1 /*************************************************************************** 2 * Copyright (c) 2024 Microsoft Corporation 3 * 4 * This program and the accompanying materials are made available under the 5 * terms of the MIT License which is available at 6 * https://opensource.org/licenses/MIT. 7 * 8 * SPDX-License-Identifier: MIT 9 **************************************************************************/ 10 11 12 /**************************************************************************/ 13 /**************************************************************************/ 14 /** */ 15 /** NetX Crypto Component */ 16 /** */ 17 /** Crypto Methods */ 18 /** */ 19 /**************************************************************************/ 20 /**************************************************************************/ 21 22 #include "nx_crypto_phash.h" 23 #include "nx_crypto_tls_prf_1.h" 24 #include "nx_crypto_tls_prf_sha256.h" 25 #include "nx_crypto_tls_prf_sha384.h" 26 #include "nx_crypto_tls_prf_sha512.h" 27 #include "nx_crypto_hkdf.h" 28 #include "nx_crypto_3des.h" 29 #include "nx_crypto.h" 30 #include "nx_crypto_md5.h" 31 #include "nx_crypto_sha1.h" 32 #include "nx_crypto_sha2.h" 33 #include "nx_crypto_sha5.h" 34 #include "nx_crypto.h" 35 #include "nx_crypto_hmac_sha1.h" 36 #include "nx_crypto_hmac_sha2.h" 37 #include "nx_crypto_hmac_sha5.h" 38 #include "nx_crypto_hmac_md5.h" 39 #include "nx_crypto_aes.h" 40 #include "nx_crypto_rsa.h" 41 #include "nx_crypto_null.h" 42 #include "nx_crypto_ecjpake.h" 43 #include "nx_crypto_ecdsa.h" 44 #include "nx_crypto_ecdh.h" 45 #include "nx_crypto_drbg.h" 46 #include "nx_crypto_pkcs1_v1.5.h" 47 48 /**************************************************************************/ 49 /* */ 50 /* FUNCTION RELEASE */ 51 /* */ 52 /* nx_crypto_methods PORTABLE C */ 53 /* 6.1.12 */ 54 /* AUTHOR */ 55 /* */ 56 /* Timothy Stapko, Microsoft Corporation */ 57 /* */ 58 /* DESCRIPTION */ 59 /* */ 60 /* This table of function pointers provides a mapping from TLS */ 61 /* ciphersuites to the necessary cryptographic methods for a given */ 62 /* platform. It can be used as a model to develop a hardware-specific */ 63 /* cryptography table for TLS. */ 64 /* */ 65 /* INPUT */ 66 /* */ 67 /* None */ 68 /* */ 69 /* OUTPUT */ 70 /* */ 71 /* None */ 72 /* */ 73 /* CALLS */ 74 /* */ 75 /* None */ 76 /* */ 77 /* CALLED BY */ 78 /* */ 79 /* Application Code */ 80 /* */ 81 /* RELEASE HISTORY */ 82 /* */ 83 /* DATE NAME DESCRIPTION */ 84 /* */ 85 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 86 /* 09-30-2020 Timothy Stapko Modified comment(s), */ 87 /* resulting in version 6.1 */ 88 /* 04-25-2022 Timothy Stapko Modified comments(s), added */ 89 /* warning supression for */ 90 /* obsolete DES/3DES, */ 91 /* added x25519 curve, */ 92 /* resulting in version 6.1.11 */ 93 /* 07-29-2022 Yuxin Zhou Modified comment(s), */ 94 /* added x448 curve, */ 95 /* resulting in version 6.1.12 */ 96 /* */ 97 /**************************************************************************/ 98 99 /* Define cryptographic methods. */ 100 101 /* Declare the NONE method: encrypt / hash method not config */ 102 NX_CRYPTO_METHOD crypto_method_none = 103 { 104 NX_CRYPTO_NONE, /* Name of the crypto algorithm */ 105 0, /* Key size in bits, not used */ 106 0, /* IV size in bits, not used */ 107 0, /* ICV size in bits, not used */ 108 0, /* Block size in bytes */ 109 0, /* Metadata size in bytes */ 110 NX_CRYPTO_NULL, /* Initialization routine, not used */ 111 NX_CRYPTO_NULL, /* Cleanup routine, not used */ 112 NX_CRYPTO_NULL /* NULL operation */ 113 }; 114 115 116 /* Declare the NULL encrypt */ 117 NX_CRYPTO_METHOD crypto_method_null = 118 { 119 NX_CRYPTO_ENCRYPTION_NULL, /* Name of the crypto algorithm */ 120 0, /* Key size in bits, not used */ 121 0, /* IV size in bits, not used */ 122 0, /* ICV size in bits, not used */ 123 4, /* Block size in bytes */ 124 0, /* Metadata size in bytes */ 125 NX_CRYPTO_NULL, /* Initialization routine, not used */ 126 NX_CRYPTO_NULL, /* Cleanup routine, not used */ 127 NX_CRYPTO_NULL /* NULL operation */ 128 }; 129 130 /* Declare the AES-CBC 128 encrytion method. */ 131 NX_CRYPTO_METHOD crypto_method_aes_cbc_128 = 132 { 133 NX_CRYPTO_ENCRYPTION_AES_CBC, /* AES crypto algorithm */ 134 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 135 NX_CRYPTO_AES_IV_LEN_IN_BITS, /* IV size in bits */ 136 0, /* ICV size in bits, not used */ 137 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ 138 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 139 _nx_crypto_method_aes_init, /* AES-CBC initialization routine */ 140 _nx_crypto_method_aes_cleanup, /* AES-CBC cleanup routine */ 141 _nx_crypto_method_aes_cbc_operation /* AES-CBC operation */ 142 }; 143 144 /* Declare the AES-CBC 192 encrytion method. */ 145 NX_CRYPTO_METHOD crypto_method_aes_cbc_192 = 146 { 147 NX_CRYPTO_ENCRYPTION_AES_CBC, /* AES crypto algorithm */ 148 NX_CRYPTO_AES_192_KEY_LEN_IN_BITS, /* Key size in bits */ 149 NX_CRYPTO_AES_IV_LEN_IN_BITS, /* IV size in bits */ 150 0, /* ICV size in bits, not used */ 151 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ 152 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 153 _nx_crypto_method_aes_init, /* AES-CBC initialization routine */ 154 _nx_crypto_method_aes_cleanup, /* AES-CBC cleanup routine */ 155 _nx_crypto_method_aes_operation /* AES-CBC operation */ 156 }; 157 158 /* Declare the AES-CBC 256 encryption method */ 159 NX_CRYPTO_METHOD crypto_method_aes_cbc_256 = 160 { 161 NX_CRYPTO_ENCRYPTION_AES_CBC, /* AES crypto algorithm */ 162 NX_CRYPTO_AES_256_KEY_LEN_IN_BITS, /* Key size in bits */ 163 NX_CRYPTO_AES_IV_LEN_IN_BITS, /* IV size in bits */ 164 0, /* ICV size in bits, not used */ 165 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ 166 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 167 _nx_crypto_method_aes_init, /* AES-CBC initialization routine */ 168 _nx_crypto_method_aes_cleanup, /* AES-CBC cleanup routine */ 169 _nx_crypto_method_aes_cbc_operation /* AES-CBC operation */ 170 }; 171 172 173 /* Declare the AES-CCM-8 encrytion method. */ 174 NX_CRYPTO_METHOD crypto_method_aes_ccm_8 = 175 { 176 NX_CRYPTO_ENCRYPTION_AES_CCM_8, /* AES crypto algorithm */ 177 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 178 32, /* IV size in bits */ 179 64, /* ICV size in bits */ 180 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 181 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 182 _nx_crypto_method_aes_init, /* AES-CCM8 initialization routine. */ 183 _nx_crypto_method_aes_cleanup, /* AES-CCM8 cleanup routine. */ 184 _nx_crypto_method_aes_ccm_operation /* AES-CCM8 operation */ 185 }; 186 187 /* Declare the AES-CCM-16 encrytion method. */ 188 NX_CRYPTO_METHOD crypto_method_aes_ccm_16 = 189 { 190 NX_CRYPTO_ENCRYPTION_AES_CCM_16, /* AES crypto algorithm */ 191 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 192 32, /* IV size in bits */ 193 128, /* ICV size in bits */ 194 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 195 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 196 _nx_crypto_method_aes_init, /* AES-CCM16 initialization routine. */ 197 _nx_crypto_method_aes_cleanup, /* AES-CCM16 cleanup routine. */ 198 _nx_crypto_method_aes_ccm_operation /* AES-CCM16 operation */ 199 }; 200 201 /* Declare the AES-GCM encrytion method. */ 202 NX_CRYPTO_METHOD crypto_method_aes_128_gcm_16 = 203 { 204 NX_CRYPTO_ENCRYPTION_AES_GCM_16, /* AES crypto algorithm */ 205 NX_CRYPTO_AES_128_KEY_LEN_IN_BITS, /* Key size in bits */ 206 32, /* IV size in bits */ 207 128, /* ICV size in bits */ 208 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 209 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 210 _nx_crypto_method_aes_init, /* AES-GCM initialization routine. */ 211 _nx_crypto_method_aes_cleanup, /* AES-GCM cleanup routine. */ 212 _nx_crypto_method_aes_gcm_operation, /* AES-GCM operation */ 213 }; 214 215 /* Declare the AES-GCM encrytion method. */ 216 NX_CRYPTO_METHOD crypto_method_aes_256_gcm_16 = 217 { 218 NX_CRYPTO_ENCRYPTION_AES_GCM_16, /* AES crypto algorithm */ 219 NX_CRYPTO_AES_256_KEY_LEN_IN_BITS, /* Key size in bits */ 220 32, /* IV size in bits */ 221 128, /* ICV size in bits */ 222 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 223 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 224 _nx_crypto_method_aes_init, /* AES-GCM initialization routine. */ 225 _nx_crypto_method_aes_cleanup, /* AES-GCM cleanup routine. */ 226 _nx_crypto_method_aes_gcm_operation, /* AES-GCM operation */ 227 }; 228 229 /* Declare the AES-XCBC-MAC encrytion method. */ 230 NX_CRYPTO_METHOD crypto_method_aes_xcbc_mac_96 = 231 { 232 NX_CRYPTO_AUTHENTICATION_AES_XCBC_MAC_96, /* AES_XCBC_MAC algorithm */ 233 NX_CRYPTO_AES_XCBC_MAC_KEY_LEN_IN_BITS, /* Key size in bits */ 234 0, /* IV size in bits, not used */ 235 NX_CRYPTO_AUTHENTICATION_ICV_TRUNC_BITS, /* Transmitted ICV size in bits */ 236 (NX_CRYPTO_AES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes. */ 237 sizeof(NX_CRYPTO_AES), /* Metadata size in bytes */ 238 _nx_crypto_method_aes_init, /* AES-XCBC_MAC initialization routine. */ 239 _nx_crypto_method_aes_cleanup, /* AES-XCBC_MAC cleanup routine. */ 240 _nx_crypto_method_aes_xcbc_operation /* AES_XCBC_MAC operation */ 241 }; 242 243 /* Declare the DRBG encrytion method. */ 244 NX_CRYPTO_METHOD crypto_method_drbg = 245 { 246 0, /* DRBG crypto algorithm */ 247 0, /* Key size in bits */ 248 0, /* IV size in bits */ 249 0, /* ICV size in bits, not used */ 250 0, /* Block size in bytes */ 251 sizeof(NX_CRYPTO_DRBG), /* Metadata size in bytes */ 252 _nx_crypto_method_drbg_init, /* DRBG initialization routine */ 253 _nx_crypto_method_drbg_cleanup, /* DRBG cleanup routine */ 254 _nx_crypto_method_drbg_operation, /* DRBG operation */ 255 }; 256 257 /* Declare the ECDSA crypto method */ 258 NX_CRYPTO_METHOD crypto_method_ecdsa = 259 { 260 NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA, /* ECDSA crypto algorithm */ 261 0, /* Key size in bits */ 262 0, /* IV size in bits */ 263 0, /* ICV size in bits, not used */ 264 0, /* Block size in bytes */ 265 sizeof(NX_CRYPTO_ECDSA), /* Metadata size in bytes */ 266 _nx_crypto_method_ecdsa_init, /* ECDSA initialization routine */ 267 _nx_crypto_method_ecdsa_cleanup, /* ECDSA cleanup routine */ 268 _nx_crypto_method_ecdsa_operation /* ECDSA operation */ 269 }; 270 271 /* Declare the ECDH crypto method */ 272 NX_CRYPTO_METHOD crypto_method_ecdh = 273 { 274 NX_CRYPTO_KEY_EXCHANGE_ECDH, /* ECDH crypto algorithm */ 275 0, /* Key size in bits */ 276 0, /* IV size in bits */ 277 0, /* ICV size in bits, not used */ 278 0, /* Block size in bytes */ 279 sizeof(NX_CRYPTO_ECDH), /* Metadata size in bytes */ 280 _nx_crypto_method_ecdh_init, /* ECDH initialization routine */ 281 _nx_crypto_method_ecdh_cleanup, /* ECDH cleanup routine */ 282 _nx_crypto_method_ecdh_operation /* ECDH operation */ 283 }; 284 285 /* Declare the ECDHE crypto method */ 286 NX_CRYPTO_METHOD crypto_method_ecdhe = 287 { 288 NX_CRYPTO_KEY_EXCHANGE_ECDHE, /* ECDHE crypto algorithm */ 289 0, /* Key size in bits */ 290 0, /* IV size in bits */ 291 0, /* ICV size in bits, not used */ 292 0, /* Block size in bytes */ 293 sizeof(NX_CRYPTO_ECDH), /* Metadata size in bytes */ 294 _nx_crypto_method_ecdh_init, /* ECDH initialization routine */ 295 _nx_crypto_method_ecdh_cleanup, /* ECDH cleanup routine */ 296 _nx_crypto_method_ecdh_operation /* ECDH operation */ 297 }; 298 299 /* Declare the HMAC SHA1 authentication method */ 300 NX_CRYPTO_METHOD crypto_method_hmac_sha1 = 301 { 302 NX_CRYPTO_AUTHENTICATION_HMAC_SHA1_160, /* HMAC SHA1 algorithm */ 303 0, /* Key size in bits */ 304 0, /* IV size in bits, not used */ 305 NX_CRYPTO_HMAC_SHA1_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 306 NX_CRYPTO_SHA1_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 307 sizeof(NX_CRYPTO_SHA1_HMAC), /* Metadata size in bytes */ 308 _nx_crypto_method_hmac_sha1_init, /* HMAC SHA1 initialization routine */ 309 _nx_crypto_method_hmac_sha1_cleanup, /* HMAC SHA1 cleanup routine */ 310 _nx_crypto_method_hmac_sha1_operation /* HMAC SHA1 operation */ 311 }; 312 313 /* Declare the HMAC SHA224 authentication method */ 314 NX_CRYPTO_METHOD crypto_method_hmac_sha224 = 315 { 316 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_224, /* HMAC SHA224 algorithm */ 317 0, /* Key size in bits */ 318 0, /* IV size in bits, not used */ 319 NX_CRYPTO_HMAC_SHA224_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 320 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 321 sizeof(NX_CRYPTO_SHA256_HMAC), /* Metadata size in bytes */ 322 _nx_crypto_method_hmac_sha256_init, /* HMAC SHA224 initialization routine */ 323 _nx_crypto_method_hmac_sha256_cleanup, /* HMAC SHA224 cleanup routine */ 324 _nx_crypto_method_hmac_sha256_operation /* HMAC SHA224 operation */ 325 }; 326 327 /* Declare the HMAC SHA256 authentication method */ 328 NX_CRYPTO_METHOD crypto_method_hmac_sha256 = 329 { 330 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_256, /* HMAC SHA256 algorithm */ 331 0, /* Key size in bits */ 332 0, /* IV size in bits, not used */ 333 NX_CRYPTO_HMAC_SHA256_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 334 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 335 sizeof(NX_CRYPTO_SHA256_HMAC), /* Metadata size in bytes */ 336 _nx_crypto_method_hmac_sha256_init, /* HMAC SHA256 initialization routine */ 337 _nx_crypto_method_hmac_sha256_cleanup, /* HMAC SHA256 cleanup routine */ 338 _nx_crypto_method_hmac_sha256_operation /* HMAC SHA256 operation */ 339 }; 340 341 /* Declare the HMAC SHA384 authentication method */ 342 NX_CRYPTO_METHOD crypto_method_hmac_sha384 = 343 { 344 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_384, /* HMAC SHA384 algorithm */ 345 0, /* Key size in bits */ 346 0, /* IV size in bits, not used */ 347 NX_CRYPTO_HMAC_SHA384_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 348 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 349 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 350 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA384 initialization routine */ 351 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA384 cleanup routine */ 352 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA384 operation */ 353 }; 354 355 /* Declare the HMAC SHA512 authentication method */ 356 NX_CRYPTO_METHOD crypto_method_hmac_sha512 = 357 { 358 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512, /* HMAC SHA512 algorithm */ 359 0, /* Key size in bits */ 360 0, /* IV size in bits, not used */ 361 NX_CRYPTO_HMAC_SHA512_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 362 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 363 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 364 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA512 initialization routine */ 365 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA512 cleanup routine */ 366 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA512 operation */ 367 }; 368 369 /* Declare the HMAC SHA512 authentication method */ 370 NX_CRYPTO_METHOD crypto_method_hmac_sha512_224 = 371 { 372 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_224, /* HMAC SHA512224 algorithm */ 373 0, /* Key size in bits */ 374 0, /* IV size in bits, not used */ 375 NX_CRYPTO_HMAC_SHA512_224_ICV_FULL_LEN_IN_BITS,/* Transmitted ICV size in bits */ 376 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 377 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 378 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA512224 initialization routine */ 379 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA512224 cleanup routine */ 380 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA512224 operation */ 381 }; 382 383 /* Declare the HMAC SHA512 authentication method */ 384 NX_CRYPTO_METHOD crypto_method_hmac_sha512_256 = 385 { 386 NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_256, /* HMAC SHA512256 algorithm */ 387 0, /* Key size in bits */ 388 0, /* IV size in bits, not used */ 389 NX_CRYPTO_HMAC_SHA512_256_ICV_FULL_LEN_IN_BITS,/* Transmitted ICV size in bits */ 390 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 391 sizeof(NX_CRYPTO_SHA512_HMAC), /* Metadata size in bytes */ 392 _nx_crypto_method_hmac_sha512_init, /* HMAC SHA512256 initialization routine */ 393 _nx_crypto_method_hmac_sha512_cleanup, /* HMAC SHA512256 cleanup routine */ 394 _nx_crypto_method_hmac_sha512_operation /* HMAC SHA512256 operation */ 395 }; 396 397 /* Declare the HMAC MD5 authentication method */ 398 NX_CRYPTO_METHOD crypto_method_hmac_md5 = 399 { 400 NX_CRYPTO_AUTHENTICATION_HMAC_MD5_128, /* HMAC MD5 algorithm */ 401 0, /* Key size in bits */ 402 0, /* IV size in bits, not used */ 403 NX_CRYPTO_HMAC_MD5_ICV_FULL_LEN_IN_BITS, /* Transmitted ICV size in bits */ 404 NX_CRYPTO_MD5_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 405 sizeof(NX_CRYPTO_MD5_HMAC), /* Metadata size in bytes */ 406 _nx_crypto_method_hmac_md5_init, /* HMAC MD5 initialization routine */ 407 _nx_crypto_method_hmac_md5_cleanup, /* HMAC MD5 cleanup routine */ 408 _nx_crypto_method_hmac_md5_operation /* HMAC MD5 operation */ 409 }; 410 411 /* Declare the RSA public cipher method. */ 412 NX_CRYPTO_METHOD crypto_method_rsa = 413 { 414 NX_CRYPTO_KEY_EXCHANGE_RSA, /* RSA crypto algorithm */ 415 0, /* Key size in bits */ 416 0, /* IV size in bits */ 417 0, /* ICV size in bits, not used. */ 418 0, /* Block size in bytes. */ 419 sizeof(NX_CRYPTO_RSA), /* Metadata size in bytes */ 420 _nx_crypto_method_rsa_init, /* RSA initialization routine. */ 421 _nx_crypto_method_rsa_cleanup, /* RSA cleanup routine */ 422 _nx_crypto_method_rsa_operation /* RSA operation */ 423 }; 424 425 /* Declare a placeholder for PSK authentication. */ 426 NX_CRYPTO_METHOD crypto_method_auth_psk = 427 { 428 NX_CRYPTO_KEY_EXCHANGE_PSK, /* PSK placeholder */ 429 0, /* Key size in bits */ 430 0, /* IV size in bits */ 431 0, /* ICV size in bits, not used. */ 432 0, /* Block size in bytes. */ 433 0, /* Metadata size in bytes */ 434 NX_CRYPTO_NULL, /* Initialization routine. */ 435 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 436 NX_CRYPTO_NULL /* Operation */ 437 }; 438 439 /* Declare a placeholder for ECJ-PAKE. */ 440 NX_CRYPTO_METHOD crypto_method_auth_ecjpake = 441 { 442 NX_CRYPTO_KEY_EXCHANGE_ECJPAKE, /* ECJ-PAKE placeholder */ 443 0, /* Key size in bits */ 444 0, /* IV size in bits */ 445 0, /* ICV size in bits, not used. */ 446 0, /* Block size in bytes */ 447 sizeof(NX_CRYPTO_ECJPAKE), /* Metadata size in bytes */ 448 _nx_crypto_method_ecjpake_init, /* ECJPAKE initialization routine */ 449 _nx_crypto_method_ecjpake_cleanup, /* ECJPAKE cleanup routine */ 450 _nx_crypto_method_ecjpake_operation, /* ECJPAKE operation */ 451 }; 452 453 /* Declare a placeholder for EC SECP192R1. */ 454 NX_CRYPTO_METHOD crypto_method_ec_secp192 = 455 { 456 NX_CRYPTO_EC_SECP192R1, /* EC placeholder */ 457 192, /* Key size in bits */ 458 0, /* IV size in bits */ 459 0, /* ICV size in bits, not used. */ 460 0, /* Block size in bytes. */ 461 0, /* Metadata size in bytes */ 462 NX_CRYPTO_NULL, /* Initialization routine. */ 463 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 464 _nx_crypto_method_ec_secp192r1_operation, /* Operation */ 465 }; 466 467 /* Declare a placeholder for EC SECP224R1. */ 468 NX_CRYPTO_METHOD crypto_method_ec_secp224 = 469 { 470 NX_CRYPTO_EC_SECP224R1, /* EC placeholder */ 471 224, /* Key size in bits */ 472 0, /* IV size in bits */ 473 0, /* ICV size in bits, not used. */ 474 0, /* Block size in bytes. */ 475 0, /* Metadata size in bytes */ 476 NX_CRYPTO_NULL, /* Initialization routine. */ 477 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 478 _nx_crypto_method_ec_secp224r1_operation, /* Operation */ 479 }; 480 481 /* Declare a placeholder for EC SECP256R1. */ 482 NX_CRYPTO_METHOD crypto_method_ec_secp256 = 483 { 484 NX_CRYPTO_EC_SECP256R1, /* EC placeholder */ 485 256, /* Key size in bits */ 486 0, /* IV size in bits */ 487 0, /* ICV size in bits, not used. */ 488 0, /* Block size in bytes. */ 489 0, /* Metadata size in bytes */ 490 NX_CRYPTO_NULL, /* Initialization routine. */ 491 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 492 _nx_crypto_method_ec_secp256r1_operation, /* Operation */ 493 }; 494 495 /* Declare a placeholder for EC SECP384R1. */ 496 NX_CRYPTO_METHOD crypto_method_ec_secp384 = 497 { 498 NX_CRYPTO_EC_SECP384R1, /* EC placeholder */ 499 384, /* Key size in bits */ 500 0, /* IV size in bits */ 501 0, /* ICV size in bits, not used. */ 502 0, /* Block size in bytes. */ 503 0, /* Metadata size in bytes */ 504 NX_CRYPTO_NULL, /* Initialization routine. */ 505 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 506 _nx_crypto_method_ec_secp384r1_operation, /* Operation */ 507 }; 508 509 /* Declare a placeholder for EC SECP521R1. */ 510 NX_CRYPTO_METHOD crypto_method_ec_secp521 = 511 { 512 NX_CRYPTO_EC_SECP521R1, /* EC placeholder */ 513 521, /* Key size in bits */ 514 0, /* IV size in bits */ 515 0, /* ICV size in bits, not used. */ 516 0, /* Block size in bytes. */ 517 0, /* Metadata size in bytes */ 518 NX_CRYPTO_NULL, /* Initialization routine. */ 519 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 520 _nx_crypto_method_ec_secp521r1_operation, /* Operation */ 521 }; 522 523 #ifdef NX_CRYPTO_ENABLE_CURVE25519_448 524 525 /* Declare a placeholder for EC x25519. */ 526 NX_CRYPTO_METHOD crypto_method_ec_x25519 = 527 { 528 NX_CRYPTO_EC_X25519, /* EC placeholder */ 529 255, /* Key size in bits */ 530 0, /* IV size in bits */ 531 0, /* ICV size in bits, not used. */ 532 0, /* Block size in bytes. */ 533 0, /* Metadata size in bytes */ 534 NX_CRYPTO_NULL, /* Initialization routine. */ 535 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 536 _nx_crypto_method_ec_x25519_operation, /* Operation */ 537 }; 538 539 /* Declare a placeholder for EC x448. */ 540 NX_CRYPTO_METHOD crypto_method_ec_x448 = 541 { 542 NX_CRYPTO_EC_X448, /* EC placeholder */ 543 448, /* Key size in bits */ 544 0, /* IV size in bits */ 545 0, /* ICV size in bits, not used. */ 546 0, /* Block size in bytes. */ 547 0, /* Metadata size in bytes */ 548 NX_CRYPTO_NULL, /* Initialization routine. */ 549 NX_CRYPTO_NULL, /* Cleanup routine, not used. */ 550 _nx_crypto_method_ec_x448_operation, /* Operation */ 551 }; 552 553 #endif /* NX_CRYPTO_ENABLE_CURVE25519_448 */ 554 555 /* Declare the public NULL cipher (not to be confused with the NULL methods above). This 556 * is used as a placeholder in ciphersuites that do not use a cipher method for a 557 * particular operation (e.g. some PSK ciphersuites don't use a public-key algorithm 558 * like RSA). 559 */ 560 NX_CRYPTO_METHOD crypto_method_public_null = 561 { 562 NX_CRYPTO_ENCRYPTION_NULL, /* Name of the crypto algorithm */ 563 0, /* Key size in bits, not used */ 564 0, /* IV size in bits, not used */ 565 0, /* ICV size in bits, not used */ 566 1, /* Block size in bytes */ 567 0, /* Metadata size in bytes */ 568 _nx_crypto_method_null_init, /* NULL initialization routine */ 569 _nx_crypto_method_null_cleanup, /* NULL cleanup routine */ 570 _nx_crypto_method_null_operation /* NULL operation */ 571 }; 572 573 574 575 /* Declare the MD5 hash method */ 576 NX_CRYPTO_METHOD crypto_method_md5 = 577 { 578 NX_CRYPTO_HASH_MD5, /* MD5 algorithm */ 579 0, /* Key size in bits */ 580 0, /* IV size in bits, not used */ 581 NX_CRYPTO_MD5_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 582 NX_CRYPTO_MD5_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 583 sizeof(NX_CRYPTO_MD5), /* Metadata size in bytes */ 584 _nx_crypto_method_md5_init, /* MD5 initialization routine */ 585 _nx_crypto_method_md5_cleanup, /* MD5 cleanup routine */ 586 _nx_crypto_method_md5_operation /* MD5 operation */ 587 }; 588 589 /* Declare the SHA1 hash method */ 590 NX_CRYPTO_METHOD crypto_method_sha1 = 591 { 592 NX_CRYPTO_HASH_SHA1, /* SHA1 algorithm */ 593 0, /* Key size in bits */ 594 0, /* IV size in bits, not used */ 595 NX_CRYPTO_SHA1_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 596 NX_CRYPTO_SHA1_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 597 sizeof(NX_CRYPTO_SHA1), /* Metadata size in bytes */ 598 _nx_crypto_method_sha1_init, /* SHA1 initialization routine */ 599 _nx_crypto_method_sha1_cleanup, /* SHA1 cleanup routine */ 600 _nx_crypto_method_sha1_operation /* SHA1 operation */ 601 }; 602 603 /* Declare the SHA224 hash method */ 604 NX_CRYPTO_METHOD crypto_method_sha224 = 605 { 606 NX_CRYPTO_HASH_SHA224, /* SHA224 algorithm */ 607 0, /* Key size in bits */ 608 0, /* IV size in bits, not used */ 609 NX_CRYPTO_SHA224_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 610 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 611 sizeof(NX_CRYPTO_SHA256), /* Metadata size in bytes */ 612 _nx_crypto_method_sha256_init, /* SHA224 initialization routine */ 613 _nx_crypto_method_sha256_cleanup, /* SHA224 cleanup routine */ 614 _nx_crypto_method_sha256_operation /* SHA224 operation */ 615 }; 616 617 /* Declare the SHA256 hash method */ 618 NX_CRYPTO_METHOD crypto_method_sha256 = 619 { 620 NX_CRYPTO_HASH_SHA256, /* SHA256 algorithm */ 621 0, /* Key size in bits */ 622 0, /* IV size in bits, not used */ 623 NX_CRYPTO_SHA256_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 624 NX_CRYPTO_SHA2_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 625 sizeof(NX_CRYPTO_SHA256), /* Metadata size in bytes */ 626 _nx_crypto_method_sha256_init, /* SHA256 initialization routine */ 627 _nx_crypto_method_sha256_cleanup, /* SHA256 cleanup routine */ 628 _nx_crypto_method_sha256_operation /* SHA256 operation */ 629 }; 630 631 /* Declare the SHA384 hash method */ 632 NX_CRYPTO_METHOD crypto_method_sha384 = 633 { 634 NX_CRYPTO_HASH_SHA384, /* SHA384 algorithm */ 635 0, /* Key size in bits */ 636 0, /* IV size in bits, not used */ 637 NX_CRYPTO_SHA384_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 638 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 639 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 640 _nx_crypto_method_sha512_init, /* SHA384 initialization routine */ 641 _nx_crypto_method_sha512_cleanup, /* SHA384 cleanup routine */ 642 _nx_crypto_method_sha512_operation /* SHA384 operation */ 643 }; 644 645 /* Declare the SHA512 hash method */ 646 NX_CRYPTO_METHOD crypto_method_sha512 = 647 { 648 NX_CRYPTO_HASH_SHA512, /* SHA512 algorithm */ 649 0, /* Key size in bits */ 650 0, /* IV size in bits, not used */ 651 NX_CRYPTO_SHA512_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 652 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 653 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 654 _nx_crypto_method_sha512_init, /* SHA512 initialization routine */ 655 _nx_crypto_method_sha512_cleanup, /* SHA512 cleanup routine */ 656 _nx_crypto_method_sha512_operation /* SHA512 operation */ 657 }; 658 659 /* Declare the SHA512/224 hash method */ 660 NX_CRYPTO_METHOD crypto_method_sha512_224 = 661 { 662 NX_CRYPTO_HASH_SHA512_224, /* SHA512224 algorithm */ 663 0, /* Key size in bits */ 664 0, /* IV size in bits, not used */ 665 NX_CRYPTO_SHA512_224_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 666 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 667 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 668 _nx_crypto_method_sha512_init, /* SHA512224 initialization routine */ 669 _nx_crypto_method_sha512_cleanup, /* SHA512224 cleanup routine */ 670 _nx_crypto_method_sha512_operation /* SHA512224 operation */ 671 }; 672 673 /* Declare the SHA512/256 hash method */ 674 NX_CRYPTO_METHOD crypto_method_sha512_256 = 675 { 676 NX_CRYPTO_HASH_SHA512_256, /* SHA512256 algorithm */ 677 0, /* Key size in bits */ 678 0, /* IV size in bits, not used */ 679 NX_CRYPTO_SHA512_256_ICV_LEN_IN_BITS, /* Transmitted ICV size in bits */ 680 NX_CRYPTO_SHA512_BLOCK_SIZE_IN_BYTES, /* Block size in bytes */ 681 sizeof(NX_CRYPTO_SHA512), /* Metadata size in bytes */ 682 _nx_crypto_method_sha512_init, /* SHA512256 initialization routine */ 683 _nx_crypto_method_sha512_cleanup, /* SHA512256 cleanup routine */ 684 _nx_crypto_method_sha512_operation /* SHA512256 operation */ 685 }; 686 687 /* Declare the TLSv1.0/1.1 PRF hash method */ 688 NX_CRYPTO_METHOD crypto_method_tls_prf_1 = 689 { 690 NX_CRYPTO_PRF_HMAC_SHA1, /* TLS PRF algorithm */ 691 0, /* Key size in bits, not used */ 692 0, /* IV size in bits, not used */ 693 0, /* Transmitted ICV size in bits, not used*/ 694 0, /* Block size in bytes, not used */ 695 sizeof(NX_CRYPTO_TLS_PRF_1), /* Metadata size in bytes */ 696 _nx_crypto_method_prf_1_init, /* TLS PRF 1 initialization routine */ 697 _nx_crypto_method_prf_1_cleanup, /* TLS PRF 1 cleanup routine */ 698 _nx_crypto_method_prf_1_operation /* TLS PRF 1 operation */ 699 }; 700 701 /* For backward compatibility, this symbol is defined here */ 702 #define crypto_method_tls_prf_sha_256 crypto_method_tls_prf_sha256 703 /* Declare the TLSv1.2 default PRF hash method */ 704 NX_CRYPTO_METHOD crypto_method_tls_prf_sha256 = 705 { 706 NX_CRYPTO_PRF_HMAC_SHA2_256, /* TLS PRF algorithm */ 707 0, /* Key size in bits, not used */ 708 0, /* IV size in bits, not used */ 709 0, /* Transmitted ICV size in bits, not used*/ 710 0, /* Block size in bytes, not used */ 711 sizeof(NX_CRYPTO_TLS_PRF_SHA256), /* Metadata size in bytes */ 712 _nx_crypto_method_prf_sha_256_init, /* TLS PRF SHA256 initialization routine */ 713 _nx_crypto_method_prf_sha_256_cleanup, /* TLS PRF SHA256 cleanup routine */ 714 _nx_crypto_method_prf_sha_256_operation /* TLS PRF SHA256 operation */ 715 }; 716 717 /* Declare the TLSv1.2 default PRF hash method */ 718 NX_CRYPTO_METHOD crypto_method_tls_prf_sha384 = 719 { 720 NX_CRYPTO_PRF_HMAC_SHA2_384, /* TLS PRF algorithm */ 721 0, /* Key size in bits, not used */ 722 0, /* IV size in bits, not used */ 723 0, /* Transmitted ICV size in bits, not used*/ 724 0, /* Block size in bytes, not used */ 725 sizeof(NX_CRYPTO_TLS_PRF_SHA384), /* Metadata size in bytes */ 726 _nx_crypto_method_prf_sha384_init, /* TLS PRF SHA384 initialization routine */ 727 _nx_crypto_method_prf_sha384_cleanup, /* TLS PRF SHA384 cleanup routine */ 728 _nx_crypto_method_prf_sha384_operation /* TLS PRF SHA384 operation */ 729 }; 730 731 /* Declare the TLSv1.2 default PRF hash method */ 732 NX_CRYPTO_METHOD crypto_method_tls_prf_sha512 = 733 { 734 NX_CRYPTO_PRF_HMAC_SHA2_512, /* TLS PRF algorithm */ 735 0, /* Key size in bits, not used */ 736 0, /* IV size in bits, not used */ 737 0, /* Transmitted ICV size in bits, not used*/ 738 0, /* Block size in bytes, not used */ 739 sizeof(NX_CRYPTO_TLS_PRF_SHA512), /* Metadata size in bytes */ 740 _nx_crypto_method_prf_sha512_init, /* TLS PRF SHA512 initialization routine */ 741 _nx_crypto_method_prf_sha512_cleanup, /* TLS PRF SHA512 cleanup routine */ 742 _nx_crypto_method_prf_sha512_operation /* TLS PRF SHA512 operation */ 743 }; 744 745 /* Define generic HMAC cryptographic routine. */ 746 NX_CRYPTO_METHOD crypto_method_hmac = 747 { 748 NX_CRYPTO_HASH_HMAC, /* HMAC algorithm */ 749 0, /* Key size in bits, not used */ 750 0, /* IV size in bits, not used */ 751 0, /* Transmitted ICV size in bits, not used*/ 752 0, /* Block size in bytes, not used */ 753 sizeof(NX_CRYPTO_HMAC), /* Metadata size in bytes */ 754 _nx_crypto_method_hmac_init, /* HKDF initialization routine */ 755 _nx_crypto_method_hmac_cleanup, /* HKDF cleanup routine */ 756 _nx_crypto_method_hmac_operation /* HKDF operation */ 757 }; 758 759 760 /* Define generic HMAC-based Key Derivation Function method. */ 761 NX_CRYPTO_METHOD crypto_method_hkdf = 762 { 763 NX_CRYPTO_HKDF_METHOD, /* HKDF algorithm */ 764 0, /* Key size in bits, not used */ 765 0, /* IV size in bits, not used */ 766 0, /* Transmitted ICV size in bits, not used*/ 767 0, /* Block size in bytes, not used */ 768 sizeof(NX_CRYPTO_HKDF) + sizeof(NX_CRYPTO_HMAC),/* Metadata size in bytes */ 769 _nx_crypto_method_hkdf_init, /* HKDF initialization routine */ 770 _nx_crypto_method_hkdf_cleanup, /* HKDF cleanup routine */ 771 _nx_crypto_method_hkdf_operation /* HKDF operation */ 772 }; 773 774 /* Declare the 3DES-CBC 128 encrytion method. */ 775 NX_CRYPTO_METHOD crypto_method_des = 776 { 777 NX_CRYPTO_ENCRYPTION_DES_CBC, /* DES crypto algorithm */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 778 NX_CRYPTO_DES_KEY_LEN_IN_BITS, /* Key size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 779 NX_CRYPTO_DES_IV_LEN_IN_BITS, /* IV size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 780 0, /* ICV size in bits, not used */ 781 (NX_CRYPTO_DES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 782 sizeof(NX_CRYPTO_DES), /* Metadata size in bytes */ 783 _nx_crypto_method_des_init, /* 3DES initialization routine */ 784 _nx_crypto_method_des_cleanup, /* 3DES cleanup routine */ 785 _nx_crypto_method_des_operation /* 3DES operation */ 786 }; 787 788 789 /* Declare the 3DES-CBC 128 encrytion method. */ 790 NX_CRYPTO_METHOD crypto_method_3des = 791 { 792 NX_CRYPTO_ENCRYPTION_3DES_CBC, /* 3DES crypto algorithm */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 793 NX_CRYPTO_3DES_KEY_LEN_IN_BITS, /* Key size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 794 NX_CRYPTO_3DES_IV_LEN_IN_BITS, /* IV size in bits */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 795 0, /* ICV size in bits, not used */ 796 (NX_CRYPTO_3DES_BLOCK_SIZE_IN_BITS >> 3), /* Block size in bytes */ /* lgtm[cpp/weak-cryptographic-algorithm] */ 797 sizeof(NX_CRYPTO_3DES), /* Metadata size in bytes */ 798 _nx_crypto_method_3des_init, /* 3DES initialization routine */ 799 _nx_crypto_method_3des_cleanup, /* 3DES cleanup routine */ 800 _nx_crypto_method_3des_operation /* 3DES operation */ 801 }; 802 803 /* Declare the PKCS#1v1.5 encrytion method. */ 804 NX_CRYPTO_METHOD crypto_method_pkcs1 = 805 { 806 NX_CRYPTO_DIGITAL_SIGNATURE_RSA, /* PKCS#1v1.5 crypto algorithm */ 807 0, /* Key size in bits, not used */ 808 0, /* IV size in bits, not used */ 809 0, /* ICV size in bits, not used */ 810 0, /* Block size in bytes, not used */ 811 sizeof(NX_CRYPTO_PKCS1), /* Metadata size in bytes */ 812 _nx_crypto_method_pkcs1_v1_5_init, /* PKCS#1v1.5 initialization routine */ 813 _nx_crypto_method_pkcs1_v1_5_cleanup, /* PKCS#1v1.5 cleanup routine */ 814 _nx_crypto_method_pkcs1_v1_5_operation /* PKCS#1v1.5 operation */ 815 }; 816
