EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2026-05-10 08:44:50
0001 /** 0002 * \file ctr_drbg.h 0003 * 0004 * \brief This file contains definitions and functions for the 0005 * CTR_DRBG pseudorandom generator. 0006 * 0007 * CTR_DRBG is a standardized way of building a PRNG from a block-cipher 0008 * in counter mode operation, as defined in <em>NIST SP 800-90A: 0009 * Recommendation for Random Number Generation Using Deterministic Random 0010 * Bit Generators</em>. 0011 * 0012 * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 0013 * (if #MBEDTLS_PSA_CRYPTO_RNG_STRENGTH is 128) as the underlying block cipher, 0014 * with a derivation function. 0015 * 0016 * The security strength as defined in NIST SP 800-90A is 0017 * 128 bits when AES-128 is used and 256 bits otherwise, provided that 0018 * #MBEDTLS_CTR_DRBG_ENTROPY_LEN is kept at its default value and that the DRBG 0019 * instance is set up with default parameters. See the documentation of 0020 * mbedtls_ctr_drbg_seed() for more information. 0021 */ 0022 /* 0023 * Copyright The Mbed TLS Contributors 0024 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 0025 */ 0026 0027 #ifndef MBEDTLS_CTR_DRBG_H 0028 #define MBEDTLS_CTR_DRBG_H 0029 #include "mbedtls/private_access.h" 0030 0031 #include "tf-psa-crypto/build_info.h" 0032 0033 /* The CTR_DRBG implementation can either directly call the low-level AES 0034 * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES 0035 * operations. Calling the AES module directly is the default, both for 0036 * maximum backward compatibility and because it's a bit more efficient 0037 * (less glue code). 0038 * 0039 * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and 0040 * thus benefits from the PSA AES accelerator driver. 0041 * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO 0042 * to use PSA even when MBEDTLS_AES_C is enabled, but there is very little 0043 * reason to do so other than testing purposes and this is not officially 0044 * supported. 0045 */ 0046 #if !defined(MBEDTLS_AES_C) 0047 #define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO 0048 #endif 0049 0050 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 0051 #include "psa/crypto.h" 0052 #else 0053 #include "mbedtls/private/aes.h" 0054 #endif 0055 0056 #include "mbedtls/private/entropy.h" 0057 0058 #if defined(MBEDTLS_THREADING_C) 0059 #include "mbedtls/threading.h" 0060 #endif 0061 0062 /** The entropy source failed. */ 0063 #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 0064 /** The requested random buffer length is too big. */ 0065 #define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 0066 /** The input (entropy + additional data) is too large. */ 0067 #define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 0068 /** Read or write error in file. */ 0069 #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A 0070 0071 #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ 0072 0073 #if MBEDTLS_PSA_CRYPTO_RNG_STRENGTH == 128 0074 #define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY 0075 #define MBEDTLS_CTR_DRBG_KEYSIZE 16 0076 /**< The key size in bytes used by the cipher. 0077 * 0078 * Compile-time choice: 16 bytes (128 bits) 0079 * because #MBEDTLS_PSA_CRYPTO_RNG_STRENGTH is 128. 0080 */ 0081 #else 0082 #define MBEDTLS_CTR_DRBG_KEYSIZE 32 0083 /**< The key size in bytes used by the cipher. 0084 * 0085 * Compile-time choice: 32 bytes (256 bits) 0086 * because #MBEDTLS_PSA_CRYPTO_RNG_STRENGTH is NOT 128. 0087 */ 0088 #endif 0089 0090 #define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */ 0091 #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ 0092 0093 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 0094 /**< The amount of entropy used per seed by default, in bytes. */ 0095 0096 #if !defined(MBEDTLS_PSA_RNG_RESEED_INTERVAL) 0097 #define MBEDTLS_PSA_RNG_RESEED_INTERVAL 10000 0098 /**< The interval before reseed is performed by default. */ 0099 #endif 0100 0101 #define MBEDTLS_CTR_DRBG_MAX_INPUT 256 0102 /**< The maximum number of additional input Bytes. */ 0103 #define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 0104 /**< The maximum number of requested Bytes per call. */ 0105 #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 0106 /**< The maximum size of seed or reseed buffer in bytes. */ 0107 0108 #define MBEDTLS_CTR_DRBG_PR_OFF 0 0109 /**< Prediction resistance is disabled. */ 0110 #define MBEDTLS_CTR_DRBG_PR_ON 1 0111 /**< Prediction resistance is enabled. */ 0112 0113 #ifdef __cplusplus 0114 extern "C" { 0115 #endif 0116 0117 #if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 0118 /** The default length of the nonce read from the entropy source. 0119 * 0120 * This is \c 0 because a single read from the entropy source is sufficient 0121 * to include a nonce. 0122 * See the documentation of mbedtls_ctr_drbg_seed() for more information. 0123 */ 0124 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0 0125 #else 0126 /** The default length of the nonce read from the entropy source. 0127 * 0128 * This is half of the default entropy length because a single read from 0129 * the entropy source does not provide enough material to form a nonce. 0130 * See the documentation of mbedtls_ctr_drbg_seed() for more information. 0131 */ 0132 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 0133 #endif 0134 0135 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 0136 typedef struct mbedtls_ctr_drbg_psa_context { 0137 mbedtls_svc_key_id_t key_id; 0138 psa_cipher_operation_t operation; 0139 } mbedtls_ctr_drbg_psa_context; 0140 #endif 0141 0142 /** 0143 * \brief The CTR_DRBG context structure. 0144 */ 0145 typedef struct mbedtls_ctr_drbg_context { 0146 unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */ 0147 int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter. 0148 * This is the number of requests that have 0149 * been made since the last (re)seeding, 0150 * minus one. 0151 * Before the initial seeding, this field 0152 * contains the amount of entropy in bytes 0153 * to use as a nonce for the initial seeding, 0154 * or -1 if no nonce length has been explicitly 0155 * set (see mbedtls_ctr_drbg_set_nonce_len()). 0156 */ 0157 int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction 0158 resistance is enabled, that is 0159 whether to systematically reseed before 0160 each random generation. */ 0161 size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each 0162 seed or reseed operation, in bytes. */ 0163 int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval. 0164 * This is the maximum number of requests 0165 * that can be made between reseedings. */ 0166 0167 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 0168 mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ 0169 #else 0170 mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ 0171 #endif 0172 0173 /* 0174 * Callbacks (Entropy) 0175 */ 0176 int(*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); 0177 /*!< The entropy callback function. */ 0178 0179 void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */ 0180 0181 #if defined(MBEDTLS_THREADING_C) 0182 /* Invariant: the mutex is initialized if and only if f_entropy != NULL. 0183 * This means that the mutex is initialized during the initial seeding 0184 * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free(). 0185 * 0186 * Note that this invariant may change without notice. Do not rely on it 0187 * and do not access the mutex directly in application code. 0188 */ 0189 mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); 0190 #endif 0191 } 0192 mbedtls_ctr_drbg_context; 0193 0194 /** 0195 * \brief This function initializes the CTR_DRBG context, 0196 * and prepares it for mbedtls_ctr_drbg_seed() 0197 * or mbedtls_ctr_drbg_free(). 0198 * 0199 * \note The reseed interval is 0200 * #MBEDTLS_PSA_RNG_RESEED_INTERVAL by default. 0201 * You can override it by calling 0202 * mbedtls_ctr_drbg_set_reseed_interval(). 0203 * 0204 * \param ctx The CTR_DRBG context to initialize. 0205 */ 0206 void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx); 0207 0208 /** 0209 * \brief This function seeds and sets up the CTR_DRBG 0210 * entropy source for future reseeds. 0211 * 0212 * A typical choice for the \p f_entropy and \p p_entropy parameters is 0213 * to use the entropy module: 0214 * - \p f_entropy is mbedtls_entropy_func(); 0215 * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized 0216 * with mbedtls_entropy_init() (which registers the platform's default 0217 * entropy sources). 0218 * 0219 * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default. 0220 * You can override it by calling mbedtls_ctr_drbg_set_entropy_len(). 0221 * 0222 * The entropy nonce length is: 0223 * - \c 0 if the entropy length is at least 3/2 times the entropy length, 0224 * which guarantees that the security strength is the maximum permitted 0225 * by the key size and entropy length according to NIST SP 800-90A §10.2.1; 0226 * - Half the entropy length otherwise. 0227 * You can override it by calling mbedtls_ctr_drbg_set_nonce_len(). 0228 * With the default entropy length, the entropy nonce length is 0229 * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN. 0230 * 0231 * You can provide a nonce and personalization string in addition to the 0232 * entropy source, to make this instantiation as unique as possible. 0233 * See SP 800-90A §8.6.7 for more details about nonces. 0234 * 0235 * The _seed_material_ value passed to the derivation function in 0236 * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2 0237 * is the concatenation of the following strings: 0238 * - A string obtained by calling \p f_entropy function for the entropy 0239 * length. 0240 */ 0241 #if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0 0242 /** 0243 * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string 0244 * obtained by calling \p f_entropy function for the specified length. 0245 */ 0246 #else 0247 /** 0248 * - A string obtained by calling \p f_entropy function for the entropy nonce 0249 * length. If the entropy nonce length is \c 0, this function does not 0250 * make a second call to \p f_entropy. 0251 */ 0252 #endif 0253 #if defined(MBEDTLS_THREADING_C) 0254 /** 0255 * \note When Mbed TLS is built with threading support, 0256 * after this function returns successfully, 0257 * it is safe to call mbedtls_ctr_drbg_random() 0258 * from multiple threads. Other operations, including 0259 * reseeding, are not thread-safe. 0260 */ 0261 #endif /* MBEDTLS_THREADING_C */ 0262 /** 0263 * - The \p custom string. 0264 * 0265 * \note To achieve the nominal security strength permitted 0266 * by CTR_DRBG, the entropy length must be: 0267 * - at least 16 bytes for a 128-bit strength 0268 * (maximum achievable strength when using AES-128); 0269 * - at least 32 bytes for a 256-bit strength 0270 * (maximum achievable strength when using AES-256). 0271 * 0272 * In addition, if you do not pass a nonce in \p custom, 0273 * the sum of the entropy length 0274 * and the entropy nonce length must be: 0275 * - at least 24 bytes for a 128-bit strength 0276 * (maximum achievable strength when using AES-128); 0277 * - at least 48 bytes for a 256-bit strength 0278 * (maximum achievable strength when using AES-256). 0279 * 0280 * \param ctx The CTR_DRBG context to seed. 0281 * It must have been initialized with 0282 * mbedtls_ctr_drbg_init(). 0283 * After a successful call to mbedtls_ctr_drbg_seed(), 0284 * you may not call mbedtls_ctr_drbg_seed() again on 0285 * the same context unless you call 0286 * mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init() 0287 * again first. 0288 * After a failed call to mbedtls_ctr_drbg_seed(), 0289 * you must call mbedtls_ctr_drbg_free(). 0290 * \param f_entropy The entropy callback, taking as arguments the 0291 * \p p_entropy context, the buffer to fill, and the 0292 * length of the buffer. 0293 * \p f_entropy is always called with a buffer size 0294 * less than or equal to the entropy length. 0295 * \param p_entropy The entropy context to pass to \p f_entropy. 0296 * \param custom The personalization string. 0297 * This can be \c NULL, in which case the personalization 0298 * string is empty regardless of the value of \p len. 0299 * \param len The length of the personalization string. 0300 * This must be at most 0301 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 0302 * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN. 0303 * 0304 * \return \c 0 on success. 0305 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. 0306 */ 0307 int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, 0308 int (*f_entropy)(void *, unsigned char *, size_t), 0309 void *p_entropy, 0310 const unsigned char *custom, 0311 size_t len); 0312 0313 /** 0314 * \brief This function resets CTR_DRBG context to the state immediately 0315 * after initial call of mbedtls_ctr_drbg_init(). 0316 * 0317 * \param ctx The CTR_DRBG context to clear. 0318 */ 0319 void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx); 0320 0321 /** 0322 * \brief This function turns prediction resistance on or off. 0323 * The default value is off. 0324 * 0325 * \note If enabled, entropy is gathered at the beginning of 0326 * every call to mbedtls_ctr_drbg_random_with_add() 0327 * or mbedtls_ctr_drbg_random(). 0328 * Only use this if your entropy source has sufficient 0329 * throughput. 0330 * 0331 * \param ctx The CTR_DRBG context. 0332 * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF. 0333 */ 0334 void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, 0335 int resistance); 0336 0337 /** 0338 * \brief This function sets the amount of entropy grabbed on each 0339 * seed or reseed. 0340 * 0341 * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN. 0342 * 0343 * \note The security strength of CTR_DRBG is bounded by the 0344 * entropy length. Thus: 0345 * - When using AES-256 (#MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 0346 * is 256, which is the default), 0347 * \p len must be at least 32 (in bytes) 0348 * to achieve a 256-bit strength. 0349 * - When using AES-128 (#MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 0350 * is 128) \p len must be at least 16 (in bytes) to 0351 * achieve a 128-bit strength. 0352 * 0353 * \param ctx The CTR_DRBG context. 0354 * \param len The amount of entropy to grab, in bytes. 0355 * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 0356 * and at most the maximum length accepted by the 0357 * entropy function that is set in the context. 0358 */ 0359 void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, 0360 size_t len); 0361 0362 /** 0363 * \brief This function sets the amount of entropy grabbed 0364 * as a nonce for the initial seeding. 0365 * 0366 * Call this function before calling mbedtls_ctr_drbg_seed() to read 0367 * a nonce from the entropy source during the initial seeding. 0368 * 0369 * \param ctx The CTR_DRBG context. 0370 * \param len The amount of entropy to grab for the nonce, in bytes. 0371 * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 0372 * and at most the maximum length accepted by the 0373 * entropy function that is set in the context. 0374 * 0375 * \return \c 0 on success. 0376 * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is 0377 * more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. 0378 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED 0379 * if the initial seeding has already taken place. 0380 */ 0381 int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, 0382 size_t len); 0383 0384 /** 0385 * \brief This function sets the reseed interval. 0386 * 0387 * The reseed interval is the number of calls to mbedtls_ctr_drbg_random() 0388 * or mbedtls_ctr_drbg_random_with_add() after which the entropy function 0389 * is called again. 0390 * 0391 * The default value is #MBEDTLS_PSA_RNG_RESEED_INTERVAL. 0392 * 0393 * \param ctx The CTR_DRBG context. 0394 * \param interval The reseed interval. 0395 */ 0396 void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, 0397 int interval); 0398 0399 /** 0400 * \brief This function reseeds the CTR_DRBG context, that is 0401 * extracts data from the entropy source. 0402 * 0403 * \note This function is not thread-safe. It is not safe 0404 * to call this function if another thread might be 0405 * concurrently obtaining random numbers from the same 0406 * context or updating or reseeding the same context. 0407 * 0408 * \param ctx The CTR_DRBG context. 0409 * \param additional Additional data to add to the state. Can be \c NULL. 0410 * \param len The length of the additional data. 0411 * This must be less than 0412 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len 0413 * where \c entropy_len is the entropy length 0414 * configured for the context. 0415 * 0416 * \return \c 0 on success. 0417 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. 0418 */ 0419 int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, 0420 const unsigned char *additional, size_t len); 0421 0422 /** 0423 * \brief This function updates the state of the CTR_DRBG context. 0424 * 0425 * \note This function is not thread-safe. It is not safe 0426 * to call this function if another thread might be 0427 * concurrently obtaining random numbers from the same 0428 * context or updating or reseeding the same context. 0429 * 0430 * \param ctx The CTR_DRBG context. 0431 * \param additional The data to update the state with. This must not be 0432 * \c NULL unless \p add_len is \c 0. 0433 * \param add_len Length of \p additional in bytes. This must be at 0434 * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. 0435 * 0436 * \return \c 0 on success. 0437 * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if 0438 * \p add_len is more than 0439 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. 0440 * \return An error from the underlying AES cipher on failure. 0441 */ 0442 int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, 0443 const unsigned char *additional, 0444 size_t add_len); 0445 0446 /** 0447 * \brief This function updates a CTR_DRBG instance with additional 0448 * data and uses it to generate random data. 0449 * 0450 * This function automatically reseeds if the reseed counter is exceeded 0451 * or prediction resistance is enabled. 0452 * 0453 * \note This function is not thread-safe. It is not safe 0454 * to call this function if another thread might be 0455 * concurrently obtaining random numbers from the same 0456 * context or updating or reseeding the same context. 0457 * 0458 * \param p_rng The CTR_DRBG context. This must be a pointer to a 0459 * #mbedtls_ctr_drbg_context structure. 0460 * \param output The buffer to fill. 0461 * \param output_len The length of the buffer in bytes. 0462 * \param additional Additional data to update. Can be \c NULL, in which 0463 * case the additional data is empty regardless of 0464 * the value of \p add_len. 0465 * \param add_len The length of the additional data 0466 * if \p additional is not \c NULL. 0467 * This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT 0468 * and less than 0469 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len 0470 * where \c entropy_len is the entropy length 0471 * configured for the context. 0472 * 0473 * \return \c 0 on success. 0474 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or 0475 * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. 0476 */ 0477 int mbedtls_ctr_drbg_random_with_add(void *p_rng, 0478 unsigned char *output, size_t output_len, 0479 const unsigned char *additional, size_t add_len); 0480 0481 /** 0482 * \brief This function uses CTR_DRBG to generate random data. 0483 * 0484 * This function automatically reseeds if the reseed counter is exceeded 0485 * or prediction resistance is enabled. 0486 */ 0487 #if defined(MBEDTLS_THREADING_C) 0488 /** 0489 * \note When Mbed TLS is built with threading support, 0490 * it is safe to call mbedtls_ctr_drbg_random() 0491 * from multiple threads. Other operations, including 0492 * reseeding, are not thread-safe. 0493 */ 0494 #endif /* MBEDTLS_THREADING_C */ 0495 /** 0496 * \param p_rng The CTR_DRBG context. This must be a pointer to a 0497 * #mbedtls_ctr_drbg_context structure. 0498 * \param output The buffer to fill. 0499 * \param output_len The length of the buffer in bytes. 0500 * 0501 * \return \c 0 on success. 0502 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or 0503 * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. 0504 */ 0505 int mbedtls_ctr_drbg_random(void *p_rng, 0506 unsigned char *output, size_t output_len); 0507 0508 #if defined(MBEDTLS_FS_IO) 0509 /** 0510 * \brief This function writes a seed file. 0511 * 0512 * \param ctx The CTR_DRBG context. 0513 * \param path The name of the file. 0514 * 0515 * \return \c 0 on success. 0516 * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. 0517 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed 0518 * failure. 0519 */ 0520 int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); 0521 0522 /** 0523 * \brief This function reads and updates a seed file. The seed 0524 * is added to this instance. 0525 * 0526 * \param ctx The CTR_DRBG context. 0527 * \param path The name of the file. 0528 * 0529 * \return \c 0 on success. 0530 * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. 0531 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on 0532 * reseed failure. 0533 * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing 0534 * seed file is too large. 0535 */ 0536 int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); 0537 #endif /* MBEDTLS_FS_IO */ 0538 0539 #if defined(MBEDTLS_SELF_TEST) 0540 0541 /** 0542 * \brief The CTR_DRBG checkup routine. 0543 * 0544 * \return \c 0 on success. 0545 * \return \c 1 on failure. 0546 */ 0547 int mbedtls_ctr_drbg_self_test(int verbose); 0548 0549 #endif /* MBEDTLS_SELF_TEST */ 0550 0551 #ifdef __cplusplus 0552 } 0553 #endif 0554 0555 #endif /* ctr_drbg.h */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|