windows-xp/Source/XPSP1/NT/public/internal/ds/inc/fipsapi.h

#ifndef __FIPSAPI_H__
#define __FIPSAPI_H__

#ifdef __cplusplus
extern "C" {
#endif

#include <windef.h>
#include <des.h>
#include <tripldes.h>
#include <sha.h>
#include <modes.h>
#include <md5.h>

#if DEBUG 
#define FipsDebug(LEVEL, STRING) \
        { \
          DbgPrint STRING; \
        }
#else
#define FipsDebug(LEVEL, STRING)
#endif

#define     FIPS_DEVICE_NAME            L"\\Device\\Fips"

#define FIPS_CTL_CODE(code)         CTL_CODE(FILE_DEVICE_FIPS, \
                                            (code), \
                                            METHOD_BUFFERED, \
                                            FILE_ANY_ACCESS)

#define IOCTL_FIPS_GET_FUNCTION_TABLE   FIPS_CTL_CODE( 1)

#define     FIPS_CBC_DES    0x1
#define     FIPS_CBC_3DES   0x2

//
// Defines for IPSEC HMAC use
//
#define     MAX_LEN_PAD     65
#define     MAX_KEYLEN_SHA  64
#define     MAX_KEYLEN_MD5  64   

//
//     Fill in the DESTable struct with the decrypt and encrypt
//     key expansions.
//
//     Assumes that the second parameter points to DES_BLOCKLEN
//     bytes of key.
//
//

VOID FipsDesKey(DESTable *DesTable, UCHAR *pbKey);

//
//     Encrypt or decrypt with the key in DESTable
//
//

VOID FipsDes(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp);

//
//   Fill in the DES3Table structs with the decrypt and encrypt
//   key expansions.
//
//   Assumes that the second parameter points to 2 * DES_BLOCKLEN
//   bytes of key.
//
//

VOID Fips3Des3Key(PDES3TABLE pDES3Table, UCHAR *pbKey);

//
//   Encrypt or decrypt with the key in pKey
//

VOID Fips3Des(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op);

//
//   Initialize the SHA context.
//

VOID FipsSHAInit(A_SHA_CTX *pShaCtx);

//
//   Hash data into the hash context.
//

VOID FipsSHAUpdate(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb);

//
//   Finish the SHA hash and copy the final hash value into the pbHash out param.
//

VOID FipsSHAFinal(A_SHA_CTX *pShaCtx, UCHAR *pbHash);

//
// FipsCBC (cipher block chaining) performs a XOR of the feedback register
// with the plain text before calling the block cipher
//
// NOTE - Currently this function assumes that the block length is
// DES_BLOCKLEN (8 bytes).
//
// Return: Failure if FALSE is returned, TRUE if it succeeded.
//

BOOL FipsCBC(
    ULONG  EncryptionAlg,
    BYTE   *pbOutput,
    BYTE   *pbInput,
    void   *pKeyTable,
    int    Operation,
    BYTE   *pbFeedback
    );

//
// FipsBlockCBC (cipher block chaining) performs a XOR of the feedback register
// with the plain text before calling the block cipher
//
// NOTE - The Length must be multiple of DES_BLOCKLEN (8)
// All the input buffer must be aligned on LONGLONG for performane reason.
//
// Return: Failure if FALSE is returned, TRUE if it succeeded.
//

BOOL FipsBlockCBC(
    ULONG  EncryptionAlg,
    BYTE   *pbOutput,
    BYTE   *pbInput,
    ULONG  Length,
    void   *pKeyTable,
    int    Operation,
    BYTE   *pbFeedback
    );

//
// Function : FIPSGenRandom
//
// Description : FIPS 186 RNG, the seed is generated by calling NewGenRandom.
//

BOOL FIPSGenRandom(
    IN OUT UCHAR *pb,
    IN ULONG cb
    );

//
// Function: FipsHmacSHAInit
//
// Description: Initialize a SHA-HMAC context 
//

VOID FipsHmacSHAInit(
    OUT A_SHA_CTX *pShaCtx,
    IN UCHAR *pKey,
    IN unsigned int cbKey
    );

//
// Function: FipsHmacSHAUpdate
//
// Description: Add more data to a SHA-HMAC context
//

VOID FipsHmacSHAUpdate(
    IN OUT A_SHA_CTX *pShaCtx,
    IN UCHAR *pb,
    IN unsigned int cb
    );

//
// Function: FipsHmacSHAFinal
//
// Description: Return result of SHA-HMAC 
//

VOID FipsHmacSHAFinal(
    IN A_SHA_CTX *pShaCtx,
    IN UCHAR *pKey,
    IN unsigned int cbKey,
    OUT UCHAR *pHash
    );

//
// Function: HmacMD5Init
//
// Description: Initialize a MD5-HMAC context 
//

VOID HmacMD5Init(
    OUT MD5_CTX *pMD5Ctx,
    IN UCHAR *pKey,
    IN unsigned int cbKey
    );

//
// Function: HmacMD5Update
//
// Description: Add more data to a MD5-HMAC context
//

VOID HmacMD5Update(
    IN OUT MD5_CTX *pMD5Ctx,
    IN UCHAR *pb,
    IN unsigned int cb
    );

//
// Function: HmacMD5Final
//
// Description: Return result of MD5-HMAC 
//

VOID HmacMD5Final(
    IN MD5_CTX *pMD5Ctx,
    IN UCHAR *pKey,
    IN unsigned int cbKey,
    OUT UCHAR *pHash
    );

// 
// Current FIPS function table
// Includes HMAC entry points
//
typedef struct _FIPS_FUNCTION_TABLE {

    VOID (*FipsDesKey)(DESTable *DesTable, UCHAR *pbKey);
    VOID (*FipsDes)(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp);
    VOID (*Fips3Des3Key)(PDES3TABLE pDES3Table, UCHAR *pbKey);
    VOID (*Fips3Des)(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op);
    VOID (*FipsSHAInit)(A_SHA_CTX *pShaCtx);
    VOID (*FipsSHAUpdate)(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb);
    VOID (*FipsSHAFinal)(A_SHA_CTX *pShaCtx, UCHAR *pbHash);
    BOOL (*FipsCBC)(
        ULONG  EncryptionAlg,
        BYTE   *pbOutput,
        BYTE   *pbInput,
        void   *pKeyTable,
        int    Operation,
        BYTE   *pbFeedback
        );
    BOOL (*FIPSGenRandom)(
        IN OUT UCHAR *pb,
        IN ULONG cb
        );
    BOOL (*FipsBlockCBC)(
        ULONG  EncryptionAlg,
        BYTE   *pbOutput,
        BYTE   *pbInput,
        ULONG  Length,
        void   *pKeyTable,
        int    Operation,
        BYTE   *pbFeedback
        );
    VOID (*FipsHmacSHAInit)(
        OUT A_SHA_CTX *pShaCtx,
        IN UCHAR *pKey,
        IN unsigned int cbKey
        );   
    VOID (*FipsHmacSHAUpdate)(
        IN OUT A_SHA_CTX *pShaCtx,
        IN UCHAR *pb,
        IN unsigned int cb
        );
    VOID (*FipsHmacSHAFinal)(
        IN A_SHA_CTX *pShaCtx,
        IN UCHAR *pKey,
        IN unsigned int cbKey,
        OUT UCHAR *pHash
        );
    VOID (*HmacMD5Init)(
        OUT MD5_CTX *pMD5Ctx,
        IN UCHAR *pKey,
        IN unsigned int cbKey
        );
    VOID (*HmacMD5Update)(
        IN OUT MD5_CTX *pMD5Ctx,
        IN UCHAR *pb,
        IN unsigned int cb
        );
    VOID (*HmacMD5Final)(
        IN MD5_CTX *pMD5Ctx,
        IN UCHAR *pKey,
        IN unsigned int cbKey,
        OUT UCHAR *pHash
        );

} FIPS_FUNCTION_TABLE, *PFIPS_FUNCTION_TABLE;

//
// Old FIPS function table - please don't use
//
typedef struct _FIPS_FUNCTION_TABLE_1 {

    VOID (*FipsDesKey)(DESTable *DesTable, UCHAR *pbKey);
    VOID (*FipsDes)(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp);
    VOID (*Fips3Des3Key)(PDES3TABLE pDES3Table, UCHAR *pbKey);
    VOID (*Fips3Des)(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op);
    VOID (*FipsSHAInit)(A_SHA_CTX *pShaCtx);
    VOID (*FipsSHAUpdate)(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb);
    VOID (*FipsSHAFinal)(A_SHA_CTX *pShaCtx, UCHAR *pbHash);
    BOOL (*FipsCBC)(
        ULONG  EncryptionAlg,
        BYTE   *pbOutput,
        BYTE   *pbInput,
        void   *pKeyTable,
        int    Operation,
        BYTE   *pbFeedback
        );
    BOOL (*FIPSGenRandom)(
        IN OUT UCHAR *pb,
        IN ULONG cb
        );
    BOOL (*FipsBlockCBC)(
        ULONG  EncryptionAlg,
        BYTE   *pbOutput,
        BYTE   *pbInput,
        ULONG  Length,
        void   *pKeyTable,
        int    Operation,
        BYTE   *pbFeedback
        );

} FIPS_FUNCTION_TABLE_1, *PFIPS_FUNCTION_TABLE_1;


#ifdef __cplusplus
}
#endif

#endif // __FIPSAPI_H__