## Description:
+ Adds ML-KEM API surface
+ Implements the API with initial C implementation, with sprinkling of SSE/NEON for (I)NTT
+ Adds low level ML-KEM polynomial arithmetic testing which tests self-consistency and exercises internal assertion in debug builds
+ Adds multi-implementation functionality testing to enable comparative functionality and performance testing on E2E functionality
+ For now, comparison testing is just between SymCrypt static and dynamic, with 3rd party comparison with libcrux disabled until they publish a final ML-KEM implementation
+ Adds ML-KEM KATs from NIST
Related work items: #50913735
This change adds additional Cryptographic Algorithm Self-Tests (CASTs) for RSA, DSA and ECDSA. as required by FIPS 140-3. Specifically, it adds explicit Known Answer Tests (KATs), as the Pairwise Consistency Tests (PCTs) that we were using previously are no longer considered sufficient for CASTs.
Also adds pairwise consistency tests on key import for RSA and DSA, per recent changes in the FIPS 140-3 implementation guidance. ECDSA PCTs continue to be run prior to signing or key export, as a performance optimization. ECDH and DH do not have explicit PCTs, but they include the required checks specified in SP 800-56A rev 3.
Related work items: #53481333
## Description:
Adds support for stateful hash-based signatures XMSS and XMSS^MT per RFC 8391 and NIST SP800-208.
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #52453903
## Description:
SSKDF implementation and unit tests.
## Admin Checklist:
- [x] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [x] You have updated CHANGELOG.md to reflect any changes in behavior
- [x] You have updated symcryptunittest to exercise any new functionality
- [x] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [x] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [X] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [X] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #51795170
## Description:
+ Add DATA annotation to data exports in symcrypt.dll .def file, and to a few data exports missed from symcrypttestmodule.dll. This primarily fixes use of Arm64X .dlls when loaded from an emulated AMD64 process.
+ Remove outdated DH comment (today we do input validation when importing DH keys unless the caller explicitly opts out of doing those validations)
Related work items: #50915485
+ Enable Arm64 Windows build with CMake (not production build as it is
missing support for Arm64X)
+ Avoid naming collision in macros between test code and product code,
enabling inclusion of sc_lib.h in test_lib.h
+ Remove sc_lib-testhooks.h
This change adds a new Windows user-mode module, symcrypt.dll. We plan to integrate this module into a future release of Windows as our primary FIPS-certified cryptographic module. Until that happens, we're making the module publicly available for the convenience of other projects that build on top of SymCrypt, such as our [rust-symcrypt crate](https://github.com/microsoft/rust-symcrypt).
Tested: dynamic unit tests run locally against the new module, ADO pipeline CI tests
The time has come! Now that we've fully transitioned to building in the Windows undocked pipeline with MSBuild, there's no longer any reason to retain the old Razzle dirs/sources files or scbuild scripts.
I left the sources files in `gen` and `test/indirect_call_perf` since we don't have CMake or MSBuild files for those. Since they're used extremely rarely, there's no urgency in supporting them in the new build system.
This change updates the MSBuild projects to make the inclusion of msbignum and rsa32 optional. This will allow external users to more easily use MSBuild, and also unblock testing potential future changes to undocked pipelines.
## Description:
+ Remove many workarounds in SymCrypt undocked props files for missing flags
+ Explicitly build SymCryptK.dll with no entrypoint, remove the fake entry point from code, and call `__security_init_cookie` in `SymCryptModuleInit` to prevent binskim errors.
+ Remove reference to memset in `SymCryptEntropyAccumulatorAccumulateSample` to reduce size and complexity of resulting SymCryptK.dll with real build environment (memset is not inlined as expected).
## Admin Checklist:
- [X] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [X] You have updated CHANGELOG.md to reflect any changes in behavior
- [X] You have updated symcryptunittest to exercise any new functionality
- [X] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [X] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [X] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [X] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #49010014
## Description:
This PR addresses the FIPS 140-3 requirement for crypto modules to support an approved services status indicator function.
## Admin Checklist:
- [X] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [X] You have updated CHANGELOG.md to reflect any changes in behavior
- [X] You have updated symcryptunittest to exercise any new functionality
- [X] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
Related work items: #47548894
Adding support for salt length detection in RSA-PSS verification
+ Add SYMCRYPT_FLAG_RSA_PSS_VERIFY_WITH_MINIMUM_SALT flag to
SymCryptRsaPssVerify and SymCryptRsaPssVerifySignaturePadding
+ When verifying a PSS signature with this flag specified, allow salt
length >= the caller specified cbSalt
+ In symcryptunittest, test that verification succeeds and fails w.r.t. the cbSalt
and flag in the correct way
+ Some small unrelated changes
Related work items: #33692439
+ Add SymCryptXtsAes(En|De)cryptEx to induce XTS-AES with 128b tweak
+ Add SymCryptXtsAesExpandKeyEx to do FIPS IG check for non-equal
halves of XTS key
+ Refactor Multi-DataUnit logic to reduce code duplication using
new xtsaes_pattern.c file to instantiate the logic with various
specializations
+ Add support for ciphertext stealing in both old and new API surface,
allowing data unit sizes which are not a multiple of 16 bytes
+ Add IEEE test vectors for odd data unit sizes
+ Update randomized tests to exercise both 64-bit and 128-bit tweak
interfaces, and new supported data unit sizes
+ Update XTS tests to allow CNG to fail with unsupported parameters
+ Update XTS FIPS self-test to use FIPS-approved key expansion function
+ Fix a couple of typos found while making changes
Related work items: #43854713
This change sets the `UndockedKernelModeBuild` property for our kernel-mode components, to fix linking issues that arose from the latest compiler package.
This change fixes the ARM64 build to properly support ARM64X, which is required for linking to Windows components.
- Add `<BuildAsX>true</BuildAsX>` to MSBuild properties
- Add `-machine arm64ec` arg when assembling for ARM64EC
- Fix non-standard SEH keywords in cpuid.c (not supported by ARM64EC compiler)
- Remove ARM32 support since build tools no longer support it
Related work items: #42154581
This PR adds the necessary YAML pipeline files for building SymCrypt via the Windows undocked pipeline. It also includes minor changes to existing files to support the tooling used by the pipeline. Currently, the pipeline only exists for pull requests. The next step is to create an official pipeline, including the option to package the binaries and ingest them into Windows. This will come in a subsequent PR.
This pull request adds MSBuild solution and project files so that SymCrypt can be built using the undocked OneBranch pipeline, including the kernel mode components. See the SymCrypt EO Compliance document for more information on why this is being done, and the high-level overview of how it will be accomplished.
In addition to adding the MSBuild files, I removed a bunch of files that were no longer being used, such as the iOS workspace and project files, old kernel test drivers that are not used in the RI-TP, etc.
Related work items: #42154697
+ This is required to enable AMD64 symcryptunittest.exe running emulated
on Arm64 to dynamically load Arm64X symcrypttestmodule.dll, as without
the DATA keyword the variables are exported as functions with an AMD64
to ARM64EC shim
Related work items: #44587958
Add HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 implementations.
Other changes:
- Add generic HMAC API
- Introduce a unique state for each of the Keccak based algorithms
- Convert tabs to spaces in symcryptasm files
Related work items: #41559779
This change rewrites our Azure DevOps pipelines to be compatible with OneBranch pipelines. It also adds new scripts to help with building, testing and packaging SymCrypt. These scripts replicate some of the functionality of `scbuild` but are also compatible with Linux builds. They can be used directly on the command line by developers, but the OneBranch pipeline also uses them to move as much as possible of the "business logic" of building SymCrypt out of the YAML templates and into Python scripts.
Also includes various reorganization and small fixes.
+ New dynamic module SymCryptKernelTestModule_UM.dll and kernel driver
SymCryptKernelTestModule.sys which enable unit tests to call into
driver using the existing SymCrypt dynamic module flow
+ Update a few places in tests which assume objects created by module
under test can have their internals inspected (which is not the case
when the object lives in kernel and the unit tests are running in user
mode)
+ SymCryptKernelTestModule.sys tracks all allocations it makes and ensures it
frees everything when it is unloaded
Related work items: #38706387
- Add SRTP-KDF and SSH-KDF implementations
- Update `SYMCRYPT_HASH` structure to contain hash state copying function member
Related work items: #38101963, #38102026
Samuel Lee
Mitch Lindgren 🦎
Cagdas Calik
Maxwell Moyer-McKee