TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fe34a5fb832defac003841502fbb343299b2594f / . / include / polarssl / hmac_drbg.h
blob: 54aa9a4080ecbec6c0c72643fceb720f1c1dc4e8 [file] [log] [blame]
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]1/**
2 * \file hmac_drbg.h
3 *
4 * \brief HMAC_DRBG (NIST SP 800-90A)
5 *
6 * Copyright (C) 2014, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27#ifndef POLARSSL_HMAC_DRBG_H
28#define POLARSSL_HMAC_DRBG_H
29
30#include "md.h"
31
Manuel Pégourié-Gonnardfe34a5f2014-01-30 15:06:40 +0100[diff] [blame^]32/*
33 * ! Same values as ctr_drbg.h !
34 */
35#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
36#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */
37#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */
38#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR -0x003A /**< Read/write error in file. */
39
40#define HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
41#define HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
42#define HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
43#define HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
44
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]45#ifdef __cplusplus
46extern "C" {
47#endif
48
Manuel Pégourié-Gonnardfe34a5f2014-01-30 15:06:40 +0100[diff] [blame^]49/**
50 * HMAC_DRBG context.
51 * TODO: reseed counter, prediction resistance flag.
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]52 */
53typedef struct
54{
55 md_context_t md_ctx;
56 unsigned char V[POLARSSL_MD_MAX_SIZE];
57 unsigned char K[POLARSSL_MD_MAX_SIZE];
Manuel Pégourié-Gonnardfe34a5f2014-01-30 15:06:40 +0100[diff] [blame^]58
59 size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */
60
61 /*
62 * Callbacks (Entropy)
63 */
64 int (*f_entropy)(void *, unsigned char *, size_t);
65 void *p_entropy; /*!< context for the entropy function */
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]66} hmac_drbg_context;
67
68/**
69 * \brief HMAC_DRBG initialisation
70 *
71 * \param ctx HMAC_DRBG context to be initialised
72 * \param md_info MD algorithm to use for HMAC_DRBG
Manuel Pégourié-Gonnardfe34a5f2014-01-30 15:06:40 +0100[diff] [blame^]73 * \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
74 * length)
75 * \param p_entropy Entropy context
76 * \param custom Personalization data (Device specific identifiers)
77 * (Can be NULL)
78 * \param len Length of personalization data
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]79 *
Manuel Pégourié-Gonnardfe34a5f2014-01-30 15:06:40 +0100[diff] [blame^]80 * \note The "security strength" as defined by NIST is set to:
81 * 128 bits if md_alg is SHA-1,
82 * 192 bits if md_alg is SHA-224,
83 * 256 bits if md_alg is SHA-256 or higher.
84 * Note that SHA-256 is just as efficient as SHA-224.
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]85 *
86 * \return 0 if successful, or
87 * POLARSSL_ERR_MD_BAD_INPUT_DATA, or
Manuel Pégourié-Gonnardfe34a5f2014-01-30 15:06:40 +0100[diff] [blame^]88 * POLARSSL_ERR_MD_ALLOC_FAILED, or
89 * POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED.
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]90 */
91int hmac_drbg_init( hmac_drbg_context *ctx,
92 const md_info_t * md_info,
Manuel Pégourié-Gonnardfe34a5f2014-01-30 15:06:40 +0100[diff] [blame^]93 int (*f_entropy)(void *, unsigned char *, size_t),
94 void *p_entropy,
95 const unsigned char *custom,
96 size_t len );
97
98/**
99 * \brief Simplified HMAC_DRBG initialisation.
100 * (For use with deterministic ECDSA.)
101 *
102 * \param ctx HMAC_DRBG context to be initialised
103 * \param md_info MD algorithm to use for HMAC_DRBG
104 * \param data Concatenation of entropy string and additional data
105 * \param data_len Length of data in bytes
106 *
107 * \return 0 if successful, or
108 * POLARSSL_ERR_MD_BAD_INPUT_DATA, or
109 * POLARSSL_ERR_MD_ALLOC_FAILED.
110 */
111int hmac_drbg_init_buf( hmac_drbg_context *ctx,
112 const md_info_t * md_info,
113 const unsigned char *data, size_t data_len );
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]114
115/**
116 * \brief HMAC_DRBG update state
117 *
118 * \param ctx HMAC_DRBG context
119 * \param additional Additional data to update state with, or NULL
120 * \param add_len Length of additional data, or 0
121 *
122 * \note Additional data is optional, pass NULL and 0 as second
123 * third argument if no additional data is being used.
124 */
125void hmac_drbg_update( hmac_drbg_context *ctx,
126 const unsigned char *additional, size_t add_len );
127
128/**
Manuel Pégourié-Gonnard8208d162014-01-30 12:19:26 +0100[diff] [blame]129 * \brief HMAC_DRBG generate random with additional update input
130 *
131 * Note: Automatically reseeds if reseed_counter is reached.
132 *
133 * \param p_rng HMAC_DRBG context
134 * \param output Buffer to fill
135 * \param output_len Length of the buffer
136 * \param additional Additional data to update with (can be NULL)
137 * \param add_len Length of additional data (can be 0)
138 *
139 * \return 0 if successful, or
140 * TODO: POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
141 * TODO: POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG
142 */
143int hmac_drbg_random_with_add( void *p_rng,
144 unsigned char *output, size_t output_len,
145 const unsigned char *additional,
146 size_t add_len );
147
148/**
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]149 * \brief HMAC_DRBG generate random
150 *
Manuel Pégourié-Gonnard8208d162014-01-30 12:19:26 +0100[diff] [blame]151 * Note: Automatically reseeds if reseed_counter is reached.
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]152 *
153 * \param p_rng HMAC_DRBG context
154 * \param output Buffer to fill
155 * \param output_len Length of the buffer
156 *
Manuel Pégourié-Gonnard8208d162014-01-30 12:19:26 +0100[diff] [blame]157 * \return 0 if successful, or
158 * TODO: POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
159 * TODO: POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG
Manuel Pégourié-Gonnard490bdf32014-01-27 14:03:10 +0100[diff] [blame]160 */
161int hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
162
163/**
164 * \brief Free an HMAC_DRBG context
165 *
166 * \param ctx HMAC_DRBG context to free.
167 */
168void hmac_drbg_free( hmac_drbg_context *ctx );
169
170
171#if defined(POLARSSL_SELF_TEST)
172/**
173 * \brief Checkup routine
174 *
175 * \return 0 if successful, or 1 if the test failed
176 */
177int hmac_drbg_self_test( int verbose );
178#endif
179
180#ifdef __cplusplus
181}
182#endif
183
184#endif /* hmac_drbg.h */