Chapter 3 - Functional description of Azure RTOS NetX Crypto

Execution Overview

This chapter contains a functional description of Azure RTOS NetX Crypto. There are two primary types of program execution in a NetX Crypto application: initialization and application interface calls.

NetX Crypto can be used as a standalone cryptographic library, or can be used with ThreadX, NetX, and/or NetX Secure.

AES

  • Algorithm Standard:: NetX Crypto implements AES according to NIST FIPS 197, which can be found at: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf
  • Key Lengths Supported: 128, 192, 256
  • Modes Supported:
    • CBC, CTR, (Key length 128-, 192-, 256-bit)
    • XCBC (key length 128-bit only),
    • CCM8 (key length 128-bit only)
  • Memory Requirements: Application specifies input buffer and output buffer and an AES control structure. The AES control structure maintains AES algorithm state between calls to the API. The input buffer contains data to be encrypted or decrypted, and can be arbitrary size. The output buffer is used by AES to store data being processed by AES. The output buffer size must be no smaller than the input buffer size, and must be a multiple of 16 bytes, the AES block size. The input and output buffers must be contiguous memory and may not overlap, except in the special case of encrypting in-place (using the same memory for input and output). When encrypting in-place, the output buffer starts at exactly the same location as the input buffer, and must be no smaller than the input buffer. When AES encryption operates in-place no extra scratch memory is required.

3DES

  • Algorithm Standard: NetX Crypto implements Tripple DES(TDES, also known as 3DES) according to NIST Special Publication 800-67 rev 2: "Recommendataion for the Triple Data Encryption Algorithm (TDES) Block Cipher", which can be found at: https://csrc.nist.gov/publications/detail/sp/800-67/rev-2/final
  • Key Length Supported: 64 * 3 = 192
  • Memory Requreiment:: None

In NetX Crypto, the term "3DES" is used interchangeably with "TDES".

MD5

  • Algorithm Standard: NetX Crypto implements MD5 according to RFC 1321: "The MD5 Message-Digest Algorithm"
  • Memory Requirement: The application must supply an MD5 control block structure, used to maintain state between MD5 operations.

SHA1, SHA256/512

  • Algorithm Standard: NetX Crypto implements SHA1/256/512 according to NIST FIPS publication 180-4: "Secure Hash Standard", which can be found at: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

  • Hash block size::

    • SHA1: 160 bits hash value
    • SHA 224: 224 bits hash value
    • SHA 256: 256 bits hash value
    • SHA 384: 384 bits hash value
    • SHA 512: 512 bits hash value
    • SHA 512/224: 224 bits hash value
    • SHA 512/256: 256 bits hash value

    In NetX Crypto, SHA256 routines are used to hadn SHA256 and SHA224. SHA512 routines are used to hand SHA512, SHA384, SHA512/224 and SHA512/256.

  • Memory Requirement: The application must provide a SHA control block structure for maintaining state between operations.

RSA

HMAC

Elliptic Curve

  • Standard: NetX Crypto implements Elliptic Curve. The supported named curves are (prime field only):

    • P-192
    • P-224
    • P-256
    • P-384
    • P-521

    Tip

    Uncompressed format is supported. See section 2.3.3 and 2.3.4 of SEC1-v1: http://www.secg.org/sec1-v2.pdf

  • Memory Requirement: None

ECDSA

  • Standard: NetX Crypto implements ECDSA according to FIPS PUB 186-4: "Digital Signature Standard (DSS)", which can be found at: https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.186-4.pdf
  • Memory Requirement: The application must provide an ECDSA control block structure for maintaining state between operations.

ECDH

Important

In Azure RTOS 6.0, ECDH routines should only be used for ECDHE cryptography as ECDH with a static private key requires input point validation to be secure.

  • Standard: NetX Crypto implements ECDH according to FIPS PUB 800-56Ar2: "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography", which can be found at: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-56ar2.pdf
  • Memory Requirement: The application must provide an ECDH control block structure for maintaining state between operations.

DRBG

  • Standard: NetX Crypto implements DRBG according to FIPS PUB 800-90Ar1: "Recommendation for Random Number Generation Using Deterministic Random Bit Generators", which can be found at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf
  • Memory Requirement: The application must provide an DRBG control block structure for maintaining state between operations.

FIPS-Compliant

NetX Crypto FIPS 140-2