1/*
2 * Copyright (c) 2007-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*!
25 @header corecrypto/ccdrbg.h
26 @abstract The functions provided in ccdrbg.h implement high-level accessors
27 to cryptographically secure random numbers.
28
29 */
30
31#ifndef _CORECRYPTO_CCDRBG_H_
32#define _CORECRYPTO_CCDRBG_H_
33
34#include <corecrypto/cc.h>
35#include <corecrypto/ccdrbg_impl.h>
36
37/* TODO: Error codes ? */
38#define CCDRBG_STATUS_OK 0
39#define CCDRBG_STATUS_ERROR (-1)
40#define CCDRBG_STATUS_NEED_RESEED (-2)
41#define CCDRBG_STATUS_PARAM_ERROR (-3)
42
43CC_INLINE size_t ccdrbg_context_size(const struct ccdrbg_info *drbg)
44{
45    return drbg->size;
46}
47
48CC_INLINE int ccdrbg_init(const struct ccdrbg_info *info,
49			struct ccdrbg_state *drbg,
50            unsigned long entropyLength, const void* entropy,
51            unsigned long nonceLength, const void* nonce,
52            unsigned long psLength, const void* ps)
53{
54	return info->init(info, drbg, entropyLength, entropy, nonceLength, nonce, psLength, ps);
55}
56
57CC_INLINE int ccdrbg_reseed(const struct ccdrbg_info *info,
58		struct ccdrbg_state *prng,
59		unsigned long entropylen, const void *entropy,
60		unsigned long inlen, const void *in)
61{
62	return info->reseed(prng, entropylen, entropy, inlen, in);
63}
64
65
66CC_INLINE int ccdrbg_generate(const struct ccdrbg_info *info,
67		struct ccdrbg_state *prng,
68		unsigned long outlen, void *out,
69		unsigned long inlen, const void *in)
70{
71	return info->generate(prng, outlen, out, inlen, in);
72}
73
74CC_INLINE void ccdrbg_done(const struct ccdrbg_info *info,
75		struct ccdrbg_state *prng)
76{
77	info->done(prng);
78}
79
80
81extern struct ccdrbg_info ccdrbg_dummy_info;
82extern struct ccdrbg_info ccdrbg_fipssha1_info;
83
84struct ccdrbg_nistctr_custom {
85    const struct ccmode_ecb *ecb;
86    unsigned long keylen;
87    int strictFIPS;
88    int use_df;
89};
90
91void ccdrbg_factory_nistctr(struct ccdrbg_info *info, const struct ccdrbg_nistctr_custom *custom);
92
93extern struct ccdrbg_info ccdrbg_nistdigest_info;
94
95struct ccdrbg_nisthmac_custom {
96    const struct ccdigest_info *di;
97    int strictFIPS;
98};
99
100// "class" method on nisthmac dbrg's to ask about their security_strength for a given di
101int ccdbrg_nisthmac_security_strength(const struct ccdrbg_nisthmac_custom *custom);
102
103void ccdrbg_factory_nisthmac(struct ccdrbg_info *info, const struct ccdrbg_nisthmac_custom *custom);
104
105#endif /* _CORECRYPTO_CCDRBG_H_ */
106