include/openssl/rand_drbg.h

   1 /*
   2  * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef HEADER_DRBG_RAND_H
  11 # define HEADER_DRBG_RAND_H
  12
  13 # include <time.h>
  14 # include <openssl/ossl_typ.h>
  15
  16 /*
  17  * RAND_DRBG  flags
  18  *
  19  * Note: if new flags are added, the constant `rand_drbg_used_flags`
  20  *       in drbg_lib.c needs to be updated accordingly.
  21  */
  22
  23 /* In CTR mode, disable derivation function ctr_df */
  24 # define RAND_DRBG_FLAG_CTR_NO_DF            0x1
  25 /*
  26  * This flag is only used when a digest NID is specified (i.e: not a CTR cipher)
  27  * Selects DRBG_HMAC if this is set otherwise use DRBG_HASH.
  28  */
  29 # define RAND_DRBG_FLAG_HMAC                 0x2
  30
  31 /* Used by RAND_DRBG_set_defaults() to set the master DRBG type and flags. */
  32 # define RAND_DRBG_FLAG_MASTER               0x4
  33 /* Used by RAND_DRBG_set_defaults() to set the public DRBG type and flags. */
  34 # define RAND_DRBG_FLAG_PUBLIC               0x8
  35 /* Used by RAND_DRBG_set_defaults() to set the private DRBG type and flags. */
  36 # define RAND_DRBG_FLAG_PRIVATE              0x10
  37
  38 # if OPENSSL_API_COMPAT < 0x10200000L
  39 /* This #define was replaced by an internal constant and should not be used. */
  40 #  define RAND_DRBG_USED_FLAGS  (RAND_DRBG_FLAG_CTR_NO_DF)
  41 # endif
  42
  43 /*
  44  * Default security strength (in the sense of [NIST SP 800-90Ar1])
  45  *
  46  * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
  47  * of the cipher by collecting less entropy. The current DRBG implementation
  48  * does not take RAND_DRBG_STRENGTH into account and sets the strength of the
  49  * DRBG to that of the cipher.
  50  *
  51  * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
  52  * implementation.
  53  *
  54  * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
  55  * NID_aes_256_ctr.
  56  * The digest types for DRBG_hash or DRBG_hmac are: NID_sha1, NID_sha224,
  57  * NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256,
  58  * NID_sha3_224, NID_sha3_256, NID_sha3_384 and NID_sha3_512.
  59  */
  60 # define RAND_DRBG_STRENGTH             256
  61 /* Default drbg type */
  62 # define RAND_DRBG_TYPE                 NID_aes_256_ctr
  63 /* Default drbg flags */
  64 # define RAND_DRBG_FLAGS                0
  65
  66
  67 # ifdef  __cplusplus
  68 extern "C" {
  69 # endif
  70
  71 /*
  72  * Object lifetime functions.
  73  */
  74 RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
  75 RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
  76 int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
  77 int RAND_DRBG_set_defaults(int type, unsigned int flags);
  78 int RAND_DRBG_instantiate(RAND_DRBG *drbg,
  79                           const unsigned char *pers, size_t perslen);
  80 int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
  81 void RAND_DRBG_free(RAND_DRBG *drbg);
  82
  83 /*
  84  * Object "use" functions.
  85  */
  86 int RAND_DRBG_reseed(RAND_DRBG *drbg,
  87                      const unsigned char *adin, size_t adinlen,
  88                      int prediction_resistance);
  89 int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
  90                        int prediction_resistance,
  91                        const unsigned char *adin, size_t adinlen);
  92 int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
  93
  94 int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
  95 int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
  96
  97 int RAND_DRBG_set_reseed_defaults(
  98                                   unsigned int master_reseed_interval,
  99                                   unsigned int slave_reseed_interval,
 100                                   time_t master_reseed_time_interval,
 101                                   time_t slave_reseed_time_interval
 102                                   );
 103
 104 RAND_DRBG *RAND_DRBG_get0_master(void);
 105 RAND_DRBG *RAND_DRBG_get0_public(void);
 106 RAND_DRBG *RAND_DRBG_get0_private(void);
 107
 108 /*
 109  * EXDATA
 110  */
 111 # define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
 112     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
 113 int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg);
 114 void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx);
 115
 116 /*
 117  * Callback function typedefs
 118  */
 119 typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg,
 120                                            unsigned char **pout,
 121                                            int entropy, size_t min_len,
 122                                            size_t max_len,
 123                                            int prediction_resistance);
 124 typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
 125                                              unsigned char *out, size_t outlen);
 126 typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout,
 127                                          int entropy, size_t min_len,
 128                                          size_t max_len);
 129 typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg,
 130                                            unsigned char *out, size_t outlen);
 131
 132 int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
 133                             RAND_DRBG_get_entropy_fn get_entropy,
 134                             RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
 135                             RAND_DRBG_get_nonce_fn get_nonce,
 136                             RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
 137
 138
 139 # ifdef  __cplusplus
 140 }
 141 # endif
 142
 143 #endif