## Description:
+ Adds ML-KEM API surface
+ Implements the API with initial C implementation, with sprinkling of SSE/NEON for (I)NTT
+ Adds low level ML-KEM polynomial arithmetic testing which tests self-consistency and exercises internal assertion in debug builds
+ Adds multi-implementation functionality testing to enable comparative functionality and performance testing on E2E functionality
+ For now, comparison testing is just between SymCrypt static and dynamic, with 3rd party comparison with libcrux disabled until they publish a final ML-KEM implementation
+ Adds ML-KEM KATs from NIST
Related work items: #50913735
## Description:
Adds support for stateful hash-based signatures XMSS and XMSS^MT per RFC 8391 and NIST SP800-208.
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #52453903
## Description:
SSKDF implementation and unit tests.
## Admin Checklist:
- [x] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [x] You have updated CHANGELOG.md to reflect any changes in behavior
- [x] You have updated symcryptunittest to exercise any new functionality
- [x] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [x] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [X] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [X] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #51795170
## Description:
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
## Description:
We add OpenSSL as submodule to 3rdparty and link symcryptunittest to it so we can compare the SymCrypt implementation. We add perf and functional test for XtsAes as well.
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #49347468
+ Add SymCryptXtsAes(En|De)cryptEx to induce XTS-AES with 128b tweak
+ Add SymCryptXtsAesExpandKeyEx to do FIPS IG check for non-equal
halves of XTS key
+ Refactor Multi-DataUnit logic to reduce code duplication using
new xtsaes_pattern.c file to instantiate the logic with various
specializations
+ Add support for ciphertext stealing in both old and new API surface,
allowing data unit sizes which are not a multiple of 16 bytes
+ Add IEEE test vectors for odd data unit sizes
+ Update randomized tests to exercise both 64-bit and 128-bit tweak
interfaces, and new supported data unit sizes
+ Update XTS tests to allow CNG to fail with unsupported parameters
+ Update XTS FIPS self-test to use FIPS-approved key expansion function
+ Fix a couple of typos found while making changes
Related work items: #43854713
This pull request adds MSBuild solution and project files so that SymCrypt can be built using the undocked OneBranch pipeline, including the kernel mode components. See the SymCrypt EO Compliance document for more information on why this is being done, and the high-level overview of how it will be accomplished.
In addition to adding the MSBuild files, I removed a bunch of files that were no longer being used, such as the iOS workspace and project files, old kernel test drivers that are not used in the RI-TP, etc.
Related work items: #42154697
+ New dynamic module SymCryptKernelTestModule_UM.dll and kernel driver
SymCryptKernelTestModule.sys which enable unit tests to call into
driver using the existing SymCrypt dynamic module flow
+ Update a few places in tests which assume objects created by module
under test can have their internals inspected (which is not the case
when the object lives in kernel and the unit tests are running in user
mode)
+ SymCryptKernelTestModule.sys tracks all allocations it makes and ensures it
frees everything when it is unloaded
Related work items: #38706387
- Add SRTP-KDF and SSH-KDF implementations
- Update `SYMCRYPT_HASH` structure to contain hash state copying function member
Related work items: #38101963, #38102026
+ Just targeting Linux modules for now as we do not yet have a Windows SymCrypt module
+ At the command line when running symcryptunittest add option to load and test a dynamic SymCrypt module from a path
+ Enable a shim layer in our test code calling SymCrypt functions, and based on the template specialization or a global variable (depending upon the context of the function being called), the shim directs the function call to different places
+ Rework the multi-implementation part of the code handling SymCrypt's implementation (sc_imp*) to enable multiple SymCrypt implementations to coexist
+ The pre-existing ImpSc's shim is augmented to always add vector register save/restore testing around every call into the statically linked SymCrypt function. All previous test calls for vector register testing are removed. We may add other tests here in future (i.e. checking the contents of the stack are clean on SymCrypt function return?).
+ The new ImpScStatic implementation directly calls the statically linked SymCrypt function. This is used in performance tests
+ The new ImpScDynamic implementation uses a static variable in a lambda function to store dynamic symbol pointers that are looked up (once per lambda function) at runtime using dlsym. These pointers are then used to test the dynamic module directly (i.e. without any unit-test specific environment). This enables both comparative functional testing with static and dynamic SymCrypt, and realistic performance testing of the dynamic SymCrypt module
+ Also tests directly calling the SymCrypt APIs (not all tests calling low-level SymCrypt APIs) to shim to static or dynamic versions
Related work items: #38706387
+ Resolves all issues flagged by runoacr in symcrypt\lib
+ Leaves some oacr issues in test code
+ Also includes some unrelated fixes to typos etc.
Related work items: #35052770
+ Add validation flags for DlKey and EcKey Import and Generate
+ Enables callers to perform the correct amount of validation to be compliant with SP800-56arev3
+ Add support for named safe-prime groups in DH, as shortest path to supporting compliance using FFC
+ This will enable BCrypt callers to explicitly or implicitly use named safe-prime groups groups and have the requisite validation, rather than having to create a new in-memory representation of DH keys to expose the prime Q
+ Add tests to for validity of the named safe-prime group constants, so the unit tests should pick up on inadvertent changes, or errors in definitions of new safe-prime groups if/when they may be added
+ Enable the strictest validation that makes sense in all existing tests to exercise validation code.
+ Also randomly exercise the use of all the different valid flag combinations in tests
Related work items: #26526301, #26527152, #31528841, #31528936, #31529044, #31782556
First stage of modularizing the test code. I wrote new test code for RSA signing and RSA encryption.
Added conditional compilation switches to remove the various implementations (RSA32, CNG, CAPI, Bignum, …)
Old test code is still around, some in files called "old-*" and some commented out. We can remove it once we are happy with the new tests.
Fixed one bug found by the new tests.
Related work items: #15886191
Samuel Lee
Cagdas Calik
Maxwell Moyer-McKee
Changyu Li
Mitch Lindgren 🦎
Niels Ferguson
Niels Ferguson