xref: /freebsd/crypto/openssl/include/crypto/rand.h (revision 1323ec57) 
1 /*
2  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * Licensed under the OpenSSL licenses, (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  * https://www.openssl.org/source/license.html
15  * or in the file LICENSE in the source distribution.
16  */
17 
18 #ifndef OSSL_CRYPTO_RAND_H
19 # define OSSL_CRYPTO_RAND_H
20 
21 # include <openssl/rand.h>
22 
23 # if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
24 #  include <Availability.h>
25 #  if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \
26      (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
27 #   define OPENSSL_APPLE_CRYPTO_RANDOM 1
28 #   include <CommonCrypto/CommonCryptoError.h>
29 #   include <CommonCrypto/CommonRandom.h>
30 #  endif
31 # endif
32 
33 /* forward declaration */
34 typedef struct rand_pool_st RAND_POOL;
35 
36 void rand_cleanup_int(void);
37 void rand_drbg_cleanup_int(void);
38 void drbg_delete_thread_state(void);
39 
40 /* Hardware-based seeding functions. */
41 size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
42 size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
43 
44 /* DRBG entropy callbacks. */
45 size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
46                              unsigned char **pout,
47                              int entropy, size_t min_len, size_t max_len,
48                              int prediction_resistance);
49 void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
50                                unsigned char *out, size_t outlen);
51 size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
52                            unsigned char **pout,
53                            int entropy, size_t min_len, size_t max_len);
54 void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
55                              unsigned char *out, size_t outlen);
56 
57 size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
58 
59 void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
60 
61 /*
62  * RAND_POOL functions
63  */
64 RAND_POOL *rand_pool_new(int entropy_requested, int secure,
65                          size_t min_len, size_t max_len);
66 RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
67                             size_t entropy);
68 void rand_pool_free(RAND_POOL *pool);
69 
70 const unsigned char *rand_pool_buffer(RAND_POOL *pool);
71 unsigned char *rand_pool_detach(RAND_POOL *pool);
72 void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
73 
74 size_t rand_pool_entropy(RAND_POOL *pool);
75 size_t rand_pool_length(RAND_POOL *pool);
76 
77 size_t rand_pool_entropy_available(RAND_POOL *pool);
78 size_t rand_pool_entropy_needed(RAND_POOL *pool);
79 /* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
80 size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
81 size_t rand_pool_bytes_remaining(RAND_POOL *pool);
82 
83 int rand_pool_add(RAND_POOL *pool,
84                   const unsigned char *buffer, size_t len, size_t entropy);
85 unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
86 int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
87 
88 
89 /*
90  * Add random bytes to the pool to acquire requested amount of entropy
91  *
92  * This function is platform specific and tries to acquire the requested
93  * amount of entropy by polling platform specific entropy sources.
94  *
95  * If the function succeeds in acquiring at least |entropy_requested| bits
96  * of entropy, the total entropy count is returned. If it fails, it returns
97  * an entropy count of 0.
98  */
99 size_t rand_pool_acquire_entropy(RAND_POOL *pool);
100 
101 /*
102  * Add some application specific nonce data
103  *
104  * This function is platform specific and adds some application specific
105  * data to the nonce used for instantiating the drbg.
106  *
107  * This data currently consists of the process and thread id, and a high
108  * resolution timestamp. The data does not include an atomic counter,
109  * because that is added by the calling function rand_drbg_get_nonce().
110  *
111  * Returns 1 on success and 0 on failure.
112  */
113 int rand_pool_add_nonce_data(RAND_POOL *pool);
114 
115 
116 /*
117  * Add some platform specific additional data
118  *
119  * This function is platform specific and adds some random noise to the
120  * additional data used for generating random bytes and for reseeding
121  * the drbg.
122  *
123  * Returns 1 on success and 0 on failure.
124  */
125 int rand_pool_add_additional_data(RAND_POOL *pool);
126 
127 /*
128  * Initialise the random pool reseeding sources.
129  *
130  * Returns 1 on success and 0 on failure.
131  */
132 int rand_pool_init(void);
133 
134 /*
135  * Finalise the random pool reseeding sources.
136  */
137 void rand_pool_cleanup(void);
138 
139 /*
140  * Control the random pool use of open file descriptors.
141  */
142 void rand_pool_keep_random_devices_open(int keep);
143 
144 #endif
145