xref: /netbsd-src/crypto/external/bsd/openssl.old/dist/include/openssl/rand_drbg.h (revision 4724848cf0da353df257f730694b7882798e5daf) 
1*4724848cSchristos /*
2*4724848cSchristos  * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
3*4724848cSchristos  *
4*4724848cSchristos  * Licensed under the OpenSSL license (the "License").  You may not use
5*4724848cSchristos  * this file except in compliance with the License.  You can obtain a copy
6*4724848cSchristos  * in the file LICENSE in the source distribution or at
7*4724848cSchristos  * https://www.openssl.org/source/license.html
8*4724848cSchristos  */
9*4724848cSchristos 
10*4724848cSchristos #ifndef HEADER_DRBG_RAND_H
11*4724848cSchristos # define HEADER_DRBG_RAND_H
12*4724848cSchristos 
13*4724848cSchristos # include <time.h>
14*4724848cSchristos # include <openssl/ossl_typ.h>
15*4724848cSchristos # include <openssl/obj_mac.h>
16*4724848cSchristos 
17*4724848cSchristos /*
18*4724848cSchristos  * RAND_DRBG  flags
19*4724848cSchristos  *
20*4724848cSchristos  * Note: if new flags are added, the constant `rand_drbg_used_flags`
21*4724848cSchristos  *       in drbg_lib.c needs to be updated accordingly.
22*4724848cSchristos  */
23*4724848cSchristos 
24*4724848cSchristos /* In CTR mode, disable derivation function ctr_df */
25*4724848cSchristos # define RAND_DRBG_FLAG_CTR_NO_DF            0x1
26*4724848cSchristos 
27*4724848cSchristos 
28*4724848cSchristos # if OPENSSL_API_COMPAT < 0x10200000L
29*4724848cSchristos /* This #define was replaced by an internal constant and should not be used. */
30*4724848cSchristos #  define RAND_DRBG_USED_FLAGS  (RAND_DRBG_FLAG_CTR_NO_DF)
31*4724848cSchristos # endif
32*4724848cSchristos 
33*4724848cSchristos /*
34*4724848cSchristos  * Default security strength (in the sense of [NIST SP 800-90Ar1])
35*4724848cSchristos  *
36*4724848cSchristos  * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
37*4724848cSchristos  * of the cipher by collecting less entropy. The current DRBG implementation
38*4724848cSchristos  * does not take RAND_DRBG_STRENGTH into account and sets the strength of the
39*4724848cSchristos  * DRBG to that of the cipher.
40*4724848cSchristos  *
41*4724848cSchristos  * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
42*4724848cSchristos  * implementation.
43*4724848cSchristos  *
44*4724848cSchristos  * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
45*4724848cSchristos  * NID_aes_256_ctr
46*4724848cSchristos  */
47*4724848cSchristos # define RAND_DRBG_STRENGTH             256
48*4724848cSchristos /* Default drbg type */
49*4724848cSchristos # define RAND_DRBG_TYPE                 NID_aes_256_ctr
50*4724848cSchristos /* Default drbg flags */
51*4724848cSchristos # define RAND_DRBG_FLAGS                0
52*4724848cSchristos 
53*4724848cSchristos 
54*4724848cSchristos # ifdef  __cplusplus
55*4724848cSchristos extern "C" {
56*4724848cSchristos # endif
57*4724848cSchristos 
58*4724848cSchristos /*
59*4724848cSchristos  * Object lifetime functions.
60*4724848cSchristos  */
61*4724848cSchristos RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
62*4724848cSchristos RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
63*4724848cSchristos int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
64*4724848cSchristos int RAND_DRBG_set_defaults(int type, unsigned int flags);
65*4724848cSchristos int RAND_DRBG_instantiate(RAND_DRBG *drbg,
66*4724848cSchristos                           const unsigned char *pers, size_t perslen);
67*4724848cSchristos int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
68*4724848cSchristos void RAND_DRBG_free(RAND_DRBG *drbg);
69*4724848cSchristos 
70*4724848cSchristos /*
71*4724848cSchristos  * Object "use" functions.
72*4724848cSchristos  */
73*4724848cSchristos int RAND_DRBG_reseed(RAND_DRBG *drbg,
74*4724848cSchristos                      const unsigned char *adin, size_t adinlen,
75*4724848cSchristos                      int prediction_resistance);
76*4724848cSchristos int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
77*4724848cSchristos                        int prediction_resistance,
78*4724848cSchristos                        const unsigned char *adin, size_t adinlen);
79*4724848cSchristos int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
80*4724848cSchristos 
81*4724848cSchristos int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
82*4724848cSchristos int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
83*4724848cSchristos 
84*4724848cSchristos int RAND_DRBG_set_reseed_defaults(
85*4724848cSchristos                                   unsigned int master_reseed_interval,
86*4724848cSchristos                                   unsigned int slave_reseed_interval,
87*4724848cSchristos                                   time_t master_reseed_time_interval,
88*4724848cSchristos                                   time_t slave_reseed_time_interval
89*4724848cSchristos                                   );
90*4724848cSchristos 
91*4724848cSchristos RAND_DRBG *RAND_DRBG_get0_master(void);
92*4724848cSchristos RAND_DRBG *RAND_DRBG_get0_public(void);
93*4724848cSchristos RAND_DRBG *RAND_DRBG_get0_private(void);
94*4724848cSchristos 
95*4724848cSchristos /*
96*4724848cSchristos  * EXDATA
97*4724848cSchristos  */
98*4724848cSchristos # define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
99*4724848cSchristos     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
100*4724848cSchristos int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg);
101*4724848cSchristos void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx);
102*4724848cSchristos 
103*4724848cSchristos /*
104*4724848cSchristos  * Callback function typedefs
105*4724848cSchristos  */
106*4724848cSchristos typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg,
107*4724848cSchristos                                            unsigned char **pout,
108*4724848cSchristos                                            int entropy, size_t min_len,
109*4724848cSchristos                                            size_t max_len,
110*4724848cSchristos                                            int prediction_resistance);
111*4724848cSchristos typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
112*4724848cSchristos                                              unsigned char *out, size_t outlen);
113*4724848cSchristos typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout,
114*4724848cSchristos                                          int entropy, size_t min_len,
115*4724848cSchristos                                          size_t max_len);
116*4724848cSchristos typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg,
117*4724848cSchristos                                            unsigned char *out, size_t outlen);
118*4724848cSchristos 
119*4724848cSchristos int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
120*4724848cSchristos                             RAND_DRBG_get_entropy_fn get_entropy,
121*4724848cSchristos                             RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
122*4724848cSchristos                             RAND_DRBG_get_nonce_fn get_nonce,
123*4724848cSchristos                             RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
124*4724848cSchristos 
125*4724848cSchristos 
126*4724848cSchristos # ifdef  __cplusplus
127*4724848cSchristos }
128*4724848cSchristos # endif
129*4724848cSchristos 
130*4724848cSchristos #endif
131