EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2025-08-27 09:37:30
0001 /** 0002 * \file ctr_drbg.h 0003 * 0004 * \brief This file contains definitions and functions for the 0005 * CTR_DRBG pseudorandom generator. 0006 * 0007 * CTR_DRBG is a standardized way of building a PRNG from a block-cipher 0008 * in counter mode operation, as defined in <em>NIST SP 800-90A: 0009 * Recommendation for Random Number Generation Using Deterministic Random 0010 * Bit Generators</em>. 0011 * 0012 * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 0013 * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time) 0014 * as the underlying block cipher, with a derivation function. 0015 * 0016 * The security strength as defined in NIST SP 800-90A is 0017 * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled) 0018 * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is 0019 * kept at its default value (and not overridden in mbedtls_config.h) and that the 0020 * DRBG instance is set up with default parameters. 0021 * See the documentation of mbedtls_ctr_drbg_seed() for more 0022 * information. 0023 */ 0024 /* 0025 * Copyright The Mbed TLS Contributors 0026 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 0027 */ 0028 0029 #ifndef MBEDTLS_CTR_DRBG_H 0030 #define MBEDTLS_CTR_DRBG_H 0031 #include "mbedtls/private_access.h" 0032 0033 #include "mbedtls/build_info.h" 0034 0035 /* The CTR_DRBG implementation can either directly call the low-level AES 0036 * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES 0037 * operations. Calling the AES module directly is the default, both for 0038 * maximum backward compatibility and because it's a bit more efficient 0039 * (less glue code). 0040 * 0041 * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and 0042 * thus benefits from the PSA AES accelerator driver. 0043 * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO 0044 * to use PSA even when MBEDTLS_AES_C is enabled, but there is very little 0045 * reason to do so other than testing purposes and this is not officially 0046 * supported. 0047 */ 0048 #if !defined(MBEDTLS_AES_C) 0049 #define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO 0050 #endif 0051 0052 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 0053 #include "psa/crypto.h" 0054 #else 0055 #include "mbedtls/aes.h" 0056 #endif 0057 0058 #include "entropy.h" 0059 0060 #if defined(MBEDTLS_THREADING_C) 0061 #include "mbedtls/threading.h" 0062 #endif 0063 0064 /** The entropy source failed. */ 0065 #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 0066 /** The requested random buffer length is too big. */ 0067 #define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 0068 /** The input (entropy + additional data) is too large. */ 0069 #define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 0070 /** Read or write error in file. */ 0071 #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A 0072 0073 #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ 0074 0075 #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) 0076 #define MBEDTLS_CTR_DRBG_KEYSIZE 16 0077 /**< The key size in bytes used by the cipher. 0078 * 0079 * Compile-time choice: 16 bytes (128 bits) 0080 * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled. 0081 */ 0082 #else 0083 #define MBEDTLS_CTR_DRBG_KEYSIZE 32 0084 /**< The key size in bytes used by the cipher. 0085 * 0086 * Compile-time choice: 32 bytes (256 bits) 0087 * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled. 0088 */ 0089 #endif 0090 0091 #define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, in bits. */ 0092 #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed length, calculated as (counter + AES key). */ 0093 0094 /** 0095 * \name SECTION: Module settings 0096 * 0097 * The configuration options you can set for this module are in this section. 0098 * Either change them in mbedtls_config.h or define them using the compiler command 0099 * line. 0100 * \{ 0101 */ 0102 0103 /** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN 0104 * 0105 * \brief The amount of entropy used per seed by default, in bytes. 0106 */ 0107 #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) 0108 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) 0109 /** This is 48 bytes because the entropy module uses SHA-512. 0110 */ 0111 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 0112 0113 #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ 0114 0115 /** This is 32 bytes because the entropy module uses SHA-256. 0116 */ 0117 #if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) 0118 /** \warning To achieve a 256-bit security strength, you must pass a nonce 0119 * to mbedtls_ctr_drbg_seed(). 0120 */ 0121 #endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */ 0122 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 0123 #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ 0124 #endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */ 0125 0126 #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL) 0127 #define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 0128 /**< The interval before reseed is performed by default. */ 0129 #endif 0130 0131 #if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT) 0132 #define MBEDTLS_CTR_DRBG_MAX_INPUT 256 0133 /**< The maximum number of additional input Bytes. */ 0134 #endif 0135 0136 #if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST) 0137 #define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 0138 /**< The maximum number of requested Bytes per call. */ 0139 #endif 0140 0141 #if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) 0142 #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 0143 /**< The maximum size of seed or reseed buffer in bytes. */ 0144 #endif 0145 0146 /** \} name SECTION: Module settings */ 0147 0148 #define MBEDTLS_CTR_DRBG_PR_OFF 0 0149 /**< Prediction resistance is disabled. */ 0150 #define MBEDTLS_CTR_DRBG_PR_ON 1 0151 /**< Prediction resistance is enabled. */ 0152 0153 #ifdef __cplusplus 0154 extern "C" { 0155 #endif 0156 0157 #if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 0158 /** The default length of the nonce read from the entropy source. 0159 * 0160 * This is \c 0 because a single read from the entropy source is sufficient 0161 * to include a nonce. 0162 * See the documentation of mbedtls_ctr_drbg_seed() for more information. 0163 */ 0164 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0 0165 #else 0166 /** The default length of the nonce read from the entropy source. 0167 * 0168 * This is half of the default entropy length because a single read from 0169 * the entropy source does not provide enough material to form a nonce. 0170 * See the documentation of mbedtls_ctr_drbg_seed() for more information. 0171 */ 0172 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 0173 #endif 0174 0175 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 0176 typedef struct mbedtls_ctr_drbg_psa_context { 0177 mbedtls_svc_key_id_t key_id; 0178 psa_cipher_operation_t operation; 0179 } mbedtls_ctr_drbg_psa_context; 0180 #endif 0181 0182 /** 0183 * \brief The CTR_DRBG context structure. 0184 */ 0185 typedef struct mbedtls_ctr_drbg_context { 0186 unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */ 0187 int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter. 0188 * This is the number of requests that have 0189 * been made since the last (re)seeding, 0190 * minus one. 0191 * Before the initial seeding, this field 0192 * contains the amount of entropy in bytes 0193 * to use as a nonce for the initial seeding, 0194 * or -1 if no nonce length has been explicitly 0195 * set (see mbedtls_ctr_drbg_set_nonce_len()). 0196 */ 0197 int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction 0198 resistance is enabled, that is 0199 whether to systematically reseed before 0200 each random generation. */ 0201 size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each 0202 seed or reseed operation, in bytes. */ 0203 int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval. 0204 * This is the maximum number of requests 0205 * that can be made between reseedings. */ 0206 0207 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) 0208 mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ 0209 #else 0210 mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ 0211 #endif 0212 0213 /* 0214 * Callbacks (Entropy) 0215 */ 0216 int(*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); 0217 /*!< The entropy callback function. */ 0218 0219 void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */ 0220 0221 #if defined(MBEDTLS_THREADING_C) 0222 /* Invariant: the mutex is initialized if and only if f_entropy != NULL. 0223 * This means that the mutex is initialized during the initial seeding 0224 * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free(). 0225 * 0226 * Note that this invariant may change without notice. Do not rely on it 0227 * and do not access the mutex directly in application code. 0228 */ 0229 mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); 0230 #endif 0231 } 0232 mbedtls_ctr_drbg_context; 0233 0234 /** 0235 * \brief This function initializes the CTR_DRBG context, 0236 * and prepares it for mbedtls_ctr_drbg_seed() 0237 * or mbedtls_ctr_drbg_free(). 0238 * 0239 * \note The reseed interval is 0240 * #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default. 0241 * You can override it by calling 0242 * mbedtls_ctr_drbg_set_reseed_interval(). 0243 * 0244 * \param ctx The CTR_DRBG context to initialize. 0245 */ 0246 void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx); 0247 0248 /** 0249 * \brief This function seeds and sets up the CTR_DRBG 0250 * entropy source for future reseeds. 0251 * 0252 * A typical choice for the \p f_entropy and \p p_entropy parameters is 0253 * to use the entropy module: 0254 * - \p f_entropy is mbedtls_entropy_func(); 0255 * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized 0256 * with mbedtls_entropy_init() (which registers the platform's default 0257 * entropy sources). 0258 * 0259 * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default. 0260 * You can override it by calling mbedtls_ctr_drbg_set_entropy_len(). 0261 * 0262 * The entropy nonce length is: 0263 * - \c 0 if the entropy length is at least 3/2 times the entropy length, 0264 * which guarantees that the security strength is the maximum permitted 0265 * by the key size and entropy length according to NIST SP 800-90A §10.2.1; 0266 * - Half the entropy length otherwise. 0267 * You can override it by calling mbedtls_ctr_drbg_set_nonce_len(). 0268 * With the default entropy length, the entropy nonce length is 0269 * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN. 0270 * 0271 * You can provide a nonce and personalization string in addition to the 0272 * entropy source, to make this instantiation as unique as possible. 0273 * See SP 800-90A §8.6.7 for more details about nonces. 0274 * 0275 * The _seed_material_ value passed to the derivation function in 0276 * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2 0277 * is the concatenation of the following strings: 0278 * - A string obtained by calling \p f_entropy function for the entropy 0279 * length. 0280 */ 0281 #if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0 0282 /** 0283 * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string 0284 * obtained by calling \p f_entropy function for the specified length. 0285 */ 0286 #else 0287 /** 0288 * - A string obtained by calling \p f_entropy function for the entropy nonce 0289 * length. If the entropy nonce length is \c 0, this function does not 0290 * make a second call to \p f_entropy. 0291 */ 0292 #endif 0293 #if defined(MBEDTLS_THREADING_C) 0294 /** 0295 * \note When Mbed TLS is built with threading support, 0296 * after this function returns successfully, 0297 * it is safe to call mbedtls_ctr_drbg_random() 0298 * from multiple threads. Other operations, including 0299 * reseeding, are not thread-safe. 0300 */ 0301 #endif /* MBEDTLS_THREADING_C */ 0302 /** 0303 * - The \p custom string. 0304 * 0305 * \note To achieve the nominal security strength permitted 0306 * by CTR_DRBG, the entropy length must be: 0307 * - at least 16 bytes for a 128-bit strength 0308 * (maximum achievable strength when using AES-128); 0309 * - at least 32 bytes for a 256-bit strength 0310 * (maximum achievable strength when using AES-256). 0311 * 0312 * In addition, if you do not pass a nonce in \p custom, 0313 * the sum of the entropy length 0314 * and the entropy nonce length must be: 0315 * - at least 24 bytes for a 128-bit strength 0316 * (maximum achievable strength when using AES-128); 0317 * - at least 48 bytes for a 256-bit strength 0318 * (maximum achievable strength when using AES-256). 0319 * 0320 * \param ctx The CTR_DRBG context to seed. 0321 * It must have been initialized with 0322 * mbedtls_ctr_drbg_init(). 0323 * After a successful call to mbedtls_ctr_drbg_seed(), 0324 * you may not call mbedtls_ctr_drbg_seed() again on 0325 * the same context unless you call 0326 * mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init() 0327 * again first. 0328 * After a failed call to mbedtls_ctr_drbg_seed(), 0329 * you must call mbedtls_ctr_drbg_free(). 0330 * \param f_entropy The entropy callback, taking as arguments the 0331 * \p p_entropy context, the buffer to fill, and the 0332 * length of the buffer. 0333 * \p f_entropy is always called with a buffer size 0334 * less than or equal to the entropy length. 0335 * \param p_entropy The entropy context to pass to \p f_entropy. 0336 * \param custom The personalization string. 0337 * This can be \c NULL, in which case the personalization 0338 * string is empty regardless of the value of \p len. 0339 * \param len The length of the personalization string. 0340 * This must be at most 0341 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 0342 * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN. 0343 * 0344 * \return \c 0 on success. 0345 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. 0346 */ 0347 int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, 0348 int (*f_entropy)(void *, unsigned char *, size_t), 0349 void *p_entropy, 0350 const unsigned char *custom, 0351 size_t len); 0352 0353 /** 0354 * \brief This function resets CTR_DRBG context to the state immediately 0355 * after initial call of mbedtls_ctr_drbg_init(). 0356 * 0357 * \param ctx The CTR_DRBG context to clear. 0358 */ 0359 void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx); 0360 0361 /** 0362 * \brief This function turns prediction resistance on or off. 0363 * The default value is off. 0364 * 0365 * \note If enabled, entropy is gathered at the beginning of 0366 * every call to mbedtls_ctr_drbg_random_with_add() 0367 * or mbedtls_ctr_drbg_random(). 0368 * Only use this if your entropy source has sufficient 0369 * throughput. 0370 * 0371 * \param ctx The CTR_DRBG context. 0372 * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF. 0373 */ 0374 void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, 0375 int resistance); 0376 0377 /** 0378 * \brief This function sets the amount of entropy grabbed on each 0379 * seed or reseed. 0380 * 0381 * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN. 0382 * 0383 * \note The security strength of CTR_DRBG is bounded by the 0384 * entropy length. Thus: 0385 * - When using AES-256 0386 * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled, 0387 * which is the default), 0388 * \p len must be at least 32 (in bytes) 0389 * to achieve a 256-bit strength. 0390 * - When using AES-128 0391 * (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled) 0392 * \p len must be at least 16 (in bytes) 0393 * to achieve a 128-bit strength. 0394 * 0395 * \param ctx The CTR_DRBG context. 0396 * \param len The amount of entropy to grab, in bytes. 0397 * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 0398 * and at most the maximum length accepted by the 0399 * entropy function that is set in the context. 0400 */ 0401 void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, 0402 size_t len); 0403 0404 /** 0405 * \brief This function sets the amount of entropy grabbed 0406 * as a nonce for the initial seeding. 0407 * 0408 * Call this function before calling mbedtls_ctr_drbg_seed() to read 0409 * a nonce from the entropy source during the initial seeding. 0410 * 0411 * \param ctx The CTR_DRBG context. 0412 * \param len The amount of entropy to grab for the nonce, in bytes. 0413 * This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 0414 * and at most the maximum length accepted by the 0415 * entropy function that is set in the context. 0416 * 0417 * \return \c 0 on success. 0418 * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is 0419 * more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. 0420 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED 0421 * if the initial seeding has already taken place. 0422 */ 0423 int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, 0424 size_t len); 0425 0426 /** 0427 * \brief This function sets the reseed interval. 0428 * 0429 * The reseed interval is the number of calls to mbedtls_ctr_drbg_random() 0430 * or mbedtls_ctr_drbg_random_with_add() after which the entropy function 0431 * is called again. 0432 * 0433 * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL. 0434 * 0435 * \param ctx The CTR_DRBG context. 0436 * \param interval The reseed interval. 0437 */ 0438 void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, 0439 int interval); 0440 0441 /** 0442 * \brief This function reseeds the CTR_DRBG context, that is 0443 * extracts data from the entropy source. 0444 * 0445 * \note This function is not thread-safe. It is not safe 0446 * to call this function if another thread might be 0447 * concurrently obtaining random numbers from the same 0448 * context or updating or reseeding the same context. 0449 * 0450 * \param ctx The CTR_DRBG context. 0451 * \param additional Additional data to add to the state. Can be \c NULL. 0452 * \param len The length of the additional data. 0453 * This must be less than 0454 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len 0455 * where \c entropy_len is the entropy length 0456 * configured for the context. 0457 * 0458 * \return \c 0 on success. 0459 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. 0460 */ 0461 int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, 0462 const unsigned char *additional, size_t len); 0463 0464 /** 0465 * \brief This function updates the state of the CTR_DRBG context. 0466 * 0467 * \note This function is not thread-safe. It is not safe 0468 * to call this function if another thread might be 0469 * concurrently obtaining random numbers from the same 0470 * context or updating or reseeding the same context. 0471 * 0472 * \param ctx The CTR_DRBG context. 0473 * \param additional The data to update the state with. This must not be 0474 * \c NULL unless \p add_len is \c 0. 0475 * \param add_len Length of \p additional in bytes. This must be at 0476 * most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. 0477 * 0478 * \return \c 0 on success. 0479 * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if 0480 * \p add_len is more than 0481 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. 0482 * \return An error from the underlying AES cipher on failure. 0483 */ 0484 int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, 0485 const unsigned char *additional, 0486 size_t add_len); 0487 0488 /** 0489 * \brief This function updates a CTR_DRBG instance with additional 0490 * data and uses it to generate random data. 0491 * 0492 * This function automatically reseeds if the reseed counter is exceeded 0493 * or prediction resistance is enabled. 0494 * 0495 * \note This function is not thread-safe. It is not safe 0496 * to call this function if another thread might be 0497 * concurrently obtaining random numbers from the same 0498 * context or updating or reseeding the same context. 0499 * 0500 * \param p_rng The CTR_DRBG context. This must be a pointer to a 0501 * #mbedtls_ctr_drbg_context structure. 0502 * \param output The buffer to fill. 0503 * \param output_len The length of the buffer in bytes. 0504 * \param additional Additional data to update. Can be \c NULL, in which 0505 * case the additional data is empty regardless of 0506 * the value of \p add_len. 0507 * \param add_len The length of the additional data 0508 * if \p additional is not \c NULL. 0509 * This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT 0510 * and less than 0511 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len 0512 * where \c entropy_len is the entropy length 0513 * configured for the context. 0514 * 0515 * \return \c 0 on success. 0516 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or 0517 * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. 0518 */ 0519 int mbedtls_ctr_drbg_random_with_add(void *p_rng, 0520 unsigned char *output, size_t output_len, 0521 const unsigned char *additional, size_t add_len); 0522 0523 /** 0524 * \brief This function uses CTR_DRBG to generate random data. 0525 * 0526 * This function automatically reseeds if the reseed counter is exceeded 0527 * or prediction resistance is enabled. 0528 */ 0529 #if defined(MBEDTLS_THREADING_C) 0530 /** 0531 * \note When Mbed TLS is built with threading support, 0532 * it is safe to call mbedtls_ctr_drbg_random() 0533 * from multiple threads. Other operations, including 0534 * reseeding, are not thread-safe. 0535 */ 0536 #endif /* MBEDTLS_THREADING_C */ 0537 /** 0538 * \param p_rng The CTR_DRBG context. This must be a pointer to a 0539 * #mbedtls_ctr_drbg_context structure. 0540 * \param output The buffer to fill. 0541 * \param output_len The length of the buffer in bytes. 0542 * 0543 * \return \c 0 on success. 0544 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or 0545 * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. 0546 */ 0547 int mbedtls_ctr_drbg_random(void *p_rng, 0548 unsigned char *output, size_t output_len); 0549 0550 #if defined(MBEDTLS_FS_IO) 0551 /** 0552 * \brief This function writes a seed file. 0553 * 0554 * \param ctx The CTR_DRBG context. 0555 * \param path The name of the file. 0556 * 0557 * \return \c 0 on success. 0558 * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. 0559 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed 0560 * failure. 0561 */ 0562 int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); 0563 0564 /** 0565 * \brief This function reads and updates a seed file. The seed 0566 * is added to this instance. 0567 * 0568 * \param ctx The CTR_DRBG context. 0569 * \param path The name of the file. 0570 * 0571 * \return \c 0 on success. 0572 * \return #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error. 0573 * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on 0574 * reseed failure. 0575 * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing 0576 * seed file is too large. 0577 */ 0578 int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); 0579 #endif /* MBEDTLS_FS_IO */ 0580 0581 #if defined(MBEDTLS_SELF_TEST) 0582 0583 /** 0584 * \brief The CTR_DRBG checkup routine. 0585 * 0586 * \return \c 0 on success. 0587 * \return \c 1 on failure. 0588 */ 0589 int mbedtls_ctr_drbg_self_test(int verbose); 0590 0591 #endif /* MBEDTLS_SELF_TEST */ 0592 0593 #ifdef __cplusplus 0594 } 0595 #endif 0596 0597 #endif /* ctr_drbg.h */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|