wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/wolfcrypt/random.h@13:f67a6c6013ca, 2017-08-22 (annotated)

Committer:
wolfSSL
Date:
Tue Aug 22 10:48:22 2017 +0000
Revision:
13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 13:f67a6c6013ca 1 /* random.h
wolfSSL 13:f67a6c6013ca 2 *
wolfSSL 13:f67a6c6013ca 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 13:f67a6c6013ca 4 *
wolfSSL 13:f67a6c6013ca 5 * This file is part of wolfSSL.
wolfSSL 13:f67a6c6013ca 6 *
wolfSSL 13:f67a6c6013ca 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 13:f67a6c6013ca 8 * it under the terms of the GNU General Public License as published by
wolfSSL 13:f67a6c6013ca 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 13:f67a6c6013ca 10 * (at your option) any later version.
wolfSSL 13:f67a6c6013ca 11 *
wolfSSL 13:f67a6c6013ca 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 13:f67a6c6013ca 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 13:f67a6c6013ca 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 13:f67a6c6013ca 15 * GNU General Public License for more details.
wolfSSL 13:f67a6c6013ca 16 *
wolfSSL 13:f67a6c6013ca 17 * You should have received a copy of the GNU General Public License
wolfSSL 13:f67a6c6013ca 18 * along with this program; if not, write to the Free Software
wolfSSL 13:f67a6c6013ca 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 13:f67a6c6013ca 20 */
wolfSSL 13:f67a6c6013ca 21
wolfSSL 13:f67a6c6013ca 22
wolfSSL 13:f67a6c6013ca 23
wolfSSL 13:f67a6c6013ca 24 #ifndef WOLF_CRYPT_RANDOM_H
wolfSSL 13:f67a6c6013ca 25 #define WOLF_CRYPT_RANDOM_H
wolfSSL 13:f67a6c6013ca 26
wolfSSL 13:f67a6c6013ca 27 #include <wolfssl/wolfcrypt/types.h>
wolfSSL 13:f67a6c6013ca 28
wolfSSL 13:f67a6c6013ca 29 #ifdef HAVE_FIPS
wolfSSL 13:f67a6c6013ca 30 /* for fips @wc_fips */
wolfSSL 13:f67a6c6013ca 31 #include <cyassl/ctaocrypt/random.h>
wolfSSL 13:f67a6c6013ca 32 #endif
wolfSSL 13:f67a6c6013ca 33
wolfSSL 13:f67a6c6013ca 34 #ifdef __cplusplus
wolfSSL 13:f67a6c6013ca 35 extern "C" {
wolfSSL 13:f67a6c6013ca 36 #endif
wolfSSL 13:f67a6c6013ca 37
wolfSSL 13:f67a6c6013ca 38 /* Maximum generate block length */
wolfSSL 13:f67a6c6013ca 39 #ifndef RNG_MAX_BLOCK_LEN
wolfSSL 13:f67a6c6013ca 40 #ifdef HAVE_INTEL_QA
wolfSSL 13:f67a6c6013ca 41 #define RNG_MAX_BLOCK_LEN (0xFFFF)
wolfSSL 13:f67a6c6013ca 42 #else
wolfSSL 13:f67a6c6013ca 43 #define RNG_MAX_BLOCK_LEN (0x10000)
wolfSSL 13:f67a6c6013ca 44 #endif
wolfSSL 13:f67a6c6013ca 45 #endif
wolfSSL 13:f67a6c6013ca 46
wolfSSL 13:f67a6c6013ca 47 /* Size of the BRBG seed */
wolfSSL 13:f67a6c6013ca 48 #ifndef DRBG_SEED_LEN
wolfSSL 13:f67a6c6013ca 49 #define DRBG_SEED_LEN (440/8)
wolfSSL 13:f67a6c6013ca 50 #endif
wolfSSL 13:f67a6c6013ca 51
wolfSSL 13:f67a6c6013ca 52
wolfSSL 13:f67a6c6013ca 53 #if defined(CUSTOM_RAND_GENERATE) && !defined(CUSTOM_RAND_TYPE)
wolfSSL 13:f67a6c6013ca 54 /* To maintain compatibility the default is byte */
wolfSSL 13:f67a6c6013ca 55 #define CUSTOM_RAND_TYPE byte
wolfSSL 13:f67a6c6013ca 56 #endif
wolfSSL 13:f67a6c6013ca 57
wolfSSL 13:f67a6c6013ca 58 /* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
wolfSSL 13:f67a6c6013ca 59 or CUSTOM_RAND_GENERATE_BLOCK is defined*/
wolfSSL 13:f67a6c6013ca 60 #if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK)
wolfSSL 13:f67a6c6013ca 61 #undef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 62 #define HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 63 #endif
wolfSSL 13:f67a6c6013ca 64
wolfSSL 13:f67a6c6013ca 65
wolfSSL 13:f67a6c6013ca 66 #ifndef HAVE_FIPS /* avoid redefining structs and macros */
wolfSSL 13:f67a6c6013ca 67
wolfSSL 13:f67a6c6013ca 68 /* RNG supports the following sources (in order):
wolfSSL 13:f67a6c6013ca 69 * 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
wolfSSL 13:f67a6c6013ca 70 * bypasses the options below.
wolfSSL 13:f67a6c6013ca 71 * 2. HAVE_INTEL_RDRAND: Uses the Intel RDRAND if supported by CPU.
wolfSSL 13:f67a6c6013ca 72 * 3. HAVE_HASHDRBG (requires SHA256 enabled): Uses SHA256 based P-RNG
wolfSSL 13:f67a6c6013ca 73 * seeded via wc_GenerateSeed. This is the default source.
wolfSSL 13:f67a6c6013ca 74 */
wolfSSL 13:f67a6c6013ca 75
wolfSSL 13:f67a6c6013ca 76 /* Seed source can be overriden by defining one of these:
wolfSSL 13:f67a6c6013ca 77 CUSTOM_RAND_GENERATE_SEED
wolfSSL 13:f67a6c6013ca 78 CUSTOM_RAND_GENERATE_SEED_OS
wolfSSL 13:f67a6c6013ca 79 CUSTOM_RAND_GENERATE */
wolfSSL 13:f67a6c6013ca 80
wolfSSL 13:f67a6c6013ca 81
wolfSSL 13:f67a6c6013ca 82 #if defined(CUSTOM_RAND_GENERATE_BLOCK)
wolfSSL 13:f67a6c6013ca 83 /* To use define the following:
wolfSSL 13:f67a6c6013ca 84 * #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
wolfSSL 13:f67a6c6013ca 85 * extern int myRngFunc(byte* output, word32 sz);
wolfSSL 13:f67a6c6013ca 86 */
wolfSSL 13:f67a6c6013ca 87 #elif defined(HAVE_HASHDRBG)
wolfSSL 13:f67a6c6013ca 88 #ifdef NO_SHA256
wolfSSL 13:f67a6c6013ca 89 #error "Hash DRBG requires SHA-256."
wolfSSL 13:f67a6c6013ca 90 #endif /* NO_SHA256 */
wolfSSL 13:f67a6c6013ca 91 #include <wolfssl/wolfcrypt/sha256.h>
wolfSSL 13:f67a6c6013ca 92 #elif defined(HAVE_WNR)
wolfSSL 13:f67a6c6013ca 93 /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
wolfSSL 13:f67a6c6013ca 94 #else
wolfSSL 13:f67a6c6013ca 95 #error No RNG source defined!
wolfSSL 13:f67a6c6013ca 96 #endif
wolfSSL 13:f67a6c6013ca 97
wolfSSL 13:f67a6c6013ca 98 #ifdef HAVE_WNR
wolfSSL 13:f67a6c6013ca 99 #include <wnr.h>
wolfSSL 13:f67a6c6013ca 100 #endif
wolfSSL 13:f67a6c6013ca 101
wolfSSL 13:f67a6c6013ca 102 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 103 #include <wolfssl/wolfcrypt/async.h>
wolfSSL 13:f67a6c6013ca 104 #endif
wolfSSL 13:f67a6c6013ca 105
wolfSSL 13:f67a6c6013ca 106
wolfSSL 13:f67a6c6013ca 107 #if defined(USE_WINDOWS_API)
wolfSSL 13:f67a6c6013ca 108 #if defined(_WIN64)
wolfSSL 13:f67a6c6013ca 109 typedef unsigned __int64 ProviderHandle;
wolfSSL 13:f67a6c6013ca 110 /* type HCRYPTPROV, avoid #include <windows.h> */
wolfSSL 13:f67a6c6013ca 111 #else
wolfSSL 13:f67a6c6013ca 112 typedef unsigned long ProviderHandle;
wolfSSL 13:f67a6c6013ca 113 #endif
wolfSSL 13:f67a6c6013ca 114 #endif
wolfSSL 13:f67a6c6013ca 115
wolfSSL 13:f67a6c6013ca 116
wolfSSL 13:f67a6c6013ca 117 /* OS specific seeder */
wolfSSL 13:f67a6c6013ca 118 typedef struct OS_Seed {
wolfSSL 13:f67a6c6013ca 119 #if defined(USE_WINDOWS_API)
wolfSSL 13:f67a6c6013ca 120 ProviderHandle handle;
wolfSSL 13:f67a6c6013ca 121 #else
wolfSSL 13:f67a6c6013ca 122 int fd;
wolfSSL 13:f67a6c6013ca 123 #endif
wolfSSL 13:f67a6c6013ca 124 } OS_Seed;
wolfSSL 13:f67a6c6013ca 125
wolfSSL 13:f67a6c6013ca 126
wolfSSL 13:f67a6c6013ca 127 #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
wolfSSL 13:f67a6c6013ca 128 typedef struct WC_RNG WC_RNG;
wolfSSL 13:f67a6c6013ca 129 #define WC_RNG_TYPE_DEFINED
wolfSSL 13:f67a6c6013ca 130 #endif
wolfSSL 13:f67a6c6013ca 131
wolfSSL 13:f67a6c6013ca 132 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 133 /* Private DRBG state */
wolfSSL 13:f67a6c6013ca 134 struct DRBG;
wolfSSL 13:f67a6c6013ca 135 #endif
wolfSSL 13:f67a6c6013ca 136
wolfSSL 13:f67a6c6013ca 137 /* RNG context */
wolfSSL 13:f67a6c6013ca 138 struct WC_RNG {
wolfSSL 13:f67a6c6013ca 139 OS_Seed seed;
wolfSSL 13:f67a6c6013ca 140 void* heap;
wolfSSL 13:f67a6c6013ca 141 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 142 /* Hash-based Deterministic Random Bit Generator */
wolfSSL 13:f67a6c6013ca 143 struct DRBG* drbg;
wolfSSL 13:f67a6c6013ca 144 byte status;
wolfSSL 13:f67a6c6013ca 145 #endif
wolfSSL 13:f67a6c6013ca 146 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 13:f67a6c6013ca 147 WC_ASYNC_DEV asyncDev;
wolfSSL 13:f67a6c6013ca 148 int devId;
wolfSSL 13:f67a6c6013ca 149 #endif
wolfSSL 13:f67a6c6013ca 150 };
wolfSSL 13:f67a6c6013ca 151
wolfSSL 13:f67a6c6013ca 152 #endif /* HAVE_FIPS */
wolfSSL 13:f67a6c6013ca 153
wolfSSL 13:f67a6c6013ca 154 /* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
wolfSSL 13:f67a6c6013ca 155 * can't be used with CTaoCrypt FIPS */
wolfSSL 13:f67a6c6013ca 156 #if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS)
wolfSSL 13:f67a6c6013ca 157 #define RNG WC_RNG
wolfSSL 13:f67a6c6013ca 158 #endif
wolfSSL 13:f67a6c6013ca 159
wolfSSL 13:f67a6c6013ca 160
wolfSSL 13:f67a6c6013ca 161 WOLFSSL_LOCAL
wolfSSL 13:f67a6c6013ca 162 int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
wolfSSL 13:f67a6c6013ca 163
wolfSSL 13:f67a6c6013ca 164
wolfSSL 13:f67a6c6013ca 165 #ifdef HAVE_WNR
wolfSSL 13:f67a6c6013ca 166 /* Whitewood netRandom client library */
wolfSSL 13:f67a6c6013ca 167 WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int);
wolfSSL 13:f67a6c6013ca 168 WOLFSSL_API int wc_FreeNetRandom(void);
wolfSSL 13:f67a6c6013ca 169 #endif /* HAVE_WNR */
wolfSSL 13:f67a6c6013ca 170
wolfSSL 13:f67a6c6013ca 171
wolfSSL 13:f67a6c6013ca 172 WOLFSSL_API int wc_InitRng(WC_RNG*);
wolfSSL 13:f67a6c6013ca 173 WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
wolfSSL 13:f67a6c6013ca 174 WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
wolfSSL 13:f67a6c6013ca 175 WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*);
wolfSSL 13:f67a6c6013ca 176 WOLFSSL_API int wc_FreeRng(WC_RNG*);
wolfSSL 13:f67a6c6013ca 177
wolfSSL 13:f67a6c6013ca 178
wolfSSL 13:f67a6c6013ca 179 #ifdef HAVE_HASHDRBG
wolfSSL 13:f67a6c6013ca 180 WOLFSSL_API int wc_RNG_HealthTest(int reseed,
wolfSSL 13:f67a6c6013ca 181 const byte* entropyA, word32 entropyASz,
wolfSSL 13:f67a6c6013ca 182 const byte* entropyB, word32 entropyBSz,
wolfSSL 13:f67a6c6013ca 183 byte* output, word32 outputSz);
wolfSSL 13:f67a6c6013ca 184 #endif /* HAVE_HASHDRBG */
wolfSSL 13:f67a6c6013ca 185
wolfSSL 13:f67a6c6013ca 186 #ifdef __cplusplus
wolfSSL 13:f67a6c6013ca 187 } /* extern "C" */
wolfSSL 13:f67a6c6013ca 188 #endif
wolfSSL 13:f67a6c6013ca 189
wolfSSL 13:f67a6c6013ca 190 #endif /* WOLF_CRYPT_RANDOM_H */
wolfSSL 13:f67a6c6013ca 191
wolfSSL 13:f67a6c6013ca 192