microsoft
/
SymCrypt
зеркало из https://github.com/microsoft/SymCrypt.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merged PR 6215627: Small bug fixes 2021/07/01 

+ Fix SYMCRYPT_INTERNAL_LOAD_LSBFIRST32 macro for generic build
+ Re-enable generic build in the pipeline
  + Only trigger for CI builds normally to avoid blocking PRs needlessly
  + Also trigger on PR builds to publish branch, to catch any regression we may not have noticed before publishing to GitHub
+ Fix a bunch of non-functional typos that I have noticed recently
+ Only run the module test when the task is running on a machine with RDSEED - the module test currently requires RDSEED.

Related work items: #34245222
This commit is contained in:
Samuel Lee 2021-07-08 19:21:24 +00:00
Родитель 8af25c22bd
Коммит 7506893113
18 изменённых файлов: 249 добавлений и 150 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

23
CMakeLists.txt
Просмотреть файл

@ -1,5 +1,10 @@
cmake_minimum_required(VERSION 3.13.0)
if(WIN32)
# Require Windows 10 SDK version 18362 for BCRYPT_TLS_CBC_HMAC_VERIFY_FLAG
set(CMAKE_SYSTEM_VERSION 10.0.18362)
endif()
project(SymCrypt)
if(NOT CMAKE_BUILD_TYPE)
@ -27,10 +32,12 @@ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib/${CMAKE_SYSTEM_PROCES
set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/module/${CMAKE_SYSTEM_PROCESSOR}/${SYMCRYPT_TARGET_ENV})
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/exe/${CMAKE_SYSTEM_PROCESSOR}/${SYMCRYPT_TARGET_ENV})
if(WIN32 AND SYMCRYPT_TARGET_ENV MATCHES "WindowsUserMode")
# Enable ASM_MASM. Annoyingly, this has to be done in the main CMake file rather than in the
# toolchain file
enable_language(ASM_MASM)
if(WIN32)
if(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
# Enable ASM_MASM. Annoyingly, this has to be done in the main CMake file rather than in the
# toolchain file
enable_language(ASM_MASM)
endif()
add_compile_options(/MP)
add_compile_options(/Zp8)
# Remove /RTC1, incompatible of /Ox
@ -51,8 +58,10 @@ if(WIN32 AND SYMCRYPT_TARGET_ENV MATCHES "WindowsUserMode")
add_compile_options(/Gy)
add_compile_options(/Gw)
endif()
elseif(NOT WIN32)
enable_language(ASM)
else()
if(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
enable_language(ASM)
endif()
add_compile_options(-Wno-deprecated-declarations -Wno-deprecated)
add_compile_options(-g)
add_compile_options(-Wno-multichar)
@ -126,7 +135,7 @@ include(build/buildInfo.cmake)
add_subdirectory(lib)
if(NOT WIN32 AND NOT CMAKE_BUILD_TYPE MATCHES Sanitize)
if(NOT WIN32 AND NOT SYMCRYPT_TARGET_ENV MATCHES "Generic" AND NOT CMAKE_BUILD_TYPE MATCHES Sanitize)
# Module integrity check is seen as OOB access by sanitizers, and sanitizer instrumentation
# breaks integrity check assumptions. Only enable module when not running with sanitizers
add_subdirectory(module)

104
azure-build-template.yml
Просмотреть файл

@ -5,11 +5,17 @@
parameters:
- name: hostos
type: string
values:
- Windows
- Linux
- name: env
type: string
values:
- WindowsUserMode
- LinuxUserMode
- Generic
- name: arch
type: string
values:
@ -17,6 +23,7 @@ parameters:
- X86
- ARM64
- ARM
- Unknown
- name: cc
type: string
values:
@ -50,57 +57,90 @@ steps:
python -m pip install --upgrade pip setuptools wheel
pip install -r $(Build.SourcesDirectory)/scripts/requirements.txt
displayName: 'Install Python requirements'
- task: CMake@1
inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: >-
..
-DCMAKE_TOOLCHAIN_FILE=../cmake-toolchain/${{parameters.env}}-${{parameters.arch}}.cmake
-DCMAKE_C_COMPILER=${{parameters.cc}} -DCMAKE_CXX_COMPILER=${{parameters.cxx}}
-DCMAKE_BUILD_TYPE=${{parameters.buildType}}
${{parameters.additionalCMakeArgs}}
# Specify no toolchain file for generic build
- ${{ if eq(parameters.env, 'Generic') }}:
- task: CMake@1
inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: >-
..
-DCMAKE_C_COMPILER=${{parameters.cc}} -DCMAKE_CXX_COMPILER=${{parameters.cxx}}
-DCMAKE_BUILD_TYPE=${{parameters.buildType}}
${{parameters.additionalCMakeArgs}}
# Specify toolchain file based on env and arch for non-generic build
- ${{ if ne(parameters.env, 'Generic') }}:
- task: CMake@1
inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: >-
..
-DCMAKE_TOOLCHAIN_FILE=../cmake-toolchain/${{parameters.env}}-${{parameters.arch}}.cmake
-DCMAKE_C_COMPILER=${{parameters.cc}} -DCMAKE_CXX_COMPILER=${{parameters.cxx}}
-DCMAKE_BUILD_TYPE=${{parameters.buildType}}
${{parameters.additionalCMakeArgs}}
# Build with CMake
# cmake --build . -j
- ${{ if eq(parameters.env, 'WindowsUserMode') }}:
- ${{ if eq(parameters.hostos, 'Windows') }}:
- task: CMake@1
inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: '--build . -j --config ${{parameters.buildType}}'
# Execute unit tests using the inline script
- script: |
cd bin\exe\${{parameters.arch}}\${{parameters.env}}\${{parameters.buildType}}
.\symcryptunittest.exe
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
- ${{ if eq(parameters.env, 'LinuxUserMode') }}:
- ${{ if ne(parameters.env, 'Generic') }}:
- script: |
cd bin\exe\${{parameters.arch}}\${{parameters.env}}\${{parameters.buildType}}
.\symcryptunittest.exe
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
- ${{ if eq(parameters.env, 'Generic') }}:
- script: |
cd bin\exe\%PROCESSOR_ARCHITECTURE%\${{parameters.env}}\${{parameters.buildType}}
.\symcryptunittest.exe
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
- ${{ if eq(parameters.hostos, 'Linux') }}:
- task: CMake@1
inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: '--build . -j'
# Execute module test using the inline script
- ${{ if ne(parameters.buildType, 'Sanitize') }}:
# Increase ulimit to enable core dump in case of a test crash
- script: |
ulimit -c unlimited
displayName: 'Enable core dumps'
# Execute module and unit test using the inline script
- ${{ if ne(parameters.env, 'Generic') }}:
- script: |
cd bin/exe/${{parameters.arch}}/${{parameters.env}}
./symcryptmoduletest
displayName: 'Execute module test'
- script: |
cd bin/exe/${{parameters.arch}}/${{parameters.env}}
./symcryptunittest
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
ulimit -c unlimited
./symcryptunittest
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
- ${{ if ne(parameters.buildType, 'Sanitize') }}:
# Only run module test if rdseed is present on the CPU
- script: |
cd bin/exe/${{parameters.arch}}/${{parameters.env}}
if lshw -c cpu | grep -q rdseed
then ./symcryptmoduletest
fi
displayName: 'Execute module test'
# Execute unit test using the inline script
- ${{ if eq(parameters.env, 'Generic') }}:
- script: |
archName=`uname -m`
cd bin/exe/${archName}/${{parameters.env}}
./symcryptunittest
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
# Publish artifacts so they're available in the pipeline results
- publish: $(System.DefaultWorkingDirectory)/bin
artifact: 'drop-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}'
artifact: 'drop-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
# Publish artifacts, core dumps and temporary files on failure
- publish: $(System.DefaultWorkingDirectory)/bin
artifact: 'failed-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}'
artifact: 'failed-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
condition: failed()
- publish: /var/crash
artifact: 'crash-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}'
condition: and(failed(), eq(variables['Agent.OS'], 'Linux'))
- publish: $(Agent.TempDirectory)
artifact: 'temp-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}'
artifact: 'temp-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
condition: failed()
- publish: $(Agent.WorkFolder)
artifact: 'work-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}'
artifact: 'work-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
condition: failed()

85
azure-pipelines.yml
Просмотреть файл

@ -2,14 +2,16 @@
# for building and testing SymCrypt in each of the target environments. For more information on Azure
# Pipelines, see https://docs.microsoft.com/en-us/azure/devops/pipelines/customize-pipeline
# Execute the pipeline whenever a change is made to master
# Execute the pipeline whenever a change is made to master or publish
trigger:
- master
- publish
# Execute the pipeline on any PR into master. (Currently not supported on Azure Git Repos; must
# be configured through the UI.)
# Execute the pipeline on any PR into master or publish.
# (Currently not supported on Azure Git Repos; must be configured through the UI.)
pr:
- master
- publish
# List of jobs to build. Each job follows the same general format.
# 1. Windows AMD64 with CPU optimizations in Debug mode
@ -22,6 +24,12 @@ pr:
# 8. Linux AMD64 with CPU optimizations using clang in Debug mode
# 9. Linux AMD64 with CPU optimizations using clang in Sanitize mode
# 10. Linux AMD64 with CPU optimizations using clang in Release mode
# The following jobs run only on CI and PRs to publish
# 11. Windows 64b with no CPU optimizations in Release mode
# 12. Windows 32b with no CPU optimizations in Release mode
# 13. Linux with no CPU optimizations using GCC in Release mode
# 14. Linux with no CPU optimizations using clang in Release mode
jobs:
- job: Windows_AMD64_Debug
pool:
@ -29,6 +37,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: WindowsUserMode
arch: AMD64
cc: cl
@ -42,6 +51,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: WindowsUserMode
arch: AMD64
cc: cl
@ -55,6 +65,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: WindowsUserMode
arch: X86
cc: cl
@ -68,6 +79,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: WindowsUserMode
arch: X86
cc: cl
@ -81,6 +93,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: LinuxUserMode
arch: AMD64
cc: gcc
@ -94,6 +107,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: LinuxUserMode
arch: AMD64
cc: gcc
@ -107,6 +121,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: LinuxUserMode
arch: AMD64
cc: gcc
@ -120,6 +135,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: LinuxUserMode
arch: AMD64
cc: clang
@ -133,6 +149,7 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: LinuxUserMode
arch: AMD64
cc: clang
@ -146,9 +163,71 @@ jobs:
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: LinuxUserMode
arch: AMD64
cc: clang
cxx: clang++
buildType: Release
additionalCMakeArgs:
- job: Generic_Windows_Win64_Release
pool:
vmImage: 'windows-2019'
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: Generic
arch: Unknown
cc: cl
cxx: cl
buildType: Release
additionalCMakeArgs:
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
- job: Generic_Windows_Win32_Release
pool:
vmImage: 'windows-2019'
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: Generic
arch: Unknown
cc: cl
cxx: cl
buildType: Release
additionalCMakeArgs: -A Win32
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
- job: Generic_Linux_gcc_Release
pool:
vmImage: 'ubuntu-20.04'
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: Generic
arch: Unknown
cc: gcc
cxx: g++
buildType: Release
additionalCMakeArgs:
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
- job: Generic_Linux_clang_Release
pool:
vmImage: 'ubuntu-20.04'
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: Generic
arch: Unknown
cc: clang
cxx: clang++
buildType: Release
additionalCMakeArgs:
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))

3
cmake-toolchain/WindowsUserMode-AMD64.cmake
Просмотреть файл

@ -1,9 +1,6 @@
# This toolchain file configures CMake options for Windows User Mode AMD64 compilation with CPU optimizations.
# To use the toolchain file, run cmake .. -DCMAKE_TOOLCHAIN_FILE=cmake-toolchain/WindowsUserMode-AMD64.cmake
# Require Windows 10 SDK version 18362 for BCRYPT_TLS_CBC_HMAC_VERIFY_FLAG
set(CMAKE_SYSTEM_VERSION 10.0.18362)
# Set CMake variables that subsequent CMake scripts can check against
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR AMD64)

3
cmake-toolchain/WindowsUserMode-X86.cmake
Просмотреть файл

@ -6,9 +6,6 @@
# toolchain file, so if you don't provide "-A Win32" it will try to use the 64-bit compiler and assembler
# and will fail.)
# Require Windows 10 SDK version 18362 for BCRYPT_TLS_CBC_HMAC_VERIFY_FLAG
set(CMAKE_SYSTEM_VERSION 10.0.18362)
# Set CMake variables that subsequent CMake scripts can check against
set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR X86)

26
inc/symcrypt.h
Просмотреть файл

@ -76,7 +76,7 @@ extern "C" {
// corresponding data. If the function accepts a pointer-to-non-const it must be
// assumed to both read and write the data.
// It is safe for two threads to use the same data element as long as both of them
// are only reading form it. For example, an expanded key is typically passed as
// are only reading from it. For example, an expanded key is typically passed as
// a pointer-to-const to the encryption and decryption routines. Thus, multiple
// threads can perform multiple encryptions/decryptions in parallel using the
// same expanded key.
@ -270,7 +270,7 @@ typedef enum _SYMCRYPT_DLGROUP_DH_SAFEPRIMETYPE {
//
// A variety of useful macros.
//
// The load/store macros convert from integer types to an array of bytes and visa versa.
// The load/store macros convert from integer types to an array of bytes and vice versa.
// LOAD<n>_* (p) loads a value of <n> bits from the byte pointer p.
// STORE<n>_* (p,v) stores the n-bit value v to byte pointer p.
// The macros can either do Most Significant Byte first (big-endian) or
@ -6160,28 +6160,6 @@ SymCryptEcDsaSign(
// not be truncated.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaSignDeterministic(
_In_ PCSYMCRYPT_ECKEY pKey,
_In_reads_bytes_( cbHashValue ) PCBYTE pbHashValue,
SIZE_T cbHashValue,
SYMCRYPT_NUMBER_FORMAT format,
PCSYMCRYPT_MAC pMac,
UINT32 flags,
_Out_writes_bytes_( cbSignature ) PBYTE pbSignature,
SIZE_T cbSignature );
//
// Same as SymCryptEcDsaSign, but uses the Mac algorithm to compute the 'k' value
// from the hash value and the private key, rather than generate a random 'k' value.
// This makes the signature algorithm deterministic, and avoids the need for an RNG.
//
// Allowed flags:
// SYMCRYPT_FLAG_ECDSA_NO_TRUNCATION: If set then the hash value will
// not be truncated.
//
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL

2
inc/symcrypt_internal.h
Просмотреть файл

@ -542,7 +542,7 @@ SymCryptCpuFeaturesNeverPresent();
#define SYMCRYPT_INTERNAL_LOAD_MSBFIRST16( p ) ( ((UINT16)((PBYTE)p)[0]) << 8 | ((PBYTE)p)[1] )
#define SYMCRYPT_INTERNAL_LOAD_LSBFIRST16( p ) ( ((UINT16)((PBYTE)p)[1]) << 8 | ((PBYTE)p)[0] )
#define SYMCRYPT_INTERNAL_LOAD_MSBFIRST32( p ) ( (UINT32)SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[0]) << 16 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[2]) )
#define SYMCRYPT_INTERNAL_LOAD_LSBFIRST32( p ) ( (UINT32)SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[2]) << 16 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[0]) )
#define SYMCRYPT_INTERNAL_LOAD_LSBFIRST32( p ) ( (UINT32)SYMCRYPT_INTERNAL_LOAD_LSBFIRST16(&((PBYTE)p)[2]) << 16 | SYMCRYPT_INTERNAL_LOAD_LSBFIRST16(&((PBYTE)p)[0]) )
#define SYMCRYPT_INTERNAL_LOAD_MSBFIRST64( p ) ( (UINT64)SYMCRYPT_INTERNAL_LOAD_MSBFIRST32(&((PBYTE)p)[0]) << 32 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST32(&((PBYTE)p)[4]) )
#define SYMCRYPT_INTERNAL_LOAD_LSBFIRST64( p ) ( (UINT64)SYMCRYPT_INTERNAL_LOAD_LSBFIRST32(&((PBYTE)p)[4]) << 32 | SYMCRYPT_INTERNAL_LOAD_LSBFIRST32(&((PBYTE)p)[0]) )

2
inc/symcrypt_low_level.h
Просмотреть файл

@ -654,7 +654,7 @@ SymCryptIntGetValue(
SIZE_T cbDst,
SYMCRYPT_NUMBER_FORMAT format );
//
// Convert a value form the internal number representation to a byte array.
// Convert a value from the internal number representation to a byte array.
//
// Src is the number whose value is to be stored in a byte array
// (pbDst, cbDst) the destination buffer

12
inc/symcrypt_version.inc
Просмотреть файл

@ -3,24 +3,24 @@
; Copyright (c) Microsoft Corporation. Licensed under the MIT license.
;
; This is the file that contains the SymCrypt version information.
;
;
; THIS FILE IS INCLUDED BOTH IN C AND ASSEMBLER CODE
; which is why the layout is strange.
; The first line is ";/_*" (without the _)
; The first line is ";/_*" (without the _)
; which is an assembler comment, and the start of a C comment.
; (In C an extra semicolon is allowed.)
; (The extra _ is added above to not break compilers who violate the C standard and
; (The extra _ is added above to not break compilers who violate the C standard and
; allow nested slash-star comments.)
; Below we have separate areas where the C and ASM version numbers are defined.
; These should always be the same.
;
; In previous releases we had a numbering system with major/minor version number.
; This worked well with the sequential servicing imposed by SourceDepot.
; This worked well with the sequential servicing imposed by SourceDepot.
; With the switch to Git this no longer works due to having multiple branches.
; We move to having the version here only specify the API and minor version number
; These will NOT be changed for every build. The API version only changes when there are
; changes to the API in symcrypt.h. (Note: symcrypt_low_level.h is not stable and can change
; at any time.) The minor version is changed at regular intervals, but not necesarilly at
; at any time.) The minor version is changed at regular intervals, but not necessarily at
; every build of the library.
;
; Separate from these numbers the build system includes information about the branch,
@ -44,4 +44,4 @@ SYMCRYPT_CODE_VERSION_PATCH EQU 0
;/* ; Switch back into a C comment so that we can close the IF
endif
;*/
;*/

2
lib/CMakeLists.txt
Просмотреть файл

@ -220,7 +220,7 @@ if(WIN32 AND NOT(SYMCRYPT_TARGET_ENV MATCHES "Generic"))
set_source_files_properties(
i386/fdef_asm-masm.asm PROPERTIES INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/i386)
endif()
else()
elseif(NOT(SYMCRYPT_TARGET_ENV MATCHES "Generic"))
if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64")
process_symcryptasm(amd64/aesasm.symcryptasm gas amd64)
process_symcryptasm(amd64/fdef_asm.symcryptasm gas amd64)

64
lib/aes-c.c
Просмотреть файл

@ -200,28 +200,28 @@ SymCryptAesEncryptC(
// Final round
// SubBytes/ShiftRows for col. 0
state2[0] = SymCryptAesSboxMatrixMult[0][ state[0][0] ][1];
state2[3] = SymCryptAesSboxMatrixMult[0][ state[0][1] ][1] << 8;
state2[2] = SymCryptAesSboxMatrixMult[0][ state[0][2] ][1] << 16;
state2[1] = SymCryptAesSboxMatrixMult[0][ state[0][3] ][1] << 24;
state2[0] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][0] ][1];
state2[3] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][1] ][1] << 8;
state2[2] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][2] ][1] << 16;
state2[1] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][3] ][1] << 24;
// SubBytes/ShiftRows for col. 1
state2[1] |= SymCryptAesSboxMatrixMult[0][ state[1][0] ][1];
state2[0] |= SymCryptAesSboxMatrixMult[0][ state[1][1] ][1] << 8;
state2[3] |= SymCryptAesSboxMatrixMult[0][ state[1][2] ][1] << 16;
state2[2] |= SymCryptAesSboxMatrixMult[0][ state[1][3] ][1] << 24;
state2[1] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][0] ][1];
state2[0] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][1] ][1] << 8;
state2[3] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][2] ][1] << 16;
state2[2] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][3] ][1] << 24;
// SubBytes/ShiftRows for col. 2
state2[2] |= SymCryptAesSboxMatrixMult[0][ state[2][0] ][1];
state2[1] |= SymCryptAesSboxMatrixMult[0][ state[2][1] ][1] << 8;
state2[0] |= SymCryptAesSboxMatrixMult[0][ state[2][2] ][1] << 16;
state2[3] |= SymCryptAesSboxMatrixMult[0][ state[2][3] ][1] << 24;
state2[2] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][0] ][1];
state2[1] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][1] ][1] << 8;
state2[0] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][2] ][1] << 16;
state2[3] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][3] ][1] << 24;
// SubBytes/ShiftRows for col. 3
state2[3] |= SymCryptAesSboxMatrixMult[0][ state[3][0] ][1];
state2[2] |= SymCryptAesSboxMatrixMult[0][ state[3][1] ][1] << 8;
state2[1] |= SymCryptAesSboxMatrixMult[0][ state[3][2] ][1] << 16;
state2[0] |= SymCryptAesSboxMatrixMult[0][ state[3][3] ][1] << 24;
state2[3] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][0] ][1];
state2[2] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][1] ][1] << 8;
state2[1] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][2] ][1] << 16;
state2[0] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][3] ][1] << 24;
// AddRoundKey
*((UINT32 *) &pbCiphertext[0 ]) = *(UINT32 *) (*keyPtr)[0] ^ state2[0];
@ -321,28 +321,28 @@ SymCryptAesDecryptC(
// Final round
// SubBytes/ShiftRows for col. 0
state2[0] = SymCryptAesInvSbox[ state[0][0] ];
state2[1] = SymCryptAesInvSbox[ state[0][1] ] << 8;
state2[2] = SymCryptAesInvSbox[ state[0][2] ] << 16;
state2[3] = SymCryptAesInvSbox[ state[0][3] ] << 24;
state2[0] = (UINT32) SymCryptAesInvSbox[ state[0][0] ];
state2[1] = (UINT32) SymCryptAesInvSbox[ state[0][1] ] << 8;
state2[2] = (UINT32) SymCryptAesInvSbox[ state[0][2] ] << 16;
state2[3] = (UINT32) SymCryptAesInvSbox[ state[0][3] ] << 24;
// SubBytes/ShiftRows for col. 1
state2[1] |= SymCryptAesInvSbox[ state[1][0] ];
state2[2] |= SymCryptAesInvSbox[ state[1][1] ] << 8;
state2[3] |= SymCryptAesInvSbox[ state[1][2] ] << 16;
state2[0] |= SymCryptAesInvSbox[ state[1][3] ] << 24;
state2[1] |= (UINT32) SymCryptAesInvSbox[ state[1][0] ];
state2[2] |= (UINT32) SymCryptAesInvSbox[ state[1][1] ] << 8;
state2[3] |= (UINT32) SymCryptAesInvSbox[ state[1][2] ] << 16;
state2[0] |= (UINT32) SymCryptAesInvSbox[ state[1][3] ] << 24;
// SubBytes/ShiftRows for col. 2
state2[2] |= SymCryptAesInvSbox[ state[2][0] ];
state2[3] |= SymCryptAesInvSbox[ state[2][1] ] << 8;
state2[0] |= SymCryptAesInvSbox[ state[2][2] ] << 16;
state2[1] |= SymCryptAesInvSbox[ state[2][3] ] << 24;
state2[2] |= (UINT32) SymCryptAesInvSbox[ state[2][0] ];
state2[3] |= (UINT32) SymCryptAesInvSbox[ state[2][1] ] << 8;
state2[0] |= (UINT32) SymCryptAesInvSbox[ state[2][2] ] << 16;
state2[1] |= (UINT32) SymCryptAesInvSbox[ state[2][3] ] << 24;
// SubBytes/ShiftRows for col. 3
state2[3] |= SymCryptAesInvSbox[ state[3][0] ];
state2[0] |= SymCryptAesInvSbox[ state[3][1] ] << 8;
state2[1] |= SymCryptAesInvSbox[ state[3][2] ] << 16;
state2[2] |= SymCryptAesInvSbox[ state[3][3] ] << 24;
state2[3] |= (UINT32) SymCryptAesInvSbox[ state[3][0] ];
state2[0] |= (UINT32) SymCryptAesInvSbox[ state[3][1] ] << 8;
state2[1] |= (UINT32) SymCryptAesInvSbox[ state[3][2] ] << 16;
state2[2] |= (UINT32) SymCryptAesInvSbox[ state[3][3] ] << 24;
// AddRoundKey
*((UINT32 *) &pbPlaintext[0 ]) = *(UINT32 *) (*keyPtr)[0] ^ state2[0];

2
lib/amd64/fdef369_asm.symcryptasm
Просмотреть файл

@ -411,7 +411,7 @@ SymCryptFdef369MontgomeryReduceAsmSubLoop:
dec D11
jnz SymCryptFdef369MontgomeryReduceAsmSubLoop
// Finally a masked copy form pSrc to pDst
// Finally a masked copy from pSrc to pDst
// copy if: Q8 == 0 && Cy = 1
sbb Q8, 0 // mask (64 bits)

4
lib/amd64/fdef_asm.symcryptasm
Просмотреть файл

@ -784,7 +784,7 @@ SymCryptFdefMontgomeryReduceAsmSubLoop:
dec D12
jnz SymCryptFdefMontgomeryReduceAsmSubLoop
// Finally a masked copy form pSrc to pDst
// Finally a masked copy from pSrc to pDst
// copy if: Q9 == 0 && Cy = 1
sbb D9, 0
@ -2083,7 +2083,7 @@ SymCryptFdefMontgomeryReduce1024AsmSubLoop:
dec D12
jnz SymCryptFdefMontgomeryReduce1024AsmSubLoop
// Finally a masked copy form pSrc to pDst
// Finally a masked copy from pSrc to pDst
// copy if: Q9 == 0 && Cy = 1
sbb D9, 0

6
lib/primes.c
Просмотреть файл

@ -94,12 +94,12 @@ SymCryptIntMillerRabinPrimalityTest(
// Check the 3 mod 4 requirement when side-channel safe
SYMCRYPT_HARD_ASSERT(
((flags & SYMCRYPT_FLAG_DATA_PUBLIC) != 0) ||
((flags & SYMCRYPT_FLAG_DATA_PUBLIC) != 0) ||
(SymCryptIntGetBit( piD, 1 )!=0) );
// Calculate R and D such that Src - 1 = D*2^R
// Notice that the loop executes only if
// the SYMCRYPT_FLAG_INT_LL_NOT_SIDE_CHANEL_SAFE is
// the SYMCRYPT_FLAG_DATA_PUBLIC is
// specified (and Src != 3 mod 4)
R = 1;
while( SymCryptIntGetBit( piD, R )==0 )
@ -131,7 +131,7 @@ SymCryptIntMillerRabinPrimalityTest(
// repeat R-1 times
// Notice that the inner loop executes only if
// the SYMCRYPT_FLAG_INT_LL_NOT_SIDE_CHANEL_SAFE is
// the SYMCRYPT_FLAG_DATA_PUBLIC is
// specified (and Src != 3 mod 4)
innerLoop = TRUE;
for (UINT32 j=0; (j<R-1)&&(innerLoop); j++)

1
module/oe_full/exports.ver
Просмотреть файл

@ -107,7 +107,6 @@ VERSION_100.17 {
SymCryptEcDhSecretAgreementSelftest;
SymCryptEcDsaSelftest;
SymCryptEcDsaSign;
SymCryptEcDsaSignDeterministic;
SymCryptEcDsaSignEx;
SymCryptEcDsaVerify;
SymCryptEcbDecrypt;

2
unittest/CMakeLists.txt
Просмотреть файл

@ -93,7 +93,7 @@ if(WIN32)
else()
add_subdirectory(exe_linux)
if(NOT CMAKE_BUILD_TYPE MATCHES Sanitize)
if(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic" AND NOT CMAKE_BUILD_TYPE MATCHES Sanitize)
add_subdirectory(exe_moduletest)
endif()
endif()

4
unittest/lib/CMakeLists.txt
Просмотреть файл

@ -55,7 +55,7 @@ if(WIN32)
)
endif()
if(WIN32)
if(WIN32 AND NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64")
list(APPEND SOURCES amd64/saveymm.asm)
set_source_files_properties(amd64/saveymm.asm PROPERTY LANGUAGE ASM_MASM)
@ -63,7 +63,7 @@ if(WIN32)
list(APPEND SOURCES i386/savexmm.asm)
set_source_files_properties(i386/savexmm.asm PROPERTY LANGUAGE ASM_MASM)
endif()
else()
elseif(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64")
list(APPEND SOURCES amd64/saveymm-gas.asm)
set_source_files_properties(amd64/saveymm-gas.asm PROPERTY LANGUAGE ASM)

54
unittest/lib/testRsaSign.cpp
Просмотреть файл

@ -49,7 +49,7 @@ rsaTestKeysAddOneFunky( UINT32 nBitsOfModulus )
PSYMCRYPT_INT piHigh = NULL;
CHECK( g_nRsaTestKeyBlobs < MAX_RSA_TESTKEYS, "?" );
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ];
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ];
SymCryptWipe( (PBYTE) pBlob, sizeof( *pBlob ) );
// Calculate the needed sizes
@ -200,7 +200,7 @@ rsaTestKeysAddOne( UINT32 bitSize )
scError = SymCryptRsakeyGenerate( pKey, &u64PubExp, 1, 0 );
CHECK( scError == SYMCRYPT_NO_ERROR, "?" );
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ];
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ];
SymCryptWipe( (PBYTE) pBlob, sizeof( *pBlob ) );
pBlob->nBitsModulus = SymCryptRsakeyModulusBits( pKey );
@ -298,7 +298,7 @@ VOID rsaTestKeysGenerate()
iprint( "]" );
cleanup:
cleanup:
return;
}
@ -324,7 +324,7 @@ rsaKeyFromTestBlob( PCRSAKEY_TESTBLOB pBlob )
&pBlob->u64PubExp, 1,
ppPrime, cbPrime, 2,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
0,
0,
pKey );
CHECK( scError == SYMCRYPT_NO_ERROR, "?" );
@ -369,17 +369,17 @@ public:
ImpPtrVector m_comps; // Subset of m_imps; set of ongoing computations
virtual NTSTATUS setKey( PCRSAKEY_TESTBLOB pcKeyBlob );
virtual NTSTATUS sign(
_In_reads_( cbHash) PCBYTE pbHash,
_In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash,
PCSTR pcstrHashAlgName,
UINT32 u32Other,
_Out_writes_( cbSig ) PBYTE pbSig,
SIZE_T cbSig ); // cbSig == cbModulus of key
virtual NTSTATUS verify(
_In_reads_( cbHash) PCBYTE pbHash,
virtual NTSTATUS verify(
_In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash,
_In_reads_( cbSig ) PCBYTE pbSig,
SIZE_T cbSig,
@ -421,7 +421,7 @@ RsaSignMultiImp::setKey( PCRSAKEY_TESTBLOB pcKeyBlob )
m_cbSig = pcKeyBlob->cbModulus;
CHECK( m_cbSig <= RSAKEY_MAXKEYSIZE, "Modulus too big" );
}
for( ImpPtrVector::iterator i = m_imps.begin(); i != m_imps.end(); ++i )
{
if( (*i)->setKey( pcKeyBlob ) == STATUS_SUCCESS )
@ -434,8 +434,8 @@ RsaSignMultiImp::setKey( PCRSAKEY_TESTBLOB pcKeyBlob )
}
NTSTATUS
RsaSignMultiImp::verify(
_In_reads_( cbHash) PCBYTE pbHash,
RsaSignMultiImp::verify(
_In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash,
_In_reads_( cbSig ) PCBYTE pbSig,
SIZE_T cbSig,
@ -461,14 +461,14 @@ RsaSignMultiImp::verify(
NTSTATUS
RsaSignMultiImp::sign(
_In_reads_( cbHash) PCBYTE pbHash,
_In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash,
PCSTR pcstrHashAlgName,
UINT32 u32Other,
_Out_writes_( cbSig ) PBYTE pbSig,
SIZE_T cbSig )
{
// RSA signatures are not necesarilly deterministic (PSS) so we do the following:
// RSA signatures are not necessarily deterministic (PSS) so we do the following:
// - Have every implementation sign
// - Have every implementation verify each signature
// - return a random signature
@ -528,7 +528,7 @@ createKatFileSinglePkcs1( FILE * f, PCRSAKEY_TESTBLOB pBlob, PCSTR hashName, UIN
fprintHex( f, pBlob->abModulus, pBlob->cbModulus );
cbTmp = SymCryptUint64Bytesize( pBlob->u64PubExp );
SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp );
SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp );
fprintf( f, "e = " );
fprintHex( f, sig, cbTmp );
@ -586,7 +586,7 @@ createKatFileSinglePss( FILE * f, PCRSAKEY_TESTBLOB pBlob, PCSTR hashName, PCSYM
fprintHex( f, pBlob->abModulus, pBlob->cbModulus );
cbTmp = SymCryptUint64Bytesize( pBlob->u64PubExp );
SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp );
SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp );
fprintf( f, "e = " );
fprintHex( f, sig, cbTmp );
@ -676,7 +676,7 @@ createKatFileRsaSign()
fclose( f );
// Generating test vectors is not normal program flow, so we abort here to avoid getting into
// Generating test vectors is not normal program flow, so we abort here to avoid getting into
// non-standard states.
CHECK( FALSE, "Written test vector file" );
}
@ -735,7 +735,7 @@ testRsaSignSingle(
VOID
testRsaSignTestkeys(
RsaSignImplementation * pRsaSign,
INT64 line )
INT64 line )
{
NTSTATUS ntStatus;
BYTE sig[RSAKEY_MAXKEYSIZE];
@ -747,10 +747,10 @@ testRsaSignTestkeys(
for( int i=0; i<MAX_RSA_TESTKEYS; i++ )
{
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ i ];
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ i ];
ntStatus = pRsaSign->setKey( pBlob );
CHECK( ntStatus == STATUS_SUCCESS, "Error setting key" );
GENRANDOM( hash, sizeof( hash ) );
UINT32 cbHash = 32;
UINT32 cbSalt = (UINT32) g_rng.sizet( 0, pBlob->cbModulus - 48 );
@ -760,9 +760,9 @@ testRsaSignTestkeys(
// iprint( "%d, ", i );
ntStatus = pRsaSign->sign( hash, cbHash, "SHA256", cbSalt, &sig[0], pBlob->cbModulus );
CHECK( NT_SUCCESS( ntStatus ), "Error in RSA signing validation" );
}
}
CHECK( pRsaSign->setKey( NULL ) == STATUS_SUCCESS, "Failed to clear key" );
}
}
VOID
testRsaSignKats()
@ -833,7 +833,7 @@ testRsaSignKats()
blob.cbPrime1 = (UINT32) P1.size();
blob.cbPrime2 = (UINT32) P2.size();
CHECK( blob.cbModulus <= RSAKEY_MAXKEYSIZE && blob.cbPrime1 <= RSAKEY_MAXKEYSIZE && blob.cbPrime2 <= RSAKEY_MAXKEYSIZE,
CHECK( blob.cbModulus <= RSAKEY_MAXKEYSIZE && blob.cbPrime1 <= RSAKEY_MAXKEYSIZE && blob.cbPrime2 <= RSAKEY_MAXKEYSIZE,
"Test vector too large" );
memcpy( blob.abModulus, N.data(), blob.cbModulus );
memcpy( blob.abPrime1, P1.data(), blob.cbPrime1 );
@ -892,10 +892,10 @@ testRsaSignPkcs1()
for( int i = 0; i < 20; i++ )
{
pKey = rsaTestKeyRandom();
pKey = rsaTestKeyRandom();
GENRANDOM( hash, sizeof( hash ) );
scError = SymCryptRsaPkcs1Sign(
scError = SymCryptRsaPkcs1Sign(
pKey,
hash, sizeof( hash ),
SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT,
@ -926,7 +926,7 @@ testRsaSignPkcs1()
CHECK( scError != SYMCRYPT_NO_ERROR, "?" );
// Sign with the second OID
scError = SymCryptRsaPkcs1Sign(
scError = SymCryptRsaPkcs1Sign(
pKey,
hash, sizeof( hash ),
SymCryptSha256OidList + 1, SYMCRYPT_SHA256_OID_COUNT - 1,
@ -955,7 +955,7 @@ testRsaSignPkcs1()
SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT,
0 );
CHECK( scError == SYMCRYPT_NO_ERROR, "?" );
SymCryptRsakeyFree( pKey );
pKey = NULL;
}
@ -973,7 +973,7 @@ testRsaSignPss()
BYTE hash[64];
UINT32 cbModulus;
NTSTATUS ntStatus;
std::unique_ptr<RsaSignMultiImp> pRsaSignMultiImp;
pRsaSignMultiImp.reset( new RsaSignMultiImp( "RsaSignPss" ) );