## Description:
+ Adds ML-KEM API surface
+ Implements the API with initial C implementation, with sprinkling of SSE/NEON for (I)NTT
+ Adds low level ML-KEM polynomial arithmetic testing which tests self-consistency and exercises internal assertion in debug builds
+ Adds multi-implementation functionality testing to enable comparative functionality and performance testing on E2E functionality
+ For now, comparison testing is just between SymCrypt static and dynamic, with 3rd party comparison with libcrux disabled until they publish a final ML-KEM implementation
+ Adds ML-KEM KATs from NIST
Related work items: #50913735
Get rid of misleading comment.
First step towards turning the linux build path into a generic unix build path that supports Linux and macOS.
Make a build check that is already effectively for Linux only explicitly for Linux.
Remove unnecessary/breaking Apple includes.
test_lib.h: Generally use gnuc definitions on macOS but define GENRANDOM separately for macOS and Linux.
Define GET_PERF_CLOCK on macOS/ARM
Define body of getTimeInMs on macOS
We need C++17, and in order for CMake to set that properly on macOS we need to explicitly set the compilers to clang/clang++.
Use arc4random in unittest code on macOS.
build changes
## Description:
Add AlgRsaSignPss implementation for OpenSSL. We ignore Twisted Edward Curves when testing with OpenSSL because OpenSSL does not support those curves. For Weierstrass Curves that OpenSSL does not support, we create them by parameters.
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
## Description:
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Add symcrypt build for optee env
Signed-off-by: v-shlevy <v-shlevy@microsoft.com>
Related work items: #49419416
## Description:
We add OpenSSL as submodule to 3rdparty and link symcryptunittest to it so we can compare the SymCrypt implementation. We add perf and functional test for XtsAes as well.
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #49347468
## Description:
This PR configures ARM32 memory accesses to access each byte individually for potentially unaligned accesses via the SYMCRYPT_LOAD_ and SYMCRYPT_STORE_ macros because some ARM32 CPUs require 64 bit accesses to be aligned on 32 bit boundaries (e.g. SONIC's ARM32 test environment).
When building for ARM32 we explicitly link with libc and libgcc because this fixes some load time symbol resolution issues. This also causes the emitted ELF segments to be ordered differently so we change the integrity verification to account for that.
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
This change fixes the ARM64 build to properly support ARM64X, which is required for linking to Windows components.
- Add `<BuildAsX>true</BuildAsX>` to MSBuild properties
- Add `-machine arm64ec` arg when assembling for ARM64EC
- Fix non-standard SEH keywords in cpuid.c (not supported by ARM64EC compiler)
- Remove ARM32 support since build tools no longer support it
Related work items: #42154581
- Update `package.py` to read configuration from JSON file, and support per-platform/arch/config binaries
- Fix local VS build by changing `RuntimeLibrary` depending on whether `UndockedOfficial` is set
- Create vcxproj for `SymCryptKernelTestModule_UM.dll`
- Add Official pipeline definition, with option to create VPack
- Remove unused properties from undocked build property files
Related work items: #42154632, #42880140
This pull request adds MSBuild solution and project files so that SymCrypt can be built using the undocked OneBranch pipeline, including the kernel mode components. See the SymCrypt EO Compliance document for more information on why this is being done, and the high-level overview of how it will be accomplished.
In addition to adding the MSBuild files, I removed a bunch of files that were no longer being used, such as the iOS workspace and project files, old kernel test drivers that are not used in the RI-TP, etc.
Related work items: #42154697
Disable time-consuming no-ASM tests in PR builds. Update README. Rename option to enable msbignum/RSA32 tests, and add it as an argument to the build script.
This change rewrites our Azure DevOps pipelines to be compatible with OneBranch pipelines. It also adds new scripts to help with building, testing and packaging SymCrypt. These scripts replicate some of the functionality of `scbuild` but are also compatible with Linux builds. They can be used directly on the command line by developers, but the OneBranch pipeline also uses them to move as much as possible of the "business logic" of building SymCrypt out of the YAML templates and into Python scripts.
Also includes various reorganization and small fixes.
Samuel Lee
Josh Aas
Changyu Li
Shachar Levy
Mitch Lindgren 🦎