ReactOS 0.4.16-dev-329-g9223134
hmac_drbg.c
Go to the documentation of this file.
1/*
2 * HMAC_DRBG implementation (NIST SP 800-90)
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46
47/*
48 * The NIST SP 800-90A DRBGs are described in the following publication.
49 * http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
50 * References below are based on rev. 1 (January 2012).
51 */
52
53#if !defined(MBEDTLS_CONFIG_FILE)
54#include "mbedtls/config.h"
55#else
56#include MBEDTLS_CONFIG_FILE
57#endif
58
59#if defined(MBEDTLS_HMAC_DRBG_C)
60
61#include "mbedtls/hmac_drbg.h"
63
64#include <string.h>
65
66#if defined(MBEDTLS_FS_IO)
67#include <stdio.h>
68#endif
69
70#if defined(MBEDTLS_SELF_TEST)
71#if defined(MBEDTLS_PLATFORM_C)
72#include "mbedtls/platform.h"
73#else
74#include <stdio.h>
75#define mbedtls_printf printf
76#endif /* MBEDTLS_SELF_TEST */
77#endif /* MBEDTLS_PLATFORM_C */
78
79/*
80 * HMAC_DRBG context initialization
81 */
83{
84 memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
85
86 ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
87}
88
89/*
90 * HMAC_DRBG update, using optional additional data (10.1.2.2)
91 */
93 const unsigned char *additional,
94 size_t add_len )
95{
96 size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
97 unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
98 unsigned char sep[1];
99 unsigned char K[MBEDTLS_MD_MAX_SIZE];
100 int ret;
101
102 for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
103 {
104 /* Step 1 or 4 */
105 if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
106 goto exit;
107 if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
108 ctx->V, md_len ) ) != 0 )
109 goto exit;
110 if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
111 sep, 1 ) ) != 0 )
112 goto exit;
113 if( rounds == 2 )
114 {
115 if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
116 additional, add_len ) ) != 0 )
117 goto exit;
118 }
119 if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 )
120 goto exit;
121
122 /* Step 2 or 5 */
123 if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 )
124 goto exit;
125 if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
126 ctx->V, md_len ) ) != 0 )
127 goto exit;
128 if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
129 goto exit;
130 }
131
132exit:
133 mbedtls_platform_zeroize( K, sizeof( K ) );
134 return( ret );
135}
136
137#if !defined(MBEDTLS_DEPRECATED_REMOVED)
139 const unsigned char *additional,
140 size_t add_len )
141{
142 (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len );
143}
144#endif /* MBEDTLS_DEPRECATED_REMOVED */
145
146/*
147 * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
148 */
150 const mbedtls_md_info_t * md_info,
151 const unsigned char *data, size_t data_len )
152{
153 int ret;
154
155 if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
156 return( ret );
157
158#if defined(MBEDTLS_THREADING_C)
159 mbedtls_mutex_init( &ctx->mutex );
160#endif
161
162 /*
163 * Set initial working state.
164 * Use the V memory location, which is currently all 0, to initialize the
165 * MD context with an all-zero key. Then set V to its initial value.
166 */
167 if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V,
168 mbedtls_md_get_size( md_info ) ) ) != 0 )
169 return( ret );
170 memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
171
172 if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
173 return( ret );
174
175 return( 0 );
176}
177
178/*
179 * Internal function used both for seeding and reseeding the DRBG.
180 * Comments starting with arabic numbers refer to section 10.1.2.4
181 * of SP800-90A, while roman numbers refer to section 9.2.
182 */
183static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
184 const unsigned char *additional, size_t len,
185 int use_nonce )
186{
187 unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
188 size_t seedlen = 0;
189 int ret;
190
191 {
192 size_t total_entropy_len;
193
194 if( use_nonce == 0 )
195 total_entropy_len = ctx->entropy_len;
196 else
197 total_entropy_len = ctx->entropy_len * 3 / 2;
198
199 /* III. Check input length */
201 total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
202 {
204 }
205 }
206
208
209 /* IV. Gather entropy_len bytes of entropy for the seed */
210 if( ( ret = ctx->f_entropy( ctx->p_entropy,
211 seed, ctx->entropy_len ) ) != 0 )
212 {
214 }
215 seedlen += ctx->entropy_len;
216
217 /* For initial seeding, allow adding of nonce generated
218 * from the entropy source. See Sect 8.6.7 in SP800-90A. */
219 if( use_nonce )
220 {
221 /* Note: We don't merge the two calls to f_entropy() in order
222 * to avoid requesting too much entropy from f_entropy()
223 * at once. Specifically, if the underlying digest is not
224 * SHA-1, 3 / 2 * entropy_len is at least 36 Bytes, which
225 * is larger than the maximum of 32 Bytes that our own
226 * entropy source implementation can emit in a single
227 * call in configurations disabling SHA-512. */
228 if( ( ret = ctx->f_entropy( ctx->p_entropy,
229 seed + seedlen,
230 ctx->entropy_len / 2 ) ) != 0 )
231 {
233 }
234
235 seedlen += ctx->entropy_len / 2;
236 }
237
238
239 /* 1. Concatenate entropy and additional data if any */
240 if( additional != NULL && len != 0 )
241 {
242 memcpy( seed + seedlen, additional, len );
243 seedlen += len;
244 }
245
246 /* 2. Update state */
247 if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
248 goto exit;
249
250 /* 3. Reset reseed_counter */
251 ctx->reseed_counter = 1;
252
253exit:
254 /* 4. Done */
255 mbedtls_platform_zeroize( seed, seedlen );
256 return( ret );
257}
258
259/*
260 * HMAC_DRBG reseeding: 10.1.2.4 + 9.2
261 */
263 const unsigned char *additional, size_t len )
264{
265 return( hmac_drbg_reseed_core( ctx, additional, len, 0 ) );
266}
267
268/*
269 * HMAC_DRBG initialisation (10.1.2.3 + 9.1)
270 *
271 * The nonce is not passed as a separate parameter but extracted
272 * from the entropy source as suggested in 8.6.7.
273 */
275 const mbedtls_md_info_t * md_info,
276 int (*f_entropy)(void *, unsigned char *, size_t),
277 void *p_entropy,
278 const unsigned char *custom,
279 size_t len )
280{
281 int ret;
282 size_t md_size;
283
284 if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
285 return( ret );
286
287 /* The mutex is initialized iff the md context is set up. */
288#if defined(MBEDTLS_THREADING_C)
289 mbedtls_mutex_init( &ctx->mutex );
290#endif
291
292 md_size = mbedtls_md_get_size( md_info );
293
294 /*
295 * Set initial working state.
296 * Use the V memory location, which is currently all 0, to initialize the
297 * MD context with an all-zero key. Then set V to its initial value.
298 */
299 if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 )
300 return( ret );
301 memset( ctx->V, 0x01, md_size );
302
303 ctx->f_entropy = f_entropy;
304 ctx->p_entropy = p_entropy;
305
306 if( ctx->entropy_len == 0 )
307 {
308 /*
309 * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
310 * each hash function, then according to SP800-90A rev1 10.1 table 2,
311 * min_entropy_len (in bits) is security_strength.
312 *
313 * (This also matches the sizes used in the NIST test vectors.)
314 */
315 ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
316 md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
317 32; /* better (256+) -> 256 bits */
318 }
319
320 if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
321 1 /* add nonce */ ) ) != 0 )
322 {
323 return( ret );
324 }
325
326 return( 0 );
327}
328
329/*
330 * Set prediction resistance
331 */
333 int resistance )
334{
335 ctx->prediction_resistance = resistance;
336}
337
338/*
339 * Set entropy length grabbed for seeding
340 */
342{
343 ctx->entropy_len = len;
344}
345
346/*
347 * Set reseed interval
348 */
350{
351 ctx->reseed_interval = interval;
352}
353
354/*
355 * HMAC_DRBG random function with optional additional data:
356 * 10.1.2.5 (arabic) + 9.3 (Roman)
357 */
358int mbedtls_hmac_drbg_random_with_add( void *p_rng,
359 unsigned char *output, size_t out_len,
360 const unsigned char *additional, size_t add_len )
361{
362 int ret;
364 size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
365 size_t left = out_len;
366 unsigned char *out = output;
367
368 /* II. Check request length */
369 if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST )
371
372 /* III. Check input length */
373 if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT )
375
376 /* 1. (aka VII and IX) Check reseed counter and PR */
377 if( ctx->f_entropy != NULL && /* For no-reseeding instances */
378 ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
379 ctx->reseed_counter > ctx->reseed_interval ) )
380 {
381 if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
382 return( ret );
383
384 add_len = 0; /* VII.4 */
385 }
386
387 /* 2. Use additional data if any */
388 if( additional != NULL && add_len != 0 )
389 {
391 additional, add_len ) ) != 0 )
392 goto exit;
393 }
394
395 /* 3, 4, 5. Generate bytes */
396 while( left != 0 )
397 {
398 size_t use_len = left > md_len ? md_len : left;
399
400 if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
401 goto exit;
402 if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
403 ctx->V, md_len ) ) != 0 )
404 goto exit;
405 if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
406 goto exit;
407
408 memcpy( out, ctx->V, use_len );
409 out += use_len;
410 left -= use_len;
411 }
412
413 /* 6. Update */
415 additional, add_len ) ) != 0 )
416 goto exit;
417
418 /* 7. Update reseed counter */
419 ctx->reseed_counter++;
420
421exit:
422 /* 8. Done */
423 return( ret );
424}
425
426/*
427 * HMAC_DRBG random function
428 */
429int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
430{
431 int ret;
433
434#if defined(MBEDTLS_THREADING_C)
435 if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
436 return( ret );
437#endif
438
439 ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 );
440
441#if defined(MBEDTLS_THREADING_C)
442 if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
444#endif
445
446 return( ret );
447}
448
449/*
450 * This function resets HMAC_DRBG context to the state immediately
451 * after initial call of mbedtls_hmac_drbg_init().
452 */
454{
455 if( ctx == NULL )
456 return;
457
458#if defined(MBEDTLS_THREADING_C)
459 /* The mutex is initialized iff the md context is set up. */
460 if( ctx->md_ctx.md_info != NULL )
461 mbedtls_mutex_free( &ctx->mutex );
462#endif
463 mbedtls_md_free( &ctx->md_ctx );
465 ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
466}
467
468#if defined(MBEDTLS_FS_IO)
469int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
470{
471 int ret;
472 FILE *f;
473 unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
474
475 if( ( f = fopen( path, "wb" ) ) == NULL )
477
478 if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
479 goto exit;
480
481 if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
482 {
484 goto exit;
485 }
486
487 ret = 0;
488
489exit:
490 fclose( f );
491 mbedtls_platform_zeroize( buf, sizeof( buf ) );
492
493 return( ret );
494}
495
496int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
497{
498 int ret = 0;
499 FILE *f = NULL;
500 size_t n;
501 unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
502 unsigned char c;
503
504 if( ( f = fopen( path, "rb" ) ) == NULL )
506
507 n = fread( buf, 1, sizeof( buf ), f );
508 if( fread( &c, 1, 1, f ) != 0 )
509 {
511 goto exit;
512 }
513 if( n == 0 || ferror( f ) )
514 {
516 goto exit;
517 }
518 fclose( f );
519 f = NULL;
520
522
523exit:
524 mbedtls_platform_zeroize( buf, sizeof( buf ) );
525 if( f != NULL )
526 fclose( f );
527 if( ret != 0 )
528 return( ret );
529 return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
530}
531#endif /* MBEDTLS_FS_IO */
532
533
534#if defined(MBEDTLS_SELF_TEST)
535
536#if !defined(MBEDTLS_SHA1_C)
537/* Dummy checkup routine */
538int mbedtls_hmac_drbg_self_test( int verbose )
539{
540 (void) verbose;
541 return( 0 );
542}
543#else
544
545#define OUTPUT_LEN 80
546
547/* From a NIST PR=true test vector */
548static const unsigned char entropy_pr[] = {
549 0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
550 0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
551 0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
552 0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
553 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
554static const unsigned char result_pr[OUTPUT_LEN] = {
555 0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
556 0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
557 0x10, 0x10, 0x98, 0x12, 0x93, 0x25, 0xca, 0xb8, 0xfc, 0xcc, 0x2d, 0x54,
558 0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
559 0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
560 0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
561 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
562
563/* From a NIST PR=false test vector */
564static const unsigned char entropy_nopr[] = {
565 0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
566 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
567 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
568 0xe9, 0x9d, 0xfe, 0xdf };
569static const unsigned char result_nopr[OUTPUT_LEN] = {
570 0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
571 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
572 0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a,
573 0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
574 0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
575 0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
576 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
577
578/* "Entropy" from buffer */
579static size_t test_offset;
580static int hmac_drbg_self_test_entropy( void *data,
581 unsigned char *buf, size_t len )
582{
583 const unsigned char *p = data;
584 memcpy( buf, p + test_offset, len );
585 test_offset += len;
586 return( 0 );
587}
588
589#define CHK( c ) if( (c) != 0 ) \
590 { \
591 if( verbose != 0 ) \
592 mbedtls_printf( "failed\n" ); \
593 return( 1 ); \
594 }
595
596/*
597 * Checkup routine for HMAC_DRBG with SHA-1
598 */
599int mbedtls_hmac_drbg_self_test( int verbose )
600{
602 unsigned char buf[OUTPUT_LEN];
604
606
607 /*
608 * PR = True
609 */
610 if( verbose != 0 )
611 mbedtls_printf( " HMAC_DRBG (PR = True) : " );
612
613 test_offset = 0;
614 CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
615 hmac_drbg_self_test_entropy, (void *) entropy_pr,
616 NULL, 0 ) );
618 CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
619 CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
620 CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
622
624
625 if( verbose != 0 )
626 mbedtls_printf( "passed\n" );
627
628 /*
629 * PR = False
630 */
631 if( verbose != 0 )
632 mbedtls_printf( " HMAC_DRBG (PR = False) : " );
633
635
636 test_offset = 0;
637 CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
638 hmac_drbg_self_test_entropy, (void *) entropy_nopr,
639 NULL, 0 ) );
640 CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
641 CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
642 CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
643 CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
645
647
648 if( verbose != 0 )
649 mbedtls_printf( "passed\n" );
650
651 if( verbose != 0 )
652 mbedtls_printf( "\n" );
653
654 return( 0 );
655}
656#endif /* MBEDTLS_SHA1_C */
657#endif /* MBEDTLS_SELF_TEST */
658
659#endif /* MBEDTLS_HMAC_DRBG_C */
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
#define NULL
Definition: types.h:112
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
GLdouble n
Definition: glext.h:7729
const GLubyte * c
Definition: glext.h:8905
GLfloat f
Definition: glext.h:7540
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
GLint left
Definition: glext.h:7726
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLsizei len
Definition: glext.h:6722
The HMAC_DRBG pseudorandom generator.
void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx, int resistance)
This function turns prediction resistance on or off. The default value is off.
int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t *md_info, int(*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len)
HMAC_DRBG initial seeding.
#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
Definition: hmac_drbg.h:72
int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t len)
This function reseeds the HMAC_DRBG context, that is extracts data from the entropy source.
void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx)
HMAC_DRBG context initialization.
#define MBEDTLS_HMAC_DRBG_MAX_INPUT
Definition: hmac_drbg.h:89
void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, int interval)
Set the reseed interval.
#define MBEDTLS_HMAC_DRBG_MAX_REQUEST
Definition: hmac_drbg.h:93
void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx)
This function resets HMAC_DRBG context to the state immediately after initial call of mbedtls_hmac_dr...
int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t *md_info, const unsigned char *data, size_t data_len)
Initilisation of simpified HMAC_DRBG (never reseeds).
void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, size_t len)
This function sets the amount of entropy grabbed on each seed or reseed.
int mbedtls_hmac_drbg_random_with_add(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len)
This function updates an HMAC_DRBG instance with additional data and uses it to generate random data.
#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
Definition: hmac_drbg.h:97
#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
Definition: hmac_drbg.h:71
int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len)
This function uses HMAC_DRBG to generate random data.
#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
Definition: hmac_drbg.h:85
#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
Definition: hmac_drbg.h:74
#define MBEDTLS_HMAC_DRBG_PR_ON
Definition: hmac_drbg.h:103
#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
Definition: hmac_drbg.h:73
MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len)
This function updates the state of the HMAC_DRBG context.
int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len)
This function updates the state of the HMAC_DRBG context.
_Check_return_ _CRTIMP int __cdecl ferror(_In_ FILE *_File)
_Check_return_opt_ _CRTIMP size_t __cdecl fread(_Out_writes_bytes_(_ElementSize *_Count) void *_DstBuf, _In_ size_t _ElementSize, _In_ size_t _Count, _Inout_ FILE *_File)
_Check_return_ _CRTIMP FILE *__cdecl fopen(_In_z_ const char *_Filename, _In_z_ const char *_Mode)
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
_Check_return_opt_ _CRTIMP size_t __cdecl fwrite(_In_reads_bytes_(_Size *_Count) const void *_Str, _In_ size_t _Size, _In_ size_t _Count, _Inout_ FILE *_File)
#define f
Definition: ke_i.h:83
#define c
Definition: ke_i.h:80
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
This function selects the message digest algorithm to use, and allocates internal structures.
@ MBEDTLS_MD_SHA1
Definition: md.h:88
int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx)
This function prepares to authenticate a new message with the same key as the previous HMAC operation...
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the HMAC operation, and writes the result to the output buffer.
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing HMAC computation.
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
This function sets the HMAC key and prepares to authenticate a new message.
#define MBEDTLS_MD_MAX_SIZE
Definition: md.h:97
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
void mbedtls_md_free(mbedtls_md_context_t *ctx)
This function clears the internal structure of ctx and frees any embedded internal structure,...
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
Definition: platform_util.c:98
Common and shared functions used by multiple modules in the Mbed TLS library.
static FILE * out
Definition: regtests2xml.c:44
#define verbose
Definition: rosglue.h:36
#define mbedtls_md_info_from_type
Configuration options (set of defines)
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
#define exit(n)
Definition: config.h:202
#define memset(x, y, z)
Definition: compat.h:39
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR
Definition: threading.h:69
#define mbedtls_printf
Definition: timing.c:57
int ret