microsoft
/
SymCrypt
зеркало из https://github.com/microsoft/SymCrypt.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merged PR 6215627: Small bug fixes 2021/07/01 

+ Fix SYMCRYPT_INTERNAL_LOAD_LSBFIRST32 macro for generic build
+ Re-enable generic build in the pipeline
  + Only trigger for CI builds normally to avoid blocking PRs needlessly
  + Also trigger on PR builds to publish branch, to catch any regression we may not have noticed before publishing to GitHub
+ Fix a bunch of non-functional typos that I have noticed recently
+ Only run the module test when the task is running on a machine with RDSEED - the module test currently requires RDSEED.

Related work items: #34245222
This commit is contained in:
Samuel Lee 2021-07-08 19:21:24 +00:00
Родитель 8af25c22bd
Коммит 7506893113
18 изменённых файлов: 249 добавлений и 150 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

23
CMakeLists.txt
Просмотреть файл

@ -1,5 +1,10 @@
cmake_minimum_required(VERSION 3.13.0) cmake_minimum_required(VERSION 3.13.0)
if(WIN32)
# Require Windows 10 SDK version 18362 for BCRYPT_TLS_CBC_HMAC_VERIFY_FLAG
set(CMAKE_SYSTEM_VERSION 10.0.18362)
endif()
project(SymCrypt) project(SymCrypt)
if(NOT CMAKE_BUILD_TYPE) if(NOT CMAKE_BUILD_TYPE)
@ -27,10 +32,12 @@ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib/${CMAKE_SYSTEM_PROCES
set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/module/${CMAKE_SYSTEM_PROCESSOR}/${SYMCRYPT_TARGET_ENV}) set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/module/${CMAKE_SYSTEM_PROCESSOR}/${SYMCRYPT_TARGET_ENV})
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/exe/${CMAKE_SYSTEM_PROCESSOR}/${SYMCRYPT_TARGET_ENV}) set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/exe/${CMAKE_SYSTEM_PROCESSOR}/${SYMCRYPT_TARGET_ENV})
if(WIN32 AND SYMCRYPT_TARGET_ENV MATCHES "WindowsUserMode") if(WIN32)
# Enable ASM_MASM. Annoyingly, this has to be done in the main CMake file rather than in the if(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
# toolchain file # Enable ASM_MASM. Annoyingly, this has to be done in the main CMake file rather than in the
enable_language(ASM_MASM) # toolchain file
enable_language(ASM_MASM)
endif()
add_compile_options(/MP) add_compile_options(/MP)
add_compile_options(/Zp8) add_compile_options(/Zp8)
# Remove /RTC1, incompatible of /Ox # Remove /RTC1, incompatible of /Ox
@ -51,8 +58,10 @@ if(WIN32 AND SYMCRYPT_TARGET_ENV MATCHES "WindowsUserMode")
add_compile_options(/Gy) add_compile_options(/Gy)
add_compile_options(/Gw) add_compile_options(/Gw)
endif() endif()
elseif(NOT WIN32) else()
enable_language(ASM) if(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
enable_language(ASM)
endif()
add_compile_options(-Wno-deprecated-declarations -Wno-deprecated) add_compile_options(-Wno-deprecated-declarations -Wno-deprecated)
add_compile_options(-g) add_compile_options(-g)
add_compile_options(-Wno-multichar) add_compile_options(-Wno-multichar)
@ -126,7 +135,7 @@ include(build/buildInfo.cmake)
add_subdirectory(lib) add_subdirectory(lib)
if(NOT WIN32 AND NOT CMAKE_BUILD_TYPE MATCHES Sanitize) if(NOT WIN32 AND NOT SYMCRYPT_TARGET_ENV MATCHES "Generic" AND NOT CMAKE_BUILD_TYPE MATCHES Sanitize)
# Module integrity check is seen as OOB access by sanitizers, and sanitizer instrumentation # Module integrity check is seen as OOB access by sanitizers, and sanitizer instrumentation
# breaks integrity check assumptions. Only enable module when not running with sanitizers # breaks integrity check assumptions. Only enable module when not running with sanitizers
add_subdirectory(module) add_subdirectory(module)

104
azure-build-template.yml
Просмотреть файл

@ -5,11 +5,17 @@
parameters: parameters:
- name: hostos
type: string
values:
- Windows
- Linux
- name: env - name: env
type: string type: string
values: values:
- WindowsUserMode - WindowsUserMode
- LinuxUserMode - LinuxUserMode
- Generic
- name: arch - name: arch
type: string type: string
values: values:
@ -17,6 +23,7 @@ parameters:
- X86 - X86
- ARM64 - ARM64
- ARM - ARM
- Unknown
- name: cc - name: cc
type: string type: string
values: values:
@ -50,57 +57,90 @@ steps:
python -m pip install --upgrade pip setuptools wheel python -m pip install --upgrade pip setuptools wheel
pip install -r $(Build.SourcesDirectory)/scripts/requirements.txt pip install -r $(Build.SourcesDirectory)/scripts/requirements.txt
displayName: 'Install Python requirements' displayName: 'Install Python requirements'
- task: CMake@1 # Specify no toolchain file for generic build
inputs: - ${{ if eq(parameters.env, 'Generic') }}:
workingDirectory: '$(Build.SourcesDirectory)/bin' - task: CMake@1
cmakeArgs: >- inputs:
.. workingDirectory: '$(Build.SourcesDirectory)/bin'
-DCMAKE_TOOLCHAIN_FILE=../cmake-toolchain/${{parameters.env}}-${{parameters.arch}}.cmake cmakeArgs: >-
-DCMAKE_C_COMPILER=${{parameters.cc}} -DCMAKE_CXX_COMPILER=${{parameters.cxx}} ..
-DCMAKE_BUILD_TYPE=${{parameters.buildType}} -DCMAKE_C_COMPILER=${{parameters.cc}} -DCMAKE_CXX_COMPILER=${{parameters.cxx}}
${{parameters.additionalCMakeArgs}} -DCMAKE_BUILD_TYPE=${{parameters.buildType}}
${{parameters.additionalCMakeArgs}}
# Specify toolchain file based on env and arch for non-generic build
- ${{ if ne(parameters.env, 'Generic') }}:
- task: CMake@1
inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: >-
..
-DCMAKE_TOOLCHAIN_FILE=../cmake-toolchain/${{parameters.env}}-${{parameters.arch}}.cmake
-DCMAKE_C_COMPILER=${{parameters.cc}} -DCMAKE_CXX_COMPILER=${{parameters.cxx}}
-DCMAKE_BUILD_TYPE=${{parameters.buildType}}
${{parameters.additionalCMakeArgs}}
# Build with CMake # Build with CMake
# cmake --build . -j # cmake --build . -j
- ${{ if eq(parameters.env, 'WindowsUserMode') }}: - ${{ if eq(parameters.hostos, 'Windows') }}:
- task: CMake@1 - task: CMake@1
inputs: inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin' workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: '--build . -j --config ${{parameters.buildType}}' cmakeArgs: '--build . -j --config ${{parameters.buildType}}'
# Execute unit tests using the inline script # Execute unit tests using the inline script
- script: | - ${{ if ne(parameters.env, 'Generic') }}:
cd bin\exe\${{parameters.arch}}\${{parameters.env}}\${{parameters.buildType}} - script: |
.\symcryptunittest.exe cd bin\exe\${{parameters.arch}}\${{parameters.env}}\${{parameters.buildType}}
displayName: 'Execute unit tests' .\symcryptunittest.exe
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}' displayName: 'Execute unit tests'
- ${{ if eq(parameters.env, 'LinuxUserMode') }}: name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
- ${{ if eq(parameters.env, 'Generic') }}:
- script: |
cd bin\exe\%PROCESSOR_ARCHITECTURE%\${{parameters.env}}\${{parameters.buildType}}
.\symcryptunittest.exe
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
- ${{ if eq(parameters.hostos, 'Linux') }}:
- task: CMake@1 - task: CMake@1
inputs: inputs:
workingDirectory: '$(Build.SourcesDirectory)/bin' workingDirectory: '$(Build.SourcesDirectory)/bin'
cmakeArgs: '--build . -j' cmakeArgs: '--build . -j'
# Execute module test using the inline script # Increase ulimit to enable core dump in case of a test crash
- ${{ if ne(parameters.buildType, 'Sanitize') }}: - script: |
ulimit -c unlimited
displayName: 'Enable core dumps'
# Execute module and unit test using the inline script
- ${{ if ne(parameters.env, 'Generic') }}:
- script: | - script: |
cd bin/exe/${{parameters.arch}}/${{parameters.env}} cd bin/exe/${{parameters.arch}}/${{parameters.env}}
./symcryptmoduletest ulimit -c unlimited
displayName: 'Execute module test' ./symcryptunittest
- script: | displayName: 'Execute unit tests'
cd bin/exe/${{parameters.arch}}/${{parameters.env}} name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
./symcryptunittest - ${{ if ne(parameters.buildType, 'Sanitize') }}:
displayName: 'Execute unit tests' # Only run module test if rdseed is present on the CPU
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}' - script: |
cd bin/exe/${{parameters.arch}}/${{parameters.env}}
if lshw -c cpu | grep -q rdseed
then ./symcryptmoduletest
fi
displayName: 'Execute module test'
# Execute unit test using the inline script
- ${{ if eq(parameters.env, 'Generic') }}:
- script: |
archName=`uname -m`
cd bin/exe/${archName}/${{parameters.env}}
./symcryptunittest
displayName: 'Execute unit tests'
name: '${{parameters.env}}UnitTest_${{parameters.buildType}}'
# Publish artifacts so they're available in the pipeline results # Publish artifacts so they're available in the pipeline results
- publish: $(System.DefaultWorkingDirectory)/bin - publish: $(System.DefaultWorkingDirectory)/bin
artifact: 'drop-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}' artifact: 'drop-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
# Publish artifacts, core dumps and temporary files on failure # Publish artifacts, core dumps and temporary files on failure
- publish: $(System.DefaultWorkingDirectory)/bin - publish: $(System.DefaultWorkingDirectory)/bin
artifact: 'failed-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}' artifact: 'failed-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
condition: failed() condition: failed()
- publish: /var/crash
artifact: 'crash-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}'
condition: and(failed(), eq(variables['Agent.OS'], 'Linux'))
- publish: $(Agent.TempDirectory) - publish: $(Agent.TempDirectory)
artifact: 'temp-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}' artifact: 'temp-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
condition: failed() condition: failed()
- publish: $(Agent.WorkFolder) - publish: $(Agent.WorkFolder)
artifact: 'work-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}' artifact: 'work-${{parameters.hostos}}-${{parameters.env}}-${{parameters.arch}}-${{parameters.cc}}-${{parameters.buildType}}-${{parameters.additionalCMakeArgs}}'
condition: failed() condition: failed()

85
azure-pipelines.yml
Просмотреть файл

@ -2,14 +2,16 @@
# for building and testing SymCrypt in each of the target environments. For more information on Azure # for building and testing SymCrypt in each of the target environments. For more information on Azure
# Pipelines, see https://docs.microsoft.com/en-us/azure/devops/pipelines/customize-pipeline # Pipelines, see https://docs.microsoft.com/en-us/azure/devops/pipelines/customize-pipeline
# Execute the pipeline whenever a change is made to master # Execute the pipeline whenever a change is made to master or publish
trigger: trigger:
- master - master
- publish
# Execute the pipeline on any PR into master. (Currently not supported on Azure Git Repos; must # Execute the pipeline on any PR into master or publish.
# be configured through the UI.) # (Currently not supported on Azure Git Repos; must be configured through the UI.)
pr: pr:
- master - master
- publish
# List of jobs to build. Each job follows the same general format. # List of jobs to build. Each job follows the same general format.
# 1. Windows AMD64 with CPU optimizations in Debug mode # 1. Windows AMD64 with CPU optimizations in Debug mode
@ -22,6 +24,12 @@ pr:
# 8. Linux AMD64 with CPU optimizations using clang in Debug mode # 8. Linux AMD64 with CPU optimizations using clang in Debug mode
# 9. Linux AMD64 with CPU optimizations using clang in Sanitize mode # 9. Linux AMD64 with CPU optimizations using clang in Sanitize mode
# 10. Linux AMD64 with CPU optimizations using clang in Release mode # 10. Linux AMD64 with CPU optimizations using clang in Release mode
# The following jobs run only on CI and PRs to publish
# 11. Windows 64b with no CPU optimizations in Release mode
# 12. Windows 32b with no CPU optimizations in Release mode
# 13. Linux with no CPU optimizations using GCC in Release mode
# 14. Linux with no CPU optimizations using clang in Release mode
jobs: jobs:
- job: Windows_AMD64_Debug - job: Windows_AMD64_Debug
pool: pool:
@ -29,6 +37,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Windows
env: WindowsUserMode env: WindowsUserMode
arch: AMD64 arch: AMD64
cc: cl cc: cl
@ -42,6 +51,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Windows
env: WindowsUserMode env: WindowsUserMode
arch: AMD64 arch: AMD64
cc: cl cc: cl
@ -55,6 +65,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Windows
env: WindowsUserMode env: WindowsUserMode
arch: X86 arch: X86
cc: cl cc: cl
@ -68,6 +79,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Windows
env: WindowsUserMode env: WindowsUserMode
arch: X86 arch: X86
cc: cl cc: cl
@ -81,6 +93,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Linux
env: LinuxUserMode env: LinuxUserMode
arch: AMD64 arch: AMD64
cc: gcc cc: gcc
@ -94,6 +107,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Linux
env: LinuxUserMode env: LinuxUserMode
arch: AMD64 arch: AMD64
cc: gcc cc: gcc
@ -107,6 +121,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Linux
env: LinuxUserMode env: LinuxUserMode
arch: AMD64 arch: AMD64
cc: gcc cc: gcc
@ -120,6 +135,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Linux
env: LinuxUserMode env: LinuxUserMode
arch: AMD64 arch: AMD64
cc: clang cc: clang
@ -133,6 +149,7 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Linux
env: LinuxUserMode env: LinuxUserMode
arch: AMD64 arch: AMD64
cc: clang cc: clang
@ -146,9 +163,71 @@ jobs:
steps: steps:
- template: azure-build-template.yml - template: azure-build-template.yml
parameters: parameters:
hostos: Linux
env: LinuxUserMode env: LinuxUserMode
arch: AMD64 arch: AMD64
cc: clang cc: clang
cxx: clang++ cxx: clang++
buildType: Release buildType: Release
additionalCMakeArgs: additionalCMakeArgs:
- job: Generic_Windows_Win64_Release
pool:
vmImage: 'windows-2019'
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: Generic
arch: Unknown
cc: cl
cxx: cl
buildType: Release
additionalCMakeArgs:
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
- job: Generic_Windows_Win32_Release
pool:
vmImage: 'windows-2019'
steps:
- template: azure-build-template.yml
parameters:
hostos: Windows
env: Generic
arch: Unknown
cc: cl
cxx: cl
buildType: Release
additionalCMakeArgs: -A Win32
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
- job: Generic_Linux_gcc_Release
pool:
vmImage: 'ubuntu-20.04'
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: Generic
arch: Unknown
cc: gcc
cxx: g++
buildType: Release
additionalCMakeArgs:
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))
- job: Generic_Linux_clang_Release
pool:
vmImage: 'ubuntu-20.04'
steps:
- template: azure-build-template.yml
parameters:
hostos: Linux
env: Generic
arch: Unknown
cc: clang
cxx: clang++
buildType: Release
additionalCMakeArgs:
condition: or(eq(variables['System.PullRequest.TargetBranch'], 'refs/heads/publish'), in(variables['Build.Reason'], 'IndividualCI', 'BatchedCI'))

3
cmake-toolchain/WindowsUserMode-AMD64.cmake
Просмотреть файл

@ -1,9 +1,6 @@
# This toolchain file configures CMake options for Windows User Mode AMD64 compilation with CPU optimizations. # This toolchain file configures CMake options for Windows User Mode AMD64 compilation with CPU optimizations.
# To use the toolchain file, run cmake .. -DCMAKE_TOOLCHAIN_FILE=cmake-toolchain/WindowsUserMode-AMD64.cmake # To use the toolchain file, run cmake .. -DCMAKE_TOOLCHAIN_FILE=cmake-toolchain/WindowsUserMode-AMD64.cmake
# Require Windows 10 SDK version 18362 for BCRYPT_TLS_CBC_HMAC_VERIFY_FLAG
set(CMAKE_SYSTEM_VERSION 10.0.18362)
# Set CMake variables that subsequent CMake scripts can check against # Set CMake variables that subsequent CMake scripts can check against
set(CMAKE_SYSTEM_NAME Windows) set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR AMD64) set(CMAKE_SYSTEM_PROCESSOR AMD64)

3
cmake-toolchain/WindowsUserMode-X86.cmake
Просмотреть файл

@ -6,9 +6,6 @@
# toolchain file, so if you don't provide "-A Win32" it will try to use the 64-bit compiler and assembler # toolchain file, so if you don't provide "-A Win32" it will try to use the 64-bit compiler and assembler
# and will fail.) # and will fail.)
# Require Windows 10 SDK version 18362 for BCRYPT_TLS_CBC_HMAC_VERIFY_FLAG
set(CMAKE_SYSTEM_VERSION 10.0.18362)
# Set CMake variables that subsequent CMake scripts can check against # Set CMake variables that subsequent CMake scripts can check against
set(CMAKE_SYSTEM_NAME Windows) set(CMAKE_SYSTEM_NAME Windows)
set(CMAKE_SYSTEM_PROCESSOR X86) set(CMAKE_SYSTEM_PROCESSOR X86)

26
inc/symcrypt.h
Просмотреть файл

@ -76,7 +76,7 @@ extern "C" {
// corresponding data. If the function accepts a pointer-to-non-const it must be // corresponding data. If the function accepts a pointer-to-non-const it must be
// assumed to both read and write the data. // assumed to both read and write the data.
// It is safe for two threads to use the same data element as long as both of them // It is safe for two threads to use the same data element as long as both of them
// are only reading form it. For example, an expanded key is typically passed as // are only reading from it. For example, an expanded key is typically passed as
// a pointer-to-const to the encryption and decryption routines. Thus, multiple // a pointer-to-const to the encryption and decryption routines. Thus, multiple
// threads can perform multiple encryptions/decryptions in parallel using the // threads can perform multiple encryptions/decryptions in parallel using the
// same expanded key. // same expanded key.
@ -270,7 +270,7 @@ typedef enum _SYMCRYPT_DLGROUP_DH_SAFEPRIMETYPE {
// //
// A variety of useful macros. // A variety of useful macros.
// //
// The load/store macros convert from integer types to an array of bytes and visa versa. // The load/store macros convert from integer types to an array of bytes and vice versa.
// LOAD<n>_* (p) loads a value of <n> bits from the byte pointer p. // LOAD<n>_* (p) loads a value of <n> bits from the byte pointer p.
// STORE<n>_* (p,v) stores the n-bit value v to byte pointer p. // STORE<n>_* (p,v) stores the n-bit value v to byte pointer p.
// The macros can either do Most Significant Byte first (big-endian) or // The macros can either do Most Significant Byte first (big-endian) or
@ -6160,28 +6160,6 @@ SymCryptEcDsaSign(
// not be truncated. // not be truncated.
// //
_Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR
SYMCRYPT_CALL
SymCryptEcDsaSignDeterministic(
_In_ PCSYMCRYPT_ECKEY pKey,
_In_reads_bytes_( cbHashValue ) PCBYTE pbHashValue,
SIZE_T cbHashValue,
SYMCRYPT_NUMBER_FORMAT format,
PCSYMCRYPT_MAC pMac,
UINT32 flags,
_Out_writes_bytes_( cbSignature ) PBYTE pbSignature,
SIZE_T cbSignature );
//
// Same as SymCryptEcDsaSign, but uses the Mac algorithm to compute the 'k' value
// from the hash value and the private key, rather than generate a random 'k' value.
// This makes the signature algorithm deterministic, and avoids the need for an RNG.
//
// Allowed flags:
// SYMCRYPT_FLAG_ECDSA_NO_TRUNCATION: If set then the hash value will
// not be truncated.
//
_Success_(return == SYMCRYPT_NO_ERROR) _Success_(return == SYMCRYPT_NO_ERROR)
SYMCRYPT_ERROR SYMCRYPT_ERROR
SYMCRYPT_CALL SYMCRYPT_CALL

2
inc/symcrypt_internal.h
Просмотреть файл

@ -542,7 +542,7 @@ SymCryptCpuFeaturesNeverPresent();
#define SYMCRYPT_INTERNAL_LOAD_MSBFIRST16( p ) ( ((UINT16)((PBYTE)p)[0]) << 8 | ((PBYTE)p)[1] ) #define SYMCRYPT_INTERNAL_LOAD_MSBFIRST16( p ) ( ((UINT16)((PBYTE)p)[0]) << 8 | ((PBYTE)p)[1] )
#define SYMCRYPT_INTERNAL_LOAD_LSBFIRST16( p ) ( ((UINT16)((PBYTE)p)[1]) << 8 | ((PBYTE)p)[0] ) #define SYMCRYPT_INTERNAL_LOAD_LSBFIRST16( p ) ( ((UINT16)((PBYTE)p)[1]) << 8 | ((PBYTE)p)[0] )
#define SYMCRYPT_INTERNAL_LOAD_MSBFIRST32( p ) ( (UINT32)SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[0]) << 16 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[2]) ) #define SYMCRYPT_INTERNAL_LOAD_MSBFIRST32( p ) ( (UINT32)SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[0]) << 16 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[2]) )
#define SYMCRYPT_INTERNAL_LOAD_LSBFIRST32( p ) ( (UINT32)SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[2]) << 16 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST16(&((PBYTE)p)[0]) ) #define SYMCRYPT_INTERNAL_LOAD_LSBFIRST32( p ) ( (UINT32)SYMCRYPT_INTERNAL_LOAD_LSBFIRST16(&((PBYTE)p)[2]) << 16 | SYMCRYPT_INTERNAL_LOAD_LSBFIRST16(&((PBYTE)p)[0]) )
#define SYMCRYPT_INTERNAL_LOAD_MSBFIRST64( p ) ( (UINT64)SYMCRYPT_INTERNAL_LOAD_MSBFIRST32(&((PBYTE)p)[0]) << 32 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST32(&((PBYTE)p)[4]) ) #define SYMCRYPT_INTERNAL_LOAD_MSBFIRST64( p ) ( (UINT64)SYMCRYPT_INTERNAL_LOAD_MSBFIRST32(&((PBYTE)p)[0]) << 32 | SYMCRYPT_INTERNAL_LOAD_MSBFIRST32(&((PBYTE)p)[4]) )
#define SYMCRYPT_INTERNAL_LOAD_LSBFIRST64( p ) ( (UINT64)SYMCRYPT_INTERNAL_LOAD_LSBFIRST32(&((PBYTE)p)[4]) << 32 | SYMCRYPT_INTERNAL_LOAD_LSBFIRST32(&((PBYTE)p)[0]) ) #define SYMCRYPT_INTERNAL_LOAD_LSBFIRST64( p ) ( (UINT64)SYMCRYPT_INTERNAL_LOAD_LSBFIRST32(&((PBYTE)p)[4]) << 32 | SYMCRYPT_INTERNAL_LOAD_LSBFIRST32(&((PBYTE)p)[0]) )

2
inc/symcrypt_low_level.h
Просмотреть файл

@ -654,7 +654,7 @@ SymCryptIntGetValue(
SIZE_T cbDst, SIZE_T cbDst,
SYMCRYPT_NUMBER_FORMAT format ); SYMCRYPT_NUMBER_FORMAT format );
// //
// Convert a value form the internal number representation to a byte array. // Convert a value from the internal number representation to a byte array.
// //
// Src is the number whose value is to be stored in a byte array // Src is the number whose value is to be stored in a byte array
// (pbDst, cbDst) the destination buffer // (pbDst, cbDst) the destination buffer

12
inc/symcrypt_version.inc
Просмотреть файл

@ -3,24 +3,24 @@
; Copyright (c) Microsoft Corporation. Licensed under the MIT license. ; Copyright (c) Microsoft Corporation. Licensed under the MIT license.
; ;
; This is the file that contains the SymCrypt version information. ; This is the file that contains the SymCrypt version information.
; ;
; THIS FILE IS INCLUDED BOTH IN C AND ASSEMBLER CODE ; THIS FILE IS INCLUDED BOTH IN C AND ASSEMBLER CODE
; which is why the layout is strange. ; which is why the layout is strange.
; The first line is ";/_*" (without the _) ; The first line is ";/_*" (without the _)
; which is an assembler comment, and the start of a C comment. ; which is an assembler comment, and the start of a C comment.
; (In C an extra semicolon is allowed.) ; (In C an extra semicolon is allowed.)
; (The extra _ is added above to not break compilers who violate the C standard and ; (The extra _ is added above to not break compilers who violate the C standard and
; allow nested slash-star comments.) ; allow nested slash-star comments.)
; Below we have separate areas where the C and ASM version numbers are defined. ; Below we have separate areas where the C and ASM version numbers are defined.
; These should always be the same. ; These should always be the same.
; ;
; In previous releases we had a numbering system with major/minor version number. ; In previous releases we had a numbering system with major/minor version number.
; This worked well with the sequential servicing imposed by SourceDepot. ; This worked well with the sequential servicing imposed by SourceDepot.
; With the switch to Git this no longer works due to having multiple branches. ; With the switch to Git this no longer works due to having multiple branches.
; We move to having the version here only specify the API and minor version number ; We move to having the version here only specify the API and minor version number
; These will NOT be changed for every build. The API version only changes when there are ; These will NOT be changed for every build. The API version only changes when there are
; changes to the API in symcrypt.h. (Note: symcrypt_low_level.h is not stable and can change ; changes to the API in symcrypt.h. (Note: symcrypt_low_level.h is not stable and can change
; at any time.) The minor version is changed at regular intervals, but not necesarilly at ; at any time.) The minor version is changed at regular intervals, but not necessarily at
; every build of the library. ; every build of the library.
; ;
; Separate from these numbers the build system includes information about the branch, ; Separate from these numbers the build system includes information about the branch,
@ -44,4 +44,4 @@ SYMCRYPT_CODE_VERSION_PATCH EQU 0
;/* ; Switch back into a C comment so that we can close the IF ;/* ; Switch back into a C comment so that we can close the IF
endif endif
;*/ ;*/

2
lib/CMakeLists.txt
Просмотреть файл

@ -220,7 +220,7 @@ if(WIN32 AND NOT(SYMCRYPT_TARGET_ENV MATCHES "Generic"))
set_source_files_properties( set_source_files_properties(
i386/fdef_asm-masm.asm PROPERTIES INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/i386) i386/fdef_asm-masm.asm PROPERTIES INCLUDE_DIRECTORIES ${CMAKE_CURRENT_SOURCE_DIR}/i386)
endif() endif()
else() elseif(NOT(SYMCRYPT_TARGET_ENV MATCHES "Generic"))
if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64") if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64")
process_symcryptasm(amd64/aesasm.symcryptasm gas amd64) process_symcryptasm(amd64/aesasm.symcryptasm gas amd64)
process_symcryptasm(amd64/fdef_asm.symcryptasm gas amd64) process_symcryptasm(amd64/fdef_asm.symcryptasm gas amd64)

64
lib/aes-c.c
Просмотреть файл

@ -200,28 +200,28 @@ SymCryptAesEncryptC(
// Final round // Final round
// SubBytes/ShiftRows for col. 0 // SubBytes/ShiftRows for col. 0
state2[0] = SymCryptAesSboxMatrixMult[0][ state[0][0] ][1]; state2[0] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][0] ][1];
state2[3] = SymCryptAesSboxMatrixMult[0][ state[0][1] ][1] << 8; state2[3] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][1] ][1] << 8;
state2[2] = SymCryptAesSboxMatrixMult[0][ state[0][2] ][1] << 16; state2[2] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][2] ][1] << 16;
state2[1] = SymCryptAesSboxMatrixMult[0][ state[0][3] ][1] << 24; state2[1] = (UINT32) SymCryptAesSboxMatrixMult[0][ state[0][3] ][1] << 24;
// SubBytes/ShiftRows for col. 1 // SubBytes/ShiftRows for col. 1
state2[1] |= SymCryptAesSboxMatrixMult[0][ state[1][0] ][1]; state2[1] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][0] ][1];
state2[0] |= SymCryptAesSboxMatrixMult[0][ state[1][1] ][1] << 8; state2[0] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][1] ][1] << 8;
state2[3] |= SymCryptAesSboxMatrixMult[0][ state[1][2] ][1] << 16; state2[3] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][2] ][1] << 16;
state2[2] |= SymCryptAesSboxMatrixMult[0][ state[1][3] ][1] << 24; state2[2] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[1][3] ][1] << 24;
// SubBytes/ShiftRows for col. 2 // SubBytes/ShiftRows for col. 2
state2[2] |= SymCryptAesSboxMatrixMult[0][ state[2][0] ][1]; state2[2] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][0] ][1];
state2[1] |= SymCryptAesSboxMatrixMult[0][ state[2][1] ][1] << 8; state2[1] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][1] ][1] << 8;
state2[0] |= SymCryptAesSboxMatrixMult[0][ state[2][2] ][1] << 16; state2[0] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][2] ][1] << 16;
state2[3] |= SymCryptAesSboxMatrixMult[0][ state[2][3] ][1] << 24; state2[3] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[2][3] ][1] << 24;
// SubBytes/ShiftRows for col. 3 // SubBytes/ShiftRows for col. 3
state2[3] |= SymCryptAesSboxMatrixMult[0][ state[3][0] ][1]; state2[3] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][0] ][1];
state2[2] |= SymCryptAesSboxMatrixMult[0][ state[3][1] ][1] << 8; state2[2] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][1] ][1] << 8;
state2[1] |= SymCryptAesSboxMatrixMult[0][ state[3][2] ][1] << 16; state2[1] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][2] ][1] << 16;
state2[0] |= SymCryptAesSboxMatrixMult[0][ state[3][3] ][1] << 24; state2[0] |= (UINT32) SymCryptAesSboxMatrixMult[0][ state[3][3] ][1] << 24;
// AddRoundKey // AddRoundKey
*((UINT32 *) &pbCiphertext[0 ]) = *(UINT32 *) (*keyPtr)[0] ^ state2[0]; *((UINT32 *) &pbCiphertext[0 ]) = *(UINT32 *) (*keyPtr)[0] ^ state2[0];
@ -321,28 +321,28 @@ SymCryptAesDecryptC(
// Final round // Final round
// SubBytes/ShiftRows for col. 0 // SubBytes/ShiftRows for col. 0
state2[0] = SymCryptAesInvSbox[ state[0][0] ]; state2[0] = (UINT32) SymCryptAesInvSbox[ state[0][0] ];
state2[1] = SymCryptAesInvSbox[ state[0][1] ] << 8; state2[1] = (UINT32) SymCryptAesInvSbox[ state[0][1] ] << 8;
state2[2] = SymCryptAesInvSbox[ state[0][2] ] << 16; state2[2] = (UINT32) SymCryptAesInvSbox[ state[0][2] ] << 16;
state2[3] = SymCryptAesInvSbox[ state[0][3] ] << 24; state2[3] = (UINT32) SymCryptAesInvSbox[ state[0][3] ] << 24;
// SubBytes/ShiftRows for col. 1 // SubBytes/ShiftRows for col. 1
state2[1] |= SymCryptAesInvSbox[ state[1][0] ]; state2[1] |= (UINT32) SymCryptAesInvSbox[ state[1][0] ];
state2[2] |= SymCryptAesInvSbox[ state[1][1] ] << 8; state2[2] |= (UINT32) SymCryptAesInvSbox[ state[1][1] ] << 8;
state2[3] |= SymCryptAesInvSbox[ state[1][2] ] << 16; state2[3] |= (UINT32) SymCryptAesInvSbox[ state[1][2] ] << 16;
state2[0] |= SymCryptAesInvSbox[ state[1][3] ] << 24; state2[0] |= (UINT32) SymCryptAesInvSbox[ state[1][3] ] << 24;
// SubBytes/ShiftRows for col. 2 // SubBytes/ShiftRows for col. 2
state2[2] |= SymCryptAesInvSbox[ state[2][0] ]; state2[2] |= (UINT32) SymCryptAesInvSbox[ state[2][0] ];
state2[3] |= SymCryptAesInvSbox[ state[2][1] ] << 8; state2[3] |= (UINT32) SymCryptAesInvSbox[ state[2][1] ] << 8;
state2[0] |= SymCryptAesInvSbox[ state[2][2] ] << 16; state2[0] |= (UINT32) SymCryptAesInvSbox[ state[2][2] ] << 16;
state2[1] |= SymCryptAesInvSbox[ state[2][3] ] << 24; state2[1] |= (UINT32) SymCryptAesInvSbox[ state[2][3] ] << 24;
// SubBytes/ShiftRows for col. 3 // SubBytes/ShiftRows for col. 3
state2[3] |= SymCryptAesInvSbox[ state[3][0] ]; state2[3] |= (UINT32) SymCryptAesInvSbox[ state[3][0] ];
state2[0] |= SymCryptAesInvSbox[ state[3][1] ] << 8; state2[0] |= (UINT32) SymCryptAesInvSbox[ state[3][1] ] << 8;
state2[1] |= SymCryptAesInvSbox[ state[3][2] ] << 16; state2[1] |= (UINT32) SymCryptAesInvSbox[ state[3][2] ] << 16;
state2[2] |= SymCryptAesInvSbox[ state[3][3] ] << 24; state2[2] |= (UINT32) SymCryptAesInvSbox[ state[3][3] ] << 24;
// AddRoundKey // AddRoundKey
*((UINT32 *) &pbPlaintext[0 ]) = *(UINT32 *) (*keyPtr)[0] ^ state2[0]; *((UINT32 *) &pbPlaintext[0 ]) = *(UINT32 *) (*keyPtr)[0] ^ state2[0];

2
lib/amd64/fdef369_asm.symcryptasm
Просмотреть файл

@ -411,7 +411,7 @@ SymCryptFdef369MontgomeryReduceAsmSubLoop:
dec D11 dec D11
jnz SymCryptFdef369MontgomeryReduceAsmSubLoop jnz SymCryptFdef369MontgomeryReduceAsmSubLoop
// Finally a masked copy form pSrc to pDst // Finally a masked copy from pSrc to pDst
// copy if: Q8 == 0 && Cy = 1 // copy if: Q8 == 0 && Cy = 1
sbb Q8, 0 // mask (64 bits) sbb Q8, 0 // mask (64 bits)

4
lib/amd64/fdef_asm.symcryptasm
Просмотреть файл

@ -784,7 +784,7 @@ SymCryptFdefMontgomeryReduceAsmSubLoop:
dec D12 dec D12
jnz SymCryptFdefMontgomeryReduceAsmSubLoop jnz SymCryptFdefMontgomeryReduceAsmSubLoop
// Finally a masked copy form pSrc to pDst // Finally a masked copy from pSrc to pDst
// copy if: Q9 == 0 && Cy = 1 // copy if: Q9 == 0 && Cy = 1
sbb D9, 0 sbb D9, 0
@ -2083,7 +2083,7 @@ SymCryptFdefMontgomeryReduce1024AsmSubLoop:
dec D12 dec D12
jnz SymCryptFdefMontgomeryReduce1024AsmSubLoop jnz SymCryptFdefMontgomeryReduce1024AsmSubLoop
// Finally a masked copy form pSrc to pDst // Finally a masked copy from pSrc to pDst
// copy if: Q9 == 0 && Cy = 1 // copy if: Q9 == 0 && Cy = 1
sbb D9, 0 sbb D9, 0

6
lib/primes.c
Просмотреть файл

@ -94,12 +94,12 @@ SymCryptIntMillerRabinPrimalityTest(
// Check the 3 mod 4 requirement when side-channel safe // Check the 3 mod 4 requirement when side-channel safe
SYMCRYPT_HARD_ASSERT( SYMCRYPT_HARD_ASSERT(
((flags & SYMCRYPT_FLAG_DATA_PUBLIC) != 0) || ((flags & SYMCRYPT_FLAG_DATA_PUBLIC) != 0) ||
(SymCryptIntGetBit( piD, 1 )!=0) ); (SymCryptIntGetBit( piD, 1 )!=0) );
// Calculate R and D such that Src - 1 = D*2^R // Calculate R and D such that Src - 1 = D*2^R
// Notice that the loop executes only if // Notice that the loop executes only if
// the SYMCRYPT_FLAG_INT_LL_NOT_SIDE_CHANEL_SAFE is // the SYMCRYPT_FLAG_DATA_PUBLIC is
// specified (and Src != 3 mod 4) // specified (and Src != 3 mod 4)
R = 1; R = 1;
while( SymCryptIntGetBit( piD, R )==0 ) while( SymCryptIntGetBit( piD, R )==0 )
@ -131,7 +131,7 @@ SymCryptIntMillerRabinPrimalityTest(
// repeat R-1 times // repeat R-1 times
// Notice that the inner loop executes only if // Notice that the inner loop executes only if
// the SYMCRYPT_FLAG_INT_LL_NOT_SIDE_CHANEL_SAFE is // the SYMCRYPT_FLAG_DATA_PUBLIC is
// specified (and Src != 3 mod 4) // specified (and Src != 3 mod 4)
innerLoop = TRUE; innerLoop = TRUE;
for (UINT32 j=0; (j<R-1)&&(innerLoop); j++) for (UINT32 j=0; (j<R-1)&&(innerLoop); j++)

1
module/oe_full/exports.ver
Просмотреть файл

@ -107,7 +107,6 @@ VERSION_100.17 {
SymCryptEcDhSecretAgreementSelftest; SymCryptEcDhSecretAgreementSelftest;
SymCryptEcDsaSelftest; SymCryptEcDsaSelftest;
SymCryptEcDsaSign; SymCryptEcDsaSign;
SymCryptEcDsaSignDeterministic;
SymCryptEcDsaSignEx; SymCryptEcDsaSignEx;
SymCryptEcDsaVerify; SymCryptEcDsaVerify;
SymCryptEcbDecrypt; SymCryptEcbDecrypt;

2
unittest/CMakeLists.txt
Просмотреть файл

@ -93,7 +93,7 @@ if(WIN32)
else() else()
add_subdirectory(exe_linux) add_subdirectory(exe_linux)
if(NOT CMAKE_BUILD_TYPE MATCHES Sanitize) if(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic" AND NOT CMAKE_BUILD_TYPE MATCHES Sanitize)
add_subdirectory(exe_moduletest) add_subdirectory(exe_moduletest)
endif() endif()
endif() endif()

4
unittest/lib/CMakeLists.txt
Просмотреть файл

@ -55,7 +55,7 @@ if(WIN32)
) )
endif() endif()
if(WIN32) if(WIN32 AND NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64") if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64")
list(APPEND SOURCES amd64/saveymm.asm) list(APPEND SOURCES amd64/saveymm.asm)
set_source_files_properties(amd64/saveymm.asm PROPERTY LANGUAGE ASM_MASM) set_source_files_properties(amd64/saveymm.asm PROPERTY LANGUAGE ASM_MASM)
@ -63,7 +63,7 @@ if(WIN32)
list(APPEND SOURCES i386/savexmm.asm) list(APPEND SOURCES i386/savexmm.asm)
set_source_files_properties(i386/savexmm.asm PROPERTY LANGUAGE ASM_MASM) set_source_files_properties(i386/savexmm.asm PROPERTY LANGUAGE ASM_MASM)
endif() endif()
else() elseif(NOT SYMCRYPT_TARGET_ENV MATCHES "Generic")
if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64") if(CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64")
list(APPEND SOURCES amd64/saveymm-gas.asm) list(APPEND SOURCES amd64/saveymm-gas.asm)
set_source_files_properties(amd64/saveymm-gas.asm PROPERTY LANGUAGE ASM) set_source_files_properties(amd64/saveymm-gas.asm PROPERTY LANGUAGE ASM)

54
unittest/lib/testRsaSign.cpp
Просмотреть файл

@ -49,7 +49,7 @@ rsaTestKeysAddOneFunky( UINT32 nBitsOfModulus )
PSYMCRYPT_INT piHigh = NULL; PSYMCRYPT_INT piHigh = NULL;
CHECK( g_nRsaTestKeyBlobs < MAX_RSA_TESTKEYS, "?" ); CHECK( g_nRsaTestKeyBlobs < MAX_RSA_TESTKEYS, "?" );
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ]; PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ];
SymCryptWipe( (PBYTE) pBlob, sizeof( *pBlob ) ); SymCryptWipe( (PBYTE) pBlob, sizeof( *pBlob ) );
// Calculate the needed sizes // Calculate the needed sizes
@ -200,7 +200,7 @@ rsaTestKeysAddOne( UINT32 bitSize )
scError = SymCryptRsakeyGenerate( pKey, &u64PubExp, 1, 0 ); scError = SymCryptRsakeyGenerate( pKey, &u64PubExp, 1, 0 );
CHECK( scError == SYMCRYPT_NO_ERROR, "?" ); CHECK( scError == SYMCRYPT_NO_ERROR, "?" );
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ]; PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ g_nRsaTestKeyBlobs++ ];
SymCryptWipe( (PBYTE) pBlob, sizeof( *pBlob ) ); SymCryptWipe( (PBYTE) pBlob, sizeof( *pBlob ) );
pBlob->nBitsModulus = SymCryptRsakeyModulusBits( pKey ); pBlob->nBitsModulus = SymCryptRsakeyModulusBits( pKey );
@ -298,7 +298,7 @@ VOID rsaTestKeysGenerate()
iprint( "]" ); iprint( "]" );
cleanup: cleanup:
return; return;
} }
@ -324,7 +324,7 @@ rsaKeyFromTestBlob( PCRSAKEY_TESTBLOB pBlob )
&pBlob->u64PubExp, 1, &pBlob->u64PubExp, 1,
ppPrime, cbPrime, 2, ppPrime, cbPrime, 2,
SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
0, 0,
pKey ); pKey );
CHECK( scError == SYMCRYPT_NO_ERROR, "?" ); CHECK( scError == SYMCRYPT_NO_ERROR, "?" );
@ -369,17 +369,17 @@ public:
ImpPtrVector m_comps; // Subset of m_imps; set of ongoing computations ImpPtrVector m_comps; // Subset of m_imps; set of ongoing computations
virtual NTSTATUS setKey( PCRSAKEY_TESTBLOB pcKeyBlob ); virtual NTSTATUS setKey( PCRSAKEY_TESTBLOB pcKeyBlob );
virtual NTSTATUS sign( virtual NTSTATUS sign(
_In_reads_( cbHash) PCBYTE pbHash, _In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash, SIZE_T cbHash,
PCSTR pcstrHashAlgName, PCSTR pcstrHashAlgName,
UINT32 u32Other, UINT32 u32Other,
_Out_writes_( cbSig ) PBYTE pbSig, _Out_writes_( cbSig ) PBYTE pbSig,
SIZE_T cbSig ); // cbSig == cbModulus of key SIZE_T cbSig ); // cbSig == cbModulus of key
virtual NTSTATUS verify( virtual NTSTATUS verify(
_In_reads_( cbHash) PCBYTE pbHash, _In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash, SIZE_T cbHash,
_In_reads_( cbSig ) PCBYTE pbSig, _In_reads_( cbSig ) PCBYTE pbSig,
SIZE_T cbSig, SIZE_T cbSig,
@ -421,7 +421,7 @@ RsaSignMultiImp::setKey( PCRSAKEY_TESTBLOB pcKeyBlob )
m_cbSig = pcKeyBlob->cbModulus; m_cbSig = pcKeyBlob->cbModulus;
CHECK( m_cbSig <= RSAKEY_MAXKEYSIZE, "Modulus too big" ); CHECK( m_cbSig <= RSAKEY_MAXKEYSIZE, "Modulus too big" );
} }
for( ImpPtrVector::iterator i = m_imps.begin(); i != m_imps.end(); ++i ) for( ImpPtrVector::iterator i = m_imps.begin(); i != m_imps.end(); ++i )
{ {
if( (*i)->setKey( pcKeyBlob ) == STATUS_SUCCESS ) if( (*i)->setKey( pcKeyBlob ) == STATUS_SUCCESS )
@ -434,8 +434,8 @@ RsaSignMultiImp::setKey( PCRSAKEY_TESTBLOB pcKeyBlob )
} }
NTSTATUS NTSTATUS
RsaSignMultiImp::verify( RsaSignMultiImp::verify(
_In_reads_( cbHash) PCBYTE pbHash, _In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash, SIZE_T cbHash,
_In_reads_( cbSig ) PCBYTE pbSig, _In_reads_( cbSig ) PCBYTE pbSig,
SIZE_T cbSig, SIZE_T cbSig,
@ -461,14 +461,14 @@ RsaSignMultiImp::verify(
NTSTATUS NTSTATUS
RsaSignMultiImp::sign( RsaSignMultiImp::sign(
_In_reads_( cbHash) PCBYTE pbHash, _In_reads_( cbHash) PCBYTE pbHash,
SIZE_T cbHash, SIZE_T cbHash,
PCSTR pcstrHashAlgName, PCSTR pcstrHashAlgName,
UINT32 u32Other, UINT32 u32Other,
_Out_writes_( cbSig ) PBYTE pbSig, _Out_writes_( cbSig ) PBYTE pbSig,
SIZE_T cbSig ) SIZE_T cbSig )
{ {
// RSA signatures are not necesarilly deterministic (PSS) so we do the following: // RSA signatures are not necessarily deterministic (PSS) so we do the following:
// - Have every implementation sign // - Have every implementation sign
// - Have every implementation verify each signature // - Have every implementation verify each signature
// - return a random signature // - return a random signature
@ -528,7 +528,7 @@ createKatFileSinglePkcs1( FILE * f, PCRSAKEY_TESTBLOB pBlob, PCSTR hashName, UIN
fprintHex( f, pBlob->abModulus, pBlob->cbModulus ); fprintHex( f, pBlob->abModulus, pBlob->cbModulus );
cbTmp = SymCryptUint64Bytesize( pBlob->u64PubExp ); cbTmp = SymCryptUint64Bytesize( pBlob->u64PubExp );
SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp ); SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp );
fprintf( f, "e = " ); fprintf( f, "e = " );
fprintHex( f, sig, cbTmp ); fprintHex( f, sig, cbTmp );
@ -586,7 +586,7 @@ createKatFileSinglePss( FILE * f, PCRSAKEY_TESTBLOB pBlob, PCSTR hashName, PCSYM
fprintHex( f, pBlob->abModulus, pBlob->cbModulus ); fprintHex( f, pBlob->abModulus, pBlob->cbModulus );
cbTmp = SymCryptUint64Bytesize( pBlob->u64PubExp ); cbTmp = SymCryptUint64Bytesize( pBlob->u64PubExp );
SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp ); SymCryptStoreMsbFirstUint64( pBlob->u64PubExp, sig, cbTmp );
fprintf( f, "e = " ); fprintf( f, "e = " );
fprintHex( f, sig, cbTmp ); fprintHex( f, sig, cbTmp );
@ -676,7 +676,7 @@ createKatFileRsaSign()
fclose( f ); fclose( f );
// Generating test vectors is not normal program flow, so we abort here to avoid getting into // Generating test vectors is not normal program flow, so we abort here to avoid getting into
// non-standard states. // non-standard states.
CHECK( FALSE, "Written test vector file" ); CHECK( FALSE, "Written test vector file" );
} }
@ -735,7 +735,7 @@ testRsaSignSingle(
VOID VOID
testRsaSignTestkeys( testRsaSignTestkeys(
RsaSignImplementation * pRsaSign, RsaSignImplementation * pRsaSign,
INT64 line ) INT64 line )
{ {
NTSTATUS ntStatus; NTSTATUS ntStatus;
BYTE sig[RSAKEY_MAXKEYSIZE]; BYTE sig[RSAKEY_MAXKEYSIZE];
@ -747,10 +747,10 @@ testRsaSignTestkeys(
for( int i=0; i<MAX_RSA_TESTKEYS; i++ ) for( int i=0; i<MAX_RSA_TESTKEYS; i++ )
{ {
PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ i ]; PRSAKEY_TESTBLOB pBlob = &g_RsaTestKeyBlobs[ i ];
ntStatus = pRsaSign->setKey( pBlob ); ntStatus = pRsaSign->setKey( pBlob );
CHECK( ntStatus == STATUS_SUCCESS, "Error setting key" ); CHECK( ntStatus == STATUS_SUCCESS, "Error setting key" );
GENRANDOM( hash, sizeof( hash ) ); GENRANDOM( hash, sizeof( hash ) );
UINT32 cbHash = 32; UINT32 cbHash = 32;
UINT32 cbSalt = (UINT32) g_rng.sizet( 0, pBlob->cbModulus - 48 ); UINT32 cbSalt = (UINT32) g_rng.sizet( 0, pBlob->cbModulus - 48 );
@ -760,9 +760,9 @@ testRsaSignTestkeys(
// iprint( "%d, ", i ); // iprint( "%d, ", i );
ntStatus = pRsaSign->sign( hash, cbHash, "SHA256", cbSalt, &sig[0], pBlob->cbModulus ); ntStatus = pRsaSign->sign( hash, cbHash, "SHA256", cbSalt, &sig[0], pBlob->cbModulus );
CHECK( NT_SUCCESS( ntStatus ), "Error in RSA signing validation" ); CHECK( NT_SUCCESS( ntStatus ), "Error in RSA signing validation" );
} }
CHECK( pRsaSign->setKey( NULL ) == STATUS_SUCCESS, "Failed to clear key" ); CHECK( pRsaSign->setKey( NULL ) == STATUS_SUCCESS, "Failed to clear key" );
} }
VOID VOID
testRsaSignKats() testRsaSignKats()
@ -833,7 +833,7 @@ testRsaSignKats()
blob.cbPrime1 = (UINT32) P1.size(); blob.cbPrime1 = (UINT32) P1.size();
blob.cbPrime2 = (UINT32) P2.size(); blob.cbPrime2 = (UINT32) P2.size();
CHECK( blob.cbModulus <= RSAKEY_MAXKEYSIZE && blob.cbPrime1 <= RSAKEY_MAXKEYSIZE && blob.cbPrime2 <= RSAKEY_MAXKEYSIZE, CHECK( blob.cbModulus <= RSAKEY_MAXKEYSIZE && blob.cbPrime1 <= RSAKEY_MAXKEYSIZE && blob.cbPrime2 <= RSAKEY_MAXKEYSIZE,
"Test vector too large" ); "Test vector too large" );
memcpy( blob.abModulus, N.data(), blob.cbModulus ); memcpy( blob.abModulus, N.data(), blob.cbModulus );
memcpy( blob.abPrime1, P1.data(), blob.cbPrime1 ); memcpy( blob.abPrime1, P1.data(), blob.cbPrime1 );
@ -892,10 +892,10 @@ testRsaSignPkcs1()
for( int i = 0; i < 20; i++ ) for( int i = 0; i < 20; i++ )
{ {
pKey = rsaTestKeyRandom(); pKey = rsaTestKeyRandom();
GENRANDOM( hash, sizeof( hash ) ); GENRANDOM( hash, sizeof( hash ) );
scError = SymCryptRsaPkcs1Sign( scError = SymCryptRsaPkcs1Sign(
pKey, pKey,
hash, sizeof( hash ), hash, sizeof( hash ),
SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT, SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT,
@ -926,7 +926,7 @@ testRsaSignPkcs1()
CHECK( scError != SYMCRYPT_NO_ERROR, "?" ); CHECK( scError != SYMCRYPT_NO_ERROR, "?" );
// Sign with the second OID // Sign with the second OID
scError = SymCryptRsaPkcs1Sign( scError = SymCryptRsaPkcs1Sign(
pKey, pKey,
hash, sizeof( hash ), hash, sizeof( hash ),
SymCryptSha256OidList + 1, SYMCRYPT_SHA256_OID_COUNT - 1, SymCryptSha256OidList + 1, SYMCRYPT_SHA256_OID_COUNT - 1,
@ -955,7 +955,7 @@ testRsaSignPkcs1()
SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT, SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT,
0 ); 0 );
CHECK( scError == SYMCRYPT_NO_ERROR, "?" ); CHECK( scError == SYMCRYPT_NO_ERROR, "?" );
SymCryptRsakeyFree( pKey ); SymCryptRsakeyFree( pKey );
pKey = NULL; pKey = NULL;
} }
@ -973,7 +973,7 @@ testRsaSignPss()
BYTE hash[64]; BYTE hash[64];
UINT32 cbModulus; UINT32 cbModulus;
NTSTATUS ntStatus; NTSTATUS ntStatus;
std::unique_ptr<RsaSignMultiImp> pRsaSignMultiImp; std::unique_ptr<RsaSignMultiImp> pRsaSignMultiImp;
pRsaSignMultiImp.reset( new RsaSignMultiImp( "RsaSignPss" ) ); pRsaSignMultiImp.reset( new RsaSignMultiImp( "RsaSignPss" ) );