Home Explore Help
Sign In
kindring
/
ble-light
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d88287c910
Branches Tags
ble-light
/
components
/
libraries
/
tinycrypt-0.2.8
/
lib
/
include
/
tinycrypt
/
ctr_prng.h

ctr_prng.h 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 
  1. /* ctr_prng.h - TinyCrypt interface to a CTR-PRNG implementation */
    2. 

  2. 

  3. /*
    4. 

  4.  * Copyright (c) 2016, Chris Morrison
    5. 

  5.  * All rights reserved.
    6. 

  6.  *
    7. 

  7.  * Redistribution and use in source and binary forms, with or without
    8. 

  8.  * modification, are permitted provided that the following conditions are met:
    9. 

  9.  *
    10. 

  10.  * * Redistributions of source code must retain the above copyright notice, this
    11. 

  11.  *   list of conditions and the following disclaimer.
    12. 

  12.  *
    13. 

  13.  * * Redistributions in binary form must reproduce the above copyright notice,
    14. 

  14.  *   this list of conditions and the following disclaimer in the documentation
    15. 

  15.  *   and/or other materials provided with the distribution.
    16. 

  16.  *
    17. 

  17.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    18. 

  18.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    19. 

  19.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    20. 

  20.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
    21. 

  21.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
    22. 

  22.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    23. 

  23.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    24. 

  24.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    25. 

  25.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    26. 

  26.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    27. 

  27.  * POSSIBILITY OF SUCH DAMAGE.
    28. 

  28.  */
    29. 

  29. 

  30. /**
    31. 

  31.  * @file
    32. 

  32.  * @brief Interface to a CTR-PRNG implementation.
    33. 

  33.  *
    34. 

  34.  *  Overview:   A pseudo-random number generator (PRNG) generates a sequence
    35. 

  35.  *              of numbers that have a distribution close to the one expected
    36. 

  36.  *              for a sequence of truly random numbers. The NIST Special
    37. 

  37.  *              Publication 800-90A specifies several mechanisms to generate
    38. 

  38.  *              sequences of pseudo random numbers, including the CTR-PRNG one
    39. 

  39.  *              which is based on AES. TinyCrypt implements CTR-PRNG with
    40. 

  40.  *              AES-128.
    41. 

  41.  *
    42. 

  42.  *  Security:   A cryptographically secure PRNG depends on the existence of an
    43. 

  43.  *              entropy source to provide a truly random seed as well as the
    44. 

  44.  *              security of the primitives used as the building blocks (AES-128
    45. 

  45.  *              in this instance).
    46. 

  46.  *
    47. 

  47.  *  Requires:   - AES-128
    48. 

  48.  *
    49. 

  49.  *  Usage:      1) call tc_ctr_prng_init to seed the prng context
    50. 

  50.  *
    51. 

  51.  *              2) call tc_ctr_prng_reseed to mix in additional entropy into
    52. 

  52.  *              the prng context
    53. 

  53.  *
    54. 

  54.  *              3) call tc_ctr_prng_generate to output the pseudo-random data
    55. 

  55.  *
    56. 

  56.  *              4) call tc_ctr_prng_uninstantiate to zero out the prng context
    57. 

  57.  */
    58. 

  58. 

  59. #ifndef __TC_CTR_PRNG_H__
    60. 

  60. #define __TC_CTR_PRNG_H__
    61. 

  61. 

  62. #include <tinycrypt/aes.h>
    63. 

  63. 

  64. #define TC_CTR_PRNG_RESEED_REQ -1
    65. 

  65. 

  66. #ifdef __cplusplus
    67. 

  67. extern "C" {
    68. 

  68. #endif
    69. 

  69. 

  70. typedef struct {
    71. 

  71. 	/* updated each time another BLOCKLEN_BYTES bytes are produced */
    72. 

  72. 	uint8_t V[TC_AES_BLOCK_SIZE]; 
    73. 

  73. 

  74. 	/* updated whenever the PRNG is reseeded */
    75. 

  75. 	struct tc_aes_key_sched_struct key;
    76. 

  76. 

  77. 	/* number of requests since initialization/reseeding */
    78. 

  78. 	uint64_t reseedCount;
    79. 

  79. } TCCtrPrng_t;
    80. 

  80. 

  81. 

  82. /**
    83. 

  83.  *  @brief CTR-PRNG initialization procedure
    84. 

  84.  *  Initializes prng context with entropy and personalization string (if any)
    85. 

  85.  *  @return returns TC_CRYPTO_SUCCESS (1)
    86. 

  86.  *          returns TC_CRYPTO_FAIL (0) if:
    87. 

  87.  *                ctx == NULL,
    88. 

  88.  *                entropy == NULL,
    89. 

  89.  *                entropyLen < (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE)
    90. 

  90.  *  @note       Only the first (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE) bytes of
    91. 

  91.  *              both the entropy and personalization inputs are used -
    92. 

  92.  *              supplying additional bytes has no effect.
    93. 

  93.  *  @param ctx IN/OUT -- the PRNG context to initialize
    94. 

  94.  *  @param entropy IN -- entropy used to seed the PRNG
    95. 

  95.  *  @param entropyLen IN -- entropy length in bytes
    96. 

  96.  *  @param personalization IN -- personalization string used to seed the PRNG
    97. 

  97.  *  (may be null)
    98. 

  98.  *  @param plen IN -- personalization length in bytes
    99. 

  99.  *
    100. 

  100.  */
    101. 

  101. int tc_ctr_prng_init(TCCtrPrng_t * const ctx, 
    102. 

  102. 		     uint8_t const * const entropy,
    103. 

  103. 		     unsigned int entropyLen, 
    104. 

  104. 		     uint8_t const * const personalization,
    105. 

  105. 		     unsigned int pLen);
    106. 

  106. 

  107. /**
    108. 

  108.  *  @brief CTR-PRNG reseed procedure
    109. 

  109.  *  Mixes entropy and additional_input into the prng context
    110. 

  110.  *  @return returns  TC_CRYPTO_SUCCESS (1)
    111. 

  111.  *  returns TC_CRYPTO_FAIL (0) if:
    112. 

  112.  *          ctx == NULL,
    113. 

  113.  *          entropy == NULL,
    114. 

  114.  *          entropylen < (TC_AES_KEY_SIZE + TC_AES_BLOCK_SIZE)
    115. 

  115.  *  @note It is better to reseed an existing prng context rather than
    116. 

  116.  *        re-initialise, so that any existing entropy in the context is
    117. 

  117.  *        presereved.  This offers some protection against undetected failures
    118. 

  118.  *        of the entropy source.
    119. 

  119.  *  @note Assumes tc_ctr_prng_init has been called for ctx
    120. 

  120.  *  @param ctx IN/OUT -- the PRNG state
    121. 

  121.  *  @param entropy IN -- entropy to mix into the prng
    122. 

  122.  *  @param entropylen IN -- length of entropy in bytes
    123. 

  123.  *  @param additional_input IN -- additional input to the prng (may be null)
    124. 

  124.  *  @param additionallen IN -- additional input length in bytes
    125. 

  125.  */
    126. 

  126. int tc_ctr_prng_reseed(TCCtrPrng_t * const ctx, 
    127. 

  127. 		       uint8_t const * const entropy,
    128. 

  128. 		       unsigned int entropyLen,
    129. 

  129. 		       uint8_t const * const additional_input,
    130. 

  130. 		       unsigned int additionallen);
    131. 

  131. 

  132. /**
    133. 

  133.  *  @brief CTR-PRNG generate procedure
    134. 

  134.  *  Generates outlen pseudo-random bytes into out buffer, updates prng
    135. 

  135.  *  @return returns TC_CRYPTO_SUCCESS (1)
    136. 

  136.  *          returns TC_CTR_PRNG_RESEED_REQ (-1) if a reseed is needed
    137. 

  137.  *             returns TC_CRYPTO_FAIL (0) if:
    138. 

  138.  *                ctx == NULL,
    139. 

  139.  *                out == NULL,
    140. 

  140.  *                outlen >= 2^16
    141. 

  141.  *  @note Assumes tc_ctr_prng_init has been called for ctx
    142. 

  142.  *  @param ctx IN/OUT -- the PRNG context
    143. 

  143.  *  @param additional_input IN -- additional input to the prng (may be null)
    144. 

  144.  *  @param additionallen IN -- additional input length in bytes
    145. 

  145.  *  @param out IN/OUT -- buffer to receive output
    146. 

  146.  *  @param outlen IN -- size of out buffer in bytes
    147. 

  147.  */
    148. 

  148. int tc_ctr_prng_generate(TCCtrPrng_t * const ctx,
    149. 

  149. 			 uint8_t const * const additional_input,
    150. 

  150. 			 unsigned int additionallen,
    151. 

  151. 			 uint8_t * const out,
    152. 

  152. 			 unsigned int outlen);
    153. 

  153. 

  154. /**
    155. 

  155.  *  @brief CTR-PRNG uninstantiate procedure
    156. 

  156.  *  Zeroes the internal state of the supplied prng context
    157. 

  157.  *  @return none
    158. 

  158.  *  @param ctx IN/OUT -- the PRNG context
    159. 

  159.  */
    160. 

  160. void tc_ctr_prng_uninstantiate(TCCtrPrng_t * const ctx);
    161. 

  161. 

  162. #ifdef __cplusplus
    163. 

  163. }
    164. 

  164. #endif
    165. 

  165. 

  166. #endif /* __TC_CTR_PRNG_H__ */
    167.