Mbed TLS v3.6.0
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ctr_drbg.h
Go to the documentation of this file.
1 
24 /*
25  * Copyright The Mbed TLS Contributors
26  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
27  */
28 
29 #ifndef MBEDTLS_CTR_DRBG_H
30 #define MBEDTLS_CTR_DRBG_H
31 #include "mbedtls/private_access.h"
32 
33 #include "mbedtls/build_info.h"
34 
35 /* In case AES_C is defined then it is the primary option for backward
36  * compatibility purposes. If that's not available, PSA is used instead */
37 #if defined(MBEDTLS_AES_C)
38 #include "mbedtls/aes.h"
39 #else
40 #include "psa/crypto.h"
41 #endif
42 
43 #include "entropy.h"
44 
45 #if defined(MBEDTLS_THREADING_C)
46 #include "mbedtls/threading.h"
47 #endif
48 
50 #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
51 
52 #define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
53 
54 #define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
55 
56 #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
57 
58 #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
60 #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
61 #define MBEDTLS_CTR_DRBG_KEYSIZE 16
62 
67 #else
68 #define MBEDTLS_CTR_DRBG_KEYSIZE 32
69 
74 #endif
75 
76 #define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8)
77 #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE)
92 #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
93 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
94 
96 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
97 
98 #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
99 
102 #if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
103 
106 #endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
107 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
108 #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
109 #endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
110 
111 #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
112 #define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
113 
114 #endif
115 
116 #if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
117 #define MBEDTLS_CTR_DRBG_MAX_INPUT 256
118 
119 #endif
120 
121 #if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
122 #define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
123 
124 #endif
125 
126 #if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
127 #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
128 
129 #endif
130 
133 #define MBEDTLS_CTR_DRBG_PR_OFF 0
134 
135 #define MBEDTLS_CTR_DRBG_PR_ON 1
136 
138 #ifdef __cplusplus
139 extern "C" {
140 #endif
141 
142 #if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
143 
149 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
150 #else
151 
157 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
158 #endif
159 
160 #if !defined(MBEDTLS_AES_C)
161 typedef struct mbedtls_ctr_drbg_psa_context {
162  mbedtls_svc_key_id_t key_id;
163  psa_cipher_operation_t operation;
164 } mbedtls_ctr_drbg_psa_context;
165 #endif
166 
170 typedef struct mbedtls_ctr_drbg_context {
171  unsigned char MBEDTLS_PRIVATE(counter)[16];
172  int MBEDTLS_PRIVATE(reseed_counter);
182  int MBEDTLS_PRIVATE(prediction_resistance);
186  size_t MBEDTLS_PRIVATE(entropy_len);
188  int MBEDTLS_PRIVATE(reseed_interval);
192 #if defined(MBEDTLS_AES_C)
194 #else
195  mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx);
196 #endif
197 
198  /*
199  * Callbacks (Entropy)
200  */
201  int(*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
204  void *MBEDTLS_PRIVATE(p_entropy);
206 #if defined(MBEDTLS_THREADING_C)
207  /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
208  * This means that the mutex is initialized during the initial seeding
209  * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
210  *
211  * Note that this invariant may change without notice. Do not rely on it
212  * and do not access the mutex directly in application code.
213  */
215 #endif
216 }
218 
232 
266 #if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
267 
271 #else
272 
277 #endif
278 #if defined(MBEDTLS_THREADING_C)
279 
286 #endif /* MBEDTLS_THREADING_C */
287 
333  int (*f_entropy)(void *, unsigned char *, size_t),
334  void *p_entropy,
335  const unsigned char *custom,
336  size_t len);
337 
345 
360  int resistance);
361 
387  size_t len);
388 
409  size_t len);
410 
424  int interval);
425 
447  const unsigned char *additional, size_t len);
448 
470  const unsigned char *additional,
471  size_t add_len);
472 
504 int mbedtls_ctr_drbg_random_with_add(void *p_rng,
505  unsigned char *output, size_t output_len,
506  const unsigned char *additional, size_t add_len);
507 
514 #if defined(MBEDTLS_THREADING_C)
515 
521 #endif /* MBEDTLS_THREADING_C */
522 
532 int mbedtls_ctr_drbg_random(void *p_rng,
533  unsigned char *output, size_t output_len);
534 
535 #if defined(MBEDTLS_FS_IO)
536 
548 
564 #endif /* MBEDTLS_FS_IO */
565 
566 #if defined(MBEDTLS_SELF_TEST)
567 
574 int mbedtls_ctr_drbg_self_test(int verbose);
575 
576 #endif /* MBEDTLS_SELF_TEST */
577 
578 #ifdef __cplusplus
579 }
580 #endif
581 
582 #endif /* ctr_drbg.h */
The CTR_DRBG context structure.
Definition: ctr_drbg.h:170
int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
This function updates the state of the CTR_DRBG context.
void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
This function resets CTR_DRBG context to the state immediately after initial call of mbedtls_ctr_drbg...
Platform Security Architecture cryptography module.
void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)
This function initializes the CTR_DRBG context, and prepares it for mbedtls_ctr_drbg_seed() or mbedtl...
#define MBEDTLS_PRIVATE(member)
int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output, size_t output_len)
This function uses CTR_DRBG to generate random data.
int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path)
This function writes a seed file.
void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, int interval)
This function sets the reseed interval.
Entropy accumulator implementation.
void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, int resistance)
This function turns prediction resistance on or off. The default value is off.
int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len)
This function reseeds the CTR_DRBG context, that is extracts data from the entropy source...
Threading abstraction layer.
int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path)
This function reads and updates a seed file. The seed is added to this instance.
int mbedtls_ctr_drbg_random_with_add(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len)
This function updates a CTR_DRBG instance with additional data and uses it to generate random data...
void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, size_t len)
This function sets the amount of entropy grabbed on each seed or reseed.
This file contains AES definitions and functions.
Macro wrapper for struct's members.
int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, size_t len)
This function sets the amount of entropy grabbed as a nonce for the initial seeding.
struct mbedtls_ctr_drbg_context mbedtls_ctr_drbg_context
The CTR_DRBG context structure.
int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, int(*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len)
This function seeds and sets up the CTR_DRBG entropy source for future reseeds.
Build-time configuration info.
int mbedtls_ctr_drbg_self_test(int verbose)
The CTR_DRBG checkup routine.