1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef DRBG_LOCAL_H 17 #define DRBG_LOCAL_H 18 19 #include "hitls_build.h" 20 #ifdef HITLS_CRYPTO_DRBG 21 22 #include <stdint.h> 23 #include "crypt_drbg.h" 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif 28 29 // Relationship between the number of NONCE and ENTROPY 30 #define DRBG_NONCE_FROM_ENTROPY (2) 31 32 typedef enum { 33 DRBG_STATE_UNINITIALISED, 34 DRBG_STATE_READY, 35 DRBG_STATE_ERROR, 36 } DRBG_State; 37 38 typedef struct { 39 int32_t (*instantiate)(DRBG_Ctx *ctx, const CRYPT_Data *entropy, 40 const CRYPT_Data *nonce, const CRYPT_Data *pers); 41 int32_t (*generate)(DRBG_Ctx *ctx, uint8_t *out, uint32_t outLen, const CRYPT_Data *adin); 42 int32_t (*reseed)(DRBG_Ctx *ctx, const CRYPT_Data *entropy, const CRYPT_Data *adin); 43 void (*uninstantiate)(DRBG_Ctx *ctx); 44 DRBG_Ctx* (*dup)(DRBG_Ctx *ctx); 45 void (*free)(DRBG_Ctx *ctx); 46 } DRBG_Method; 47 48 struct DrbgCtx { 49 bool isGm; 50 DRBG_State state; /* DRBG state */ 51 52 uint32_t reseedCtr; /* reseed counter */ 53 uint32_t reseedInterval; /* reseed interval times */ 54 #if defined(HITLS_CRYPTO_DRBG_GM) 55 uint64_t lastReseedTime; /* last reseed time, uint: second */ 56 uint64_t reseedIntervalTime; /* Time threshold for reseed, uint: second */ 57 #endif 58 59 uint32_t strength; /* Algorithm strength */ 60 uint32_t maxRequest; /* Maximum number of bytes per request, which is determined by the algorithm. */ 61 62 CRYPT_Range entropyRange; /* entropy size range */ 63 CRYPT_Range nonceRange; /* nonce size range */ 64 65 uint32_t maxPersLen; /* Maximum private data length */ 66 uint32_t maxAdinLen; /* Maximum additional data length */ 67 68 DRBG_Method *meth; /* Internal different mode method */ 69 void *ctx; /* Mode Context */ 70 71 /* seed function, which is related to the entropy source and DRBG generation. 72 When seedMeth and seedCtx are empty, the default entropy source is used. */ 73 CRYPT_RandSeedMethod seedMeth; 74 void *seedCtx; /* Seed context */ 75 }; 76 77 #ifdef HITLS_CRYPTO_DRBG_HMAC 78 /** 79 * @ingroup drbg 80 * @brief Apply for a context for the HMAC_DRBG. 81 * @brief This API does not support multiple threads. 82 * 83 * @param hmacMeth HMAC method 84 * @param mdMeth hash algid 85 * @param seedMeth DRBG seed hook 86 * @param seedCtx DRBG seed context 87 * 88 * @retval DRBG_Ctx* Success 89 * @retval NULL failure 90 */ 91 DRBG_Ctx *DRBG_NewHmacCtx(const EAL_MacMethod *hmacMeth, CRYPT_MAC_AlgId macId, 92 const CRYPT_RandSeedMethod *seedMeth, void *seedCtx); 93 #endif 94 95 #ifdef HITLS_CRYPTO_DRBG_HASH 96 /** 97 * @ingroup drbg 98 * @brief Apply for a context for the Hash_DRBG. 99 * @brief This API does not support multiple threads. 100 * 101 * @param md HASH method 102 * @param isGm is sm3 103 * @param seedMeth DRBG seed hook 104 * @param seedCtx DRBG seed context 105 * 106 * @retval DRBG_Ctx* Success 107 * @retval NULL failure 108 */ 109 DRBG_Ctx *DRBG_NewHashCtx(const EAL_MdMethod *md, bool isGm, const CRYPT_RandSeedMethod *seedMeth, void *seedCtx); 110 #endif 111 112 113 #ifdef HITLS_CRYPTO_DRBG_CTR 114 /** 115 * @ingroup drbg 116 * @brief Apply for a context for the CTR_DRBG. 117 * @brief This API does not support multiple threads. 118 * 119 * @param ciphMeth AES method 120 * @param keyLen Key length 121 * @param isGm is sm4 122 * @param isUsedDf Indicates whether to use derivation function. 123 * @param seedMeth DRBG seed hook 124 * @param seedCtx DRBG seed context 125 * 126 * @retval DRBG_Ctx* Success 127 * @retval NULL failure 128 */ 129 DRBG_Ctx *DRBG_NewCtrCtx(const EAL_SymMethod *ciphMeth, const uint32_t keyLen, bool isGm, const bool isUsedDf, 130 const CRYPT_RandSeedMethod *seedMeth, void *seedCtx); 131 #endif 132 133 #ifdef __cplusplus 134 } 135 #endif 136 137 #endif // HITLS_CRYPTO_DRBG 138 139 #endif // DRBG_LOCAL_H 140