#ifndef __FIPSAPI_H__ #define __FIPSAPI_H__ #ifdef __cplusplus extern "C" { #endif #include #include #include #include #include #include #if DEBUG #define FipsDebug(LEVEL, STRING) \ { \ DbgPrint STRING; \ } #else #define FipsDebug(LEVEL, STRING) #endif #define FIPS_DEVICE_NAME L"\\Device\\Fips" #define FIPS_CTL_CODE(code) CTL_CODE(FILE_DEVICE_FIPS, \ (code), \ METHOD_BUFFERED, \ FILE_ANY_ACCESS) #define IOCTL_FIPS_GET_FUNCTION_TABLE FIPS_CTL_CODE( 1) #define FIPS_CBC_DES 0x1 #define FIPS_CBC_3DES 0x2 // // Defines for IPSEC HMAC use // #define MAX_LEN_PAD 65 #define MAX_KEYLEN_SHA 64 #define MAX_KEYLEN_MD5 64 // // Fill in the DESTable struct with the decrypt and encrypt // key expansions. // // Assumes that the second parameter points to DES_BLOCKLEN // bytes of key. // // VOID FipsDesKey(DESTable *DesTable, UCHAR *pbKey); // // Encrypt or decrypt with the key in DESTable // // VOID FipsDes(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp); // // Fill in the DES3Table structs with the decrypt and encrypt // key expansions. // // Assumes that the second parameter points to 2 * DES_BLOCKLEN // bytes of key. // // VOID Fips3Des3Key(PDES3TABLE pDES3Table, UCHAR *pbKey); // // Encrypt or decrypt with the key in pKey // VOID Fips3Des(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op); // // Initialize the SHA context. // VOID FipsSHAInit(A_SHA_CTX *pShaCtx); // // Hash data into the hash context. // VOID FipsSHAUpdate(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb); // // Finish the SHA hash and copy the final hash value into the pbHash out param. // VOID FipsSHAFinal(A_SHA_CTX *pShaCtx, UCHAR *pbHash); // // FipsCBC (cipher block chaining) performs a XOR of the feedback register // with the plain text before calling the block cipher // // NOTE - Currently this function assumes that the block length is // DES_BLOCKLEN (8 bytes). // // Return: Failure if FALSE is returned, TRUE if it succeeded. // BOOL FipsCBC( ULONG EncryptionAlg, BYTE *pbOutput, BYTE *pbInput, void *pKeyTable, int Operation, BYTE *pbFeedback ); // // FipsBlockCBC (cipher block chaining) performs a XOR of the feedback register // with the plain text before calling the block cipher // // NOTE - The Length must be multiple of DES_BLOCKLEN (8) // All the input buffer must be aligned on LONGLONG for performane reason. // // Return: Failure if FALSE is returned, TRUE if it succeeded. // BOOL FipsBlockCBC( ULONG EncryptionAlg, BYTE *pbOutput, BYTE *pbInput, ULONG Length, void *pKeyTable, int Operation, BYTE *pbFeedback ); // // Function : FIPSGenRandom // // Description : FIPS 186 RNG, the seed is generated by calling NewGenRandom. // BOOL FIPSGenRandom( IN OUT UCHAR *pb, IN ULONG cb ); // // Function: FipsHmacSHAInit // // Description: Initialize a SHA-HMAC context // VOID FipsHmacSHAInit( OUT A_SHA_CTX *pShaCtx, IN UCHAR *pKey, IN unsigned int cbKey ); // // Function: FipsHmacSHAUpdate // // Description: Add more data to a SHA-HMAC context // VOID FipsHmacSHAUpdate( IN OUT A_SHA_CTX *pShaCtx, IN UCHAR *pb, IN unsigned int cb ); // // Function: FipsHmacSHAFinal // // Description: Return result of SHA-HMAC // VOID FipsHmacSHAFinal( IN A_SHA_CTX *pShaCtx, IN UCHAR *pKey, IN unsigned int cbKey, OUT UCHAR *pHash ); // // Function: HmacMD5Init // // Description: Initialize a MD5-HMAC context // VOID HmacMD5Init( OUT MD5_CTX *pMD5Ctx, IN UCHAR *pKey, IN unsigned int cbKey ); // // Function: HmacMD5Update // // Description: Add more data to a MD5-HMAC context // VOID HmacMD5Update( IN OUT MD5_CTX *pMD5Ctx, IN UCHAR *pb, IN unsigned int cb ); // // Function: HmacMD5Final // // Description: Return result of MD5-HMAC // VOID HmacMD5Final( IN MD5_CTX *pMD5Ctx, IN UCHAR *pKey, IN unsigned int cbKey, OUT UCHAR *pHash ); // // Current FIPS function table // Includes HMAC entry points // typedef struct _FIPS_FUNCTION_TABLE { VOID (*FipsDesKey)(DESTable *DesTable, UCHAR *pbKey); VOID (*FipsDes)(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp); VOID (*Fips3Des3Key)(PDES3TABLE pDES3Table, UCHAR *pbKey); VOID (*Fips3Des)(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op); VOID (*FipsSHAInit)(A_SHA_CTX *pShaCtx); VOID (*FipsSHAUpdate)(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb); VOID (*FipsSHAFinal)(A_SHA_CTX *pShaCtx, UCHAR *pbHash); BOOL (*FipsCBC)( ULONG EncryptionAlg, BYTE *pbOutput, BYTE *pbInput, void *pKeyTable, int Operation, BYTE *pbFeedback ); BOOL (*FIPSGenRandom)( IN OUT UCHAR *pb, IN ULONG cb ); BOOL (*FipsBlockCBC)( ULONG EncryptionAlg, BYTE *pbOutput, BYTE *pbInput, ULONG Length, void *pKeyTable, int Operation, BYTE *pbFeedback ); VOID (*FipsHmacSHAInit)( OUT A_SHA_CTX *pShaCtx, IN UCHAR *pKey, IN unsigned int cbKey ); VOID (*FipsHmacSHAUpdate)( IN OUT A_SHA_CTX *pShaCtx, IN UCHAR *pb, IN unsigned int cb ); VOID (*FipsHmacSHAFinal)( IN A_SHA_CTX *pShaCtx, IN UCHAR *pKey, IN unsigned int cbKey, OUT UCHAR *pHash ); VOID (*HmacMD5Init)( OUT MD5_CTX *pMD5Ctx, IN UCHAR *pKey, IN unsigned int cbKey ); VOID (*HmacMD5Update)( IN OUT MD5_CTX *pMD5Ctx, IN UCHAR *pb, IN unsigned int cb ); VOID (*HmacMD5Final)( IN MD5_CTX *pMD5Ctx, IN UCHAR *pKey, IN unsigned int cbKey, OUT UCHAR *pHash ); } FIPS_FUNCTION_TABLE, *PFIPS_FUNCTION_TABLE; // // Old FIPS function table - please don't use // typedef struct _FIPS_FUNCTION_TABLE_1 { VOID (*FipsDesKey)(DESTable *DesTable, UCHAR *pbKey); VOID (*FipsDes)(UCHAR *pbOut, UCHAR *pbIn, void *pKey, int iOp); VOID (*Fips3Des3Key)(PDES3TABLE pDES3Table, UCHAR *pbKey); VOID (*Fips3Des)(UCHAR *pbIn, UCHAR *pbOut, void *pKey, int op); VOID (*FipsSHAInit)(A_SHA_CTX *pShaCtx); VOID (*FipsSHAUpdate)(A_SHA_CTX *pShaCtx, UCHAR *pb, unsigned int cb); VOID (*FipsSHAFinal)(A_SHA_CTX *pShaCtx, UCHAR *pbHash); BOOL (*FipsCBC)( ULONG EncryptionAlg, BYTE *pbOutput, BYTE *pbInput, void *pKeyTable, int Operation, BYTE *pbFeedback ); BOOL (*FIPSGenRandom)( IN OUT UCHAR *pb, IN ULONG cb ); BOOL (*FipsBlockCBC)( ULONG EncryptionAlg, BYTE *pbOutput, BYTE *pbInput, ULONG Length, void *pKeyTable, int Operation, BYTE *pbFeedback ); } FIPS_FUNCTION_TABLE_1, *PFIPS_FUNCTION_TABLE_1; #ifdef __cplusplus } #endif #endif // __FIPSAPI_H__