331 lines
7.1 KiB
C
331 lines
7.1 KiB
C
|
#ifndef __FIPSAPI_H__
|
||
|
#define __FIPSAPI_H__
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
#endif
|
||
|
|
||
|
#include <windef.h>
|
||
|
#include <des.h>
|
||
|
#include <tripldes.h>
|
||
|
#include <sha.h>
|
||
|
#include <modes.h>
|
||
|
#include <md5.h>
|
||
|
|
||
|
#if DEBUG
|
||
|
#define FipsDebug(LEVEL, STRING) \
|
||
|
{ \
|
||
|
DbgPrint STRING; \
|
||
|
}
|
||
|
#else
|
||
|
#define FipsDebug(LEVEL, STRING)
|
||
|
#endif
|
||
|
|
||
|
#define FIPS_DEVICE_NAME L"\\Device\\Fips"
|
||
|
|
||
|
#define FIPS_CTL_CODE(code) CTL_CODE(FILE_DEVICE_FIPS, \
|
||
|
(code), \
|
||
|
METHOD_BUFFERED, \
|
||
|
FILE_ANY_ACCESS)
|
||
|
|
||
|
#define IOCTL_FIPS_GET_FUNCTION_TABLE FIPS_CTL_CODE( 1)
|
||
|
|
||
|
#define FIPS_CBC_DES 0x1
|
||
|
#define FIPS_CBC_3DES 0x2
|
||
|
|
||
|
//
|
||
|
// Defines for IPSEC HMAC use
|
||
|
//
|
||
|
#define MAX_LEN_PAD 65
|
||
|
#define MAX_KEYLEN_SHA 64
|
||
|
#define MAX_KEYLEN_MD5 64
|
||
|
|
||
|
//
|
||
|
// Fill in the DESTable struct with the decrypt and encrypt
|
||
|
// key expansions.
|
||
|
//
|
||
|
// Assumes that the second parameter points to DES_BLOCKLEN
|
||
|
// bytes of key.
|
||
|
//
|
||
|
//
|
||
|
|
||
|
VOID FipsDesKey(DESTable *DesTable, UCHAR *pbKey);
|
||
|
|
||
|
//
|
||
|
// Encrypt or decrypt with the key in DESTable
|
||
|
//
|
||
|
//
|
||
|
|
||
|
VOID FipsDes(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp);
|
||
|
|
||
|
//
|
||
|
// Fill in the DES3Table structs with the decrypt and encrypt
|
||
|
// key expansions.
|
||
|
//
|
||
|
// Assumes that the second parameter points to 2 * DES_BLOCKLEN
|
||
|
// bytes of key.
|
||
|
//
|
||
|
//
|
||
|
|
||
|
VOID Fips3Des3Key(PDES3TABLE pDES3Table, UCHAR *pbKey);
|
||
|
|
||
|
//
|
||
|
// Encrypt or decrypt with the key in pKey
|
||
|
//
|
||
|
|
||
|
VOID Fips3Des(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op);
|
||
|
|
||
|
//
|
||
|
// Initialize the SHA context.
|
||
|
//
|
||
|
|
||
|
VOID FipsSHAInit(A_SHA_CTX *pShaCtx);
|
||
|
|
||
|
//
|
||
|
// Hash data into the hash context.
|
||
|
//
|
||
|
|
||
|
VOID FipsSHAUpdate(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb);
|
||
|
|
||
|
//
|
||
|
// Finish the SHA hash and copy the final hash value into the pbHash out param.
|
||
|
//
|
||
|
|
||
|
VOID FipsSHAFinal(A_SHA_CTX *pShaCtx, UCHAR *pbHash);
|
||
|
|
||
|
//
|
||
|
// FipsCBC (cipher block chaining) performs a XOR of the feedback register
|
||
|
// with the plain text before calling the block cipher
|
||
|
//
|
||
|
// NOTE - Currently this function assumes that the block length is
|
||
|
// DES_BLOCKLEN (8 bytes).
|
||
|
//
|
||
|
// Return: Failure if FALSE is returned, TRUE if it succeeded.
|
||
|
//
|
||
|
|
||
|
BOOL FipsCBC(
|
||
|
ULONG EncryptionAlg,
|
||
|
BYTE *pbOutput,
|
||
|
BYTE *pbInput,
|
||
|
void *pKeyTable,
|
||
|
int Operation,
|
||
|
BYTE *pbFeedback
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// FipsBlockCBC (cipher block chaining) performs a XOR of the feedback register
|
||
|
// with the plain text before calling the block cipher
|
||
|
//
|
||
|
// NOTE - The Length must be multiple of DES_BLOCKLEN (8)
|
||
|
// All the input buffer must be aligned on LONGLONG for performane reason.
|
||
|
//
|
||
|
// Return: Failure if FALSE is returned, TRUE if it succeeded.
|
||
|
//
|
||
|
|
||
|
BOOL FipsBlockCBC(
|
||
|
ULONG EncryptionAlg,
|
||
|
BYTE *pbOutput,
|
||
|
BYTE *pbInput,
|
||
|
ULONG Length,
|
||
|
void *pKeyTable,
|
||
|
int Operation,
|
||
|
BYTE *pbFeedback
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Function : FIPSGenRandom
|
||
|
//
|
||
|
// Description : FIPS 186 RNG, the seed is generated by calling NewGenRandom.
|
||
|
//
|
||
|
|
||
|
BOOL FIPSGenRandom(
|
||
|
IN OUT UCHAR *pb,
|
||
|
IN ULONG cb
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Function: FipsHmacSHAInit
|
||
|
//
|
||
|
// Description: Initialize a SHA-HMAC context
|
||
|
//
|
||
|
|
||
|
VOID FipsHmacSHAInit(
|
||
|
OUT A_SHA_CTX *pShaCtx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Function: FipsHmacSHAUpdate
|
||
|
//
|
||
|
// Description: Add more data to a SHA-HMAC context
|
||
|
//
|
||
|
|
||
|
VOID FipsHmacSHAUpdate(
|
||
|
IN OUT A_SHA_CTX *pShaCtx,
|
||
|
IN UCHAR *pb,
|
||
|
IN unsigned int cb
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Function: FipsHmacSHAFinal
|
||
|
//
|
||
|
// Description: Return result of SHA-HMAC
|
||
|
//
|
||
|
|
||
|
VOID FipsHmacSHAFinal(
|
||
|
IN A_SHA_CTX *pShaCtx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey,
|
||
|
OUT UCHAR *pHash
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Function: HmacMD5Init
|
||
|
//
|
||
|
// Description: Initialize a MD5-HMAC context
|
||
|
//
|
||
|
|
||
|
VOID HmacMD5Init(
|
||
|
OUT MD5_CTX *pMD5Ctx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Function: HmacMD5Update
|
||
|
//
|
||
|
// Description: Add more data to a MD5-HMAC context
|
||
|
//
|
||
|
|
||
|
VOID HmacMD5Update(
|
||
|
IN OUT MD5_CTX *pMD5Ctx,
|
||
|
IN UCHAR *pb,
|
||
|
IN unsigned int cb
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Function: HmacMD5Final
|
||
|
//
|
||
|
// Description: Return result of MD5-HMAC
|
||
|
//
|
||
|
|
||
|
VOID HmacMD5Final(
|
||
|
IN MD5_CTX *pMD5Ctx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey,
|
||
|
OUT UCHAR *pHash
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// Current FIPS function table
|
||
|
// Includes HMAC entry points
|
||
|
//
|
||
|
typedef struct _FIPS_FUNCTION_TABLE {
|
||
|
|
||
|
VOID (*FipsDesKey)(DESTable *DesTable, UCHAR *pbKey);
|
||
|
VOID (*FipsDes)(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp);
|
||
|
VOID (*Fips3Des3Key)(PDES3TABLE pDES3Table, UCHAR *pbKey);
|
||
|
VOID (*Fips3Des)(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op);
|
||
|
VOID (*FipsSHAInit)(A_SHA_CTX *pShaCtx);
|
||
|
VOID (*FipsSHAUpdate)(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb);
|
||
|
VOID (*FipsSHAFinal)(A_SHA_CTX *pShaCtx, UCHAR *pbHash);
|
||
|
BOOL (*FipsCBC)(
|
||
|
ULONG EncryptionAlg,
|
||
|
BYTE *pbOutput,
|
||
|
BYTE *pbInput,
|
||
|
void *pKeyTable,
|
||
|
int Operation,
|
||
|
BYTE *pbFeedback
|
||
|
);
|
||
|
BOOL (*FIPSGenRandom)(
|
||
|
IN OUT UCHAR *pb,
|
||
|
IN ULONG cb
|
||
|
);
|
||
|
BOOL (*FipsBlockCBC)(
|
||
|
ULONG EncryptionAlg,
|
||
|
BYTE *pbOutput,
|
||
|
BYTE *pbInput,
|
||
|
ULONG Length,
|
||
|
void *pKeyTable,
|
||
|
int Operation,
|
||
|
BYTE *pbFeedback
|
||
|
);
|
||
|
VOID (*FipsHmacSHAInit)(
|
||
|
OUT A_SHA_CTX *pShaCtx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey
|
||
|
);
|
||
|
VOID (*FipsHmacSHAUpdate)(
|
||
|
IN OUT A_SHA_CTX *pShaCtx,
|
||
|
IN UCHAR *pb,
|
||
|
IN unsigned int cb
|
||
|
);
|
||
|
VOID (*FipsHmacSHAFinal)(
|
||
|
IN A_SHA_CTX *pShaCtx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey,
|
||
|
OUT UCHAR *pHash
|
||
|
);
|
||
|
VOID (*HmacMD5Init)(
|
||
|
OUT MD5_CTX *pMD5Ctx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey
|
||
|
);
|
||
|
VOID (*HmacMD5Update)(
|
||
|
IN OUT MD5_CTX *pMD5Ctx,
|
||
|
IN UCHAR *pb,
|
||
|
IN unsigned int cb
|
||
|
);
|
||
|
VOID (*HmacMD5Final)(
|
||
|
IN MD5_CTX *pMD5Ctx,
|
||
|
IN UCHAR *pKey,
|
||
|
IN unsigned int cbKey,
|
||
|
OUT UCHAR *pHash
|
||
|
);
|
||
|
|
||
|
} FIPS_FUNCTION_TABLE, *PFIPS_FUNCTION_TABLE;
|
||
|
|
||
|
//
|
||
|
// Old FIPS function table - please don't use
|
||
|
//
|
||
|
typedef struct _FIPS_FUNCTION_TABLE_1 {
|
||
|
|
||
|
VOID (*FipsDesKey)(DESTable *DesTable, UCHAR *pbKey);
|
||
|
VOID (*FipsDes)(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp);
|
||
|
VOID (*Fips3Des3Key)(PDES3TABLE pDES3Table, UCHAR *pbKey);
|
||
|
VOID (*Fips3Des)(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op);
|
||
|
VOID (*FipsSHAInit)(A_SHA_CTX *pShaCtx);
|
||
|
VOID (*FipsSHAUpdate)(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb);
|
||
|
VOID (*FipsSHAFinal)(A_SHA_CTX *pShaCtx, UCHAR *pbHash);
|
||
|
BOOL (*FipsCBC)(
|
||
|
ULONG EncryptionAlg,
|
||
|
BYTE *pbOutput,
|
||
|
BYTE *pbInput,
|
||
|
void *pKeyTable,
|
||
|
int Operation,
|
||
|
BYTE *pbFeedback
|
||
|
);
|
||
|
BOOL (*FIPSGenRandom)(
|
||
|
IN OUT UCHAR *pb,
|
||
|
IN ULONG cb
|
||
|
);
|
||
|
BOOL (*FipsBlockCBC)(
|
||
|
ULONG EncryptionAlg,
|
||
|
BYTE *pbOutput,
|
||
|
BYTE *pbInput,
|
||
|
ULONG Length,
|
||
|
void *pKeyTable,
|
||
|
int Operation,
|
||
|
BYTE *pbFeedback
|
||
|
);
|
||
|
|
||
|
} FIPS_FUNCTION_TABLE_1, *PFIPS_FUNCTION_TABLE_1;
|
||
|
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
#endif // __FIPSAPI_H__
|