diff options
Diffstat (limited to '')
-rw-r--r-- | web/server/h2o/libh2o/deps/picotls/deps/cifra/src/drbg.h | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/drbg.h b/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/drbg.h new file mode 100644 index 000000000..18a107041 --- /dev/null +++ b/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/drbg.h @@ -0,0 +1,191 @@ +/* + * cifra - embedded cryptography library + * Written in 2016 by Joseph Birr-Pixton <jpixton@gmail.com> + * + * To the extent possible under law, the author(s) have dedicated all + * copyright and related and neighboring rights to this software to the + * public domain worldwide. This software is distributed without any + * warranty. + * + * You should have received a copy of the CC0 Public Domain Dedication + * along with this software. If not, see + * <http://creativecommons.org/publicdomain/zero/1.0/>. + */ + +#ifndef DRBG_H +#define DRBG_H + +#include <stddef.h> +#include <stdint.h> + +#include "chash.h" +#include "hmac.h" + +/** + * Hash_DRBG + * ========= + * This is Hash_DRBG from SP800-90A rev 1, with SHA256 as + * the underlying hash function. + * + * This generator enforces a `reseed_interval` of 2^32-1: + * use :c:func:`cf_hash_drbg_sha256_needs_reseed` to check + * whether you need to reseed before use, and reseed using + * :c:func:`cf_hash_drbg_sha256_reseed`. If you try to use + * the generator when it thinks it needs reseeding, it will + * call `abort`. + * + * Internally it enforces a `max_number_of_bits_per_request` + * of 2^19 bits. It sorts out chunking up multiple requests + * for you though, so feel free to ask for more than 2^16 bytes + * at a time. If you provide additional input when doing that, + * it is added only once, on the first subrequest. + * + * It does not enforce any `max_length` or + * `max_personalization_string_length`. + */ + +/* .. c:type:: cf_hash_drbg_sha256 + * Hash_DRBG with SHA256 context. + * + * .. c:member:: cf_hash_drbg_sha256.V + * Current internal state. + * + * .. c:member:: cf_hash_drbg_sha256.C + * Current update offset. + * + * .. c:member:: cf_hash_drbg_sha256.reseed_counter + * Current number of times entropy has been extracted from + * generator. + */ +typedef struct +{ + uint8_t V[440/8]; + uint8_t C[440/8]; + uint32_t reseed_counter; +} cf_hash_drbg_sha256; + +/* .. c:function:: $DECL + * Initialises the generator state `ctx`, using the provided `entropy`, + * `nonce` and personalisation string `persn`. + */ +extern void cf_hash_drbg_sha256_init(cf_hash_drbg_sha256 *ctx, + const void *entropy, size_t nentropy, + const void *nonce, size_t nnonce, + const void *persn, size_t npersn); + +/* .. c:function:: $DECL + * Returns non-zero if the generator needs reseeding. If + * this function returns non-zero, the next :c:func:`cf_hash_drbg_sha256_gen` + * or :c:func:`cf_hash_drbg_sha256_gen_additional` call will call `abort`. + */ +extern uint32_t cf_hash_drbg_sha256_needs_reseed(const cf_hash_drbg_sha256 *ctx); + +/* .. c:function:: $DECL + * Reseeds the generator with the given `entropy` and additional data `addnl`. + */ +extern void cf_hash_drbg_sha256_reseed(cf_hash_drbg_sha256 *ctx, + const void *entropy, size_t nentropy, + const void *addnl, size_t naddnl); + +/* .. c:function:: $DECL + * Generates pseudo-random output, writing `nout` bytes at `out`. + * This function aborts if the generator needs seeding. + */ +extern void cf_hash_drbg_sha256_gen(cf_hash_drbg_sha256 *ctx, + void *out, size_t nout); + +/* .. c:function:: $DECL + * Generates pseudo-random output, writing `nout` bytes at `out`. + * At the same time, `addnl` is input to the generator as further + * entropy. + * This function aborts if the generator needs seeding. + */ +extern void cf_hash_drbg_sha256_gen_additional(cf_hash_drbg_sha256 *ctx, + const void *addnl, size_t naddnl, + void *out, size_t nout); + +/** + * HMAC_DRBG + * ========= + * This is HMAC_DRBG from SP800-90a r1 with any hash function. + * + * This generator enforces a `reseed_interval` of 2^32-1: + * use :c:func:`cf_hmac_drbg_needs_reseed` to check whether + * you need to reseed before use, and reseed using + * :c:func:`cf_hmac_drbg_reseed`. If you try to use the + * generator when it thinks it needs reseeding, it will + * call `abort`. + * + * Internally it enforces a `max_number_of_bits_per_request` + * of 2^19 bits. It sorts out chunking up multiple requests + * for you though, so feel free to ask for more than 2^16 bytes + * at a time. If you provide additional input when doing that, + * it is added only once, on the first subrequest. + * + * It does not enforce any `max_length` or + * `max_personalization_string_length`. + */ + +/* .. c:type:: cf_hmac_drbg + * HMAC_DRBG context. + * + * .. c:member:: cf_hmac_drbg.V + * Current internal state. + * + * .. c:member:: cf_hmac_drbg.hmac + * Current HMAC context, with key scheduled in it. + * + * .. c:member:: cf_hmac_drbg.reseed_counter + * Current number of times entropy has been extracted from + * generator. + */ +typedef struct +{ + uint8_t V[CF_MAXHASH]; + cf_hmac_ctx hmac; /* pristine context with key scheduled */ + uint32_t reseed_counter; +} cf_hmac_drbg; + +/* .. c:function:: $DECL + * Initialises the generator state `ctx`, using the provided `entropy`, + * `nonce` and personalisation string `persn`. + */ +extern void cf_hmac_drbg_init(cf_hmac_drbg *ctx, + const cf_chash *hash, + const void *entropy, size_t nentropy, + const void *nonce, size_t nnonce, + const void *persn, size_t npersn); + +/* .. c:function:: $DECL + * Returns non-zero if the generator needs reseeding. If + * this function returns non-zero, the next :c:func:`cf_hmac_drbg_gen` + * or :c:func:`cf_hmac_drbg_gen_additional` call will call `abort`. + */ +extern uint32_t cf_hmac_drbg_needs_reseed(const cf_hmac_drbg *ctx); + +/* .. c:function:: $DECL + * Reseeds the generator with the given `entropy` and additional data + * `addnl`. + */ +extern void cf_hmac_drbg_reseed(cf_hmac_drbg *ctx, + const void *entropy, size_t nentropy, + const void *addnl, size_t naddnl); + +/* .. c:function:: $DECL + * Generates pseudo-random output, writing `nout` bytes at `out`. + * This function aborts if the generator needs seeding. + */ +extern void cf_hmac_drbg_gen(cf_hmac_drbg *ctx, + void *out, size_t nout); + +/* .. c:function:: $DECL + * Generates pseudo-random output, writing `nout` bytes at `out`. + * At the same time, `addnl` is input to the generator as further + * entropy. + * This function aborts if the generator needs seeding. + */ +extern void cf_hmac_drbg_gen_additional(cf_hmac_drbg *ctx, + const void *addnl, size_t naddnl, + void *out, size_t nout); + +#endif |