33 #if defined(POLARSSL_CTR_DRBG_C)
37 #if defined(POLARSSL_FS_IO)
45 int ctr_drbg_init_entropy_len(
47 int (*f_entropy)(
void *,
unsigned char *,
size_t),
49 const unsigned char *custom,
77 int (*f_entropy)(
void *,
unsigned char *,
size_t),
79 const unsigned char *custom,
82 return( ctr_drbg_init_entropy_len( ctx, f_entropy, p_entropy, custom, len,
101 int block_cipher_df(
unsigned char *output,
102 const unsigned char *data,
size_t data_len )
108 unsigned char *p = buf, *iv;
111 int i, j, buf_len, use_len;
123 *p++ = ( data_len >> 24 ) & 0xff;
124 *p++ = ( data_len >> 16 ) & 0xff;
125 *p++ = ( data_len >> 8 ) & 0xff;
126 *p++ = ( data_len ) & 0xff;
129 memcpy( p, data, data_len );
132 buf_len = CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
145 memset( chain, 0, CTR_DRBG_BLOCKSIZE );
158 memcpy( tmp + j, chain, CTR_DRBG_BLOCKSIZE );
176 memcpy( p, iv, CTR_DRBG_BLOCKSIZE );
184 const unsigned char data[CTR_DRBG_SEEDLEN] )
187 unsigned char *p = tmp;
190 memset( tmp, 0, CTR_DRBG_SEEDLEN );
197 for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
198 if( ++ctx->
counter[i - 1] != 0 )
216 memcpy( ctx->
counter, tmp + CTR_DRBG_KEYSIZE, CTR_DRBG_BLOCKSIZE );
222 const unsigned char *additional,
size_t add_len )
228 block_cipher_df( add_input, additional, add_len );
229 ctr_drbg_update_internal( ctx, add_input );
234 const unsigned char *additional,
size_t len )
258 if( additional && len )
260 memcpy( seed + seedlen, additional, len );
267 block_cipher_df( seed, seed, seedlen );
272 ctr_drbg_update_internal( ctx, seed );
279 unsigned char *output,
size_t output_len,
280 const unsigned char *additional,
size_t add_len )
285 unsigned char *p = output;
296 memset( add_input, 0, CTR_DRBG_SEEDLEN );
309 block_cipher_df( add_input, additional, add_len );
310 ctr_drbg_update_internal( ctx, add_input );
313 while( output_len > 0 )
318 for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
319 if( ++ctx->
counter[i - 1] != 0 )
331 memcpy( p, tmp, use_len );
333 output_len -= use_len;
336 ctr_drbg_update_internal( ctx, add_input );
343 int ctr_drbg_random(
void *p_rng,
unsigned char *output,
size_t output_len )
348 #if defined(POLARSSL_FS_IO)
355 if( ( f = fopen( path,
"wb" ) ) == NULL )
380 if( ( f = fopen( path,
"rb" ) ) == NULL )
383 fseek( f, 0, SEEK_END );
384 n = (size_t) ftell( f );
385 fseek( f, 0, SEEK_SET );
393 if( fread( buf, 1, n, f ) != n )
407 #if defined(POLARSSL_SELF_TEST)
411 unsigned char entropy_source_pr[96] =
412 { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
413 0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
414 0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
415 0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb,
416 0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9,
417 0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95,
418 0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63,
419 0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3,
420 0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31,
421 0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4,
422 0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
423 0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
425 unsigned char entropy_source_nopr[64] =
426 { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
427 0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
428 0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
429 0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20,
430 0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9,
431 0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46,
432 0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
433 0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
435 unsigned char nonce_pers_pr[16] =
436 { 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
437 0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
439 unsigned char nonce_pers_nopr[16] =
440 { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
441 0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
443 unsigned char result_pr[16] =
444 { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
445 0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
447 unsigned char result_nopr[16] =
448 { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
449 0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
452 int ctr_drbg_self_test_entropy(
void *data,
unsigned char *buf,
size_t len )
454 unsigned char *p = data;
455 memcpy( buf, p + test_offset, len );
466 unsigned char buf[16];
472 printf(
" CTR_DRBG (PR = TRUE) : " );
475 if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_pr, nonce_pers_pr, 16, 32 ) != 0 )
478 printf(
"failed\n" );
487 printf(
"failed\n" );
495 printf(
"failed\n" );
500 if( memcmp( buf, result_pr, CTR_DRBG_BLOCKSIZE ) != 0 )
503 printf(
"failed\n" );
509 printf(
"passed\n" );
515 printf(
" CTR_DRBG (PR = FALSE): " );
518 if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_nopr, nonce_pers_nopr, 16, 32 ) != 0 )
521 printf(
"failed\n" );
529 printf(
"failed\n" );
537 printf(
"failed\n" );
545 printf(
"failed\n" );
550 if( memcmp( buf, result_nopr, 16 ) != 0 )
553 printf(
"failed\n" );
559 printf(
"passed\n" );
#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
The entropy source failed.
int ctr_drbg_random(void *p_rng, unsigned char *output, size_t output_len)
CTR_DRBG generate random.
void ctr_drbg_set_prediction_resistance(ctr_drbg_context *ctx, int resistance)
Enable / disable prediction resistance (Default: Off)
#define CTR_DRBG_PR_ON
Prediction resistance enabled.
#define CTR_DRBG_MAX_INPUT
Maximum number of additional input bytes.
#define CTR_DRBG_MAX_SEED_INPUT
Maximum size of (re)seed buffer.
#define CTR_DRBG_RESEED_INTERVAL
Interval before reseed is performed by default.
Configuration options (set of defines)
#define CTR_DRBG_KEYSIZE
Key size used by the cipher.
#define CTR_DRBG_BLOCKSIZE
Block size used by the cipher.
#define CTR_DRBG_ENTROPY_LEN
Amount of entropy used per seed by default.
int prediction_resistance
#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG
Too many random requested in single call.
int ctr_drbg_random_with_add(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len)
CTR_DRBG generate random with additional update input.
#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR
Read/write error in file.
unsigned char counter[16]
int ctr_drbg_reseed(ctr_drbg_context *ctx, const unsigned char *additional, size_t len)
CTR_DRBG reseeding (extracts data from entropy source)
#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG
Input too large (Entropy + additional).
CTR_DRBG context structure.
#define CTR_DRBG_SEEDLEN
The seed length (counter + AES key)
void ctr_drbg_set_reseed_interval(ctr_drbg_context *ctx, int interval)
Set the reseed interval (Default: CTR_DRBG_RESEED_INTERVAL)
int ctr_drbg_update_seed_file(ctr_drbg_context *ctx, const char *path)
Read and update a seed file.
void ctr_drbg_set_entropy_len(ctr_drbg_context *ctx, size_t len)
Set the amount of entropy grabbed on each (re)seed (Default: CTR_DRBG_ENTROPY_LEN) ...
int ctr_drbg_self_test(int verbose)
Checkup routine.
int ctr_drbg_init(ctr_drbg_context *ctx, int(*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len)
CTR_DRBG initialization.
int(* f_entropy)(void *, unsigned char *, size_t)
int ctr_drbg_write_seed_file(ctr_drbg_context *ctx, const char *path)
Write a seed file.
#define CTR_DRBG_MAX_REQUEST
Maximum number of requested bytes per call.
void ctr_drbg_update(ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
CTR_DRBG update state.
int aes_setkey_enc(aes_context *ctx, const unsigned char *key, unsigned int keysize)
AES key schedule (encryption)
int aes_crypt_ecb(aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
AES-ECB block encryption/decryption.
CTR_DRBG based on AES-256 (NIST SP 800-90)