## Description:
+ Adds ML-KEM API surface
+ Implements the API with initial C implementation, with sprinkling of SSE/NEON for (I)NTT
+ Adds low level ML-KEM polynomial arithmetic testing which tests self-consistency and exercises internal assertion in debug builds
+ Adds multi-implementation functionality testing to enable comparative functionality and performance testing on E2E functionality
+ For now, comparison testing is just between SymCrypt static and dynamic, with 3rd party comparison with libcrux disabled until they publish a final ML-KEM implementation
+ Adds ML-KEM KATs from NIST
Related work items: #50913735
This change adds additional Cryptographic Algorithm Self-Tests (CASTs) for RSA, DSA and ECDSA. as required by FIPS 140-3. Specifically, it adds explicit Known Answer Tests (KATs), as the Pairwise Consistency Tests (PCTs) that we were using previously are no longer considered sufficient for CASTs.
Also adds pairwise consistency tests on key import for RSA and DSA, per recent changes in the FIPS 140-3 implementation guidance. ECDSA PCTs continue to be run prior to signing or key export, as a performance optimization. ECDH and DH do not have explicit PCTs, but they include the required checks specified in SP 800-56A rev 3.
Related work items: #53481333
## Description:
Adds support for stateful hash-based signatures XMSS and XMSS^MT per RFC 8391 and NIST SP800-208.
## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #52453903
## Description:
SSKDF implementation and unit tests.
## Admin Checklist:
- [x] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [x] You have updated CHANGELOG.md to reflect any changes in behavior
- [x] You have updated symcryptunittest to exercise any new functionality
- [x] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [x] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [X] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [X] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary
Related work items: #51795170
## Description:
+ Add DATA annotation to data exports in symcrypt.dll .def file, and to a few data exports missed from symcrypttestmodule.dll. This primarily fixes use of Arm64X .dlls when loaded from an emulated AMD64 process.
+ Remove outdated DH comment (today we do input validation when importing DH keys unless the caller explicitly opts out of doing those validations)
Related work items: #50915485
## Description:
This PR addresses the FIPS 140-3 requirement for crypto modules to support an approved services status indicator function.
## Admin Checklist:
- [X] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [X] You have updated CHANGELOG.md to reflect any changes in behavior
- [X] You have updated symcryptunittest to exercise any new functionality
- [X] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
Related work items: #47548894
Adding support for salt length detection in RSA-PSS verification
+ Add SYMCRYPT_FLAG_RSA_PSS_VERIFY_WITH_MINIMUM_SALT flag to
SymCryptRsaPssVerify and SymCryptRsaPssVerifySignaturePadding
+ When verifying a PSS signature with this flag specified, allow salt
length >= the caller specified cbSalt
+ In symcryptunittest, test that verification succeeds and fails w.r.t. the cbSalt
and flag in the correct way
+ Some small unrelated changes
Related work items: #33692439
+ Add SymCryptXtsAes(En|De)cryptEx to induce XTS-AES with 128b tweak
+ Add SymCryptXtsAesExpandKeyEx to do FIPS IG check for non-equal
halves of XTS key
+ Refactor Multi-DataUnit logic to reduce code duplication using
new xtsaes_pattern.c file to instantiate the logic with various
specializations
+ Add support for ciphertext stealing in both old and new API surface,
allowing data unit sizes which are not a multiple of 16 bytes
+ Add IEEE test vectors for odd data unit sizes
+ Update randomized tests to exercise both 64-bit and 128-bit tweak
interfaces, and new supported data unit sizes
+ Update XTS tests to allow CNG to fail with unsupported parameters
+ Update XTS FIPS self-test to use FIPS-approved key expansion function
+ Fix a couple of typos found while making changes
Related work items: #43854713
+ This is required to enable AMD64 symcryptunittest.exe running emulated
on Arm64 to dynamically load Arm64X symcrypttestmodule.dll, as without
the DATA keyword the variables are exported as functions with an AMD64
to ARM64EC shim
Related work items: #44587958
Add HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 implementations.
Other changes:
- Add generic HMAC API
- Introduce a unique state for each of the Keccak based algorithms
- Convert tabs to spaces in symcryptasm files
Related work items: #41559779
This change rewrites our Azure DevOps pipelines to be compatible with OneBranch pipelines. It also adds new scripts to help with building, testing and packaging SymCrypt. These scripts replicate some of the functionality of `scbuild` but are also compatible with Linux builds. They can be used directly on the command line by developers, but the OneBranch pipeline also uses them to move as much as possible of the "business logic" of building SymCrypt out of the YAML templates and into Python scripts.
Also includes various reorganization and small fixes.
+ New dynamic module SymCryptKernelTestModule_UM.dll and kernel driver
SymCryptKernelTestModule.sys which enable unit tests to call into
driver using the existing SymCrypt dynamic module flow
+ Update a few places in tests which assume objects created by module
under test can have their internals inspected (which is not the case
when the object lives in kernel and the unit tests are running in user
mode)
+ SymCryptKernelTestModule.sys tracks all allocations it makes and ensures it
frees everything when it is unloaded
Related work items: #38706387
- Add SRTP-KDF and SSH-KDF implementations
- Update `SYMCRYPT_HASH` structure to contain hash state copying function member
Related work items: #38101963, #38102026
Samuel Lee
Mitch Lindgren 🦎
Cagdas Calik
Maxwell Moyer-McKee