[apple/xnu.git] / EXTERNAL_HEADERS / corecrypto / ccdrbg.h

/*
 *  ccdrbg.h
 *  corecrypto
 *
 *  Created on 08/17/2010
 *
 *  Copyright (c) 2010,2011,2012,2014,2015 Apple Inc. All rights reserved.
 *
 */

/*!
 @header corecrypto/ccdrbg.h
 @abstract The functions provided in ccdrbg.h implement high-level accessors
 to cryptographically secure random numbers.

 */

#ifndef _CORECRYPTO_CCDRBG_H_
#define _CORECRYPTO_CCDRBG_H_

#include <corecrypto/cc.h>
#include <corecrypto/ccdrbg_impl.h>

/*
 * The maximum length of the entropy_input,  additional_input (max_additional_input_length) , personalization string
 * (max_personalization_string_length) and max_number_of_bits_per_request  are implementation dependent
 * but shall fit in a 32 bit register and be be less than or equal to the specified maximum length for the
 * selected DRBG mechanism (NIST 800-90A Section 10).
 */

#define CCDRBG_MAX_ENTROPY_SIZE         ((uint32_t)1<<16)
#define CCDRBG_MAX_ADDITIONALINPUT_SIZE ((uint32_t)1<<16)
#define CCDRBG_MAX_PSINPUT_SIZE         ((uint32_t)1<<16)
#define CCDRBG_MAX_REQUEST_SIZE         ((uint32_t)1<<16) //this is the absolute maximum in NIST 800-90A
#define CCDRBG_RESEED_INTERVAL          ((uint64_t)1<<30) // must be able to fit the NIST maximum of 2^48


/*
 * The entropyLength is forced to be greater or equal than the security strength.
 * Nonce is not forced. It either needs to have 0.5*security strength entropy. Or, a vale that is repeated
 * less than a 0.5*security strength bit random string.
 * see below or NIST  800-90A for the definition of security strength
 */

CC_INLINE int ccdrbg_init(const struct ccdrbg_info *info,
			struct ccdrbg_state *drbg,
            size_t entropyLength, const void* entropy,
            size_t nonceLength, const void* nonce,
            size_t psLength, const void* ps)
{
	return info->init(info, drbg, entropyLength, entropy, nonceLength, nonce, psLength, ps);
}

/*
 *  The entropyLength is forced to be greater or equal than the security strength.
 */
CC_INLINE int ccdrbg_reseed(const struct ccdrbg_info *info,
       struct ccdrbg_state *drbg,
       size_t entropyLength, const void *entropy,
       size_t additionalLength, const void *additional)
{
    return info->reseed(drbg, entropyLength, entropy, additionalLength, additional);
}


CC_INLINE int ccdrbg_generate(const struct ccdrbg_info *info,
         struct ccdrbg_state *drbg,
         size_t dataOutLength, void *dataOut,
         size_t additionalLength, const void *additional)
{
    return info->generate(drbg, dataOutLength, dataOut, additionalLength, additional);
}

CC_INLINE void ccdrbg_done(const struct ccdrbg_info *info,
		struct ccdrbg_state *drbg)
{
	info->done(drbg);
}

CC_INLINE size_t ccdrbg_context_size(const struct ccdrbg_info *info)
{
    return info->size;
}


/*
 * NIST SP 800-90 CTR_DRBG
 * the maximum security strengh of drbg equals to the block size of the corresponding ECB.
 */
struct ccdrbg_nistctr_custom {
    const struct ccmode_ctr *ctr_info;
    size_t keylen;
    int strictFIPS;
    int use_df;
};

void ccdrbg_factory_nistctr(struct ccdrbg_info *info, const struct ccdrbg_nistctr_custom *custom);

/*
 * NIST SP 800-90 HMAC_DRBG
 * the maximum security strengh of drbg is half of output size of the input hash function and it internally is limited to 256 bits
 */
struct ccdrbg_nisthmac_custom {
    const struct ccdigest_info *di;
    int strictFIPS;
};

void ccdrbg_factory_nisthmac(struct ccdrbg_info *info, const struct ccdrbg_nisthmac_custom *custom);

#endif /* _CORECRYPTO_CCDRBG_H_ */
Commit	Line	Data
fe8ab488	1	/*
3e170ce0 A	2	* ccdrbg.h
3e170ce0 A	3	* corecrypto
fe8ab488	4	*
3e170ce0	5	* Created on 08/17/2010
fe8ab488	6	*
3e170ce0	7	* Copyright (c) 2010,2011,2012,2014,2015 Apple Inc. All rights reserved.
fe8ab488	8	*
fe8ab488 A	9	*/
	10
	11	/*!
	12	@header corecrypto/ccdrbg.h
	13	@abstract The functions provided in ccdrbg.h implement high-level accessors
	14	to cryptographically secure random numbers.
	15
	16	*/
	17
	18	#ifndef _CORECRYPTO_CCDRBG_H_
	19	#define _CORECRYPTO_CCDRBG_H_
	20
	21	#include <corecrypto/cc.h>
	22	#include <corecrypto/ccdrbg_impl.h>
	23
3e170ce0	24	/*
d9a64523	25	* The maximum length of the entropy_input, additional_input (max_additional_input_length) , personalization string
3e170ce0	26	* (max_personalization_string_length) and max_number_of_bits_per_request are implementation dependent
d9a64523	27	* but shall fit in a 32 bit register and be be less than or equal to the specified maximum length for the
3e170ce0 A	28	* selected DRBG mechanism (NIST 800-90A Section 10).
	29	*/
	30
	31	#define CCDRBG_MAX_ENTROPY_SIZE ((uint32_t)1<<16)
	32	#define CCDRBG_MAX_ADDITIONALINPUT_SIZE ((uint32_t)1<<16)
	33	#define CCDRBG_MAX_PSINPUT_SIZE ((uint32_t)1<<16)
5ba3f43e	34	#define CCDRBG_MAX_REQUEST_SIZE ((uint32_t)1<<16) //this is the absolute maximum in NIST 800-90A
3e170ce0 A	35	#define CCDRBG_RESEED_INTERVAL ((uint64_t)1<<30) // must be able to fit the NIST maximum of 2^48
	36
	37
	38	/*
	39	* The entropyLength is forced to be greater or equal than the security strength.
	40	* Nonce is not forced. It either needs to have 0.5*security strength entropy. Or, a vale that is repeated
	41	* less than a 0.5*security strength bit random string.
	42	* see below or NIST 800-90A for the definition of security strength
	43	*/
fe8ab488 A	44
	45	CC_INLINE int ccdrbg_init(const struct ccdrbg_info *info,
	46	struct ccdrbg_state *drbg,
39037602 A	47	size_t entropyLength, const void* entropy,
	48	size_t nonceLength, const void* nonce,
	49	size_t psLength, const void* ps)
fe8ab488 A	50	{
	51	return info->init(info, drbg, entropyLength, entropy, nonceLength, nonce, psLength, ps);
	52	}
	53
3e170ce0 A	54	/*
	55	* The entropyLength is forced to be greater or equal than the security strength.
	56	*/
fe8ab488	57	CC_INLINE int ccdrbg_reseed(const struct ccdrbg_info *info,
3e170ce0	58	struct ccdrbg_state *drbg,
39037602 A	59	size_t entropyLength, const void *entropy,
39037602 A	60	size_t additionalLength, const void *additional)
fe8ab488	61	{
3e170ce0	62	return info->reseed(drbg, entropyLength, entropy, additionalLength, additional);
fe8ab488 A	63	}
	64
	65
	66	CC_INLINE int ccdrbg_generate(const struct ccdrbg_info *info,
3e170ce0	67	struct ccdrbg_state *drbg,
39037602 A	68	size_t dataOutLength, void *dataOut,
39037602 A	69	size_t additionalLength, const void *additional)
fe8ab488	70	{
3e170ce0	71	return info->generate(drbg, dataOutLength, dataOut, additionalLength, additional);
fe8ab488 A	72	}
	73
	74	CC_INLINE void ccdrbg_done(const struct ccdrbg_info *info,
3e170ce0	75	struct ccdrbg_state *drbg)
fe8ab488	76	{
3e170ce0	77	info->done(drbg);
fe8ab488 A	78	}
fe8ab488 A	79
d9a64523	80	CC_INLINE size_t ccdrbg_context_size(const struct ccdrbg_info *info)
3e170ce0	81	{
d9a64523	82	return info->size;
3e170ce0	83	}
fe8ab488	84
fe8ab488	85
3e170ce0 A	86	/*
3e170ce0 A	87	* NIST SP 800-90 CTR_DRBG
5ba3f43e	88	* the maximum security strengh of drbg equals to the block size of the corresponding ECB.
3e170ce0	89	*/
fe8ab488	90	struct ccdrbg_nistctr_custom {
5ba3f43e	91	const struct ccmode_ctr *ctr_info;
39037602	92	size_t keylen;
fe8ab488 A	93	int strictFIPS;
	94	int use_df;
	95	};
	96
	97	void ccdrbg_factory_nistctr(struct ccdrbg_info info, const struct ccdrbg_nistctr_custom custom);
	98
3e170ce0 A	99	/*
3e170ce0 A	100	* NIST SP 800-90 HMAC_DRBG
39037602	101	* the maximum security strengh of drbg is half of output size of the input hash function and it internally is limited to 256 bits
3e170ce0	102	*/
fe8ab488 A	103	struct ccdrbg_nisthmac_custom {
	104	const struct ccdigest_info *di;
	105	int strictFIPS;
	106	};
	107
fe8ab488 A	108	void ccdrbg_factory_nisthmac(struct ccdrbg_info info, const struct ccdrbg_nisthmac_custom custom);
	109
	110	#endif /* _CORECRYPTO_CCDRBG_H_ */