Mbed TLS v3.6.0
Loading...
Searching...
No Matches
ctr_drbg.h
Go to the documentation of this file.
1
24/*
25 * Copyright The Mbed TLS Contributors
26 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
27 */
28
29#ifndef MBEDTLS_CTR_DRBG_H
30#define MBEDTLS_CTR_DRBG_H
32
33#include "mbedtls/build_info.h"
34
35/* In case AES_C is defined then it is the primary option for backward
36 * compatibility purposes. If that's not available, PSA is used instead */
37#if defined(MBEDTLS_AES_C)
38#include "mbedtls/aes.h"
39#else
40#include "psa/crypto.h"
41#endif
42
43#include "entropy.h"
44
45#if defined(MBEDTLS_THREADING_C)
46#include "mbedtls/threading.h"
47#endif
48
50#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
52#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
54#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
56#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
57
58#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
60#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
61#define MBEDTLS_CTR_DRBG_KEYSIZE 16
67#else
68#define MBEDTLS_CTR_DRBG_KEYSIZE 32
74#endif
75
76#define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8)
77#define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE)
92#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
93#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
96#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
97
98#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
99
102#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
106#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
107#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
108#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
109#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
110
111#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
112#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
114#endif
115
116#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
117#define MBEDTLS_CTR_DRBG_MAX_INPUT 256
119#endif
120
121#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
122#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
124#endif
125
126#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
127#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
129#endif
130
133#define MBEDTLS_CTR_DRBG_PR_OFF 0
135#define MBEDTLS_CTR_DRBG_PR_ON 1
138#ifdef __cplusplus
139extern "C" {
140#endif
141
142#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
149#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
150#else
157#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
158#endif
159
160#if !defined(MBEDTLS_AES_C)
161typedef struct mbedtls_ctr_drbg_psa_context {
163 psa_cipher_operation_t operation;
164} mbedtls_ctr_drbg_psa_context;
165#endif
166
171 unsigned char MBEDTLS_PRIVATE(counter)[16];
172 int MBEDTLS_PRIVATE(reseed_counter);
182 int MBEDTLS_PRIVATE(prediction_resistance);
186 size_t MBEDTLS_PRIVATE(entropy_len);
188 int MBEDTLS_PRIVATE(reseed_interval);
192#if defined(MBEDTLS_AES_C)
194#else
195 mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx);
196#endif
197
198 /*
199 * Callbacks (Entropy)
200 */
201 int(*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
204 void *MBEDTLS_PRIVATE(p_entropy);
206#if defined(MBEDTLS_THREADING_C)
207 /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
208 * This means that the mutex is initialized during the initial seeding
209 * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
210 *
211 * Note that this invariant may change without notice. Do not rely on it
212 * and do not access the mutex directly in application code.
213 */
215#endif
216}
218
232
266#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
271#else
277#endif
278#if defined(MBEDTLS_THREADING_C)
286#endif /* MBEDTLS_THREADING_C */
333 int (*f_entropy)(void *, unsigned char *, size_t),
334 void *p_entropy,
335 const unsigned char *custom,
336 size_t len);
337
345
360 int resistance);
361
387 size_t len);
388
409 size_t len);
410
424 int interval);
425
447 const unsigned char *additional, size_t len);
448
470 const unsigned char *additional,
471 size_t add_len);
472
505 unsigned char *output, size_t output_len,
506 const unsigned char *additional, size_t add_len);
507
514#if defined(MBEDTLS_THREADING_C)
521#endif /* MBEDTLS_THREADING_C */
533 unsigned char *output, size_t output_len);
534
535#if defined(MBEDTLS_FS_IO)
548
564#endif /* MBEDTLS_FS_IO */
565
566#if defined(MBEDTLS_SELF_TEST)
567
575
576#endif /* MBEDTLS_SELF_TEST */
577
578#ifdef __cplusplus
579}
580#endif
581
582#endif /* ctr_drbg.h */
This file contains AES definitions and functions.
Platform Security Architecture cryptography module.
int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, size_t len)
This function sets the amount of entropy grabbed as a nonce for the initial seeding.
int mbedtls_ctr_drbg_random_with_add(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len)
This function updates a CTR_DRBG instance with additional data and uses it to generate random data.
void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
This function resets CTR_DRBG context to the state immediately after initial call of mbedtls_ctr_drbg...
int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path)
This function reads and updates a seed file. The seed is added to this instance.
int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len)
This function reseeds the CTR_DRBG context, that is extracts data from the entropy source.
int mbedtls_ctr_drbg_self_test(int verbose)
The CTR_DRBG checkup routine.
void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)
This function initializes the CTR_DRBG context, and prepares it for mbedtls_ctr_drbg_seed() or mbedtl...
int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
This function updates the state of the CTR_DRBG context.
int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, int(*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len)
This function seeds and sets up the CTR_DRBG entropy source for future reseeds.
void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, int resistance)
This function turns prediction resistance on or off. The default value is off.
void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, int interval)
This function sets the reseed interval.
void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, size_t len)
This function sets the amount of entropy grabbed on each seed or reseed.
int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output, size_t output_len)
This function uses CTR_DRBG to generate random data.
int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path)
This function writes a seed file.
Entropy accumulator implementation.
psa_key_id_t mbedtls_svc_key_id_t
Build-time configuration info.
Macro wrapper for struct's members.
#define MBEDTLS_PRIVATE(member)
The AES context-type definition.
Definition aes.h:63
The CTR_DRBG context structure.
Definition ctr_drbg.h:170
Threading abstraction layer.