1/*
2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * Licensed under the Apache License 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 * https://www.openssl.org/source/license.html
15 * or in the file LICENSE in the source distribution.
16 */
17
18#ifndef OSSL_CRYPTO_RAND_H
19# define OSSL_CRYPTO_RAND_H
20
21# include <openssl/rand.h>
22
23/* forward declaration */
24typedef struct rand_pool_st RAND_POOL;
25
26void rand_cleanup_int(void);
27
28/* Hardware-based seeding functions. */
29size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
30size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
31
32/* DRBG entropy callbacks. */
33size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
34 unsigned char **pout,
35 int entropy, size_t min_len, size_t max_len,
36 int prediction_resistance);
37void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
38 unsigned char *out, size_t outlen);
39size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
40 unsigned char **pout,
41 int entropy, size_t min_len, size_t max_len);
42void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
43 unsigned char *out, size_t outlen);
44
45size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
46
47void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
48
49/* CRNG test entropy filter callbacks. */
50size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
51 unsigned char **pout,
52 int entropy, size_t min_len, size_t max_len,
53 int prediction_resistance);
54void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
55 unsigned char *out, size_t outlen);
56
57/*
58 * RAND_POOL functions
59 */
60RAND_POOL *rand_pool_new(int entropy_requested, int secure,
61 size_t min_len, size_t max_len);
62RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
63 size_t entropy);
64void rand_pool_free(RAND_POOL *pool);
65
66const unsigned char *rand_pool_buffer(RAND_POOL *pool);
67unsigned char *rand_pool_detach(RAND_POOL *pool);
68void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
69
70size_t rand_pool_entropy(RAND_POOL *pool);
71size_t rand_pool_length(RAND_POOL *pool);
72
73size_t rand_pool_entropy_available(RAND_POOL *pool);
74size_t rand_pool_entropy_needed(RAND_POOL *pool);
75/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
76size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
77size_t rand_pool_bytes_remaining(RAND_POOL *pool);
78
79int rand_pool_add(RAND_POOL *pool,
80 const unsigned char *buffer, size_t len, size_t entropy);
81unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
82int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
83
84
85/*
86 * Add random bytes to the pool to acquire requested amount of entropy
87 *
88 * This function is platform specific and tries to acquire the requested
89 * amount of entropy by polling platform specific entropy sources.
90 *
91 * If the function succeeds in acquiring at least |entropy_requested| bits
92 * of entropy, the total entropy count is returned. If it fails, it returns
93 * an entropy count of 0.
94 */
95size_t rand_pool_acquire_entropy(RAND_POOL *pool);
96
97/*
98 * Add some application specific nonce data
99 *
100 * This function is platform specific and adds some application specific
101 * data to the nonce used for instantiating the drbg.
102 *
103 * This data currently consists of the process and thread id, and a high
104 * resolution timestamp. The data does not include an atomic counter,
105 * because that is added by the calling function rand_drbg_get_nonce().
106 *
107 * Returns 1 on success and 0 on failure.
108 */
109int rand_pool_add_nonce_data(RAND_POOL *pool);
110
111
112/*
113 * Add some platform specific additional data
114 *
115 * This function is platform specific and adds some random noise to the
116 * additional data used for generating random bytes and for reseeding
117 * the drbg.
118 *
119 * Returns 1 on success and 0 on failure.
120 */
121int rand_pool_add_additional_data(RAND_POOL *pool);
122
123/*
124 * Initialise the random pool reseeding sources.
125 *
126 * Returns 1 on success and 0 on failure.
127 */
128int rand_pool_init(void);
129
130/*
131 * Finalise the random pool reseeding sources.
132 */
133void rand_pool_cleanup(void);
134
135/*
136 * Control the random pool use of open file descriptors.
137 */
138void rand_pool_keep_random_devices_open(int keep);
139
140/* Equivalent of RAND_priv_bytes() but additionally taking an OPENSSL_CTX */
141int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num);
142
143/* Equivalent of RAND_bytes() but additionally taking an OPENSSL_CTX */
144int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num);
145
146#endif
147