object created later
piTmp = SymCryptIntCreate( pbScratch, cb, nDigits );
pbScratch += cb; cbScratch -= cb;
piA1 = SymCryptIntCreate( pbScratch, cb, nDigits );
pbScratch += cb; cbScratch -= cb;
piB1 = SymCryptIntCreate( pbScratch, cb, nDigits );
pbScratch += cb; cbScratch -= cb;
piTmp = SymCryptIntCreate( pbScratch, cbInt, nDigits );
pbScratch += cbInt; cbScratch -= cbInt;
piA1 = SymCryptIntCreate( pbScratch, cbInt, nDigits );
pbScratch += cbInt; cbScratch -= cbInt;
piB1 = SymCryptIntCreate( pbScratch, cbInt, nDigits );
pbScratch += cbInt; cbScratch -= cbInt;
cb = SymCryptSizeofIntFromDigits( 2 * nDigits );
piTmpDbl = SymCryptIntCreate( pbScratch, cb, 2 * nDigits );
pbScratch += cb; cbScratch -= cb;
piTmpDbl = SymCryptIntCreate( pbScratch, cbWideInt, 2 * nDigits );
pbScratch += cbWideInt; cbScratch -= cbWideInt;
cb = SymCryptSizeofDivisorFromDigits( nDigits );
pdGcd = SymCryptDivisorCreate( pbScratch, cb, nDigits );
pbScratch += cb; cbScratch -= cb;
pdGcd = SymCryptDivisorCreate( pbScratch, cbDivisor, nDigits );
pbScratch += cbDivisor; cbScratch -= cbDivisor;
piB = SymCryptIntFromDivisor( pdGcd );
pdTmp = SymCryptDivisorCreate( pbScratch, cb, nDigits );
pbScratch += cb; cbScratch -= cb;
pdTmp = SymCryptDivisorCreate( pbScratch, cbDivisor, nDigits );
pbScratch += cbDivisor; cbScratch -= cbDivisor;
SymCryptIntCopyMixedSize( piSrc1, piA ); // Ignore the error return value here as we know
SymCryptIntCopyMixedSize( piSrc2, piB ); // that the destination integers are large enough.
@ -314,7 +317,7 @@ SymCryptIntExtendedGcd(
if( piInvSrc1ModSrc2 != NULL )
{
// Future optimization: if GCD == 1 then we can just copy B1.
// Future optimization: if GCD == 1 then we can just copy B1.
SymCryptIntDivMod( piSrc2, pdGcd, SymCryptIntFromDivisor( pdTmp ), NULL, pbScratch, cbScratch );
// IntToDivisor requirement:

4
lib/hkdf.c
Просмотреть файл

@ -13,7 +13,6 @@
#include "precomp.h"
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdfExpandKey(
@ -57,7 +56,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdfPrkExpandKey(
@ -72,7 +70,6 @@ SymCryptHkdfPrkExpandKey(
return macAlgorithm->expandKeyFunc( &pExpandedKey->macKey, pbPrk, cbPrk );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdfDerive(
@ -153,7 +150,6 @@ cleanup:
//
// The full HKDF
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptHkdf(

1
lib/hmac_pattern.c
Просмотреть файл

@ -36,7 +36,6 @@ SYMCRYPT_HmacXxxKeyCopy( _In_ PCSYMCRYPT_HMAC_XXX_EXPANDED_KEY pSrc, _Out_ PSYMC
SYMCRYPT_SET_MAGIC( pDst );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SYMCRYPT_HmacXxxExpandKey(

23
lib/marvin32.c
Просмотреть файл

@ -33,14 +33,13 @@ PCSYMCRYPT_MARVIN32_EXPANDED_SEED const SymCryptMarvin32DefaultSeed = &SymCryptM
// as we inline all our rotations.
//
static const int rotate[4] = {
20, 9, 27, 19,
20, 9, 27, 19,
};
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMarvin32ExpandSeed(
SymCryptMarvin32ExpandSeed(
_Out_ PSYMCRYPT_MARVIN32_EXPANDED_SEED pExpandedSeed,
_In_reads_(cbSeed) PCBYTE pbSeed,
SIZE_T cbSeed )
@ -63,7 +62,7 @@ cleanup:
VOID
SYMCRYPT_CALL
SymCryptMarvin32SeedCopy( _In_ PCSYMCRYPT_MARVIN32_EXPANDED_SEED pSrc,
SymCryptMarvin32SeedCopy( _In_ PCSYMCRYPT_MARVIN32_EXPANDED_SEED pSrc,
_Out_ PSYMCRYPT_MARVIN32_EXPANDED_SEED pDst )
{
SYMCRYPT_CHECK_MAGIC( pSrc );
@ -74,8 +73,8 @@ SymCryptMarvin32SeedCopy( _In_ PCSYMCRYPT_MARVIN32_EXPANDED_SEED pSrc,
VOID
SYMCRYPT_CALL
SymCryptMarvin32StateCopy(
_In_ PCSYMCRYPT_MARVIN32_STATE pSrc,
SymCryptMarvin32StateCopy(
_In_ PCSYMCRYPT_MARVIN32_STATE pSrc,
_In_opt_ PCSYMCRYPT_MARVIN32_EXPANDED_SEED pExpandedSeed,
_Out_ PSYMCRYPT_MARVIN32_STATE pDst )
{
@ -123,7 +122,7 @@ SymCryptMarvin32Append( _Inout_ PSYMCRYPT_MARVIN32_STATE
SIZE_T cbData )
{
UINT32 bytesInBuffer = state->dataLength;
SYMCRYPT_CHECK_MAGIC( state );
state->dataLength += (UINT32) cbData; // We only keep track of the last 2 bits...
@ -142,7 +141,7 @@ SymCryptMarvin32Append( _Inout_ PSYMCRYPT_MARVIN32_STATE
//
VOID
SYMCRYPT_CALL
SymCryptMarvin32Result(
SymCryptMarvin32Result(
_Inout_ PSYMCRYPT_MARVIN32_STATE pState,
_Out_writes_( SYMCRYPT_MARVIN32_RESULT_SIZE ) PBYTE pbResult )
{
@ -153,7 +152,7 @@ SymCryptMarvin32Result(
//
// Wipe four bytes in the buffer.
// Doing this first ensures that this write is aligned when the input was of
// length 0 mod 4.
// length 0 mod 4.
// The buffer is 8 bytes long, so we never overwrite anything else.
//
*(UINT32 *) &pState->buffer[bytesInBuffer] = 0;
@ -237,7 +236,7 @@ SymCryptMarvin32AppendBlocks(
VOID
SYMCRYPT_CALL
SymCryptMarvin32(
SymCryptMarvin32(
_In_ PCSYMCRYPT_MARVIN32_EXPANDED_SEED pExpandedSeed,
_In_reads_( cbData ) PCBYTE pbData,
SIZE_T cbData,
@ -309,7 +308,7 @@ SymCryptMarvin32(
//
// Simple test vector
// Simple test vector
//
static const BYTE marvin32KATAnswer[ 8 ] = {
@ -325,7 +324,7 @@ SymCryptMarvin32Selftest()
SymCryptMarvin32( SymCryptMarvin32DefaultSeed, SymCryptTestMsg3, sizeof( SymCryptTestMsg3 ), res );
SymCryptInjectError( res, sizeof( res ) );
if( memcmp( res, marvin32KATAnswer, sizeof( res ) ) != 0 )
if( memcmp( res, marvin32KATAnswer, sizeof( res ) ) != 0 )
{
SymCryptFatal( 'marv' );
}

27
lib/md2.c
Просмотреть файл

@ -7,15 +7,15 @@
// This module contains the routines to implement MD2 from RFC 1319
//
// This is a new implementation, NOT based on the existing one in RSA32.lib,
// which is the one from RSA data security.
// which is the one from RSA data security.
//
// The implementation had to be refreshed anyway to conform to our coding
// guidelines for cryptographic functions.
// guidelines for cryptographic functions.
// Re-implementing the function along the lines of our SHA-family implementations
// was easy, and it removes a file with RSA copyright from our system.
//
// The only data copied for this implementation is the S table from the
// RFC.
// RFC.
//
#include "precomp.h"
@ -82,7 +82,7 @@ SymCryptMd2Init( _Out_ PSYMCRYPT_MD2_STATE pState )
{
//
// We use the secure wipe as the init routine is also used to re-initialize
// (and wipe) the state after a hash computation.
// (and wipe) the state after a hash computation.
// In that case the compiler might conclude that this wipe can be optimized
// away, and that would leak data.
//
@ -117,7 +117,7 @@ SymCryptMd2Result( _Inout_ PSYMCRYPT_MD2_STATE
//
SIZE_T tmp;
SIZE_T paddingBytes = 16 - state->bytesInBuffer;
SYMCRYPT_CHECK_MAGIC( state );
@ -143,8 +143,8 @@ SymCryptMd2Result( _Inout_ PSYMCRYPT_MD2_STATE
VOID
SYMCRYPT_CALL
SymCryptMd2AppendBlocks(
_Inout_ PSYMCRYPT_MD2_CHAINING_STATE pChain,
SymCryptMd2AppendBlocks(
_Inout_ PSYMCRYPT_MD2_CHAINING_STATE pChain,
_In_reads_( cbData ) PCBYTE pbData,
SIZE_T cbData,
_Out_ SIZE_T * pcbRemaining )
@ -162,7 +162,7 @@ SymCryptMd2AppendBlocks(
// read the data once into our structure
//
memcpy( &pChain->X[16], pbData, SYMCRYPT_MD2_INPUT_BLOCK_SIZE );
//
// Update the checksum block.
// The L value at the end of the previous block is in the last byte of the checksum
@ -200,7 +200,7 @@ SymCryptMd2AppendBlocks(
VOID
SYMCRYPT_CALL
SymCryptMd2StateExport(
SymCryptMd2StateExport(
_In_ PCSYMCRYPT_MD2_STATE pState,
_Out_writes_bytes_( SYMCRYPT_MD2_STATE_EXPORT_SIZE ) PBYTE pbBlob )
{
@ -233,7 +233,6 @@ SymCryptMd2StateExport(
return;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMd2StateImport(
@ -268,7 +267,7 @@ SymCryptMd2StateImport(
pState->bytesInBuffer = blob.bytesInBuffer;
pState->dataLengthL = blob.bytesInBuffer;
pState->dataLengthH = 1;
pState->dataLengthH = 1;
SYMCRYPT_SET_MAGIC( pState );
@ -287,7 +286,7 @@ cleanup:
//
static const BYTE md2KATAnswer[ 16 ] = {
0xda, 0x85, 0x3b, 0x0d, 0x3f, 0x88, 0xd9, 0x9b,
0xda, 0x85, 0x3b, 0x0d, 0x3f, 0x88, 0xd9, 0x9b,
0x30, 0x28, 0x3a, 0x69, 0xe6, 0xde, 0xd6, 0xbb,
} ;
@ -298,9 +297,9 @@ SymCryptMd2Selftest()
BYTE result[SYMCRYPT_MD2_RESULT_SIZE];
SymCryptMd2( SymCryptTestMsg3, sizeof( SymCryptTestMsg3 ), result );
SymCryptInjectError( result, sizeof( result ) );
if( memcmp( result, md2KATAnswer, sizeof( result ) ) != 0 ) {
SymCryptFatal( 'MD2t' );
}

19
lib/md4.c
Просмотреть файл

@ -10,7 +10,7 @@
//
// This is a new implementation, NOT based on the existing ones in RSA32.lib.
// There are 2 versions in RSA32.lib, one from RSA data security and one from
// Scott Fields.
// Scott Fields.
//
// MD4 and MD5 are extremely similar. Having already done a new MD5 implementation it
// was very little work to copy the code & turn it into an MD4 implementation.
@ -48,7 +48,7 @@ const PCSYMCRYPT_HASH SymCryptMd4Algorithm = &SymCryptMd4Algorithm_default;
// The round constants used by MD4
//
//
static const UINT32 md4Const[3] = {
static const UINT32 md4Const[3] = {
0x00000000UL,
0x5A827999UL,
0x6ED9EBA1UL,
@ -116,7 +116,7 @@ SYMCRYPT_CALL
SymCryptMd4Init( _Out_ PSYMCRYPT_MD4_STATE pState )
{
SYMCRYPT_SET_MAGIC( pState );
pState->dataLengthL = 0;
pState->dataLengthH = 0;
pState->bytesInBuffer = 0;
@ -148,7 +148,7 @@ SymCryptMd4Append( _Inout_ PSYMCRYPT_MD4_STATE pState,
//
VOID
SYMCRYPT_CALL
SymCryptMd4Result(
SymCryptMd4Result(
_Inout_ PSYMCRYPT_MD4_STATE pState,
_Out_writes_( SYMCRYPT_MD4_RESULT_SIZE ) PBYTE pbResult )
{
@ -221,7 +221,7 @@ SymCryptMd4Result(
}
//
// FROUND are the subsequent rounds.
// FROUND are the subsequent rounds.
//
#define FROUND( r, Func ) { \
Wt = W[md4MsgIndex[r]];\
@ -230,7 +230,7 @@ SymCryptMd4Result(
VOID
SYMCRYPT_CALL
SymCryptMd4AppendBlocks(
SymCryptMd4AppendBlocks(
_Inout_ PSYMCRYPT_MD4_CHAINING_STATE pChain,
_In_reads_( cbData ) PCBYTE pbData,
SIZE_T cbData,
@ -245,7 +245,7 @@ SymCryptMd4AppendBlocks(
ad[1] = pChain->H[3];
ad[2] = pChain->H[2];
ad[3] = pChain->H[1];
while( cbData >= 64 )
{
//
@ -323,7 +323,7 @@ SymCryptMd4AppendBlocks(
VOID
SYMCRYPT_CALL
SymCryptMd4StateExport(
SymCryptMd4StateExport(
_In_ PCSYMCRYPT_MD4_STATE pState,
_Out_writes_bytes_( SYMCRYPT_MD4_STATE_EXPORT_SIZE ) PBYTE pbBlob )
{
@ -356,7 +356,6 @@ SymCryptMd4StateExport(
return;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMd4StateImport(
@ -418,7 +417,7 @@ SymCryptMd4Selftest()
SymCryptMd4( SymCryptTestMsg3, sizeof( SymCryptTestMsg3 ), result );
SymCryptInjectError( result, sizeof( result ) );
if( memcmp( result, md4KATAnswer, sizeof( result ) ) != 0 ) {
SymCryptFatal( 'MD4t' );
}

21
lib/md5.c
Просмотреть файл

@ -13,7 +13,7 @@
// at a glance looks very similar to the RSA32.lib code.
//
// The implementation had to be refreshed anyway to conform to our coding
// guidelines for cryptographic functions.
// guidelines for cryptographic functions.
// Re-implementing the function along the lines of our SHA-family implementations
// was easy, and it removes one file with RSA copyright from our system.
//
@ -47,7 +47,7 @@ const PCSYMCRYPT_HASH SymCryptMd5Algorithm = &SymCryptMd5Algorithm_default;
// These are called T[i] in RFC1321 although T[i] uses the range [1..64] and we use [0..63]
// This array should be optimized away by the compiler as all values are inlined.
//
static const UINT32 md5Const[64] = {
static const UINT32 md5Const[64] = {
0xd76aa478UL,
0xe8c7b756UL,
0x242070dbUL,
@ -133,7 +133,7 @@ static const int md5Rotate[64] = {
4, 11, 16, 23,
4, 11, 16, 23,
4, 11, 16, 23,
6, 10, 15, 21,
6, 10, 15, 21,
6, 10, 15, 21,
@ -181,7 +181,7 @@ SYMCRYPT_CALL
SymCryptMd5Init( _Out_ PSYMCRYPT_MD5_STATE pState )
{
SYMCRYPT_SET_MAGIC( pState );
pState->dataLengthL = 0;
pState->dataLengthH = 0;
pState->bytesInBuffer = 0;
@ -200,7 +200,7 @@ SymCryptMd5Init( _Out_ PSYMCRYPT_MD5_STATE pState )
//
VOID
SYMCRYPT_CALL
SymCryptMd5Append(
SymCryptMd5Append(
_Inout_ PSYMCRYPT_MD5_STATE pState,
_In_reads_( cbData ) PCBYTE pbData,
SIZE_T cbData )
@ -213,7 +213,7 @@ SymCryptMd5Append(
//
VOID
SYMCRYPT_CALL
SymCryptMd5Result(
SymCryptMd5Result(
_Inout_ PSYMCRYPT_MD5_STATE pState,
_Out_writes_( SYMCRYPT_MD5_RESULT_SIZE ) PBYTE pbResult )
{
@ -281,7 +281,7 @@ SymCryptMd5Result(
}
//
// Subsequent rounds.
// Subsequent rounds.
// This is the same as the IROUND except that it uses the copied message.
//
#define FROUND( r, Func ) { \
@ -306,7 +306,7 @@ SymCryptMd5AppendBlocks(
ad[1] = pChain->H[3];
ad[2] = pChain->H[2];
ad[3] = pChain->H[1];
while( cbData >= 64 )
{
//
@ -402,7 +402,7 @@ SymCryptMd5AppendBlocks(
VOID
SYMCRYPT_CALL
SymCryptMd5StateExport(
SymCryptMd5StateExport(
_In_ PCSYMCRYPT_MD5_STATE pState,
_Out_writes_bytes_( SYMCRYPT_MD5_STATE_EXPORT_SIZE ) PBYTE pbBlob )
{
@ -435,7 +435,6 @@ SymCryptMd5StateExport(
return;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptMd5StateImport(
@ -496,7 +495,7 @@ SymCryptMd5Selftest()
SymCryptMd5( SymCryptTestMsg3, sizeof( SymCryptTestMsg3 ), result );
SymCryptInjectError( result, sizeof( result ) );
if( memcmp( result, md5KATAnswer, sizeof( result ) ) != 0 ) {
SymCryptFatal( 'MD5t' );
}

42
lib/modexp.c
Просмотреть файл

@ -13,7 +13,7 @@
// scsPrecomp = { 1, base, base^2, ..., base^(2^W-1) }
//
// TODO: To mitigate power analysis attacks when multiplying by 1 (which might
// contain a lot of zeros in non-Montgomery moduli), future work is to
// contain a lot of zeros in non-Montgomery moduli), future work is to
// get rid of the 1 in the table. The leak is limited since now we always
// have Montgomery moduli.
//
@ -261,7 +261,7 @@ SymCryptModExpPrecomputation(
_In_reads_( SYMCRYPT_MODMULTIEXP_MAX_NPRECOMP )
PSYMCRYPT_MODELEMENT * pePIs,
PSYMCRYPT_MODELEMENT peTemp,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_opt_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch
)
@ -286,8 +286,8 @@ VOID
SYMCRYPT_CALL
SymCryptModMultiExpWnafWithInterleaving(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_ PCSYMCRYPT_INT * piExpArray,
_In_reads_( nBases ) PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_reads_( nBases ) PCSYMCRYPT_INT * piExpArray,
UINT32 nBases,
UINT32 nBitsExp,
_Out_ PSYMCRYPT_MODELEMENT peDst,
@ -338,37 +338,44 @@ SymCryptModMultiExpWnafWithInterleaving(
// SYMCRYPT_MODMULTIEXP_MAX_NBITSEXP, and SYMCRYPT_MODMULTIEXP_MAX_NPRECOMP, repspectively.
// Thus the following calculation does not overflow cbScratch.
//
SYMCRYPT_ASSERT( cbScratch >=
(nBases*nPrecompPoints + 2)*cbModElement +
((nBases*nRecodedDigits*sizeof(UINT32) + SYMCRYPT_ASYM_ALIGN_VALUE - 1)/SYMCRYPT_ASYM_ALIGN_VALUE)*SYMCRYPT_ASYM_ALIGN_VALUE +
SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( SymCryptModulusDigitsizeOfObject( pmMod ) ) );
SYMCRYPT_ASSERT( SYMCRYPT_MODMULTIEXP_MAX_NBASES >= nBases );
SYMCRYPT_ASSERT( SYMCRYPT_MODMULTIEXP_MAX_NPRECOMP >= nPrecompPoints );
// Creating temporary precomputed modelements
for (i=0; i<nBases*nPrecompPoints; i++)
{
SYMCRYPT_ASSERT( cbScratch >= cbModElement );
pePIs[i] = SymCryptModElementCreate( pbScratch, cbModElement, pmMod );
SYMCRYPT_ASSERT( pePIs[i] != NULL );
pbScratch += cbModElement;
cbScratch -= cbModElement;
}
SYMCRYPT_ASSERT( cbScratch >=
2*cbModElement +
((nBases*nRecodedDigits*sizeof(UINT32) + SYMCRYPT_ASYM_ALIGN_VALUE - 1)/SYMCRYPT_ASYM_ALIGN_VALUE)*SYMCRYPT_ASYM_ALIGN_VALUE +
SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( SymCryptModulusDigitsizeOfObject( pmMod ) ) );
// Creating temporary points
peTemp = SymCryptModElementCreate( pbScratch, cbModElement, pmMod );
SYMCRYPT_ASSERT( peTemp != NULL );
pbScratch += cbModElement;
cbScratch -= cbModElement;
peOne = SymCryptModElementCreate( pbScratch, cbModElement, pmMod );
SYMCRYPT_ASSERT( peOne != NULL );
pbScratch += cbModElement;
cbScratch -= cbModElement;
// Fixing pointers to recoded digits (be careful that the remaining space is SYMCRYPT_ASYM_ALIGNed)
absofKIs = (PUINT32) pbScratch;
pbScratch += nBases * nRecodedDigits * sizeof(UINT32);
cbScratch -= nBases * nRecodedDigits * sizeof(UINT32);
// Update cbScratch first using pbScratch, as the amount of scratch skipped for alignment depends upon the alignment of pbScratch
cbScratch -= ( ((ULONG_PTR)pbScratch + SYMCRYPT_ASYM_ALIGN_VALUE - 1) & ~(SYMCRYPT_ASYM_ALIGN_VALUE - 1) ) - (ULONG_PTR)pbScratch;
pbScratch = (PBYTE) ( ((ULONG_PTR)pbScratch + SYMCRYPT_ASYM_ALIGN_VALUE - 1) & ~(SYMCRYPT_ASYM_ALIGN_VALUE - 1) );
// Fixing remaining scratch space size
cbScratch -= ( (nBases*nPrecompPoints+1)*cbModElement );
cbScratch -= ((nBases*nRecodedDigits*sizeof(UINT32) + SYMCRYPT_ASYM_ALIGN_VALUE - 1) & ~(SYMCRYPT_ASYM_ALIGN_VALUE - 1));
//
// Main algorithm
@ -444,8 +451,8 @@ VOID
SYMCRYPT_CALL
SymCryptModMultiExpGeneric(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_ PCSYMCRYPT_INT * piExpArray,
_In_reads_( nBases ) PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_reads_( nBases ) PCSYMCRYPT_INT * piExpArray,
UINT32 nBases,
UINT32 nBitsExp,
UINT32 flags,
@ -475,14 +482,15 @@ SymCryptModMultiExpGeneric(
// at least 2 modelements bigger than the scratch space of ModExp
cbModElement = SymCryptSizeofModElementFromModulus( pmMod );
SYMCRYPT_ASSERT( SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP(SymCryptModulusDigitsizeOfObject(pmMod)) + 2*cbModElement <=
SYMCRYPT_ASSERT( SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP(SymCryptModulusDigitsizeOfObject(pmMod)) + 2*cbModElement <=
SYMCRYPT_SCRATCH_BYTES_FOR_MODMULTIEXP( SymCryptModulusDigitsizeOfObject(pmMod), nBases, nBitsExp ) );
SYMCRYPT_ASSERT( cbScratch >= 2*cbModElement + SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP(SymCryptModulusDigitsizeOfObject(pmMod)) );
peTemp = SymCryptModElementCreate( pbScratch, cbModElement, pmMod );
pbScratch += cbModElement; cbScratch += cbModElement;
pbScratch += cbModElement; cbScratch -= cbModElement;
peAcc = SymCryptModElementCreate( pbScratch, cbModElement, pmMod );
pbScratch += cbModElement; cbScratch += cbModElement;
pbScratch += cbModElement; cbScratch -= cbModElement;
// Set peAcc to 1
SymCryptModElementSetValueUint32( 1, pmMod, peAcc, pbScratch, cbScratch );

31
lib/parhash.c
Просмотреть файл

@ -10,13 +10,13 @@
VOID
SYMCRYPT_CALL
SymCryptParallelHashProcess_serial(
_In_ PCSYMCRYPT_PARALLEL_HASH pParHash,
_Inout_updates_bytes_( nStates * pHash->stateSize ) PVOID pStates,
SIZE_T nStates,
_Inout_updates_( nOperations ) PSYMCRYPT_PARALLEL_HASH_OPERATION pOperations,
SIZE_T nOperations,
_Out_writes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
_In_ PCSYMCRYPT_PARALLEL_HASH pParHash,
_Inout_updates_bytes_( nStates * pParHash->pHash->stateSize ) PVOID pStates,
SIZE_T nStates,
_Inout_updates_( nOperations ) PSYMCRYPT_PARALLEL_HASH_OPERATION pOperations,
SIZE_T nOperations,
_Out_writes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
{
SIZE_T i;
PSYMCRYPT_PARALLEL_HASH_OPERATION op;
@ -33,6 +33,7 @@ SymCryptParallelHashProcess_serial(
if( cbScratch < pParHash->parScratchFixed + nStates * SYMCRYPT_PARALLEL_HASH_PER_STATE_SCRATCH )
{
SymCryptFatal( 'ps2s' );
return; // prefast doesn't understand that SymCryptFatal doesn't return despite the annotation
}
SymCryptWipeKnownSize( pbScratch, pParHash->parScratchFixed + nStates * SYMCRYPT_PARALLEL_HASH_PER_STATE_SCRATCH );
@ -287,14 +288,14 @@ compareRequestSize( const void * p1, const void * p2 )
VOID
SYMCRYPT_CALL
SymCryptParallelHashProcess(
_In_ PCSYMCRYPT_PARALLEL_HASH pParHash,
_Inout_updates_bytes_( nStates * pHash->stateSize ) PVOID pStates,
SIZE_T nStates,
_Inout_updates_( nOperations ) PSYMCRYPT_PARALLEL_HASH_OPERATION pOperations,
SIZE_T nOperations,
_Out_writes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch,
UINT32 maxParallel )
_In_ PCSYMCRYPT_PARALLEL_HASH pParHash,
_Inout_updates_bytes_( nStates * pParHash->pHash->stateSize ) PVOID pStates,
SIZE_T nStates,
_Inout_updates_( nOperations ) PSYMCRYPT_PARALLEL_HASH_OPERATION pOperations,
SIZE_T nOperations,
_Out_writes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch,
UINT32 maxParallel )
{
PSYMCRYPT_PARALLEL_HASH_SCRATCH_STATE pScratchState;
PSYMCRYPT_PARALLEL_HASH_SCRATCH_STATE * pWork;

5
lib/pbkdf2.c
Просмотреть файл

@ -11,7 +11,6 @@
#include "precomp.h"
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptPbkdf2Derive(
@ -59,7 +58,7 @@ SymCryptPbkdf2Derive(
pExpandedKey->macAlg->resultFunc( &macState, rbWorkBuffer );
SymCryptXorBytes( &rbWorkBuffer[0], &rbBlockResult[0], &rbBlockResult[0], blockSize );
}
bytes = SYMCRYPT_MIN( cbResult, blockSize );
memcpy( pbResult, rbBlockResult, bytes );
pbResult += bytes;
@ -71,7 +70,6 @@ SymCryptPbkdf2Derive(
return SYMCRYPT_NO_ERROR;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptPbkdf2ExpandKey(
@ -86,7 +84,6 @@ SymCryptPbkdf2ExpandKey(
return macAlgorithm->expandKeyFunc(&pExpandedKey->macKey, pbKey, cbKey );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptPbkdf2(

4
lib/primes.c
Просмотреть файл

@ -193,8 +193,6 @@ SymCryptIntGenerateRandomPrime(
PCSYMCRYPT_TRIALDIVISION_CONTEXT pTrialDivisionContext = SymCryptCreateTrialDivisionContext( SymCryptIntDigitsizeOfObject( piHigh ) );
SYMCRYPT_ASSERT( cbScratch >= SYMCRYPT_SCRATCH_BYTES_FOR_INT_PRIME_GEN( SymCryptIntDigitsizeOfObject( piDst ) ) );
SYMCRYPT_ASSERT( nPubExp <= SYMCRYPT_RSAKEY_MAX_NUMOF_PUBEXPS );
SYMCRYPT_ASSERT( SymCryptDigitsFromBits( 64 ) == 1 );
@ -205,6 +203,7 @@ SymCryptIntGenerateRandomPrime(
cbObj = SymCryptSizeofDivisorFromDigits( 1 );
for( e = 0; e < nPubExp; e++ )
{
SYMCRYPT_ASSERT( cbScratch >= cbObj );
pdPubExp[e] = SymCryptDivisorCreate( pbScratch, cbObj, 1 );
pbScratch += cbObj;
cbScratch -= cbObj;
@ -214,6 +213,7 @@ SymCryptIntGenerateRandomPrime(
}
cbObj = SymCryptSizeofIntFromDigits( 1 );
SYMCRYPT_ASSERT( cbScratch >= cbObj + nBytes );
piTmp = SymCryptIntCreate( pbScratch, cbObj, 1 );
pbScratch += cbObj;
cbScratch -= cbObj;

2
lib/rc2.c
Просмотреть файл

@ -124,7 +124,6 @@ static const BYTE PITABLE[] =
*/
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRc2ExpandKeyEx(
@ -201,7 +200,6 @@ SymCryptRc2ExpandKeyEx(
return SYMCRYPT_NO_ERROR;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRc2ExpandKey(

19
lib/rc4.c
Просмотреть файл

@ -10,10 +10,9 @@
#include "precomp.h"
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRc4Init(
SymCryptRc4Init(
_Out_ PSYMCRYPT_RC4_STATE pState,
_In_reads_( cbKey ) PCBYTE pbKey,
_In_ SIZE_T cbKey )
@ -22,7 +21,7 @@ SymCryptRc4Init(
SIZE_T j;
BYTE keyBuf[256];
SIZE_T keyIdx;
SYMCRYPT_RC4_S_TYPE T;
if( cbKey > 256 || cbKey == 0 )
@ -69,18 +68,18 @@ SymCryptRc4Init(
//
pState->i = 1;
pState->j = 0;
SYMCRYPT_SET_MAGIC( pState );
SymCryptWipe( keyBuf, cbKey );
return SYMCRYPT_NO_ERROR;
}
VOID
SYMCRYPT_CALL
SymCryptRc4Crypt(
SymCryptRc4Crypt(
_Inout_ PSYMCRYPT_RC4_STATE pState,
_In_reads_( cbData ) PCBYTE pbSrc,
_Out_writes_( cbData ) PBYTE pbDst,
@ -103,13 +102,13 @@ SymCryptRc4Crypt(
// I suspect that that is because the instruction decoders are the bottleneck, and
// a small loop can be run out of the uop queue which bypasses the instruction decoders.
// A larger loop has to be decoded every time, and that slows things down.
// The theoretical gain of unrolling the loop is less than 1 c/B,
// and as Core 2 and derived CPUs are the most commonly used CPUs by our customers,
// The theoretical gain of unrolling the loop is less than 1 c/B,
// and as Core 2 and derived CPUs are the most commonly used CPUs by our customers,
// it is not worthwhile to persue this further.
//
// - Niels Ferguson (niels) 2010-10-11
//
while( pbSrc < pbSrcEnd )
{
//
@ -121,7 +120,7 @@ SymCryptRc4Crypt(
pState->S[i] = Tj;
pState->S[j] = Ti;
*pbDst = (BYTE) (*pbSrc ^ pState->S[(Ti + Tj) & 0xff]);
i = (i + 1) & 0xff;
pbSrc++;

18
lib/rdrand.c
Просмотреть файл

@ -8,7 +8,7 @@
#if (SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_AMD64) // only available on x86 and amd64 architectures
#if SYMCRYPT_MS_VC && _MSC_VER < 1610
#if SYMCRYPT_MS_VC && _MSC_VER < 1610
#error MSVC version lacks support for RDRAND intrinsics. Compile for the generic environment instead.
#endif
@ -16,7 +16,7 @@
// TODO: the _rdrand_u*() versions of the intrinsics can be removed once the new compiler
// with the _rdrand*_step() intrinsics is used in all branches
#if SYMCRYPT_MS_VC && _MSC_VER < 1700 // 1700 = Dev11,
#if SYMCRYPT_MS_VC && _MSC_VER < 1700 // 1700 = Dev11,
//
// This is the code that uses the old intrinsics in the compiler version 16.1
@ -32,7 +32,7 @@ unsigned __int64 _rdrand_u64(void);
#define SymCryptRdrandSizet(p) ( *(p)=(SIZE_T)_rdrand_u64(), SYMCRYPT_NO_ERROR )
#endif
#else // _MSC_VER
#else // _MSC_VER
//
// Code for the new Dev11 intrinsics
@ -54,7 +54,7 @@ SymCryptRdrandSizet( SIZE_T * p )
//
// In Win8/WinBlue we iterated 1000 times.
// But we got a crash bucket where we fail because of
// not getting any random data.
// not getting any random data.
// I contacted the Intel people; according to them they cannot make the
// RDRAND instruction fail more than a dozen times in a row under any tested
// circumstance. They have no idea how it could fail 1000 times in a row.
@ -79,7 +79,6 @@ SymCryptRdrandSizet( SIZE_T * p )
#endif
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdrandStatus()
@ -89,7 +88,7 @@ SymCryptRdrandStatus()
// is all zeroes. (This check only happens in CHKed builds.)
//
SymCryptCheckLibraryInitialized();
if( SYMCRYPT_CPU_FEATURES_PRESENT( SYMCRYPT_CPU_FEATURE_RDRAND ) )
{
return SYMCRYPT_NO_ERROR;
@ -101,10 +100,9 @@ SymCryptRdrandStatus()
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdrandGetBytes(
SymCryptRdrandGetBytes(
_Out_writes_( cbBuffer ) PBYTE pbBuffer,
SIZE_T cbBuffer,
_Out_writes_( SYMCRYPT_SHA512_RESULT_SIZE ) PBYTE pbResult )
@ -117,7 +115,7 @@ SymCryptRdrandGetBytes(
//
// Take care of the obvious errors that can happen
//
if( SymCryptRdrandStatus() != SYMCRYPT_NO_ERROR ||
if( SymCryptRdrandStatus() != SYMCRYPT_NO_ERROR ||
(cbBuffer & 0xf) != 0
)
{
@ -147,7 +145,7 @@ cleanup:
VOID
SYMCRYPT_CALL
SymCryptRdrandGet(
SymCryptRdrandGet(
_Out_writes_( cbBuffer ) PBYTE pbBuffer,
SIZE_T cbBuffer,
_Out_writes_( SYMCRYPT_SHA512_RESULT_SIZE ) PBYTE pbResult )

18
lib/rdseed.c
Просмотреть файл

@ -8,7 +8,7 @@
#if (SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_AMD64) // only available on x86 and amd64 architectures.
#if SYMCRYPT_MS_VC && _MSC_VER < 1610
#if SYMCRYPT_MS_VC && _MSC_VER < 1610
#error MSVC version lacks support for RDSEED intrinsics. Compile for the generic environment instead.
#endif
@ -33,7 +33,7 @@ SymCryptRdseedSizet( SIZE_T * p )
// There is no way to report errors, and customers rely on the RNG to work properly.
// Therefore, higher layers will fatal if this function fails.
// This is why we have a very high retry count; the alternative is to fatal.
//
//
//
for( i=0; i<10000000; i++ )
{
@ -46,7 +46,6 @@ SymCryptRdseedSizet( SIZE_T * p )
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdseedStatus()
@ -56,7 +55,7 @@ SymCryptRdseedStatus()
// is all zeroes. (This check only happens in CHKed builds.)
//
SymCryptCheckLibraryInitialized();
if( SYMCRYPT_CPU_FEATURES_PRESENT( SYMCRYPT_CPU_FEATURE_RDSEED ) )
{
return SYMCRYPT_NO_ERROR;
@ -68,11 +67,10 @@ SymCryptRdseedStatus()
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRdseedGetBytes(
_Out_writes_( cbBuffer ) PBYTE pbResult,
SymCryptRdseedGetBytes(
_Out_writes_( cbResult ) PBYTE pbResult,
SIZE_T cbResult )
{
SIZE_T * pBuf;
@ -83,7 +81,7 @@ SymCryptRdseedGetBytes(
//
// Take care of the obvious errors that can happen
//
if( SymCryptRdseedStatus() != SYMCRYPT_NO_ERROR ||
if( SymCryptRdseedStatus() != SYMCRYPT_NO_ERROR ||
(cbResult & 0xf) != 0
)
{
@ -110,8 +108,8 @@ cleanup:
VOID
SYMCRYPT_CALL
SymCryptRdseedGet(
_Out_writes_( cbBuffer ) PBYTE pbResult,
SymCryptRdseedGet(
_Out_writes_( cbResult ) PBYTE pbResult,
SIZE_T cbResult )
{
if( SymCryptRdseedGetBytes( pbResult, cbResult ) != SYMCRYPT_NO_ERROR )

36
lib/rsa_enc.c
Просмотреть файл

@ -51,6 +51,7 @@ SymCryptRsaCoreVerifyInput(
if (cbSrc == SymCryptRsakeySizeofModulus(pkRsakey))
{
cbTmpInteger = SymCryptSizeofIntFromDigits( pkRsakey->nDigitsOfModulus );
SYMCRYPT_ASSERT( cbScratch >= cbTmpInteger );
piTmpInteger = SymCryptIntCreate( pbScratch, cbTmpInteger, pkRsakey->nDigitsOfModulus );
scError = SymCryptIntSetValue( pbSrc, cbSrc, numFormat, piTmpInteger );
@ -71,7 +72,6 @@ cleanup:
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaCoreEnc(
@ -137,7 +137,7 @@ SymCryptRsaCoreEnc(
SymCryptModExp(
pkRsakey->pmModulus,
peRes,
piExp,
piExp,
SymCryptIntBitsizeOfValue( piExp ), // This is a public value
SYMCRYPT_FLAG_DATA_PUBLIC,
peRes,
@ -171,7 +171,7 @@ SymCryptRsaCoreDecCrtScratchSpace( _In_ PCSYMCRYPT_RSAKEY pkRsakey)
{
SymCryptFatal( 'rsad' );
}
for (UINT32 i=0; i<pkRsakey->nPrimes; i++)
{
cbModElementTotal += SYMCRYPT_SIZEOF_MODELEMENT_FROM_BITS( pkRsakey->nBitsOfPrimes[i]);
@ -198,7 +198,6 @@ SymCryptRsaCoreDecScratchSpace( _In_ PCSYMCRYPT_RSAKEY pkRsakey)
SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP( pkRsakey->nDigitsOfModulus ) );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaCoreDecCrt(
@ -274,7 +273,7 @@ SymCryptRsaCoreDecCrt(
// - nPrimes is at most SYMCRYPT_RSAKEY_MAX_NUMOF_PRIMES = 2
// Thus the following calculation does not overflow cbScratch.
//
SYMCRYPT_ASSERT( cbScratch >=
SYMCRYPT_ASSERT( cbScratch >=
3*cbInt + cbTmp + cbModElementTotal + cbModElementVerify +
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_COMMON_MOD_OPERATIONS( pkRsakey->nDigitsOfModulus ),
SYMCRYPT_MAX( SYMCRYPT_SCRATCH_BYTES_FOR_MODEXP( pkRsakey->nDigitsOfModulus ),
@ -393,8 +392,8 @@ SymCryptRsaCoreDecCrt(
SymCryptModExp(
pkRsakey->pmModulus,
peVerify,
piTmp,
SymCryptIntBitsizeOfValue( piTmp ),
piTmp,
SymCryptIntBitsizeOfValue( piTmp ),
SYMCRYPT_FLAG_DATA_PUBLIC, // Exponent is public
peVerify,
pbFnScratch,
@ -420,7 +419,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaCoreDec(
@ -446,7 +444,7 @@ SymCryptRsaCoreDec(
UNREFERENCED_PARAMETER( flags );
// Make sure that the key has a private key
if ((cbSrc>SymCryptRsakeySizeofModulus(pkRsakey)) ||
if ((cbSrc>SymCryptRsakeySizeofModulus(pkRsakey)) ||
(!pkRsakey->hasPrivateKey) )
{
scError = SYMCRYPT_INVALID_ARGUMENT;
@ -502,7 +500,6 @@ cleanup:
//
// Encryption / decryption functions
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaRawEncrypt(
@ -546,7 +543,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaRawDecrypt(
@ -609,7 +605,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Encrypt(
@ -696,7 +691,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Decrypt(
@ -798,7 +792,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepEncrypt(
@ -896,7 +889,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepDecrypt(
@ -1024,7 +1016,6 @@ cleanup:
// Signing / Verification functions
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Sign(
@ -1146,7 +1137,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1Verify(
@ -1156,7 +1146,7 @@ SymCryptRsaPkcs1Verify(
_In_reads_bytes_( cbSignature ) PCBYTE pbSignature,
SIZE_T cbSignature,
SYMCRYPT_NUMBER_FORMAT nfSignature,
_In_ PCSYMCRYPT_OID pHashOIDs,
_In_reads_opt_( nOIDCount ) PCSYMCRYPT_OID pHashOIDs,
_In_ SIZE_T nOIDCount,
UINT32 flags )
{
@ -1183,7 +1173,7 @@ SymCryptRsaPkcs1Verify(
// The SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PKCS1 macro does not
// overflow cbScratch since cbTmp < 2^17.
cbScratch = cbTmp +
cbScratch = cbTmp +
SYMCRYPT_MAX( SymCryptRsaCoreEncScratchSpace( pkRsakey ),
SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PKCS1( cbTmp ) );
@ -1238,7 +1228,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssSign(
@ -1286,11 +1275,11 @@ SymCryptRsaPssSign(
// The SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PSS macro does not
// overflow cbScratch since cbTmp < 2^17.
#if (SYMCRYPT_CRT_DECRYPTION)
cbScratch = cbTmp +
cbScratch = cbTmp +
SYMCRYPT_MAX( SymCryptRsaCoreDecCrtScratchSpace( pkRsakey ),
SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PSS( hashAlgorithm, cbHashValue, cbTmp ) );
#else
cbScratch = cbTmp +
cbScratch = cbTmp +
SYMCRYPT_MAX( SymCryptRsaCoreDecScratchSpace( pkRsakey ),
SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PSS( hashAlgorithm, cbHashValue, cbTmp ) );
#endif
@ -1368,7 +1357,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssVerify(
@ -1411,7 +1399,7 @@ SymCryptRsaPssVerify(
// The SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PSS macro does not
// overflow cbScratch since cbTmp < 2^17.
cbScratch = cbTmp +
cbScratch = cbTmp +
SYMCRYPT_MAX( SymCryptRsaCoreEncScratchSpace( pkRsakey ),
SYMCRYPT_SCRATCH_BYTES_FOR_RSA_PSS( hashAlgorithm, cbHashValue, cbTmp ) );

32
lib/rsa_padding.c
Просмотреть файл

@ -122,13 +122,12 @@ SymCryptRsaPaddingMaskGeneration(
// 0x00 || 0x02 || PS || 0x00 || M
//
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1ApplyEncryptionPadding(
_In_reads_bytes_( cbPlaintext ) PCBYTE pbPlaintext,
SIZE_T cbPlaintext,
_Out_writes_bytes_( cbPKCS1Format ) PBYTE pbPkcs1Format,
_Out_writes_bytes_( cbPkcs1Format ) PBYTE pbPkcs1Format,
SIZE_T cbPkcs1Format )
{
SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
@ -180,7 +179,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1RemoveEncryptionPadding(
@ -222,7 +220,7 @@ SymCryptRsaPkcs1RemoveEncryptionPadding(
}
// this also implies that cbPkcs1Buffer >= 16
// Check the leading bytes
// Check the leading bytes
mPaddingError |= SymCryptMask32IsNonzeroU31( pbPkcs1Format[0] ); // First byte must be = 0
mPaddingError |= SymCryptMask32NeqU31( pbPkcs1Format[1], PKCS_BLOCKTYPE_2 ); // Second byte must be = 2
@ -308,7 +306,6 @@ cleanup:
//
// PS = zero or more bytes 0x00 || 0x01
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepApplyEncryptionPadding(
@ -319,7 +316,7 @@ SymCryptRsaOaepApplyEncryptionPadding(
SIZE_T cbLabel,
_In_reads_bytes_opt_( cbSeed ) PCBYTE pbSeed,
SIZE_T cbSeed,
_Out_writes_bytes_( cbOAEPFormat ) PBYTE pbOaepFormat,
_Out_writes_bytes_( cbOaepFormat ) PBYTE pbOaepFormat,
SIZE_T cbOaepFormat,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch )
@ -425,7 +422,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaOaepRemoveEncryptionPadding(
@ -532,16 +528,16 @@ SymCryptRsaOaepRemoveEncryptionPadding(
// errors in mPaddingError. We could continue to make the entire padding removal
// side-channel safe like we do in the PKCS1 padding case, but that is not necessary.
// The side-channel only leaks data if the attacker can trigger two different behaviours
// and derive information from the difference.
// This is relatively easy to do with something like a match on 1 or 2 bytes because the
// and derive information from the difference.
// This is relatively easy to do with something like a match on 1 or 2 bytes because the
// chance of satisfying the check on a random input is still useful. But here we have
// matched 33 bytes (assuming a 32-byte hash) and the Bleichenbacher style attacks don't
// work beyond this point. Basically, these attacks produce ciphertexts without knowing
// the corresponding plaintext, and the chance of the label hash matching is something
// the corresponding plaintext, and the chance of the label hash matching is something
// like 2^{-256}. So these ciphertexts will always fail right here, and there is no
// difference of behaviour that leaks data to the attacker.
// Thus, we can switch back to normal processing of the errors here.
//
// Thus, we can switch back to normal processing of the errors here.
//
if( mPaddingError != 0 )
{
@ -591,7 +587,6 @@ cleanup:
//
// PKCS1 Signature Format:
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1ApplySignaturePadding(
@ -714,7 +709,6 @@ cleanup:
//
// Check if a PKCS1 padding is valid with regard to a hash oid
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1CheckSignaturePadding(
@ -762,7 +756,6 @@ cleanup:
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPkcs1VerifySignaturePadding(
@ -854,7 +847,6 @@ cleanup:
// EM = | maskedDB |maskedseed|bc|
// +-------------------+----------+--+
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssApplySignaturePadding(
@ -999,7 +991,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsaPssVerifySignaturePadding(
@ -1065,11 +1056,12 @@ SymCryptRsaPssVerifySignaturePadding(
//
// Size of cbSalt cannot exceed the maximal RSA key size CNG supports.
//
if ( (pbPSSFormat[0] & (BYTE)(0xff << (8 - dwZeroBits))) != 0 ||
pbPSSFormat[cbPSSFormat - 1] != 0xbc ||
if ( cbPSSFormat < (cbHashAlg + cbSalt + 2) ||
(pbPSSFormat[0] & (BYTE)(0xff << (8 - dwZeroBits))) != 0 ||
// cbSalt > MSCRYPT_RSA_MAX_KEY_LENGTH ||
// cbHash > MSCRYPT_RSA_MAX_KEY_LENGTH ||
cbPSSFormat < (cbHashAlg + cbSalt + 2))
pbPSSFormat[cbPSSFormat - 1] != 0xbc
)
{
scError = SYMCRYPT_INVALID_ARGUMENT;
goto cleanup;

57
lib/rsakey.c
Просмотреть файл

@ -101,12 +101,13 @@ SymCryptRsakeyCreate(
( pParams->nBitsOfModulus < SYMCRYPT_RSAKEY_MIN_BITSIZE_MODULUS ) ||
( pParams->nBitsOfModulus > SYMCRYPT_RSAKEY_MAX_BITSIZE_MODULUS ) ||
( pParams->nPubExp < 1 ) ||
( pParams->nPubExp > SYMCRYPT_RSAKEY_MAX_NUMOF_PUBEXPS ) ||
( pParams->nPrimes == 1 ) ||
( pParams->nPubExp > SYMCRYPT_RSAKEY_MAX_NUMOF_PUBEXPS ) ||
( pParams->nPrimes == 1 ) ||
( pParams->nPrimes > SYMCRYPT_RSAKEY_MAX_NUMOF_PRIMES ) )
{
goto cleanup;
}
SYMCRYPT_ASSERT( cbBuffer >= sizeof( SYMCRYPT_RSAKEY ) );
pkObj = (PSYMCRYPT_RSAKEY) pbCurr;
@ -118,7 +119,7 @@ SymCryptRsakeyCreate(
pkObj->cbTotalSize = (UINT32) cbNeeded;
// The result should always be within 4 GB, but we check to avoid security bugs
SYMCRYPT_HARD_ASSERT( pkObj->cbTotalSize == cbNeeded );
SYMCRYPT_HARD_ASSERT( pkObj->cbTotalSize == cbNeeded );
pkObj->hasPrivateKey = FALSE;
@ -132,6 +133,11 @@ SymCryptRsakeyCreate(
// Modulus
itemSize = SymCryptSizeofModulusFromDigits( pkObj->nDigitsOfModulus );
SYMCRYPT_ASSERT( cbBuffer >= sizeof( SYMCRYPT_RSAKEY ) + itemSize
+ (pkObj->nPrimes*SymCryptSizeofModulusFromDigits( pkObj->nDigitsOfModulus ))
+ (pkObj->nPrimes*SYMCRYPT_SIZEOF_MODELEMENT_FROM_BITS( pParams->nBitsOfModulus ))
+ (pkObj->nPubExp*SymCryptSizeofIntFromDigits( pkObj->nDigitsOfModulus ))
+ (pkObj->nPubExp*pkObj->nPrimes*SymCryptSizeofIntFromDigits( pkObj->nDigitsOfModulus )) );
pkObj->pmModulus = SymCryptModulusCreate(
pbCurr,
itemSize,
@ -342,7 +348,6 @@ SymCryptRsakeyCreateAllObjects( _Inout_ PSYMCRYPT_RSAKEY pkRsakey )
}
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeyCalculatePrivateFields(
@ -362,7 +367,7 @@ SymCryptRsakeyCalculatePrivateFields(
// Use pdTmp as int scratch
PSYMCRYPT_INT piScr = SymCryptIntFromDivisor(pdTmp);
// We need a 1-digit tmp value to store the GCD in.
// We need a 1-digit tmp value to store the GCD in.
// Simpler to put it on the stack than to add full scratch size computation support to this function
piTmpGcd = SymCryptIntCreate( SYMCRYPT_ASYM_ALIGN_UP( tmpGcdBuf ), sizeof( tmpGcdBuf ) - SYMCRYPT_ASYM_ALIGN_VALUE, SymCryptDigitsFromBits( 64 ) );
@ -469,7 +474,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeyGenerate(
@ -535,7 +539,7 @@ SymCryptRsakeyGenerate(
goto cleanup;
}
// Copy the public exponent into the key
// Copy the public exponent into the key
pkRsakey->au64PubExp[0] = pu64PubExp[0];
// Before doing anything calculate all the needed sizes
@ -707,16 +711,15 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeySetValue(
_In_reads_bytes_( cbModulus ) PCBYTE pbModulus,
SIZE_T cbModulus,
_In_reads_opt_( nPubExp ) PCUINT64 pu64PubExp,
_In_reads_( nPubExp ) PCUINT64 pu64PubExp,
UINT32 nPubExp,
_In_ PCBYTE * ppPrimes,
_In_ SIZE_T * pcbPrimes,
_In_reads_( nPrimes ) PCBYTE * ppPrimes,
_In_reads_( nPrimes ) SIZE_T * pcbPrimes,
UINT32 nPrimes,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags,
@ -762,7 +765,7 @@ SymCryptRsakeySetValue(
ndMod = pkRsakey->nDigitsOfModulus;
// Calculate scratch spaces
// Calculate scratch spaces
// No integer overflows as all numbers are limited by ndMod which is checked during Create
if( nPrimes!=0 )
{
@ -845,6 +848,7 @@ SymCryptRsakeySetValue(
pkRsakey->nMaxDigitsOfPrimes = 0;
for (UINT32 i=0; i<pkRsakey->nPrimes; i++)
{
#pragma warning(suppress: 26007) // "Incorrect Annotation" - cannot phrase array of pointers to arrays in SAL
scError = SymCryptIntSetValue( ppPrimes[i], pcbPrimes[i], numFormat, piPhi );
if (scError != SYMCRYPT_NO_ERROR )
{
@ -869,6 +873,7 @@ SymCryptRsakeySetValue(
// Set the values
for (UINT32 i=0; i<pkRsakey->nPrimes; i++)
{
#pragma warning(suppress: 26007) // "Incorrect Annotation" - cannot phrase array of pointers to arrays in SAL
scError = SymCryptIntSetValue( ppPrimes[i], pcbPrimes[i], numFormat, SymCryptIntFromModulus( pkRsakey->pmPrimes[i] ) );
if (scError != SYMCRYPT_NO_ERROR )
{
@ -914,7 +919,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeyGetValue(
@ -923,8 +927,8 @@ SymCryptRsakeyGetValue(
SIZE_T cbModulus,
_Out_writes_opt_( nPubExp ) PUINT64 pu64PubExp,
UINT32 nPubExp,
_Out_opt_ PBYTE * ppPrimes,
_In_opt_ SIZE_T * pcbPrimes,
_Out_writes_opt_( nPrimes ) PBYTE * ppPrimes,
_In_reads_opt_( nPrimes ) SIZE_T * pcbPrimes,
UINT32 nPrimes,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags )
@ -988,22 +992,19 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptRsakeyGetCrtValue(
_In_ PCSYMCRYPT_RSAKEY pkRsakey,
_Out_ PBYTE * ppCrtExponents,
_In_ SIZE_T * pcbCrtExponents,
UINT32 nCrtExponents,
_Out_writes_bytes_(cbCrtCoefficient)
PBYTE pbCrtCoefficient,
SIZE_T cbCrtCoefficient,
_Out_writes_bytes_(cbPrivateExponent)
PBYTE pbPrivateExponent,
SIZE_T cbPrivateExponent,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags)
_In_ PCSYMCRYPT_RSAKEY pkRsakey,
_Out_writes_(nCrtExponents) PBYTE * ppCrtExponents,
_In_reads_(nCrtExponents) SIZE_T * pcbCrtExponents,
UINT32 nCrtExponents,
_Out_writes_bytes_(cbCrtCoefficient) PBYTE pbCrtCoefficient,
SIZE_T cbCrtCoefficient,
_Out_writes_bytes_(cbPrivateExponent) PBYTE pbPrivateExponent,
SIZE_T cbPrivateExponent,
SYMCRYPT_NUMBER_FORMAT numFormat,
UINT32 flags)
{
SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
PBYTE pbScratch = NULL;

121
lib/sc_lib.h
Просмотреть файл

@ -1585,7 +1585,7 @@ typedef VOID (SYMCRYPT_CALL * SYMCRYPT_MODULUS_INIT_FN)(
// point format and allow the Modulus to contain special optimizations.
//
// The SetPost function is the post-processing function of any SetValue operation. The SetValue operation will store the
// modElement in the normal integer format into the ModElement. The SetPost function post-proccesses it into the proper
// modElement in the normal integer format into the ModElement. The SetPost function post-processes it into the proper
// representation for that modulus.
//
// The PreGet function is the pre-processing function to any GetValue operation. It returns a pointer to the proper value
@ -2087,9 +2087,9 @@ SYMCRYPT_CALL
SymCryptFdefRawDivMod(
_In_reads_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32) PCUINT32 pNum,
UINT32 nDigits,
_In_ PCSYMCRYPT_DIVISOR pDivisor,
_In_ PCSYMCRYPT_DIVISOR pdDivisor,
_Out_writes_opt_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32 pQuotient,
_Out_writes_opt_(SYMCRYPT_FDEF_INT_NUINT32(&pDivisor->Int)) PUINT32 pRemainder,
_Out_writes_opt_(SYMCRYPT_OBJ_NUINT32(pdDivisor)) PUINT32 pRemainder,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
@ -2205,7 +2205,8 @@ VOID
SYMCRYPT_CALL
SymCryptFdefModElementToIntGeneric(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCUINT32 pSrc,
_In_reads_bytes_( pmMod->nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )
PCUINT32 pSrc,
_Out_ PSYMCRYPT_INT piDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
@ -2225,7 +2226,7 @@ SymCryptFdefModElementSetValueGeneric(
_In_reads_bytes_( cbSrc ) PCBYTE pbSrc,
SIZE_T cbSrc,
SYMCRYPT_NUMBER_FORMAT format,
PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODULUS pmMod,
_Out_ PSYMCRYPT_MODELEMENT peDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
@ -2253,14 +2254,14 @@ SYMCRYPT_CALL
SymCryptFdefRawGetValue(
_In_reads_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32) PCUINT32 pSrc,
UINT32 nDigits,
_Out_writes_bytes_(cbBytes) PBYTE pbDst,
_Out_writes_bytes_(cbDst) PBYTE pbDst,
SIZE_T cbDst,
SYMCRYPT_NUMBER_FORMAT format );
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptFdefModElementGetValue(
PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT peSrc,
_Out_writes_bytes_( cbDst ) PBYTE pbDst,
SIZE_T cbDst,
@ -2714,9 +2715,9 @@ SymCryptFdef369RawMul(
UINT32
SYMCRYPT_CALL
SymCryptFdefRawIsEqualUint32(
_In_ PCUINT32 pSrc1,
UINT32 nDigits,
_In_ UINT32 u32Src2 );
_In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PCUINT32 pSrc1,
UINT32 nDigits,
_In_ UINT32 u32Src2 );
UINT32
SYMCRYPT_CALL
@ -2808,8 +2809,8 @@ VOID
SYMCRYPT_CALL
SymCryptModMultiExpGeneric(
_In_ PCSYMCRYPT_MODULUS pmMod,
_In_ PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_ PCSYMCRYPT_INT * piExpArray,
_In_reads_( nBases ) PCSYMCRYPT_MODELEMENT * peBaseArray,
_In_reads_( nBases ) PCSYMCRYPT_INT * piExpArray,
UINT32 nBases,
UINT32 nBitsExp,
UINT32 flags,
@ -3078,7 +3079,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassSetZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3087,7 +3088,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassSetDistinguished(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3098,7 +3099,7 @@ SymCryptShortWeierstrassIsEqual(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
UINT32 flags,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3107,7 +3108,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassIsZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3116,7 +3117,7 @@ SYMCRYPT_CALL
SymCryptShortWeierstrassOnCurve(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3128,7 +3129,7 @@ SymCryptShortWeierstrassAdd(
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3139,7 +3140,7 @@ SymCryptShortWeierstrassAddDiffNonZero(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3150,7 +3151,7 @@ SymCryptShortWeierstrassDouble(
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3160,7 +3161,7 @@ SymCryptShortWeierstrassNegate(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Inout_ PSYMCRYPT_ECPOINT poSrc,
UINT32 mask,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3179,7 +3180,7 @@ SYMCRYPT_CALL
SymCryptTwistedEdwardsSetDistinguished(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
@ -3191,20 +3192,20 @@ SymCryptTwistedEdwardsAdd(
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbProvidedScratch);
SIZE_T cbScratch );
VOID
SYMCRYPT_CALL
SymCryptTwistedEdwardsAddDiffNonZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_(cbScratch)
PBYTE pbScratch,
SIZE_T cbScratch );
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
VOID
SYMCRYPT_CALL
@ -3213,9 +3214,9 @@ SymCryptTwistedEdwardsDouble(
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_ PSYMCRYPT_ECPOINT poDst,
_In_ UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
PBYTE pbScratch,
SIZE_T cbScratch);
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
UINT32
SYMCRYPT_CALL
@ -3224,7 +3225,7 @@ SymCryptTwistedEdwardsIsEqual(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
@ -3233,16 +3234,16 @@ SYMCRYPT_CALL
SymCryptTwistedEdwardsOnCurve(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_(cbScratch)
PBYTE pbScratch,
SIZE_T cbScratch);
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
UINT32
SYMCRYPT_CALL
SymCryptTwistedEdwardsIsZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
@ -3251,7 +3252,7 @@ SYMCRYPT_CALL
SymCryptTwistedEdwardsSetZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
@ -3261,7 +3262,7 @@ SymCryptTwistedEdwardsNegate(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Inout_ PSYMCRYPT_ECPOINT poSrc,
UINT32 mask,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3291,7 +3292,7 @@ SymCryptMontgomeryIsEqual(
_In_ PCSYMCRYPT_ECPOINT poSrc1,
_In_ PCSYMCRYPT_ECPOINT poSrc2,
UINT32 flags,
_Out_writes_bytes_opt_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
@ -3300,7 +3301,7 @@ SYMCRYPT_CALL
SymCryptMontgomeryIsZero(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_ECPOINT poSrc,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
@ -3313,7 +3314,7 @@ SymCryptMontgomeryPointScalarMul(
PCSYMCRYPT_ECPOINT poSrc,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_(cbScratch)
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch);
@ -3329,7 +3330,6 @@ SymCryptOfflinePrecomputation(
PBYTE pbScratch,
SIZE_T cbScratch );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointScalarMulFixedWindow(
@ -3339,33 +3339,30 @@ SymCryptEcpointScalarMulFixedWindow(
PCSYMCRYPT_ECPOINT poSrc,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
_Out_writes_bytes_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcpointMultiScalarMulWnafWithInterleaving(
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_ PCSYMCRYPT_INT * piSrcScalarArray,
_In_ PCSYMCRYPT_ECPOINT * poSrcEcpointArray,
_In_ UINT32 nPoints,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
_In_ PCSYMCRYPT_ECURVE pCurve,
_In_reads_( nPoints ) PCSYMCRYPT_INT * piSrcScalarArray,
_In_reads_( nPoints ) PCSYMCRYPT_ECPOINT * poSrcEcpointArray,
_In_ UINT32 nPoints,
_In_ UINT32 flags,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
VOID
SYMCRYPT_CALL
SymCryptEcpointGenericSetRandom(
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_INT piScalar,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_opt_( cbScratch )
PBYTE pbScratch,
SIZE_T cbScratch );
_In_ PCSYMCRYPT_ECURVE pCurve,
_Out_ PSYMCRYPT_INT piScalar,
_Out_ PSYMCRYPT_ECPOINT poDst,
_Out_writes_bytes_( cbScratch ) PBYTE pbScratch,
SIZE_T cbScratch );
//--------------------------------------------------------
//--------------------------------------------------------

21
lib/sha1.c
Просмотреть файл

@ -3,7 +3,7 @@
//
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
//
// This revised implementation is based on the older one in RSA32LIB by
// This revised implementation is based on the older one in RSA32LIB by
// Scott Field and Dan Shumow. It is not based on any 3rd party code.
//
@ -67,7 +67,7 @@ SYMCRYPT_CALL
SymCryptSha1Init( _Out_ PSYMCRYPT_SHA1_STATE pState )
{
SYMCRYPT_SET_MAGIC( pState );
pState->dataLengthL = 0;
pState->dataLengthH = 0;
pState->bytesInBuffer = 0;
@ -87,7 +87,7 @@ SymCryptSha1Init( _Out_ PSYMCRYPT_SHA1_STATE pState )
SYMCRYPT_NOINLINE
VOID
SYMCRYPT_CALL
SymCryptSha1Append(
SymCryptSha1Append(
_Inout_ PSYMCRYPT_SHA1_STATE pState,
_In_reads_( cbData ) PCBYTE pbData,
SIZE_T cbData )
@ -102,7 +102,7 @@ SymCryptSha1Append(
SYMCRYPT_NOINLINE
VOID
SYMCRYPT_CALL
SymCryptSha1Result(
SymCryptSha1Result(
_Inout_ PSYMCRYPT_SHA1_STATE pState,
_Out_writes_( SYMCRYPT_SHA1_RESULT_SIZE ) PBYTE pbResult )
{
@ -116,7 +116,7 @@ SymCryptSha1Result(
// common padding routine for SHA-1 as it wouldn't be shared by anyone right now.
//
SYMCRYPT_CHECK_MAGIC( pState );
bytesInBuffer = (UINT32)(pState->bytesInBuffer);
//
@ -197,7 +197,7 @@ SymCryptSha1Result(
//
// The core round routine (excluding the message schedule)
//
//
// In more readable form this macro does the following:
// e = ROL(a,5) + F(b,c,d) + e + K[r/20] + W[round]
// b = ROL( b, 30 )
@ -215,7 +215,7 @@ SymCryptSha1Result(
}
//
// Subsequent rounds.
// Subsequent rounds.
// This is the same as the IROUND except that it adds the message schedule,
// and takes the message word from the intermediate
//
@ -226,7 +226,7 @@ SymCryptSha1Result(
VOID
SYMCRYPT_CALL
SymCryptSha1AppendBlocks(
SymCryptSha1AppendBlocks(
_Inout_ SYMCRYPT_SHA1_CHAINING_STATE * pChain,
_In_reads_( cbData ) PCBYTE pbData,
SIZE_T cbData,
@ -242,7 +242,7 @@ SymCryptSha1AppendBlocks(
C = pChain->H[2];
D = pChain->H[3];
E = pChain->H[4];
while( cbData >= 64 )
{
//
@ -400,7 +400,6 @@ SymCryptSha1StateExport(
return;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha1StateImport(
@ -465,7 +464,7 @@ SymCryptSha1Selftest()
SymCryptSha1( SymCryptTestMsg3, sizeof( SymCryptTestMsg3 ), result );
SymCryptInjectError( result, sizeof( result ) );
if( memcmp( result, sha1KATAnswer, sizeof( result ) ) != 0 ) {
SymCryptFatal( 'SHA1' );
}

1
lib/sha256.c
Просмотреть файл

@ -283,7 +283,6 @@ SymCryptSha256StateExport(
return;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha256StateImport(

3
lib/sha512.c
Просмотреть файл

@ -407,7 +407,6 @@ SymCryptSha384StateExport(
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha512StateImportCore(
@ -450,7 +449,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha512StateImport(
@ -460,7 +458,6 @@ SymCryptSha512StateImport(
return SymCryptSha512StateImportCore( pState, pbBlob, SymCryptBlobTypeSha512State );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSha384StateImport(

9
lib/sp800_108.c
Просмотреть файл

@ -11,7 +11,6 @@
#include "precomp.h"
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSp800_108Derive(
@ -35,7 +34,7 @@ SymCryptSp800_108Derive(
blockSize <= SYMCRYPT_MAC_MAX_RESULT_SIZE &&
bytesRemaining > 0 );
if( cbResult > UINT32_MAX/8 )
if( cbResult > UINT32_MAX/8 )
{
// SP800-108 requires the output size in bits to be encoded in a 32-bit value.
// cbResults that are too large are impossible.
@ -50,12 +49,12 @@ SymCryptSp800_108Derive(
//
// We append the pieces into the MAC function. This is inefficient but works always.
// If we need more speed for large outputs, we could use a fixed-size stack buffer to build the
// If we need more speed for large outputs, we could use a fixed-size stack buffer to build the
// concatenation & do a single append. This reduces the # calls in the loop, but adds one memcpy to
// the parameters. For small output sizes this is probably a wash.
//
SYMCRYPT_STORE_MSBFIRST32( &buf[0], iBlock );
SYMCRYPT_STORE_MSBFIRST32( &buf[0], iBlock );
pExpandedKey->macAlg->appendFunc( &macState, &buf[0], 4 ); // block count encoded in 4 bytes
if( cbLabel != (SIZE_T) -1 )
@ -86,7 +85,6 @@ SymCryptSp800_108Derive(
return SYMCRYPT_NO_ERROR;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSp800_108ExpandKey(
@ -101,7 +99,6 @@ SymCryptSp800_108ExpandKey(
return macAlgorithm->expandKeyFunc(&pExpandedKey->macKey, pbKey, cbKey );
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptSp800_108(

2
lib/tlsCbcVerify.c
Просмотреть файл

@ -427,6 +427,8 @@ SymCryptTlsCbcHmacVerify(
SYMCRYPT_ASSERT(pMacAlgorithm == SymCryptHmacSha1Algorithm ||
pMacAlgorithm == SymCryptHmacSha256Algorithm ||
pMacAlgorithm == SymCryptHmacSha384Algorithm );
SYMCRYPT_ASSERT(((*(pMacAlgorithm->ppHashAlgorithm))->inputBlockSize)/2 <= 64);
SYMCRYPT_ASSERT((*(pMacAlgorithm->ppHashAlgorithm))->resultSize <= 48);
SymCryptTlsCbcHmacVerifyCore(
pHashAlgorithm,

10
lib/tlsprf.c
Просмотреть файл

@ -53,7 +53,6 @@
// used keys (pre-master secret) longer than 128 bytes. To achieve interop
// with servers complying to the RFC we use the entire key for the HMAC calculation.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_1ExpandKey(
@ -133,7 +132,6 @@ cleanup:
return scError;
}
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_2ExpandKey(
@ -296,7 +294,6 @@ SymCryptTlsPrfPHash(
//
// Remark: We will do the do the two P_hash computations in parallel
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_1Derive(
@ -424,7 +421,6 @@ cleanup:
//
// PRF(secret, label, seed) = P_<hash>(secret, label + seed)
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_2Derive(
@ -483,13 +479,12 @@ cleanup:
//
// The full TLS 1.0/1.1 Key Derivation Function
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_1(
_In_reads_(cbKey) PCBYTE pbKey,
_In_ SIZE_T cbKey,
_In_reads_(cbLabel) PCBYTE pbLabel,
_In_reads_opt_(cbLabel) PCBYTE pbLabel,
_In_ SIZE_T cbLabel,
_In_reads_(cbSeed) PCBYTE pbSeed,
_In_ SIZE_T cbSeed,
@ -530,14 +525,13 @@ cleanup:
//
// The full TLS 1.2 Key Derivation Function
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptTlsPrf1_2(
_In_ PCSYMCRYPT_MAC pMacAlgorithm,
_In_reads_(cbKey) PCBYTE pbKey,
_In_ SIZE_T cbKey,
_In_reads_(cbLabel) PCBYTE pbLabel,
_In_reads_opt_(cbLabel) PCBYTE pbLabel,
_In_ SIZE_T cbLabel,
_In_reads_(cbSeed) PCBYTE pbSeed,
_In_ SIZE_T cbSeed,

1
lib/xtsaes.c
Просмотреть файл

@ -6,7 +6,6 @@
#include "precomp.h"
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptXtsAesExpandKey(

2
scripts/symcryptasm_processor.py
Просмотреть файл

@ -67,7 +67,7 @@ number of macros argument names. It ends with MACRO_END.
### amd64 ###
We allow up to 15 registers to be addressed, with the names:
Q0-Q15 (64-bit registers), W0-W15 (32-bit registers), H0-H15 (16-bit registers), and B0-B15 (8-bit
Q0-Q15 (64-bit registers), D0-D15 (32-bit registers), W0-W15 (16-bit registers), and B0-B15 (8-bit
registers)
Xmm0-Xmm5 registers may be used directly in assembly too, as in both amd64 calling conventions we
currently support, these registers are volatile so do not need any special handling

4
unittest/inc/algorithm_base.h
Просмотреть файл

@ -344,7 +344,7 @@ public:
virtual NTSTATUS setKey( _In_reads_( cbKey ) PCBYTE pbKey, SIZE_T cbKey ) = 0;
virtual NTSTATUS setNonce( _In_reads_( cbKey ) PCBYTE pbNonce, SIZE_T cbNonce ) = 0;
virtual NTSTATUS setNonce( _In_reads_( cbNonce ) PCBYTE pbNonce, SIZE_T cbNonce ) = 0;
virtual BOOL isRandomAccess() = 0;
@ -1013,7 +1013,7 @@ public:
virtual NTSTATUS setKey( _In_reads_( cbKey ) PCBYTE pbKey, SIZE_T cbKey );
virtual NTSTATUS setNonce( _In_reads_( cbKey ) PCBYTE pbNonce, SIZE_T cbNonce );
virtual NTSTATUS setNonce( _In_reads_( cbNonce ) PCBYTE pbNonce, SIZE_T cbNonce );
virtual BOOL isRandomAccess() { return s_isRandomAccess; };

2
unittest/lib/main.cpp
Просмотреть файл

@ -391,7 +391,7 @@ BOOL setContainsPrefix( const StringSet & set, const std::string & str )
}
BOOL
updateNameSet( _In_ PCSTR * names, _Inout_ StringSet * set, CHAR op, _In_ PSTR name )
updateNameSet( _In_z_ PCSTR * names, _Inout_ StringSet * set, CHAR op, _In_ PSTR name )
{
BOOL nameMatch = FALSE;
SIZE_T nameLen = strlen( name );

52
unittest/lib/sc_implementations.cpp
Просмотреть файл

@ -47,7 +47,7 @@ SymCryptAesCfbEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptAesBlockCipher->blockSize == SYMCRYPT_AES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptAesBlockCipher->blockSize == SYMCRYPT_AES_BLOCK_SIZE );
SymCryptCfbEncrypt( SymCryptAesBlockCipher,
g_modeCfbShiftParam,
pExpandedKey,
@ -66,7 +66,7 @@ SymCryptAesCfbDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptAesBlockCipher->blockSize == SYMCRYPT_AES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptAesBlockCipher->blockSize == SYMCRYPT_AES_BLOCK_SIZE );
SymCryptCfbDecrypt( SymCryptAesBlockCipher,
g_modeCfbShiftParam,
pExpandedKey,
@ -113,7 +113,7 @@ SymCryptDesCbcEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCbcEncrypt( SymCryptDesBlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -126,7 +126,7 @@ SymCryptDesCbcDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCbcDecrypt( SymCryptDesBlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -139,7 +139,7 @@ SymCryptDesCfbEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCfbEncrypt( SymCryptDesBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -152,7 +152,7 @@ SymCryptDesCfbDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCfbDecrypt( SymCryptDesBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -194,7 +194,7 @@ SymCrypt2DesCbcEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCrypt3DesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCrypt3DesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCbcEncrypt( SymCrypt3DesBlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -207,7 +207,7 @@ SymCrypt2DesCbcDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCrypt3DesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCrypt3DesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCbcDecrypt( SymCrypt3DesBlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -220,7 +220,7 @@ SymCrypt2DesCfbEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCrypt3DesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCrypt3DesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCfbEncrypt( SymCrypt3DesBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -233,7 +233,7 @@ SymCrypt2DesCfbDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCrypt3DesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCrypt3DesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCfbDecrypt( SymCrypt3DesBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -274,7 +274,7 @@ SymCrypt3DesCfbEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCrypt3DesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCrypt3DesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCfbEncrypt( SymCrypt3DesBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -287,7 +287,7 @@ SymCrypt3DesCfbDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCrypt3DesBlockCipher.blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCrypt3DesBlockCipher->blockSize == SYMCRYPT_DES_BLOCK_SIZE );
SymCryptCfbDecrypt( SymCrypt3DesBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -329,7 +329,7 @@ SymCryptDesxCbcEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesxBlockCipher.blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesxBlockCipher->blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SymCryptCbcEncrypt( SymCryptDesxBlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -342,7 +342,7 @@ SymCryptDesxCbcDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesxBlockCipher.blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesxBlockCipher->blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SymCryptCbcDecrypt( SymCryptDesxBlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -355,7 +355,7 @@ SymCryptDesxCfbEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesxBlockCipher.blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesxBlockCipher->blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SymCryptCfbEncrypt( SymCryptDesxBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -368,7 +368,7 @@ SymCryptDesxCfbDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptDesxBlockCipher.blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptDesxBlockCipher->blockSize == SYMCRYPT_DESX_BLOCK_SIZE );
SymCryptCfbDecrypt( SymCryptDesxBlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -410,7 +410,7 @@ SymCryptRc2CbcEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptRc2BlockCipher.blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptRc2BlockCipher->blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SymCryptCbcEncrypt( SymCryptRc2BlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -423,7 +423,7 @@ SymCryptRc2CbcDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptRc2BlockCipher.blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptRc2BlockCipher->blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SymCryptCbcDecrypt( SymCryptRc2BlockCipher, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -436,7 +436,7 @@ SymCryptRc2CfbEncrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptRc2BlockCipher.blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptRc2BlockCipher->blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SymCryptCfbEncrypt( SymCryptRc2BlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -449,7 +449,7 @@ SymCryptRc2CfbDecrypt(
_Out_writes_( cbData ) PBYTE pbDst,
SIZE_T cbData )
{
_Analysis_assume_( SymCryptRc2BlockCipher.blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SYMCRYPT_ASSERT( SymCryptRc2BlockCipher->blockSize == SYMCRYPT_RC2_BLOCK_SIZE );
SymCryptCfbDecrypt( SymCryptRc2BlockCipher, g_modeCfbShiftParam, pExpandedKey, pbChainingValue, pbSrc, pbDst, cbData );
}
@ -2229,11 +2229,11 @@ ParallelHashImp<ImpSc, AlgParallelSha256>::process(
BYTE sentinel = g_rng.byte();
SIZE_T nScratch = SYMCRYPT_PARALLEL_SHA256_FIXED_SCRATCH + state.nHashes * SYMCRYPT_PARALLEL_HASH_PER_STATE_SCRATCH;
CHECK( nScratch + scratchOffset <= sizeof( scratch ), "?" );
_Analysis_assume_( nScratch + scratchOffset < sizeof( scratch ) );
SYMCRYPT_ASSERT( nScratch + scratchOffset < sizeof( scratch ) );
scratch[scratchOffset + nScratch] = sentinel;
_Analysis_assume_( state.nHashes <= MAX_PARALLEL_HASH_STATES );
SYMCRYPT_ASSERT( state.nHashes <= MAX_PARALLEL_HASH_STATES );
initYmmRegisters();
SymCryptParallelSha256Process( &state.sc[0],
state.nHashes,
@ -2386,11 +2386,11 @@ ParallelHashImp<ImpSc, AlgParallelSha384>::process(
BYTE sentinel = g_rng.byte();
SIZE_T nScratch = SYMCRYPT_PARALLEL_SHA384_FIXED_SCRATCH + state.nHashes * SYMCRYPT_PARALLEL_HASH_PER_STATE_SCRATCH;
CHECK( nScratch + scratchOffset <= sizeof( scratch ), "?" );
_Analysis_assume_( nScratch + scratchOffset < sizeof( scratch ) );
SYMCRYPT_ASSERT( nScratch + scratchOffset < sizeof( scratch ) );
scratch[scratchOffset + nScratch] = sentinel;
_Analysis_assume_( state.nHashes <= MAX_PARALLEL_HASH_STATES );
SYMCRYPT_ASSERT( state.nHashes <= MAX_PARALLEL_HASH_STATES );
initYmmRegisters();
SymCryptParallelSha384Process( &state.sc[0],
state.nHashes,
@ -2543,11 +2543,11 @@ ParallelHashImp<ImpSc, AlgParallelSha512>::process(
BYTE sentinel = g_rng.byte();
SIZE_T nScratch = SYMCRYPT_PARALLEL_SHA512_FIXED_SCRATCH + state.nHashes * SYMCRYPT_PARALLEL_HASH_PER_STATE_SCRATCH;
CHECK( nScratch + scratchOffset <= sizeof( scratch ), "?" );
_Analysis_assume_( nScratch + scratchOffset < sizeof( scratch ) );
SYMCRYPT_ASSERT( nScratch + scratchOffset < sizeof( scratch ) );
scratch[scratchOffset + nScratch] = sentinel;
_Analysis_assume_( state.nHashes <= MAX_PARALLEL_HASH_STATES );
SYMCRYPT_ASSERT( state.nHashes <= MAX_PARALLEL_HASH_STATES );
initYmmRegisters();
SymCryptParallelSha512Process( &state.sc[0],
state.nHashes,