196 lines
6.7 KiB
C
196 lines
6.7 KiB
C
/* fips/rand/fips_rand_lcl.h */
|
|
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|
* project.
|
|
*/
|
|
/* ====================================================================
|
|
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
*
|
|
* 3. All advertising materials mentioning features or use of this
|
|
* software must display the following acknowledgment:
|
|
* "This product includes software developed by the OpenSSL Project
|
|
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|
*
|
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
* endorse or promote products derived from this software without
|
|
* prior written permission. For written permission, please contact
|
|
* licensing@OpenSSL.org.
|
|
*
|
|
* 5. Products derived from this software may not be called "OpenSSL"
|
|
* nor may "OpenSSL" appear in their names without prior written
|
|
* permission of the OpenSSL Project.
|
|
*
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
* acknowledgment:
|
|
* "This product includes software developed by the OpenSSL Project
|
|
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
* ====================================================================
|
|
*/
|
|
|
|
typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
|
|
typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
|
|
|
|
/* 888 bits from 10.1 table 2 */
|
|
#define HASH_PRNG_MAX_SEEDLEN 111
|
|
|
|
struct drbg_hash_ctx_st
|
|
{
|
|
const EVP_MD *md;
|
|
EVP_MD_CTX mctx;
|
|
unsigned char V[HASH_PRNG_MAX_SEEDLEN];
|
|
unsigned char C[HASH_PRNG_MAX_SEEDLEN];
|
|
/* Temporary value storage: should always exceed max digest length */
|
|
unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
|
|
};
|
|
|
|
struct drbg_ctr_ctx_st
|
|
{
|
|
AES_KEY ks;
|
|
size_t keylen;
|
|
unsigned char K[32];
|
|
unsigned char V[16];
|
|
/* Temp variables used by derivation function */
|
|
AES_KEY df_ks;
|
|
AES_KEY df_kxks;
|
|
/* Temporary block storage used by ctr_df */
|
|
unsigned char bltmp[16];
|
|
size_t bltmp_pos;
|
|
unsigned char KX[48];
|
|
};
|
|
|
|
/* DRBG flags */
|
|
|
|
/* Functions shouldn't call err library */
|
|
#define DRBG_FLAG_NOERR 0x4
|
|
|
|
/* DRBG status values */
|
|
/* not initialised */
|
|
#define DRBG_STATUS_UNINITIALISED 0
|
|
/* ok and ready to generate random bits */
|
|
#define DRBG_STATUS_READY 1
|
|
/* reseed required */
|
|
#define DRBG_STATUS_RESEED 2
|
|
/* fatal error condition */
|
|
#define DRBG_STATUS_ERROR 3
|
|
|
|
/* A default maximum length: larger than any reasonable value used in pratice */
|
|
|
|
#define DRBG_MAX_LENGTH 0x7ffffff0
|
|
/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
|
|
* so use max digest length.
|
|
*/
|
|
#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
|
|
|
|
#define DRBG_HEALTH_INTERVAL (1 << 24)
|
|
|
|
/* DRBG context structure */
|
|
|
|
struct drbg_ctx_st
|
|
{
|
|
/* First types common to all implementations */
|
|
/* DRBG type: a NID for the underlying algorithm */
|
|
int type;
|
|
/* Various flags */
|
|
unsigned int flags;
|
|
/* Used for periodic health checks */
|
|
int health_check_cnt, health_check_interval;
|
|
|
|
/* The following parameters are setup by mechanism drbg_init() call */
|
|
int strength;
|
|
size_t blocklength;
|
|
size_t max_request;
|
|
|
|
size_t min_entropy, max_entropy;
|
|
size_t min_nonce, max_nonce;
|
|
size_t max_pers, max_adin;
|
|
unsigned int reseed_counter;
|
|
unsigned int reseed_interval;
|
|
size_t seedlen;
|
|
int status;
|
|
/* Application data: typically used by test get_entropy */
|
|
void *app_data;
|
|
/* Implementation specific structures */
|
|
union
|
|
{
|
|
DRBG_HASH_CTX hash;
|
|
DRBG_CTR_CTX ctr;
|
|
} d;
|
|
/* Initialiase PRNG and setup callbacks below */
|
|
int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags);
|
|
/* Intantiate PRNG */
|
|
int (*instantiate)(DRBG_CTX *ctx,
|
|
const unsigned char *ent, size_t entlen,
|
|
const unsigned char *nonce, size_t noncelen,
|
|
const unsigned char *pers, size_t perslen);
|
|
/* reseed */
|
|
int (*reseed)(DRBG_CTX *ctx,
|
|
const unsigned char *ent, size_t entlen,
|
|
const unsigned char *adin, size_t adinlen);
|
|
/* generat output */
|
|
int (*generate)(DRBG_CTX *ctx,
|
|
unsigned char *out, size_t outlen,
|
|
const unsigned char *adin, size_t adinlen);
|
|
/* uninstantiate */
|
|
int (*uninstantiate)(DRBG_CTX *ctx);
|
|
|
|
/* Entropy source block length */
|
|
size_t entropy_blocklen;
|
|
|
|
/* entropy gathering function */
|
|
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
|
|
int entropy, size_t min_len, size_t max_len);
|
|
/* Indicates we have finished with entropy buffer */
|
|
void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
|
|
|
|
/* nonce gathering function */
|
|
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
|
|
int entropy, size_t min_len, size_t max_len);
|
|
/* Indicates we have finished with nonce buffer */
|
|
void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
|
|
|
|
/* Continuous random number test temporary area */
|
|
/* Last block */
|
|
unsigned char lb[EVP_MAX_MD_SIZE];
|
|
/* set if lb is valid */
|
|
int lb_valid;
|
|
|
|
/* Callbacks used when called through RAND interface */
|
|
/* Get any additional input for generate */
|
|
size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
|
|
void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
|
|
/* Callback for RAND_seed(), RAND_add() */
|
|
int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
|
|
int (*rand_add_cb)(DRBG_CTX *ctx,
|
|
const void *buf, int num, double entropy);
|
|
};
|
|
|
|
|
|
int fips_drbg_ctr_init(DRBG_CTX *dctx);
|
|
int fips_drbg_hash_init(DRBG_CTX *dctx);
|
|
int fips_drbg_hmac_init(DRBG_CTX *dctx);
|
|
int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
|
|
int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
|