1 | /* |
2 | * ccrng.h |
3 | * corecrypto |
4 | * |
5 | * Created on 12/13/2010 |
6 | * |
7 | * Copyright (c) 2010,2011,2013,2014,2015 Apple Inc. All rights reserved. |
8 | * |
9 | */ |
10 | |
11 | #ifndef _CORECRYPTO_CCRNG_H_ |
12 | #define _CORECRYPTO_CCRNG_H_ |
13 | |
14 | #include <corecrypto/cc.h> |
15 | |
16 | #define CCRNG_STATE_COMMON \ |
17 | int (*generate)(struct ccrng_state *rng, size_t outlen, void *out); |
18 | |
19 | /* default state structure. Do not instantiate, ccrng() returns a reference to this structure */ |
20 | struct ccrng_state { |
21 | CCRNG_STATE_COMMON |
22 | }; |
23 | |
24 | /*! |
25 | @function ccrng |
26 | @abstract initializes a AES-CTR mode cryptographic random number generator and returns the statically alocated rng object. |
27 | Getting a pointer to a ccrng has never been simpler! |
28 | Call this function, get an rng object and then pass the object to ccrng_generate() to generate randoms. |
29 | ccrng() may be called more than once. It returns pointer to the same object on all calls. |
30 | |
31 | @result a cryptographically secure random number generator or NULL if fails |
32 | |
33 | @discussion |
34 | - It is significantly faster than using the system /dev/random |
35 | - FIPS Compliant: NIST SP800-80A + FIPS 140-2 |
36 | - Seeded from the system entropy. |
37 | - Provides at least 128bit security if the system provide 2bit of entropy / byte. |
38 | - Entropy accumulation |
39 | - Backtracing resistance |
40 | - Prediction break with frequent (asynchronous) reseed |
41 | */ |
42 | |
43 | struct ccrng_state *ccrng(int *error); |
44 | |
45 | //call this macro with the rng argument set to output of the call to the ccrng() function |
46 | #define ccrng_generate(rng, outlen, out) ((rng)->generate((struct ccrng_state *)(rng), (outlen), (out))) |
47 | |
48 | #endif /* _CORECRYPTO_CCRNG_H_ */ |
49 | |