1 /*************************************************************************** 2 * Copyright (c) 2024 Microsoft Corporation 3 * 4 * This program and the accompanying materials are made available under the 5 * terms of the MIT License which is available at 6 * https://opensource.org/licenses/MIT. 7 * 8 * SPDX-License-Identifier: MIT 9 **************************************************************************/ 10 11 12 /**************************************************************************/ 13 /**************************************************************************/ 14 /** */ 15 /** NetX Crypto Component */ 16 /** */ 17 /** Crypto */ 18 /** */ 19 /**************************************************************************/ 20 /**************************************************************************/ 21 22 23 /**************************************************************************/ 24 /* */ 25 /* COMPONENT DEFINITION RELEASE */ 26 /* */ 27 /* nx_crypto_const.h PORTABLE C */ 28 /* 6.2.0 */ 29 /* AUTHOR */ 30 /* */ 31 /* Timothy Stapko, Microsoft Corporation */ 32 /* */ 33 /* DESCRIPTION */ 34 /* */ 35 /* This file defines the NetX Security Encryption component. */ 36 /* */ 37 /* RELEASE HISTORY */ 38 /* */ 39 /* DATE NAME DESCRIPTION */ 40 /* */ 41 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 42 /* 09-30-2020 Timothy Stapko Modified comment(s), added */ 43 /* new constants, */ 44 /* resulting in version 6.1 */ 45 /* 06-02-2021 Bhupendra Naphade Modified comment(s), */ 46 /* renamed FIPS symbol to */ 47 /* self-test, */ 48 /* resulting in version 6.1.7 */ 49 /* 04-25-2022 Yuxin Zhou Modified comment(s), added */ 50 /* x25519 and x448 curves, */ 51 /* resulting in version 6.1.11 */ 52 /* 10-31-2022 Yanwu Cai Modified comment(s), added */ 53 /* EC curve type macro, */ 54 /* resulting in version 6.2.0 */ 55 /* */ 56 /**************************************************************************/ 57 58 #ifndef _NX_CRYPTO_CONST_H_ 59 #define _NX_CRYPTO_CONST_H_ 60 61 /* Determine if a C++ compiler is being used. If so, ensure that standard 62 C is used to process the API information. */ 63 #ifdef __cplusplus 64 65 /* Yes, C++ compiler is present. Use standard C. */ 66 extern "C" { 67 68 #endif 69 70 /* Define the encryption algorithm, as outlined in RFC 4305 3.1.1 */ 71 /* These values are used in nx_crypto_algorithm field. */ 72 /* Values of 16 least significant bits are the same as defined in RFC 5996 3.3.2 */ 73 #define NX_CRYPTO_ENCRYPTION_MASK 0x00000000 74 #define NX_CRYPTO_NONE 0x00000000 75 #define NX_CRYPTO_ENCRYPTION_DES_IV64 0x00000001 76 #define NX_CRYPTO_ENCRYPTION_DES_CBC 0x00000002 77 #define NX_CRYPTO_ENCRYPTION_3DES_CBC 0x00000003 78 #define NX_CRYPTO_ENCRYPTION_RC5 0x00000004 79 #define NX_CRYPTO_ENCRYPTION_IDEA 0x00000005 80 #define NX_CRYPTO_ENCRYPTION_CAST 0x00000006 81 #define NX_CRYPTO_ENCRYPTION_BLOWFISH 0x00000007 82 #define NX_CRYPTO_ENCRYPTION_3IDEA 0x00000008 83 #define NX_CRYPTO_ENCRYPTION_DES_IV32 0x00000009 84 #define NX_CRYPTO_ENCRYPTION_NULL 0x0000000B 85 #define NX_CRYPTO_ENCRYPTION_AES_CBC 0x0000000C 86 #define NX_CRYPTO_ENCRYPTION_AES_CTR 0x0000000D 87 #define NX_CRYPTO_ENCRYPTION_AES_CCM_8 0x0000000E 88 #define NX_CRYPTO_ENCRYPTION_AES_CCM_12 0x0000000F 89 #define NX_CRYPTO_ENCRYPTION_AES_CCM_16 0x00000010 90 #define NX_CRYPTO_ENCRYPTION_AES_CCM 0x00000011 /* Unassigned number in IANA, define it for all other length ICV. */ 91 #define NX_CRYPTO_ENCRYPTION_AES_GCM_8 0x00000012 92 #define NX_CRYPTO_ENCRYPTION_AES_GCM_12 0x00000013 93 #define NX_CRYPTO_ENCRYPTION_AES_GCM_16 0x00000014 94 #define NX_CRYPTO_ENCRYPTION_NULL_AUTH_AES_GMAC 0x00000015 95 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CBC 0x00000017 96 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CTR 0x00000018 97 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CCM_8 0x00000019 98 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CCM_12 0x0000001A 99 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CCM_16 0x0000001B 100 #define NX_CRYPTO_ENCRYPTION_CHACHA20_POLY1305 0x0000001C 101 102 103 /* Define the authentication algorithm, as outlined in RFC 4305 3.2 */ 104 /* See also: https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml */ 105 /* These values are used in nx_crypto_algorithm field. */ 106 /* Values of 16 least significant bits are the same as defined in RFC 5996 3.3.2 */ 107 #define NX_CRYPTO_AUTHENTICATION_MASK 0x00010000 108 #define NX_CRYPTO_AUTHENTICATION_NONE 0x00010000 109 #define NX_CRYPTO_AUTHENTICATION_HMAC_MD5_96 0x00010001 110 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA1_96 0x00010002 111 #define NX_CRYPTO_AUTHENTICATION_DES_MAC 0x00010003 112 #define NX_CRYPTO_AUTHENTICATION_KPDK_MD5 0x00010004 113 #define NX_CRYPTO_AUTHENTICATION_AES_XCBC_MAC_96 0x00010005 114 #define NX_CRYPTO_AUTHENTICATION_HMAC_MD5_128 0x00010006 115 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA1_160 0x00010007 116 #define NX_CRYPTO_AUTHENTICATION_AES_CMAC_96 0x00010008 117 #define NX_CRYPTO_AUTHENTICATION_AES_128_GMAC 0x00010009 118 #define NX_CRYPTO_AUTHENTICATION_AES_192_GMAC 0x0001000A 119 #define NX_CRYPTO_AUTHENTICATION_AES_256_GMAC 0x0001000B 120 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_256 0x0001000C 121 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_384 0x0001000D 122 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512 0x0001000E 123 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_224 0x0001000F /* Unassigned number in IANA. */ 124 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_224 0x00010010 /* Unassigned number in IANA. */ 125 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_256 0x00010011 /* Unassigned number in IANA. */ 126 127 /* Define the Pseudorandom Function algorithm */ 128 /* These values are used in nx_crypto_algorithm field. */ 129 /* Values of 16 least significant bits are the same as defined in RFC 5996 3.3.2, 130 * except for algorithms not found in that RFC such as the HKDF. */ 131 #define NX_CRYPTO_PRF_MASK 0x00020000 132 #define NX_CRYPTO_PRF_HMAC_MD5 0x00020001 133 #define NX_CRYPTO_PRF_HMAC_SHA1 0x00020002 134 #define NX_CRYPTO_PRF_HMAC_TIGER 0x00020003 135 #define NX_CRYPTO_PRF_HMAC_AES128_XCBC 0x00020004 136 #define NX_CRYPTO_PRF_HMAC_SHA2_256 0x00020005 137 #define NX_CRYPTO_PRF_HMAC_SHA2_384 0x00020006 138 #define NX_CRYPTO_PRF_HMAC_SHA2_512 0x00020007 139 #define NX_CRYPTO_HKDF_METHOD 0x00020008 140 141 /* Define the hash algorithm */ 142 #define NX_CRYPTO_HASH_MASK 0x00030000 143 #define NX_CRYPTO_HASH_NONE 0x00030001 144 #define NX_CRYPTO_HASH_MD5 0x00030002 145 #define NX_CRYPTO_HASH_SHA1 0x00030003 146 #define NX_CRYPTO_HASH_SHA224 0x00030004 147 #define NX_CRYPTO_HASH_SHA256 0x00030005 148 #define NX_CRYPTO_HASH_SHA384 0x00030006 149 #define NX_CRYPTO_HASH_SHA512 0x00030007 150 #define NX_CRYPTO_HASH_SHA512_224 0x00030008 151 #define NX_CRYPTO_HASH_SHA512_256 0x00030009 152 #define NX_CRYPTO_HASH_HMAC 0x0003000A /* Generic HMAC wrapper. */ 153 154 /* Define the key exchange algorithm */ 155 #define NX_CRYPTO_KEY_EXCHANGE_MASK 0x00040000 156 #define NX_CRYPTO_KEY_EXCHANGE_NONE 0x00040000 157 #define NX_CRYPTO_KEY_EXCHANGE_PSK 0x00040001 158 #define NX_CRYPTO_KEY_EXCHANGE_RSA 0x00040002 159 #define NX_CRYPTO_KEY_EXCHANGE_DH 0x00040003 160 #define NX_CRYPTO_KEY_EXCHANGE_DHE 0x00040004 161 #define NX_CRYPTO_KEY_EXCHANGE_ECDH 0x00040005 162 #define NX_CRYPTO_KEY_EXCHANGE_ECDHE 0x00040006 163 #define NX_CRYPTO_KEY_EXCHANGE_ECJPAKE 0x00040007 164 165 /*Define the digital signature algorithm */ 166 #define NX_CRYPTO_DIGITAL_SIGNATURE_MASK 0x00050000 167 #define NX_CRYPTO_DIGITAL_SIGNATURE_ANONYMOUS 0x00050000 168 #define NX_CRYPTO_DIGITAL_SIGNATURE_RSA 0x00050001 169 #define NX_CRYPTO_DIGITAL_SIGNATURE_DSA 0x00050002 170 #define NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA 0x00050003 171 172 /*Define the elliptic curve algorithm */ 173 /* Values of 16 least significant bits are the same as named curve defined in RFC 4492, section 5.1.1 */ 174 #define NX_CRYPTO_EC_MASK 0x00060000 175 #define NX_CRYPTO_EC_SECT163K1 0x00060001 176 #define NX_CRYPTO_EC_SECT163R1 0x00060002 177 #define NX_CRYPTO_EC_SECT163R2 0x00060003 178 #define NX_CRYPTO_EC_SECT193R1 0x00060004 179 #define NX_CRYPTO_EC_SECT193R2 0x00060005 180 #define NX_CRYPTO_EC_SECT233K1 0x00060006 181 #define NX_CRYPTO_EC_SECT233R1 0x00060007 182 #define NX_CRYPTO_EC_SECT239K1 0x00060008 183 #define NX_CRYPTO_EC_SECT283K1 0x00060009 184 #define NX_CRYPTO_EC_SECT283R1 0x0006000A 185 #define NX_CRYPTO_EC_SECT409K1 0x0006000B 186 #define NX_CRYPTO_EC_SECT409R1 0x0006000C 187 #define NX_CRYPTO_EC_SECT571K1 0x0006000D 188 #define NX_CRYPTO_EC_SECT571R1 0x0006000E 189 #define NX_CRYPTO_EC_SECP160K1 0x0006000F 190 #define NX_CRYPTO_EC_SECP160R1 0x00060010 191 #define NX_CRYPTO_EC_SECP160R2 0x00060011 192 #define NX_CRYPTO_EC_SECP192K1 0x00060012 193 #define NX_CRYPTO_EC_SECP192R1 0x00060013 194 #define NX_CRYPTO_EC_SECP224K1 0x00060014 195 #define NX_CRYPTO_EC_SECP224R1 0x00060015 196 #define NX_CRYPTO_EC_SECP256K1 0x00060016 197 #define NX_CRYPTO_EC_SECP256R1 0x00060017 198 #define NX_CRYPTO_EC_SECP384R1 0x00060018 199 #define NX_CRYPTO_EC_SECP521R1 0x00060019 200 #define NX_CRYPTO_EC_BRAINPOOLP256r1 0x0006001A 201 #define NX_CRYPTO_EC_BRAINPOOLP384r1 0x0006001B 202 #define NX_CRYPTO_EC_BRAINPOOLP512r1 0x0006001C 203 #define NX_CRYPTO_EC_X25519 0x0006001D 204 #define NX_CRYPTO_EC_X448 0x0006001E 205 #define NX_CRYPTO_EC_FFDHE2048 0x00060100 206 #define NX_CRYPTO_EC_FFDHE3072 0x00060101 207 #define NX_CRYPTO_EC_FFDHE4096 0x00060102 208 #define NX_CRYPTO_EC_FFDHE6144 0x00060103 209 #define NX_CRYPTO_EC_FFDHE8192 0x00060104 210 #define NX_CRYPTO_EC_PRIME 0x0006FF01 211 #define NX_CRYPTO_EC_CHAR2 0x0006FF02 212 213 /* Elliptic curve point format definitions. */ 214 #define NX_CRYPTO_EC_POINT_UNCOMPRESSED 0 215 #define NX_CRYPTO_EC_POINT_ANSIX962_COMPRESSED_PRIME 1 216 #define NX_CRYPTO_EC_POINT_ANSIX962_COMPRESSED_CHAR2 2 217 218 /* Elliptic curve type definitions. */ 219 #define NX_CRYPTO_EC_CURVE_TYPE_EXPLICIT_PRIME 1 220 #define NX_CRYPTO_EC_CURVE_TYPE_EXPLICIT_CHAR2 2 221 #define NX_CRYPTO_EC_CURVE_TYPE_NAMED_CURVE 3 222 223 /* Define crypto ICV bits size. */ 224 #define NX_CRYPTO_AUTHENTICATION_ICV_TRUNC_BITS 96 225 226 #ifndef NX_CRYPTO_MAX_IV_SIZE_IN_BITS 227 #define NX_CRYPTO_MAX_IV_SIZE_IN_BITS 192 228 #endif /* NX_CRYPTO_MAX_IV_SIZE_IN_BYTES */ 229 230 /* NX_CRYPTO_ROLE_xxx - used to identify the "role of a crypto algorithm 231 in a ciphersuite/X.509 mapping. */ 232 #define NX_CRYPTO_ROLE_NONE 0 /* Used to indicate the end of a list. */ 233 #define NX_CRYPTO_ROLE_KEY_EXCHANGE 1 /* Cipher is used for key exchange (e.g. RSA, ECDHE) */ 234 #define NX_CRYPTO_ROLE_SIGNATURE_CRYPTO 2 /* Cipher is used for encrypting a signature (e.g. RSA, DSA) */ 235 #define NX_CRYPTO_ROLE_SIGNATURE_HASH 3 /* Cipher is used to generate a signature hash (e.g. SHA-1, SHA-256) */ 236 #define NX_CRYPTO_ROLE_SYMMETRIC 4 /* Cipher is used for symmetric encryption (e.g. AES, RC4) */ 237 #define NX_CRYPTO_ROLE_MAC_HASH 5 /* Cipher is used for hash MAC generation (e.g. HMAC-SHA-1, HMAC-SHA-256) */ 238 #define NX_CRYPTO_ROLE_PRF 6 /* Cipher is used for TLS PRF (key generation). */ 239 #define NX_CRYPTO_ROLE_HMAC 7 /* Generic HMAC wrapper to be used with a "raw" hash function. */ 240 #define NX_CRYPTO_ROLE_RAW_HASH 8 /* A "raw" hash function is the cryptographic primitive without a wrapper (e.g. SHA-256, no HMAC). */ 241 242 /* Define values used for nx_crypto_type. */ 243 #define NX_CRYPTO_ENCRYPT 1 /* ESP Encrypt (egress) */ 244 #define NX_CRYPTO_DECRYPT 2 /* ESP Decrypt (ingress) */ 245 #define NX_CRYPTO_AUTHENTICATE 3 /* AH Authenticate (egress) */ 246 #define NX_CRYPTO_VERIFY 4 /* AH Verify (ingress) */ 247 #define NX_CRYPTO_HASH_INITIALIZE 5 /* Hash initialize */ 248 #define NX_CRYPTO_HASH_UPDATE 6 /* Hash update */ 249 #define NX_CRYPTO_HASH_CALCULATE 7 /* Hash calculate */ 250 #define NX_CRYPTO_PRF 8 /* For the TLS PRF function. */ 251 #define NX_CRYPTO_SET_PRIME_P 9 /* Set Prime number P. This is used in software RSA implementation. */ 252 #define NX_CRYPTO_SET_PRIME_Q 10 /* Set Prime number Q. This is used in software RSA implementation. */ 253 #define NX_CRYPTO_SET_ADDITIONAL_DATA 11 /* Set additional data pointer and length. */ 254 #define NX_CRYPTO_HASH_METHOD_SET 12 /* Set hash method. */ 255 #define NX_CRYPTO_SIGNATURE_GENERATE 13 /* Signature generation. */ 256 #define NX_CRYPTO_SIGNATURE_VERIFY 14 /* Signature verification. */ 257 #define NX_CRYPTO_PRF_SET_HASH NX_CRYPTO_HASH_METHOD_SET 258 259 /* ECJPAKE operations. */ 260 #define NX_CRYPTO_ECJPAKE_HASH_METHOD_SET NX_CRYPTO_HASH_METHOD_SET 261 #define NX_CRYPTO_ECJPAKE_CURVE_SET 21 262 #define NX_CRYPTO_ECJPAKE_CLIENT_HELLO_GENERATE 22 263 #define NX_CRYPTO_ECJPAKE_SERVER_HELLO_GENERATE 23 264 #define NX_CRYPTO_ECJPAKE_CLIENT_HELLO_PROCESS 24 265 #define NX_CRYPTO_ECJPAKE_SERVER_HELLO_PROCESS 25 266 #define NX_CRYPTO_ECJPAKE_CLIENT_KEY_EXCHANGE_GENERATE 26 267 #define NX_CRYPTO_ECJPAKE_SERVER_KEY_EXCHANGE_GENERATE 27 268 #define NX_CRYPTO_ECJPAKE_CLIENT_KEY_EXCHANGE_PROCESS 28 269 #define NX_CRYPTO_ECJPAKE_SERVER_KEY_EXCHANGE_PROCESS 29 270 271 #define NX_CRYPTO_ENCRYPT_INITIALIZE 30 /* Encrypt initialize */ 272 #define NX_CRYPTO_DECRYPT_INITIALIZE 31 /* Decrypt initialize */ 273 #define NX_CRYPTO_ENCRYPT_UPDATE 32 /* Encrypt update */ 274 #define NX_CRYPTO_DECRYPT_UPDATE 33 /* Decrypt update */ 275 #define NX_CRYPTO_ENCRYPT_CALCULATE 34 /* Final encrypt calculation */ 276 #define NX_CRYPTO_DECRYPT_CALCULATE 35 /* Final decrypt calculation */ 277 278 /* EC operations. */ 279 #define NX_CRYPTO_EC_CURVE_GET 40 280 #define NX_CRYPTO_EC_CURVE_SET 41 281 #define NX_CRYPTO_EC_KEY_PAIR_GENERATE 42 282 283 /* DH and ECDH operations. */ 284 #define NX_CRYPTO_DH_SETUP 50 285 #define NX_CRYPTO_DH_CALCULATE 51 286 #define NX_CRYPTO_DH_KEY_PAIR_IMPORT 52 287 #define NX_CRYPTO_DH_PRIVATE_KEY_EXPORT 53 288 289 /* DRBG operations. */ 290 #define NX_CRYPTO_DRBG_OPTIONS_SET 60 291 #define NX_CRYPTO_DRBG_INSTANTIATE 61 292 #define NX_CRYPTO_DRBG_RESEED 62 293 #define NX_CRYPTO_DRBG_GENERATE 63 294 295 /* HKDF operations. */ 296 #define NX_CRYPTO_HKDF_SET_HASH NX_CRYPTO_HASH_METHOD_SET /* Set the generic hash routine to be used for HKDF. */ 297 #define NX_CRYPTO_HKDF_EXTRACT 70 /* Perform an HKDF-extract operation. */ 298 #define NX_CRYPTO_HKDF_EXPAND 71 /* Perform an HKDF-expand operation. */ 299 #define NX_CRYPTO_HKDF_SET_PRK 72 /* Set the Pseudo-Random Key for an HKDF-expand operation. */ 300 #define NX_CRYPTO_HKDF_SET_HMAC 73 /* Set the generic HMAC routine to be used for HKDF. */ 301 #define NX_CRYPTO_HMAC_SET_HASH 74 /* Set the generic hash routine to be used for HMAC operations. */ 302 303 /* Define align MACRO to a byte boundry. */ 304 #define NX_CRYPTO_ALIGN8(len) (((len) + 7) & ~7) 305 306 /* Find the offset of a structure. */ 307 #define NX_CRYPTO_OFFSET(a, b) ((ULONG)(&(((a *)(0)) -> b))) 308 309 310 typedef UINT NX_CRYPTO_KEY_SIZE; 311 312 #define NX_CRYPTO_SUCCESS 0x0 /* Function returned successfully. */ 313 #define NX_CRYPTO_INVALID_LIBRARY 0x20001 /* Crypto library has not been initialized or failed 314 the Power On Self Test (POST). */ 315 #define NX_CRYPTO_UNSUPPORTED_KEY_SIZE 0x20002 /* Unsupported key size. */ 316 #define NX_CRYPTO_AUTHENTICATION_FAILED 0x20003 /* Authentication failed. */ 317 #define NX_CRYPTO_INVALID_ALGORITHM 0x20004 318 #define NX_CRYPTO_INVALID_KEY 0x20005 319 #define NX_CRYPTO_INVALID_BUFFER_SIZE 0x20006 320 #define NX_CRYPTO_PTR_ERROR 0x20007 321 #define NX_CRYPTO_SIZE_ERROR 0x20008 322 #define NX_CRYPTO_NOT_SUCCESSFUL 0x20009 323 #define NX_CRYPTO_INVALID_PARAMETER 0x2000A 324 #define NX_CRYPTO_NO_INSTANCE 0x2000B 325 #define NX_CRYPTO_METHOD_INITIALIZATION_FAILURE 0x2000C /* A method was not properly initialized before use. */ 326 #define NX_CRYPTO_METADATA_UNALIGNED 0x2000D /* Crypto metadata must be 4-byte aligned. */ 327 #define NX_CRYPTO_POINTER_ERROR 0x2000E /* An invalid (NULL?) pointer was passed into a crypto method. */ 328 #define NX_CRYTPO_MISSING_ECC_CURVE 0x2000F /* ECC curve lookup failed to return a matching curve. */ 329 #define NX_CRYPTO_FORMAT_NOT_SUPPORTED 0x20010 /* Unsupported Format */ 330 331 #define NX_CRYPTO_NULL 0 332 #define NX_CRYPTO_FALSE 0 333 #define NX_CRYPTO_TRUE 1 334 335 /* The following symbols are mapped to the error code for backward compatibility. */ 336 #define NX_CRYPTO_AES_UNSUPPORTED_KEY_SIZE NX_CRYPTO_UNSUPPORTED_KEY_SIZE 337 338 #ifdef NX_CRYPTO_SELF_TEST 339 #define NX_CRYPTO_LIBRARY_STATE_UNINITIALIZED 0x00000001U 340 #define NX_CRYPTO_LIBRARY_STATE_POST_IN_PROGRESS 0x00000002U 341 #define NX_CRYPTO_LIBRARY_STATE_POST_FAILED 0x00000004U 342 #define NX_CRYPTO_LIBRARY_STATE_OPERATIONAL 0x80000000U 343 344 #endif /* NX_CRYPTO_SELF_TEST */ 345 346 347 #ifdef __cplusplus 348 } 349 #endif 350 351 #endif /* _NX_CRYPTO_CONST_H_ */ 352
