|
Packit |
c4476c |
/* fips/rand/fips_rand_lcl.h */
|
|
Packit |
c4476c |
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
|
Packit |
c4476c |
* project.
|
|
Packit |
c4476c |
*/
|
|
Packit |
c4476c |
/* ====================================================================
|
|
Packit |
c4476c |
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* Redistribution and use in source and binary forms, with or without
|
|
Packit |
c4476c |
* modification, are permitted provided that the following conditions
|
|
Packit |
c4476c |
* are met:
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit |
c4476c |
* notice, this list of conditions and the following disclaimer.
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit |
c4476c |
* notice, this list of conditions and the following disclaimer in
|
|
Packit |
c4476c |
* the documentation and/or other materials provided with the
|
|
Packit |
c4476c |
* distribution.
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* 3. All advertising materials mentioning features or use of this
|
|
Packit |
c4476c |
* software must display the following acknowledgment:
|
|
Packit |
c4476c |
* "This product includes software developed by the OpenSSL Project
|
|
Packit |
c4476c |
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
Packit |
c4476c |
* endorse or promote products derived from this software without
|
|
Packit |
c4476c |
* prior written permission. For written permission, please contact
|
|
Packit |
c4476c |
* licensing@OpenSSL.org.
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* 5. Products derived from this software may not be called "OpenSSL"
|
|
Packit |
c4476c |
* nor may "OpenSSL" appear in their names without prior written
|
|
Packit |
c4476c |
* permission of the OpenSSL Project.
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* 6. Redistributions of any form whatsoever must retain the following
|
|
Packit |
c4476c |
* acknowledgment:
|
|
Packit |
c4476c |
* "This product includes software developed by the OpenSSL Project
|
|
Packit |
c4476c |
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
Packit |
c4476c |
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
Packit |
c4476c |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
Packit |
c4476c |
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
Packit |
c4476c |
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
Packit |
c4476c |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
Packit |
c4476c |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
Packit |
c4476c |
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
Packit |
c4476c |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
Packit |
c4476c |
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
Packit |
c4476c |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
Packit |
c4476c |
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit |
c4476c |
* ====================================================================
|
|
Packit |
c4476c |
*/
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
|
|
Packit |
c4476c |
typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
|
|
Packit |
c4476c |
typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* 888 bits from 10.1 table 2 */
|
|
Packit |
c4476c |
#define HASH_PRNG_MAX_SEEDLEN 111
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
struct drbg_hash_ctx_st {
|
|
Packit |
c4476c |
const EVP_MD *md;
|
|
Packit |
c4476c |
EVP_MD_CTX *mctx;
|
|
Packit |
c4476c |
unsigned char V[HASH_PRNG_MAX_SEEDLEN];
|
|
Packit |
c4476c |
unsigned char C[HASH_PRNG_MAX_SEEDLEN];
|
|
Packit |
c4476c |
/* Temporary value storage: should always exceed max digest length */
|
|
Packit |
c4476c |
unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
|
|
Packit |
c4476c |
};
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
struct drbg_hmac_ctx_st {
|
|
Packit |
c4476c |
const EVP_MD *md;
|
|
Packit |
c4476c |
HMAC_CTX *hctx;
|
|
Packit |
c4476c |
unsigned char K[EVP_MAX_MD_SIZE];
|
|
Packit |
c4476c |
unsigned char V[EVP_MAX_MD_SIZE];
|
|
Packit |
c4476c |
};
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
struct drbg_ctr_ctx_st {
|
|
Packit |
c4476c |
AES_KEY ks;
|
|
Packit |
c4476c |
size_t keylen;
|
|
Packit |
c4476c |
unsigned char K[32];
|
|
Packit |
c4476c |
unsigned char V[16];
|
|
Packit |
c4476c |
/* Temp variables used by derivation function */
|
|
Packit |
c4476c |
AES_KEY df_ks;
|
|
Packit |
c4476c |
AES_KEY df_kxks;
|
|
Packit |
c4476c |
/* Temporary block storage used by ctr_df */
|
|
Packit |
c4476c |
unsigned char bltmp[16];
|
|
Packit |
c4476c |
size_t bltmp_pos;
|
|
Packit |
c4476c |
unsigned char KX[48];
|
|
Packit |
c4476c |
};
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* DRBG internal flags */
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Functions shouldn't call err library */
|
|
Packit |
c4476c |
#define DRBG_FLAG_NOERR 0x1
|
|
Packit |
c4476c |
/* Custom reseed checking */
|
|
Packit |
c4476c |
#define DRBG_CUSTOM_RESEED 0x2
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* DRBG status values */
|
|
Packit |
c4476c |
/* not initialised */
|
|
Packit |
c4476c |
#define DRBG_STATUS_UNINITIALISED 0
|
|
Packit |
c4476c |
/* ok and ready to generate random bits */
|
|
Packit |
c4476c |
#define DRBG_STATUS_READY 1
|
|
Packit |
c4476c |
/* reseed required */
|
|
Packit |
c4476c |
#define DRBG_STATUS_RESEED 2
|
|
Packit |
c4476c |
/* fatal error condition */
|
|
Packit |
c4476c |
#define DRBG_STATUS_ERROR 3
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* A default maximum length: larger than any reasonable value used in pratice */
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#define DRBG_MAX_LENGTH 0x7ffffff0
|
|
Packit |
c4476c |
/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
|
|
Packit |
c4476c |
* so use max digest length.
|
|
Packit |
c4476c |
*/
|
|
Packit |
c4476c |
#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#define DRBG_HEALTH_INTERVAL (1 << 24)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* DRBG context structure */
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
struct drbg_ctx_st {
|
|
Packit |
c4476c |
/* First types common to all implementations */
|
|
Packit |
c4476c |
/* DRBG type: a NID for the underlying algorithm */
|
|
Packit |
c4476c |
int type;
|
|
Packit |
c4476c |
/* Various external flags */
|
|
Packit |
c4476c |
unsigned int xflags;
|
|
Packit |
c4476c |
/* Various internal use only flags */
|
|
Packit |
c4476c |
unsigned int iflags;
|
|
Packit |
c4476c |
/* Used for periodic health checks */
|
|
Packit |
c4476c |
int health_check_cnt, health_check_interval;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* The following parameters are setup by mechanism drbg_init() call */
|
|
Packit |
c4476c |
int strength;
|
|
Packit |
c4476c |
size_t blocklength;
|
|
Packit |
c4476c |
size_t max_request;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
size_t min_entropy, max_entropy;
|
|
Packit |
c4476c |
size_t min_nonce, max_nonce;
|
|
Packit |
c4476c |
size_t max_pers, max_adin;
|
|
Packit |
c4476c |
unsigned int reseed_counter;
|
|
Packit |
c4476c |
unsigned int reseed_interval;
|
|
Packit |
c4476c |
size_t seedlen;
|
|
Packit |
c4476c |
int status;
|
|
Packit |
c4476c |
/* Application data: typically used by test get_entropy */
|
|
Packit |
c4476c |
void *app_data;
|
|
Packit |
c4476c |
/* Implementation specific structures */
|
|
Packit |
c4476c |
union {
|
|
Packit |
c4476c |
DRBG_HASH_CTX hash;
|
|
Packit |
c4476c |
DRBG_HMAC_CTX hmac;
|
|
Packit |
c4476c |
DRBG_CTR_CTX ctr;
|
|
Packit |
c4476c |
} d;
|
|
Packit |
c4476c |
/* Initialiase PRNG and setup callbacks below */
|
|
Packit |
c4476c |
int (*init) (DRBG_CTX *ctx, int nid, int security, unsigned int flags);
|
|
Packit |
c4476c |
/* Intantiate PRNG */
|
|
Packit |
c4476c |
int (*instantiate) (DRBG_CTX *ctx,
|
|
Packit |
c4476c |
const unsigned char *ent, size_t entlen,
|
|
Packit |
c4476c |
const unsigned char *nonce, size_t noncelen,
|
|
Packit |
c4476c |
const unsigned char *pers, size_t perslen);
|
|
Packit |
c4476c |
/* reseed */
|
|
Packit |
c4476c |
int (*reseed) (DRBG_CTX *ctx,
|
|
Packit |
c4476c |
const unsigned char *ent, size_t entlen,
|
|
Packit |
c4476c |
const unsigned char *adin, size_t adinlen);
|
|
Packit |
c4476c |
/* generat output */
|
|
Packit |
c4476c |
int (*generate) (DRBG_CTX *ctx,
|
|
Packit |
c4476c |
unsigned char *out, size_t outlen,
|
|
Packit |
c4476c |
const unsigned char *adin, size_t adinlen);
|
|
Packit |
c4476c |
/* uninstantiate */
|
|
Packit |
c4476c |
int (*uninstantiate) (DRBG_CTX *ctx);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Entropy source block length */
|
|
Packit |
c4476c |
size_t entropy_blocklen;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* entropy gathering function */
|
|
Packit |
c4476c |
size_t (*get_entropy) (DRBG_CTX *ctx, unsigned char **pout,
|
|
Packit |
c4476c |
int entropy, size_t min_len, size_t max_len);
|
|
Packit |
c4476c |
/* Indicates we have finished with entropy buffer */
|
|
Packit |
c4476c |
void (*cleanup_entropy) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* nonce gathering function */
|
|
Packit |
c4476c |
size_t (*get_nonce) (DRBG_CTX *ctx, unsigned char **pout,
|
|
Packit |
c4476c |
int entropy, size_t min_len, size_t max_len);
|
|
Packit |
c4476c |
/* Indicates we have finished with nonce buffer */
|
|
Packit |
c4476c |
void (*cleanup_nonce) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Callbacks used when called through RAND interface */
|
|
Packit |
c4476c |
/* Get any additional input for generate */
|
|
Packit |
c4476c |
size_t (*get_adin) (DRBG_CTX *ctx, unsigned char **pout);
|
|
Packit |
c4476c |
void (*cleanup_adin) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
|
|
Packit |
c4476c |
/* Callback for RAND_seed(), RAND_add() */
|
|
Packit |
c4476c |
int (*rand_seed_cb) (DRBG_CTX *ctx, const void *buf, int num);
|
|
Packit |
c4476c |
int (*rand_add_cb) (DRBG_CTX *ctx,
|
|
Packit |
c4476c |
const void *buf, int num, double entropy);
|
|
Packit |
c4476c |
};
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int fips_drbg_ctr_init(DRBG_CTX *dctx);
|
|
Packit |
c4476c |
int fips_drbg_hash_init(DRBG_CTX *dctx);
|
|
Packit |
c4476c |
int fips_drbg_hmac_init(DRBG_CTX *dctx);
|
|
Packit |
c4476c |
int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
|
|
Packit |
c4476c |
int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#define FIPS_digestinit EVP_DigestInit
|
|
Packit |
c4476c |
#define FIPS_digestupdate EVP_DigestUpdate
|
|
Packit |
c4476c |
#define FIPS_digestfinal EVP_DigestFinal
|
|
Packit |
c4476c |
#define M_EVP_MD_size EVP_MD_size
|