darlinghq/darling-corecrypto
1
0
Fork 0
mirror of https://github.com/darlinghq/darling-corecrypto.git synced 2024-11-23 04:09:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
darling-corecrypto/include/corecrypto/ccdrbg.h
Lubos Dolezel 1688b7f97e Use original corecrypto headers 
We're fine license-wise, because these headers are APSL licensed and included in XNUx
2016-12-02 17:37:57 +01:00

129 lines
4.0 KiB
C
Raw Permalink Blame History

/*
* ccdrbg.h
* corecrypto
*
* Created on 08/17/2010
*
* Copyright (c) 2010,2011,2012,2014,2015 Apple Inc. All rights reserved.
*
*/
/*!
@header corecrypto/ccdrbg.h
@abstract The functions provided in ccdrbg.h implement high-level accessors
to cryptographically secure random numbers.
*/
#ifndef _CORECRYPTO_CCDRBG_H_
#define _CORECRYPTO_CCDRBG_H_
#include <corecrypto/cc.h>
#include <corecrypto/ccdrbg_impl.h>
/* error codes */
#define CCDRBG_STATUS_OK 0
#define CCDRBG_STATUS_ERROR (-1)
#define CCDRBG_STATUS_NEED_RESEED (-2)
#define CCDRBG_STATUS_PARAM_ERROR (-3)
// If this value is returned, the caller must abort or panic the process for security reasons.
// for example in the case of catastrophic error in
// http://csrc.nist.gov/publications/drafts/800-90/sp800_90a_r1_draft.pdf
// ccdrbg calls abort() or panic(), if they are available in the system.
#define CCDRBG_STATUS_ABORT (-4)
/*
* The maximum length of the entropy_input, additional_input (max_additional_input_length) , personalization string
* (max_personalization_string_length) and max_number_of_bits_per_request are implementation dependent
* but shall fit in a 32 bit register and be be less than or equal to the specified maximum length for the
* selected DRBG mechanism (NIST 800-90A Section 10).
*/
#define CCDRBG_MAX_ENTROPY_SIZE ((uint32_t)1<<16)
#define CCDRBG_MAX_ADDITIONALINPUT_SIZE ((uint32_t)1<<16)
#define CCDRBG_MAX_PSINPUT_SIZE ((uint32_t)1<<16)
#define CCDRBG_MAX_REQUEST_SIZE ((uint32_t)1<<16) //this is the the absolute maximum in NIST 800-90A
#define CCDRBG_RESEED_INTERVAL ((uint64_t)1<<30) // must be able to fit the NIST maximum of 2^48
/*
* The entropyLength is forced to be greater or equal than the security strength.
* Nonce is not forced. It either needs to have 0.5*security strength entropy. Or, a vale that is repeated
* less than a 0.5*security strength bit random string.
* see below or NIST 800-90A for the definition of security strength
*/
CC_INLINE int ccdrbg_init(const struct ccdrbg_info *info,
struct ccdrbg_state *drbg,
size_t entropyLength, const void* entropy,
size_t nonceLength, const void* nonce,
size_t psLength, const void* ps)
{
return info->init(info, drbg, entropyLength, entropy, nonceLength, nonce, psLength, ps);
}
/*
* The entropyLength is forced to be greater or equal than the security strength.
*/
CC_INLINE int ccdrbg_reseed(const struct ccdrbg_info *info,
struct ccdrbg_state *drbg,
size_t entropyLength, const void *entropy,
size_t additionalLength, const void *additional)
{
return info->reseed(drbg, entropyLength, entropy, additionalLength, additional);
}
CC_INLINE int ccdrbg_generate(const struct ccdrbg_info *info,
struct ccdrbg_state *drbg,
size_t dataOutLength, void *dataOut,
size_t additionalLength, const void *additional)
{
return info->generate(drbg, dataOutLength, dataOut, additionalLength, additional);
}
CC_INLINE void ccdrbg_done(const struct ccdrbg_info *info,
struct ccdrbg_state *drbg)
{
info->done(drbg);
}
CC_INLINE size_t ccdrbg_context_size(const struct ccdrbg_info *drbg)
{
return drbg->size;
}
/*
* NIST SP 800-90 CTR_DRBG
* the mximum security strengh of drbg equals to the block size of the corresponding ECB.
*/
struct ccdrbg_nistctr_custom {
const struct ccmode_ecb *ecb;
size_t keylen;
int strictFIPS;
int use_df;
};
void ccdrbg_factory_nistctr(struct ccdrbg_info *info, const struct ccdrbg_nistctr_custom *custom);
/*
* NIST SP 800-90 HMAC_DRBG
* the maximum security strengh of drbg is half of output size of the input hash function and it internally is limited to 256 bits
*/
extern struct ccdrbg_info ccdrbg_nistdigest_info;
struct ccdrbg_nisthmac_custom {
const struct ccdigest_info *di;
int strictFIPS;
};
void ccdrbg_factory_nisthmac(struct ccdrbg_info *info, const struct ccdrbg_nisthmac_custom *custom);
/*
* Dummy DRBG
*/
extern struct ccdrbg_info ccdrbg_dummy_info;
#endif /* _CORECRYPTO_CCDRBG_H_ */
Reference in New Issue View Git Blame Copy Permalink