[thirdparty/openssl.git] / include / internal / rand.h

/*
 * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#ifndef HEADER_DRBG_RAND_H
# define HEADER_DRBG_RAND_H

/* In CTR mode, disable derivation function ctr_df */
#define RAND_DRBG_FLAG_CTR_NO_DF            0x1

/*
 * Default security strength (in the sense of [NIST SP 800-90Ar1])
 *
 * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
 * of the cipher by collecting less entropy. The current DRBG implemantion does
 * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
 * to that of the cipher.
 *
 * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
 * implementation.
 *
 * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
 * NID_aes_256_ctr
 *
 * TODO(DRBG): would be nice to have the NID and strength configurable
 */
# define RAND_DRBG_STRENGTH             256
# define RAND_DRBG_NID                  NID_aes_256_ctr

/*
 * Object lifetime functions.
 */
RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
int RAND_DRBG_instantiate(RAND_DRBG *drbg,
                          const unsigned char *pers, size_t perslen);
int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
void RAND_DRBG_free(RAND_DRBG *drbg);

/*
 * Object "use" functions.
 */
int RAND_DRBG_reseed(RAND_DRBG *drbg,
                     const unsigned char *adin, size_t adinlen);
int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
                       int prediction_resistance,
                       const unsigned char *adin, size_t adinlen);
int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);

int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);

int RAND_DRBG_set_reseed_defaults(
                                  unsigned int master_reseed_interval,
                                  unsigned int slave_reseed_interval,
                                  time_t master_reseed_time_interval,
                                  time_t slave_reseed_time_interval
                                  );

RAND_DRBG *RAND_DRBG_get0_master(void);
RAND_DRBG *RAND_DRBG_get0_public(void);
RAND_DRBG *RAND_DRBG_get0_private(void);

/*
 * EXDATA
 */
#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg);
void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx);

/*
 * Callback functions.  See comments in drbg_lib.c
 */
typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
                                           unsigned char **pout,
                                           int entropy, size_t min_len,
                                           size_t max_len);
typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
                                             unsigned char *out, size_t outlen);
typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout,
                                         int entropy, size_t min_len,
                                         size_t max_len);
typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx,
                                           unsigned char *out, size_t outlen);

int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
                            RAND_DRBG_get_entropy_fn get_entropy,
                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
                            RAND_DRBG_get_nonce_fn get_nonce,
                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);

/*
 * RAND_POOL functions
 */
RAND_POOL *RAND_POOL_new(int entropy_requested, size_t min_len, size_t max_len);
void RAND_POOL_free(RAND_POOL *pool);

const unsigned char *RAND_POOL_buffer(RAND_POOL *pool);
unsigned char *RAND_POOL_detach(RAND_POOL *pool);

size_t RAND_POOL_entropy(RAND_POOL *pool);
size_t RAND_POOL_length(RAND_POOL *pool);

size_t RAND_POOL_entropy_available(RAND_POOL *pool);
size_t RAND_POOL_entropy_needed(RAND_POOL *pool);
size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
size_t RAND_POOL_bytes_remaining(RAND_POOL *pool);

size_t RAND_POOL_add(RAND_POOL *pool,
                     const unsigned char *buffer, size_t len, size_t entropy);
unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len);
size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy);


/*
 * Add random bytes to the pool to acquire requested amount of entropy
 *
 * This function is platform specific and tries to acquire the requested
 * amount of entropy by polling platform specific entropy sources.
 *
 * If the function succeeds in acquiring at least |entropy_requested| bits
 * of entropy, the total entropy count is returned. If it fails, it returns
 * an entropy count of 0.
 */
size_t RAND_POOL_acquire_entropy(RAND_POOL *pool);
#endif
Commit	Line	Data
12fb8c3d	1	/*
6738bf14	2	* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
12fb8c3d RS	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#ifndef HEADER_DRBG_RAND_H
	11	# define HEADER_DRBG_RAND_H
	12
8164d91d DMSP	13	/* In CTR mode, disable derivation function ctr_df */
8164d91d DMSP	14	#define RAND_DRBG_FLAG_CTR_NO_DF 0x1
12fb8c3d	15
c16de9d8 DMSP	16	/*
c16de9d8 DMSP	17	* Default security strength (in the sense of [NIST SP 800-90Ar1])
c16de9d8	18	*
32bda2b2 KR	19	* NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
	20	* of the cipher by collecting less entropy. The current DRBG implemantion does
	21	* not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
	22	* to that of the cipher.
c16de9d8	23	*
32bda2b2 KR	24	* RAND_DRBG_STRENGTH is currently only used for the legacy RAND
	25	* implementation.
	26	*
	27	* Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
	28	* NID_aes_256_ctr
	29	*
	30	* TODO(DRBG): would be nice to have the NID and strength configurable
c16de9d8	31	*/
32bda2b2 KR	32	# define RAND_DRBG_STRENGTH 256
32bda2b2 KR	33	# define RAND_DRBG_NID NID_aes_256_ctr
c16de9d8	34
75e2c877 RS	35	/*
	36	* Object lifetime functions.
	37	*/
	38	RAND_DRBG RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG parent);
4f9dabbf	39	RAND_DRBG RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG parent);
75e2c877 RS	40	int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
75e2c877 RS	41	int RAND_DRBG_instantiate(RAND_DRBG *drbg,
12fb8c3d	42	const unsigned char *pers, size_t perslen);
75e2c877 RS	43	int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
	44	void RAND_DRBG_free(RAND_DRBG *drbg);
	45
	46	/*
	47	* Object "use" functions.
	48	*/
	49	int RAND_DRBG_reseed(RAND_DRBG *drbg,
	50	const unsigned char *adin, size_t adinlen);
	51	int RAND_DRBG_generate(RAND_DRBG drbg, unsigned char out, size_t outlen,
12fb8c3d RS	52	int prediction_resistance,
12fb8c3d RS	53	const unsigned char *adin, size_t adinlen);
20928ff6 KR	54	int RAND_DRBG_bytes(RAND_DRBG drbg, unsigned char out, size_t outlen);
20928ff6 KR	55
a93ba405	56	int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
08a65d96	57	int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
a93ba405	58
4917e911 DMSP	59	int RAND_DRBG_set_reseed_defaults(
	60	unsigned int master_reseed_interval,
	61	unsigned int slave_reseed_interval,
	62	time_t master_reseed_time_interval,
	63	time_t slave_reseed_time_interval
	64	);
	65
a93ba405 DMSP	66	RAND_DRBG *RAND_DRBG_get0_master(void);
	67	RAND_DRBG *RAND_DRBG_get0_public(void);
	68	RAND_DRBG *RAND_DRBG_get0_private(void);
75e2c877 RS	69
	70	/*
	71	* EXDATA
	72	*/
	73	#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
	74	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
	75	int RAND_DRBG_set_ex_data(RAND_DRBG dctx, int idx, void arg);
	76	void RAND_DRBG_get_ex_data(const RAND_DRBG dctx, int idx);
12fb8c3d	77
75e2c877 RS	78	/*
	79	* Callback functions. See comments in drbg_lib.c
	80	*/
	81	typedef size_t (RAND_DRBG_get_entropy_fn)(RAND_DRBG ctx,
	82	unsigned char **pout,
16960a9b BK	83	int entropy, size_t min_len,
16960a9b BK	84	size_t max_len);
75e2c877	85	typedef void (RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG ctx,
6969a3f4	86	unsigned char *out, size_t outlen);
75e2c877	87	typedef size_t (RAND_DRBG_get_nonce_fn)(RAND_DRBG ctx, unsigned char **pout,
16960a9b BK	88	int entropy, size_t min_len,
16960a9b BK	89	size_t max_len);
6969a3f4 DMSP	90	typedef void (RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG ctx,
6969a3f4 DMSP	91	unsigned char *out, size_t outlen);
16960a9b	92
75e2c877	93	int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
16960a9b BK	94	RAND_DRBG_get_entropy_fn get_entropy,
	95	RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
	96	RAND_DRBG_get_nonce_fn get_nonce,
	97	RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
12fb8c3d	98
c16de9d8 DMSP	99	/*
	100	* RAND_POOL functions
	101	*/
	102	RAND_POOL *RAND_POOL_new(int entropy_requested, size_t min_len, size_t max_len);
	103	void RAND_POOL_free(RAND_POOL *pool);
	104
	105	const unsigned char RAND_POOL_buffer(RAND_POOL pool);
	106	unsigned char RAND_POOL_detach(RAND_POOL pool);
	107
	108	size_t RAND_POOL_entropy(RAND_POOL *pool);
	109	size_t RAND_POOL_length(RAND_POOL *pool);
	110
	111	size_t RAND_POOL_entropy_available(RAND_POOL *pool);
	112	size_t RAND_POOL_entropy_needed(RAND_POOL *pool);
	113	size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
	114	size_t RAND_POOL_bytes_remaining(RAND_POOL *pool);
	115
	116	size_t RAND_POOL_add(RAND_POOL *pool,
	117	const unsigned char *buffer, size_t len, size_t entropy);
	118	unsigned char RAND_POOL_add_begin(RAND_POOL pool, size_t len);
	119	size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy);
	120
	121
	122	/*
	123	* Add random bytes to the pool to acquire requested amount of entropy
	124	*
	125	* This function is platform specific and tries to acquire the requested
	126	* amount of entropy by polling platform specific entropy sources.
	127	*
	128	* If the function succeeds in acquiring at least \|entropy_requested\| bits
	129	* of entropy, the total entropy count is returned. If it fails, it returns
	130	* an entropy count of 0.
	131	*/
	132	size_t RAND_POOL_acquire_entropy(RAND_POOL *pool);
12fb8c3d	133	#endif