1 /**************************************************************************/ 2 /* */ 3 /* Copyright (c) Microsoft Corporation. All rights reserved. */ 4 /* */ 5 /* This software is licensed under the Microsoft Software License */ 6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */ 7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ 8 /* and in the root directory of this software. */ 9 /* */ 10 /**************************************************************************/ 11 12 13 /**************************************************************************/ 14 /**************************************************************************/ 15 /** */ 16 /** NetX Crypto Component */ 17 /** */ 18 /** Crypto */ 19 /** */ 20 /**************************************************************************/ 21 /**************************************************************************/ 22 23 24 /**************************************************************************/ 25 /* */ 26 /* COMPONENT DEFINITION RELEASE */ 27 /* */ 28 /* nx_crypto_const.h PORTABLE C */ 29 /* 6.2.0 */ 30 /* AUTHOR */ 31 /* */ 32 /* Timothy Stapko, Microsoft Corporation */ 33 /* */ 34 /* DESCRIPTION */ 35 /* */ 36 /* This file defines the NetX Security Encryption component. */ 37 /* */ 38 /* RELEASE HISTORY */ 39 /* */ 40 /* DATE NAME DESCRIPTION */ 41 /* */ 42 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ 43 /* 09-30-2020 Timothy Stapko Modified comment(s), added */ 44 /* new constants, */ 45 /* resulting in version 6.1 */ 46 /* 06-02-2021 Bhupendra Naphade Modified comment(s), */ 47 /* renamed FIPS symbol to */ 48 /* self-test, */ 49 /* resulting in version 6.1.7 */ 50 /* 04-25-2022 Yuxin Zhou Modified comment(s), added */ 51 /* x25519 and x448 curves, */ 52 /* resulting in version 6.1.11 */ 53 /* 10-31-2022 Yanwu Cai Modified comment(s), added */ 54 /* EC curve type macro, */ 55 /* resulting in version 6.2.0 */ 56 /* */ 57 /**************************************************************************/ 58 59 #ifndef _NX_CRYPTO_CONST_H_ 60 #define _NX_CRYPTO_CONST_H_ 61 62 /* Determine if a C++ compiler is being used. If so, ensure that standard 63 C is used to process the API information. */ 64 #ifdef __cplusplus 65 66 /* Yes, C++ compiler is present. Use standard C. */ 67 extern "C" { 68 69 #endif 70 71 /* Define the encryption algorithm, as outlined in RFC 4305 3.1.1 */ 72 /* These values are used in nx_crypto_algorithm field. */ 73 /* Values of 16 least significant bits are the same as defined in RFC 5996 3.3.2 */ 74 #define NX_CRYPTO_ENCRYPTION_MASK 0x00000000 75 #define NX_CRYPTO_NONE 0x00000000 76 #define NX_CRYPTO_ENCRYPTION_DES_IV64 0x00000001 77 #define NX_CRYPTO_ENCRYPTION_DES_CBC 0x00000002 78 #define NX_CRYPTO_ENCRYPTION_3DES_CBC 0x00000003 79 #define NX_CRYPTO_ENCRYPTION_RC5 0x00000004 80 #define NX_CRYPTO_ENCRYPTION_IDEA 0x00000005 81 #define NX_CRYPTO_ENCRYPTION_CAST 0x00000006 82 #define NX_CRYPTO_ENCRYPTION_BLOWFISH 0x00000007 83 #define NX_CRYPTO_ENCRYPTION_3IDEA 0x00000008 84 #define NX_CRYPTO_ENCRYPTION_DES_IV32 0x00000009 85 #define NX_CRYPTO_ENCRYPTION_NULL 0x0000000B 86 #define NX_CRYPTO_ENCRYPTION_AES_CBC 0x0000000C 87 #define NX_CRYPTO_ENCRYPTION_AES_CTR 0x0000000D 88 #define NX_CRYPTO_ENCRYPTION_AES_CCM_8 0x0000000E 89 #define NX_CRYPTO_ENCRYPTION_AES_CCM_12 0x0000000F 90 #define NX_CRYPTO_ENCRYPTION_AES_CCM_16 0x00000010 91 #define NX_CRYPTO_ENCRYPTION_AES_CCM 0x00000011 /* Unassigned number in IANA, define it for all other length ICV. */ 92 #define NX_CRYPTO_ENCRYPTION_AES_GCM_8 0x00000012 93 #define NX_CRYPTO_ENCRYPTION_AES_GCM_12 0x00000013 94 #define NX_CRYPTO_ENCRYPTION_AES_GCM_16 0x00000014 95 #define NX_CRYPTO_ENCRYPTION_NULL_AUTH_AES_GMAC 0x00000015 96 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CBC 0x00000017 97 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CTR 0x00000018 98 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CCM_8 0x00000019 99 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CCM_12 0x0000001A 100 #define NX_CRYPTO_ENCRYPTION_CAMELLIA_CCM_16 0x0000001B 101 #define NX_CRYPTO_ENCRYPTION_CHACHA20_POLY1305 0x0000001C 102 103 104 /* Define the authentication algorithm, as outlined in RFC 4305 3.2 */ 105 /* See also: https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml */ 106 /* These values are used in nx_crypto_algorithm field. */ 107 /* Values of 16 least significant bits are the same as defined in RFC 5996 3.3.2 */ 108 #define NX_CRYPTO_AUTHENTICATION_MASK 0x00010000 109 #define NX_CRYPTO_AUTHENTICATION_NONE 0x00010000 110 #define NX_CRYPTO_AUTHENTICATION_HMAC_MD5_96 0x00010001 111 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA1_96 0x00010002 112 #define NX_CRYPTO_AUTHENTICATION_DES_MAC 0x00010003 113 #define NX_CRYPTO_AUTHENTICATION_KPDK_MD5 0x00010004 114 #define NX_CRYPTO_AUTHENTICATION_AES_XCBC_MAC_96 0x00010005 115 #define NX_CRYPTO_AUTHENTICATION_HMAC_MD5_128 0x00010006 116 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA1_160 0x00010007 117 #define NX_CRYPTO_AUTHENTICATION_AES_CMAC_96 0x00010008 118 #define NX_CRYPTO_AUTHENTICATION_AES_128_GMAC 0x00010009 119 #define NX_CRYPTO_AUTHENTICATION_AES_192_GMAC 0x0001000A 120 #define NX_CRYPTO_AUTHENTICATION_AES_256_GMAC 0x0001000B 121 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_256 0x0001000C 122 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_384 0x0001000D 123 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512 0x0001000E 124 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_224 0x0001000F /* Unassigned number in IANA. */ 125 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_224 0x00010010 /* Unassigned number in IANA. */ 126 #define NX_CRYPTO_AUTHENTICATION_HMAC_SHA2_512_256 0x00010011 /* Unassigned number in IANA. */ 127 128 /* Define the Pseudorandom Function algorithm */ 129 /* These values are used in nx_crypto_algorithm field. */ 130 /* Values of 16 least significant bits are the same as defined in RFC 5996 3.3.2, 131 * except for algorithms not found in that RFC such as the HKDF. */ 132 #define NX_CRYPTO_PRF_MASK 0x00020000 133 #define NX_CRYPTO_PRF_HMAC_MD5 0x00020001 134 #define NX_CRYPTO_PRF_HMAC_SHA1 0x00020002 135 #define NX_CRYPTO_PRF_HMAC_TIGER 0x00020003 136 #define NX_CRYPTO_PRF_HMAC_AES128_XCBC 0x00020004 137 #define NX_CRYPTO_PRF_HMAC_SHA2_256 0x00020005 138 #define NX_CRYPTO_PRF_HMAC_SHA2_384 0x00020006 139 #define NX_CRYPTO_PRF_HMAC_SHA2_512 0x00020007 140 #define NX_CRYPTO_HKDF_METHOD 0x00020008 141 142 /* Define the hash algorithm */ 143 #define NX_CRYPTO_HASH_MASK 0x00030000 144 #define NX_CRYPTO_HASH_NONE 0x00030001 145 #define NX_CRYPTO_HASH_MD5 0x00030002 146 #define NX_CRYPTO_HASH_SHA1 0x00030003 147 #define NX_CRYPTO_HASH_SHA224 0x00030004 148 #define NX_CRYPTO_HASH_SHA256 0x00030005 149 #define NX_CRYPTO_HASH_SHA384 0x00030006 150 #define NX_CRYPTO_HASH_SHA512 0x00030007 151 #define NX_CRYPTO_HASH_SHA512_224 0x00030008 152 #define NX_CRYPTO_HASH_SHA512_256 0x00030009 153 #define NX_CRYPTO_HASH_HMAC 0x0003000A /* Generic HMAC wrapper. */ 154 155 /* Define the key exchange algorithm */ 156 #define NX_CRYPTO_KEY_EXCHANGE_MASK 0x00040000 157 #define NX_CRYPTO_KEY_EXCHANGE_NONE 0x00040000 158 #define NX_CRYPTO_KEY_EXCHANGE_PSK 0x00040001 159 #define NX_CRYPTO_KEY_EXCHANGE_RSA 0x00040002 160 #define NX_CRYPTO_KEY_EXCHANGE_DH 0x00040003 161 #define NX_CRYPTO_KEY_EXCHANGE_DHE 0x00040004 162 #define NX_CRYPTO_KEY_EXCHANGE_ECDH 0x00040005 163 #define NX_CRYPTO_KEY_EXCHANGE_ECDHE 0x00040006 164 #define NX_CRYPTO_KEY_EXCHANGE_ECJPAKE 0x00040007 165 166 /*Define the digital signature algorithm */ 167 #define NX_CRYPTO_DIGITAL_SIGNATURE_MASK 0x00050000 168 #define NX_CRYPTO_DIGITAL_SIGNATURE_ANONYMOUS 0x00050000 169 #define NX_CRYPTO_DIGITAL_SIGNATURE_RSA 0x00050001 170 #define NX_CRYPTO_DIGITAL_SIGNATURE_DSA 0x00050002 171 #define NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA 0x00050003 172 173 /*Define the elliptic curve algorithm */ 174 /* Values of 16 least significant bits are the same as named curve defined in RFC 4492, section 5.1.1 */ 175 #define NX_CRYPTO_EC_MASK 0x00060000 176 #define NX_CRYPTO_EC_SECT163K1 0x00060001 177 #define NX_CRYPTO_EC_SECT163R1 0x00060002 178 #define NX_CRYPTO_EC_SECT163R2 0x00060003 179 #define NX_CRYPTO_EC_SECT193R1 0x00060004 180 #define NX_CRYPTO_EC_SECT193R2 0x00060005 181 #define NX_CRYPTO_EC_SECT233K1 0x00060006 182 #define NX_CRYPTO_EC_SECT233R1 0x00060007 183 #define NX_CRYPTO_EC_SECT239K1 0x00060008 184 #define NX_CRYPTO_EC_SECT283K1 0x00060009 185 #define NX_CRYPTO_EC_SECT283R1 0x0006000A 186 #define NX_CRYPTO_EC_SECT409K1 0x0006000B 187 #define NX_CRYPTO_EC_SECT409R1 0x0006000C 188 #define NX_CRYPTO_EC_SECT571K1 0x0006000D 189 #define NX_CRYPTO_EC_SECT571R1 0x0006000E 190 #define NX_CRYPTO_EC_SECP160K1 0x0006000F 191 #define NX_CRYPTO_EC_SECP160R1 0x00060010 192 #define NX_CRYPTO_EC_SECP160R2 0x00060011 193 #define NX_CRYPTO_EC_SECP192K1 0x00060012 194 #define NX_CRYPTO_EC_SECP192R1 0x00060013 195 #define NX_CRYPTO_EC_SECP224K1 0x00060014 196 #define NX_CRYPTO_EC_SECP224R1 0x00060015 197 #define NX_CRYPTO_EC_SECP256K1 0x00060016 198 #define NX_CRYPTO_EC_SECP256R1 0x00060017 199 #define NX_CRYPTO_EC_SECP384R1 0x00060018 200 #define NX_CRYPTO_EC_SECP521R1 0x00060019 201 #define NX_CRYPTO_EC_BRAINPOOLP256r1 0x0006001A 202 #define NX_CRYPTO_EC_BRAINPOOLP384r1 0x0006001B 203 #define NX_CRYPTO_EC_BRAINPOOLP512r1 0x0006001C 204 #define NX_CRYPTO_EC_X25519 0x0006001D 205 #define NX_CRYPTO_EC_X448 0x0006001E 206 #define NX_CRYPTO_EC_FFDHE2048 0x00060100 207 #define NX_CRYPTO_EC_FFDHE3072 0x00060101 208 #define NX_CRYPTO_EC_FFDHE4096 0x00060102 209 #define NX_CRYPTO_EC_FFDHE6144 0x00060103 210 #define NX_CRYPTO_EC_FFDHE8192 0x00060104 211 #define NX_CRYPTO_EC_PRIME 0x0006FF01 212 #define NX_CRYPTO_EC_CHAR2 0x0006FF02 213 214 /* Elliptic curve point format definitions. */ 215 #define NX_CRYPTO_EC_POINT_UNCOMPRESSED 0 216 #define NX_CRYPTO_EC_POINT_ANSIX962_COMPRESSED_PRIME 1 217 #define NX_CRYPTO_EC_POINT_ANSIX962_COMPRESSED_CHAR2 2 218 219 /* Elliptic curve type definitions. */ 220 #define NX_CRYPTO_EC_CURVE_TYPE_EXPLICIT_PRIME 1 221 #define NX_CRYPTO_EC_CURVE_TYPE_EXPLICIT_CHAR2 2 222 #define NX_CRYPTO_EC_CURVE_TYPE_NAMED_CURVE 3 223 224 /* Define crypto ICV bits size. */ 225 #define NX_CRYPTO_AUTHENTICATION_ICV_TRUNC_BITS 96 226 227 #ifndef NX_CRYPTO_MAX_IV_SIZE_IN_BITS 228 #define NX_CRYPTO_MAX_IV_SIZE_IN_BITS 192 229 #endif /* NX_CRYPTO_MAX_IV_SIZE_IN_BYTES */ 230 231 /* NX_CRYPTO_ROLE_xxx - used to identify the "role of a crypto algorithm 232 in a ciphersuite/X.509 mapping. */ 233 #define NX_CRYPTO_ROLE_NONE 0 /* Used to indicate the end of a list. */ 234 #define NX_CRYPTO_ROLE_KEY_EXCHANGE 1 /* Cipher is used for key exchange (e.g. RSA, ECDHE) */ 235 #define NX_CRYPTO_ROLE_SIGNATURE_CRYPTO 2 /* Cipher is used for encrypting a signature (e.g. RSA, DSA) */ 236 #define NX_CRYPTO_ROLE_SIGNATURE_HASH 3 /* Cipher is used to generate a signature hash (e.g. SHA-1, SHA-256) */ 237 #define NX_CRYPTO_ROLE_SYMMETRIC 4 /* Cipher is used for symmetric encryption (e.g. AES, RC4) */ 238 #define NX_CRYPTO_ROLE_MAC_HASH 5 /* Cipher is used for hash MAC generation (e.g. HMAC-SHA-1, HMAC-SHA-256) */ 239 #define NX_CRYPTO_ROLE_PRF 6 /* Cipher is used for TLS PRF (key generation). */ 240 #define NX_CRYPTO_ROLE_HMAC 7 /* Generic HMAC wrapper to be used with a "raw" hash function. */ 241 #define NX_CRYPTO_ROLE_RAW_HASH 8 /* A "raw" hash function is the cryptographic primitive without a wrapper (e.g. SHA-256, no HMAC). */ 242 243 /* Define values used for nx_crypto_type. */ 244 #define NX_CRYPTO_ENCRYPT 1 /* ESP Encrypt (egress) */ 245 #define NX_CRYPTO_DECRYPT 2 /* ESP Decrypt (ingress) */ 246 #define NX_CRYPTO_AUTHENTICATE 3 /* AH Authenticate (egress) */ 247 #define NX_CRYPTO_VERIFY 4 /* AH Verify (ingress) */ 248 #define NX_CRYPTO_HASH_INITIALIZE 5 /* Hash initialize */ 249 #define NX_CRYPTO_HASH_UPDATE 6 /* Hash update */ 250 #define NX_CRYPTO_HASH_CALCULATE 7 /* Hash calculate */ 251 #define NX_CRYPTO_PRF 8 /* For the TLS PRF function. */ 252 #define NX_CRYPTO_SET_PRIME_P 9 /* Set Prime number P. This is used in software RSA implementation. */ 253 #define NX_CRYPTO_SET_PRIME_Q 10 /* Set Prime number Q. This is used in software RSA implementation. */ 254 #define NX_CRYPTO_SET_ADDITIONAL_DATA 11 /* Set additional data pointer and length. */ 255 #define NX_CRYPTO_HASH_METHOD_SET 12 /* Set hash method. */ 256 #define NX_CRYPTO_SIGNATURE_GENERATE 13 /* Signature generation. */ 257 #define NX_CRYPTO_SIGNATURE_VERIFY 14 /* Signature verification. */ 258 #define NX_CRYPTO_PRF_SET_HASH NX_CRYPTO_HASH_METHOD_SET 259 260 /* ECJPAKE operations. */ 261 #define NX_CRYPTO_ECJPAKE_HASH_METHOD_SET NX_CRYPTO_HASH_METHOD_SET 262 #define NX_CRYPTO_ECJPAKE_CURVE_SET 21 263 #define NX_CRYPTO_ECJPAKE_CLIENT_HELLO_GENERATE 22 264 #define NX_CRYPTO_ECJPAKE_SERVER_HELLO_GENERATE 23 265 #define NX_CRYPTO_ECJPAKE_CLIENT_HELLO_PROCESS 24 266 #define NX_CRYPTO_ECJPAKE_SERVER_HELLO_PROCESS 25 267 #define NX_CRYPTO_ECJPAKE_CLIENT_KEY_EXCHANGE_GENERATE 26 268 #define NX_CRYPTO_ECJPAKE_SERVER_KEY_EXCHANGE_GENERATE 27 269 #define NX_CRYPTO_ECJPAKE_CLIENT_KEY_EXCHANGE_PROCESS 28 270 #define NX_CRYPTO_ECJPAKE_SERVER_KEY_EXCHANGE_PROCESS 29 271 272 #define NX_CRYPTO_ENCRYPT_INITIALIZE 30 /* Encrypt initialize */ 273 #define NX_CRYPTO_DECRYPT_INITIALIZE 31 /* Decrypt initialize */ 274 #define NX_CRYPTO_ENCRYPT_UPDATE 32 /* Encrypt update */ 275 #define NX_CRYPTO_DECRYPT_UPDATE 33 /* Decrypt update */ 276 #define NX_CRYPTO_ENCRYPT_CALCULATE 34 /* Final encrypt calculation */ 277 #define NX_CRYPTO_DECRYPT_CALCULATE 35 /* Final decrypt calculation */ 278 279 /* EC operations. */ 280 #define NX_CRYPTO_EC_CURVE_GET 40 281 #define NX_CRYPTO_EC_CURVE_SET 41 282 #define NX_CRYPTO_EC_KEY_PAIR_GENERATE 42 283 284 /* DH and ECDH operations. */ 285 #define NX_CRYPTO_DH_SETUP 50 286 #define NX_CRYPTO_DH_CALCULATE 51 287 #define NX_CRYPTO_DH_KEY_PAIR_IMPORT 52 288 #define NX_CRYPTO_DH_PRIVATE_KEY_EXPORT 53 289 290 /* DRBG operations. */ 291 #define NX_CRYPTO_DRBG_OPTIONS_SET 60 292 #define NX_CRYPTO_DRBG_INSTANTIATE 61 293 #define NX_CRYPTO_DRBG_RESEED 62 294 #define NX_CRYPTO_DRBG_GENERATE 63 295 296 /* HKDF operations. */ 297 #define NX_CRYPTO_HKDF_SET_HASH NX_CRYPTO_HASH_METHOD_SET /* Set the generic hash routine to be used for HKDF. */ 298 #define NX_CRYPTO_HKDF_EXTRACT 70 /* Perform an HKDF-extract operation. */ 299 #define NX_CRYPTO_HKDF_EXPAND 71 /* Perform an HKDF-expand operation. */ 300 #define NX_CRYPTO_HKDF_SET_PRK 72 /* Set the Pseudo-Random Key for an HKDF-expand operation. */ 301 #define NX_CRYPTO_HKDF_SET_HMAC 73 /* Set the generic HMAC routine to be used for HKDF. */ 302 #define NX_CRYPTO_HMAC_SET_HASH 74 /* Set the generic hash routine to be used for HMAC operations. */ 303 304 /* Define align MACRO to a byte boundry. */ 305 #define NX_CRYPTO_ALIGN8(len) (((len) + 7) & ~7) 306 307 /* Find the offset of a structure. */ 308 #define NX_CRYPTO_OFFSET(a, b) ((ULONG)(&(((a *)(0)) -> b))) 309 310 311 typedef UINT NX_CRYPTO_KEY_SIZE; 312 313 #define NX_CRYPTO_SUCCESS 0x0 /* Function returned successfully. */ 314 #define NX_CRYPTO_INVALID_LIBRARY 0x20001 /* Crypto library has not been initialized or failed 315 the Power On Self Test (POST). */ 316 #define NX_CRYPTO_UNSUPPORTED_KEY_SIZE 0x20002 /* Unsupported key size. */ 317 #define NX_CRYPTO_AUTHENTICATION_FAILED 0x20003 /* Authentication failed. */ 318 #define NX_CRYPTO_INVALID_ALGORITHM 0x20004 319 #define NX_CRYPTO_INVALID_KEY 0x20005 320 #define NX_CRYPTO_INVALID_BUFFER_SIZE 0x20006 321 #define NX_CRYPTO_PTR_ERROR 0x20007 322 #define NX_CRYPTO_SIZE_ERROR 0x20008 323 #define NX_CRYPTO_NOT_SUCCESSFUL 0x20009 324 #define NX_CRYPTO_INVALID_PARAMETER 0x2000A 325 #define NX_CRYPTO_NO_INSTANCE 0x2000B 326 #define NX_CRYPTO_METHOD_INITIALIZATION_FAILURE 0x2000C /* A method was not properly initialized before use. */ 327 #define NX_CRYPTO_METADATA_UNALIGNED 0x2000D /* Crypto metadata must be 4-byte aligned. */ 328 #define NX_CRYPTO_POINTER_ERROR 0x2000E /* An invalid (NULL?) pointer was passed into a crypto method. */ 329 #define NX_CRYTPO_MISSING_ECC_CURVE 0x2000F /* ECC curve lookup failed to return a matching curve. */ 330 #define NX_CRYPTO_FORMAT_NOT_SUPPORTED 0x20010 /* Unsupported Format */ 331 332 #define NX_CRYPTO_NULL 0 333 #define NX_CRYPTO_FALSE 0 334 #define NX_CRYPTO_TRUE 1 335 336 /* The following symbols are mapped to the error code for backward compatibility. */ 337 #define NX_CRYPTO_AES_UNSUPPORTED_KEY_SIZE NX_CRYPTO_UNSUPPORTED_KEY_SIZE 338 339 #ifdef NX_CRYPTO_SELF_TEST 340 #define NX_CRYPTO_LIBRARY_STATE_UNINITIALIZED 0x00000001U 341 #define NX_CRYPTO_LIBRARY_STATE_POST_IN_PROGRESS 0x00000002U 342 #define NX_CRYPTO_LIBRARY_STATE_POST_FAILED 0x00000004U 343 #define NX_CRYPTO_LIBRARY_STATE_OPERATIONAL 0x80000000U 344 345 #endif /* NX_CRYPTO_SELF_TEST */ 346 347 348 #ifdef __cplusplus 349 } 350 #endif 351 352 #endif /* _NX_CRYPTO_CONST_H_ */ 353
