1 /**************************************************************************/ 2 /* */ 3 /* Copyright (c) Microsoft Corporation. All rights reserved. */ 4 /* */ 5 /* This software is licensed under the Microsoft Software License */ 6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */ 7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ 8 /* and in the root directory of this software. */ 9 /* */ 10 /**************************************************************************/ 11 12 13 /**************************************************************************/ 14 /**************************************************************************/ 15 /** */ 16 /** NetX Crypto Component */ 17 /** */ 18 /** Crypto Methods */ 19 /** */ 20 /**************************************************************************/ 21 /**************************************************************************/ 22 23 #include "nx_crypto_phash.h" 24 #include "nx_crypto_tls_prf_1.h" 25 #include "nx_crypto_tls_prf_sha256.h" 26 #include "nx_crypto_tls_prf_sha384.h" 27 #include "nx_crypto_tls_prf_sha512.h" 28 #include "nx_crypto_hkdf.h" 29 #include "nx_crypto_3des.h" 30 #include "nx_crypto.h" 31 #include "nx_crypto_md5.h" 32 #include "nx_crypto_sha1.h" 33 #include "nx_crypto_sha2.h" 34 #include "nx_crypto_sha5.h" 35 #include "nx_crypto.h" 36 #include "nx_crypto_hmac_sha1.h" 37 #include "nx_crypto_hmac_sha2.h" 38 #include "nx_crypto_hmac_sha5.h" 39 #include "nx_crypto_hmac_md5.h" 40 #include "nx_crypto_aes.h" 41 #include "nx_crypto_rsa.h" 42 #include "nx_crypto_null.h" 43 #include "nx_crypto_ecjpake.h" 44 #include "nx_crypto_ecdsa.h" 45 #include "nx_crypto_ecdh.h" 46 #include "nx_crypto_drbg.h" 47 #include "nx_crypto_pkcs1_v1.5.h" 48 49 /**************************************************************************/ 50 /* */ 51 /* FUNCTION RELEASE */ 52 /* */ 53 /* nx_crypto_methods PORTABLE C */ 54 /* 6.1.12 */ 55 /* AUTHOR */ 56 /* */ 57 /* Timothy Stapko, Microsoft Corporation */ 58 /* */ 59 /* DESCRIPTION */ 60 /* */ 61 /* This table of function pointers provides a mapping from TLS */ 62 /* ciphersuites to the necessary cryptographic methods for a given */ 63 /* platform. It can be used as a model to develop a hardware-specific */ 64 /* cryptography table for TLS. */ 65 /* */ 66 /* INPUT */ 67 /* */ 68 /* None */ 69 /* */ 70 /* OUTPUT */ 71 /* */ 72 /* None */ 73 /* */ 74 /* CALLS */ 75 /* */ 76 /* None */ 77 /* */ 78 /* CALLED BY */ 79 /* */ 80 /* Application Code */ 81 /* */ 82 /* RELEASE HISTORY */ 83 /* */ 84 /* DATE NAME DESCRIPTION */ 85 /* */ 86 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 87 /* 09-30-2020 Timothy Stapko Modified comment(s), */ 88 /* resulting in version 6.1 */ 89 /* 04-25-2022 Timothy Stapko Modified comments(s), added */ 90 /* warning supression for */ 91 /* obsolete DES/3DES, */ 92 /* added x25519 curve, */ 93 /* resulting in version 6.1.11 */ 94 /* 07-29-2022 Yuxin Zhou Modified comment(s), */ 95 /* added x448 curve, */ 96 /* resulting in version 6.1.12 */ 97 /* */ 98 /**************************************************************************/ 99 100 /* Define cryptographic methods. */ 101 102 /* Declare the NONE method: encrypt / hash method not config */ 103 NX_CRYPTO_METHOD crypto_method_none = 104 { 105 NX_CRYPTO_NONE, /* Name of the crypto algorithm */ 106 0, /* Key size in bits, not used */ 107 0, /* IV size in bits, not used */ 108 0, /* ICV size in bits, not used */ 109 0, /* Block size in bytes */ 110 0, /* Metadata size in bytes */ 111 NX_CRYPTO_NULL, /* Initialization routine, not used */ 112 NX_CRYPTO_NULL, /* Cleanup routine, not used */ 113 NX_CRYPTO_NULL /* NULL operation */ 114 }; 115 116 117 /* Declare the NULL encrypt */ 118 NX_CRYPTO_METHOD crypto_method_null = 119 { 120 NX_CRYPTO_ENCRYPTION_NULL, /* Name of the crypto algorithm */ 121 0, /* Key size in bits, not used */ 122 0, /* IV size in bits, not used */ 123 0, /* ICV size in bits, not used */ 124 4, /* Block size in bytes */ 125 0, /* Metadata size in bytes */ 126 NX_CRYPTO_NULL, /* Initialization routine, not used */ 127 NX_CRYPTO_NULL, /* Cleanup routine, not used */ 128 NX_CRYPTO_NULL /* NULL operation */ 129 }; 130 131 /* Declare the AES-CBC 128 encrytion method. */ 132 NX_CRYPTO_METHOD crypto_method_aes_cbc_128 = 133 { 134 NX_CRYPTO_ENCRYPTION_AES_CBC, /* AES crypto algorithm */ 135 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 136 NX_CRYPTO_AES_IV_LEN_IN_BITS, /* IV size in bits */ 137 0, /* ICV size in bits, not used */ 138 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ 139 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 140 _nx_crypto_method_aes_init, /* AES-CBC initialization routine */ 141 _nx_crypto_method_aes_cleanup, /* AES-CBC cleanup routine */ 142 _nx_crypto_method_aes_cbc_operation /* AES-CBC operation */ 143 }; 144 145 /* Declare the AES-CBC 192 encrytion method. */ 146 NX_CRYPTO_METHOD crypto_method_aes_cbc_192 = 147 { 148 NX_CRYPTO_ENCRYPTION_AES_CBC, /* AES crypto algorithm */ 149 NX_CRYPTO_AES_192_KEY_LEN_IN_BITS, /* Key size in bits */ 150 NX_CRYPTO_AES_IV_LEN_IN_BITS, /* IV size in bits */ 151 0, /* ICV size in bits, not used */ 152 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ 153 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 154 _nx_crypto_method_aes_init, /* AES-CBC initialization routine */ 155 _nx_crypto_method_aes_cleanup, /* AES-CBC cleanup routine */ 156 _nx_crypto_method_aes_operation /* AES-CBC operation */ 157 }; 158 159 /* Declare the AES-CBC 256 encryption method */ 160 NX_CRYPTO_METHOD crypto_method_aes_cbc_256 = 161 { 162 NX_CRYPTO_ENCRYPTION_AES_CBC, /* AES crypto algorithm */ 163 NX_CRYPTO_AES_256_KEY_LEN_IN_BITS, /* Key size in bits */ 164 NX_CRYPTO_AES_IV_LEN_IN_BITS, /* IV size in bits */ 165 0, /* ICV size in bits, not used */ 166 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ 167 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 168 _nx_crypto_method_aes_init, /* AES-CBC initialization routine */ 169 _nx_crypto_method_aes_cleanup, /* AES-CBC cleanup routine */ 170 _nx_crypto_method_aes_cbc_operation /* AES-CBC operation */ 171 }; 172 173 174 /* Declare the AES-CCM-8 encrytion method. */ 175 NX_CRYPTO_METHOD crypto_method_aes_ccm_8 = 176 { 177 NX_CRYPTO_ENCRYPTION_AES_CCM_8, /* AES crypto algorithm */ 178 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 179 32, /* IV size in bits */ 180 64, /* ICV size in bits */ 181 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 182 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 183 _nx_crypto_method_aes_init, /* AES-CCM8 initialization routine. */ 184 _nx_crypto_method_aes_cleanup, /* AES-CCM8 cleanup routine. */ 185 _nx_crypto_method_aes_ccm_operation /* AES-CCM8 operation */ 186 }; 187 188 /* Declare the AES-CCM-16 encrytion method. */ 189 NX_CRYPTO_METHOD crypto_method_aes_ccm_16 = 190 { 191 NX_CRYPTO_ENCRYPTION_AES_CCM_16, /* AES crypto algorithm */ 192 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 193 32, /* IV size in bits */ 194 128, /* ICV size in bits */ 195 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 196 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 197 _nx_crypto_method_aes_init, /* AES-CCM16 initialization routine. */ 198 _nx_crypto_method_aes_cleanup, /* AES-CCM16 cleanup routine. */ 199 _nx_crypto_method_aes_ccm_operation /* AES-CCM16 operation */ 200 }; 201 202 /* Declare the AES-GCM encrytion method. */ 203 NX_CRYPTO_METHOD crypto_method_aes_128_gcm_16 = 204 { 205 NX_CRYPTO_ENCRYPTION_AES_GCM_16, /* AES crypto algorithm */ 206 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 207 32, /* IV size in bits */ 208 128, /* ICV size in bits */ 209 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 210 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 211 _nx_crypto_method_aes_init, /* AES-GCM initialization routine. */ 212 _nx_crypto_method_aes_cleanup, /* AES-GCM cleanup routine. */ 213 _nx_crypto_method_aes_gcm_operation, /* AES-GCM operation */ 214 }; 215 216 /* Declare the AES-GCM encrytion method. */ 217 NX_CRYPTO_METHOD crypto_method_aes_256_gcm_16 = 218 { 219 NX_CRYPTO_ENCRYPTION_AES_GCM_16, /* AES crypto algorithm */ 220 NX_CRYPTO_AES_256_KEY_LEN_IN_BITS, /* Key size in bits */ 221 32, /* IV size in bits */ 222 128, /* ICV size in bits */ 223 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 224 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 225 _nx_crypto_method_aes_init, /* AES-GCM initialization routine. */ 226 _nx_crypto_method_aes_cleanup, /* AES-GCM cleanup routine. */ 227 _nx_crypto_method_aes_gcm_operation, /* AES-GCM operation */ 228 }; 229 230 /* Declare the AES-XCBC-MAC encrytion method. */ 231 NX_CRYPTO_METHOD crypto_method_aes_xcbc_mac_96 = 232 { 233 NX_CRYPTO_AUTHENTICATION_AES_XCBC_MAC_96, /* AES_XCBC_MAC algorithm */ 234 NX_CRYPTO_AES_XCBC_MAC_KEY_LEN_IN_BITS, /* Key size in bits */ 235 0, /* IV size in bits, not used */ 236 NX_CRYPTO_AUTHENTICATION_ICV_TRUNC_BITS, /* Transmitted ICV size in bits */ 237 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 238 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 239 _nx_crypto_method_aes_init, /* AES-XCBC_MAC initialization routine. */ 240 _nx_crypto_method_aes_cleanup, /* AES-XCBC_MAC cleanup routine. */ 241 _nx_crypto_method_aes_xcbc_operation /* AES_XCBC_MAC operation */ 242 }; 243 244 /* Declare the DRBG encrytion method. */ 245 NX_CRYPTO_METHOD crypto_method_drbg = 246 { 247 0, /* DRBG crypto algorithm */ 248 0, /* Key size in bits */ 249 0, /* IV size in bits */ 250 0, /* ICV size in bits, not used */ 251 0, /* Block size in bytes */ 252 sizeof(NX_CRYPTO_DRBG), /* Metadata size in bytes */ 253 _nx_crypto_method_drbg_init, /* DRBG initialization routine */ 254 _nx_crypto_method_drbg_cleanup, /* DRBG cleanup routine */ 255 _nx_crypto_method_drbg_operation, /* DRBG operation */ 256 }; 257 258 /* Declare the ECDSA crypto method */ 259 NX_CRYPTO_METHOD crypto_method_ecdsa = 260 { 261 NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA, /* ECDSA crypto algorithm */ 262 0, /* Key size in bits */ 263 0, /* IV size in bits */ 264 0, /* ICV size in bits, not used */ 265 0, /* Block size in bytes */ 266 sizeof(NX_CRYPTO_ECDSA), /* Metadata size in bytes */ 267 _nx_crypto_method_ecdsa_init, /* ECDSA initialization routine */ 268 _nx_crypto_method_ecdsa_cleanup, /* ECDSA cleanup routine */ 269 _nx_crypto_method_ecdsa_operation /* ECDSA operation */ 270 }; 271 272 /* Declare the ECDH crypto method */ 273 NX_CRYPTO_METHOD crypto_method_ecdh = 274 { 275 NX_CRYPTO_KEY_EXCHANGE_ECDH, /* ECDH crypto algorithm */ 276 0, /* Key size in bits */ 277 0, /* IV size in bits */ 278 0, /* ICV size in bits, not used */ 279 0, /* Block size in bytes */ 280 sizeof(NX_CRYPTO_ECDH), /* Metadata size in bytes */ 281 _nx_crypto_method_ecdh_init, /* ECDH initialization routine */ 282 _nx_crypto_method_ecdh_cleanup, /* ECDH cleanup routine */ 283 _nx_crypto_method_ecdh_operation /* ECDH operation */ 284 }; 285 286 /* Declare the ECDHE crypto method */ 287 NX_CRYPTO_METHOD crypto_method_ecdhe = 288 { 289 NX_CRYPTO_KEY_EXCHANGE_ECDHE, /* ECDHE crypto algorithm */ 290 0, /* Key size in bits */ 291 0, /* IV size in bits */ 292 0, /* ICV size in bits, not used */ 293 0, /* Block size in bytes */ 294 sizeof(NX_CRYPTO_ECDH), /* Metadata size in bytes */ 295 _nx_crypto_method_ecdh_init, /* ECDH initialization routine */ 296 _nx_crypto_method_ecdh_cleanup, /* ECDH cleanup routine */ 297 _nx_crypto_method_ecdh_operation /* ECDH operation */ 298 }; 299 300 /* Declare the HMAC SHA1 authentication method */ 301 NX_CRYPTO_METHOD crypto_method_hmac_sha1 = 302 { 303 NX_CRYPTO_AUTHENTICATION_HMAC_SHA1_160, /* HMAC SHA1 algorithm */ 304 0, /* Key size in bits */ 305 0, /* IV size in bits, not used */ 306 NX_CRYPTO_HMAC_SHA1_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 307 NX_CRYPTO_SHA1_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 308 sizeof(NX_CRYPTO_SHA1_HMAC), /* Metadata size in bytes */ 309 _nx_crypto_method_hmac_sha1_init, /* HMAC SHA1 initialization routine */ 310 _nx_crypto_method_hmac_sha1_cleanup, /* HMAC SHA1 cleanup routine */ 311 _nx_crypto_method_hmac_sha1_operation /* HMAC SHA1 operation */ 312 }; 313 314 /* Declare the HMAC SHA224 authentication method */ 315 NX_CRYPTO_METHOD crypto_method_hmac_sha224 = 316 { 317 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_224, /* HMAC SHA224 algorithm */ 318 0, /* Key size in bits */ 319 0, /* IV size in bits, not used */ 320 NX_CRYPTO_HMAC_SHA224_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 321 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 322 sizeof(NX_CRYPTO_SHA256_HMAC), /* Metadata size in bytes */ 323 _nx_crypto_method_hmac_sha256_init, /* HMAC SHA224 initialization routine */ 324 _nx_crypto_method_hmac_sha256_cleanup, /* HMAC SHA224 cleanup routine */ 325 _nx_crypto_method_hmac_sha256_operation /* HMAC SHA224 operation */ 326 }; 327 328 /* Declare the HMAC SHA256 authentication method */ 329 NX_CRYPTO_METHOD crypto_method_hmac_sha256 = 330 { 331 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_256, /* HMAC SHA256 algorithm */ 332 0, /* Key size in bits */ 333 0, /* IV size in bits, not used */ 334 NX_CRYPTO_HMAC_SHA256_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 335 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 336 sizeof(NX_CRYPTO_SHA256_HMAC), /* Metadata size in bytes */ 337 _nx_crypto_method_hmac_sha256_init, /* HMAC SHA256 initialization routine */ 338 _nx_crypto_method_hmac_sha256_cleanup, /* HMAC SHA256 cleanup routine */ 339 _nx_crypto_method_hmac_sha256_operation /* HMAC SHA256 operation */ 340 }; 341 342 /* Declare the HMAC SHA384 authentication method */ 343 NX_CRYPTO_METHOD crypto_method_hmac_sha384 = 344 { 345 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_384, /* HMAC SHA384 algorithm */ 346 0, /* Key size in bits */ 347 0, /* IV size in bits, not used */ 348 NX_CRYPTO_HMAC_SHA384_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 349 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 350 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 351 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA384 initialization routine */ 352 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA384 cleanup routine */ 353 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA384 operation */ 354 }; 355 356 /* Declare the HMAC SHA512 authentication method */ 357 NX_CRYPTO_METHOD crypto_method_hmac_sha512 = 358 { 359 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512, /* HMAC SHA512 algorithm */ 360 0, /* Key size in bits */ 361 0, /* IV size in bits, not used */ 362 NX_CRYPTO_HMAC_SHA512_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 363 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 364 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 365 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA512 initialization routine */ 366 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA512 cleanup routine */ 367 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA512 operation */ 368 }; 369 370 /* Declare the HMAC SHA512 authentication method */ 371 NX_CRYPTO_METHOD crypto_method_hmac_sha512_224 = 372 { 373 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_224, /* HMAC SHA512224 algorithm */ 374 0, /* Key size in bits */ 375 0, /* IV size in bits, not used */ 376 NX_CRYPTO_HMAC_SHA512_224_ICV_FULL_LEN_IN_BITS,/* Transmitted ICV size in bits */ 377 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 378 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 379 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA512224 initialization routine */ 380 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA512224 cleanup routine */ 381 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA512224 operation */ 382 }; 383 384 /* Declare the HMAC SHA512 authentication method */ 385 NX_CRYPTO_METHOD crypto_method_hmac_sha512_256 = 386 { 387 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_256, /* HMAC SHA512256 algorithm */ 388 0, /* Key size in bits */ 389 0, /* IV size in bits, not used */ 390 NX_CRYPTO_HMAC_SHA512_256_ICV_FULL_LEN_IN_BITS,/* Transmitted ICV size in bits */ 391 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 392 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 393 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA512256 initialization routine */ 394 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA512256 cleanup routine */ 395 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA512256 operation */ 396 }; 397 398 /* Declare the HMAC MD5 authentication method */ 399 NX_CRYPTO_METHOD crypto_method_hmac_md5 = 400 { 401 NX_CRYPTO_AUTHENTICATION_HMAC_MD5_128, /* HMAC MD5 algorithm */ 402 0, /* Key size in bits */ 403 0, /* IV size in bits, not used */ 404 NX_CRYPTO_HMAC_MD5_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 405 NX_CRYPTO_MD5_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 406 sizeof(NX_CRYPTO_MD5_HMAC), /* Metadata size in bytes */ 407 _nx_crypto_method_hmac_md5_init, /* HMAC MD5 initialization routine */ 408 _nx_crypto_method_hmac_md5_cleanup, /* HMAC MD5 cleanup routine */ 409 _nx_crypto_method_hmac_md5_operation /* HMAC MD5 operation */ 410 }; 411 412 /* Declare the RSA public cipher method. */ 413 NX_CRYPTO_METHOD crypto_method_rsa = 414 { 415 NX_CRYPTO_KEY_EXCHANGE_RSA, /* RSA crypto algorithm */ 416 0, /* Key size in bits */ 417 0, /* IV size in bits */ 418 0, /* ICV size in bits, not used. */ 419 0, /* Block size in bytes. */ 420 sizeof(NX_CRYPTO_RSA), /* Metadata size in bytes */ 421 _nx_crypto_method_rsa_init, /* RSA initialization routine. */ 422 _nx_crypto_method_rsa_cleanup, /* RSA cleanup routine */ 423 _nx_crypto_method_rsa_operation /* RSA operation */ 424 }; 425 426 /* Declare a placeholder for PSK authentication. */ 427 NX_CRYPTO_METHOD crypto_method_auth_psk = 428 { 429 NX_CRYPTO_KEY_EXCHANGE_PSK, /* PSK placeholder */ 430 0, /* Key size in bits */ 431 0, /* IV size in bits */ 432 0, /* ICV size in bits, not used. */ 433 0, /* Block size in bytes. */ 434 0, /* Metadata size in bytes */ 435 NX_CRYPTO_NULL, /* Initialization routine. */ 436 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 437 NX_CRYPTO_NULL /* Operation */ 438 }; 439 440 /* Declare a placeholder for ECJ-PAKE. */ 441 NX_CRYPTO_METHOD crypto_method_auth_ecjpake = 442 { 443 NX_CRYPTO_KEY_EXCHANGE_ECJPAKE, /* ECJ-PAKE placeholder */ 444 0, /* Key size in bits */ 445 0, /* IV size in bits */ 446 0, /* ICV size in bits, not used. */ 447 0, /* Block size in bytes */ 448 sizeof(NX_CRYPTO_ECJPAKE), /* Metadata size in bytes */ 449 _nx_crypto_method_ecjpake_init, /* ECJPAKE initialization routine */ 450 _nx_crypto_method_ecjpake_cleanup, /* ECJPAKE cleanup routine */ 451 _nx_crypto_method_ecjpake_operation, /* ECJPAKE operation */ 452 }; 453 454 /* Declare a placeholder for EC SECP192R1. */ 455 NX_CRYPTO_METHOD crypto_method_ec_secp192 = 456 { 457 NX_CRYPTO_EC_SECP192R1, /* EC placeholder */ 458 192, /* Key size in bits */ 459 0, /* IV size in bits */ 460 0, /* ICV size in bits, not used. */ 461 0, /* Block size in bytes. */ 462 0, /* Metadata size in bytes */ 463 NX_CRYPTO_NULL, /* Initialization routine. */ 464 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 465 _nx_crypto_method_ec_secp192r1_operation, /* Operation */ 466 }; 467 468 /* Declare a placeholder for EC SECP224R1. */ 469 NX_CRYPTO_METHOD crypto_method_ec_secp224 = 470 { 471 NX_CRYPTO_EC_SECP224R1, /* EC placeholder */ 472 224, /* Key size in bits */ 473 0, /* IV size in bits */ 474 0, /* ICV size in bits, not used. */ 475 0, /* Block size in bytes. */ 476 0, /* Metadata size in bytes */ 477 NX_CRYPTO_NULL, /* Initialization routine. */ 478 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 479 _nx_crypto_method_ec_secp224r1_operation, /* Operation */ 480 }; 481 482 /* Declare a placeholder for EC SECP256R1. */ 483 NX_CRYPTO_METHOD crypto_method_ec_secp256 = 484 { 485 NX_CRYPTO_EC_SECP256R1, /* EC placeholder */ 486 256, /* Key size in bits */ 487 0, /* IV size in bits */ 488 0, /* ICV size in bits, not used. */ 489 0, /* Block size in bytes. */ 490 0, /* Metadata size in bytes */ 491 NX_CRYPTO_NULL, /* Initialization routine. */ 492 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 493 _nx_crypto_method_ec_secp256r1_operation, /* Operation */ 494 }; 495 496 /* Declare a placeholder for EC SECP384R1. */ 497 NX_CRYPTO_METHOD crypto_method_ec_secp384 = 498 { 499 NX_CRYPTO_EC_SECP384R1, /* EC placeholder */ 500 384, /* Key size in bits */ 501 0, /* IV size in bits */ 502 0, /* ICV size in bits, not used. */ 503 0, /* Block size in bytes. */ 504 0, /* Metadata size in bytes */ 505 NX_CRYPTO_NULL, /* Initialization routine. */ 506 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 507 _nx_crypto_method_ec_secp384r1_operation, /* Operation */ 508 }; 509 510 /* Declare a placeholder for EC SECP521R1. */ 511 NX_CRYPTO_METHOD crypto_method_ec_secp521 = 512 { 513 NX_CRYPTO_EC_SECP521R1, /* EC placeholder */ 514 521, /* Key size in bits */ 515 0, /* IV size in bits */ 516 0, /* ICV size in bits, not used. */ 517 0, /* Block size in bytes. */ 518 0, /* Metadata size in bytes */ 519 NX_CRYPTO_NULL, /* Initialization routine. */ 520 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 521 _nx_crypto_method_ec_secp521r1_operation, /* Operation */ 522 }; 523 524 #ifdef NX_CRYPTO_ENABLE_CURVE25519_448 525 526 /* Declare a placeholder for EC x25519. */ 527 NX_CRYPTO_METHOD crypto_method_ec_x25519 = 528 { 529 NX_CRYPTO_EC_X25519, /* EC placeholder */ 530 255, /* Key size in bits */ 531 0, /* IV size in bits */ 532 0, /* ICV size in bits, not used. */ 533 0, /* Block size in bytes. */ 534 0, /* Metadata size in bytes */ 535 NX_CRYPTO_NULL, /* Initialization routine. */ 536 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 537 _nx_crypto_method_ec_x25519_operation, /* Operation */ 538 }; 539 540 /* Declare a placeholder for EC x448. */ 541 NX_CRYPTO_METHOD crypto_method_ec_x448 = 542 { 543 NX_CRYPTO_EC_X448, /* EC placeholder */ 544 448, /* Key size in bits */ 545 0, /* IV size in bits */ 546 0, /* ICV size in bits, not used. */ 547 0, /* Block size in bytes. */ 548 0, /* Metadata size in bytes */ 549 NX_CRYPTO_NULL, /* Initialization routine. */ 550 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 551 _nx_crypto_method_ec_x448_operation, /* Operation */ 552 }; 553 554 #endif /* NX_CRYPTO_ENABLE_CURVE25519_448 */ 555 556 /* Declare the public NULL cipher (not to be confused with the NULL methods above). This 557 * is used as a placeholder in ciphersuites that do not use a cipher method for a 558 * particular operation (e.g. some PSK ciphersuites don't use a public-key algorithm 559 * like RSA). 560 */ 561 NX_CRYPTO_METHOD crypto_method_public_null = 562 { 563 NX_CRYPTO_ENCRYPTION_NULL, /* Name of the crypto algorithm */ 564 0, /* Key size in bits, not used */ 565 0, /* IV size in bits, not used */ 566 0, /* ICV size in bits, not used */ 567 1, /* Block size in bytes */ 568 0, /* Metadata size in bytes */ 569 _nx_crypto_method_null_init, /* NULL initialization routine */ 570 _nx_crypto_method_null_cleanup, /* NULL cleanup routine */ 571 _nx_crypto_method_null_operation /* NULL operation */ 572 }; 573 574 575 576 /* Declare the MD5 hash method */ 577 NX_CRYPTO_METHOD crypto_method_md5 = 578 { 579 NX_CRYPTO_HASH_MD5, /* MD5 algorithm */ 580 0, /* Key size in bits */ 581 0, /* IV size in bits, not used */ 582 NX_CRYPTO_MD5_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 583 NX_CRYPTO_MD5_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 584 sizeof(NX_CRYPTO_MD5), /* Metadata size in bytes */ 585 _nx_crypto_method_md5_init, /* MD5 initialization routine */ 586 _nx_crypto_method_md5_cleanup, /* MD5 cleanup routine */ 587 _nx_crypto_method_md5_operation /* MD5 operation */ 588 }; 589 590 /* Declare the SHA1 hash method */ 591 NX_CRYPTO_METHOD crypto_method_sha1 = 592 { 593 NX_CRYPTO_HASH_SHA1, /* SHA1 algorithm */ 594 0, /* Key size in bits */ 595 0, /* IV size in bits, not used */ 596 NX_CRYPTO_SHA1_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 597 NX_CRYPTO_SHA1_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 598 sizeof(NX_CRYPTO_SHA1), /* Metadata size in bytes */ 599 _nx_crypto_method_sha1_init, /* SHA1 initialization routine */ 600 _nx_crypto_method_sha1_cleanup, /* SHA1 cleanup routine */ 601 _nx_crypto_method_sha1_operation /* SHA1 operation */ 602 }; 603 604 /* Declare the SHA224 hash method */ 605 NX_CRYPTO_METHOD crypto_method_sha224 = 606 { 607 NX_CRYPTO_HASH_SHA224, /* SHA224 algorithm */ 608 0, /* Key size in bits */ 609 0, /* IV size in bits, not used */ 610 NX_CRYPTO_SHA224_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 611 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 612 sizeof(NX_CRYPTO_SHA256), /* Metadata size in bytes */ 613 _nx_crypto_method_sha256_init, /* SHA224 initialization routine */ 614 _nx_crypto_method_sha256_cleanup, /* SHA224 cleanup routine */ 615 _nx_crypto_method_sha256_operation /* SHA224 operation */ 616 }; 617 618 /* Declare the SHA256 hash method */ 619 NX_CRYPTO_METHOD crypto_method_sha256 = 620 { 621 NX_CRYPTO_HASH_SHA256, /* SHA256 algorithm */ 622 0, /* Key size in bits */ 623 0, /* IV size in bits, not used */ 624 NX_CRYPTO_SHA256_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 625 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 626 sizeof(NX_CRYPTO_SHA256), /* Metadata size in bytes */ 627 _nx_crypto_method_sha256_init, /* SHA256 initialization routine */ 628 _nx_crypto_method_sha256_cleanup, /* SHA256 cleanup routine */ 629 _nx_crypto_method_sha256_operation /* SHA256 operation */ 630 }; 631 632 /* Declare the SHA384 hash method */ 633 NX_CRYPTO_METHOD crypto_method_sha384 = 634 { 635 NX_CRYPTO_HASH_SHA384, /* SHA384 algorithm */ 636 0, /* Key size in bits */ 637 0, /* IV size in bits, not used */ 638 NX_CRYPTO_SHA384_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 639 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 640 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 641 _nx_crypto_method_sha512_init, /* SHA384 initialization routine */ 642 _nx_crypto_method_sha512_cleanup, /* SHA384 cleanup routine */ 643 _nx_crypto_method_sha512_operation /* SHA384 operation */ 644 }; 645 646 /* Declare the SHA512 hash method */ 647 NX_CRYPTO_METHOD crypto_method_sha512 = 648 { 649 NX_CRYPTO_HASH_SHA512, /* SHA512 algorithm */ 650 0, /* Key size in bits */ 651 0, /* IV size in bits, not used */ 652 NX_CRYPTO_SHA512_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 653 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 654 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 655 _nx_crypto_method_sha512_init, /* SHA512 initialization routine */ 656 _nx_crypto_method_sha512_cleanup, /* SHA512 cleanup routine */ 657 _nx_crypto_method_sha512_operation /* SHA512 operation */ 658 }; 659 660 /* Declare the SHA512/224 hash method */ 661 NX_CRYPTO_METHOD crypto_method_sha512_224 = 662 { 663 NX_CRYPTO_HASH_SHA512_224, /* SHA512224 algorithm */ 664 0, /* Key size in bits */ 665 0, /* IV size in bits, not used */ 666 NX_CRYPTO_SHA512_224_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 667 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 668 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 669 _nx_crypto_method_sha512_init, /* SHA512224 initialization routine */ 670 _nx_crypto_method_sha512_cleanup, /* SHA512224 cleanup routine */ 671 _nx_crypto_method_sha512_operation /* SHA512224 operation */ 672 }; 673 674 /* Declare the SHA512/256 hash method */ 675 NX_CRYPTO_METHOD crypto_method_sha512_256 = 676 { 677 NX_CRYPTO_HASH_SHA512_256, /* SHA512256 algorithm */ 678 0, /* Key size in bits */ 679 0, /* IV size in bits, not used */ 680 NX_CRYPTO_SHA512_256_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 681 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 682 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 683 _nx_crypto_method_sha512_init, /* SHA512256 initialization routine */ 684 _nx_crypto_method_sha512_cleanup, /* SHA512256 cleanup routine */ 685 _nx_crypto_method_sha512_operation /* SHA512256 operation */ 686 }; 687 688 /* Declare the TLSv1.0/1.1 PRF hash method */ 689 NX_CRYPTO_METHOD crypto_method_tls_prf_1 = 690 { 691 NX_CRYPTO_PRF_HMAC_SHA1, /* TLS PRF algorithm */ 692 0, /* Key size in bits, not used */ 693 0, /* IV size in bits, not used */ 694 0, /* Transmitted ICV size in bits, not used*/ 695 0, /* Block size in bytes, not used */ 696 sizeof(NX_CRYPTO_TLS_PRF_1), /* Metadata size in bytes */ 697 _nx_crypto_method_prf_1_init, /* TLS PRF 1 initialization routine */ 698 _nx_crypto_method_prf_1_cleanup, /* TLS PRF 1 cleanup routine */ 699 _nx_crypto_method_prf_1_operation /* TLS PRF 1 operation */ 700 }; 701 702 /* For backward compatibility, this symbol is defined here */ 703 #define crypto_method_tls_prf_sha_256 crypto_method_tls_prf_sha256 704 /* Declare the TLSv1.2 default PRF hash method */ 705 NX_CRYPTO_METHOD crypto_method_tls_prf_sha256 = 706 { 707 NX_CRYPTO_PRF_HMAC_SHA2_256, /* TLS PRF algorithm */ 708 0, /* Key size in bits, not used */ 709 0, /* IV size in bits, not used */ 710 0, /* Transmitted ICV size in bits, not used*/ 711 0, /* Block size in bytes, not used */ 712 sizeof(NX_CRYPTO_TLS_PRF_SHA256), /* Metadata size in bytes */ 713 _nx_crypto_method_prf_sha_256_init, /* TLS PRF SHA256 initialization routine */ 714 _nx_crypto_method_prf_sha_256_cleanup, /* TLS PRF SHA256 cleanup routine */ 715 _nx_crypto_method_prf_sha_256_operation /* TLS PRF SHA256 operation */ 716 }; 717 718 /* Declare the TLSv1.2 default PRF hash method */ 719 NX_CRYPTO_METHOD crypto_method_tls_prf_sha384 = 720 { 721 NX_CRYPTO_PRF_HMAC_SHA2_384, /* TLS PRF algorithm */ 722 0, /* Key size in bits, not used */ 723 0, /* IV size in bits, not used */ 724 0, /* Transmitted ICV size in bits, not used*/ 725 0, /* Block size in bytes, not used */ 726 sizeof(NX_CRYPTO_TLS_PRF_SHA384), /* Metadata size in bytes */ 727 _nx_crypto_method_prf_sha384_init, /* TLS PRF SHA384 initialization routine */ 728 _nx_crypto_method_prf_sha384_cleanup, /* TLS PRF SHA384 cleanup routine */ 729 _nx_crypto_method_prf_sha384_operation /* TLS PRF SHA384 operation */ 730 }; 731 732 /* Declare the TLSv1.2 default PRF hash method */ 733 NX_CRYPTO_METHOD crypto_method_tls_prf_sha512 = 734 { 735 NX_CRYPTO_PRF_HMAC_SHA2_512, /* TLS PRF algorithm */ 736 0, /* Key size in bits, not used */ 737 0, /* IV size in bits, not used */ 738 0, /* Transmitted ICV size in bits, not used*/ 739 0, /* Block size in bytes, not used */ 740 sizeof(NX_CRYPTO_TLS_PRF_SHA512), /* Metadata size in bytes */ 741 _nx_crypto_method_prf_sha512_init, /* TLS PRF SHA512 initialization routine */ 742 _nx_crypto_method_prf_sha512_cleanup, /* TLS PRF SHA512 cleanup routine */ 743 _nx_crypto_method_prf_sha512_operation /* TLS PRF SHA512 operation */ 744 }; 745 746 /* Define generic HMAC cryptographic routine. */ 747 NX_CRYPTO_METHOD crypto_method_hmac = 748 { 749 NX_CRYPTO_HASH_HMAC, /* HMAC algorithm */ 750 0, /* Key size in bits, not used */ 751 0, /* IV size in bits, not used */ 752 0, /* Transmitted ICV size in bits, not used*/ 753 0, /* Block size in bytes, not used */ 754 sizeof(NX_CRYPTO_HMAC), /* Metadata size in bytes */ 755 _nx_crypto_method_hmac_init, /* HKDF initialization routine */ 756 _nx_crypto_method_hmac_cleanup, /* HKDF cleanup routine */ 757 _nx_crypto_method_hmac_operation /* HKDF operation */ 758 }; 759 760 761 /* Define generic HMAC-based Key Derivation Function method. */ 762 NX_CRYPTO_METHOD crypto_method_hkdf = 763 { 764 NX_CRYPTO_HKDF_METHOD, /* HKDF algorithm */ 765 0, /* Key size in bits, not used */ 766 0, /* IV size in bits, not used */ 767 0, /* Transmitted ICV size in bits, not used*/ 768 0, /* Block size in bytes, not used */ 769 sizeof(NX_CRYPTO_HKDF) + sizeof(NX_CRYPTO_HMAC),/* Metadata size in bytes */ 770 _nx_crypto_method_hkdf_init, /* HKDF initialization routine */ 771 _nx_crypto_method_hkdf_cleanup, /* HKDF cleanup routine */ 772 _nx_crypto_method_hkdf_operation /* HKDF operation */ 773 }; 774 775 /* Declare the 3DES-CBC 128 encrytion method. */ 776 NX_CRYPTO_METHOD crypto_method_des = 777 { 778 NX_CRYPTO_ENCRYPTION_DES_CBC, /* DES crypto algorithm */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 779 NX_CRYPTO_DES_KEY_LEN_IN_BITS, /* Key size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 780 NX_CRYPTO_DES_IV_LEN_IN_BITS, /* IV size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 781 0, /* ICV size in bits, not used */ 782 (NX_CRYPTO_DES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 783 sizeof(NX_CRYPTO_DES), /* Metadata size in bytes */ 784 _nx_crypto_method_des_init, /* 3DES initialization routine */ 785 _nx_crypto_method_des_cleanup, /* 3DES cleanup routine */ 786 _nx_crypto_method_des_operation /* 3DES operation */ 787 }; 788 789 790 /* Declare the 3DES-CBC 128 encrytion method. */ 791 NX_CRYPTO_METHOD crypto_method_3des = 792 { 793 NX_CRYPTO_ENCRYPTION_3DES_CBC, /* 3DES crypto algorithm */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 794 NX_CRYPTO_3DES_KEY_LEN_IN_BITS, /* Key size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 795 NX_CRYPTO_3DES_IV_LEN_IN_BITS, /* IV size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 796 0, /* ICV size in bits, not used */ 797 (NX_CRYPTO_3DES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 798 sizeof(NX_CRYPTO_3DES), /* Metadata size in bytes */ 799 _nx_crypto_method_3des_init, /* 3DES initialization routine */ 800 _nx_crypto_method_3des_cleanup, /* 3DES cleanup routine */ 801 _nx_crypto_method_3des_operation /* 3DES operation */ 802 }; 803 804 /* Declare the PKCS#1v1.5 encrytion method. */ 805 NX_CRYPTO_METHOD crypto_method_pkcs1 = 806 { 807 NX_CRYPTO_DIGITAL_SIGNATURE_RSA, /* PKCS#1v1.5 crypto algorithm */ 808 0, /* Key size in bits, not used */ 809 0, /* IV size in bits, not used */ 810 0, /* ICV size in bits, not used */ 811 0, /* Block size in bytes, not used */ 812 sizeof(NX_CRYPTO_PKCS1), /* Metadata size in bytes */ 813 _nx_crypto_method_pkcs1_v1_5_init, /* PKCS#1v1.5 initialization routine */ 814 _nx_crypto_method_pkcs1_v1_5_cleanup, /* PKCS#1v1.5 cleanup routine */ 815 _nx_crypto_method_pkcs1_v1_5_operation /* PKCS#1v1.5 operation */ 816 }; 817
