1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 /** 17 * @defgroup crypt_types 18 * @ingroup crypt 19 * @brief types of crypto 20 */ 21 22 #ifndef CRYPT_TYPES_H 23 #define CRYPT_TYPES_H 24 25 #include <stdint.h> 26 #include <stddef.h> 27 #include "crypt_algid.h" 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif // __cplusplus 32 33 /** 34 * @ingroup crypt_types 35 * 36 * Data structure 37 */ 38 typedef struct { 39 uint8_t *data; /**< Data content */ 40 uint32_t len; /**< Data length */ 41 } CRYPT_Data; 42 43 /** 44 * @ingroup crypt_types 45 * 46 * Constant data structure 47 */ 48 typedef struct { 49 const uint8_t *data; 50 uint32_t len; 51 } CRYPT_ConstData; 52 53 /** 54 * @ingroup crypt_types 55 * 56 * Data range 57 */ 58 typedef struct { 59 uint32_t min; /**< Minimum value */ 60 uint32_t max; /**< Maximum value */ 61 } CRYPT_Range; 62 63 /** 64 * @ingroup crypt_types 65 * 66 * RSA salt length type, when rsa pss mode is used for signature and verify 67 */ 68 typedef enum { 69 // When the padding type is PSS, the salt data is obtained by the DRBG and the length is hashlen. 70 CRYPT_RSA_SALTLEN_TYPE_HASHLEN = -1, 71 // When the padding type is PSS, the salt data is obtained by the DRBG. 72 // and the length is padLen - mdMethod->GetDigestSize - 2 73 CRYPT_RSA_SALTLEN_TYPE_MAXLEN = -2, 74 // get salt length from signature, only used verify. 75 CRYPT_RSA_SALTLEN_TYPE_AUTOLEN = -3 76 } CRYPT_RSA_SaltLenType; 77 78 /** 79 * @ingroup crypt_types 80 * 81 * PSS padding mode, when RSA is used for signature. 82 */ 83 typedef struct { 84 int32_t saltLen; /**< pss salt length. enum values defined by CRYPT_RSA_SaltLenType or actual value. */ 85 CRYPT_MD_AlgId mdId; /**< mdid when pss padding. */ 86 CRYPT_MD_AlgId mgfId; /**< mgfid when pss padding. */ 87 } CRYPT_RSA_PssPara; 88 89 typedef enum { 90 CRYPT_RSA_BLINDING = 0x00000001, /**< Enable the RSA blinding function for signature. */ 91 CRYPT_RSA_BSSA = 0x00000002, /**< The signature process is rsa blind signature. */ 92 CRYPT_RSA_MAXFLAG 93 } CRYPT_RSA_Flag; 94 95 typedef enum { 96 CRYPT_DH_NO_PADZERO = 0x00000001, /**< Follow the standard RFC 5246, remove the prefix-0 when cal the 97 shared key. It takes effect only after local settings are made. */ 98 CRYPT_DH_MAXFLAG 99 } CRYPT_DH_Flag; 100 101 /** 102 * @ingroup crypt_types 103 * 104 * RSA private key parameter structure 105 */ 106 typedef struct { 107 uint8_t *d; /**< RSA private key parameter marked as d. */ 108 uint8_t *n; /**< RSA private key parameter marked as n. */ 109 uint8_t *p; /**< RSA private key parameter marked as p. */ 110 uint8_t *q; /**< RSA private key parameter marked as q. */ 111 uint8_t *dP; /**< RSA private key parameter marked as dP. */ 112 uint8_t *dQ; /**< RSA private key parameter marked as dQ. */ 113 uint8_t *qInv; /**< RSA private key parameter marked as qInv. */ 114 uint8_t *e; /**< RSA public key parameter marked as e. */ 115 uint32_t dLen; /**< Length of the RSA private key parameter marked as d. */ 116 uint32_t nLen; /**< Length of the RSA private key parameter marked as n. */ 117 uint32_t pLen; /**< Length of the RSA private key parameter marked as p. */ 118 uint32_t qLen; /**< Length of the RSA private key parameter marked as q. */ 119 uint32_t dPLen; /**< Length of the RSA private key parameter marked as dPLen. */ 120 uint32_t dQLen; /**< Length of the RSA private key parameter marked as dQLen. */ 121 uint32_t qInvLen; /**< Length of the RSA private key parameter marked as qInvLen. */ 122 uint32_t eLen; /**< Length of the RSA public key parameter marked as eLen. */ 123 } CRYPT_RsaPrv; 124 125 /** 126 * @ingroup crypt_types 127 * 128 * Elliptic curve parameter information 129 */ 130 typedef struct { 131 uint8_t *p; 132 uint8_t *a; 133 uint8_t *b; 134 uint8_t *n; 135 uint8_t *h; 136 uint8_t *x; 137 uint8_t *y; 138 uint32_t pLen; 139 uint32_t aLen; 140 uint32_t bLen; 141 uint32_t nLen; 142 uint32_t hLen; 143 uint32_t xLen; 144 uint32_t yLen; 145 } CRYPT_EccPara; 146 147 /** 148 * @ingroup crypt_types 149 * 150 * Paillier private key parameter structure 151 */ 152 typedef struct { 153 uint8_t *n; /**< Paillier private key parameter marked as n */ 154 uint8_t *lambda; /**< Paillier private key parameter marked as lambda */ 155 uint8_t *mu; /**< Paillier private key parameter marked as mu */ 156 uint8_t *n2; /**< Paillier private key parameter marked as n2 */ 157 uint32_t nLen; /**< Length of the Paillier private key parameter marked as n */ 158 uint32_t lambdaLen; /**< Length of the Paillier private key parameter marked as lambda */ 159 uint32_t muLen; /**< Length of the Paillier private key parameter marked as mu */ 160 uint32_t n2Len; /**< Length of the Paillier private key parameter marked as n2 */ 161 } CRYPT_PaillierPrv; 162 163 typedef struct { 164 /* Initialization parameters of the noise source */ 165 void *para; 166 /* Noise Source Initialization Interface */ 167 void *(*init)(void *para); 168 /* Noise source read interface,can't be NULL */ 169 int32_t (*read)(void *ctx, uint32_t timeout, uint8_t *buf, uint32_t bufLen); 170 /* Noise Source Deinitialization Interface */ 171 void (*deinit)(void *ctx); 172 } CRYPT_EAL_NsMethod; 173 174 typedef struct { 175 /* Repetition Count Test: the cutoff value C */ 176 uint32_t rctCutoff; 177 /* Adaptive Proportion Test: the cutoff value C */ 178 uint32_t aptCutoff; 179 /* Adaptive Proportion Test: the window size W 180 * see nist.sp.800-90b section 4.4.2 181 * The window size W is selected based on the alphabet size, and shall be assigned to 1024 182 * if the noise source is binary (that is, the noise source produces only two distinct values) and 512 if 183 * the noise source is not binary (that is, the noise source produces more than two distinct values). 184 */ 185 uint32_t aptWinSize; 186 } CRYPT_EAL_NsTestPara; 187 188 typedef struct { 189 /* Noise source name, which must be unique. */ 190 const char *name; 191 /* Whether the noise source automatically performs the health test */ 192 bool autoTest; 193 /* Minimum entropy, that is, the number of bits of entropy for a byte */ 194 uint32_t minEntropy; 195 CRYPT_EAL_NsMethod nsMeth; 196 CRYPT_EAL_NsTestPara nsPara; 197 } CRYPT_EAL_NsPara; 198 199 /** 200 * @ingroup crypt_types 201 * @brief Entropy source callback for obtaining entropy data. 202 * 203 * @param ctx [IN] the entropy source handle. 204 * @param buf [OUT] buffer. 205 * @param bufLen [IN] the length of buffer. 206 * @return 0, success 207 * Other error codes 208 */ 209 typedef uint32_t (*CRYPT_EAL_EntropyGet)(void *ctx, uint8_t *buf, uint32_t bufLen); 210 211 typedef struct { 212 /* Whether Physical Entropy Source. */ 213 bool isPhysical; 214 /* minimum entropy, (0, 8]. */ 215 uint32_t minEntropy; 216 /* entropy source handle */ 217 void *entropyCtx; 218 CRYPT_EAL_EntropyGet entropyGet; 219 } CRYPT_EAL_EsPara; 220 221 222 /** 223 * @ingroup crypt_types 224 * 225 * ElGamal private key parameter structure 226 */ 227 typedef struct { 228 uint8_t *p; /**< ElGamal private key parameter marked as p */ 229 uint8_t *g; /**< ElGamal private key parameter marked as g */ 230 uint8_t *x; /**< ElGamal private key parameter marked as x */ 231 232 uint32_t pLen; /**< Length of the ElGamal private key parameter marked as p */ 233 uint32_t gLen; /**< Length of the ElGamal private key parameter marked as g */ 234 uint32_t xLen; /**< Length of the ElGamal private key parameter marked as x */ 235 236 } CRYPT_ElGamalPrv; 237 238 /** 239 * @ingroup crypt_types 240 * 241 * DSA private key parameter structure 242 */ 243 typedef CRYPT_Data CRYPT_DsaPrv; 244 245 /** 246 * @ingroup crypt_types 247 * 248 * ECC private key parameter structure. 249 */ 250 typedef CRYPT_Data CRYPT_EccPrv; 251 252 /** 253 * @ingroup crypt_types 254 * 255 * ECDSA private key parameter structure. 256 */ 257 typedef CRYPT_Data CRYPT_EcdsaPrv; 258 259 /** 260 * @ingroup crypt_types 261 * 262 * SM2 private key parameter structure 263 */ 264 typedef CRYPT_Data CRYPT_Sm2Prv; 265 266 /** 267 * @ingroup crypt_types 268 * 269 * DH private key parameter structure 270 */ 271 typedef CRYPT_Data CRYPT_DhPrv; 272 273 /** 274 * @ingroup crypt_types 275 * 276 * ECDH private key parameter structure 277 */ 278 typedef CRYPT_Data CRYPT_EcdhPrv; 279 280 /** 281 * @ingroup crypt_types 282 * 283 * ed25519/x25519 private key parameter structure 284 */ 285 typedef CRYPT_Data CRYPT_Curve25519Prv; 286 287 /** 288 * @ingroup crypt_types 289 * 290 * kem decaps key parameter structure 291 */ 292 typedef CRYPT_Data CRYPT_KemDecapsKey; 293 294 /** 295 * @ingroup crypt_types 296 * 297 * MLDSA private key parameter structure 298 */ 299 typedef CRYPT_Data CRYPT_MlDsaPrv; 300 301 /** 302 * @ingroup crypt_types 303 * 304 * RSA public key parameter structure 305 */ 306 typedef struct { 307 uint8_t *e; /**< RSA public key parameter marked as e */ 308 uint8_t *n; /**< RSA public key parameter marked as n */ 309 uint32_t eLen; /**< Length of the RSA public key parameter marked as e*/ 310 uint32_t nLen; /**< Length of the RSA public key parameter marked as e*/ 311 } CRYPT_RsaPub; 312 313 /** 314 * @ingroup crypt_types 315 * 316 * Paillier public key parameter structure 317 */ 318 typedef struct { 319 uint8_t *n; /**< Paillier public key parameter marked as n */ 320 uint8_t *g; /**< Paillier public key parameter marked as g */ 321 uint8_t *n2; /**< Paillier public key parameter marked as n2 */ 322 uint32_t nLen; /**< Length of the Paillier public key parameter marked as n */ 323 uint32_t gLen; /**< Length of the Paillier public key parameter marked as g */ 324 uint32_t n2Len; /**< Length of the Paillier public key parameter marked as n2 */ 325 } CRYPT_PaillierPub; 326 327 328 /** 329 * @brief SLH-DSA public key structure 330 */ 331 typedef struct { 332 uint8_t *seed; // Seed for generating keys 333 uint8_t *root; // Root node of the top XMSS tree 334 uint32_t len; // key length 335 } CRYPT_SlhDsaPub; 336 337 /** 338 * @brief SLH-DSA private key structure 339 */ 340 typedef struct { 341 uint8_t *seed; // Seed for generating keys 342 uint8_t *prf; // To generate randomization value 343 CRYPT_SlhDsaPub pub; // pubkey 344 } CRYPT_SlhDsaPrv; 345 346 /** 347 * @ingroup crypt_types 348 * 349 * ElGamal public key parameter structure 350 */ 351 typedef struct { 352 uint8_t *p; /**< ElGamal public key parameter marked as p */ 353 uint8_t *g; /**< ElGamal public key parameter marked as g */ 354 uint8_t *y; /**< ElGamal public key parameter marked as y */ 355 uint8_t *q; /**< ElGamal public key parameter marked as q */ 356 uint32_t pLen; /**< Length of the ElGamal public key parameter marked as p */ 357 uint32_t gLen; /**< Length of the ElGamal public key parameter marked as g */ 358 uint32_t yLen; /**< Length of the ElGamal public key parameter marked as y */ 359 uint32_t qLen; /**< Length of the ElGamal public key parameter marked as q */ 360 } CRYPT_ElGamalPub; 361 362 /** 363 * @ingroup crypt_types 364 * 365 * DSA public key parameter structure 366 */ 367 typedef CRYPT_Data CRYPT_DsaPub; 368 369 /** 370 * @ingroup crypt_types 371 * 372 * ECC public key parameter structure 373 */ 374 typedef CRYPT_Data CRYPT_EccPub; 375 376 /** 377 * @ingroup crypt_types 378 * 379 * ECDSA public key parameter structure. 380 */ 381 typedef CRYPT_Data CRYPT_EcdsaPub; 382 383 /** 384 * @ingroup crypt_types 385 * 386 * SM2 public key parameter structure 387 */ 388 typedef CRYPT_Data CRYPT_Sm2Pub; 389 390 /** 391 * @ingroup crypt_types 392 * 393 * DH public key parameter structure 394 */ 395 typedef CRYPT_Data CRYPT_DhPub; 396 397 /** 398 * @ingroup crypt_types 399 * 400 * ECDH public key parameter structure 401 */ 402 typedef CRYPT_Data CRYPT_EcdhPub; 403 404 /** 405 * @ingroup crypt_types 406 * 407 * ed25519/x25519 public key parameter structure 408 */ 409 typedef CRYPT_Data CRYPT_Curve25519Pub; 410 411 /** 412 * @ingroup crypt_types 413 * 414 * kem encaps key parameter structure 415 */ 416 typedef CRYPT_Data CRYPT_KemEncapsKey; 417 418 /** 419 * @ingroup crypt_types 420 * 421 * MLDSA public key parameter structure 422 */ 423 typedef CRYPT_Data CRYPT_MlDsaPub; 424 425 /** 426 * @ingroup crypt_types 427 * 428 * Para structure of the RSA algorithm 429 */ 430 typedef struct { /**< This parameter cannot be NULL and is determined by the underlying structure. */ 431 uint8_t *e; /**< Para Parameter e */ 432 uint32_t eLen; /**< Length of para e*/ 433 uint32_t bits; /**< Bits of para, FIPS 186-5 dose not support generation and use of keys with odd bits. */ 434 } CRYPT_RsaPara; 435 436 /** 437 * @ingroup crypt_types 438 * 439 * Para structure of the DSA algorithm. This parameter cannot be null, and it is determined by the underlying structure. 440 */ 441 typedef struct { 442 uint8_t *p; /**< Parameter p */ 443 uint8_t *q; /**< Parameter q */ 444 uint8_t *g; /**< Parameter g */ 445 uint32_t pLen; /**< Length of parameter p*/ 446 uint32_t qLen; /**< Length of parameter q*/ 447 uint32_t gLen; /**< Length of parameter g*/ 448 } CRYPT_DsaPara; 449 450 /** 451 * @ingroup crypt_types 452 * 453 * Para structure of the DH algorithm 454 */ 455 typedef struct { 456 uint8_t *p; /**< Parameter p. */ 457 uint8_t *q; /**< Parameter q, the parameter can be NULL. */ 458 uint8_t *g; /**< Parameter g. */ 459 uint32_t pLen; /**< Length of parameter p. */ 460 uint32_t qLen; /**< Length of parameter q. */ 461 uint32_t gLen; /**< Length of parameter g. */ 462 } CRYPT_DhPara; 463 464 /** 465 * @ingroup crypt_types 466 * 467 * Para structure of the Paillier algorithm 468 */ 469 typedef struct { 470 uint8_t *p; /**< Parameter p. */ 471 uint8_t *q; /**< Parameter q. */ 472 uint32_t pLen; /**< Length of parameter p. */ 473 uint32_t qLen; /**< Length of parameter q. */ 474 uint32_t bits; /**< Bits of para. */ 475 } CRYPT_PaillierPara; 476 477 /** 478 * @ingroup crypt_types 479 * 480 * Para structure of the ElGamal algorithm 481 */ 482 typedef struct { 483 uint8_t *q; /**< Parameter q. */ 484 uint32_t qLen; /**< Length of parameter q. */ 485 uint32_t bits; /**< Bits of para. */ 486 uint32_t k_bits; /**< Bits of q. */ 487 } CRYPT_ElGamalPara; 488 489 /** 490 * @ingroup crypt_types 491 * 492 * Obtain the entropy source. If the default entropy source provided by HiTLS is not used, 493 * the API must be registered. the output data must meet requirements such as the length. 494 * The HiTLS does not check the entropy source. The data must be provided by the entropy source. 495 * 496 * @param ctx [IN] Context used by the caller. 497 * @param entropy [OUT] Indicates the obtained entropy source data. The length of the entropy source data 498 * must meet the following requirements: lenRange->min <= len <= lenRange->max. 499 * @param strength [IN] Entropy source strength. 500 * @param lenRange [IN] Entropy source length range. 501 * @retval 0 indicates success, and other values indicate failure. 502 */ 503 typedef int32_t (*CRYPT_EAL_GetEntropyCb)(void *ctx, CRYPT_Data *entropy, uint32_t strength, CRYPT_Range *lenRange); 504 505 /** 506 * @ingroup crypt_types 507 * @brief The entropy source memory is cleared, this API is optional. 508 * @param ctx [IN] Context used by the caller 509 * @param entropy [OUT] Entropy source data 510 * @retval void 511 */ 512 typedef void (*CRYPT_EAL_CleanEntropyCb)(void *ctx, CRYPT_Data *entropy); 513 514 /** 515 * @ingroup crypt_types 516 * @brief Obtain the random number. This API is not need to registered. 517 * For registration, the output data must meet requirements such as the length. 518 * The HiTLS does not check the entropy source, but will implement if provide the function. 519 * 520 * @param ctx [IN] Context used by the caller 521 * @param nonce [OUT] Obtained random number. 522 * The length of the random number must be lenRange->min <= len <= lenRange->max. 523 * @param strength [IN]: Random number strength 524 * @param lenRange [IN] Random number length range. 525 * @retval 0 indicates success, and other values indicate failure. 526 */ 527 typedef int32_t (*CRYPT_EAL_GetNonceCb)(void *ctx, CRYPT_Data *nonce, uint32_t strength, CRYPT_Range *lenRange); 528 529 /** 530 * @ingroup crypt_types 531 * @brief Random number memory clearance. this API is optional. 532 * @param ctx [IN] Context used by the caller 533 * @param nonce [OUT] random number 534 * @retval void 535 */ 536 typedef void (*CRYPT_EAL_CleanNonceCb)(void *ctx, CRYPT_Data *nonce); 537 538 /** 539 * @ingroup crypt_types 540 * 541 * Metohd structure of the RAND registration interface, including the entropy source obtaining and clearing 542 * interface and random number obtaining and clearing interface. 543 * For details about how to use the default entropy source of the HiTLS, see CRYPT_EAL_RandInit(). 544 * If the default mode is not used, the entropy source obtaining interface cannot be null, interface for 545 * obtaining random numbers can be null. 546 */ 547 typedef struct { 548 CRYPT_EAL_GetEntropyCb getEntropy; 549 CRYPT_EAL_CleanEntropyCb cleanEntropy; 550 CRYPT_EAL_GetNonceCb getNonce; 551 CRYPT_EAL_CleanNonceCb cleanNonce; 552 } CRYPT_RandSeedMethod; 553 554 /** 555 * @ingroup crypt_ctrl_param 556 * 557 * Set and obtain internal mode parameters. 558 */ 559 typedef enum { 560 CRYPT_CTRL_SET_IV = 0, /**< Set IV data, the data type is uint8_t type.. */ 561 CRYPT_CTRL_GET_IV, /**< Obtains the IV data, the data type is uint8_t type. */ 562 CRYPT_CTRL_GET_BLOCKSIZE, /**< Obtain the block size, the data type is uint8_t type. */ 563 CRYPT_CTRL_SET_COUNT, /**< Set the counter information, the input is a four-byte little-endian byte stream, 564 the algorithm required is chacha20. */ 565 CRYPT_CTRL_SET_AAD, /**< Set the ADD information in AEAD encryption and decryption mode. */ 566 CRYPT_CTRL_GET_TAG, /**< Obtain the tag at the end in AEAD encryption or decryption. */ 567 CRYPT_CTRL_SET_TAGLEN, /**< Set the tag length before the encryption/decryption starts in AEAD 568 encryption/decryption. the setting type is uint32_t. */ 569 CRYPT_CTRL_SET_MSGLEN, /**< In CMM mode, the length of the encrypted message needs to be used as the 570 input for calculation. the length must be set before SET_AAD. The input data 571 type is int64_t. */ 572 CRYPT_CTRL_SET_FEEDBACKSIZE, /**< Setting the ciphertext feedback length in CFB mode. */ 573 CRYPT_CTRL_GET_FEEDBACKSIZE, /**< Obtaining the ciphertext feedback length in CFB mode. */ 574 CRYPT_CTRL_DES_NOKEYCHECK, /**< DES does not verify the key. */ 575 CRYPT_CTRL_SET_PADDING, /**< Set the padding mode of the algorithm. */ 576 CRYPT_CTRL_GET_PADDING, /**< Obtain the padding mode of thealgorithm. */ 577 CRYPT_CTRL_REINIT_STATUS, /**< Reinitialize the status of the algorithm. */ 578 CRYPT_CTRL_MAX 579 } CRYPT_CipherCtrl; 580 581 /** 582 * @ingroup crypt_ctrl_param 583 * 584 * Set and obtain internal parameters of pkey. 585 */ 586 typedef enum { 587 // common 588 CRYPT_CTRL_UP_REFERENCES = 0, /**< The reference count value increases automatically. 589 It is applicable to asymmetric algorithms such as 25519, RSA, and ECC. */ 590 CRYPT_CTRL_SET_PARA_BY_ID, /* Asymmetric cipher set para by id. */ 591 CRYPT_CTRL_SET_NO_PADDING, /**< RSA Set the padding mode to NO_PADDING. */ 592 593 CRYPT_CTRL_GET_PARA, /* Asymmetric cipher get para. */ 594 CRYPT_CTRL_GET_PARAID, /* Asymmetric cipher get id of para. */ 595 CRYPT_CTRL_GET_BITS, /* Asymmetric cipher get bits . */ 596 CRYPT_CTRL_GET_SIGNLEN, /* Asymmetric cipher get signlen . */ 597 CRYPT_CTRL_GET_SECBITS, /* Asymmetric cipher get secure bits . */ 598 CRYPT_CTRL_GET_SHARED_KEY_LEN, /**< Get the shared key length */ 599 CRYPT_CTRL_GET_PUBKEY_LEN, /**< Get the encapsulation key length */ 600 CRYPT_CTRL_GET_PRVKEY_LEN, /**< Get the decapsulation key length */ 601 CRYPT_CTRL_GET_CIPHERTEXT_LEN, /**< Get the ciphertext length */ 602 CRYPT_CTRL_SET_DETERMINISTIC_FLAG, /**< Whether to use deterministic signatures */ 603 CRYPT_CTRL_SET_CTX_INFO, /**< Set the context string. */ 604 CRYPT_CTRL_SET_PREHASH_FLAG, /**< Change the SLH-DSA or ML-DSA mode to prehash version or pure version. */ 605 606 // dh 607 CRYPT_CTRL_SET_DH_FLAG = 150, /**< Set the dh flag.*/ 608 609 // rsa 610 CRYPT_CTRL_SET_RSA_EMSA_PKCSV15 = 200, /**< RSA set the signature padding mode to EMSA_PKCSV15. */ 611 CRYPT_CTRL_GET_RSA_SALT, /**< Obtain the salt length of the RSA algorithm. */ 612 CRYPT_CTRL_SET_RSA_EMSA_PSS, /**< RSA set the signature padding mode to EMSA_PSS. */ 613 CRYPT_CTRL_SET_RSA_SALT, /**< When the RSA algorithm is used for PSS signature, the salt data is 614 specified. During signature, the user data address is directly saved 615 to the key. And the user data is used for the next signature, the caller 616 must ensure that the next signature is called within the life cycle 617 of the salt data. This option is not recommended and is used only for 618 KAT and self-verification. */ 619 CRYPT_CTRL_SET_RSA_PADDING, /**< Set the padding mode of the RSA algorithm. */ 620 CRYPT_CTRL_SET_RSA_RSAES_OAEP, /**< RSA set the padding mode to RSAES_OAEP. */ 621 CRYPT_CTRL_SET_RSA_OAEP_LABEL, /**< RSA oaep padding and setting labels, used to generate hash values. */ 622 CRYPT_CTRL_SET_RSA_FLAG, /**< RSA set the flag. */ 623 CRYPT_CTRL_SET_RSA_RSAES_PKCSV15, /**< RSA Set the encryption/decryption padding mode to RSAES_PKCSV15. */ 624 CRYPT_CTRL_SET_RSA_RSAES_PKCSV15_TLS, /**< RSA Set the encryption/decryption padding mode to RSAES_PKCSV15_TLS. */ 625 CRYPT_CTRL_GET_RSA_SALTLEN, /**< Obtain the real salt len in pss mode. The salt len can be set to -1, -2, -3 626 in sign or verify, which needs additional conversion during encoding. 627 If salt len = -3, the max salt len will be returned. */ 628 CRYPT_CTRL_GET_RSA_PADDING, /**< Obtain the padding mode of the RSA algorithm. */ 629 CRYPT_CTRL_GET_RSA_MD, /**< Obtain the MD algorithm of the RSA algorithm. */ 630 CRYPT_CTRL_GET_RSA_MGF, /**< Obtain the mgf algorithm when the RSA algorithm padding mode is PSS. */ 631 CRYPT_CTRL_CLR_RSA_FLAG, /**< RSA clear the flag. */ 632 CRYPT_CTRL_SET_RSA_BSSA_FACTOR_R, /**< Set the random bytes for RSA-BSSA. */ 633 634 // ecc 635 CRYPT_CTRL_SET_SM2_USER_ID = 300, 636 CRYPT_CTRL_SET_SM2_SERVER, /* SM2 set the user status. */ 637 CRYPT_CTRL_SET_SM2_R, /* SM2 set the R value. */ 638 CRYPT_CTRL_SET_SM2_RANDOM, /* SM2 set the r value. */ 639 CRYPT_CTRL_SET_SM2_PKG, /* SM2 uses the PKG process. */ 640 641 CRYPT_CTRL_SET_ECC_POINT_FORMAT, /**< ECC PKEY set the point format. For the point format, 642 see CRYPT_PKEY_PointFormat. */ 643 CRYPT_CTRL_SET_ECC_USE_COFACTOR_MODE, /**< Indicates whether to use the cofactor mode to prevent 644 man-in-the-middle from tampering with the public key. 645 Set this parameter to 1 when used or 0 when not used. */ 646 647 CRYPT_CTRL_GET_SM2_SEND_CHECK, /* SM2 obtain the check value sent from the local end to the peer end. */ 648 CRYPT_CTRL_GENE_SM2_R, /* SM2 obtain the R value. */ 649 650 CRYPT_CTRL_SM2_DO_CHECK, /* SM2 check the shared key. */ 651 CRYPT_CTRL_GEN_ECC_PUBLICKEY, /**< Use prikey generate pubkey. */ 652 CRYPT_CTRL_GET_ECC_PUB_X_BIN, /**< Get the bn of x of the ecc public key without padded bin. */ 653 CRYPT_CTRL_GET_ECC_PUB_Y_BIN, /**< Get the bn of y of the ecc public key without padded bin. */ 654 CRYPT_CTRL_GET_ECC_ORDER_BITS, /**< Get the number of bits in the group order. */ 655 CRYPT_CTRL_GET_ECC_NAME, /**< Obtain the name of the ECC curve. */ 656 CRYPT_CTRL_GEN_X25519_PUBLICKEY, /**< Use prikey genarate x25519 pubkey. */ 657 658 // slh-dsa 659 CRYPT_CTRL_GET_SLH_DSA_KEY_LEN = 600, /**< Get the SLH-DSA key length. */ 660 CRYPT_CTRL_SET_SLH_DSA_ADDRAND, /**< Set the SLH-DSA additional random bytes. */ 661 662 CRYPT_CTRL_SET_MLDSA_ENCODE_FLAG = 700, /**< Set the flag for encode messages. */ 663 CRYPT_CTRL_SET_MLDSA_MUMSG_FLAG, /**< Whether to calculate message representative */ 664 } CRYPT_PkeyCtrl; 665 666 667 typedef enum { 668 CRYPT_CTRL_SET_GM_LEVEL, /**< Set the authentication level of gm drbg */ 669 CRYPT_CTRL_SET_RESEED_INTERVAL, 670 CRYPT_CTRL_SET_RESEED_TIME, 671 CRYPT_CTRL_RAND_MAX = 0xff, 672 } CRYPT_RandCtrl; 673 674 /** 675 * @ingroup crypt_ctrl_param 676 * 677 * Set and obtain internal parameters of mac. 678 */ 679 typedef enum { 680 CRYPT_CTRL_SET_CBC_MAC_PADDING = 0, /**< set cbc-mac padding type */ 681 CRYPT_CTRL_GET_MACLEN, /* Mac get maxlen . */ 682 CRYPT_CTRL_MAC_MAX 683 } CRYPT_MacCtrl; 684 685 /** 686 * @ingroup crypt_entropy_type 687 * 688 * Entropy setting type. 689 */ 690 typedef enum { 691 CRYPT_ENTROPY_SET_POOL_SIZE = 0, /**< Sets the EntropyPool size. */ 692 CRYPT_ENTROPY_SET_CF, /**< Sets the EntropyPool conditioning function. */ 693 CRYPT_ENTROPY_ADD_NS, /**< Adding a Noise Source. */ 694 CRYPT_ENTROPY_REMOVE_NS, /**< Deleting a Noise Source. */ 695 CRYPT_ENTROPY_ENABLE_TEST, /**< Sets the Health Test. */ 696 CRYPT_ENTROPY_GET_STATE, /**< Gets the entropy source state. */ 697 CRYPT_ENTROPY_GET_POOL_SIZE, /**< Gets the entropy pool size. */ 698 CRYPT_ENTROPY_POOL_GET_CURRSIZE, /**< Gets the entropy pool current size. */ 699 CRYPT_ENTROPY_GET_CF_SIZE, /**< Gets the cf size. */ 700 CRYPT_ENTROPY_GATHER_ENTROPY, /**< Entropy source collection option. This option collects the original 701 entropy data from each noise source, obtains the full entropy output 702 after adjustment by the conditioning function, and stores the full 703 entropy output in the entropy pool. The length of the entropy output 704 obtained each time is the output length of the adjustment function. 705 The caller can use this interface to implement the automatic collection 706 function of the entropy pool. */ 707 CRYPT_ENTROPY_MAX 708 } CRYPT_ENTROPY_TYPE; 709 710 /** 711 * @ingroup crypt_padding_type 712 * 713 * Padding mode enumerated type 714 */ 715 typedef enum { 716 CRYPT_PADDING_NONE = 0, /**< Never pad (full blocks only). */ 717 CRYPT_PADDING_ZEROS, /**< Zero padding (not reversible). */ 718 CRYPT_PADDING_ISO7816, /**< ISO/IEC 7816-4 padding. */ 719 CRYPT_PADDING_X923, /**< ANSI X.923 padding. */ 720 CRYPT_PADDING_PKCS5, /**< PKCS5 padding. */ 721 CRYPT_PADDING_PKCS7, /**< PKCS7 padding. */ 722 CRYPT_PADDING_MAX_COUNT 723 } CRYPT_PaddingType; 724 725 typedef enum { 726 CRYPT_EMSA_PKCSV15 = 1, /**< PKCS1-v1_5 according to RFC8017. */ 727 CRYPT_EMSA_PSS, /**< PSS according to RFC8017. */ 728 CRYPT_RSAES_OAEP, /**< OAEP according to RFC8017. */ 729 CRYPT_RSAES_PKCSV15, /**< RSAES_PKCSV15 according to RFC8017. */ 730 CRYPT_RSA_NO_PAD, 731 CRYPT_RSAES_PKCSV15_TLS, /* Specific RSA pkcs1.5 padding verification process to 732 prevent possible Bleichenbacher attacks */ 733 CRYPT_RSA_PADDINGMAX, 734 } CRYPT_RsaPadType; 735 736 /** 737 * @ingroup crypt_types 738 * 739 * Operation type 740 */ 741 typedef enum { 742 CRYPT_EVENT_ENC, /**< Encryption. */ 743 CRYPT_EVENT_DEC, /**< Decryption. */ 744 CRYPT_EVENT_GEN, /**< Generate the key. */ 745 CRYPT_EVENT_SIGN, /**< Signature. */ 746 CRYPT_EVENT_VERIFY, /**< Verify the signature. */ 747 CRYPT_EVENT_MD, /**< Hash. */ 748 CRYPT_EVENT_MAC, /**< MAC. */ 749 CRYPT_EVENT_KDF, /**< KDF. */ 750 CRYPT_EVENT_KEYAGGREMENT, /**< Key negotiation. */ 751 CRYPT_EVENT_KEYDERIVE, /**< Derived key. */ 752 CRYPT_EVENT_RANDGEN, /**< Generating a random number. */ 753 CRYPT_EVENT_ZERO, /**< sensitive information to zero. */ 754 CRYPT_EVENT_ERR, /**< An error occurred. */ 755 CRYPT_EVENT_SETSSP, /**< Adding and Modifying Password Data and SSP. */ 756 CRYPT_EVENT_GETSSP, /**< Access password data and SSP. */ 757 CRYPT_EVENT_ENCAPS, /**< Key encapsulation. */ 758 CRYPT_EVENT_DECAPS, /**< Key decapsulation. */ 759 CRYPT_EVENT_BLIND, /**< Message blinding. */ 760 CRYPT_EVENT_UNBLIND, /**< Signature unblinding. */ 761 CRYPT_EVENT_MAX 762 } CRYPT_EVENT_TYPE; 763 764 /** 765 * @ingroup crypt_types 766 * 767 * Algorithm type 768 */ 769 typedef enum { 770 CRYPT_ALGO_CIPHER = 0, 771 CRYPT_ALGO_PKEY, 772 CRYPT_ALGO_MD, 773 CRYPT_ALGO_MAC, 774 CRYPT_ALGO_KDF, 775 CRYPT_ALGO_RAND 776 } CRYPT_ALGO_TYPE; 777 778 /** 779 * @ingroup crypt_types 780 * @brief event report. 781 * 782 * @param oper [IN] Operation type. 783 * @param type [IN] Algorithm type. 784 * @param id [IN] Algorithm ID. 785 * @param err [IN] CRYPT_SUCCESS, if successful. 786 * For other error codes, see crypt_errno.h. 787 * 788 * @retval None 789 */ 790 typedef void (*EventReport)(CRYPT_EVENT_TYPE oper, CRYPT_ALGO_TYPE type, int32_t id, int32_t err); 791 792 /** 793 * @ingroup crypt_types 794 * 795 * Event reporting callback registration interface, the EAL reports an event when the service is executed 796 * and an error is reported. 797 * If the CMVP feature is enabled, the default implementation is provided and registration is not allowed. 798 * Note that Multi-threading is not supported. 799 * 800 * @param func [IN] Event reporting and processing callback 801 * 802 * @retval NONE 803 */ 804 void CRYPT_EAL_RegEventReport(EventReport func); 805 806 /** 807 * @ingroup crypt_getInfo_type 808 * 809 * Obtain the algorithm attribute type. 810 */ 811 typedef enum { 812 CRYPT_INFO_IS_AEAD = 0, /**< Whether the AEAD algorithm is used. */ 813 CRYPT_INFO_IS_STREAM, /**< Stream encryption or not. */ 814 CRYPT_INFO_IV_LEN, /**< Algorithm IV length. */ 815 CRYPT_INFO_KEY_LEN, /**< Algorithm key length. */ 816 CRYPT_INFO_BLOCK_LEN, /**< Algorithm block length. */ 817 CRYPT_INFO_MAX 818 } CRYPT_INFO_TYPE; 819 820 typedef enum { 821 CRYPT_KDF_HKDF_MODE_FULL = 0, 822 CRYPT_KDF_HKDF_MODE_EXTRACT, 823 CRYPT_KDF_HKDF_MODE_EXPAND, 824 } CRYPT_HKDF_MODE; 825 826 typedef enum { 827 CRYPT_ENCDEC_UNKNOW, 828 CRYPT_PRIKEY_PKCS8_UNENCRYPT, 829 CRYPT_PRIKEY_PKCS8_ENCRYPT, 830 CRYPT_PRIKEY_RSA, 831 CRYPT_PRIKEY_ECC, 832 CRYPT_PUBKEY_SUBKEY, 833 CRYPT_PUBKEY_RSA, 834 CRYPT_PUBKEY_SUBKEY_WITHOUT_SEQ 835 } CRYPT_ENCDEC_TYPE; 836 837 typedef enum { 838 CRYPT_DERIVE_PBKDF2, 839 } CRYPT_DERIVE_MODE; 840 841 typedef struct { 842 uint32_t deriveMode; 843 void *param; 844 } CRYPT_EncodeParam; 845 846 typedef struct { 847 uint32_t pbesId; 848 uint32_t pbkdfId; 849 uint32_t hmacId; 850 uint32_t symId; 851 uint32_t saltLen; 852 uint8_t *pwd; 853 uint32_t pwdLen; 854 uint32_t itCnt; 855 } CRYPT_Pbkdf2Param; 856 857 typedef struct EAL_LibCtx CRYPT_EAL_LibCtx; 858 859 /* Optional parameter set for MLDSA */ 860 typedef enum { 861 CRYPT_MLDSA_TYPE_MLDSA_44 = 0x01, // MLDSA-44 862 CRYPT_MLDSA_TYPE_MLDSA_65 = 0x02, // MLDSA-65 863 CRYPT_MLDSA_TYPE_MLDSA_87 = 0x03, // MLDSA-87 864 CRYPT_MLDSA_TYPE_INVALID = 0x7fffffff // invalid value 865 } CRYPT_MLDSA_KeyType; 866 867 /* Optional parameter set for MLKEM */ 868 typedef enum { 869 CRYPT_KEM_TYPE_MLKEM_512 = 0x01, // MLKEM512 870 CRYPT_KEM_TYPE_MLKEM_768 = 0x02, // MLKEM768 871 CRYPT_KEM_TYPE_MLKEM_1024 = 0x03, // MLKEM1024 872 CRYPT_KEM_TYPE_INVALID = 0x7fffffff // invalid value 873 } CRYPT_MLKEM_KeyType; 874 875 /* Optional parameter set for SLHDSA */ 876 typedef enum { 877 CRYPT_SLH_DSA_SHA2_128S, 878 CRYPT_SLH_DSA_SHAKE_128S, 879 CRYPT_SLH_DSA_SHA2_128F, 880 CRYPT_SLH_DSA_SHAKE_128F, 881 CRYPT_SLH_DSA_SHA2_192S, 882 CRYPT_SLH_DSA_SHAKE_192S, 883 CRYPT_SLH_DSA_SHA2_192F, 884 CRYPT_SLH_DSA_SHAKE_192F, 885 CRYPT_SLH_DSA_SHA2_256S, 886 CRYPT_SLH_DSA_SHAKE_256S, 887 CRYPT_SLH_DSA_SHA2_256F, 888 CRYPT_SLH_DSA_SHAKE_256F, 889 CRYPT_SLH_DSA_ALG_ID_MAX, 890 } CRYPT_SLH_DSA_AlgId; 891 892 #ifdef __cplusplus 893 } 894 #endif // __cplusplus 895 896 #endif // CRYPT_TYPES_H 897