1 | /* Copyright (c) (2021,2022) Apple Inc. All rights reserved. |
2 | * |
3 | * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which |
4 | * is contained in the License.txt file distributed with corecrypto) and only to |
5 | * people who accept that license. IMPORTANT: Any license rights granted to you by |
6 | * Apple Inc. (if any) are limited to internal use within your organization only on |
7 | * devices and computers you own or control, for the sole purpose of verifying the |
8 | * security characteristics and correct functioning of the Apple Software. You may |
9 | * not, directly or indirectly, redistribute the Apple Software or any portions thereof. |
10 | */ |
11 | |
12 | #ifndef _CORECRYPTO_CCRNG_CRYPTO_H_ |
13 | #define _CORECRYPTO_CCRNG_CRYPTO_H_ |
14 | |
15 | #include <corecrypto/ccrng.h> |
16 | #include <corecrypto/ccrng_schedule.h> |
17 | #include <corecrypto/ccentropy.h> |
18 | #include "cc_lock.h" |
19 | |
20 | // This is a framework for a cryptographically-secure RNG. It is |
21 | // configurable in many aspects, including: |
22 | // |
23 | // - DRBG implementation |
24 | // - Entropy source |
25 | // - Reseed schedule |
26 | // - Locks (optional) |
27 | // - Request chunking |
28 | // - Output caching |
29 | |
30 | #define CCRNG_CRYPTO_SEED_MAX_NBYTES ((size_t)64) |
31 | |
32 | typedef struct ccrng_crypto_ctx { |
33 | CCRNG_STATE_COMMON |
34 | |
35 | ccentropy_ctx_t *entropy_ctx; |
36 | ccrng_schedule_ctx_t *schedule_ctx; |
37 | cc_lock_ctx_t *lock_ctx; |
38 | |
39 | const struct ccdrbg_info *drbg_info; |
40 | struct ccdrbg_state *drbg_ctx; |
41 | |
42 | size_t generate_chunk_nbytes; |
43 | size_t seed_nbytes; |
44 | |
45 | size_t cache_nbytes; |
46 | uint8_t *cache; |
47 | size_t cache_pos; |
48 | } ccrng_crypto_ctx_t; |
49 | |
50 | int |
51 | ccrng_crypto_init(ccrng_crypto_ctx_t *ctx, |
52 | ccentropy_ctx_t *entropy_ctx, |
53 | ccrng_schedule_ctx_t *schedule_ctx, |
54 | cc_lock_ctx_t *lock_ctx, |
55 | const struct ccdrbg_info *drbg_info, |
56 | struct ccdrbg_state *drbg_ctx, |
57 | size_t generate_chunk_nbytes, |
58 | size_t seed_nbytes, |
59 | size_t cache_nbytes, |
60 | void *cache); |
61 | |
62 | int |
63 | ccrng_crypto_generate(ccrng_crypto_ctx_t *ctx, |
64 | size_t nbytes, |
65 | void *rand); |
66 | |
67 | int |
68 | ccrng_crypto_reseed(ccrng_crypto_ctx_t *ctx, |
69 | size_t seed_nbytes, |
70 | const void *seed, |
71 | size_t nonce_nbytes, |
72 | const void *nonce); |
73 | |
74 | #endif /* _CORECRYPTO_CCRNG_CRYPTO_H_ */ |
75 | |