Mbed TLS v3.6.3
ctr_drbg.h
Go to the documentation of this file.
1 
24 /*
25  * Copyright The Mbed TLS Contributors
26  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
27  */
28 
29 #ifndef MBEDTLS_CTR_DRBG_H
30 #define MBEDTLS_CTR_DRBG_H
31 #include "mbedtls/private_access.h"
32 
33 #include "mbedtls/build_info.h"
34 
35 /* The CTR_DRBG implementation can either directly call the low-level AES
36  * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES
37  * operations. Calling the AES module directly is the default, both for
38  * maximum backward compatibility and because it's a bit more efficient
39  * (less glue code).
40  *
41  * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and
42  * thus benefits from the PSA AES accelerator driver.
43  * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO
44  * to use PSA even when MBEDTLS_AES_C is enabled, but there is very little
45  * reason to do so other than testing purposes and this is not officially
46  * supported.
47  */
48 #if !defined(MBEDTLS_AES_C)
49 #define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO
50 #endif
51 
52 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
53 #include "psa/crypto.h"
54 #else
55 #include "mbedtls/aes.h"
56 #endif
57 
58 #include "entropy.h"
59 
60 #if defined(MBEDTLS_THREADING_C)
61 #include "mbedtls/threading.h"
62 #endif
63 
65 #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
67 #define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
69 #define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
71 #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
72 
73 #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
75 #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
76 #define MBEDTLS_CTR_DRBG_KEYSIZE 16
82 #else
83 #define MBEDTLS_CTR_DRBG_KEYSIZE 32
89 #endif
90 
91 #define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8)
92 #define MBEDTLS_CTR_DRBG_SEEDLEN (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE)
107 #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
108 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
111 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
112 
113 #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
114 
117 #if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
121 #endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
122 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
123 #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
124 #endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
125 
126 #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
127 #define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
129 #endif
130 
131 #if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
132 #define MBEDTLS_CTR_DRBG_MAX_INPUT 256
134 #endif
135 
136 #if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
137 #define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
139 #endif
140 
141 #if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
142 #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
144 #endif
145 
148 #define MBEDTLS_CTR_DRBG_PR_OFF 0
150 #define MBEDTLS_CTR_DRBG_PR_ON 1
153 #ifdef __cplusplus
154 extern "C" {
155 #endif
156 
157 #if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
164 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
165 #else
172 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
173 #endif
174 
175 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
176 typedef struct mbedtls_ctr_drbg_psa_context {
177  mbedtls_svc_key_id_t key_id;
178  psa_cipher_operation_t operation;
179 } mbedtls_ctr_drbg_psa_context;
180 #endif
181 
185 typedef struct mbedtls_ctr_drbg_context {
186  unsigned char MBEDTLS_PRIVATE(counter)[16];
187  int MBEDTLS_PRIVATE(reseed_counter);
197  int MBEDTLS_PRIVATE(prediction_resistance);
201  size_t MBEDTLS_PRIVATE(entropy_len);
203  int MBEDTLS_PRIVATE(reseed_interval);
207 #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
208  mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx);
209 #else
211 #endif
212 
213  /*
214  * Callbacks (Entropy)
215  */
216  int(*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
219  void *MBEDTLS_PRIVATE(p_entropy);
221 #if defined(MBEDTLS_THREADING_C)
222  /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
223  * This means that the mutex is initialized during the initial seeding
224  * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
225  *
226  * Note that this invariant may change without notice. Do not rely on it
227  * and do not access the mutex directly in application code.
228  */
230 #endif
231 }
233 
247 
281 #if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
286 #else
292 #endif
293 #if defined(MBEDTLS_THREADING_C)
301 #endif /* MBEDTLS_THREADING_C */
348  int (*f_entropy)(void *, unsigned char *, size_t),
349  void *p_entropy,
350  const unsigned char *custom,
351  size_t len);
352 
360 
375  int resistance);
376 
402  size_t len);
403 
424  size_t len);
425 
439  int interval);
440 
462  const unsigned char *additional, size_t len);
463 
485  const unsigned char *additional,
486  size_t add_len);
487 
520  unsigned char *output, size_t output_len,
521  const unsigned char *additional, size_t add_len);
522 
529 #if defined(MBEDTLS_THREADING_C)
536 #endif /* MBEDTLS_THREADING_C */
547 int mbedtls_ctr_drbg_random(void *p_rng,
548  unsigned char *output, size_t output_len);
549 
550 #if defined(MBEDTLS_FS_IO)
563 
579 #endif /* MBEDTLS_FS_IO */
580 
581 #if defined(MBEDTLS_SELF_TEST)
582 
589 int mbedtls_ctr_drbg_self_test(int verbose);
590 
591 #endif /* MBEDTLS_SELF_TEST */
592 
593 #ifdef __cplusplus
594 }
595 #endif
596 
597 #endif /* ctr_drbg.h */
This file contains AES definitions and functions.
Platform Security Architecture cryptography module.
int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, size_t len)
This function sets the amount of entropy grabbed as a nonce for the initial seeding.
int mbedtls_ctr_drbg_random_with_add(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len)
This function updates a CTR_DRBG instance with additional data and uses it to generate random data.
void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
This function resets CTR_DRBG context to the state immediately after initial call of mbedtls_ctr_drbg...
int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path)
This function reads and updates a seed file. The seed is added to this instance.
int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len)
This function reseeds the CTR_DRBG context, that is extracts data from the entropy source.
struct mbedtls_ctr_drbg_context mbedtls_ctr_drbg_context
The CTR_DRBG context structure.
int mbedtls_ctr_drbg_self_test(int verbose)
The CTR_DRBG checkup routine.
void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)
This function initializes the CTR_DRBG context, and prepares it for mbedtls_ctr_drbg_seed() or mbedtl...
int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
This function updates the state of the CTR_DRBG context.
int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, int(*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len)
This function seeds and sets up the CTR_DRBG entropy source for future reseeds.
void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, int resistance)
This function turns prediction resistance on or off. The default value is off.
void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, int interval)
This function sets the reseed interval.
void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, size_t len)
This function sets the amount of entropy grabbed on each seed or reseed.
int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output, size_t output_len)
This function uses CTR_DRBG to generate random data.
int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path)
This function writes a seed file.
Entropy accumulator implementation.
psa_key_id_t mbedtls_svc_key_id_t
Definition: crypto_types.h:292
Build-time configuration info.
Macro wrapper for struct's members.
#define MBEDTLS_PRIVATE(member)
The AES context-type definition.
Definition: aes.h:63
The CTR_DRBG context structure.
Definition: ctr_drbg.h:185
Threading abstraction layer.