Coverage Report

Created: 2024-11-21 07:03

/src/SymCrypt/lib/sc_lib.h
Line
Count
Source (jump to first uncovered line)
1
//
2
// sc_lib.h
3
//
4
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
5
//
6
// Internal definitions for the symcrypt library.
7
// This include file is used only for the files inside the library, not by
8
// the code that calls the library.
9
//
10
11
12
#if SYMCRYPT_MS_VC
13
#define SYMCRYPT_DISABLE_CFG    __declspec(guard(nocf))
14
#else
15
#define SYMCRYPT_DISABLE_CFG
16
#endif
17
18
//
19
// Global flags
20
//
21
22
#define SYMCRYPT_FLAG_LIB_INITIALIZED   0x00000001
23
24
extern UINT32 g_SymCryptFlags;
25
26
//==============================================================================================
27
//  Common environment functions
28
//==============================================================================================
29
30
VOID
31
SYMCRYPT_CALL
32
SymCryptInitEnvCommon( UINT32 version );
33
34
_Analysis_noreturn_
35
VOID
36
SYMCRYPT_CALL
37
SymCryptFatalHang( UINT32 fatalcode );
38
39
#include <symcrypt_low_level.h>
40
41
// Types
42
43
typedef int                 BOOL;
44
45
#if !defined(TRUE)
46
#define TRUE  (1)
47
#endif
48
49
#if !defined(FALSE)
50
#define FALSE (0)
51
#endif
52
53
#if !defined(UNREFERENCED_PARAMETER)
54
9.75M
#define UNREFERENCED_PARAMETER(x)   ((void)x)
55
#endif
56
57
#if !defined(FAST_FAIL_CRYPTO_LIBRARY)
58
#define FAST_FAIL_CRYPTO_LIBRARY    22
59
#endif
60
61
//
62
// We want to write some of our code to use the native register size provided by the platform we are using to enable
63
// generic code to compile into reasonable performant versions on 32b and 64b platforms. Below definitions give us
64
// this flexibility without relying on compiler specifics.
65
//
66
// WARNING: Some use of NATIVE_UINT also relies on the little-endianness of the 64b platform; our generic code normally
67
// uses UINT32, and at the time of writing mixing UINT32 and NATIVE_UINT will not work on a big-endian 64b platform!
68
//
69
#if SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM64
70
typedef INT64               NATIVE_INT;
71
typedef UINT64              NATIVE_UINT;
72
1.61M
#define NATIVE_BITS         (64)
73
1.07M
#define NATIVE_BYTES        (8)
74
0
#define NATIVE_BYTES_LOG2   (3)
75
#else
76
typedef INT32               NATIVE_INT;
77
typedef UINT32              NATIVE_UINT;
78
#define NATIVE_BITS         (32)
79
#define NATIVE_BYTES        (4)
80
#define NATIVE_BYTES_LOG2   (2)
81
#endif
82
83
84
//
85
// Our Wipe code uses FORCE_WRITE* which are implemented using
86
// WriteNoFence* functions. Unfortunately, they declare their parameter
87
// to be interlocked, and the compiler complains when we also access the variable
88
// using non-interlocked code.
89
// This warning is nonsensical in our situation, so we disable it.
90
// The second warning is about accessing a local variable via an interlocked ptr.
91
//
92
#pragma prefast( disable:28112 )
93
#pragma prefast( disable:28113 )
94
#pragma warning( disable: 4702 )        // unreachable code. The compilers are not equally smart, and some complain
95
                                        // about 'function must return a value' and some about 'unreachable code'
96
#pragma warning( disable: 4296 )        // expression is always false - this warning is forced to be an error by a
97
                                        // pragma in the SDK warning.h, but we don't consider it useful
98
99
100
//
101
// These macros allow a bunch of generic code to be written.
102
// For example, the Hash append function is written once generically
103
// using these macros.
104
//
105
106
0
#define CONCAT_I2( a, b )       a##b
107
0
#define CONCAT_I3( a, b, c )    a##b##c
108
109
110
0
#define CONCAT2( a, b )         CONCAT_I2( a, b )
111
322k
#define CONCAT3( a, b, c )      CONCAT_I3( a, b, c )
112
//#define CONCAT4( a, b, c, d)    a##b##c##d
113
114
115
116
1.24k
#define SYMCRYPT_XXX_STATE              CONCAT3( SYMCRYPT_, ALG, _STATE )
117
#define PSYMCRYPT_XXX_STATE             CONCAT3( PSYMCRYPT_, ALG, _STATE )
118
#define PCSYMCRYPT_XXX_STATE            CONCAT3( PCSYMCRYPT_, ALG, _STATE )
119
120
0
#define SYMCRYPT_Xxx                    CONCAT2( SymCrypt, Alg )
121
122
0
#define SYMCRYPT_XxxStateCopy           CONCAT3( SymCrypt, Alg, StateCopy )
123
1.24k
#define SYMCRYPT_XxxInit                CONCAT3( SymCrypt, Alg, Init )
124
190k
#define SYMCRYPT_XxxAppend              CONCAT3( SymCrypt, Alg, Append )
125
85.1k
#define SYMCRYPT_XxxResult              CONCAT3( SymCrypt, Alg, Result )
126
2.48k
#define SYMCRYPT_XxxAppendBlocks        CONCAT3( SymCrypt, Alg, AppendBlocks )
127
#define SYMCRYPT_XxxStateImport         CONCAT3( SymCrypt, Alg, StateImport)
128
#define SYMCRYPT_XxxStateExport         CONCAT3( SymCrypt, Alg, StateExport)
129
130
// for XOFs and KMAC
131
#define SYMCRYPT_XXX_EXPANDED_KEY       CONCAT3( SYMCRYPT_, ALG, _EXPANDED_KEY )
132
#define PSYMCRYPT_XXX_EXPANDED_KEY      CONCAT3( PSYMCRYPT_, ALG, _EXPANDED_KEY )
133
#define PCSYMCRYPT_XXX_EXPANDED_KEY     CONCAT3( PCSYMCRYPT_, ALG, _EXPANDED_KEY )
134
#define SYMCRYPT_XxxEx                  CONCAT3( SymCrypt, Alg, Ex)
135
#define SYMCRYPT_XxxDefault             CONCAT3( SymCrypt, Alg, Default )
136
#define SYMCRYPT_XxxExpandKey           CONCAT3( SymCrypt, Alg, ExpandKey )
137
#define SYMCRYPT_XxxExpandKeyEx         CONCAT3( SymCrypt, Alg, ExpandKeyEx )
138
0
#define SYMCRYPT_XxxExtract             CONCAT3( SymCrypt, Alg, Extract )
139
#define SYMCRYPT_XxxResultEx            CONCAT3( SymCrypt, Alg, ResultEx )
140
#define SYMCRYPT_XxxKeyCopy             CONCAT3( SymCrypt, Alg, KeyCopy )
141
142
#define SYMCRYPT_HmacXxx                CONCAT2( SymCryptHmac, Alg )
143
#define SYMCRYPT_HmacXxxStateCopy       CONCAT3( SymCryptHmac, Alg, StateCopy )
144
#define SYMCRYPT_HmacXxxKeyCopy         CONCAT3( SymCryptHmac, Alg, KeyCopy )
145
#define SYMCRYPT_HmacXxxExpandKey       CONCAT3( SymCryptHmac, Alg, ExpandKey )
146
0
#define SYMCRYPT_HmacXxxInit            CONCAT3( SymCryptHmac, Alg, Init )
147
0
#define SYMCRYPT_HmacXxxAppend          CONCAT3( SymCryptHmac, Alg, Append )
148
0
#define SYMCRYPT_HmacXxxResult          CONCAT3( SymCryptHmac, Alg, Result )
149
150
151
0
#define SYMCRYPT_XXX_INPUT_BLOCK_SIZE   CONCAT3( SYMCRYPT_, ALG, _INPUT_BLOCK_SIZE )
152
42.2k
#define SYMCRYPT_XXX_RESULT_SIZE        CONCAT3( SYMCRYPT_, ALG, _RESULT_SIZE )
153
154
#define SYMCRYPT_HMAC_XXX_INPUT_BLOCK_SIZE  SYMCRYPT_XXX_INPUT_BLOCK_SIZE
155
#define SYMCRYPT_HMAC_XXX_RESULT_SIZE       SYMCRYPT_XXX_RESULT_SIZE
156
157
#define PSYMCRYPT_HMAC_XXX_EXPANDED_KEY     CONCAT3( PSYMCRYPT_HMAC_, ALG, _EXPANDED_KEY )
158
#define PCSYMCRYPT_HMAC_XXX_EXPANDED_KEY    CONCAT3( PCSYMCRYPT_HMAC_, ALG, _EXPANDED_KEY )
159
0
#define SYMCRYPT_HMAC_XXX_STATE             CONCAT3( SYMCRYPT_HMAC_, ALG, _STATE )
160
#define PSYMCRYPT_HMAC_XXX_STATE            CONCAT3( PSYMCRYPT_HMAC_, ALG, _STATE )
161
#define PCSYMCRYPT_HMAC_XXX_STATE            CONCAT3( PCSYMCRYPT_HMAC_, ALG, _STATE )
162
163
164
//==============================================================================================
165
//  PLATFORM SPECIFICS
166
//==============================================================================================
167
168
#if SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_AMD64
169
170
//
171
// The XMM save/restore functions need to be passed a buffer in which they can store their data.
172
// We have two different places where we use this, in kernel mode and in user mode (while testing)
173
// We can't declare a union of the two structs as we can't include the kernel-mode headers in this file
174
// when compiled for a user-mode app.
175
// Instead we define a structure with reserved space, and have each environment check the size and
176
// cast the pointer.
177
//
178
// We always use the KeSaveExtendedProcessorState call, and not the KeSaveFloatingPointState as it
179
// allows us to save only the XMM registers and not touch the X87/MMX registers which should
180
// save time.
181
//
182
#if SYMCRYPT_CPU_X86
183
184
//
185
// The XSTATE_SAVE structure consists of a union between
186
//  struct:
187
//      - INT64             8
188
//      - INT32             4
189
//      - Pointer           4
190
//      - Pointer           4
191
//      - Pointer           4
192
//      - Pointer           4
193
//      - BYTE              1 + 3 padding
194
//                          32 total
195
// - XSTATE_CONTEXT
196
//      - UINT64            8
197
//      - UINT32            4
198
//      - UINT32            4
199
//      - Pointer + UINT32  8
200
//      - Pointer + UINT32  8
201
//                          32 total
202
//
203
// Experimentally: need 4 more bytes, don't know why yet.
204
// Should have a look with the debugger when I have time.
205
//
206
207
#define SYMCRYPT_XSTATE_SAVE_SIZE    (32)
208
209
#elif SYMCRYPT_CPU_AMD64
210
211
//
212
// The XSTATE_SAVE structure consists of
213
// - pointer            8
214
// - pointer            8
215
// - BYTE               1 + 7 padding
216
// - XSTATE_CONTEXT
217
//      - UINT64        8
218
//      - UINT32        4
219
//      - UINT32        4
220
//      - Pointer       8
221
//      - Pointer       8
222
//
223
#define SYMCRYPT_XSTATE_SAVE_SIZE    (56)
224
225
#endif
226
227
typedef
228
SYMCRYPT_ALIGN
229
struct _SYMCRYPT_EXTENDED_SAVE_DATA {
230
    SYMCRYPT_ALIGN  BYTE    data[SYMCRYPT_XSTATE_SAVE_SIZE];
231
                    SYMCRYPT_MAGIC_FIELD
232
} SYMCRYPT_EXTENDED_SAVE_DATA, *PSYMCRYPT_EXTENDED_SAVE_DATA;
233
234
235
//
236
// Two functions to save/restore the XMM registers.
237
// These must ALWAYS be called in pairs, even if the SaveXmm function returned an error.
238
// XMM registers cannot be used if the save function returned an error.
239
// If the SYMCRYPT_CPU_FEATURE_SAVEXMM_NOFAIL feature is present, then the
240
// SymCryptSaveXmm function will never return an error.
241
//
242
243
//
244
// Functions to save/restore the XMM or YMM registers.
245
// If the Save*mm function is called and succeeds, then the corresponding
246
// Restore*mm function MUST be called later on the same thread.
247
// The extended registers cannot be called if the Save function returns an error.
248
//
249
250
SYMCRYPT_ERROR
251
SYMCRYPT_CALL
252
SymCryptSaveXmm( _Out_ PSYMCRYPT_EXTENDED_SAVE_DATA pSaveData );
253
254
VOID
255
SYMCRYPT_CALL
256
SymCryptRestoreXmm( _Inout_ PSYMCRYPT_EXTENDED_SAVE_DATA pSaveData );
257
258
259
SYMCRYPT_ERROR
260
SYMCRYPT_CALL
261
SymCryptSaveYmm( _Out_ PSYMCRYPT_EXTENDED_SAVE_DATA pSaveData );
262
263
VOID
264
SYMCRYPT_CALL
265
SymCryptRestoreYmm( _Inout_ PSYMCRYPT_EXTENDED_SAVE_DATA pSaveData );
266
#endif
267
268
269
//==============================================================================================
270
//  Library declarations
271
//==============================================================================================
272
273
//
274
// Function to check that the library has been initialized
275
//
276
#if SYMCRYPT_DEBUG
277
278
VOID
279
SYMCRYPT_CALL
280
SymCryptLibraryWasNotInitialized(void);
281
282
FORCEINLINE
283
VOID
284
SYMCRYPT_CALL
285
SymCryptCheckLibraryInitialized(void)
286
0
{
287
0
    if( !(g_SymCryptFlags & SYMCRYPT_FLAG_LIB_INITIALIZED)  )
288
0
    {
289
0
        SymCryptLibraryWasNotInitialized();
290
0
    }
291
0
}
Unexecuted instantiation: 3des.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: DesTables.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: a_dispatch.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: aes-default-bc.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: aes-default.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: aes-key.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: aes-xmm.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: aes-ymm.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: blockciphermodes.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ccm.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: chacha20.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: desx.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_dsa.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_internal_curves.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: eckey.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ecpoint.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ecurve.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: equal.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: fdef369_mod.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: fdef_general.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: fdef_int.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: fdef_mod.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: fips_selftest.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: gcm.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ghash.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: hkdf.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: hmacmd5.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: hmacsha1.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: hmacsha256.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: hmacsha384.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: hmacsha512.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: libmain.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: md2.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: md4.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: md5.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: mlkem.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: mlkem_primitives.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: modexp.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: pbkdf2.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: rc4.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: recoding.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: rsa_enc.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: rsa_padding.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: rsakey.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: scsTools.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: selftest.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha1.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha256.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha3_256.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha3_384.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha3_512.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha512.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: shake.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sp800_108.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: tlsprf.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: xmss.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: xtsaes.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: AesTables.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ScsTable.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: aes-asm.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: aes-c.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: crt.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: dh.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: dl_internal_groups.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: dlgroup.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: dlkey.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: dsa.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_dh.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_dispatch.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_montgomery.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_mul.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: gen_int.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: hash.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: marvin32.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: primes.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha256-xmm.c:SymCryptCheckLibraryInitialized
Unexecuted instantiation: sha3.c:SymCryptCheckLibraryInitialized
292
#else
293
FORCEINLINE
294
VOID
295
SYMCRYPT_CALL
296
SymCryptCheckLibraryInitialized(void)
297
{
298
}
299
#endif
300
301
2.48k
#define HMAC_IPAD_BYTE   0x36
302
1.24k
#define HMAC_OPAD_BYTE   0x5c
303
304
// SYMCRYPT_CPU_FEATURES
305
#define SYMCRYPT_CPU_FEATURES_FOR_PCLMULQDQ_CODE  (SYMCRYPT_CPU_FEATURE_PCLMULQDQ | SYMCRYPT_CPU_FEATURE_SSSE3 | SYMCRYPT_CPU_FEATURE_SAVEXMM_NOFAIL )
306
307
#define SYMCRYPT_CPU_FEATURES_FOR_AESNI_CODE (SYMCRYPT_CPU_FEATURE_SSSE3 | SYMCRYPT_CPU_FEATURE_AESNI)
308
#define SYMCRYPT_CPU_FEATURES_FOR_AESNI_PCLMULQDQ_CODE (SYMCRYPT_CPU_FEATURES_FOR_AESNI_CODE | SYMCRYPT_CPU_FEATURES_FOR_PCLMULQDQ_CODE)
309
#define SYMCRYPT_CPU_FEATURES_FOR_VAES_256_CODE (SYMCRYPT_CPU_FEATURES_FOR_AESNI_CODE | SYMCRYPT_CPU_FEATURE_AVX2 | SYMCRYPT_CPU_FEATURE_VAES)
310
#define SYMCRYPT_CPU_FEATURES_FOR_VAES_512_CODE (SYMCRYPT_CPU_FEATURES_FOR_AESNI_CODE | SYMCRYPT_CPU_FEATURE_AVX512 | SYMCRYPT_CPU_FEATURE_VAES)
311
312
#define SYMCRYPT_CPU_FEATURES_FOR_SHANI_CODE (SYMCRYPT_CPU_FEATURE_SSSE3 | SYMCRYPT_CPU_FEATURE_SHANI)
313
314
#define SYMCRYPT_CPU_FEATURES_FOR_MULX (SYMCRYPT_CPU_FEATURE_BMI2 | SYMCRYPT_CPU_FEATURE_ADX | SYMCRYPT_CPU_FEATURE_SSE2 )
315
316
//
317
// ROTATE OPERATIONS
318
//
319
//
320
// If this lib is ever ported to a platform that doesn't have the _rotx functions
321
// the macros can be replaced by portable definitions just like the ROL16/ROR16
322
//
323
324
#define ROL16( x, n ) ((UINT16)( ( ((x) << (n)) | ((x) >> (16-(n))) ) ))
325
#define ROR16( x, n ) ((UINT16)( ( ((x) >> (n)) | ((x) << (16-(n))) ) ))
326
327
#if SYMCRYPT_MS_VC
328
    #define ROL32( x, n ) _rotl( (x), (n) )
329
    #define ROR32( x, n ) _rotr( (x), (n) )
330
    #define ROL64( x, n ) _rotl64( (x), (n) )
331
    #define ROR64( x, n ) _rotr64( (x), (n) )
332
#elif SYMCRYPT_GNUC
333
179M
    #define ROL32( x, n ) ((UINT32)( ( ((x) << (n)) | ((x) >> (32-(n))) ) ))
334
321M
    #define ROR32( x, n ) ((UINT32)( ( ((x) >> (n)) | ((x) << (32-(n))) ) ))
335
46.3M
    #define ROL64( x, n ) ((UINT64)( ( ((x) << (n)) | ((x) >> (64-(n))) ) ))
336
155M
    #define ROR64( x, n ) ((UINT64)( ( ((x) >> (n)) | ((x) << (64-(n))) ) ))
337
#else
338
    #error Unknown compiler
339
#endif
340
341
342
0
#define SYMCRYPT_ARRAY_SIZE(_x)     (sizeof(_x)/sizeof(_x[0]))
343
344
enum{
345
    STATE_NEXT = 0,         // starting state = 0, set by structure wipe.
346
    STATE_DATA_START,
347
    STATE_DATA_END,
348
    STATE_RESULT2,          // 2nd phase of result computation (1st phase is at STATE_NEXT when the result operation is found)
349
    STATE_RESULT_DONE,      // 3rd phase of result computation
350
};
351
352
353
354
//==========================================================================
355
// Inline implementations ...
356
//==========================================================================
357
358
//
359
// These are a bunch of functions to convert between an array of
360
// 32 or 64-bit integers to an array of bytes in LSBfirst or MSBfirst convention.
361
// Not all variations have been implemented yet. We add them as they are
362
// needed.
363
//
364
365
//
366
// These implementations are optimized for inlining, especially when the
367
// size of the data to be convered is a compile-time constant.
368
//
369
370
//
371
// SymCryptUint32ToMsbFirst & SymCryptMsbFirstToUint32.
372
// This is used by the SHA family
373
//
374
#if SYMCRYPT_CPU_AMD64
375
376
//
377
// On AMD64 we can do 2 UINT32s at once by doing a ROL(x,32) and a BSWAP.
378
//
379
FORCEINLINE
380
VOID
381
SYMCRYPT_CALL
382
SymCryptUint32ToMsbFirst( _In_reads_(cuData)     PCUINT32 puData,
383
                          _Out_writes_(4*cuData) PBYTE    pbResult,
384
                                                 SIZE_T   cuData )
385
33.9k
{
386
124k
    while( cuData >= 2 )
387
90.9k
    {
388
90.9k
        SYMCRYPT_STORE_MSBFIRST64( pbResult, ROL64( *(UINT64*)puData, 32 ));
389
90.9k
        pbResult += 8;
390
90.9k
        puData += 2;
391
90.9k
        cuData -= 2;
392
90.9k
    }
393
394
33.9k
    if( cuData != 0 )
395
22.4k
    {
396
22.4k
        SYMCRYPT_STORE_MSBFIRST32( pbResult, *puData );
397
22.4k
    }
398
33.9k
}
Unexecuted instantiation: 3des.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: DesTables.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: a_dispatch.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: aes-default-bc.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: aes-default.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: aes-key.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: aes-xmm.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: aes-ymm.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: blockciphermodes.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ccm.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: chacha20.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: desx.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_dsa.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_internal_curves.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: eckey.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ecpoint.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ecurve.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: equal.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: fdef369_mod.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: fdef_general.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: fdef_int.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: fdef_mod.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: fips_selftest.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: gcm.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ghash.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: hkdf.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: hmacmd5.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: hmacsha1.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: hmacsha256.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: hmacsha384.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: hmacsha512.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: libmain.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: md2.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: md4.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: md5.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: mlkem.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: mlkem_primitives.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: modexp.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: pbkdf2.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: rc4.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: recoding.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: rsa_enc.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: rsa_padding.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: rsakey.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: scsTools.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: selftest.c:SymCryptUint32ToMsbFirst
sha1.c:SymCryptUint32ToMsbFirst
Line
Count
Source
385
22.4k
{
386
67.2k
    while( cuData >= 2 )
387
44.8k
    {
388
44.8k
        SYMCRYPT_STORE_MSBFIRST64( pbResult, ROL64( *(UINT64*)puData, 32 ));
389
44.8k
        pbResult += 8;
390
44.8k
        puData += 2;
391
44.8k
        cuData -= 2;
392
44.8k
    }
393
394
22.4k
    if( cuData != 0 )
395
22.4k
    {
396
22.4k
        SYMCRYPT_STORE_MSBFIRST32( pbResult, *puData );
397
22.4k
    }
398
22.4k
}
sha256.c:SymCryptUint32ToMsbFirst
Line
Count
Source
385
11.5k
{
386
57.5k
    while( cuData >= 2 )
387
46.0k
    {
388
46.0k
        SYMCRYPT_STORE_MSBFIRST64( pbResult, ROL64( *(UINT64*)puData, 32 ));
389
46.0k
        pbResult += 8;
390
46.0k
        puData += 2;
391
46.0k
        cuData -= 2;
392
46.0k
    }
393
394
11.5k
    if( cuData != 0 )
395
0
    {
396
0
        SYMCRYPT_STORE_MSBFIRST32( pbResult, *puData );
397
0
    }
398
11.5k
}
Unexecuted instantiation: sha3_256.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: sha3_384.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: sha3_512.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: sha512.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: shake.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: sp800_108.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: tlsprf.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: xmss.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: xtsaes.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: AesTables.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ScsTable.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: aes-asm.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: aes-c.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: crt.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: dh.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: dl_internal_groups.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: dlgroup.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: dlkey.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: dsa.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_dh.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_dispatch.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_montgomery.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_mul.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: gen_int.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: hash.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: marvin32.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: primes.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: sha256-xmm.c:SymCryptUint32ToMsbFirst
Unexecuted instantiation: sha3.c:SymCryptUint32ToMsbFirst
399
400
#else // not _AMD64_
401
402
FORCEINLINE
403
VOID
404
SYMCRYPT_CALL
405
SymCryptUint32ToMsbFirst( _In_reads_(cuData)     PCUINT32 puData,
406
                          _Out_writes_(4*cuData) PBYTE    pbResult,
407
                                                 SIZE_T   cuData )
408
{
409
    while( cuData != 0 )
410
    {
411
        SYMCRYPT_STORE_MSBFIRST32( pbResult, *puData );
412
        puData++;
413
        pbResult += 4;
414
        cuData--;
415
    }
416
}
417
#endif // platform switch for SymCryptUint32ToMsbFirst
418
419
FORCEINLINE
420
VOID
421
SYMCRYPT_CALL
422
SymCryptMsbFirstToUint32( _In_reads_(4*cuResult) PCBYTE  pbData,
423
                          _Out_writes_(cuResult) PUINT32 puResult,
424
                                                 SIZE_T  cuResult )
425
0
{
426
0
    while( cuResult != 0 )
427
0
    {
428
0
        *puResult = SYMCRYPT_LOAD_MSBFIRST32( pbData );
429
0
        puResult++;
430
0
        pbData += 4;
431
0
        cuResult--;
432
0
    }
433
0
}
Unexecuted instantiation: 3des.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: DesTables.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: a_dispatch.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: aes-default-bc.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: aes-default.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: aes-key.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: aes-xmm.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: aes-ymm.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: blockciphermodes.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ccm.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: chacha20.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: desx.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_dsa.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_internal_curves.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: eckey.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ecpoint.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ecurve.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: equal.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: fdef369_mod.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: fdef_general.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: fdef_int.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: fdef_mod.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: fips_selftest.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: gcm.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ghash.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: hkdf.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: hmacmd5.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: hmacsha1.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: hmacsha256.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: hmacsha384.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: hmacsha512.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: libmain.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: md2.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: md4.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: md5.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: mlkem.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: mlkem_primitives.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: modexp.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: pbkdf2.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: rc4.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: recoding.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: rsa_enc.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: rsa_padding.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: rsakey.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: scsTools.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: selftest.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha1.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha256.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha3_256.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha3_384.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha3_512.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha512.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: shake.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sp800_108.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: tlsprf.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: xmss.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: xtsaes.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: AesTables.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ScsTable.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: aes-asm.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: aes-c.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: crt.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: dh.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: dl_internal_groups.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: dlgroup.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: dlkey.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: dsa.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_dh.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_dispatch.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_montgomery.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_mul.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: gen_int.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: hash.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: marvin32.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: primes.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha256-xmm.c:SymCryptMsbFirstToUint32
Unexecuted instantiation: sha3.c:SymCryptMsbFirstToUint32
434
435
436
//
437
// SymCryptUint32ToLsbFirst & SymCryptLsbFirstToUint32
438
// These are used by the MD4 and MD5 hash functions
439
//
440
#if SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM | SYMCRYPT_CPU_ARM64
441
442
//
443
// On AMD64, X86, and ARM this is just a memcpy
444
//
445
FORCEINLINE
446
VOID
447
SYMCRYPT_CALL
448
SymCryptUint32ToLsbFirst( _In_reads_(cuData)     PCUINT32 puData,
449
                          _Out_writes_(4*cuData) PBYTE    pbResult,
450
                                                 SIZE_T   cuData )
451
452
23.0k
{
453
23.0k
    memcpy( pbResult, puData, 4*cuData );
454
23.0k
}
Unexecuted instantiation: 3des.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: DesTables.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: a_dispatch.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: aes-default-bc.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: aes-default.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: aes-key.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: aes-xmm.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: aes-ymm.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: blockciphermodes.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ccm.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: chacha20.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: desx.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_dsa.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_internal_curves.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: eckey.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ecpoint.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ecurve.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: equal.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: fdef369_mod.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: fdef_general.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: fdef_int.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: fdef_mod.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: fips_selftest.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: gcm.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ghash.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: hkdf.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: hmacmd5.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: hmacsha1.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: hmacsha256.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: hmacsha384.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: hmacsha512.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: libmain.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: md2.c:SymCryptUint32ToLsbFirst
md4.c:SymCryptUint32ToLsbFirst
Line
Count
Source
452
92
{
453
92
    memcpy( pbResult, puData, 4*cuData );
454
92
}
md5.c:SymCryptUint32ToLsbFirst
Line
Count
Source
452
22.9k
{
453
22.9k
    memcpy( pbResult, puData, 4*cuData );
454
22.9k
}
Unexecuted instantiation: mlkem.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: mlkem_primitives.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: modexp.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: pbkdf2.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: rc4.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: recoding.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: rsa_enc.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: rsa_padding.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: rsakey.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: scsTools.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: selftest.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha1.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha256.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha3_256.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha3_384.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha3_512.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha512.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: shake.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sp800_108.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: tlsprf.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: xmss.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: xtsaes.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: AesTables.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ScsTable.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: aes-asm.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: aes-c.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: crt.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: dh.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: dl_internal_groups.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: dlgroup.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: dlkey.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: dsa.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_dh.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_dispatch.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_montgomery.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_mul.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: gen_int.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: hash.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: marvin32.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: primes.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha256-xmm.c:SymCryptUint32ToLsbFirst
Unexecuted instantiation: sha3.c:SymCryptUint32ToLsbFirst
455
456
FORCEINLINE
457
VOID
458
SYMCRYPT_CALL
459
SymCryptLsbFirstToUint32( _In_reads_(4*cuResult) PCBYTE  pbData,
460
                          _Out_writes_(cuResult) PUINT32 puResult,
461
                                                 SIZE_T  cuResult )
462
0
{
463
0
    memcpy( puResult, pbData, 4*cuResult );
464
0
}
Unexecuted instantiation: 3des.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: DesTables.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: a_dispatch.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: aes-default-bc.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: aes-default.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: aes-key.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: aes-xmm.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: aes-ymm.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: blockciphermodes.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ccm.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: chacha20.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: desx.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_dsa.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_internal_curves.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: eckey.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ecpoint.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ecurve.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: equal.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: fdef369_mod.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: fdef_general.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: fdef_int.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: fdef_mod.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: fips_selftest.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: gcm.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ghash.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: hkdf.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: hmacmd5.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: hmacsha1.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: hmacsha256.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: hmacsha384.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: hmacsha512.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: libmain.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: md2.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: md4.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: md5.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: mlkem.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: mlkem_primitives.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: modexp.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: pbkdf2.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: rc4.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: recoding.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: rsa_enc.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: rsa_padding.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: rsakey.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: scsTools.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: selftest.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha1.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha256.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha3_256.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha3_384.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha3_512.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha512.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: shake.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sp800_108.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: tlsprf.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: xmss.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: xtsaes.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: AesTables.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ScsTable.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: aes-asm.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: aes-c.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: crt.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: dh.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: dl_internal_groups.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: dlgroup.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: dlkey.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: dsa.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_dh.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_dispatch.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_montgomery.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_mul.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: gen_int.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: hash.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: marvin32.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: primes.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha256-xmm.c:SymCryptLsbFirstToUint32
Unexecuted instantiation: sha3.c:SymCryptLsbFirstToUint32
465
466
#else // not (AMD64_ or X86_ or ARM or ARM64)
467
468
FORCEINLINE
469
VOID
470
SYMCRYPT_CALL
471
SymCryptUint32ToLsbFirst( _In_reads_(cuData)     PCUINT32 puData,
472
                          _Out_writes_(4*cuData) PBYTE    pbResult,
473
                                                 SIZE_T   cuData )
474
{
475
    while( cuData != 0 )
476
    {
477
        SYMCRYPT_STORE_LSBFIRST32( pbResult, *puData );
478
        puData++;
479
        pbResult += 4;
480
        cuData--;
481
    }
482
}
483
484
FORCEINLINE
485
VOID
486
SYMCRYPT_CALL
487
SymCryptLsbFirstToUint32( _In_reads_(4*cuResult) PCBYTE  pbData,
488
                          _Out_writes_(cuResult) PUINT32 puResult,
489
                                                 SIZE_T  cuResult )
490
{
491
    while( cuResult != 0 )
492
    {
493
        *puResult = SYMCRYPT_LOAD_LSBFIRST32( pbData );
494
        pbData += 4;
495
        puResult++;
496
        cuResult--;
497
    }
498
}
499
500
#endif // Platform switch for SymCryptUint32ToLsbFirst
501
502
503
//
504
// SymCryptUint64ToLsbFirst & SymCryptLsbFirstToUint64
505
// These are used by Keccak.
506
//
507
#if SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM | SYMCRYPT_CPU_ARM64
508
509
//
510
// On AMD64, X86, and ARM this is just a memcpy
511
//
512
FORCEINLINE
513
VOID
514
SYMCRYPT_CALL
515
SymCryptUint64ToLsbFirst( _In_reads_(cuData)     PCUINT64 puData,
516
                          _Out_writes_(8*cuData) PBYTE    pbResult,
517
                                                 SIZE_T   cuData )
518
519
0
{
520
0
    memcpy( pbResult, puData, 8*cuData );
521
0
}
Unexecuted instantiation: 3des.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: DesTables.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: a_dispatch.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: aes-default-bc.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: aes-default.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: aes-key.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: aes-xmm.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: aes-ymm.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: blockciphermodes.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ccm.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: chacha20.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: desx.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_dsa.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_internal_curves.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: eckey.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ecpoint.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ecurve.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: equal.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: fdef369_mod.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: fdef_general.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: fdef_int.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: fdef_mod.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: fips_selftest.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: gcm.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ghash.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: hkdf.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: hmacmd5.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: hmacsha1.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: hmacsha256.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: hmacsha384.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: hmacsha512.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: libmain.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: md2.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: md4.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: md5.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: mlkem.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: mlkem_primitives.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: modexp.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: pbkdf2.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: rc4.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: recoding.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: rsa_enc.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: rsa_padding.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: rsakey.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: scsTools.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: selftest.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha1.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha256.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha3_256.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha3_384.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha3_512.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha512.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: shake.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sp800_108.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: tlsprf.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: xmss.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: xtsaes.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: AesTables.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ScsTable.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: aes-asm.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: aes-c.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: crt.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: dh.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: dl_internal_groups.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: dlgroup.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: dlkey.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: dsa.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_dh.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_dispatch.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_montgomery.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_mul.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: gen_int.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: hash.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: marvin32.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: primes.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha256-xmm.c:SymCryptUint64ToLsbFirst
Unexecuted instantiation: sha3.c:SymCryptUint64ToLsbFirst
522
523
FORCEINLINE
524
VOID
525
SYMCRYPT_CALL
526
SymCryptLsbFirstToUint64( _In_reads_(8*cuResult) PCBYTE  pbData,
527
                          _Out_writes_(cuResult) PUINT64 puResult,
528
                                                 SIZE_T  cuResult )
529
0
{
530
0
    memcpy( puResult, pbData, 8*cuResult );
531
0
}
Unexecuted instantiation: 3des.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: DesTables.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: a_dispatch.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: aes-default-bc.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: aes-default.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: aes-key.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: aes-xmm.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: aes-ymm.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: blockciphermodes.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ccm.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: chacha20.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: desx.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_dsa.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_internal_curves.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: eckey.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ecpoint.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ecurve.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: equal.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: fdef369_mod.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: fdef_general.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: fdef_int.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: fdef_mod.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: fips_selftest.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: gcm.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ghash.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: hkdf.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: hmacmd5.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: hmacsha1.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: hmacsha256.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: hmacsha384.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: hmacsha512.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: libmain.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: md2.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: md4.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: md5.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: mlkem.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: mlkem_primitives.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: modexp.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: pbkdf2.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: rc4.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: recoding.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: rsa_enc.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: rsa_padding.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: rsakey.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: scsTools.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: selftest.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha1.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha256.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha3_256.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha3_384.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha3_512.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha512.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: shake.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sp800_108.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: tlsprf.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: xmss.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: xtsaes.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: AesTables.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ScsTable.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: aes-asm.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: aes-c.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: crt.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: dh.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: dl_internal_groups.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: dlgroup.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: dlkey.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: dsa.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_dh.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_dispatch.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_montgomery.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_mul.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: gen_int.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: hash.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: marvin32.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: primes.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha256-xmm.c:SymCryptLsbFirstToUint64
Unexecuted instantiation: sha3.c:SymCryptLsbFirstToUint64
532
533
#else // not (AMD64_ or X86_ or ARM or ARM64)
534
535
FORCEINLINE
536
VOID
537
SYMCRYPT_CALL
538
SymCryptUint64ToLsbFirst( _In_reads_(cuData)     PCUINT64 puData,
539
                          _Out_writes_(8*cuData) PBYTE    pbResult,
540
                                                 SIZE_T   cuData )
541
{
542
    while( cuData != 0 )
543
    {
544
        SYMCRYPT_STORE_LSBFIRST64( pbResult, *puData );
545
        puData++;
546
        pbResult += 8;
547
        cuData--;
548
    }
549
}
550
551
FORCEINLINE
552
VOID
553
SYMCRYPT_CALL
554
SymCryptLsbFirstToUint64( _In_reads_(8*cuResult) PCBYTE  pbData,
555
                          _Out_writes_(cuResult) PUINT64 puResult,
556
                                                 SIZE_T  cuResult )
557
{
558
    while( cuResult != 0 )
559
    {
560
        *puResult = SYMCRYPT_LOAD_LSBFIRST64( pbData );
561
        pbData += 8;
562
        puResult++;
563
        cuResult--;
564
    }
565
}
566
567
#endif // Platform switch for SymCryptUint64ToLsbFirst & SymCryptLsbFirstToUint64
568
569
570
//
571
// SymCryptUint64ToMsbFirst & SymCryptMsbFirstToUint64
572
//
573
FORCEINLINE
574
VOID
575
SYMCRYPT_CALL
576
SymCryptUint64ToMsbFirst( _In_reads_(cuData)     PCUINT64    puData,
577
                          _Out_writes_(8*cuData) PBYTE       pbResult,
578
                                                 SIZE_T      cuData )
579
28.7k
{
580
258k
    while( cuData != 0 )
581
229k
    {
582
229k
        SYMCRYPT_STORE_MSBFIRST64( pbResult, *puData );
583
229k
        pbResult += 8;
584
229k
        puData ++;
585
229k
        cuData --;
586
229k
    }
587
28.7k
}
Unexecuted instantiation: 3des.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: DesTables.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: a_dispatch.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: aes-default-bc.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: aes-default.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: aes-key.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: aes-xmm.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: aes-ymm.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: blockciphermodes.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ccm.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: chacha20.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: desx.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_dsa.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_internal_curves.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: eckey.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ecpoint.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ecurve.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: equal.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: fdef369_mod.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: fdef_general.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: fdef_int.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: fdef_mod.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: fips_selftest.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: gcm.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ghash.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: hkdf.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: hmacmd5.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: hmacsha1.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: hmacsha256.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: hmacsha384.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: hmacsha512.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: libmain.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: md2.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: md4.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: md5.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: mlkem.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: mlkem_primitives.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: modexp.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: pbkdf2.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: rc4.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: recoding.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: rsa_enc.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: rsa_padding.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: rsakey.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: scsTools.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: selftest.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sha1.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sha256.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sha3_256.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sha3_384.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sha3_512.c:SymCryptUint64ToMsbFirst
sha512.c:SymCryptUint64ToMsbFirst
Line
Count
Source
579
28.7k
{
580
258k
    while( cuData != 0 )
581
229k
    {
582
229k
        SYMCRYPT_STORE_MSBFIRST64( pbResult, *puData );
583
229k
        pbResult += 8;
584
229k
        puData ++;
585
229k
        cuData --;
586
229k
    }
587
28.7k
}
Unexecuted instantiation: shake.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sp800_108.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: tlsprf.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: xmss.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: xtsaes.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: AesTables.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ScsTable.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: aes-asm.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: aes-c.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: crt.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: dh.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: dl_internal_groups.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: dlgroup.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: dlkey.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: dsa.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_dh.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_dispatch.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_montgomery.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_mul.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: gen_int.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: hash.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: marvin32.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: primes.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sha256-xmm.c:SymCryptUint64ToMsbFirst
Unexecuted instantiation: sha3.c:SymCryptUint64ToMsbFirst
588
589
FORCEINLINE
590
VOID
591
SYMCRYPT_CALL
592
SymCryptMsbFirstToUint64( _In_reads_(8*cuResult) PCBYTE      pbData,
593
                          _Out_writes_(cuResult) PUINT64  puResult,
594
                                                 SIZE_T      cuResult )
595
0
{
596
0
    while( cuResult != 0 )
597
0
    {
598
0
        *puResult = SYMCRYPT_LOAD_MSBFIRST64( pbData );
599
0
        puResult++;
600
0
        pbData += 8;
601
0
        cuResult--;
602
0
    }
603
0
}
Unexecuted instantiation: 3des.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: DesTables.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: a_dispatch.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: aes-default-bc.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: aes-default.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: aes-key.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: aes-xmm.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: aes-ymm.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: blockciphermodes.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ccm.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: chacha20.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: desx.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_dsa.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_internal_curves.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: eckey.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ecpoint.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ecurve.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: equal.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: fdef369_mod.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: fdef_general.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: fdef_int.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: fdef_mod.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: fips_selftest.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: gcm.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ghash.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: hkdf.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: hmacmd5.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: hmacsha1.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: hmacsha256.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: hmacsha384.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: hmacsha512.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: libmain.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: md2.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: md4.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: md5.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: mlkem.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: mlkem_primitives.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: modexp.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: pbkdf2.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: rc4.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: recoding.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: rsa_enc.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: rsa_padding.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: rsakey.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: scsTools.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: selftest.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha1.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha256.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha3_256.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha3_384.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha3_512.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha512.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: shake.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sp800_108.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: tlsprf.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: xmss.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: xtsaes.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: AesTables.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ScsTable.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: aes-asm.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: aes-c.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: crt.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: dh.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: dl_internal_groups.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: dlgroup.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: dlkey.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: dsa.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_dh.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_dispatch.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_montgomery.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_mul.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: gen_int.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: hash.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: marvin32.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: primes.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha256-xmm.c:SymCryptMsbFirstToUint64
Unexecuted instantiation: sha3.c:SymCryptMsbFirstToUint64
604
605
////////////////////////////////////////////////////////////////////////////////////
606
//  Internal function prototypes
607
//
608
609
//
610
// SymCryptSha1AppendBlocks
611
//
612
// Updates the chaining state of the hash function with one or more blocks of data.
613
// Each block is 64 bytes long, the natural size of a SHA256 input block.
614
//
615
// cbData must be a multiple of 64.
616
//
617
VOID
618
SYMCRYPT_CALL
619
SymCryptSha1AppendBlocks(
620
    _Inout_                 SYMCRYPT_SHA1_CHAINING_STATE  * pChain,
621
    _In_reads_( cbData )    PCBYTE                          pbData,
622
                            SIZE_T                          cbData,
623
    _Out_                   SIZE_T                        * pcbRemaining );
624
625
//
626
// SymCryptSha256AppendBlocks
627
//
628
// Updates the chaining state of the hash function with one or more blocks of data.
629
// Each block is 64 bytes long, the natural size of a SHA256 input block.
630
//
631
// cbData must be a multiple of 64.
632
//
633
VOID
634
SYMCRYPT_CALL
635
SymCryptSha256AppendBlocks(
636
    _Inout_                 SYMCRYPT_SHA256_CHAINING_STATE    * pChain,
637
    _In_reads_( cbData )    PCBYTE                              pbData,
638
                            SIZE_T                              cbData,
639
    _Out_                   SIZE_T                            * pcbRemaining );
640
641
// Intrinsics implementation processing 4 message blocks in parallel using XMM registers
642
VOID
643
SYMCRYPT_CALL
644
SymCryptSha256AppendBlocks_xmm_4blocks(
645
    _Inout_                 SYMCRYPT_SHA256_CHAINING_STATE    * pChain,
646
    _In_reads_( cbData )    PCBYTE                              pbData,
647
                            SIZE_T                              cbData,
648
    _Out_                   SIZE_T                            * pcbRemaining );
649
650
// Assembly implementation processing 4 message blocks in parallel using XMM registers
651
VOID
652
SYMCRYPT_CALL
653
SymCryptSha256AppendBlocks_xmm_ssse3_asm(
654
    _Inout_                 SYMCRYPT_SHA256_CHAINING_STATE    * pChain,
655
    _In_reads_( cbData )    PCBYTE                              pbData,
656
                            SIZE_T                              cbData,
657
    _Out_                   SIZE_T                            * pcbRemaining );
658
659
// Intrinsics implementation processing 8 message blocks in parallel using YMM registers
660
VOID
661
SYMCRYPT_CALL
662
SymCryptSha256AppendBlocks_ymm_8blocks(
663
    _Inout_                 SYMCRYPT_SHA256_CHAINING_STATE    * pChain,
664
    _In_reads_( cbData )    PCBYTE                              pbData,
665
                            SIZE_T                              cbData,
666
    _Out_                   SIZE_T                            * pcbRemaining );
667
668
// Assembly implementation processing 8 message blocks in parallel using YMM registers
669
VOID
670
SYMCRYPT_CALL
671
SymCryptSha256AppendBlocks_ymm_avx2_asm(
672
    _Inout_                 SYMCRYPT_SHA256_CHAINING_STATE    * pChain,
673
    _In_reads_( cbData )    PCBYTE                              pbData,
674
                            SIZE_T                              cbData,
675
    _Out_                   SIZE_T                            * pcbRemaining );
676
677
678
//
679
// SymCryptSha512AppendBlocks
680
//
681
// Updates the chaining state of the hash function with one or more blocks of data.
682
// Each block is 128 bytes long, the natural size of a SHA512 input block.
683
//
684
// cbData must be a multiple of 128.
685
//
686
VOID
687
SYMCRYPT_CALL
688
SymCryptSha512AppendBlocks(
689
    _Inout_                 SYMCRYPT_SHA512_CHAINING_STATE    * pChain,
690
    _In_reads_( cbData )    PCBYTE                              pbData,
691
                            SIZE_T                              cbData,
692
    _Out_                   SIZE_T                            * pcbRemaining );
693
694
695
VOID
696
SYMCRYPT_CALL
697
SymCryptSha512AppendBlocks_xmm(
698
    _Inout_                 SYMCRYPT_SHA512_CHAINING_STATE  *   pChain,
699
    _In_reads_(cbData)      PCBYTE                              pbData,
700
                            SIZE_T                              cbData,
701
    _Out_                   SIZE_T                            * pcbRemaining );
702
703
// Intrinsics implementation using YMM registers
704
VOID
705
SYMCRYPT_CALL
706
SymCryptSha512AppendBlocks_ymm_1block(
707
    _Inout_                 SYMCRYPT_SHA512_CHAINING_STATE  *   pChain,
708
    _In_reads_(cbData)      PCBYTE                              pbData,
709
                            SIZE_T                              cbData,
710
    _Out_                   SIZE_T                            * pcbRemaining );
711
712
// Intrinsics implementation processing 2 message blocks in parallel using YMM registers
713
VOID
714
SYMCRYPT_CALL
715
SymCryptSha512AppendBlocks_ymm_2blocks(
716
    _Inout_                 SYMCRYPT_SHA512_CHAINING_STATE  *   pChain,
717
    _In_reads_(cbData)      PCBYTE                              pbData,
718
                            SIZE_T                              cbData,
719
    _Out_                   SIZE_T                            * pcbRemaining );
720
721
// Intrinsics implementation processing 4 message blocks in parallel using YMM registers
722
VOID
723
SYMCRYPT_CALL
724
SymCryptSha512AppendBlocks_ymm_4blocks(
725
    _Inout_                 SYMCRYPT_SHA512_CHAINING_STATE  *   pChain,
726
    _In_reads_(cbData)      PCBYTE                              pbData,
727
                            SIZE_T                              cbData,
728
    _Out_                   SIZE_T                            * pcbRemaining );
729
730
// Assembly implementation processing 4 message blocks in parallel using YMM registers
731
VOID
732
SYMCRYPT_CALL
733
SymCryptSha512AppendBlocks_ymm_avx2_asm(
734
    _Inout_                 SYMCRYPT_SHA512_CHAINING_STATE  *   pChain,
735
    _In_reads_(cbData)      PCBYTE                              pbData,
736
                            SIZE_T                              cbData,
737
    _Out_                   SIZE_T                            * pcbRemaining );
738
739
// Assembly implementation processing 4 message blocks in parallel using YMM registers with AVX512 instruction set
740
VOID
741
SYMCRYPT_CALL
742
SymCryptSha512AppendBlocks_ymm_avx512vl_asm(
743
    _Inout_                 SYMCRYPT_SHA512_CHAINING_STATE  *   pChain,
744
    _In_reads_(cbData)      PCBYTE                              pbData,
745
                            SIZE_T                              cbData,
746
    _Out_                   SIZE_T                            * pcbRemaining );
747
748
749
750
751
//
752
// SymCryptMd5AppendBlocks
753
//
754
// Updates the chaining state of the hash function with one or more blocks of data.
755
// Each block is 64 bytes long, the natural size of a MD5 input block.
756
//
757
// cbData must be a multiple of 64.
758
//
759
VOID
760
SYMCRYPT_CALL
761
SymCryptMd5AppendBlocks(
762
    _Inout_                 SYMCRYPT_MD5_CHAINING_STATE   * pChain,
763
    _In_reads_( cbData )    PCBYTE                          pbData,
764
                            SIZE_T                          cbData,
765
    _Out_                   SIZE_T                        * pcbRemaining );
766
767
768
//
769
// SymCryptMd4AppendBlocks
770
//
771
// Updates the chaining state of the hash function with one or more blocks of data.
772
// Each block is 64 bytes long, the natural size of a MD5 input block.
773
//
774
// cbData must be a multiple of 64.
775
//
776
VOID
777
SYMCRYPT_CALL
778
SymCryptMd4AppendBlocks(
779
    _Inout_                 SYMCRYPT_MD4_CHAINING_STATE   * pChain,
780
    _In_reads_( cbData )    PCBYTE                          pbData,
781
                            SIZE_T                          cbData,
782
    _Out_                   SIZE_T                        * pcbRemaining );
783
784
785
//
786
// SymCryptMd2AppendBlock
787
//
788
// Update the C and X state based on the message block in the buffer.
789
//
790
VOID
791
SYMCRYPT_CALL
792
SymCryptMd2AppendBlocks(
793
    _Inout_                 SYMCRYPT_MD2_CHAINING_STATE   * pChain,
794
    _In_reads_( cbData )    PCBYTE                          pbData,
795
                            SIZE_T                          cbData,
796
    _Out_                   SIZE_T                        * pcbRemaining );
797
798
799
//
800
// SymCryptUint32ToMsbFirst
801
//
802
// Convert an array of UINT32s to 4-byte values stored MSB first (big-endian) conversion.
803
// Note that the count is the number of UINT32s to convert, not the number
804
// of bytes. This is somewhat unusual, but it avoids any confusion about
805
// converting an odd number of bytes.
806
//
807
VOID
808
SYMCRYPT_CALL
809
SymCryptUint32ToMsbFirst( _In_reads_(cuData)     PCUINT32 puData,
810
                          _Out_writes_(4*cuData) PBYTE    pbResult,
811
                                                 SIZE_T   cuData );
812
813
//
814
// SymCryptUint32ToLsbFirst
815
//
816
// Convert an array of UINT32s to 4-byte values stored LSB first (little-endian) conversion.
817
// Note that the count is the number of UINT32s to convert, not the number
818
// of bytes. This is somewhat unusual, but it avoids any confusion about
819
// converting an odd number of bytes.
820
//
821
VOID
822
SYMCRYPT_CALL
823
SymCryptUint32ToLsbFirst( _In_reads_(cuData)     PCUINT32 puData,
824
                          _Out_writes_(4*cuData) PBYTE    pbResult,
825
                                                 SIZE_T   cuData );
826
827
//
828
// SymCryptMsbFirstToUint32
829
//
830
// Convert an array of 4-byte values stored MSB first to an array of UINT32s
831
// (big-endian) conversion.
832
// Note that the count is the number of UINT32s to convert, not the number
833
// of bytes. This is somewhat unusual, but it avoids any confusion about
834
// converting an odd number of bytes.
835
//
836
VOID
837
SYMCRYPT_CALL
838
SymCryptMsbFirstToUint32( _In_reads_(4*cuResult) PCBYTE   pbData,
839
                          _Out_writes_(cuResult) PUINT32  puResult,
840
                                                 SIZE_T   cuResult );
841
842
//
843
// SymCryptLsbFirstToUint32
844
//
845
// Convert an array of 4-byte values stored LSB first to an array of UINT32s
846
// (little-endian) conversion.
847
// Note that the count is the number of UINT32s to convert, not the number
848
// of bytes. This is somewhat unusual, but it avoids any confusion about
849
// converting an odd number of bytes.
850
//
851
VOID
852
SYMCRYPT_CALL
853
SymCryptLsbFirstToUint32( _In_reads_(4*cuResult) PCBYTE  pbData,
854
                          _Out_writes_(cuResult) PUINT32 puResult,
855
                                                 SIZE_T  cuResult );
856
857
//
858
// SymCryptUint64ToMsbFirst
859
//
860
// Convert an array of UINT64s to an array of bytes using the MSB first
861
// (big-endian) conversion.
862
//
863
VOID
864
SYMCRYPT_CALL
865
SymCryptUint64ToMsbFirst( _In_reads_(cuData)     PCUINT64    puData,
866
                          _Out_writes_(8*cuData) PBYTE       pbResult,
867
                                                 SIZE_T      cuData );
868
869
//
870
// SymCryptMsbFirstToUint64
871
//
872
// Convert an array of 4-byte values stored MSB first to an array of UINT64s
873
// (big-endian) conversion.
874
// Note that the count is the number of UINT64s to convert, not the number
875
// of bytes. This is somewhat unusual, but it avoids any confusion about
876
// converting an odd number of bytes.
877
//
878
VOID
879
SYMCRYPT_CALL
880
SymCryptMsbFirstToUint64( _In_reads_(8*cuResult) PCBYTE      pbData,
881
                          _Out_writes_(cuResult) PUINT64      puResult,
882
                                                 SIZE_T      cuResult );
883
884
885
886
//============================================================================
887
// HMAC macros and inline functions.
888
//
889
4.97k
#define REPEAT_BYTE_TO_UINT32( x ) (((UINT32)x << 24) | ((UINT32)x << 16) | ((UINT32)x << 8) | x)
890
2.48k
#define REPEAT_BYTE_TO_UINT64( x ) ( ((UINT64)REPEAT_BYTE_TO_UINT32(x) << 32) | REPEAT_BYTE_TO_UINT32(x) )
891
892
//
893
// The XorByteIntoBuffer function is a platform-optimized function to xor a byte
894
// repeatedly into a buffer.
895
// Note that the buffer length must be a multiple of 8.
896
//
897
#if SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM | SYMCRYPT_CPU_ARM64
898
FORCEINLINE
899
VOID
900
SYMCRYPT_CALL
901
XorByteIntoBuffer( _Inout_updates_( 8*cqBuf ) PBYTE pbBuf, SIZE_T cqBuf, BYTE v )
902
2.48k
{
903
2.48k
    SIZE_T i;
904
2.48k
    const UINT64 v64 = REPEAT_BYTE_TO_UINT64( v );
905
906
30.6k
    for( i=0; i<cqBuf; i++ )
907
28.1k
    {
908
28.1k
        ((UINT64 *)pbBuf)[i] ^= v64;
909
28.1k
    }
910
2.48k
}
Unexecuted instantiation: 3des.c:XorByteIntoBuffer
Unexecuted instantiation: DesTables.c:XorByteIntoBuffer
Unexecuted instantiation: a_dispatch.c:XorByteIntoBuffer
Unexecuted instantiation: aes-default-bc.c:XorByteIntoBuffer
Unexecuted instantiation: aes-default.c:XorByteIntoBuffer
Unexecuted instantiation: aes-key.c:XorByteIntoBuffer
Unexecuted instantiation: aes-xmm.c:XorByteIntoBuffer
Unexecuted instantiation: aes-ymm.c:XorByteIntoBuffer
Unexecuted instantiation: blockciphermodes.c:XorByteIntoBuffer
Unexecuted instantiation: ccm.c:XorByteIntoBuffer
Unexecuted instantiation: chacha20.c:XorByteIntoBuffer
Unexecuted instantiation: desx.c:XorByteIntoBuffer
Unexecuted instantiation: ec_dsa.c:XorByteIntoBuffer
Unexecuted instantiation: ec_internal_curves.c:XorByteIntoBuffer
Unexecuted instantiation: eckey.c:XorByteIntoBuffer
Unexecuted instantiation: ecpoint.c:XorByteIntoBuffer
Unexecuted instantiation: ecurve.c:XorByteIntoBuffer
Unexecuted instantiation: equal.c:XorByteIntoBuffer
Unexecuted instantiation: fdef369_mod.c:XorByteIntoBuffer
Unexecuted instantiation: fdef_general.c:XorByteIntoBuffer
Unexecuted instantiation: fdef_int.c:XorByteIntoBuffer
Unexecuted instantiation: fdef_mod.c:XorByteIntoBuffer
Unexecuted instantiation: fips_selftest.c:XorByteIntoBuffer
Unexecuted instantiation: gcm.c:XorByteIntoBuffer
Unexecuted instantiation: ghash.c:XorByteIntoBuffer
Unexecuted instantiation: hkdf.c:XorByteIntoBuffer
hmacmd5.c:XorByteIntoBuffer
Line
Count
Source
902
430
{
903
430
    SIZE_T i;
904
430
    const UINT64 v64 = REPEAT_BYTE_TO_UINT64( v );
905
906
3.87k
    for( i=0; i<cqBuf; i++ )
907
3.44k
    {
908
3.44k
        ((UINT64 *)pbBuf)[i] ^= v64;
909
3.44k
    }
910
430
}
hmacsha1.c:XorByteIntoBuffer
Line
Count
Source
902
584
{
903
584
    SIZE_T i;
904
584
    const UINT64 v64 = REPEAT_BYTE_TO_UINT64( v );
905
906
5.25k
    for( i=0; i<cqBuf; i++ )
907
4.67k
    {
908
4.67k
        ((UINT64 *)pbBuf)[i] ^= v64;
909
4.67k
    }
910
584
}
hmacsha256.c:XorByteIntoBuffer
Line
Count
Source
902
440
{
903
440
    SIZE_T i;
904
440
    const UINT64 v64 = REPEAT_BYTE_TO_UINT64( v );
905
906
3.96k
    for( i=0; i<cqBuf; i++ )
907
3.52k
    {
908
3.52k
        ((UINT64 *)pbBuf)[i] ^= v64;
909
3.52k
    }
910
440
}
hmacsha384.c:XorByteIntoBuffer
Line
Count
Source
902
446
{
903
446
    SIZE_T i;
904
446
    const UINT64 v64 = REPEAT_BYTE_TO_UINT64( v );
905
906
7.58k
    for( i=0; i<cqBuf; i++ )
907
7.13k
    {
908
7.13k
        ((UINT64 *)pbBuf)[i] ^= v64;
909
7.13k
    }
910
446
}
hmacsha512.c:XorByteIntoBuffer
Line
Count
Source
902
586
{
903
586
    SIZE_T i;
904
586
    const UINT64 v64 = REPEAT_BYTE_TO_UINT64( v );
905
906
9.96k
    for( i=0; i<cqBuf; i++ )
907
9.37k
    {
908
9.37k
        ((UINT64 *)pbBuf)[i] ^= v64;
909
9.37k
    }
910
586
}
Unexecuted instantiation: libmain.c:XorByteIntoBuffer
Unexecuted instantiation: md2.c:XorByteIntoBuffer
Unexecuted instantiation: md4.c:XorByteIntoBuffer
Unexecuted instantiation: md5.c:XorByteIntoBuffer
Unexecuted instantiation: mlkem.c:XorByteIntoBuffer
Unexecuted instantiation: mlkem_primitives.c:XorByteIntoBuffer
Unexecuted instantiation: modexp.c:XorByteIntoBuffer
Unexecuted instantiation: pbkdf2.c:XorByteIntoBuffer
Unexecuted instantiation: rc4.c:XorByteIntoBuffer
Unexecuted instantiation: recoding.c:XorByteIntoBuffer
Unexecuted instantiation: rsa_enc.c:XorByteIntoBuffer
Unexecuted instantiation: rsa_padding.c:XorByteIntoBuffer
Unexecuted instantiation: rsakey.c:XorByteIntoBuffer
Unexecuted instantiation: scsTools.c:XorByteIntoBuffer
Unexecuted instantiation: selftest.c:XorByteIntoBuffer
Unexecuted instantiation: sha1.c:XorByteIntoBuffer
Unexecuted instantiation: sha256.c:XorByteIntoBuffer
Unexecuted instantiation: sha3_256.c:XorByteIntoBuffer
Unexecuted instantiation: sha3_384.c:XorByteIntoBuffer
Unexecuted instantiation: sha3_512.c:XorByteIntoBuffer
Unexecuted instantiation: sha512.c:XorByteIntoBuffer
Unexecuted instantiation: shake.c:XorByteIntoBuffer
Unexecuted instantiation: sp800_108.c:XorByteIntoBuffer
Unexecuted instantiation: tlsprf.c:XorByteIntoBuffer
Unexecuted instantiation: xmss.c:XorByteIntoBuffer
Unexecuted instantiation: xtsaes.c:XorByteIntoBuffer
Unexecuted instantiation: AesTables.c:XorByteIntoBuffer
Unexecuted instantiation: ScsTable.c:XorByteIntoBuffer
Unexecuted instantiation: aes-asm.c:XorByteIntoBuffer
Unexecuted instantiation: aes-c.c:XorByteIntoBuffer
Unexecuted instantiation: crt.c:XorByteIntoBuffer
Unexecuted instantiation: dh.c:XorByteIntoBuffer
Unexecuted instantiation: dl_internal_groups.c:XorByteIntoBuffer
Unexecuted instantiation: dlgroup.c:XorByteIntoBuffer
Unexecuted instantiation: dlkey.c:XorByteIntoBuffer
Unexecuted instantiation: dsa.c:XorByteIntoBuffer
Unexecuted instantiation: ec_dh.c:XorByteIntoBuffer
Unexecuted instantiation: ec_dispatch.c:XorByteIntoBuffer
Unexecuted instantiation: ec_montgomery.c:XorByteIntoBuffer
Unexecuted instantiation: ec_mul.c:XorByteIntoBuffer
Unexecuted instantiation: ec_short_weierstrass.c:XorByteIntoBuffer
Unexecuted instantiation: ec_twisted_edwards.c:XorByteIntoBuffer
Unexecuted instantiation: gen_int.c:XorByteIntoBuffer
Unexecuted instantiation: hash.c:XorByteIntoBuffer
Unexecuted instantiation: marvin32.c:XorByteIntoBuffer
Unexecuted instantiation: primes.c:XorByteIntoBuffer
Unexecuted instantiation: sha256-xmm.c:XorByteIntoBuffer
Unexecuted instantiation: sha3.c:XorByteIntoBuffer
911
#else
912
FORCEINLINE
913
VOID
914
SYMCRYPT_CALL
915
XorByteIntoBuffer( _Inout_updates_( 8*cqBuf ) PBYTE pbBuf, SIZE_T cqBuf, BYTE v )
916
{
917
    SIZE_T i;
918
919
    for( i=0; i<8*cqBuf; i++ )
920
    {
921
        pbBuf[i] ^= v;
922
    }
923
}
924
#endif
925
926
//
927
// GHASH
928
//
929
930
VOID
931
SYMCRYPT_CALL
932
SymCryptGHashExpandKey(
933
    _Out_                                       PSYMCRYPT_GHASH_EXPANDED_KEY    expandedKey,
934
    _In_reads_( SYMCRYPT_GF128_BLOCK_SIZE )     PCBYTE                          pH );
935
936
VOID
937
SYMCRYPT_CALL
938
SymCryptGHashExpandKeyC(
939
    _Out_writes_( SYMCRYPT_GF128_FIELD_SIZE )   PSYMCRYPT_GF128_ELEMENT expandedKey,
940
    _In_reads_( SYMCRYPT_GF128_BLOCK_SIZE )     PCBYTE                  pH );
941
942
VOID
943
SYMCRYPT_CALL
944
SymCryptGHashExpandKeyX86(
945
    _Out_                                   PSYMCRYPT_GHASH_EXPANDED_KEY    expandedKey,
946
   _In_reads_( SYMCRYPT_GF128_BLOCK_SIZE )  PCBYTE                          pH );
947
948
VOID
949
SYMCRYPT_CALL
950
SymCryptGHashExpandKeyAmd64(
951
    _Out_writes_( SYMCRYPT_GF128_FIELD_SIZE )   PSYMCRYPT_GF128_ELEMENT expandedKey,
952
    _In_reads_( SYMCRYPT_GF128_BLOCK_SIZE )     PCBYTE                  pH );
953
954
//
955
// For all GHashAppendData functions, data will be appended in multiples of SYMCRYPT_GF128_BLOCK_SIZE.
956
// If the data is not a multiple of SYMCRYPT_GF128_BLOCK_SIZE, any remaining data will be ignored.
957
//
958
959
VOID
960
SYMCRYPT_CALL
961
SymCryptGHashAppendData(
962
    _In_                    PCSYMCRYPT_GHASH_EXPANDED_KEY   expandedKey,
963
    _Inout_                 PSYMCRYPT_GF128_ELEMENT         pState,
964
    _In_reads_( cbData )    PCBYTE                          pbData,
965
                            SIZE_T                          cbData );
966
967
VOID
968
SYMCRYPT_CALL
969
SymCryptGHashAppendDataC(
970
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE )     PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
971
    _Inout_                                     PSYMCRYPT_GF128_ELEMENT     pState,
972
    _In_reads_( cbData )                        PCBYTE                      pbData,
973
                                                SIZE_T                      cbData );
974
975
VOID
976
SYMCRYPT_CALL
977
SymCryptGHashAppendDataXmm(
978
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
979
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
980
    _In_reads_( cbData )                    PCBYTE                      pbData,
981
                                            SIZE_T                      cbData );
982
983
VOID
984
SYMCRYPT_CALL
985
SymCryptGHashAppendDataNeon(
986
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE )     PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
987
    _Inout_                                     PSYMCRYPT_GF128_ELEMENT     pState,
988
    _In_reads_( cbData )                        PCBYTE                      pbData,
989
                                                SIZE_T                      cbData );
990
991
VOID
992
SYMCRYPT_CALL
993
SymCryptGHashAppendDataPclmulqdq(
994
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
995
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
996
    _In_reads_( cbData )                    PCBYTE                      pbData,
997
                                            SIZE_T                      cbData );
998
999
VOID
1000
SYMCRYPT_CALL
1001
SymCryptGHashResult(
1002
    _In_                                        PCSYMCRYPT_GF128_ELEMENT    pState,
1003
    _Out_writes_( SYMCRYPT_GF128_BLOCK_SIZE )   PBYTE                       pbResult );
1004
1005
1006
VOID
1007
SYMCRYPT_CALL
1008
SymCryptMarvin32AppendBlocks(
1009
    _Inout_                 PSYMCRYPT_MARVIN32_CHAINING_STATE   pChain,
1010
    _In_reads_( cbData )    PCBYTE                              pbData,
1011
                            SIZE_T                              cbData );
1012
1013
1014
1015
1016
extern const BYTE SymCryptTestMsg3[3];
1017
extern const BYTE SymCryptTestMsg16[16];
1018
extern const BYTE SymCryptTestKey32[32];
1019
1020
VOID
1021
SYMCRYPT_CALL
1022
SymCryptInjectError( PBYTE pbData, SIZE_T cbData );
1023
1024
1025
#define SYMCRYPT_CPUID_DETECT_FLAG_CHECK_OS_SUPPORT_FOR_YMM  1      // enable checking of OSXSAVE bit & XGETBV logic
1026
1027
VOID
1028
SYMCRYPT_CALL
1029
SymCryptDetectCpuFeaturesByCpuid( UINT32 flags );
1030
1031
VOID
1032
SYMCRYPT_CALL
1033
SymCryptDetectCpuFeaturesFromRegisters(void);
1034
1035
VOID
1036
SYMCRYPT_CALL
1037
SymCryptDetectCpuFeaturesFromRegistersNoTry(void);
1038
1039
VOID
1040
SYMCRYPT_CALL
1041
SymCryptDetectCpuFeaturesFromIsProcessorFeaturePresent(void);
1042
1043
VOID
1044
SYMCRYPT_CALL
1045
SymCryptCpuidExFunc( int cpuInfo[4], int function_id, int subfunction_id );
1046
1047
////////////////////////////////////////////////////////////////////////////
1048
// Export blob formats
1049
////////////////////////////////////////////////////////////////////////
1050
1051
//==========================================================
1052
// BLOBS
1053
//
1054
// SYMCRYPT_BLOB_HEADER
1055
// Generic header for all exported blobs from SymCrypt
1056
//
1057
1058
typedef enum _SYMCRYPT_BLOB_TYPE {
1059
    SymCryptBlobTypeUnknown     = 0,
1060
    SymCryptBlobTypeHashState   = 0x100,
1061
    SymCryptBlobTypeMd2State    = SymCryptBlobTypeHashState + 1,       // explicit constants as these have to remain the same forever.
1062
    SymCryptBlobTypeMd4State    = SymCryptBlobTypeHashState + 2,
1063
    SymCryptBlobTypeMd5State    = SymCryptBlobTypeHashState + 3,
1064
    SymCryptBlobTypeSha1State   = SymCryptBlobTypeHashState + 4,
1065
    SymCryptBlobTypeSha256State = SymCryptBlobTypeHashState + 5,
1066
    SymCryptBlobTypeSha384State = SymCryptBlobTypeHashState + 6,
1067
    SymCryptBlobTypeSha512State = SymCryptBlobTypeHashState + 7,
1068
    SymCryptBlobTypeSha3_256State = SymCryptBlobTypeHashState + 8,
1069
    SymCryptBlobTypeSha3_384State = SymCryptBlobTypeHashState + 9,
1070
    SymCryptBlobTypeSha3_512State = SymCryptBlobTypeHashState + 10,
1071
} SYMCRYPT_BLOB_TYPE;
1072
1073
0
#define SYMCRYPT_BLOB_MAGIC ('cmys')
1074
1075
//
1076
// We define all export structures with pack=1 so that there are no padding bytes.
1077
//
1078
#pragma pack(push, 1)
1079
1080
typedef struct _SYMCRYPT_BLOB_HEADER {
1081
    UINT32              magic;              // 'cmys'
1082
    UINT32              size;               // total size of blob
1083
    UINT32              type;               // SYMCRYPT_BLOB_TYPE: type of blob
1084
} SYMCRYPT_BLOB_HEADER, *PSYMCRYPT_BLOB_HEADER;
1085
1086
typedef struct _SYMCRYPT_BLOB_TRAILER {
1087
    BYTE                checksum[8];        // contains the Marvin32 checksum of the rest of the blob
1088
} SYMCRYPT_BLOB_TRAILER, *PSYMCRYPT_BLOB_TRAILER;
1089
1090
typedef struct _SYMCRYPT_MD2_STATE_EXPORT_BLOB {
1091
    SYMCRYPT_BLOB_HEADER    header;
1092
    BYTE                    C[16];
1093
    BYTE                    X[16];
1094
    UINT32                  bytesInBuffer;
1095
    BYTE                    buffer[16];
1096
    BYTE                    rfu[8];             // rfu = Reserved for Future Use.
1097
    SYMCRYPT_BLOB_TRAILER   trailer;
1098
} SYMCRYPT_MD2_STATE_EXPORT_BLOB;
1099
1100
C_ASSERT( sizeof( SYMCRYPT_MD2_STATE_EXPORT_BLOB ) == SYMCRYPT_MD2_STATE_EXPORT_SIZE );
1101
1102
1103
typedef struct _SYMCRYPT_MD4_STATE_EXPORT_BLOB {
1104
    SYMCRYPT_BLOB_HEADER    header;
1105
    BYTE                    chain[16];          // In the same format used for the final hash value of MD4
1106
    UINT64                  dataLength;
1107
    BYTE                    buffer[64];
1108
    BYTE                    rfu[8];             // rfu = Reserved for Future Use.
1109
    SYMCRYPT_BLOB_TRAILER   trailer;
1110
} SYMCRYPT_MD4_STATE_EXPORT_BLOB;
1111
1112
C_ASSERT( sizeof( SYMCRYPT_MD4_STATE_EXPORT_BLOB ) == SYMCRYPT_MD4_STATE_EXPORT_SIZE );
1113
1114
1115
typedef struct _SYMCRYPT_MD5_STATE_EXPORT_BLOB {
1116
    SYMCRYPT_BLOB_HEADER    header;
1117
    BYTE                    chain[16];          // In the same format used for the final hash value of MD5
1118
    UINT64                  dataLength;
1119
    BYTE                    buffer[64];
1120
    BYTE                    rfu[8];             // rfu = Reserved for Future Use.
1121
    SYMCRYPT_BLOB_TRAILER   trailer;
1122
} SYMCRYPT_MD5_STATE_EXPORT_BLOB;
1123
1124
C_ASSERT( sizeof( SYMCRYPT_MD5_STATE_EXPORT_BLOB ) == SYMCRYPT_MD5_STATE_EXPORT_SIZE );
1125
1126
1127
typedef struct _SYMCRYPT_SHA1_STATE_EXPORT_BLOB {
1128
    SYMCRYPT_BLOB_HEADER    header;
1129
    BYTE                    chain[20];          // in the same format used for the final hash value of SHA-1
1130
    UINT64                  dataLength;
1131
    BYTE                    buffer[64];
1132
    BYTE                    rfu[8];             // rfu = Reserved for Future Use.
1133
    SYMCRYPT_BLOB_TRAILER   trailer;
1134
} SYMCRYPT_SHA1_STATE_EXPORT_BLOB;
1135
1136
C_ASSERT( sizeof( SYMCRYPT_SHA1_STATE_EXPORT_BLOB ) == SYMCRYPT_SHA1_STATE_EXPORT_SIZE );
1137
1138
1139
typedef struct _SYMCRYPT_SHA256_STATE_EXPORT_BLOB {
1140
    SYMCRYPT_BLOB_HEADER    header;
1141
    BYTE                    chain[32];          // in the same format used for the final hash value of SHA-256
1142
    UINT64                  dataLength;
1143
    BYTE                    buffer[64];
1144
    BYTE                    rfu[8];             // rfu = Reserved for Future Use.
1145
    SYMCRYPT_BLOB_TRAILER   trailer;
1146
} SYMCRYPT_SHA256_STATE_EXPORT_BLOB;
1147
1148
C_ASSERT( sizeof( SYMCRYPT_SHA256_STATE_EXPORT_BLOB ) == SYMCRYPT_SHA256_STATE_EXPORT_SIZE );
1149
1150
1151
typedef struct _SYMCRYPT_SHA512_STATE_EXPORT_BLOB {
1152
    SYMCRYPT_BLOB_HEADER    header;
1153
    BYTE                    chain[64];          // in the same format used for the final hash value of SHA-512
1154
    UINT64                  dataLengthL;        // low 64 bits of data length
1155
    UINT64                  dataLengthH;        // high 64 bits of data length
1156
    BYTE                    buffer[128];
1157
    BYTE                    rfu[8];             // rfu = Reserved for Future Use.
1158
    SYMCRYPT_BLOB_TRAILER   trailer;
1159
} SYMCRYPT_SHA512_STATE_EXPORT_BLOB;
1160
1161
C_ASSERT( sizeof( SYMCRYPT_SHA512_STATE_EXPORT_BLOB ) == SYMCRYPT_SHA512_STATE_EXPORT_SIZE );
1162
1163
// Refer to SYMCRYPT_KECCAK_STATE documentation for the explanation of each struct member
1164
typedef struct _SYMCRYPT_KECCAK_STATE_EXPORT_BLOB {
1165
    SYMCRYPT_BLOB_HEADER    header;
1166
    BYTE                    state[200];
1167
    UINT32                  stateIndex;
1168
    UINT8                   paddingValue;
1169
    BOOLEAN                 squeezeMode;
1170
    BYTE                    rfu[8];             // rfu = Reserved for Future Use.
1171
    SYMCRYPT_BLOB_TRAILER   trailer;
1172
} SYMCRYPT_KECCAK_STATE_EXPORT_BLOB;
1173
1174
typedef SYMCRYPT_KECCAK_STATE_EXPORT_BLOB SYMCRYPT_SHA3_256_STATE_EXPORT_BLOB;
1175
typedef SYMCRYPT_KECCAK_STATE_EXPORT_BLOB SYMCRYPT_SHA3_384_STATE_EXPORT_BLOB;
1176
typedef SYMCRYPT_KECCAK_STATE_EXPORT_BLOB SYMCRYPT_SHA3_512_STATE_EXPORT_BLOB;
1177
1178
C_ASSERT(sizeof(SYMCRYPT_SHA3_256_STATE_EXPORT_BLOB) == SYMCRYPT_SHA3_256_STATE_EXPORT_SIZE);
1179
C_ASSERT(sizeof(SYMCRYPT_SHA3_384_STATE_EXPORT_BLOB) == SYMCRYPT_SHA3_384_STATE_EXPORT_SIZE);
1180
C_ASSERT(sizeof(SYMCRYPT_SHA3_512_STATE_EXPORT_BLOB) == SYMCRYPT_SHA3_512_STATE_EXPORT_SIZE);
1181
1182
#pragma pack(pop)
1183
1184
/////////////////////////////////////////////
1185
// AES internal functions
1186
1187
extern const SYMCRYPT_BLOCKCIPHER SymCryptAesBlockCipherNoOpt;
1188
1189
VOID
1190
SYMCRYPT_CALL
1191
SymCryptAes4Sbox(
1192
    _In_reads_(4)   PCBYTE  pIn,
1193
    _Out_writes_(4) PBYTE   pOut,
1194
                    BOOL    UseSimd );
1195
1196
VOID
1197
SYMCRYPT_CALL
1198
SymCryptAes4SboxC(
1199
    _In_reads_(4)   PCBYTE  pIn,
1200
    _Out_writes_(4) PBYTE   pOut );
1201
1202
VOID
1203
SYMCRYPT_CALL
1204
SymCryptAes4SboxXmm(
1205
    _In_reads_(4)   PCBYTE  pIn,
1206
    _Out_writes_(4) PBYTE   pOut );
1207
1208
VOID
1209
SYMCRYPT_CALL
1210
SymCryptAes4SboxNeon(
1211
    _In_reads_(4)   PCBYTE  pIn,
1212
    _Out_writes_(4) PBYTE   pOut );
1213
1214
VOID
1215
SYMCRYPT_CALL
1216
SymCryptAesCreateDecryptionRoundKey(
1217
    _In_reads_(16)      PCBYTE  pEncryptionRoundKey,
1218
    _Out_writes_(16)    PBYTE   pDecryptionRoundKey,
1219
                        BOOL    UseSimd );
1220
1221
VOID
1222
SYMCRYPT_CALL
1223
SymCryptAesCreateDecryptionRoundKeyC(
1224
    _In_reads_(16)     PCBYTE  pEncryptionRoundKey,
1225
    _Out_writes_(16)    PBYTE   pDecryptionRoundKey );
1226
1227
VOID
1228
SYMCRYPT_CALL
1229
SymCryptAesCreateDecryptionRoundKeyXmm(
1230
    _In_reads_(16)     PCBYTE  pEncryptionRoundKey,
1231
    _Out_writes_(16)    PBYTE   pDecryptionRoundKey );
1232
1233
VOID
1234
SYMCRYPT_CALL
1235
SymCryptAesCreateDecryptionRoundKeyNeon(
1236
    _In_reads_(16)     PCBYTE  pEncryptionRoundKey,
1237
    _Out_writes_(16)    PBYTE   pDecryptionRoundKey );
1238
1239
VOID
1240
SYMCRYPT_CALL
1241
SymCryptAesEncryptC(
1242
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1243
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1244
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1245
1246
VOID
1247
SYMCRYPT_CALL
1248
SymCryptAesEncryptAsm(
1249
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1250
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1251
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1252
1253
VOID
1254
SYMCRYPT_CALL
1255
SymCryptAesEncryptXmm(
1256
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1257
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1258
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1259
1260
VOID
1261
SYMCRYPT_CALL
1262
SymCryptAesEncryptNeon(
1263
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1264
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1265
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1266
1267
VOID
1268
SYMCRYPT_CALL
1269
SymCryptAesDecryptC(
1270
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1271
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1272
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1273
1274
VOID
1275
SYMCRYPT_CALL
1276
SymCryptAesDecryptAsm(
1277
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1278
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1279
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1280
1281
VOID
1282
SYMCRYPT_CALL
1283
SymCryptAesDecryptXmm(
1284
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1285
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1286
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1287
1288
VOID
1289
SYMCRYPT_CALL
1290
SymCryptAesDecryptNeon(
1291
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1292
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PCBYTE                      pbSrc,
1293
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE ) PBYTE                       pbDst );
1294
1295
VOID
1296
SYMCRYPT_CALL
1297
SymCryptAesEcbEncryptC(
1298
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1299
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1300
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1301
                                                SIZE_T                      cbData );
1302
VOID
1303
SYMCRYPT_CALL
1304
SymCryptAesEcbEncryptAsm(
1305
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1306
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1307
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1308
                                                SIZE_T                      cbData );
1309
VOID
1310
SYMCRYPT_CALL
1311
SymCryptAesEcbEncryptXmm(
1312
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1313
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1314
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1315
                                                SIZE_T                      cbData );
1316
1317
VOID
1318
SYMCRYPT_CALL
1319
SymCryptAesEcbEncryptNeon(
1320
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1321
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1322
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1323
                                                SIZE_T                      cbData );
1324
1325
VOID
1326
SYMCRYPT_CALL
1327
SymCryptAesEcbDecryptC(
1328
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1329
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1330
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1331
                                                SIZE_T                      cbData );
1332
1333
VOID
1334
SYMCRYPT_CALL
1335
SymCryptAesCbcEncryptAsm(
1336
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1337
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1338
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1339
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1340
                                                SIZE_T                      cbData );
1341
VOID
1342
SYMCRYPT_CALL
1343
SymCryptAesCbcEncryptXmm(
1344
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1345
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1346
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1347
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1348
                                                SIZE_T                      cbData );
1349
1350
VOID
1351
SYMCRYPT_CALL
1352
SymCryptAesCbcEncryptNeon(
1353
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1354
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1355
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1356
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1357
                                                SIZE_T                      cbData );
1358
1359
VOID
1360
SYMCRYPT_CALL
1361
SymCryptAesCbcDecryptAsm(
1362
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1363
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1364
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1365
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1366
                                                SIZE_T                      cbData );
1367
1368
VOID
1369
SYMCRYPT_CALL
1370
SymCryptAesCbcDecryptXmm(
1371
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1372
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1373
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1374
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1375
                                                SIZE_T                      cbData );
1376
1377
VOID
1378
SYMCRYPT_CALL
1379
SymCryptAesCbcDecryptNeon(
1380
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1381
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1382
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1383
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1384
                                                SIZE_T                      cbData );
1385
1386
VOID
1387
SYMCRYPT_CALL
1388
SymCryptAesCbcMacXmm(
1389
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1390
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1391
    _In_reads_( cbData )                        PCBYTE                      pbData,
1392
                                                SIZE_T                      cbData );
1393
1394
VOID
1395
SYMCRYPT_CALL
1396
SymCryptAesCbcMacNeon(
1397
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1398
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1399
    _In_reads_( cbData )                        PCBYTE                      pbData,
1400
                                                SIZE_T                      cbData );
1401
1402
VOID
1403
SYMCRYPT_CALL
1404
SymCryptAesCtrMsb64Asm(
1405
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1406
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1407
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1408
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1409
                                                SIZE_T                      cbData );
1410
1411
VOID
1412
SYMCRYPT_CALL
1413
SymCryptAesCtrMsb64Xmm(
1414
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1415
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1416
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1417
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1418
                                                SIZE_T                      cbData );
1419
1420
VOID
1421
SYMCRYPT_CALL
1422
SymCryptAesCtrMsb64Neon(
1423
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1424
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1425
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1426
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1427
                                                SIZE_T                      cbData );
1428
1429
VOID
1430
SYMCRYPT_CALL
1431
SymCryptAesCtrMsb32Xmm(
1432
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1433
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1434
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1435
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1436
                                                SIZE_T                      cbData );
1437
1438
VOID
1439
SYMCRYPT_CALL
1440
SymCryptAesCtrMsb32Neon(
1441
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1442
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1443
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1444
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1445
                                                SIZE_T                      cbData );
1446
1447
VOID
1448
SYMCRYPT_CALL
1449
SymCryptXtsAesEncryptDataUnitC(
1450
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1451
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1452
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1453
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1454
                                                SIZE_T                      cbData );
1455
1456
VOID
1457
SYMCRYPT_CALL
1458
SymCryptXtsAesDecryptDataUnitC(
1459
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1460
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1461
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1462
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1463
                                                SIZE_T                      cbData );
1464
1465
VOID
1466
SYMCRYPT_CALL
1467
SymCryptXtsAesEncryptDataUnitAsm(
1468
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1469
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1470
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1471
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1472
                                                SIZE_T                      cbData );
1473
1474
VOID
1475
SYMCRYPT_CALL
1476
SymCryptXtsAesDecryptDataUnitAsm(
1477
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1478
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1479
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1480
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1481
                                                SIZE_T                      cbData );
1482
1483
// pbScratch must currently be 16B aligned
1484
VOID
1485
SYMCRYPT_CALL
1486
SymCryptXtsAesEncryptDataUnitXmm(
1487
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1488
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )       PBYTE                       pbTweakBlock,
1489
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE*16 )  PBYTE                       pbScratch,
1490
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1491
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1492
                                                SIZE_T                      cbData );
1493
1494
// pbScratch must currently be 16B aligned
1495
VOID
1496
SYMCRYPT_CALL
1497
SymCryptXtsAesDecryptDataUnitXmm(
1498
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1499
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )       PBYTE                       pbTweakBlock,
1500
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE*16 )  PBYTE                       pbScratch,
1501
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1502
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1503
                                                SIZE_T                      cbData );
1504
1505
VOID
1506
SYMCRYPT_CALL
1507
SymCryptXtsAesEncryptDataUnitZmm_2048(
1508
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1509
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1510
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE*16 )  PBYTE                       pbScratch,
1511
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1512
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1513
                                                SIZE_T                      cbData );
1514
1515
VOID
1516
SYMCRYPT_CALL
1517
SymCryptXtsAesDecryptDataUnitZmm_2048(
1518
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1519
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1520
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE*16 )  PBYTE                       pbScratch,
1521
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1522
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1523
                                                SIZE_T                      cbData );
1524
1525
VOID
1526
SYMCRYPT_CALL
1527
SymCryptXtsAesEncryptDataUnitYmm_2048(
1528
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1529
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1530
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE*16 )  PBYTE                       pbScratch,
1531
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1532
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1533
                                                SIZE_T                      cbData );
1534
1535
VOID
1536
SYMCRYPT_CALL
1537
SymCryptXtsAesDecryptDataUnitYmm_2048(
1538
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1539
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1540
    _Out_writes_( SYMCRYPT_AES_BLOCK_SIZE*16 )  PBYTE                       pbScratch,
1541
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1542
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1543
                                                SIZE_T                      cbData );
1544
1545
VOID
1546
SYMCRYPT_CALL
1547
SymCryptXtsAesEncryptDataUnitNeon(
1548
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1549
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1550
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1551
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1552
                                                SIZE_T                      cbData );
1553
1554
VOID
1555
SYMCRYPT_CALL
1556
SymCryptXtsAesDecryptDataUnitNeon(
1557
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1558
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbTweakBlock,
1559
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1560
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1561
                                                SIZE_T                      cbData );
1562
1563
VOID
1564
SYMCRYPT_CALL
1565
SymCryptXtsEncryptDataUnit(
1566
    _In_                                        PCSYMCRYPT_BLOCKCIPHER      pBlockCipher,
1567
    _In_                                        PCVOID                      pExpandedKey,
1568
    _Inout_updates_( pBlockCipher->blockSize )  PBYTE                       pbTweakBlock,
1569
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1570
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1571
                                                SIZE_T                      cbData );
1572
1573
VOID
1574
SYMCRYPT_CALL
1575
SymCryptXtsDecryptDataUnit(
1576
    _In_                                        PCSYMCRYPT_BLOCKCIPHER      pBlockCipher,
1577
    _In_                                        PCVOID                      pExpandedKey,
1578
    _Inout_updates_( pBlockCipher->blockSize )  PBYTE                       pbTweakBlock,
1579
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1580
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1581
                                                SIZE_T                      cbData );
1582
1583
VOID
1584
SYMCRYPT_CALL
1585
SymCryptAesGcmEncryptStitchedXmm(
1586
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1587
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PBYTE                       pbChainingValue,
1588
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
1589
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
1590
    _In_reads_( cbData )                    PCBYTE                      pbSrc,
1591
    _Out_writes_( cbData )                  PBYTE                       pbDst,
1592
                                            SIZE_T                      cbData );
1593
1594
VOID
1595
SYMCRYPT_CALL
1596
SymCryptAesGcmDecryptStitchedXmm(
1597
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1598
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PBYTE                       pbChainingValue,
1599
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
1600
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
1601
    _In_reads_( cbData )                    PCBYTE                      pbSrc,
1602
    _Out_writes_( cbData )                  PBYTE                       pbDst,
1603
                                            SIZE_T                      cbData );
1604
1605
0
#define GCM_YMM_MINBLOCKS 16
1606
1607
// Caller must check cbData >= GCM_YMM_MINBLOCKS * SYMCRYPT_GCM_BLOCK_SIZE
1608
VOID
1609
SYMCRYPT_CALL
1610
SymCryptAesGcmEncryptStitchedYmm_2048(
1611
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1612
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PBYTE                       pbChainingValue,
1613
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
1614
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
1615
    _In_reads_( cbData )                    PCBYTE                      pbSrc,
1616
    _Out_writes_( cbData )                  PBYTE                       pbDst,
1617
                                            SIZE_T                      cbData );
1618
1619
// Caller must check cbData >= GCM_YMM_MINBLOCKS * SYMCRYPT_GCM_BLOCK_SIZE
1620
VOID
1621
SYMCRYPT_CALL
1622
SymCryptAesGcmDecryptStitchedYmm_2048(
1623
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1624
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PBYTE                       pbChainingValue,
1625
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
1626
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
1627
    _In_reads_( cbData )                    PCBYTE                      pbSrc,
1628
    _Out_writes_( cbData )                  PBYTE                       pbDst,
1629
                                            SIZE_T                      cbData );
1630
1631
VOID
1632
SYMCRYPT_CALL
1633
SymCryptAesGcmEncryptStitchedNeon(
1634
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1635
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PBYTE                       pbChainingValue,
1636
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
1637
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
1638
    _In_reads_( cbData )                    PCBYTE                      pbSrc,
1639
    _Out_writes_( cbData )                  PBYTE                       pbDst,
1640
                                            SIZE_T                      cbData );
1641
1642
VOID
1643
SYMCRYPT_CALL
1644
SymCryptAesGcmDecryptStitchedNeon(
1645
    _In_                                    PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1646
    _In_reads_( SYMCRYPT_AES_BLOCK_SIZE )   PBYTE                       pbChainingValue,
1647
    _In_reads_( SYMCRYPT_GF128_FIELD_SIZE ) PCSYMCRYPT_GF128_ELEMENT    expandedKeyTable,
1648
    _Inout_                                 PSYMCRYPT_GF128_ELEMENT     pState,
1649
    _In_reads_( cbData )                    PCBYTE                      pbSrc,
1650
    _Out_writes_( cbData )                  PBYTE                       pbDst,
1651
                                            SIZE_T                      cbData );
1652
1653
VOID
1654
SYMCRYPT_CALL
1655
SymCryptAesGcmEncryptPart(
1656
    _Inout_                 PSYMCRYPT_GCM_STATE pState,
1657
    _In_reads_( cbData )    PCBYTE              pbSrc,
1658
    _Out_writes_( cbData )  PBYTE               pbDst,
1659
                            SIZE_T              cbData );
1660
1661
VOID
1662
SYMCRYPT_CALL
1663
SymCryptAesGcmDecryptPart(
1664
    _Inout_                 PSYMCRYPT_GCM_STATE pState,
1665
    _In_reads_( cbData )    PCBYTE              pbSrc,
1666
    _Out_writes_( cbData )  PBYTE               pbDst,
1667
                            SIZE_T              cbData );
1668
1669
VOID
1670
SYMCRYPT_CALL
1671
SymCryptGcmEncryptPartTwoPass(
1672
    _Inout_                 PSYMCRYPT_GCM_STATE pState,
1673
    _In_reads_( cbData )    PCBYTE              pbSrc,
1674
    _Out_writes_( cbData )  PBYTE               pbDst,
1675
                            SIZE_T              cbData );
1676
1677
VOID
1678
SYMCRYPT_CALL
1679
SymCryptGcmDecryptPartTwoPass(
1680
    _Inout_                 PSYMCRYPT_GCM_STATE pState,
1681
    _In_reads_( cbData )    PCBYTE              pbSrc,
1682
    _Out_writes_( cbData )  PBYTE               pbDst,
1683
                            SIZE_T              cbData );
1684
1685
VOID
1686
SYMCRYPT_CALL
1687
SymCryptCtrMsb32(
1688
    _In_                        PCSYMCRYPT_BLOCKCIPHER  pBlockCipher,
1689
    _In_                        PCVOID                  pExpandedKey,
1690
    _Inout_updates_( pBlockCipher->blockSize )
1691
                                PBYTE                   pbChainingValue,
1692
    _In_reads_( cbData )        PCBYTE                  pbSrc,
1693
    _Out_writes_( cbData )      PBYTE                   pbDst,
1694
                                SIZE_T                  cbData );
1695
//
1696
// SymCryptCtrMsb32 implements the CTR cipher mode with a 32-bit increment function.
1697
// It is not intended to be used as-is, rather it is a building block for modes like GCM.
1698
// See the description of SymCryptCtrMsb64 in symcrypt.h for more details.
1699
//
1700
// For now, this function is only intended for use with GCM, which specifies the use a
1701
// 32-bit increment function. It's only used in cases where we can't use one of the optimized
1702
// implementations (i.e. on ARM32 or x86[-64] without AESNI). Therefore, unlike the 64-bit version,
1703
// there are no optimized implementations of the CTR function to call. If we ever need this
1704
// functionality for other block cipher modes, this function will need to be updated and we'll
1705
// need to add an additional pointer to SYMCRYPT_BLOCKCIPHER for the optimized CTR function.
1706
1707
VOID
1708
SYMCRYPT_CALL
1709
SymCryptAesCtrMsb32(
1710
    _In_                                        PCSYMCRYPT_AES_EXPANDED_KEY pExpandedKey,
1711
    _Inout_updates_( SYMCRYPT_AES_BLOCK_SIZE )  PBYTE                       pbChainingValue,
1712
    _In_reads_( cbData )                        PCBYTE                      pbSrc,
1713
    _Out_writes_( cbData )                      PBYTE                       pbDst,
1714
                                                SIZE_T                      cbData );
1715
1716
// SymCryptAesCtrMsb32 is a dispatch function for the optimized AES CTR implementations that use
1717
//a 32-bit counter function (currently only relevant to GCM).
1718
1719
SYMCRYPT_ERROR
1720
SYMCRYPT_CALL
1721
SymCryptParallelHashProcess_serial(
1722
    _In_                                                            PCSYMCRYPT_PARALLEL_HASH            pParHash,
1723
    _Inout_updates_bytes_( nStates * pParHash->pHash->stateSize )   PVOID                               pStates,
1724
                                                                    SIZE_T                              nStates,
1725
    _Inout_updates_( nOperations )                                  PSYMCRYPT_PARALLEL_HASH_OPERATION   pOperations,
1726
                                                                    SIZE_T                              nOperations,
1727
    _Out_writes_( cbScratch )                                       PBYTE                               pbScratch,
1728
                                                                    SIZE_T                              cbScratch );
1729
1730
SYMCRYPT_ERROR
1731
SYMCRYPT_CALL
1732
SymCryptParallelHashProcess(
1733
    _In_                                                            PCSYMCRYPT_PARALLEL_HASH            pParHash,
1734
    _Inout_updates_bytes_( nStates * pParHash->pHash->stateSize )   PVOID                               pStates,
1735
                                                                    SIZE_T                              nStates,
1736
    _Inout_updates_( nOperations )                                  PSYMCRYPT_PARALLEL_HASH_OPERATION   pOperations,
1737
                                                                    SIZE_T                              nOperations,
1738
    _Out_writes_( cbScratch )                                       PBYTE                               pbScratch,
1739
                                                                    SIZE_T                              cbScratch,
1740
                                                                    UINT32                              maxParallel );
1741
1742
VOID
1743
SYMCRYPT_CALL
1744
SymCryptHashAppendInternal(
1745
    _In_                        PCSYMCRYPT_HASH             pHash,
1746
    _Inout_                     PSYMCRYPT_COMMON_HASH_STATE pState,
1747
    _In_reads_bytes_( cbData )  PCBYTE                      pbData,
1748
                                SIZE_T                      cbData );
1749
1750
VOID
1751
SYMCRYPT_CALL
1752
SymCryptHashCommonPaddingMd4Style(
1753
    _In_                        PCSYMCRYPT_HASH             pHash,
1754
    _Inout_                     PSYMCRYPT_COMMON_HASH_STATE pState );
1755
1756
1757
extern const PCSYMCRYPT_PARALLEL_HASH SymCryptParallelSha256Algorithm;
1758
extern const PCSYMCRYPT_PARALLEL_HASH SymCryptParallelSha384Algorithm;
1759
extern const PCSYMCRYPT_PARALLEL_HASH SymCryptParallelSha512Algorithm;
1760
1761
#define PAR_SCRATCH_ELEMENTS_256    (4+8+64)    // # scratch elements our parallel SHA256 implementations need
1762
#define PAR_SCRATCH_ELEMENTS_512    (4+8+80)    // # scratch elements our parallel SHA512 implementations need
1763
1764
// pScratch must be 32B aligned, as it is used as an array of __m256i
1765
VOID
1766
SYMCRYPT_CALL
1767
SymCryptParallelSha256AppendBlocks_ymm(
1768
    _Inout_updates_( 8 )                                PSYMCRYPT_SHA256_CHAINING_STATE   * pChain,
1769
    _Inout_updates_( 8 )                                PCBYTE                            * ppByte,
1770
                                                        SIZE_T                              nBytes,
1771
    _Out_writes_( PAR_SCRATCH_ELEMENTS_256 * 32 )       PBYTE                               pScratch );
1772
1773
// pScratch must be 32B aligned, as it is used as an array of __m256i
1774
VOID
1775
SYMCRYPT_CALL
1776
SymCryptParallelSha512AppendBlocks_ymm(
1777
    _Inout_updates_( 4 )                                PSYMCRYPT_SHA512_CHAINING_STATE   * pChain,
1778
    _Inout_updates_( 4 )                                PCBYTE                            * ppByte,
1779
                                                        SIZE_T                              nBytes,
1780
    _Out_writes_( PAR_SCRATCH_ELEMENTS_512 * 32 )       PBYTE                               pScratch );
1781
1782
extern const SYMCRYPT_HASH SymCryptSha256Algorithm_default;
1783
extern const SYMCRYPT_HASH SymCryptSha384Algorithm_default;
1784
extern const SYMCRYPT_HASH SymCryptSha512Algorithm_default;
1785
extern const SYMCRYPT_HASH SymCryptSha3_256Algorithm_default;
1786
extern const SYMCRYPT_HASH SymCryptSha3_384Algorithm_default;
1787
extern const SYMCRYPT_HASH SymCryptSha3_512Algorithm_default;
1788
1789
1790
1791
// Paddings used by various SHA-3 derived algorithms
1792
263
#define SYMCRYPT_SHA3_PADDING_VALUE     0x06    // 01 10* padding
1793
0
#define SYMCRYPT_SHAKE_PADDING_VALUE    0x1f    // 11 11 10* padding
1794
0
#define SYMCRYPT_CSHAKE_PADDING_VALUE   0x04    // 00 10* padding (used when N or S are non-empty strings)
1795
1796
//
1797
// Functions operating on the Keccak state
1798
//
1799
1800
VOID
1801
SYMCRYPT_CALL
1802
SymCryptKeccakPermute(_Inout_updates_(25) UINT64* pState);
1803
// Keccak-f[1600] permutation
1804
1805
VOID
1806
SYMCRYPT_CALL
1807
SymCryptKeccakInit(_Out_ PSYMCRYPT_KECCAK_STATE pState, UINT32 inputBlockSize, UINT8 padding);
1808
1809
VOID
1810
SYMCRYPT_CALL
1811
SymCryptKeccakReset(_Out_ PSYMCRYPT_KECCAK_STATE pState);
1812
1813
VOID
1814
SYMCRYPT_CALL
1815
SymCryptKeccakZeroAppendBlock(_Inout_ PSYMCRYPT_KECCAK_STATE pState);
1816
// Zero pads the current block by invoking the permutation and setting
1817
// pState->stateIndex to 0.
1818
1819
VOID
1820
SYMCRYPT_CALL
1821
SymCryptKeccakAppend(
1822
    _Inout_                 PSYMCRYPT_KECCAK_STATE  pState,
1823
    _In_reads_(cbData)      PCBYTE                  pbData,
1824
                            SIZE_T                  cbData);
1825
// Generic append function.
1826
1827
VOID
1828
SYMCRYPT_CALL
1829
SymCryptKeccakExtract(
1830
    _Inout_                 PSYMCRYPT_KECCAK_STATE  pState,
1831
    _Out_writes_(cbResult)  PBYTE                   pbResult,
1832
                            SIZE_T                  cbResult,
1833
                            BOOLEAN                 bWipe);
1834
// Generic extract function, no restriction on cbResult.
1835
// bWipe denotes whether to wipe the Keccak state and initialize it
1836
// for a new computation.
1837
1838
VOID
1839
SYMCRYPT_CALL
1840
SymCryptKeccakStateExport(
1841
                                                            SYMCRYPT_BLOB_TYPE      type,
1842
    _In_                                                    PCSYMCRYPT_KECCAK_STATE pState,
1843
    _Out_writes_bytes_(SYMCRYPT_KECCAK_STATE_EXPORT_SIZE)   PBYTE                   pbBlob);
1844
1845
SYMCRYPT_ERROR
1846
SYMCRYPT_CALL
1847
SymCryptKeccakStateImport(
1848
                                                        SYMCRYPT_BLOB_TYPE      type,
1849
    _Out_                                               PSYMCRYPT_KECCAK_STATE  pState,
1850
    _In_reads_bytes_(SYMCRYPT_KECCAK_STATE_EXPORT_SIZE) PCBYTE                  pbBlob);
1851
1852
VOID
1853
SYMCRYPT_CALL
1854
SymCryptKeccakAppendEncodeTimes8(
1855
    _Inout_ SYMCRYPT_KECCAK_STATE *pState,
1856
            UINT64  uValue,
1857
            BOOLEAN bLeftEncode);
1858
// Appends the left-encoding of uValue * 8 to the state
1859
1860
VOID
1861
SYMCRYPT_CALL
1862
SymCryptKeccakAppendEncodedString(
1863
    _Inout_                 PSYMCRYPT_KECCAK_STATE  pState,
1864
    _In_reads_(cbString)    PCBYTE                  pbString,
1865
                            SIZE_T                  cbString);
1866
// Appends 'left_encode(cbString * 8) || pbString' to the state
1867
1868
VOID
1869
SYMCRYPT_CALL
1870
SymCryptCShakeEncodeInputStrings(
1871
    _Inout_                             PSYMCRYPT_KECCAK_STATE  pState,
1872
    _In_reads_( cbFunctionNameString )  PCBYTE                  pbFunctionNameString,
1873
                                        SIZE_T                  cbFunctionNameString,
1874
    _In_reads_( cbCustomizationString ) PCBYTE                  pbCustomizationString,
1875
                                        SIZE_T                  cbCustomizationString);
1876
// Process CShake input strings
1877
// Appends byte_pad( encode_string( pbFunctionNameString ) || encode_string( pbCustomizationString ), pState->inputBlockSize )
1878
1879
1880
1881
VOID
1882
SYMCRYPT_CALL
1883
SymCryptFatalIntercept( UINT32 fatalCode );
1884
1885
extern const BYTE SymCryptSha256KATAnswer[32];
1886
extern const BYTE SymCryptSha384KATAnswer[48];
1887
extern const BYTE SymCryptSha512KATAnswer[64];
1888
1889
//
1890
// Arithmetic
1891
//
1892
1893
5.53M
#define SYMCRYPT_ASSERT_ASYM_ALIGNED( _p )           SYMCRYPT_ASSERT( ((ULONG_PTR)(_p) & (SYMCRYPT_ASYM_ALIGN_VALUE - 1)) == 0 );
1894
1895
1896
27.4M
#define SYMCRYPT_FDEF_DIGIT_NUINT32             ((UINT32)(SYMCRYPT_FDEF_DIGIT_SIZE / sizeof( UINT32 ) ))
1897
1898
603
#define SYMCRYPT_OBJ_NDIGITS( _p )              ((_p)->nDigits)
1899
185k
#define SYMCRYPT_OBJ_NBYTES( _p )               ((_p)->nDigits * SYMCRYPT_FDEF_DIGIT_SIZE)
1900
14.9k
#define SYMCRYPT_OBJ_NUINT32( _p )              ((_p)->nDigits * SYMCRYPT_FDEF_DIGIT_SIZE / sizeof( UINT32 ))
1901
1902
#if SYMCRYPT_MS_VC
1903
#define SYMCRYPT_MUL32x32TO64( _a, _b )         UInt32x32To64( (_a), (_b) )
1904
#elif SYMCRYPT_GNUC
1905
2.74M
#define SYMCRYPT_MUL32x32TO64( _a, _b )         ( (UINT64)(_a)*(UINT64)(_b) )
1906
#else
1907
    #error Unknown compiler
1908
#endif
1909
typedef VOID (SYMCRYPT_CALL * SYMCRYPT_MOD_BINARY_OP_FN)(
1910
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
1911
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
1912
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
1913
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
1914
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
1915
                                    SIZE_T                  cbScratch );
1916
1917
typedef VOID (SYMCRYPT_CALL * SYMCRYPT_MOD_UNARY_OP_FN)(
1918
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
1919
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc,
1920
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
1921
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
1922
                                    SIZE_T                  cbScratch );
1923
1924
typedef SYMCRYPT_ERROR (SYMCRYPT_CALL * SYMCRYPT_MOD_UNARY_OP_FLAG_STATUS_FN)(
1925
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
1926
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc,
1927
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
1928
                                    UINT32                  flags,
1929
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
1930
                                    SIZE_T                  cbScratch );
1931
1932
typedef VOID (SYMCRYPT_CALL * SYMCRYPT_MOD_SET_POST_FN)(
1933
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
1934
    _Inout_                         PSYMCRYPT_MODELEMENT    peObj,
1935
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
1936
                                    SIZE_T                  cbScratch );
1937
1938
typedef PCUINT32 (SYMCRYPT_CALL * SYMCRYPT_MOD_PRE_GET_FN)(
1939
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
1940
    _In_                            PCSYMCRYPT_MODELEMENT   peObj,
1941
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
1942
                                    SIZE_T                  cbScratch );
1943
1944
typedef VOID (SYMCRYPT_CALL * SYMCRYPT_MOD_COPY_FN)(
1945
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
1946
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc,
1947
    _Out_                           PSYMCRYPT_MODELEMENT    peDst );
1948
1949
typedef VOID (SYMCRYPT_CALL * SYMCRYPT_MODULUS_COPYFIXUP_FN)(
1950
    _In_                            PCSYMCRYPT_MODULUS      pmSrc,
1951
    _Out_                           PSYMCRYPT_MODULUS       pmDst );
1952
1953
typedef VOID (SYMCRYPT_CALL * SYMCRYPT_MODULUS_INIT_FN)(
1954
    _Inout_                         PSYMCRYPT_MODULUS       pmObj,
1955
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
1956
                                    SIZE_T                  cbScratch );
1957
1958
//
1959
// In the future we might want to implement a 'prepare divisor' for people who want to do one or more modular divisions.
1960
// In EC projective coordinates you have a value stored as (X,Z) with X/Z being the actual value that needs to be exported.
1961
// In Montgomery format, this is stored as (RX, RZ), and just doing RX * (1/RZ) gets you the value to be exported.
1962
// There seem to be many tricks here to get some more speed; maybe we just need to define export functions for each
1963
// point format and allow the Modulus to contain special optimizations.
1964
//
1965
// The SetPost function is the post-processing function of any SetValue operation. The SetValue operation will store the
1966
// modElement in the normal integer format into the ModElement. The SetPost function post-processes it into the proper
1967
// representation for that modulus.
1968
//
1969
// The PreGet function is the pre-processing function to any GetValue operation. It returns a pointer to the proper value
1970
// stored in standard integer format. This pointer can either be into the ModElement itself, or into the scratch space.
1971
//
1972
1973
typedef struct _SYMCRYPT_MODULAR_FUNCTIONS {
1974
    SYMCRYPT_MOD_BINARY_OP_FN               modAdd;
1975
    SYMCRYPT_MOD_BINARY_OP_FN               modSub;
1976
    SYMCRYPT_MOD_UNARY_OP_FN                modNeg;
1977
    SYMCRYPT_MOD_BINARY_OP_FN               modMul;
1978
    SYMCRYPT_MOD_UNARY_OP_FN                modSquare;
1979
    SYMCRYPT_MOD_UNARY_OP_FLAG_STATUS_FN    modInv;
1980
    SYMCRYPT_MOD_SET_POST_FN                modSetPost;
1981
    SYMCRYPT_MOD_PRE_GET_FN                 modPreGet;
1982
    SYMCRYPT_MODULUS_COPYFIXUP_FN           modulusCopyFixup;   // non-generic fixup after memcpy
1983
    SYMCRYPT_MODULUS_INIT_FN                modulusInit;
1984
    PVOID                                   slack[6];
1985
} SYMCRYPT_MODULAR_FUNCTIONS;
1986
1987
#define SYMCRYPT_MODULAR_FUNCTIONS_SIZE    (sizeof( SYMCRYPT_MODULAR_FUNCTIONS ) )
1988
1989
extern const SYMCRYPT_MODULAR_FUNCTIONS g_SymCryptModFns[];
1990
extern const UINT32 g_SymCryptModFnsMask;
1991
1992
//
1993
// Table entry that contains the information about an implementation.
1994
// Allows generic code to make the decision.
1995
// First entry in the table that is allowed is chosen, last entry always matches everything
1996
//
1997
1998
946
#define SYMCRYPT_MODULUS_FEATURE_MONTGOMERY         1       // Modulus is suitable for Montgomery processing
1999
// #define SYMCRYPT_MODULUS_FEATURE_PSEUDO_MERSENNE    2       // Modulus is suitable for Pseudo-Mersenne processing
2000
// #define SYMCRYPT_MODULUS_FEATURE_NISTP256           4       // Modulus is the NIST P256 curve prime
2001
262
#define SYMCRYPT_MODULUS_FEATURE_NISTP384           8       // Modulus is the NIST P384 curve prime
2002
2003
typedef struct _SYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY
2004
{
2005
    UINT32                  type;               // Type value of this solution
2006
    SYMCRYPT_CPU_FEATURES   cpuFeatures;        // Required CPU features
2007
    UINT32                  maxBits;            // Max # bits that the actual value of the modulus is, 0 = no limit
2008
    UINT32                  modulusFeatures;    // Required features of the modulus
2009
} SYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY, *PSYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY;
2010
typedef const SYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY* PCSYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY;
2011
2012
extern const SYMCRYPT_MODULUS_TYPE_SELECTION_ENTRY SymCryptModulusTypeSelections[];       // Array can be any size...
2013
2014
2015
// Check that the size is a power of 2
2016
C_ASSERT( (SYMCRYPT_MODULAR_FUNCTIONS_SIZE & (SYMCRYPT_MODULAR_FUNCTIONS_SIZE-1)) == 0 );
2017
2018
// The macro that we use to call modular functions
2019
9.61M
#define SYMCRYPT_MOD_CALL(v) ((SYMCRYPT_MODULAR_FUNCTIONS *)(( SYMCRYPT_FORCE_READ32( &(v)->type) & g_SymCryptModFnsMask) + (PBYTE)(&g_SymCryptModFns) ))->
2020
2021
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_GENERIC {\
2022
    &SymCryptFdefModAddGeneric,\
2023
    &SymCryptFdefModSubGeneric,\
2024
    &SymCryptFdefModNegGeneric,\
2025
    &SymCryptFdefModMulGeneric,\
2026
    &SymCryptFdefModSquareGeneric,\
2027
    &SymCryptFdefModInvGeneric,\
2028
    &SymCryptFdefModSetPostGeneric,\
2029
    &SymCryptFdefModPreGetGeneric,\
2030
    &SymCryptFdefModulusCopyFixupGeneric,\
2031
    &SymCryptFdefModulusInitGeneric,\
2032
}
2033
2034
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY {\
2035
    &SymCryptFdefModAddGeneric,\
2036
    &SymCryptFdefModSubGeneric,\
2037
    &SymCryptFdefModNegGeneric,\
2038
    &SymCryptFdefModMulMontgomery,\
2039
    &SymCryptFdefModSquareMontgomery,\
2040
    &SymCryptFdefModInvMontgomery,\
2041
    &SymCryptFdefModSetPostMontgomery,\
2042
    &SymCryptFdefModPreGetMontgomery,\
2043
    &SymCryptFdefModulusCopyFixupMontgomery,\
2044
    &SymCryptFdefModulusInitMontgomery,\
2045
}
2046
2047
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_ARM64256 {\
2048
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModAdd256Asm,\
2049
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModSub256Asm,\
2050
    &SymCryptFdefModNegGeneric,\
2051
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModMulMontgomery256Asm, \
2052
    (SYMCRYPT_MOD_UNARY_OP_FN) &SymCryptFdefModSquareMontgomery256Asm, \
2053
    &SymCryptFdefModInvMontgomery,\
2054
    &SymCryptFdefModSetPostMontgomery,\
2055
    &SymCryptFdefModPreGetMontgomery,\
2056
    &SymCryptFdefModulusCopyFixupMontgomery,\
2057
    &SymCryptFdefModulusInitMontgomery,\
2058
}
2059
2060
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_ARM64P384 {\
2061
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModAdd384Asm,\
2062
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModSub384Asm,\
2063
    &SymCryptFdefModNegGeneric,\
2064
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModMulMontgomeryP384Asm, \
2065
    (SYMCRYPT_MOD_UNARY_OP_FN) &SymCryptFdefModSquareMontgomeryP384Asm, \
2066
    &SymCryptFdef369ModInvMontgomery,\
2067
    &SymCryptFdef369ModSetPostMontgomery,\
2068
    &SymCryptFdef369ModPreGetMontgomery,\
2069
    &SymCryptFdefModulusCopyFixupMontgomery,\
2070
    &SymCryptFdef369ModulusInitMontgomery,\
2071
}
2072
2073
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_MULX256 {\
2074
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModAddMulx256Asm,\
2075
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModSub256Asm,\
2076
    &SymCryptFdefModNegGeneric,\
2077
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModMulMontgomeryMulx256Asm,\
2078
    (SYMCRYPT_MOD_UNARY_OP_FN) &SymCryptFdefModSquareMontgomeryMulx256Asm,\
2079
    &SymCryptFdefModInvMontgomery256,\
2080
    &SymCryptFdefModSetPostMontgomeryMulx256,\
2081
    &SymCryptFdefModPreGetMontgomery256,\
2082
    &SymCryptFdefModulusCopyFixupMontgomery,\
2083
    &SymCryptFdefModulusInitMontgomery256,\
2084
}
2085
2086
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_MULXP256 {\
2087
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModAddMulx256Asm,\
2088
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModSub256Asm,\
2089
    &SymCryptFdefModNegGeneric,\
2090
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModMulMontgomeryMulxP256Asm,\
2091
    (SYMCRYPT_MOD_UNARY_OP_FN) &SymCryptFdefModSquareMontgomeryMulxP256Asm,\
2092
    &SymCryptFdefModInvMontgomery256,\
2093
    &SymCryptFdefModSetPostMontgomeryMulx256,\
2094
    &SymCryptFdefModPreGetMontgomery256,\
2095
    &SymCryptFdefModulusCopyFixupMontgomery,\
2096
    &SymCryptFdefModulusInitMontgomery256,\
2097
}
2098
2099
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_MULX384 {\
2100
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModAddMulx384Asm,\
2101
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModSub384Asm,\
2102
    &SymCryptFdefModNegGeneric,\
2103
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModMulMontgomeryMulx384Asm,\
2104
    (SYMCRYPT_MOD_UNARY_OP_FN) &SymCryptFdefModSquareMontgomeryMulx384Asm,\
2105
    &SymCryptFdef369ModInvMontgomery,\
2106
    &SymCryptFdefModSetPostMontgomeryMulx384,\
2107
    &SymCryptFdef369ModPreGetMontgomery,\
2108
    &SymCryptFdefModulusCopyFixupMontgomery,\
2109
    &SymCryptFdef369ModulusInitMontgomery,\
2110
}
2111
2112
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_MULXP384 {\
2113
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModAddMulx384Asm,\
2114
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModSub384Asm,\
2115
    &SymCryptFdefModNegGeneric,\
2116
    (SYMCRYPT_MOD_BINARY_OP_FN) &SymCryptFdefModMulMontgomeryMulxP384Asm,\
2117
    (SYMCRYPT_MOD_UNARY_OP_FN) &SymCryptFdefModSquareMontgomeryMulxP384Asm,\
2118
    &SymCryptFdef369ModInvMontgomery,\
2119
    &SymCryptFdefModSetPostMontgomeryMulxP384,\
2120
    &SymCryptFdef369ModPreGetMontgomery,\
2121
    &SymCryptFdefModulusCopyFixupMontgomery,\
2122
    &SymCryptFdef369ModulusInitMontgomery,\
2123
}
2124
2125
#define SYMCRYPT_MOD_FUNCTIONS_FDEF369_MONTGOMERY {\
2126
    &SymCryptFdef369ModAddGeneric,\
2127
    &SymCryptFdef369ModSubGeneric,\
2128
    &SymCryptFdefModNegGeneric,\
2129
    &SymCryptFdef369ModMulMontgomery,\
2130
    &SymCryptFdef369ModSquareMontgomery,\
2131
    &SymCryptFdef369ModInvMontgomery,\
2132
    &SymCryptFdef369ModSetPostMontgomery,\
2133
    &SymCryptFdef369ModPreGetMontgomery,\
2134
    &SymCryptFdefModulusCopyFixupMontgomery,\
2135
    &SymCryptFdef369ModulusInitMontgomery,\
2136
}
2137
2138
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_MULX {\
2139
    &SymCryptFdefModAddGeneric,\
2140
    &SymCryptFdefModSubGeneric,\
2141
    &SymCryptFdefModNegGeneric,\
2142
    &SymCryptFdefModMulMontgomeryMulx,\
2143
    &SymCryptFdefModSquareMontgomeryMulx,\
2144
    &SymCryptFdefModInvMontgomery,\
2145
    &SymCryptFdefModSetPostMontgomery,\
2146
    &SymCryptFdefModPreGetMontgomery,\
2147
    &SymCryptFdefModulusCopyFixupMontgomery,\
2148
    &SymCryptFdefModulusInitMontgomery,\
2149
}
2150
2151
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY512 {\
2152
    &SymCryptFdefModAddGeneric,\
2153
    &SymCryptFdefModSubGeneric,\
2154
    &SymCryptFdefModNegGeneric,\
2155
    &SymCryptFdefModMulMontgomery512,\
2156
    &SymCryptFdefModSquareMontgomery512,\
2157
    &SymCryptFdefModInvMontgomery,\
2158
    &SymCryptFdefModSetPostMontgomery,\
2159
    &SymCryptFdefModPreGetMontgomery,\
2160
    &SymCryptFdefModulusCopyFixupMontgomery,\
2161
    &SymCryptFdefModulusInitMontgomery,\
2162
}
2163
2164
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY1024 {\
2165
    &SymCryptFdefModAddGeneric,\
2166
    &SymCryptFdefModSubGeneric,\
2167
    &SymCryptFdefModNegGeneric,\
2168
    &SymCryptFdefModMulMontgomery1024,\
2169
    &SymCryptFdefModSquareMontgomery1024,\
2170
    &SymCryptFdefModInvMontgomery,\
2171
    &SymCryptFdefModSetPostMontgomery,\
2172
    &SymCryptFdefModPreGetMontgomery,\
2173
    &SymCryptFdefModulusCopyFixupMontgomery,\
2174
    &SymCryptFdefModulusInitMontgomery,\
2175
}
2176
2177
#define SYMCRYPT_MOD_FUNCTIONS_FDEF_MONTGOMERY_MULX1024 {\
2178
    &SymCryptFdefModAddGeneric,\
2179
    &SymCryptFdefModSubGeneric,\
2180
    &SymCryptFdefModNegGeneric,\
2181
    &SymCryptFdefModMulMontgomeryMulx1024,\
2182
    &SymCryptFdefModSquareMontgomeryMulx1024,\
2183
    &SymCryptFdefModInvMontgomery,\
2184
    &SymCryptFdefModSetPostMontgomery,\
2185
    &SymCryptFdefModPreGetMontgomery,\
2186
    &SymCryptFdefModulusCopyFixupMontgomery,\
2187
    &SymCryptFdefModulusInitMontgomery,\
2188
}
2189
2190
VOID
2191
SYMCRYPT_CALL
2192
SymCryptFdefMaskedCopy(
2193
    _In_reads_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )        PCBYTE      pbSrc,
2194
    _Inout_updates_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )   PBYTE       pbDst,
2195
                                                                UINT32      nDigits,
2196
                                                                UINT32      mask );
2197
//
2198
// Copies Src to Dst under mask.
2199
// Requirements:
2200
//  - mask == 0 or mask == 0xffffffff
2201
//  - cbData must be a multple of the size of a digit, or a multiple of the size of a ModElement.
2202
//  - pbSrc and pbDst must be SYMCRYPT_ALIGNed
2203
// if mask == 0 this function does nothing.
2204
// if mask == 0xffffffff this function is a memcpy from Src to Dst.
2205
// This function is side-channel safe; the value of mask is not revealed
2206
// through the memory access patterns.
2207
//
2208
2209
VOID
2210
SYMCRYPT_CALL
2211
SymCryptFdefConditionalSwap(
2212
    _Inout_updates_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )   PBYTE       pbSrc1,
2213
    _Inout_updates_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )   PBYTE       pbSrc2,
2214
                                                                UINT32      nDigits,
2215
                                                                UINT32      cond );
2216
2217
//
2218
// Swaps the bytes of Src1 with the bytes of Src2 under a condition.
2219
// Requirements:
2220
//  - cond = 0 or cond = 1 .
2221
//  - cbData must be a multple of the size of a digit, or a multiple of the size of a ModElement.
2222
//  - pbSrc1 and pbSrc2 must be SYMCRYPT_ALIGNed
2223
// if cond == 0 this function does nothing.
2224
// if cond == 1 this function swaps the bytes of Src1 with the bytes of Src2.
2225
// This function is side-channel safe; the value of cond is not revealed
2226
// through the memory access patterns.
2227
//
2228
2229
VOID
2230
SYMCRYPT_CALL
2231
SymCryptFdefClaimScratch( PBYTE pbScratch, SIZE_T cbScratch, SIZE_T cbMin );
2232
2233
UINT32
2234
SymCryptFdefDigitsFromBits( UINT32 nBits );
2235
2236
PSYMCRYPT_INT
2237
SYMCRYPT_CALL
2238
SymCryptFdefIntAllocate( UINT32 nDigits );
2239
2240
UINT32
2241
SYMCRYPT_CALL
2242
SymCryptFdefSizeofIntFromDigits( UINT32 nDigits );
2243
2244
PSYMCRYPT_INT
2245
SYMCRYPT_CALL
2246
SymCryptFdefIntCreate(
2247
    _Out_writes_bytes_( cbBuffer )  PBYTE   pbBuffer,
2248
                                    SIZE_T  cbBuffer,
2249
                                    UINT32  nDigits );
2250
2251
VOID
2252
SymCryptFdefIntCopy(
2253
    _In_    PCSYMCRYPT_INT  piSrc,
2254
    _Out_   PSYMCRYPT_INT   piDst );
2255
2256
VOID
2257
SymCryptFdefIntMaskedCopy(
2258
    _In_    PCSYMCRYPT_INT  piSrc,
2259
    _Inout_ PSYMCRYPT_INT   piDst,
2260
            UINT32          mask );
2261
2262
VOID
2263
SYMCRYPT_CALL
2264
SymCryptFdefIntConditionalCopy(
2265
    _In_    PCSYMCRYPT_INT  piSrc,
2266
    _Inout_ PSYMCRYPT_INT   piDst,
2267
            UINT32          cond );
2268
2269
VOID
2270
SYMCRYPT_CALL
2271
SymCryptFdefIntConditionalSwap(
2272
    _Inout_ PSYMCRYPT_INT   piSrc1,
2273
    _Inout_ PSYMCRYPT_INT   piSrc2,
2274
            UINT32          cond );
2275
2276
UINT32
2277
SYMCRYPT_CALL
2278
SymCryptFdefIntBitsizeOfObject( _In_ PCSYMCRYPT_INT  piSrc );
2279
2280
UINT32
2281
SYMCRYPT_CALL
2282
SymCryptFdefNumberofDigitsFromInt( _In_ PCSYMCRYPT_INT piSrc );
2283
2284
SYMCRYPT_ERROR
2285
SymCryptFdefIntCopyMixedSize(
2286
    _In_    PCSYMCRYPT_INT  piSrc,
2287
    _Out_   PSYMCRYPT_INT   piDst );
2288
2289
UINT32
2290
SYMCRYPT_CALL
2291
SymCryptFdefIntBitsizeOfValue( _In_ PCSYMCRYPT_INT piSrc );
2292
2293
VOID
2294
SYMCRYPT_CALL
2295
SymCryptFdefIntSetValueUint32(
2296
            UINT32          u32Src,
2297
    _Out_   PSYMCRYPT_INT   piDst );
2298
2299
VOID
2300
SYMCRYPT_CALL
2301
SymCryptFdefIntSetValueUint64(
2302
            UINT64          u64Src,
2303
    _Out_   PSYMCRYPT_INT   piDst );
2304
2305
SYMCRYPT_ERROR
2306
SYMCRYPT_CALL
2307
SymCryptFdefIntSetValue(
2308
    _In_reads_bytes_(cbSrc)     PCBYTE                  pbSrc,
2309
                                SIZE_T                  cbSrc,
2310
                                SYMCRYPT_NUMBER_FORMAT  format,
2311
    _Out_                       PSYMCRYPT_INT           piDst );
2312
2313
SYMCRYPT_ERROR
2314
SYMCRYPT_CALL
2315
SymCryptFdefIntGetValue(
2316
    _In_                        PCSYMCRYPT_INT          piSrc,
2317
    _Out_writes_bytes_(cbDst)   PBYTE                   pbDst,
2318
                                SIZE_T                  cbDst,
2319
                                SYMCRYPT_NUMBER_FORMAT  format );
2320
2321
UINT32
2322
SYMCRYPT_CALL
2323
SymCryptFdefIntGetValueLsbits32( _In_  PCSYMCRYPT_INT piSrc );
2324
2325
UINT64
2326
SYMCRYPT_CALL
2327
SymCryptFdefIntGetValueLsbits64( _In_  PCSYMCRYPT_INT piSrc );
2328
2329
UINT32
2330
SYMCRYPT_CALL
2331
SymCryptFdefIntAddUint32(
2332
    _In_    PCSYMCRYPT_INT  piSrc1,
2333
            UINT32          u32Src2,
2334
    _Out_   PSYMCRYPT_INT   piDst );
2335
2336
UINT32
2337
SYMCRYPT_CALL
2338
SymCryptFdefIntAddSameSize(
2339
    _In_    PCSYMCRYPT_INT piSrc1,
2340
    _In_    PCSYMCRYPT_INT piSrc2,
2341
    _Out_   PSYMCRYPT_INT  piDst );
2342
2343
UINT32
2344
SYMCRYPT_CALL
2345
SymCryptFdefIntAddMixedSize(
2346
    _In_    PCSYMCRYPT_INT piSrc1,
2347
    _In_    PCSYMCRYPT_INT piSrc2,
2348
    _Out_   PSYMCRYPT_INT  piDst );
2349
2350
UINT32
2351
SYMCRYPT_CALL
2352
SymCryptFdefIntSubUint32(
2353
    _In_    PCSYMCRYPT_INT  piSrc1,
2354
            UINT32          u32Src2,
2355
    _Out_   PSYMCRYPT_INT   piDst );
2356
2357
UINT32
2358
SYMCRYPT_CALL
2359
SymCryptFdefIntSubSameSize(
2360
    _In_    PCSYMCRYPT_INT piSrc1,
2361
    _In_    PCSYMCRYPT_INT piSrc2,
2362
    _Out_   PSYMCRYPT_INT  piDst );
2363
2364
UINT32
2365
SYMCRYPT_CALL
2366
SymCryptFdefIntSubMixedSize(
2367
    _In_    PCSYMCRYPT_INT piSrc1,
2368
    _In_    PCSYMCRYPT_INT piSrc2,
2369
    _Out_   PSYMCRYPT_INT  piDst );
2370
2371
VOID
2372
SYMCRYPT_CALL
2373
SymCryptFdefIntNeg(
2374
    _In_    PCSYMCRYPT_INT  piSrc,
2375
    _Out_   PSYMCRYPT_INT   piDst );
2376
2377
2378
VOID
2379
SYMCRYPT_CALL
2380
SymCryptFdefIntMulPow2(
2381
    _In_    PCSYMCRYPT_INT  piSrc,
2382
            SIZE_T          Exp,
2383
    _Out_   PSYMCRYPT_INT   piDst );
2384
2385
VOID
2386
SYMCRYPT_CALL
2387
SymCryptFdefIntDivPow2(
2388
    _In_    PCSYMCRYPT_INT  piSrc,
2389
            SIZE_T          exp,
2390
    _Out_   PSYMCRYPT_INT   piDst );
2391
2392
VOID
2393
SYMCRYPT_CALL
2394
SymCryptFdefIntShr1(
2395
            UINT32          highestBit,
2396
    _In_    PCSYMCRYPT_INT  piSrc,
2397
    _Out_   PSYMCRYPT_INT   piDst );
2398
2399
VOID
2400
SYMCRYPT_CALL
2401
SymCryptFdefIntModPow2(
2402
    _In_    PCSYMCRYPT_INT  piSrc,
2403
            SIZE_T          exp,
2404
    _Out_   PSYMCRYPT_INT   piDst );
2405
2406
UINT32
2407
SYMCRYPT_CALL
2408
SymCryptFdefIntGetBit(
2409
    _In_    PCSYMCRYPT_INT  piSrc,
2410
            UINT32          iBit );
2411
2412
UINT32
2413
SYMCRYPT_CALL
2414
SymCryptFdefIntGetBits(
2415
    _In_    PCSYMCRYPT_INT  piSrc,
2416
            UINT32          iBit,
2417
            UINT32          nBits );
2418
2419
VOID
2420
SYMCRYPT_CALL
2421
SymCryptFdefIntSetBits(
2422
    _In_    PSYMCRYPT_INT   piDst,
2423
            UINT32          value,
2424
            UINT32          iBit,
2425
            UINT32          nBits );
2426
2427
UINT32
2428
SYMCRYPT_CALL
2429
SymCryptFdefIntIsEqualUint32(
2430
    _In_    PCSYMCRYPT_INT  piSrc1,
2431
    _In_    UINT32          u32Src2 );
2432
2433
UINT32
2434
SYMCRYPT_CALL
2435
SymCryptFdefIntIsEqual(
2436
    _In_    PCSYMCRYPT_INT  piSrc1,
2437
    _In_    PCSYMCRYPT_INT  piSrc2 );
2438
2439
UINT32
2440
SYMCRYPT_CALL
2441
SymCryptFdefIntIsLessThan(
2442
    _In_    PCSYMCRYPT_INT  piSrc1,
2443
    _In_    PCSYMCRYPT_INT  piSrc2 );
2444
2445
UINT32
2446
SYMCRYPT_CALL
2447
SymCryptFdefIntMulUint32(
2448
    _In_                            PCSYMCRYPT_INT  piSrc1,
2449
                                    UINT32          Src2,
2450
    _Out_                           PSYMCRYPT_INT   piDst );
2451
2452
VOID
2453
SYMCRYPT_CALL
2454
SymCryptFdefIntMulSameSize(
2455
    _In_                            PCSYMCRYPT_INT  piSrc1,
2456
    _In_                            PCSYMCRYPT_INT  piSrc2,
2457
    _Out_                           PSYMCRYPT_INT   piDst,
2458
    _Out_writes_bytes_( cbScratch ) PBYTE           pbScratch,
2459
                                    SIZE_T          cbScratch );
2460
VOID
2461
SYMCRYPT_CALL
2462
SymCryptFdefIntSquare(
2463
    _In_                            PCSYMCRYPT_INT  piSrc,
2464
    _Out_                           PSYMCRYPT_INT   piDst,
2465
    _Out_writes_bytes_( cbScratch ) PBYTE           pbScratch,
2466
                                    SIZE_T          cbScratch );
2467
VOID
2468
SYMCRYPT_CALL
2469
SymCryptFdefIntMulMixedSize(
2470
    _In_                            PCSYMCRYPT_INT  piSrc1,
2471
    _In_                            PCSYMCRYPT_INT  piSrc2,
2472
    _Out_                           PSYMCRYPT_INT   piDst,
2473
    _Out_writes_bytes_( cbScratch ) PBYTE           pbScratch,
2474
                                    SIZE_T          cbScratch );
2475
2476
PSYMCRYPT_DIVISOR
2477
SYMCRYPT_CALL
2478
SymCryptFdefDivisorAllocate( UINT32 nDigits );
2479
2480
UINT32
2481
SYMCRYPT_CALL
2482
SymCryptFdefSizeofDivisorFromDigits( UINT32 nDigits );
2483
2484
PSYMCRYPT_DIVISOR
2485
SYMCRYPT_CALL
2486
SymCryptFdefDivisorCreate(
2487
    _Out_writes_bytes_( cbBuffer )  PBYTE   pbBuffer,
2488
                                    SIZE_T  cbBuffer,
2489
                                    UINT32  nDigits );
2490
2491
PSYMCRYPT_DIVISOR
2492
SYMCRYPT_CALL
2493
SymCryptFdefDivisorRetrieveHandle( _In_ PBYTE pbBuffer );
2494
2495
VOID
2496
SymCryptFdefDivisorCopy(
2497
    _In_    PCSYMCRYPT_DIVISOR  pdSrc,
2498
    _Out_   PSYMCRYPT_DIVISOR   pdDst );
2499
2500
VOID
2501
SymCryptFdefDivisorCopyFixup(
2502
    _In_    PCSYMCRYPT_DIVISOR  pSrc,
2503
    _Out_   PSYMCRYPT_DIVISOR   pDst );
2504
2505
PSYMCRYPT_INT
2506
SYMCRYPT_CALL
2507
SymCryptFdefIntFromDivisor( _In_ PSYMCRYPT_DIVISOR pdSrc );
2508
2509
VOID
2510
SYMCRYPT_CALL
2511
SymCryptFdefIntToDivisor(
2512
    _In_                            PCSYMCRYPT_INT      piSrc,
2513
    _Out_                           PSYMCRYPT_DIVISOR   pdDst,
2514
                                    UINT32              totalOperations,
2515
                                    UINT32              flags,
2516
    _Out_writes_bytes_( cbScratch ) PBYTE               pbScratch,
2517
                                    SIZE_T              cbScratch );
2518
2519
VOID
2520
SYMCRYPT_CALL
2521
SymCryptFdefIntDivMod(
2522
    _In_                            PCSYMCRYPT_INT      piSrc,
2523
    _In_                            PCSYMCRYPT_DIVISOR  pdDivisor,
2524
    _Out_opt_                       PSYMCRYPT_INT       piQuotient,
2525
    _Out_opt_                       PSYMCRYPT_INT       piRemainder,
2526
    _Out_writes_bytes_( cbScratch ) PBYTE               pbScratch,
2527
                                    SIZE_T              cbScratch );
2528
2529
VOID
2530
SYMCRYPT_CALL
2531
SymCryptFdefRawDivMod(
2532
    _In_reads_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32)           PCUINT32            pNum,
2533
                                                                UINT32              nDigits,
2534
    _In_                                                        PCSYMCRYPT_DIVISOR  pdDivisor,
2535
    _Out_writes_opt_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32)     PUINT32             pQuotient,
2536
    _Out_writes_opt_(SYMCRYPT_OBJ_NUINT32(pdDivisor))           PUINT32             pRemainder,
2537
    _Out_writes_bytes_( cbScratch )                             PBYTE               pbScratch,
2538
                                                                SIZE_T              cbScratch );
2539
2540
2541
PSYMCRYPT_MODULUS
2542
SYMCRYPT_CALL
2543
SymCryptFdefModulusAllocate( UINT32 nDigits );
2544
2545
VOID
2546
SYMCRYPT_CALL
2547
SymCryptFdefModulusFree( _Out_ PSYMCRYPT_MODULUS pmObj );
2548
2549
UINT32
2550
SYMCRYPT_CALL
2551
SymCryptFdefSizeofModulusFromDigits( UINT32 nDigits );
2552
2553
PSYMCRYPT_MODULUS
2554
SYMCRYPT_CALL
2555
SymCryptFdefModulusCreate(
2556
    _Out_writes_bytes_( cbBuffer )  PBYTE   pbBuffer,
2557
                                    SIZE_T  cbBuffer,
2558
                                    UINT32  nDigits );
2559
2560
PSYMCRYPT_MODULUS
2561
SYMCRYPT_CALL
2562
SymCryptFdefModulusRetrieveHandle( _In_ PBYTE pbBuffer );
2563
2564
2565
VOID
2566
SymCryptFdefModulusCopy(
2567
    _In_    PCSYMCRYPT_MODULUS  pmSrc,
2568
    _Out_   PSYMCRYPT_MODULUS   pmDst );
2569
2570
PSYMCRYPT_MODELEMENT
2571
SYMCRYPT_CALL
2572
SymCryptFdefModElementAllocate( _In_ PCSYMCRYPT_MODULUS pmMod );
2573
2574
VOID
2575
SYMCRYPT_CALL
2576
SymCryptFdefModElementFree(
2577
    _In_    PCSYMCRYPT_MODULUS      pmMod,
2578
    _Out_   PSYMCRYPT_MODELEMENT    peObj );
2579
2580
UINT32
2581
SYMCRYPT_CALL
2582
SymCryptFdefSizeofModElementFromModulus( PCSYMCRYPT_MODULUS pmMod );
2583
2584
PSYMCRYPT_MODELEMENT
2585
SYMCRYPT_CALL
2586
SymCryptFdefModElementCreate(
2587
    _Out_writes_bytes_( cbBuffer )  PBYTE               pbBuffer,
2588
                                    SIZE_T              cbBuffer,
2589
                                    PCSYMCRYPT_MODULUS   pmMod );
2590
2591
PSYMCRYPT_MODELEMENT
2592
SYMCRYPT_CALL
2593
SymCryptFdefModElementRetrieveHandle( _In_ PBYTE pbBuffer );
2594
2595
VOID
2596
SYMCRYPT_CALL
2597
SymCryptFdefModElementWipe(
2598
    _In_    PCSYMCRYPT_MODULUS      pmMod,
2599
    _Out_   PSYMCRYPT_MODELEMENT    peDst );
2600
2601
VOID
2602
SymCryptFdefModElementCopy(
2603
    _In_    PCSYMCRYPT_MODULUS      pmMod,
2604
    _In_    PCSYMCRYPT_MODELEMENT   peSrc,
2605
    _Out_   PSYMCRYPT_MODELEMENT    peDst );
2606
2607
VOID
2608
SymCryptFdefModElementMaskedCopy(
2609
    _In_    PCSYMCRYPT_MODULUS      pmMod,
2610
    _In_    PCSYMCRYPT_MODELEMENT   peSrc,
2611
    _Out_   PSYMCRYPT_MODELEMENT    peDst,
2612
            UINT32                  mask );
2613
2614
PSYMCRYPT_DIVISOR
2615
SYMCRYPT_CALL
2616
SymCryptFdefDivisorFromModulus( _In_ PSYMCRYPT_MODULUS pmSrc );
2617
2618
VOID
2619
SymCryptFdefModElementConditionalSwap(
2620
    _In_       PCSYMCRYPT_MODULUS    pmMod,
2621
    _Inout_    PSYMCRYPT_MODELEMENT  peData1,
2622
    _Inout_    PSYMCRYPT_MODELEMENT  peData2,
2623
    _In_       UINT32                cond );
2624
2625
PSYMCRYPT_INT
2626
SYMCRYPT_CALL
2627
SymCryptFdefIntFromModulus( _In_ PSYMCRYPT_MODULUS pmSrc );
2628
2629
VOID
2630
SYMCRYPT_CALL
2631
SymCryptFdefIntToModulus(
2632
    _In_                            PCSYMCRYPT_INT      piSrc,
2633
    _Out_                           PSYMCRYPT_MODULUS   pmDst,
2634
                                    UINT32              averageOperations,
2635
                                    UINT32              flags,
2636
    _Out_writes_bytes_( cbScratch ) PBYTE               pbScratch,
2637
                                    SIZE_T              cbScratch );
2638
2639
VOID
2640
SYMCRYPT_CALL
2641
SymCryptFdefIntToModElement(
2642
    _In_                            PCSYMCRYPT_INT          piSrc,
2643
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2644
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2645
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2646
                                    SIZE_T                  cbScratch );
2647
2648
VOID
2649
SYMCRYPT_CALL
2650
SymCryptFdefModElementToIntGeneric(
2651
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2652
    _In_reads_bytes_( pmMod->nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )
2653
                                    PCUINT32                pSrc,
2654
    _Out_                           PSYMCRYPT_INT           piDst,
2655
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2656
                                    SIZE_T                  cbScratch );
2657
2658
SYMCRYPT_ERROR
2659
SYMCRYPT_CALL
2660
SymCryptFdefRawSetValue(
2661
    _In_reads_bytes_(cbSrc)                             PCBYTE                  pbSrc,
2662
                                                        SIZE_T                  cbSrc,
2663
                                                        SYMCRYPT_NUMBER_FORMAT  format,
2664
    _Out_writes_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32                 pDst,
2665
                                                        UINT32                  nDigits );
2666
2667
SYMCRYPT_ERROR
2668
SYMCRYPT_CALL
2669
SymCryptFdefModElementSetValueGeneric(
2670
    _In_reads_bytes_( cbSrc )       PCBYTE                  pbSrc,
2671
                                    SIZE_T                  cbSrc,
2672
                                    SYMCRYPT_NUMBER_FORMAT  format,
2673
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2674
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2675
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2676
                                    SIZE_T                  cbScratch );
2677
2678
VOID
2679
SYMCRYPT_CALL
2680
SymCryptFdefModElementSetValueUint32Generic(
2681
                                    UINT32                  value,
2682
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2683
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2684
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2685
                                    SIZE_T                  cbScratch );
2686
2687
VOID
2688
SYMCRYPT_CALL
2689
SymCryptFdefModElementSetValueNegUint32(
2690
                                    UINT32                  value,
2691
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2692
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2693
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2694
                                    SIZE_T                  cbScratch );
2695
2696
SYMCRYPT_ERROR
2697
SYMCRYPT_CALL
2698
SymCryptFdefRawGetValue(
2699
    _In_reads_(nDigits * SYMCRYPT_FDEF_DIGIT_NUINT32)   PCUINT32                pSrc,
2700
                                                        UINT32                  nDigits,
2701
    _Out_writes_bytes_(cbDst)                           PBYTE                   pbDst,
2702
                                                        SIZE_T                  cbDst,
2703
                                                        SYMCRYPT_NUMBER_FORMAT  format );
2704
2705
SYMCRYPT_ERROR
2706
SYMCRYPT_CALL
2707
SymCryptFdefModElementGetValue(
2708
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2709
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc,
2710
    _Out_writes_bytes_( cbDst )     PBYTE                   pbDst,
2711
                                    SIZE_T                  cbDst,
2712
                                    SYMCRYPT_NUMBER_FORMAT  format,
2713
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2714
                                    SIZE_T                  cbScratch );
2715
2716
UINT32
2717
SYMCRYPT_CALL
2718
SymCryptFdefModElementIsEqual(
2719
    _In_    PCSYMCRYPT_MODULUS     pmMod,
2720
    _In_    PCSYMCRYPT_MODELEMENT  peSrc1,
2721
    _In_    PCSYMCRYPT_MODELEMENT  peSrc2 );
2722
2723
UINT32
2724
SYMCRYPT_CALL
2725
SymCryptFdefModElementIsZero(
2726
    _In_    PCSYMCRYPT_MODULUS     pmMod,
2727
    _In_    PCSYMCRYPT_MODELEMENT  peSrc );
2728
2729
VOID
2730
SYMCRYPT_CALL
2731
SymCryptFdefModAddGeneric(
2732
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2733
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2734
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2735
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2736
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2737
                                    SIZE_T                  cbScratch );
2738
2739
VOID
2740
SYMCRYPT_CALL
2741
SymCryptFdefModAddMulx256Asm(
2742
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2743
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2744
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2745
    _Out_                           PSYMCRYPT_MODELEMENT    peDst );
2746
2747
VOID
2748
SYMCRYPT_CALL
2749
SymCryptFdefModAddMulx384Asm(
2750
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2751
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2752
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2753
    _Out_                           PSYMCRYPT_MODELEMENT    peDst );
2754
2755
VOID
2756
SYMCRYPT_CALL
2757
SymCryptFdefModAdd256Asm(
2758
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2759
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2760
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2761
    _Out_                           PSYMCRYPT_MODELEMENT    peDst );
2762
2763
VOID
2764
SYMCRYPT_CALL
2765
SymCryptFdefModAdd384Asm(
2766
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2767
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2768
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2769
    _Out_                           PSYMCRYPT_MODELEMENT    peDst );
2770
2771
VOID
2772
SYMCRYPT_CALL
2773
SymCryptFdef369ModAddGeneric(
2774
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2775
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2776
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2777
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2778
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2779
                                    SIZE_T                  cbScratch );
2780
2781
VOID
2782
SYMCRYPT_CALL
2783
SymCryptFdefModSubGeneric(
2784
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2785
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2786
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2787
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2788
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2789
                                    SIZE_T                  cbScratch );
2790
2791
VOID
2792
SYMCRYPT_CALL
2793
SymCryptFdef369ModSubGeneric(
2794
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2795
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2796
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2797
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2798
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2799
                                    SIZE_T                  cbScratch );
2800
2801
VOID
2802
SYMCRYPT_CALL
2803
SymCryptFdefModSub256Asm(
2804
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2805
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2806
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2807
    _Out_                           PSYMCRYPT_MODELEMENT    peDst );
2808
2809
VOID
2810
SYMCRYPT_CALL
2811
SymCryptFdefModSub384Asm(
2812
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2813
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc1,
2814
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc2,
2815
    _Out_                           PSYMCRYPT_MODELEMENT    peDst );
2816
2817
VOID
2818
SYMCRYPT_CALL
2819
SymCryptFdefModNegGeneric(
2820
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2821
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc,
2822
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
2823
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2824
                                    SIZE_T                  cbScratch );
2825
2826
VOID
2827
SYMCRYPT_CALL
2828
SymCryptFdefModSetPostGeneric(
2829
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2830
    _Inout_                         PSYMCRYPT_MODELEMENT    peObj,
2831
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2832
                                    SIZE_T                  cbScratch );
2833
2834
VOID
2835
SYMCRYPT_CALL
2836
SymCryptFdefModSetPostMontgomery(
2837
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2838
    _Inout_                         PSYMCRYPT_MODELEMENT    peObj,
2839
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2840
                                    SIZE_T                  cbScratch );
2841
2842
VOID
2843
SYMCRYPT_CALL
2844
SymCryptFdefModSetPostMontgomeryMulx256(
2845
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2846
    _Inout_                         PSYMCRYPT_MODELEMENT    peObj,
2847
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2848
                                    SIZE_T                  cbScratch );
2849
2850
VOID
2851
SYMCRYPT_CALL
2852
SymCryptFdefModSetPostMontgomeryMulxP384(
2853
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2854
    _Inout_                         PSYMCRYPT_MODELEMENT    peObj,
2855
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2856
                                    SIZE_T                  cbScratch );
2857
2858
VOID
2859
SYMCRYPT_CALL
2860
SymCryptFdef369ModSetPostMontgomery(
2861
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2862
    _Inout_                         PSYMCRYPT_MODELEMENT    peObj,
2863
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2864
                                    SIZE_T                  cbScratch );
2865
2866
PCUINT32
2867
SYMCRYPT_CALL
2868
SymCryptFdefModPreGetGeneric(
2869
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2870
    _In_                            PCSYMCRYPT_MODELEMENT   peObj,
2871
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2872
                                    SIZE_T                  cbScratch );
2873
2874
PCUINT32
2875
SYMCRYPT_CALL
2876
SymCryptFdefModPreGetMontgomery(
2877
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2878
    _In_                            PCSYMCRYPT_MODELEMENT   peObj,
2879
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2880
                                    SIZE_T                  cbScratch );
2881
2882
PCUINT32
2883
SYMCRYPT_CALL
2884
SymCryptFdefModPreGetMontgomery256(
2885
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2886
    _In_                            PCSYMCRYPT_MODELEMENT   peObj,
2887
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2888
                                    SIZE_T                  cbScratch );
2889
2890
PCUINT32
2891
SYMCRYPT_CALL
2892
SymCryptFdef369ModPreGetMontgomery(
2893
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
2894
    _In_                            PCSYMCRYPT_MODELEMENT   peObj,
2895
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2896
                                    SIZE_T                  cbScratch );
2897
2898
VOID
2899
SYMCRYPT_CALL
2900
SymCryptFdefModulusCopyFixupGeneric(
2901
    _In_                            PCSYMCRYPT_MODULUS      pmSrc,
2902
    _Out_                           PSYMCRYPT_MODULUS       pmDst );
2903
2904
VOID
2905
SYMCRYPT_CALL
2906
SymCryptFdefModulusCopyFixupMontgomery(
2907
    _In_                            PCSYMCRYPT_MODULUS      pmSrc,
2908
    _Out_                           PSYMCRYPT_MODULUS       pmDst );
2909
2910
VOID
2911
SYMCRYPT_CALL
2912
SymCryptFdefModulusInitGeneric(
2913
    _Inout_                         PSYMCRYPT_MODULUS       pmObj,
2914
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2915
                                    SIZE_T                  cbScratch );
2916
2917
VOID
2918
SYMCRYPT_CALL
2919
SymCryptFdefModulusInitMontgomeryInternal(
2920
    _Inout_                         PSYMCRYPT_MODULUS       pmObj,
2921
                                    UINT32                  nUint32Used,            // R = 2^{32 * this parameter}
2922
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2923
                                    SIZE_T                  cbScratch );
2924
2925
VOID
2926
SYMCRYPT_CALL
2927
SymCryptFdefModulusInitMontgomery(
2928
    _Inout_                         PSYMCRYPT_MODULUS       pmObj,
2929
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2930
                                    SIZE_T                  cbScratch );
2931
2932
VOID
2933
SYMCRYPT_CALL
2934
SymCryptFdefModulusInitMontgomery256(
2935
    _Inout_                         PSYMCRYPT_MODULUS       pmObj,
2936
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2937
                                    SIZE_T                  cbScratch );
2938
2939
VOID
2940
SYMCRYPT_CALL
2941
SymCryptFdef369ModulusInitMontgomery(
2942
    _Inout_                         PSYMCRYPT_MODULUS       pmObj,
2943
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2944
                                    SIZE_T                  cbScratch );
2945
UINT32
2946
SYMCRYPT_CALL
2947
SymCryptFdefRawAdd(
2948
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    Src1,
2949
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    Src2,
2950
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     Dst,
2951
                                                            UINT32      nDigits );
2952
2953
UINT32
2954
SYMCRYPT_CALL
2955
SymCryptFdefRawSub(
2956
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc1,
2957
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc2,
2958
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     pDst,
2959
                                                            UINT32      nDigits );
2960
UINT32
2961
SYMCRYPT_CALL
2962
SymCryptFdefRawSubUint32(
2963
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc1,
2964
                                                            UINT32      Src2,
2965
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     pDst,
2966
                                                            UINT32      nDigits );
2967
2968
VOID
2969
SYMCRYPT_CALL
2970
SymCryptFdefModMulGeneric(
2971
    _In_                            PCSYMCRYPT_MODULUS      pMod,
2972
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
2973
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
2974
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
2975
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2976
                                    SIZE_T                  cbScratch );
2977
2978
VOID
2979
SYMCRYPT_CALL
2980
SymCryptFdefModMulMontgomery(
2981
    _In_                            PCSYMCRYPT_MODULUS      pMod,
2982
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
2983
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
2984
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
2985
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
2986
                                    SIZE_T                  cbScratch );
2987
2988
VOID
2989
SYMCRYPT_CALL
2990
SymCryptFdefModMulMontgomeryMulx256Asm(
2991
    _In_                            PCSYMCRYPT_MODULUS      pMod,
2992
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
2993
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
2994
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
2995
2996
VOID
2997
SYMCRYPT_CALL
2998
SymCryptFdefModMulMontgomeryMulxP384Asm(
2999
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3000
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3001
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3002
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
3003
3004
VOID
3005
SYMCRYPT_CALL
3006
SymCryptFdefModMulMontgomery256Asm(
3007
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3008
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3009
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3010
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
3011
3012
VOID
3013
SYMCRYPT_CALL
3014
SymCryptFdefModMulMontgomeryP384Asm(
3015
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3016
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3017
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3018
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
3019
3020
VOID
3021
SYMCRYPT_CALL
3022
SymCryptFdef369ModMulMontgomery(
3023
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3024
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3025
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3026
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3027
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3028
                                    SIZE_T                  cbScratch );
3029
3030
VOID
3031
SYMCRYPT_CALL
3032
SymCryptFdefModMulMontgomeryMulx(
3033
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3034
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3035
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3036
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3037
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3038
                                    SIZE_T                  cbScratch );
3039
3040
VOID
3041
SYMCRYPT_CALL
3042
SymCryptFdefModMulMontgomeryMulx1024(
3043
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3044
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3045
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3046
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3047
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3048
                                    SIZE_T                  cbScratch );
3049
3050
3051
VOID
3052
SYMCRYPT_CALL
3053
SymCryptFdefModSquareGeneric(
3054
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3055
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3056
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3057
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3058
                                    SIZE_T                  cbScratch );
3059
3060
VOID
3061
SYMCRYPT_CALL
3062
SymCryptFdefModSquareMontgomery(
3063
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3064
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3065
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3066
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3067
                                    SIZE_T                  cbScratch );
3068
3069
VOID
3070
SYMCRYPT_CALL
3071
SymCryptFdefModSquareMontgomeryMulx256Asm(
3072
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3073
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3074
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
3075
3076
VOID
3077
SYMCRYPT_CALL
3078
SymCryptFdefModSquareMontgomeryMulxP384Asm(
3079
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3080
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3081
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
3082
3083
VOID
3084
SYMCRYPT_CALL
3085
SymCryptFdefModSquareMontgomery256Asm(
3086
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3087
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3088
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3089
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
3090
3091
VOID
3092
SYMCRYPT_CALL
3093
SymCryptFdefModSquareMontgomeryP384Asm(
3094
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3095
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc1,
3096
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc2,
3097
    _Out_                           PSYMCRYPT_MODELEMENT    pDst );
3098
3099
VOID
3100
SYMCRYPT_CALL
3101
SymCryptFdef369ModSquareMontgomery(
3102
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3103
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3104
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3105
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3106
                                    SIZE_T                  cbScratch );
3107
3108
VOID
3109
SYMCRYPT_CALL
3110
SymCryptFdefModSquareMontgomeryMulx(
3111
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3112
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3113
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3114
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3115
                                    SIZE_T                  cbScratch );
3116
3117
VOID
3118
SYMCRYPT_CALL
3119
SymCryptFdefModSquareMontgomeryMulx1024(
3120
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3121
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3122
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3123
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3124
                                    SIZE_T                  cbScratch );
3125
3126
3127
VOID
3128
SYMCRYPT_CALL
3129
SymCryptFdefRawMul(
3130
    _In_reads_(nDigits1*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc1,
3131
                                                                    UINT32      nDigits1,
3132
    _In_reads_(nDigits2*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc2,
3133
                                                                    UINT32      nDigits2,
3134
    _Out_writes_((nDigits1+nDigits2)*SYMCRYPT_FDEF_DIGIT_NUINT32)   PUINT32     pDst );
3135
3136
VOID
3137
SYMCRYPT_CALL
3138
SymCryptFdefRawMulMulx(
3139
    _In_reads_(nDigits1*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc1,
3140
                                                                    UINT32      nDigits1,
3141
    _In_reads_(nDigits2*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc2,
3142
                                                                    UINT32      nDigits2,
3143
    _Out_writes_((nDigits1+nDigits2)*SYMCRYPT_FDEF_DIGIT_NUINT32)   PUINT32     pDst );
3144
3145
VOID
3146
SYMCRYPT_CALL
3147
SymCryptFdefRawMulMulx1024(
3148
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc1,
3149
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc2,
3150
                                                        UINT32      nDigits,
3151
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32     pDst );
3152
3153
VOID
3154
SYMCRYPT_CALL
3155
SymCryptFdefRawSquare(
3156
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)         PCUINT32    pSrc,
3157
                                                            UINT32      nDigits,
3158
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PUINT32     pDst );
3159
3160
VOID
3161
SYMCRYPT_CALL
3162
SymCryptFdefRawSquareMulx(
3163
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)         PCUINT32    pSrc,
3164
                                                            UINT32      nDigits,
3165
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PUINT32     pDst );
3166
3167
VOID
3168
SYMCRYPT_CALL
3169
SymCryptFdefRawSquareMulx1024(
3170
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)         PCUINT32    pSrc,
3171
                                                            UINT32      nDigits,
3172
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PUINT32     pDst );
3173
3174
VOID
3175
SYMCRYPT_CALL
3176
SymCryptFdef369RawMul(
3177
    _In_reads_(nDigits1*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc1,
3178
                                                                    UINT32      nDigits1,
3179
    _In_reads_(nDigits2*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc2,
3180
                                                                    UINT32      nDigits2,
3181
    _Out_writes_((nDigits1+nDigits2)*SYMCRYPT_FDEF_DIGIT_NUINT32)   PUINT32     pDst );
3182
3183
UINT32
3184
SYMCRYPT_CALL
3185
SymCryptFdefRawIsEqualUint32(
3186
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PCUINT32        pSrc1,
3187
                                                    UINT32          nDigits,
3188
    _In_                                            UINT32          u32Src2 );
3189
3190
UINT32
3191
SYMCRYPT_CALL
3192
SymCryptFdefRawNeg(
3193
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc1,
3194
                                                            UINT32      carryIn,
3195
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     pDst,
3196
                                                            UINT32      nDigits );
3197
3198
UINT32
3199
SYMCRYPT_CALL
3200
SymCryptFdefRawMaskedAdd(
3201
    _Inout_updates_( nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32 )  PUINT32     pAcc,
3202
    _In_reads_( nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32 )       PCUINT32    pSrc,
3203
                                                            UINT32      mask,
3204
                                                            UINT32      nDigits );
3205
3206
UINT32
3207
SYMCRYPT_CALL
3208
SymCryptFdefRawMaskedSub(
3209
    _Inout_updates_( nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32 )  PUINT32     pAcc,
3210
    _In_reads_( nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32 )       PCUINT32    pSrc,
3211
                                                            UINT32      mask,
3212
                                                            UINT32      nDigits );
3213
3214
VOID
3215
SYMCRYPT_CALL
3216
SymCryptFdefModDivPow2(
3217
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3218
    _In_                            PCSYMCRYPT_MODELEMENT   peSrc,
3219
                                    UINT32                  exp,
3220
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
3221
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3222
                                    SIZE_T                  cbScratch );
3223
3224
VOID
3225
SYMCRYPT_CALL
3226
SymCryptFdefModDivSmallPow2(
3227
    _In_                        PCSYMCRYPT_MODULUS      pmMod,
3228
    _In_                        PCSYMCRYPT_MODELEMENT   peSrc,
3229
    _In_range_(1, NATIVE_BITS)  UINT32                  exp,
3230
    _Out_                       PSYMCRYPT_MODELEMENT    peDst );
3231
3232
VOID
3233
SYMCRYPT_CALL
3234
SymCryptFdefModDivSmallPow2Asm(
3235
    _In_                        PCSYMCRYPT_MODULUS      pmMod,
3236
    _In_                        PCSYMCRYPT_MODELEMENT   peSrc,
3237
    _In_range_(1, NATIVE_BITS)  UINT32                  exp,
3238
    _Out_                       PSYMCRYPT_MODELEMENT    peDst );
3239
3240
VOID
3241
SYMCRYPT_CALL
3242
SymCryptFdefModDivSmallPow2Mulx(
3243
    _In_                        PCSYMCRYPT_MODULUS      pmMod,
3244
    _In_                        PCSYMCRYPT_MODELEMENT   peSrc,
3245
    _In_range_(1, NATIVE_BITS)  UINT32                  exp,
3246
    _Out_                       PSYMCRYPT_MODELEMENT    peDst );
3247
3248
SYMCRYPT_ERROR
3249
SYMCRYPT_CALL
3250
SymCryptFdefModInvGeneric(
3251
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3252
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3253
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3254
                                    UINT32                  flags,
3255
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3256
                                    SIZE_T                  cbScratch );
3257
3258
SYMCRYPT_ERROR
3259
SYMCRYPT_CALL
3260
SymCryptFdefModInvMontgomery(
3261
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3262
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3263
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3264
                                    UINT32                  flags,
3265
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3266
                                    SIZE_T                  cbScratch );
3267
3268
SYMCRYPT_ERROR
3269
SYMCRYPT_CALL
3270
SymCryptFdefModInvMontgomery256(
3271
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3272
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3273
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3274
                                    UINT32                  flags,
3275
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3276
                                    SIZE_T                  cbScratch );
3277
3278
SYMCRYPT_ERROR
3279
SYMCRYPT_CALL
3280
SymCryptFdef369ModInvMontgomery(
3281
    _In_                            PCSYMCRYPT_MODULUS      pMod,
3282
    _In_                            PCSYMCRYPT_MODELEMENT   pSrc,
3283
    _Out_                           PSYMCRYPT_MODELEMENT    pDst,
3284
                                    UINT32                  flags,
3285
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3286
                                    SIZE_T                  cbScratch );
3287
3288
VOID
3289
SYMCRYPT_CALL
3290
SymCryptModExpGeneric(
3291
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3292
    _In_                            PCSYMCRYPT_MODELEMENT   peBase,
3293
    _In_                            PCSYMCRYPT_INT          piExp,
3294
                                    UINT32                  nBitsExp,
3295
                                    UINT32                  flags,
3296
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
3297
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3298
                                    SIZE_T                  cbScratch );
3299
3300
SYMCRYPT_ERROR
3301
SYMCRYPT_CALL
3302
SymCryptModMultiExpGeneric(
3303
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3304
    _In_reads_( nBases )            PCSYMCRYPT_MODELEMENT * peBaseArray,
3305
    _In_reads_( nBases )            PCSYMCRYPT_INT *        piExpArray,
3306
                                    UINT32                  nBases,
3307
                                    UINT32                  nBitsExp,
3308
                                    UINT32                  flags,
3309
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
3310
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3311
                                    SIZE_T                  cbScratch );
3312
3313
VOID
3314
SYMCRYPT_CALL
3315
SymCryptFdefModSetRandomGeneric(
3316
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3317
    _Out_                           PSYMCRYPT_MODELEMENT    peDst,
3318
                                    UINT32                  flags,
3319
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3320
                                    SIZE_T                  cbScratch );
3321
3322
UINT32
3323
SYMCRYPT_CALL
3324
SymCryptFdefRawAddUint32(
3325
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    Src1,
3326
                                                            UINT32      Src2,
3327
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     Dst,
3328
                                                            UINT32      nDigits );
3329
3330
UINT32
3331
SYMCRYPT_CALL
3332
SymCryptFdefRawAddAsm(
3333
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    Src1,
3334
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    Src2,
3335
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     Dst,
3336
                                                            UINT32      nDigits );
3337
3338
UINT32
3339
SYMCRYPT_CALL
3340
SymCryptFdef369RawAddAsm(
3341
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    Src1,
3342
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    Src2,
3343
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     Dst,
3344
                                                            UINT32      nDigits );
3345
3346
UINT32
3347
SYMCRYPT_CALL
3348
SymCryptFdefRawSubAsm(
3349
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc1,
3350
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc2,
3351
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     pDst,
3352
                                                            UINT32      nDigits );
3353
3354
UINT32
3355
SYMCRYPT_CALL
3356
SymCryptFdef369RawSubAsm(
3357
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc1,
3358
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc2,
3359
    _Out_writes_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE ) PUINT32     pDst,
3360
                                                            UINT32      nDigits );
3361
3362
UINT32
3363
SYMCRYPT_CALL
3364
SymCryptFdefRawIsLessThan(
3365
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc1,
3366
    _In_reads_bytes_(nDigits * SYMCRYPT_FDEF_DIGIT_SIZE )   PCUINT32    pSrc2,
3367
                                                            UINT32      nDigits );
3368
3369
VOID
3370
SYMCRYPT_CALL
3371
SymCryptFdefMaskedCopyAsm(
3372
    _In_reads_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )        PCBYTE      pbSrc,
3373
    _Inout_updates_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )   PBYTE       pbDst,
3374
                                                                UINT32      nDigits,
3375
                                                                UINT32      mask );
3376
3377
VOID
3378
SYMCRYPT_CALL
3379
SymCryptFdef369MaskedCopyAsm(
3380
    _In_reads_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )        PCBYTE      pbSrc,
3381
    _Inout_updates_bytes_( nDigits*SYMCRYPT_FDEF_DIGIT_SIZE )   PBYTE       pbDst,
3382
                                                                UINT32      nDigits,
3383
                                                                UINT32      mask );
3384
3385
VOID
3386
SYMCRYPT_CALL
3387
SymCryptFdefRawMulAsm(
3388
    _In_reads_(nDigits1*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc1,
3389
                                                                    UINT32      nDigits1,
3390
    _In_reads_(nDigits2*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc2,
3391
                                                                    UINT32      nDigits2,
3392
    _Out_writes_((nDigits1+nDigits2)*SYMCRYPT_FDEF_DIGIT_NUINT32)   PUINT32     pDst );
3393
3394
VOID
3395
SYMCRYPT_CALL
3396
SymCryptFdefRawSquareAsm(
3397
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc,
3398
                                                        UINT32      nDigits,
3399
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32     pDst );
3400
3401
VOID
3402
SYMCRYPT_CALL
3403
SymCryptFdef369RawMulAsm(
3404
    _In_reads_(nDigits1*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc1,
3405
                                                                    UINT32      nDigits1,
3406
    _In_reads_(nDigits2*SYMCRYPT_FDEF_DIGIT_NUINT32)                PCUINT32    pSrc2,
3407
                                                                    UINT32      nDigits2,
3408
    _Out_writes_((nDigits1+nDigits2)*SYMCRYPT_FDEF_DIGIT_NUINT32)   PUINT32     pDst );
3409
3410
VOID
3411
SYMCRYPT_CALL
3412
SymCryptFdefRawMul512Asm(
3413
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc1,
3414
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc2,
3415
                                                        UINT32      nDigits,
3416
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32     pDst );
3417
3418
VOID
3419
SYMCRYPT_CALL
3420
SymCryptFdefRawSquare512Asm(
3421
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc,
3422
                                                        UINT32      nDigits,
3423
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32     pDst );
3424
3425
VOID
3426
SYMCRYPT_CALL
3427
SymCryptFdefRawMul1024Asm(
3428
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc1,
3429
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc2,
3430
                                                        UINT32      nDigits,
3431
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32     pDst );
3432
3433
VOID
3434
SYMCRYPT_CALL
3435
SymCryptFdefRawSquare1024Asm(
3436
    _In_reads_(nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32)     PCUINT32    pSrc,
3437
                                                        UINT32      nDigits,
3438
    _Out_writes_(2*nDigits*SYMCRYPT_FDEF_DIGIT_NUINT32) PUINT32     pDst );
3439
3440
VOID
3441
SYMCRYPT_CALL
3442
SymCryptFdefMontgomeryReduceAsm(
3443
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3444
    _Inout_                         PUINT32                 pSrc,
3445
    _Out_                           PUINT32                 pDst );
3446
3447
VOID
3448
SYMCRYPT_CALL
3449
SymCryptFdefMontgomeryReduce256Asm(
3450
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3451
    _Inout_                         PUINT32                 pSrc,
3452
    _Out_                           PUINT32                 pDst );
3453
3454
VOID
3455
SYMCRYPT_CALL
3456
SymCryptFdefMontgomeryReduce512Asm(
3457
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3458
    _Inout_                         PUINT32                 pSrc,
3459
    _Out_                           PUINT32                 pDst );
3460
3461
VOID
3462
SYMCRYPT_CALL
3463
SymCryptFdefMontgomeryReduce1024Asm(
3464
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3465
    _Inout_                         PUINT32                 pSrc,
3466
    _Out_                           PUINT32                 pDst );
3467
3468
VOID
3469
SYMCRYPT_CALL
3470
SymCryptFdef369MontgomeryReduce(
3471
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3472
    _Inout_                         PUINT32                 pSrc,
3473
    _Out_                           PUINT32                 pDst );
3474
3475
VOID
3476
SYMCRYPT_CALL
3477
SymCryptFdef369MontgomeryReduceAsm(
3478
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3479
    _Inout_                         PUINT32                 pSrc,
3480
    _Out_                           PUINT32                 pDst );
3481
3482
VOID
3483
SYMCRYPT_CALL
3484
SymCryptFdefMontgomeryReduceMulx(
3485
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3486
    _Inout_                         PUINT32                 pSrc,
3487
    _Out_                           PUINT32                 pDst );
3488
3489
VOID
3490
SYMCRYPT_CALL
3491
SymCryptFdefMontgomeryReduceMulx1024(
3492
    _In_                            PCSYMCRYPT_MODULUS      pmMod,
3493
    _Inout_                         PUINT32                 pSrc,
3494
    _Out_                           PUINT32                 pDst );
3495
3496
3497
//=====================================================
3498
// Current state of FIPS tests for asymmetric keys
3499
//=====================================================
3500
3501
// --------------------------------------------------------------------
3502
// Key type |       |
3503
//     &    | Alg   | Description
3504
// Operation|       |
3505
// --------------------------------------------------------------------
3506
// Dlkey    | DH    | Requires use of named safe-prime group (otherwise we cannot perform private
3507
// Generate |       | key range check, or public key order validation).
3508
//          |       |
3509
//          |       | From SP800-56Ar3:
3510
//          |       | Check private key is in the range [1, min(2^nBitsPriv, q)-1]
3511
//          |       |   nBitsPriv is specified either using a default value or using
3512
//          |       |   SymCryptDlkeySetPrivateKeyLength, such that 2s <= nBitsPriv <= nBitsOfQ.
3513
//          |       |   (s is the maximum security strength for a named safe-prime group as
3514
//          |       |   specified in SP800 - 56arev3)
3515
//          |       | Check public key is in the range [2, p-2]
3516
//          |       | Check that (Public key)^q == 1 mod p
3517
//          |       |
3518
//          |       | FIPS 140-3 does not require a further PCT before first use of the key.
3519
//          |-----------------------------------------------------------
3520
//          | DSA   | Requires use of a Dlgroup which has q, but is not a named safe-prime group.
3521
//          |       |
3522
//          |       | FIPS 186-4 and SP800-89 do not require DSA keypair owners to perform
3523
//          |       | validation of keypairs they generate.
3524
//          |       |
3525
//          |       | FIPS 140-3 requires that a module generating a Dlkey keypair for use in DSA
3526
//          |       | must perform a PCT on the keypair before first operational use in DSA.
3527
//          |       | As the Dlgroups supported by FIPS are distinct for DH and DSA, we can perform
3528
//          |       | this PCT on key generation without fear of adverse performance.
3529
// --------------------------------------------------------------------
3530
// Dlkey    | DH    | Requires use of named safe-prime group (otherwise we cannot perform private
3531
// SetValue |       | key range check, or public key order validation).
3532
//          |       |
3533
//          |       | From SP800-56Ar3:
3534
//          |       | If importing a private key:
3535
//          |       |   Check private key is in the range [1, min(2^nBitsPriv, q)-1]
3536
//          |       |     nBitsPriv is specified either using a default value or using
3537
//          |       |     SymCryptDlkeySetPrivateKeyLength, such that 2s <= nBitsPriv <= nBitsOfQ.
3538
//          |       |     (s is the maximum security strength for a named safe-prime group as
3539
//          |       |     specified in SP800-56Arev3)
3540
//          |       |
3541
//          |       | If importing a public key:
3542
//          |       |   Check public key is in the range [2, p-2]
3543
//          |       |   Check that (Public key)^q == 1 mod p
3544
//          |       |
3545
//          |       | If importing both a private and public key, as above and also:
3546
//          |       |   Use the imported Private key to generate a Public key, and check the
3547
//          |       |   generated Public key is equal to the imported Public key.
3548
//          |-----------------------------------------------------------
3549
//          | DSA   | Requires use of a Dlgroup which is not a named safe-prime group.
3550
//          |       |
3551
//          |       | FIPS 184-4 refers to SP800-89:
3552
//          |       | If importing a public key:
3553
//          |       |   Check public key is in the range [2, p-2]
3554
//          |       |   Check that (Public key)^q == 1 mod p
3555
//          |       | If importing a private and public key:
3556
//          |       |   Use the imported Private key to generate a Public key, and check the
3557
//          |       |   generated Public key is equal to the imported Public key.
3558
// --------------------------------------------------------------------
3559
// Eckey    | ECDH  | Requires use of a NIST prime Elliptic Curve (P224, P256, P384, or P521)
3560
// SetRandom|       |
3561
//          |       | From SP800-56Ar3:
3562
//          |       | Check private key is in range [1, GOrd-1]
3563
//          |       | Check public key is nonzero, has coordinates in the underlying field, and is a
3564
//          |       | point on the curve
3565
//          |       | Check that GOrd*(Public key) == O
3566
//          |       |
3567
//          |       | FIPS 140-3 does not require a further PCT before first use of the key
3568
//          |----------------------------------------------------------
3569
//          | ECDSA | Requires use of a NIST prime Elliptic Curve (P224, P256, P384, or P521)
3570
//          |       |
3571
//          |       | FIPS 186-4 and SP800-89 do not require ECDSA keypair owners to perform
3572
//          |       | validation of keypairs they generate.
3573
//          |       |
3574
//          |       | FIPS 140-3 requires that a module generating an Eckey keypair for use in ECDSA
3575
//          |       | must perform a PCT on the keypair before first operational use in ECDSA.
3576
//          |       | As the Elliptic curves used in ECDH and ECDSA are the same, an Eckey may be
3577
//          |       | used for both ECDH and ECDSA. We defer the ECDSA PCT from the EckeySetRandom
3578
//          |       | call to the first use of EcDsaSign, or the first export of the keypair.
3579
// --------------------------------------------------------------------
3580
// Eckey    | ECDH  | Requires use of a NIST prime Elliptic Curve (P224, P256, P384, or P521)
3581
// SetValue |       |
3582
//          |       | From SP800-56Ar3:
3583
//          |       | If importing a private key:
3584
//          |       |   Check private key is in range [1, GOrd-1]
3585
//          |       |
3586
//          |       | If importing a public key:
3587
//          |       |   Check public key is nonzero, has coordinates in the underlying field, and is
3588
//          |       |   a point on the curve
3589
//          |       |   Check that GOrd*(Public key) == O
3590
//          |       |
3591
//          |       | If importing a private and public key:
3592
//          |       |   Use the imported Private key to generate a Public key, and check the
3593
//          |       |   generated Public key is equal to the imported Public key.
3594
//          |----------------------------------------------------------
3595
//          | ECDSA | Requires use of a NIST prime Elliptic Curve (P224, P256, P384, or P521)
3596
//          |       |
3597
//          |       | FIPS 184-4 refers to SP800-89:
3598
//          |       | If importing a public key:
3599
//          |       |   SP800-89 refers to ANS X9.62. Assume same tests required as SP800-56Ar3:
3600
//          |       |   Check public key is nonzero, has coordinates in the underlying field, and is
3601
//          |       |   a point on the curve
3602
//          |       |   Check that GOrd*(Public key) == O
3603
//          |       |
3604
//          |       | If importing a private and public key:
3605
//          |       |   Use the imported Private key to generate a Public key, and check the
3606
//          |       |   generated Public key is equal to the imported Public key.
3607
// --------------------------------------------------------------------
3608
// Rsakey   | RSA   | From FIPS 186-4 (SIGN) and SP800-56Br2 (ENCRYPT for key transport):
3609
// Generate |ENCRYPT| Ensure p and q are in open range (2 ^ ((nBits - 1) / 2), 2 ^ (nBits / 2))
3610
//          | and   | Ensure |p-q| > 2^((nBits/2)-100)
3611
//          | RSA   | Ensure e is coprime with (p-1) and (q-1)
3612
//          | SIGN  | Ensure d is in range [2 ^ (nBits/2) + 1, LCM(p-1,q-1) - 1]
3613
//          |       | Ensure that d*e == 1 mod LCM(p-1,q-1)
3614
//          |       |
3615
//          |       | FIPS 140-3 requires that a module generating an Rsakey keypair for use in an
3616
//          |       | RSA algorithm must perform a PCT on the keypair before first operational use.
3617
//          |       |
3618
//          |       | For ENCRYPT, SP800-56Br2 specifies the PCT to perform as part of key
3619
//          |       | generation is:
3620
//          |       |   Check (m^e)^d == m mod n for some m in range [2, n-2]
3621
//          |       |
3622
//          |       | For SIGN, FIPS 186-4 refers to SP800-89, which does not clearly specify a
3623
//          |       | PCT, but does specify that for an owner to have assurance of Private Key
3624
//          |       | Possession they can sign a message with the private key and validate it with
3625
//          |       | the public key to check they correspond to each other. Notably, this
3626
//          |       | internally will verify (m^d)^e == m mod n for some m (along with testing
3627
//          |       | additional padding logic)
3628
//          |       |
3629
//          |       | FIPS 140-2 explicitly says that only one PCT is required if a keypair may be
3630
//          |       | used in either algorithm, with the module able to choose the PCT.
3631
//          |       | FIPS 140-3 does not say anything specific about only requiring one PCT, but
3632
//          |       | given that mathematically (m^e)^d == (m^ed) == (m^d)^e mod n, our
3633
//          |       | current understanding is that the SIGN PCT works in lieu of the ENCRYPT PCT
3634
//          |       |
3635
//          |       | NOTE: FIPS 140-3 explicitly says that an RSA PCT cannot be used in lieu of an
3636
//          |       | RSA algorithm selftest (CAST)
3637
// --------------------------------------------------------------------
3638
// Rsakey   | RSA   | If importing a keypair (primes and modulus):
3639
// SetValue |ENCRYPT| SP800-56Br2 specifies:
3640
//          |       | Check (m^e)^d mod n == m for some m in range [2, n-2]
3641
//          |       | Check n == p*q
3642
//          |       | Check p and q are in open range (2 ^ ((nBits - 1) / 2), 2 ^ (nBits / 2))
3643
//          |       | Check |p-q| > 2^((nBits/2)-100)
3644
//          |       | Check e is coprime with (p-1) and (q-1)
3645
//          |       | Check p and q are probably prime
3646
//          |       | Check d is in range [2 ^ (nBits/2) + 1, LCM(p-1,q-1) - 1]
3647
//          |       | Check that d*e == 1 mod LCM(p-1,q-1)
3648
//          |       |
3649
//          |       | If importing a public key (only modulus):
3650
//          |       | SP800-56Br2, refers to SP800-89 which details the following Partial Public Key
3651
//          |       | Validation:
3652
//          |       | Check n is odd
3653
//          |       | Check n is not a prime or a power of a prime
3654
//          |       | Check n has no factors smaller than 752
3655
//          |----------------------------------------------------------
3656
//          | RSA   | FIPS 186-4 refers only to SP800-89 which has weaker tests for a keypair than
3657
//          | SIGN  | SP800-56Br2 (i.e. success at SP800-56Br2 tests implies success in SP800-89)
3658
//          |       | The current strategy will be to always perform the stronger tests.
3659
// --------------------------------------------------------------------
3660
3661
// Macro for executing a Cryptographic Algorithm Self-Test (CAST) and setting the corresponding
3662
// flag. These selftests must be run once per algorithm before the algorithm is used. For algorithms
3663
// like hashing and symmetric encryption which have a low performance cost, we run the CASTs when
3664
// the module is loaded. For asymmetric algorithms, we defer the CASTs until the first use of the
3665
// algorithm; hence we need flags to keep track of which CASTs have been run.
3666
788
#define SYMCRYPT_RUN_SELFTEST_ONCE(AlgorithmSelftestFunction, AlgorithmSelftestFlag) \
3667
788
if( ( g_SymCryptFipsSelftestsPerformed & AlgorithmSelftestFlag ) == 0 ) \
3668
5
{ \
3669
5
    AlgorithmSelftestFunction( ); \
3670
5
    SYMCRYPT_ATOMIC_OR32_PRE_RELAXED( &g_SymCryptFipsSelftestsPerformed, AlgorithmSelftestFlag ); \
3671
5
}
3672
3673
// Macro for executing a pairwise consistency test on a key and setting the per-key selftest flag.
3674
// Typically PCTs must be run for each key before the key is first used or exported, but the
3675
// specific requirements vary between algorithms.
3676
//
3677
// Note that a PCT is not considered a CAST and thus does not satisfy the aforementioned requirement
3678
// for algorithm selftests.
3679
0
#define SYMCRYPT_RUN_KEY_PCT(KeySelftestFunction, Key, KeySelftestFlag) \
3680
0
if( ( Key->fAlgorithmInfo & (KeySelftestFlag | SYMCRYPT_FLAG_KEY_NO_FIPS) ) == 0 ) \
3681
0
{ \
3682
0
    KeySelftestFunction( Key ); \
3683
0
    SYMCRYPT_ATOMIC_OR32_PRE_RELAXED(&Key->fAlgorithmInfo, KeySelftestFlag); \
3684
0
}
3685
3686
// Macro to check flag used in fAlgorithmInfo is non-zero and a power of 2
3687
#define CHECK_ALGORITHM_INFO_FLAG_POW2( flag ) \
3688
    C_ASSERT( (flag != 0) && ((flag & (flag-1)) == 0) );
3689
3690
// Macro to check flags used together in fAlgorithmInfo are distinct
3691
#define CHECK_ALGORITHM_INFO_FLAGS_DISTINCT( flag0, flag1, flag2, flag3, flag4 ) \
3692
    C_ASSERT( (flag0 < flag1) && (flag1 < flag2) && (flag2 < flag3) && (flag3 < flag4) );
3693
3694
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_PCT_DSA);
3695
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_PCT_ECDSA);
3696
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_PCT_RSA_SIGN);
3697
3698
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_KEY_NO_FIPS);
3699
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_KEY_MINIMAL_VALIDATION);
3700
3701
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_DLKEY_DSA);
3702
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_DLKEY_DH);
3703
3704
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_ECKEY_ECDSA);
3705
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_ECKEY_ECDH);
3706
3707
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_RSAKEY_SIGN);
3708
CHECK_ALGORITHM_INFO_FLAG_POW2(SYMCRYPT_FLAG_RSAKEY_ENCRYPT);
3709
3710
CHECK_ALGORITHM_INFO_FLAGS_DISTINCT(SYMCRYPT_PCT_DSA, SYMCRYPT_FLAG_KEY_NO_FIPS, SYMCRYPT_FLAG_KEY_MINIMAL_VALIDATION, SYMCRYPT_FLAG_DLKEY_DSA, SYMCRYPT_FLAG_DLKEY_DH);
3711
CHECK_ALGORITHM_INFO_FLAGS_DISTINCT(SYMCRYPT_PCT_ECDSA, SYMCRYPT_FLAG_KEY_NO_FIPS, SYMCRYPT_FLAG_KEY_MINIMAL_VALIDATION, SYMCRYPT_FLAG_ECKEY_ECDSA, SYMCRYPT_FLAG_ECKEY_ECDH);
3712
CHECK_ALGORITHM_INFO_FLAGS_DISTINCT(SYMCRYPT_PCT_RSA_SIGN, SYMCRYPT_FLAG_KEY_NO_FIPS, SYMCRYPT_FLAG_KEY_MINIMAL_VALIDATION, SYMCRYPT_FLAG_RSAKEY_SIGN, SYMCRYPT_FLAG_RSAKEY_ENCRYPT);
3713
3714
VOID
3715
SYMCRYPT_CALL
3716
SymCryptRsaSignVerifyPct( PCSYMCRYPT_RSAKEY pkRsakey );
3717
//
3718
// FIPS pairwise consistency test for RSA sign/verify. Fastfails on error.
3719
//
3720
3721
VOID
3722
SYMCRYPT_CALL
3723
SymCryptDsaPct( PCSYMCRYPT_DLKEY pkDlkey );
3724
//
3725
// FIPS pairwise consistency test for DSA sign/verify. Fastfails on error.
3726
//
3727
3728
VOID
3729
SYMCRYPT_CALL
3730
SymCryptEcDsaPct( PCSYMCRYPT_ECKEY pkEckey );
3731
//
3732
// FIPS pairwise consistency test for ECDSA sign/verify. Fastfails on error.
3733
//
3734
3735
typedef struct _SYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS {
3736
    SYMCRYPT_DLGROUP_DH_SAFEPRIMETYPE eDhSafePrimeType;
3737
3738
    PCBYTE  pcbPrimeP;
3739
3740
    UINT32  nBitsOfP;           // nBitsOfQ == nBitsOfP-1
3741
    UINT32  nMinBitsPriv;       // nMinBitsPriv == 2s
3742
                                // s is the maximum security strength supported by the group based on SP800-56Arev3
3743
    UINT32  nDefaultBitsPriv;   // nBitsOfQ >= nDefaultBitsPriv >= nMinBitsPriv
3744
                                // nDefaultBitsPriv will be the default value of nBitsPriv for a Dlkey in this Dlgroup
3745
                                // nBitsPriv is the maximum length of the private key
3746
} SYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS;
3747
typedef const SYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS * PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS;
3748
//
3749
// SYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS is used to specify all the parameters needed for creation
3750
// of a Dlgroup based on a safe-prime group (i.e. p = 2q+1, and g = 2).
3751
// Currently this is used exclusively internally, and the interface for explicitly specifying use of
3752
// safe-prime group in SymCrypt is to use
3753
3754
// Internally supported Safe Prime groups
3755
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsModp2048;
3756
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsModp3072;
3757
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsModp4096;
3758
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsModp6144;
3759
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsModp8192;
3760
3761
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsffdhe2048;
3762
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsffdhe3072;
3763
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsffdhe4096;
3764
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsffdhe6144;
3765
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptDlgroupDhSafePrimeParamsffdhe8192;
3766
3767
0
#define SYMCRYPT_DH_SAFEPRIME_GROUP_COUNT (10)
3768
3769
// Note, we rely on the ordering of the parameters from smallest to largest within each named set of
3770
// safe-prime groups as we iterate through them assuming this order in SymCryptDlgroupSetValueSafePrime
3771
extern const PCSYMCRYPT_DLGROUP_DH_SAFEPRIME_PARAMS SymCryptNamedSafePrimeGroups[SYMCRYPT_DH_SAFEPRIME_GROUP_COUNT];
3772
3773
//
3774
// Definitions for ECurve dispatch functions
3775
//
3776
typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_SET_ZERO_FUNC) (
3777
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3778
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3779
    _Out_writes_bytes_( cbScratch )
3780
            PBYTE               pbScratch,
3781
            SIZE_T              cbScratch );
3782
3783
typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_SET_DISTINGUISHED_FUNC) (
3784
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3785
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3786
    _Out_writes_bytes_( cbScratch )
3787
            PBYTE               pbScratch,
3788
            SIZE_T              cbScratch );
3789
3790
typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_SET_RANDOM_FUNC) (
3791
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3792
    _Out_   PSYMCRYPT_INT       piScalar,
3793
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3794
    _Out_writes_bytes_( cbScratch )
3795
            PBYTE               pbScratch,
3796
            SIZE_T              cbScratch );
3797
3798
typedef UINT32 (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_ISEQUAL_FUNC) (
3799
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3800
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
3801
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
3802
            UINT32              flags,
3803
    _Out_writes_bytes_( cbScratch )
3804
            PBYTE               pbScratch,
3805
            SIZE_T              cbScratch);
3806
3807
typedef UINT32 (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_ONCURVE_FUNC) (
3808
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3809
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
3810
    _Out_writes_bytes_( cbScratch )
3811
            PBYTE               pbScratch,
3812
            SIZE_T              cbScratch );
3813
3814
typedef UINT32 (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_ISZERO_FUNC) (
3815
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3816
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
3817
    _Out_writes_bytes_( cbScratch )
3818
            PBYTE               pbScratch,
3819
            SIZE_T              cbScratch );
3820
3821
typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_ADD_FUNC) (
3822
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3823
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
3824
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
3825
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3826
            UINT32              flags,
3827
    _Out_writes_bytes_( cbScratch )
3828
            PBYTE               pbScratch,
3829
            SIZE_T              cbScratch );
3830
3831
typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_ADD_DIFF_NONZERO_FUNC) (
3832
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3833
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
3834
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
3835
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3836
    _Out_writes_bytes_( cbScratch )
3837
            PBYTE               pbScratch,
3838
            SIZE_T              cbScratch );
3839
3840
typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_DOUBLE_FUNC) (
3841
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3842
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
3843
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3844
            UINT32              flags,
3845
    _Out_writes_bytes_( cbScratch )
3846
            PBYTE               pbScratch,
3847
            SIZE_T              cbScratch );
3848
3849
typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_NEGATE_FUNC) (
3850
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3851
    _Inout_ PSYMCRYPT_ECPOINT   poSrc,
3852
            UINT32              mask,
3853
    _Out_writes_bytes_( cbScratch )
3854
            PBYTE               pbScratch,
3855
            SIZE_T              cbScratch );
3856
3857
typedef SYMCRYPT_ERROR (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_SCALAR_MUL_FUNC) (
3858
    _In_    PCSYMCRYPT_ECURVE       pCurve,
3859
    _In_    PCSYMCRYPT_INT          piScalar,
3860
    _In_opt_
3861
            PCSYMCRYPT_ECPOINT      poSrc,
3862
            UINT32                  flags,
3863
    _Out_   PSYMCRYPT_ECPOINT       poDst,
3864
    _Out_writes_bytes_( cbScratch )
3865
            PBYTE               pbScratch,
3866
            SIZE_T              cbScratch );
3867
3868
typedef SYMCRYPT_ERROR (SYMCRYPT_CALL * PSYMCRYPT_ECPOINT_MULTI_SCALAR_MUL_FUNC) (
3869
    _In_                            PCSYMCRYPT_ECURVE       pCurve,
3870
    _In_reads_( nPoints )           PCSYMCRYPT_INT *        piSrcScalarArray,
3871
    _In_reads_( nPoints )           PCSYMCRYPT_ECPOINT *    poSrcEcpointArray,
3872
                                    UINT32                  nPoints,
3873
                                    UINT32                  flags,
3874
    _Out_                           PSYMCRYPT_ECPOINT       poDst,
3875
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
3876
                                    SIZE_T                  cbScratch  );
3877
3878
typedef struct _SYMCRYPT_ECURVE_FUNCTIONS
3879
{
3880
    PSYMCRYPT_ECPOINT_SET_ZERO_FUNC             setZeroFunc;
3881
    PSYMCRYPT_ECPOINT_SET_DISTINGUISHED_FUNC    setDistinguishedFunc;
3882
    PSYMCRYPT_ECPOINT_SET_RANDOM_FUNC           setRandomFunc;
3883
    PSYMCRYPT_ECPOINT_ISEQUAL_FUNC              isEqualFunc;
3884
    PSYMCRYPT_ECPOINT_ISZERO_FUNC               isZeroFunc;
3885
    PSYMCRYPT_ECPOINT_ONCURVE_FUNC              onCurveFunc;
3886
    PSYMCRYPT_ECPOINT_ADD_FUNC                  addFunc;
3887
    PSYMCRYPT_ECPOINT_ADD_DIFF_NONZERO_FUNC     addDiffFunc;
3888
    PSYMCRYPT_ECPOINT_DOUBLE_FUNC               doubleFunc;
3889
    PSYMCRYPT_ECPOINT_NEGATE_FUNC               negateFunc;
3890
    PSYMCRYPT_ECPOINT_SCALAR_MUL_FUNC           scalarMulFunc;
3891
    PSYMCRYPT_ECPOINT_MULTI_SCALAR_MUL_FUNC     multiScalarMulFunc;
3892
    PVOID                                       slack[4];
3893
} SYMCRYPT_ECURVE_FUNCTIONS, *PSYMCRYPT_ECURVE_FUNCTIONS;
3894
typedef const SYMCRYPT_ECURVE_FUNCTIONS  *PCSYMCRYPT_ECURVE_FUNCTIONS;
3895
3896
553k
#define SYMCRYPT_ECURVE_FUNCTIONS_SIZE    (sizeof( SYMCRYPT_ECURVE_FUNCTIONS ) )
3897
3898
// Check that the size is a power of 2
3899
C_ASSERT( (SYMCRYPT_ECURVE_FUNCTIONS_SIZE & (SYMCRYPT_ECURVE_FUNCTIONS_SIZE-1)) == 0 );
3900
3901
//
3902
// Functions for the each type of curve
3903
//
3904
3905
//--------------------------------------------------------
3906
//--------- Short Weierstrass ----------------------------
3907
//--------------------------------------------------------
3908
3909
extern const PCSYMCRYPT_ECURVE_PARAMS_V2_EXTENSION SymCryptEcurveParamsV2ExtensionShortWeierstrass;
3910
3911
VOID
3912
SYMCRYPT_CALL
3913
SymCryptShortWeierstrassFillScratchSpaces( _In_ PSYMCRYPT_ECURVE pCurve );
3914
3915
VOID
3916
SYMCRYPT_CALL
3917
SymCryptShortWeierstrassSetZero(
3918
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3919
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3920
    _Out_writes_bytes_( cbScratch )
3921
            PBYTE               pbScratch,
3922
            SIZE_T              cbScratch );
3923
3924
VOID
3925
SYMCRYPT_CALL
3926
SymCryptShortWeierstrassSetDistinguished(
3927
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3928
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3929
    _Out_writes_bytes_( cbScratch )
3930
            PBYTE               pbScratch,
3931
            SIZE_T              cbScratch );
3932
3933
UINT32
3934
SYMCRYPT_CALL
3935
SymCryptShortWeierstrassIsEqual(
3936
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3937
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
3938
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
3939
            UINT32              flags,
3940
    _Out_writes_bytes_( cbScratch )
3941
            PBYTE               pbScratch,
3942
            SIZE_T              cbScratch );
3943
3944
UINT32
3945
SYMCRYPT_CALL
3946
SymCryptShortWeierstrassIsZero(
3947
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3948
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
3949
    _Out_writes_bytes_( cbScratch )
3950
            PBYTE               pbScratch,
3951
            SIZE_T              cbScratch );
3952
3953
UINT32
3954
SYMCRYPT_CALL
3955
SymCryptShortWeierstrassOnCurve(
3956
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3957
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
3958
    _Out_writes_bytes_( cbScratch )
3959
            PBYTE               pbScratch,
3960
            SIZE_T              cbScratch );
3961
3962
VOID
3963
SYMCRYPT_CALL
3964
SymCryptShortWeierstrassAdd(
3965
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3966
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
3967
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
3968
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3969
            UINT32              flags,
3970
    _Out_writes_bytes_( cbScratch )
3971
            PBYTE               pbScratch,
3972
            SIZE_T              cbScratch );
3973
3974
VOID
3975
SYMCRYPT_CALL
3976
SymCryptShortWeierstrassAddDiffNonZero(
3977
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3978
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
3979
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
3980
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3981
    _Out_writes_bytes_( cbScratch )
3982
            PBYTE               pbScratch,
3983
            SIZE_T              cbScratch );
3984
3985
VOID
3986
SYMCRYPT_CALL
3987
SymCryptShortWeierstrassDouble(
3988
    _In_    PCSYMCRYPT_ECURVE   pCurve,
3989
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
3990
    _Out_   PSYMCRYPT_ECPOINT   poDst,
3991
            UINT32              flags,
3992
    _Out_writes_bytes_( cbScratch )
3993
            PBYTE               pbScratch,
3994
            SIZE_T              cbScratch );
3995
3996
VOID
3997
SYMCRYPT_CALL
3998
SymCryptShortWeierstrassNegate(
3999
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4000
    _Inout_ PSYMCRYPT_ECPOINT   poSrc,
4001
            UINT32              mask,
4002
    _Out_writes_bytes_( cbScratch )
4003
            PBYTE               pbScratch,
4004
            SIZE_T              cbScratch );
4005
4006
VOID
4007
SYMCRYPT_CALL
4008
SymCryptShortWeierstrassDoubleSpecializedAm3(
4009
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4010
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
4011
    _Out_   PSYMCRYPT_ECPOINT   poDst,
4012
            UINT32              flags,
4013
    _Out_writes_bytes_( cbScratch )
4014
            PBYTE               pbScratch,
4015
            SIZE_T              cbScratch );
4016
4017
//--------------------------------------------------------
4018
//--------- Twisted Edwards ------------------------------
4019
//--------------------------------------------------------
4020
4021
extern const PCSYMCRYPT_ECURVE_PARAMS_V2_EXTENSION SymCryptEcurveParamsV2ExtensionTwistedEdwards;
4022
4023
VOID
4024
SYMCRYPT_CALL
4025
SymCryptTwistedEdwardsFillScratchSpaces( _In_ PSYMCRYPT_ECURVE pCurve );
4026
4027
VOID
4028
SYMCRYPT_CALL
4029
SymCryptTwistedEdwardsSetDistinguished(
4030
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4031
    _Out_   PSYMCRYPT_ECPOINT   poDst,
4032
    _Out_writes_bytes_( cbScratch )
4033
            PBYTE               pbScratch,
4034
            SIZE_T              cbScratch);
4035
4036
VOID
4037
SYMCRYPT_CALL
4038
SymCryptTwistedEdwardsAdd(
4039
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4040
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
4041
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
4042
    _Out_   PSYMCRYPT_ECPOINT   poDst,
4043
            UINT32              flags,
4044
    _Out_writes_bytes_( cbScratch )
4045
            PBYTE               pbScratch,
4046
            SIZE_T              cbScratch );
4047
4048
VOID
4049
SYMCRYPT_CALL
4050
SymCryptTwistedEdwardsAddDiffNonZero(
4051
     _In_   PCSYMCRYPT_ECURVE   pCurve,
4052
     _In_   PCSYMCRYPT_ECPOINT  poSrc1,
4053
     _In_   PCSYMCRYPT_ECPOINT  poSrc2,
4054
     _Out_  PSYMCRYPT_ECPOINT   poDst,
4055
     _Out_writes_bytes_( cbScratch )
4056
            PBYTE               pbScratch,
4057
            SIZE_T              cbScratch );
4058
4059
VOID
4060
SYMCRYPT_CALL
4061
SymCryptTwistedEdwardsDouble(
4062
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4063
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
4064
    _Out_   PSYMCRYPT_ECPOINT   poDst,
4065
            UINT32              flags,
4066
    _Out_writes_bytes_( cbScratch )
4067
            PBYTE               pbScratch,
4068
            SIZE_T              cbScratch);
4069
4070
UINT32
4071
SYMCRYPT_CALL
4072
SymCryptTwistedEdwardsIsEqual(
4073
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4074
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
4075
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
4076
            UINT32              flags,
4077
    _Out_writes_bytes_( cbScratch )
4078
            PBYTE               pbScratch,
4079
            SIZE_T              cbScratch);
4080
4081
UINT32
4082
SYMCRYPT_CALL
4083
SymCryptTwistedEdwardsOnCurve(
4084
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4085
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
4086
    _Out_writes_bytes_( cbScratch )
4087
            PBYTE               pbScratch,
4088
            SIZE_T              cbScratch);
4089
4090
UINT32
4091
SYMCRYPT_CALL
4092
SymCryptTwistedEdwardsIsZero(
4093
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4094
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
4095
    _Out_writes_bytes_( cbScratch )
4096
            PBYTE               pbScratch,
4097
            SIZE_T              cbScratch);
4098
4099
VOID
4100
SYMCRYPT_CALL
4101
SymCryptTwistedEdwardsSetZero(
4102
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4103
    _Out_   PSYMCRYPT_ECPOINT   poDst,
4104
    _Out_writes_bytes_( cbScratch )
4105
            PBYTE               pbScratch,
4106
            SIZE_T              cbScratch);
4107
4108
VOID
4109
SYMCRYPT_CALL
4110
SymCryptTwistedEdwardsNegate(
4111
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4112
    _Inout_ PSYMCRYPT_ECPOINT   poSrc,
4113
            UINT32              mask,
4114
    _Out_writes_bytes_( cbScratch )
4115
            PBYTE               pbScratch,
4116
            SIZE_T              cbScratch );
4117
4118
//--------------------------------------------------------
4119
//--------- Montgomery -----------------------------------
4120
//--------------------------------------------------------
4121
4122
extern const PCSYMCRYPT_ECURVE_PARAMS_V2_EXTENSION SymCryptEcurveParamsV2ExtensionMontgomery;
4123
4124
VOID
4125
SYMCRYPT_CALL
4126
SymCryptMontgomeryFillScratchSpaces( _In_ PSYMCRYPT_ECURVE pCurve );
4127
4128
VOID
4129
SYMCRYPT_CALL
4130
SymCryptMontgomerySetDistinguished(
4131
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4132
    _Out_   PSYMCRYPT_ECPOINT   poDst,
4133
    _Out_writes_bytes_( cbScratch )
4134
            PBYTE               pbScratch,
4135
            SIZE_T              cbScratch );
4136
4137
UINT32
4138
SYMCRYPT_CALL
4139
SymCryptMontgomeryIsEqual(
4140
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4141
    _In_    PCSYMCRYPT_ECPOINT  poSrc1,
4142
    _In_    PCSYMCRYPT_ECPOINT  poSrc2,
4143
            UINT32              flags,
4144
    _Out_writes_bytes_( cbScratch )
4145
            PBYTE               pbScratch,
4146
            SIZE_T              cbScratch);
4147
4148
UINT32
4149
SYMCRYPT_CALL
4150
SymCryptMontgomeryIsZero(
4151
    _In_    PCSYMCRYPT_ECURVE   pCurve,
4152
    _In_    PCSYMCRYPT_ECPOINT  poSrc,
4153
    _Out_writes_bytes_( cbScratch )
4154
            PBYTE               pbScratch,
4155
            SIZE_T              cbScratch );
4156
4157
SYMCRYPT_ERROR
4158
SYMCRYPT_CALL
4159
SymCryptMontgomeryPointScalarMul(
4160
    _In_    PCSYMCRYPT_ECURVE       pCurve,
4161
    _In_    PCSYMCRYPT_INT          piScalar,
4162
    _In_opt_
4163
            PCSYMCRYPT_ECPOINT      poSrc,
4164
            UINT32                  flags,
4165
    _Out_   PSYMCRYPT_ECPOINT       poDst,
4166
    _Out_writes_bytes_( cbScratch )
4167
            PBYTE               pbScratch,
4168
            SIZE_T              cbScratch );
4169
4170
//--------------------------------------------------------
4171
//--------- Generic multiplication-related functions -----
4172
//--------------------------------------------------------
4173
4174
VOID
4175
SYMCRYPT_CALL
4176
SymCryptOfflinePrecomputation(
4177
    _In_ PSYMCRYPT_ECURVE pCurve,
4178
    _Out_writes_bytes_( cbScratch )
4179
            PBYTE         pbScratch,
4180
            SIZE_T        cbScratch );
4181
4182
SYMCRYPT_ERROR
4183
SYMCRYPT_CALL
4184
SymCryptEcpointScalarMulFixedWindow(
4185
    _In_    PCSYMCRYPT_ECURVE       pCurve,
4186
    _In_    PCSYMCRYPT_INT          piScalar,
4187
    _In_opt_
4188
            PCSYMCRYPT_ECPOINT      poSrc,
4189
            UINT32                  flags,
4190
    _Out_   PSYMCRYPT_ECPOINT       poDst,
4191
    _Out_writes_bytes_( cbScratch )
4192
            PBYTE               pbScratch,
4193
            SIZE_T              cbScratch );
4194
4195
SYMCRYPT_ERROR
4196
SYMCRYPT_CALL
4197
SymCryptEcpointMultiScalarMulWnafWithInterleaving(
4198
    _In_                            PCSYMCRYPT_ECURVE       pCurve,
4199
    _In_reads_( nPoints )           PCSYMCRYPT_INT *        piSrcScalarArray,
4200
    _In_reads_( nPoints )           PCSYMCRYPT_ECPOINT *    poSrcEcpointArray,
4201
                                    UINT32                  nPoints,
4202
                                    UINT32                  flags,
4203
    _Out_                           PSYMCRYPT_ECPOINT       poDst,
4204
    _Out_writes_bytes_( cbScratch ) PBYTE                   pbScratch,
4205
                                    SIZE_T                  cbScratch );
4206
4207
VOID
4208
SYMCRYPT_CALL
4209
SymCryptEcpointGenericSetRandom(
4210
    _In_                            PCSYMCRYPT_ECURVE   pCurve,
4211
    _Out_                           PSYMCRYPT_INT       piScalar,
4212
    _Out_                           PSYMCRYPT_ECPOINT   poDst,
4213
    _Out_writes_bytes_( cbScratch ) PBYTE               pbScratch,
4214
                                    SIZE_T              cbScratch );
4215
//--------------------------------------------------------
4216
//--------------------------------------------------------
4217
4218
// Table with the number of field elements for each point format (in ecpoint.c)
4219
extern const UINT32 SymCryptEcpointFormatNumberofElements[4];
4220
4221
UINT32
4222
SYMCRYPT_CALL
4223
SymCryptSizeofEcpointEx(
4224
    UINT32 cbModElement,
4225
    UINT32 numOfCoordinates );
4226
4227
4228
PCSYMCRYPT_TRIALDIVISION_CONTEXT
4229
SYMCRYPT_CALL
4230
SymCryptFdefCreateTrialDivisionContext( UINT32 nDigits );
4231
4232
UINT32
4233
SYMCRYPT_CALL
4234
SymCryptFdefIntFindSmallDivisor(
4235
    _In_                            PCSYMCRYPT_TRIALDIVISION_CONTEXT    pContext,
4236
    _In_                            PCSYMCRYPT_INT                      piSrc,
4237
    _Out_writes_bytes_( cbScratch ) PBYTE                               pbScratch,
4238
                                    SIZE_T                              cbScratch );
4239
4240
VOID
4241
SYMCRYPT_CALL
4242
SymCryptFdefFreeTrialDivisionContext( PCSYMCRYPT_TRIALDIVISION_CONTEXT pContext );
4243
4244
UINT64
4245
SymCryptInverseMod2e64( UINT64 m );
4246
4247
4248
//--------------------------------------------------------
4249
//--------------------------------------------------------
4250
4251
// Recoding algorithms
4252
VOID
4253
SYMCRYPT_CALL
4254
SymCryptFixedWindowRecoding(
4255
            UINT32          W,
4256
    _Inout_ PSYMCRYPT_INT   piK,
4257
    _Inout_ PSYMCRYPT_INT   piTmp,
4258
    _Out_writes_( nRecodedDigits )
4259
            PUINT32         absofKIs,
4260
    _Out_writes_( nRecodedDigits )
4261
            PUINT32         sigofKIs,
4262
            UINT32          nRecodedDigits );
4263
4264
VOID
4265
SYMCRYPT_CALL
4266
SymCryptWidthNafRecoding(
4267
            UINT32          W,
4268
    _Inout_ PSYMCRYPT_INT   piK,
4269
    _Out_writes_( nRecodedDigits )
4270
            PUINT32         absofKIs,
4271
    _Out_writes_( nRecodedDigits )
4272
            PUINT32         sigofKIs,
4273
            UINT32          nRecodedDigits );
4274
4275
VOID
4276
SYMCRYPT_CALL
4277
SymCryptPositiveWidthNafRecoding(
4278
            UINT32          W,
4279
    _In_    PCSYMCRYPT_INT  piK,
4280
            UINT32          nBitsExp,
4281
    _Out_writes_( nRecodedDigits )
4282
            PUINT32         absofKIs,
4283
            UINT32          nRecodedDigits );
4284
4285
// ML-KEM internal function definitions are in their own header
4286
#include "sc_lib_mlkem.h"
4287
4288
4289
//
4290
// XMSS
4291
//
4292
4293
//
4294
// ADRS structure definitions as specified in RFC 8391
4295
//
4296
typedef enum _XMSS_ADRS_TYPE
4297
{
4298
    XMSS_ADRS_TYPE_OTS          = 0,
4299
    XMSS_ADRS_TYPE_LTREE        = 1,
4300
    XMSS_ADRS_TYPE_HASH_TREE    = 2,
4301
} XMSS_ADRS_TYPE;
4302
4303
typedef struct _XMSS_OTS_ADDRESS
4304
{
4305
    BYTE  en32Leaf[4];
4306
    BYTE  en32Chain[4];
4307
    BYTE  en32Hash[4];
4308
} XMSS_OTS_ADDRESS, *PXMSS_OTS_ADDRESS;
4309
4310
typedef struct _XMSS_LTREE_ADDRESS
4311
{
4312
    BYTE  en32Leaf[4];
4313
    BYTE  en32Height[4];
4314
    BYTE  en32Index[4];
4315
} XMSS_LTREE_ADDRESS, * PXMSS_LTREE_ADDRESS;
4316
4317
typedef struct _XMSS_HASHTREE_ADDRESS
4318
{
4319
    BYTE  padding[4];
4320
    BYTE  en32Height[4];
4321
    BYTE  en32Index[4];
4322
} XMSS_HASHTREE_ADDRESS, * PXMSS_HASHTREE_ADDRESS;
4323
4324
typedef struct _XMSS_ADRS
4325
{
4326
    BYTE  en32Layer[4];
4327
    BYTE  en64Tree[8];
4328
    BYTE  en32Type[4];
4329
4330
    union {
4331
        XMSS_OTS_ADDRESS        ots;
4332
        XMSS_LTREE_ADDRESS      ltree;
4333
        XMSS_HASHTREE_ADDRESS   hashtree;
4334
    } u;
4335
4336
    BYTE  en32KeyAndMask[4];
4337
4338
} XMSS_ADRS, *PXMSS_ADRS;
4339
4340
4341
typedef SYMCRYPT_ASYM_ALIGN_STRUCT _SYMCRYPT_XMSS_KEY
4342
{
4343
    UINT32  version;
4344
4345
    SYMCRYPT_XMSS_PARAMS params;
4346
4347
    SYMCRYPT_XMSSKEY_TYPE keyType;
4348
4349
    // Public key
4350
    BYTE    Root[SYMCRYPT_HASH_MAX_RESULT_SIZE];
4351
    BYTE    Seed[SYMCRYPT_HASH_MAX_RESULT_SIZE];
4352
4353
    SYMCRYPT_MAGIC_FIELD
4354
        
4355
    // Private key
4356
    SYMCRYPT_ALIGN_AT(16) UINT64  Idx;  // Aligning on 16-bytes to supress clang warning
4357
                                        // when atomic increment is performed on it.
4358
    BYTE    SkXmss[SYMCRYPT_HASH_MAX_RESULT_SIZE];
4359
    BYTE    SkPrf[SYMCRYPT_HASH_MAX_RESULT_SIZE];
4360
4361
} SYMCRYPT_XMSS_KEY;
4362
4363
typedef SYMCRYPT_XMSS_KEY* PSYMCRYPT_XMSS_KEY;
4364
4365
4366
SYMCRYPT_ERROR
4367
SYMCRYPT_CALL
4368
SymCryptXmssComputePublicRoot(
4369
    _In_                            PCSYMCRYPT_XMSS_PARAMS  pParams,
4370
    _In_reads_bytes_( cbSeed )      PCBYTE                  pbSeed,
4371
                                    SIZE_T                  cbSeed,
4372
    _In_reads_bytes_( cbSkXmss )    PCBYTE                  pbSkXmss,
4373
                                    SIZE_T                  cbSkXmss,
4374
    _Out_writes_bytes_( cbRoot )    PBYTE                   pbRoot,
4375
                                    SIZE_T                  cbRoot );
4376
//
4377
//  Compute public root value from SEED and SK_XMSS
4378
//
4379
4380
SYMCRYPT_ERROR
4381
SYMCRYPT_CALL
4382
SymCryptXmsskeyVerifyRoot(
4383
    _In_    PCSYMCRYPT_XMSS_KEY pKey );
4384
//
4385
// Verifies that the public root matches the private key by recomputing it
4386
//
4387
4388
4389
VOID
4390
SYMCRYPT_CALL
4391
SymCryptHbsGetWinternitzLengths(
4392
            UINT32  n,      // data size in bytes
4393
            UINT32  w,      // digit length in bits (Winternitz coefficient)
4394
    _Out_   PUINT32 puLen1, // number of w-bit digits in n
4395
    _Out_   PUINT32 puLen2  // number of w-bit digits to store the checksum len1 * (2^w - 1)
4396
    );
4397
4398
typedef struct _SYMCRYPT_TREEHASH_NODE
4399
{
4400
    UINT32  index;
4401
    UINT32  height;
4402
    BYTE    value[SYMCRYPT_ANYSIZE_ARRAY];
4403
} SYMCRYPT_TREEHASH_NODE, * PSYMCRYPT_TREEHASH_NODE;
4404
4405
#define SYMCRYPT_SIZEOF_TREEHASH_NODE(cbValue) (sizeof(SYMCRYPT_TREEHASH_NODE) - 1 + (cbValue))
4406
4407
#define SYMCRYPT_TREEHASH_NODE_GET(aNodes, cbValue, i) ((PSYMCRYPT_TREEHASH_NODE)((PBYTE)(aNodes) + (i) * SYMCRYPT_SIZEOF_TREEHASH_NODE(cbValue)))
4408
4409
4410
typedef struct _SYMCRYPT_XMSS_INCREMENTAL_TREEHASH_CONTEXT
4411
{
4412
    PCSYMCRYPT_XMSS_PARAMS  pParams;
4413
    PCBYTE                  pbSeed;
4414
    XMSS_ADRS               adrs;
4415
4416
} SYMCRYPT_XMSS_INCREMENTAL_TREEHASH_CONTEXT, * PSYMCRYPT_XMSS_INCREMENTAL_TREEHASH_CONTEXT;
4417
4418
4419
typedef
4420
VOID
4421
(SYMCRYPT_CALL *PSYMCRYPT_INCREMENTAL_TREEHASH_FUNC)(
4422
    _In_    PSYMCRYPT_TREEHASH_NODE pNodeLeft,
4423
    _In_    PSYMCRYPT_TREEHASH_NODE pNodeRight,
4424
    _Out_   PSYMCRYPT_TREEHASH_NODE pNodeOut,
4425
    _Inout_ PSYMCRYPT_XMSS_INCREMENTAL_TREEHASH_CONTEXT pContext );
4426
4427
4428
typedef struct _SYMCRYPT_INCREMENTAL_TREEHASH
4429
{
4430
    UINT32 cbNode;      // node size; height + hash result
4431
    UINT32 nSize;       // current size of the stack
4432
    UINT32 nCapacity;   // maximum items
4433
    UINT32 nLastLeafIndex;
4434
    PSYMCRYPT_INCREMENTAL_TREEHASH_FUNC funcCompressNodes;
4435
    PSYMCRYPT_XMSS_INCREMENTAL_TREEHASH_CONTEXT pContext;
4436
4437
    SYMCRYPT_TREEHASH_NODE arrNodes[SYMCRYPT_ANYSIZE_ARRAY];
4438
4439
} SYMCRYPT_INCREMENTAL_TREEHASH, *PSYMCRYPT_INCREMENTAL_TREEHASH;
4440
4441
4442
PSYMCRYPT_INCREMENTAL_TREEHASH
4443
SYMCRYPT_CALL
4444
SymCryptHbsIncrementalTreehashInit(
4445
    UINT32  nLeaves,
4446
    PBYTE   pbBuffer,
4447
    SIZE_T  cbBuffer,
4448
    UINT32  cbHashResult,
4449
    PSYMCRYPT_INCREMENTAL_TREEHASH_FUNC funcCompressNodes,
4450
    PSYMCRYPT_XMSS_INCREMENTAL_TREEHASH_CONTEXT pContext);
4451
4452
PSYMCRYPT_TREEHASH_NODE
4453
SYMCRYPT_CALL
4454
SymCryptHbsIncrementalTreehashGetNode(
4455
    _In_ PSYMCRYPT_INCREMENTAL_TREEHASH pIncHash,
4456
         SIZE_T                         index );
4457
4458
PSYMCRYPT_TREEHASH_NODE
4459
SYMCRYPT_CALL
4460
SymCryptHbsIncrementalTreehashAllocNode(
4461
    _Inout_ PSYMCRYPT_INCREMENTAL_TREEHASH  pIncHash,
4462
            UINT32                          nLeafIndex );
4463
4464
VOID
4465
SYMCRYPT_CALL
4466
SymCryptHbsIncrementalTreehashGetTopNodes(
4467
    _Inout_ PSYMCRYPT_INCREMENTAL_TREEHASH  pIncHash,
4468
    _Out_   PSYMCRYPT_TREEHASH_NODE         *ppNodeLeft,
4469
    _Out_   PSYMCRYPT_TREEHASH_NODE         *ppNodeRight );
4470
4471
PSYMCRYPT_TREEHASH_NODE
4472
SYMCRYPT_CALL
4473
SymCryptHbsIncrementalTreehashProcessCommon(
4474
    _Inout_ PSYMCRYPT_INCREMENTAL_TREEHASH  pIncHash,
4475
            BOOLEAN                         fFinal );
4476
4477
PSYMCRYPT_TREEHASH_NODE
4478
SYMCRYPT_CALL
4479
SymCryptHbsIncrementalTreehashProcess(
4480
    _Inout_ PSYMCRYPT_INCREMENTAL_TREEHASH pIncHash);
4481
4482
PSYMCRYPT_TREEHASH_NODE
4483
SYMCRYPT_CALL
4484
SymCryptHbsIncrementalTreehashFinalize(
4485
    _Inout_ PSYMCRYPT_INCREMENTAL_TREEHASH  pIncHash);
4486
4487
UINT32
4488
SYMCRYPT_CALL
4489
SymCryptHbsIncrementalTreehashStackDepth(
4490
    UINT32 nLeaves);
4491
4492
SIZE_T
4493
SYMCRYPT_CALL
4494
SymCryptHbsSizeofScratchBytesForIncrementalTreehash(
4495
    UINT32  cbNode,
4496
    UINT32  nLeaves);
4497
4498
// Atomics.
4499
//
4500
// We define all our SymCrypt atomics below. Different compilers/environments have different
4501
// intrinsics to handle atomics in different environments.
4502
//
4503
// The SymCrypt atomics take the form SYMCRYPT_ATOMIC_<Operation><Bitsize>_<Return>_<Ordering>
4504
//
4505
// <Operation> is the atomic operation (i.e. LOAD, OR, XOR, AND, ADD, INC, etc.)
4506
// <Bitsize> indicates the bitsize of the values that the atomic operation operates on. Pointers to
4507
// values which atomics operate on must be aligned to the size of the value.
4508
// <Return> takes the value PRE or POST, indicating whether the return value of the atomic is the
4509
// value of the destination before (PRE) or after (POST) the operation was performed. Not used when
4510
// operation is LOAD!
4511
// <Ordering> specifies the memory ordering of the atomic operation in relation to other loads/stores
4512
// and can take one of the following values:
4513
//   RELAXED corresponds to relaxed memory ordering in C++11
4514
//   SEQ_CST corresponds to sequentially consistent memory ordering in C++11
4515
//   ACQUIRE corresponds to acquire memory ordering in C++11
4516
//   RELEASE corresponds to release memory ordering in C++11
4517
//
4518
4519
#if SYMCRYPT_MS_VC
4520
#include <intrin.h>
4521
4522
#if SYMCRYPT_CPU_ARM64
4523
// 64b loads are naturally atomic on Arm64
4524
#define SYMCRYPT_ATOMIC_LOAD64_RELAXED(_dest)           SYMCRYPT_FORCE_READ64(_dest)
4525
#define SYMCRYPT_ATOMIC_OR32_PRE_RELAXED(_dest, _val)   _InterlockedOr_nf( (volatile LONG *)(_dest), (LONG)(_val) )
4526
#define SYMCRYPT_ATOMIC_ADD32_PRE_RELAXED(_dest, _val)  _InterlockedExchangeAdd_nf( (volatile LONG *)(_dest), (LONG)(_val) )
4527
#define SYMCRYPT_ATOMIC_ADD64_POST_RELAXED(_dest, _val) _InterlockedAdd64_nf( (volatile LONG64 *)(_dest), (LONG64)(_val) )
4528
4529
#define SYMCRYPT_ATOMIC_ADD32_POST_SEQ_CST(_dest, _val) _InterlockedAdd( (volatile LONG *)(_dest), (LONG)(_val) )
4530
4531
#define SYMCRYPT_ATOMIC_LOADPTR_ACQUIRE(_dest)          ((PVOID)_InterlockedOr64_acq( (volatile LONG64 *)(_dest), 0 ))
4532
#define SYMCRYPT_ATOMIC_STOREPTR_RELEASE(_dest, _val)   _InterlockedExchangePointer_rel( (volatile PVOID *)(_dest), (PVOID)(_val) )
4533
4534
#elif SYMCRYPT_CPU_ARM
4535
#define SYMCRYPT_ATOMIC_LOAD64_RELAXED(_dest)           _InterlockedOr64_nf( (volatile LONG64 *)(_dest), 0 )
4536
#define SYMCRYPT_ATOMIC_OR32_PRE_RELAXED(_dest, _val)   _InterlockedOr_nf( (volatile LONG *)(_dest), (LONG)(_val) )
4537
#define SYMCRYPT_ATOMIC_ADD32_PRE_RELAXED(_dest, _val)  _InterlockedExchangeAdd_nf( (volatile LONG *)(_dest), (LONG)(_val) )
4538
#define SYMCRYPT_ATOMIC_ADD64_POST_RELAXED(_dest, _val) _InterlockedAdd64_nf( (volatile LONG64 *)(_dest), (LONG64)(_val) )
4539
4540
#define SYMCRYPT_ATOMIC_ADD32_POST_SEQ_CST(_dest, _val) _InterlockedAdd( (volatile LONG *)(_dest), (LONG)(_val) )
4541
4542
#define SYMCRYPT_ATOMIC_LOADPTR_ACQUIRE(_dest)          ((PVOID)_InterlockedOr32_acq( (volatile LONG *)(_dest), 0 ))
4543
#define SYMCRYPT_ATOMIC_STOREPTR_RELEASE(_dest, _val)   _InterlockedExchangePointer_rel( (volatile PVOID *)(_dest), (PVOID)(_val) )
4544
4545
#elif SYMCRYPT_CPU_AMD64
4546
// For MSVC on AMD64, there are no _nf atomic intrinsics
4547
// 64b loads are naturally atomic on AMD64
4548
#define SYMCRYPT_ATOMIC_LOAD64_RELAXED(_dest)           SYMCRYPT_FORCE_READ64(_dest)
4549
#define SYMCRYPT_ATOMIC_OR32_PRE_RELAXED(_dest, _val)   _InterlockedOr( (volatile LONG *)(_dest), (LONG)(_val) )
4550
#define SYMCRYPT_ATOMIC_ADD32_PRE_RELAXED(_dest, _val)  _InterlockedExchangeAdd( (volatile LONG *)(_dest), (LONG)(_val) )
4551
#define SYMCRYPT_ATOMIC_ADD64_POST_RELAXED(_dest, _val) (_InterlockedExchangeAdd64( (volatile LONG64 *)(_dest), (LONG64)(_val) ) + (LONG64)(_val))
4552
4553
#define SYMCRYPT_ATOMIC_ADD32_POST_SEQ_CST(_dest, _val) (_InterlockedExchangeAdd( (volatile LONG *)(_dest), (LONG)(_val) ) + (LONG)(_val))
4554
4555
// Volatile load / store are sufficient for acquire-release semantics on AMD64
4556
#define SYMCRYPT_ATOMIC_LOADPTR_ACQUIRE(_dest)          ((PVOID)SYMCRYPT_FORCE_READ64(_dest))
4557
#define SYMCRYPT_ATOMIC_STOREPTR_RELEASE(_dest, _val)   SYMCRYPT_FORCE_WRITE64(_dest, ((UINT64)(_val)))
4558
4559
#else
4560
// For MSVC on x86, there is no 64b atomic load intrinsic - use expected to fail CAS, attempting to set from 0 to 0
4561
#define SYMCRYPT_ATOMIC_LOAD64_RELAXED(_dest)           _InterlockedCompareExchange64( (volatile LONG64 *)(_dest), 0, 0 )
4562
// For MSVC on x86, there are no _nf atomic intrinsics
4563
#define SYMCRYPT_ATOMIC_OR32_PRE_RELAXED(_dest, _val)   _InterlockedOr( (volatile LONG *)(_dest), (LONG)(_val) )
4564
#define SYMCRYPT_ATOMIC_ADD32_PRE_RELAXED(_dest, _val)  _InterlockedExchangeAdd( (volatile LONG *)(_dest), (LONG)(_val) )
4565
// For MSVC on x86, there is no 64b atomic add intrinsic
4566
// We could use InterlockedAdd64 function from windows.h if we are using MSVC for Windows, but
4567
// to remove dependency we just define our own inline function using _InterlockedCompareExchange64
4568
FORCEINLINE
4569
LONG64
4570
SymCryptInlineInterlockedAdd64( volatile LONG64* destination, LONG64 value )
4571
{
4572
    LONG64 preValue;
4573
    do {
4574
        preValue = *destination;
4575
    } while (_InterlockedCompareExchange64(destination, preValue + value, preValue) != preValue);
4576
4577
    return preValue + value;
4578
}
4579
#define SYMCRYPT_ATOMIC_ADD64_POST_RELAXED(_dest, _val) SymCryptInlineInterlockedAdd64( (volatile LONG64 *)(_dest), (LONG64)(_val) )
4580
4581
#define SYMCRYPT_ATOMIC_ADD32_POST_SEQ_CST(_dest, _val) (_InterlockedExchangeAdd( (volatile LONG *)(_dest), (LONG)(_val) ) + (LONG)(_val))
4582
4583
// Volatile load / store are sufficient for acquire-release semantics on x86
4584
#define SYMCRYPT_ATOMIC_LOADPTR_ACQUIRE(_dest)          ((PVOID)SYMCRYPT_FORCE_READ32(_dest))
4585
#define SYMCRYPT_ATOMIC_STOREPTR_RELEASE(_dest, _val)   SYMCRYPT_FORCE_WRITE32(_dest, ((UINT32)(_val)))
4586
#endif
4587
4588
#elif SYMCRYPT_GNUC
4589
#define SYMCRYPT_ATOMIC_LOAD64_RELAXED(_dest)           __atomic_load_n( (volatile uint64_t *)(_dest), __ATOMIC_RELAXED )
4590
5
#define SYMCRYPT_ATOMIC_OR32_PRE_RELAXED(_dest, _val)   __atomic_fetch_or( (volatile uint32_t *)(_dest), (uint32_t)(_val), __ATOMIC_RELAXED )
4591
#define SYMCRYPT_ATOMIC_ADD32_PRE_RELAXED(_dest, _val)  __atomic_fetch_add( (volatile uint32_t *)(_dest), (uint32_t)(_val), __ATOMIC_RELAXED )
4592
0
#define SYMCRYPT_ATOMIC_ADD64_POST_RELAXED(_dest, _val) __atomic_add_fetch( (volatile uint64_t *)(_dest), (uint64_t)(_val), __ATOMIC_RELAXED )
4593
4594
#define SYMCRYPT_ATOMIC_ADD32_POST_SEQ_CST(_dest, _val) __atomic_add_fetch( (volatile uint32_t *)(_dest), (uint32_t)(_val), __ATOMIC_ACQ_REL )
4595
4596
#define SYMCRYPT_ATOMIC_LOADPTR_ACQUIRE(_dest)          __atomic_load_n( (volatile void* *)(_dest), __ATOMIC_ACQUIRE )
4597
#define SYMCRYPT_ATOMIC_STOREPTR_RELEASE(_dest, _val)   __atomic_store_n( (volatile void* *)(_dest), (void*)(_val), __ATOMIC_RELEASE )
4598
4599
#endif
4600
4601
// Inline CAS-128 functions
4602
4603
// BOOLEAN
4604
// SymCryptAtomicCas128Relaxed(
4605
//     _Inout_updates_(2)  PUINT64     destination,
4606
//     _Inout_updates_(2)  PUINT64     expectedValue,
4607
//     _In_reads_(2)       PCUINT64    desiredValue);
4608
// Performs Compare-and-Swap on a 128b memory location.
4609
// Atomically reads destination, compares with expectedValue, and:
4610
//   if they are equal, writes desiredValue to destination, and return TRUE
4611
//   if they are not equal, writes the value read from destination to expectedValue, and returns FALSE
4612
//
4613
// Remarks:
4614
// On success, the value of expectedValue is not guaranteed.
4615
// Only destination is guaranteed to be read and written atomically, expectedValue should be a buffer
4616
// which is only owned by the calling thread.
4617
// destination must be aligned to 16 bytes
4618
//
4619
4620
#if SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM64
4621
4622
#if SYMCRYPT_MS_VC
4623
4624
#if SYMCRYPT_CPU_ARM64
4625
#define SYMCRYPT_MSVC_CAS128_NF _InterlockedCompareExchange128_nf
4626
#elif SYMCRYPT_CPU_AMD64
4627
#define SYMCRYPT_MSVC_CAS128_NF _InterlockedCompareExchange128
4628
#endif
4629
4630
FORCEINLINE
4631
BOOLEAN
4632
SymCryptAtomicCas128Relaxed(
4633
    _Inout_updates_(2)  PUINT64     destination,
4634
    _Inout_updates_(2)  PUINT64     expectedValue,
4635
    _In_reads_(2)       PCUINT64    desiredValue)
4636
{
4637
    return SYMCRYPT_MSVC_CAS128_NF(
4638
        (volatile LONG64 *)destination,
4639
        (LONG64)desiredValue[1],
4640
        (LONG64)desiredValue[0],
4641
        (LONG64 *) expectedValue );
4642
}
4643
4644
#elif SYMCRYPT_GNUC
4645
4646
FORCEINLINE
4647
BOOLEAN
4648
SymCryptAtomicCas128Relaxed(
4649
    _Inout_updates_(2)  PUINT64     destination,
4650
    _Inout_updates_(2)  PUINT64     expectedValue,
4651
    _In_reads_(2)       PCUINT64    desiredValue)
4652
0
{
4653
0
#if SYMCRYPT_CPU_AMD64
4654
0
    // To avoid dynamically linking libatomic in OpenEnclave, use inline assembly for cmpxchg16b
4655
0
    // on AMD64. We always need to perform CPU feature detection before we hit this function.
4656
0
    BOOLEAN result;
4657
0
    __asm__ __volatile__
4658
0
    (
4659
0
        "lock cmpxchg16b %1\n\t"
4660
0
        "sete %0"
4661
0
        : "=r" (result)
4662
0
        , "+m" (*destination)
4663
0
        , "+d" (expectedValue[1])
4664
0
        , "+a" (expectedValue[0])
4665
0
        : "c"  (desiredValue[1])
4666
0
        , "b"  (desiredValue[0])
4667
0
        : "cc"
4668
0
    );
4669
0
    return result;
4670
0
#elif SYMCRYPT_CPU_ARM64
4671
0
    // clang inlines this but GCC dynamically links to libatomic
4672
0
    // For now, just let the compiler decide, and for ARM64 modules, always allow linking to libatomic
4673
0
    // We may want to break out into inline asm for LDXP/STXP implementation (v8.0) vs. CASP
4674
0
    // implementation (v8.1) in future
4675
0
    return __atomic_compare_exchange(
4676
0
        (__int128 *)destination,    // ptr
4677
0
        (__int128 *)expectedValue,  // expected
4678
0
        (__int128 *)desiredValue,   // desired
4679
0
        FALSE,                      // weak (set to FALSE => strong)
4680
0
        __ATOMIC_RELAXED,           // success_memorder
4681
0
        __ATOMIC_RELAXED);          // failure_memorder
4682
0
#endif
4683
0
}
Unexecuted instantiation: 3des.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: DesTables.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: a_dispatch.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: aes-default-bc.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: aes-default.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: aes-key.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: aes-xmm.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: aes-ymm.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: blockciphermodes.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ccm.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: chacha20.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: desx.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_dsa.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_internal_curves.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: eckey.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ecpoint.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ecurve.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: equal.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: fdef369_mod.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: fdef_general.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: fdef_int.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: fdef_mod.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: fips_selftest.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: gcm.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ghash.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: hkdf.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: hmacmd5.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: hmacsha1.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: hmacsha256.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: hmacsha384.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: hmacsha512.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: libmain.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: md2.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: md4.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: md5.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: mlkem.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: mlkem_primitives.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: modexp.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: pbkdf2.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: rc4.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: recoding.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: rsa_enc.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: rsa_padding.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: rsakey.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: scsTools.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: selftest.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha1.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha256.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha3_256.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha3_384.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha3_512.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha512.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: shake.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sp800_108.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: tlsprf.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: xmss.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: xtsaes.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: AesTables.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ScsTable.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: aes-asm.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: aes-c.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: crt.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: dh.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: dl_internal_groups.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: dlgroup.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: dlkey.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: dsa.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_dh.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_dispatch.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_montgomery.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_mul.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: gen_int.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: hash.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: marvin32.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: primes.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha256-xmm.c:SymCryptAtomicCas128Relaxed
Unexecuted instantiation: sha3.c:SymCryptAtomicCas128Relaxed
4684
4685
#endif
4686
4687
#endif
4688
4689
FORCEINLINE
4690
UINT32
4691
SymCryptCountTrailingZeros32( UINT32 value )
4692
337k
{
4693
337k
    ULONG index = 0;
4694
337k
    if( value == 0 )
4695
2
    {
4696
2
        return 32;
4697
2
    }
4698
4699
#if SYMCRYPT_MS_VC && (SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM64 | SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_ARM)
4700
    _BitScanForward(&index, value);
4701
#elif SYMCRYPT_GNUC
4702
337k
    index = __builtin_ctz(value);
4703
#else
4704
    while( (value & 1) == 0 )
4705
    {
4706
        index++;
4707
        value >>= 1;
4708
    }
4709
#endif
4710
4711
337k
    return (UINT32) index;
4712
337k
}
Unexecuted instantiation: 3des.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: DesTables.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: a_dispatch.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: aes-default-bc.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: aes-default.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: aes-key.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: aes-xmm.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: aes-ymm.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: blockciphermodes.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ccm.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: chacha20.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: desx.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_dsa.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_internal_curves.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: eckey.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ecpoint.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ecurve.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: equal.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: fdef369_mod.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: fdef_general.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: fdef_int.c:SymCryptCountTrailingZeros32
fdef_mod.c:SymCryptCountTrailingZeros32
Line
Count
Source
4692
337k
{
4693
337k
    ULONG index = 0;
4694
337k
    if( value == 0 )
4695
2
    {
4696
2
        return 32;
4697
2
    }
4698
4699
#if SYMCRYPT_MS_VC && (SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM64 | SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_ARM)
4700
    _BitScanForward(&index, value);
4701
#elif SYMCRYPT_GNUC
4702
337k
    index = __builtin_ctz(value);
4703
#else
4704
    while( (value & 1) == 0 )
4705
    {
4706
        index++;
4707
        value >>= 1;
4708
    }
4709
#endif
4710
4711
337k
    return (UINT32) index;
4712
337k
}
Unexecuted instantiation: fips_selftest.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: gcm.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ghash.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: hkdf.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: hmacmd5.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: hmacsha1.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: hmacsha256.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: hmacsha384.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: hmacsha512.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: libmain.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: md2.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: md4.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: md5.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: mlkem.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: mlkem_primitives.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: modexp.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: pbkdf2.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: rc4.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: recoding.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: rsa_enc.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: rsa_padding.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: rsakey.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: scsTools.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: selftest.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha1.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha256.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha3_256.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha3_384.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha3_512.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha512.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: shake.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sp800_108.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: tlsprf.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: xmss.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: xtsaes.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: AesTables.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ScsTable.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: aes-asm.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: aes-c.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: crt.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: dh.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: dl_internal_groups.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: dlgroup.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: dlkey.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: dsa.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_dh.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_dispatch.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_montgomery.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_mul.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: gen_int.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: hash.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: marvin32.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: primes.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha256-xmm.c:SymCryptCountTrailingZeros32
Unexecuted instantiation: sha3.c:SymCryptCountTrailingZeros32
4713
4714
FORCEINLINE
4715
UINT32
4716
SymCryptCountLeadingZeros32( UINT32 value )
4717
0
{
4718
0
    ULONG zeros = 0;
4719
4720
0
    if(value == 0)
4721
0
    {
4722
0
        return 32;
4723
0
    }
4724
4725
#if SYMCRYPT_MS_VC && (SYMCRYPT_CPU_AMD64 | SYMCRYPT_CPU_ARM64 | SYMCRYPT_CPU_X86 | SYMCRYPT_CPU_ARM)
4726
    _BitScanReverse(&zeros, value);
4727
    zeros = 31 - zeros;
4728
#elif SYMCRYPT_GNUC
4729
0
    zeros = __builtin_clz(value);
4730
#else
4731
    while( (value & 0x80000000) == 0 )
4732
    {
4733
        zeros++;
4734
        value <<= 1;
4735
    }
4736
#endif
4737
4738
0
    return (UINT32)zeros;
4739
0
}
Unexecuted instantiation: 3des.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: DesTables.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: a_dispatch.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: aes-default-bc.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: aes-default.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: aes-key.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: aes-xmm.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: aes-ymm.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: blockciphermodes.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ccm.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: chacha20.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: desx.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_dsa.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_internal_curves.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: eckey.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ecpoint.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ecurve.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: equal.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: fdef369_mod.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: fdef_general.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: fdef_int.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: fdef_mod.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: fips_selftest.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: gcm.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ghash.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: hkdf.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: hmacmd5.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: hmacsha1.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: hmacsha256.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: hmacsha384.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: hmacsha512.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: libmain.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: md2.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: md4.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: md5.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: mlkem.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: mlkem_primitives.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: modexp.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: pbkdf2.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: rc4.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: recoding.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: rsa_enc.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: rsa_padding.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: rsakey.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: scsTools.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: selftest.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha1.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha256.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha3_256.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha3_384.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha3_512.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha512.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: shake.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sp800_108.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: tlsprf.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: xmss.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: xtsaes.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: AesTables.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ScsTable.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: aes-asm.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: aes-c.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: crt.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: dh.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: dl_internal_groups.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: dlgroup.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: dlkey.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: dsa.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_dh.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_dispatch.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_montgomery.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_mul.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_short_weierstrass.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: ec_twisted_edwards.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: gen_int.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: hash.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: marvin32.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: primes.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha256-xmm.c:SymCryptCountLeadingZeros32
Unexecuted instantiation: sha3.c:SymCryptCountLeadingZeros32