Add continuous RNG test to entropy source. Entropy callbacks now need

[openssl.git] / fips / rand / fips_rand_lcl.h

diff --git a/fips/rand/fips_rand_lcl.h b/fips/rand/fips_rand_lcl.h
index 72820bf784a7a03166b30b7ef3b8cd140dbf62d5..1f5b288f19df85207348011309647bf6f6da50a6 100644 (file)
--- a/fips/rand/fips_rand_lcl.h
+++ b/fips/rand/fips_rand_lcl.h
@@ -84,12 +84,8 @@ struct drbg_ctr_ctx_st
 
 /* DRBG flags */
 
-/* Enable prediction resistance */
-#define        DRBG_FLAG_PREDICTION_RESISTANCE 0x1
-/* CTR only: use derivation function */
-#define        DRBG_FLAG_CTR_USE_DF            0x2
-/* PRNG is in test state */
-#define        DRBG_FLAG_TEST                  0x4
+/* Functions shouldn't call err library */
+#define        DRBG_FLAG_NOERR                 0x4
 
 /* DRBG status values */
 /* not initialised */
@@ -101,13 +97,15 @@ struct drbg_ctr_ctx_st
 /* fatal error condition */
 #define DRBG_STATUS_ERROR              3
 
-/* Maximum values for temp entropy and nonce */
-#define DRBG_MAX_ENTROPY               1024
-#define DRBG_MAX_NONCE                 1024
-
 /* A default maximum length: larger than any reasonable value used in pratice */
 
-#define DRBG_MAX_LENGTH                        0x7fffffff
+#define DRBG_MAX_LENGTH                        0x7ffffff0
+/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
+ * so use max digest length.
+ */
+#define DRBG_MAX_BLOCK                 EVP_MAX_MD_SIZE
+
+#define DRBG_HEALTH_INTERVAL           (1 << 24)
 
 /* DRBG context structure */
 
@@ -118,6 +116,8 @@ struct drbg_ctx_st
        int type;
        /* Various flags */
        unsigned int flags;
+       /* Used for periodic health checks */
+       int health_check_cnt, health_check_interval;
 
        /* The following parameters are setup by mechanism drbg_init() call */
        int strength;
@@ -157,20 +157,39 @@ struct drbg_ctx_st
        /* uninstantiate */
        int (*uninstantiate)(DRBG_CTX *ctx);
 
-       unsigned char entropy[DRBG_MAX_ENTROPY];
+       /* Entropy source block length */
+       size_t entropy_blocklen;
 
        /* entropy gathering function */
-       size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
+       size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len);
-
-       unsigned char nonce[DRBG_MAX_NONCE];
+       /* Indicates we have finished with entropy buffer */
+       void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
 
        /* nonce gathering function */
-       size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
+       size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len);
-
+       /* Indicates we have finished with nonce buffer */
+       void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
+
+       /* Continuous random number test temporary area */
+       /* Last block */        
+       unsigned char lb[EVP_MAX_MD_SIZE];
+       /* set if lb is valid */
+       int lb_valid;
+
+       /* Callbacks used when called through RAND interface */
+       /* Get any additional input for generate */
+       size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
+       void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
+       /* Callback for RAND_seed(), RAND_add() */
+       int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
+       int (*rand_add_cb)(DRBG_CTX *ctx,
+                               const void *buf, int num, double entropy);
        };
 
 
 int fips_drbg_ctr_init(DRBG_CTX *dctx);
 int fips_drbg_hash_init(DRBG_CTX *dctx);
+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);