1 | /* |
2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | /* |
11 | * Licensed under the Apache License 2.0 (the "License"); |
12 | * you may not use this file except in compliance with the License. |
13 | * You may obtain a copy of the License at |
14 | * https://www.openssl.org/source/license.html |
15 | * or in the file LICENSE in the source distribution. |
16 | */ |
17 | |
18 | #ifndef OSSL_CRYPTO_RAND_H |
19 | # define OSSL_CRYPTO_RAND_H |
20 | |
21 | # include <openssl/rand.h> |
22 | |
23 | /* forward declaration */ |
24 | typedef struct rand_pool_st RAND_POOL; |
25 | |
26 | void rand_cleanup_int(void); |
27 | |
28 | /* Hardware-based seeding functions. */ |
29 | size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); |
30 | size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool); |
31 | |
32 | /* DRBG entropy callbacks. */ |
33 | size_t rand_drbg_get_entropy(RAND_DRBG *drbg, |
34 | unsigned char **pout, |
35 | int entropy, size_t min_len, size_t max_len, |
36 | int prediction_resistance); |
37 | void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, |
38 | unsigned char *out, size_t outlen); |
39 | size_t rand_drbg_get_nonce(RAND_DRBG *drbg, |
40 | unsigned char **pout, |
41 | int entropy, size_t min_len, size_t max_len); |
42 | void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, |
43 | unsigned char *out, size_t outlen); |
44 | |
45 | size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout); |
46 | |
47 | void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); |
48 | |
49 | /* CRNG test entropy filter callbacks. */ |
50 | size_t rand_crngt_get_entropy(RAND_DRBG *drbg, |
51 | unsigned char **pout, |
52 | int entropy, size_t min_len, size_t max_len, |
53 | int prediction_resistance); |
54 | void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, |
55 | unsigned char *out, size_t outlen); |
56 | |
57 | /* |
58 | * RAND_POOL functions |
59 | */ |
60 | RAND_POOL *rand_pool_new(int entropy_requested, int secure, |
61 | size_t min_len, size_t max_len); |
62 | RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len, |
63 | size_t entropy); |
64 | void rand_pool_free(RAND_POOL *pool); |
65 | |
66 | const unsigned char *rand_pool_buffer(RAND_POOL *pool); |
67 | unsigned char *rand_pool_detach(RAND_POOL *pool); |
68 | void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer); |
69 | |
70 | size_t rand_pool_entropy(RAND_POOL *pool); |
71 | size_t rand_pool_length(RAND_POOL *pool); |
72 | |
73 | size_t rand_pool_entropy_available(RAND_POOL *pool); |
74 | size_t rand_pool_entropy_needed(RAND_POOL *pool); |
75 | /* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */ |
76 | size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor); |
77 | size_t rand_pool_bytes_remaining(RAND_POOL *pool); |
78 | |
79 | int rand_pool_add(RAND_POOL *pool, |
80 | const unsigned char *buffer, size_t len, size_t entropy); |
81 | unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len); |
82 | int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); |
83 | |
84 | |
85 | /* |
86 | * Add random bytes to the pool to acquire requested amount of entropy |
87 | * |
88 | * This function is platform specific and tries to acquire the requested |
89 | * amount of entropy by polling platform specific entropy sources. |
90 | * |
91 | * If the function succeeds in acquiring at least |entropy_requested| bits |
92 | * of entropy, the total entropy count is returned. If it fails, it returns |
93 | * an entropy count of 0. |
94 | */ |
95 | size_t rand_pool_acquire_entropy(RAND_POOL *pool); |
96 | |
97 | /* |
98 | * Add some application specific nonce data |
99 | * |
100 | * This function is platform specific and adds some application specific |
101 | * data to the nonce used for instantiating the drbg. |
102 | * |
103 | * This data currently consists of the process and thread id, and a high |
104 | * resolution timestamp. The data does not include an atomic counter, |
105 | * because that is added by the calling function rand_drbg_get_nonce(). |
106 | * |
107 | * Returns 1 on success and 0 on failure. |
108 | */ |
109 | int rand_pool_add_nonce_data(RAND_POOL *pool); |
110 | |
111 | |
112 | /* |
113 | * Add some platform specific additional data |
114 | * |
115 | * This function is platform specific and adds some random noise to the |
116 | * additional data used for generating random bytes and for reseeding |
117 | * the drbg. |
118 | * |
119 | * Returns 1 on success and 0 on failure. |
120 | */ |
121 | int rand_pool_add_additional_data(RAND_POOL *pool); |
122 | |
123 | /* |
124 | * Initialise the random pool reseeding sources. |
125 | * |
126 | * Returns 1 on success and 0 on failure. |
127 | */ |
128 | int rand_pool_init(void); |
129 | |
130 | /* |
131 | * Finalise the random pool reseeding sources. |
132 | */ |
133 | void rand_pool_cleanup(void); |
134 | |
135 | /* |
136 | * Control the random pool use of open file descriptors. |
137 | */ |
138 | void rand_pool_keep_random_devices_open(int keep); |
139 | |
140 | /* Equivalent of RAND_priv_bytes() but additionally taking an OPENSSL_CTX */ |
141 | int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); |
142 | |
143 | /* Equivalent of RAND_bytes() but additionally taking an OPENSSL_CTX */ |
144 | int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num); |
145 | |
146 | #endif |
147 | |