1*699cd480SApple OSS Distributions /* Copyright (c) (2021) Apple Inc. All rights reserved. 2*699cd480SApple OSS Distributions * 3*699cd480SApple OSS Distributions * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which 4*699cd480SApple OSS Distributions * is contained in the License.txt file distributed with corecrypto) and only to 5*699cd480SApple OSS Distributions * people who accept that license. IMPORTANT: Any license rights granted to you by 6*699cd480SApple OSS Distributions * Apple Inc. (if any) are limited to internal use within your organization only on 7*699cd480SApple OSS Distributions * devices and computers you own or control, for the sole purpose of verifying the 8*699cd480SApple OSS Distributions * security characteristics and correct functioning of the Apple Software. You may 9*699cd480SApple OSS Distributions * not, directly or indirectly, redistribute the Apple Software or any portions thereof. 10*699cd480SApple OSS Distributions */ 11*699cd480SApple OSS Distributions 12*699cd480SApple OSS Distributions #ifndef _CORECRYPTO_CCENTROPY_H_ 13*699cd480SApple OSS Distributions #define _CORECRYPTO_CCENTROPY_H_ 14*699cd480SApple OSS Distributions 15*699cd480SApple OSS Distributions #include <corecrypto/cc.h> 16*699cd480SApple OSS Distributions #include <corecrypto/ccdigest.h> 17*699cd480SApple OSS Distributions 18*699cd480SApple OSS Distributions // An interface to provide high-entropy seeds to RNGs. 19*699cd480SApple OSS Distributions 20*699cd480SApple OSS Distributions typedef struct ccentropy_ctx ccentropy_ctx_t; 21*699cd480SApple OSS Distributions 22*699cd480SApple OSS Distributions typedef int (*ccentropy_get_seed_fn_t)(ccentropy_ctx_t *ctx, 23*699cd480SApple OSS Distributions size_t seed_nbytes, 24*699cd480SApple OSS Distributions void *seed); 25*699cd480SApple OSS Distributions 26*699cd480SApple OSS Distributions typedef int (*ccentropy_add_entropy_fn_t)(ccentropy_ctx_t *ctx, 27*699cd480SApple OSS Distributions uint32_t entropy_nsamples, 28*699cd480SApple OSS Distributions size_t entropy_nbytes, 29*699cd480SApple OSS Distributions const void *entropy); 30*699cd480SApple OSS Distributions 31*699cd480SApple OSS Distributions // A descriptor for an entropy implementation. 32*699cd480SApple OSS Distributions typedef struct ccentropy_info { 33*699cd480SApple OSS Distributions // This is a required function. Implementations should populate 34*699cd480SApple OSS Distributions // the seed with a full-entropy output. If they are temporarily 35*699cd480SApple OSS Distributions // unable due to insufficient entropy, they should return 36*699cd480SApple OSS Distributions // CCERR_OUT_OF_ENTROPY. If they are permanently unable they 37*699cd480SApple OSS Distributions // should return some other error (or abort). 38*699cd480SApple OSS Distributions ccentropy_get_seed_fn_t get_seed; 39*699cd480SApple OSS Distributions 40*699cd480SApple OSS Distributions // This is an optional function. The caller will provide a set of 41*699cd480SApple OSS Distributions // (potentially low-quality) entropy samples, and the 42*699cd480SApple OSS Distributions // implementation should mix these into its internal 43*699cd480SApple OSS Distributions // state. Implementations are free to omit this function if it 44*699cd480SApple OSS Distributions // does not make sense (e.g. see ccentropy_rng below). 45*699cd480SApple OSS Distributions ccentropy_add_entropy_fn_t add_entropy; 46*699cd480SApple OSS Distributions } ccentropy_info_t; 47*699cd480SApple OSS Distributions 48*699cd480SApple OSS Distributions // Common state for entropy implementations. 49*699cd480SApple OSS Distributions struct ccentropy_ctx { 50*699cd480SApple OSS Distributions // A pointer to the descriptor. 51*699cd480SApple OSS Distributions const ccentropy_info_t *info; 52*699cd480SApple OSS Distributions }; 53*699cd480SApple OSS Distributions 54*699cd480SApple OSS Distributions /*! 55*699cd480SApple OSS Distributions @function ccentropy_get_seed 56*699cd480SApple OSS Distributions @abstract Get a high-entropy seed. 57*699cd480SApple OSS Distributions 58*699cd480SApple OSS Distributions @param ctx The entropy context. 59*699cd480SApple OSS Distributions @param seed_nbytes The size of the seed requested. 60*699cd480SApple OSS Distributions @param seed A buffer to receive the seed. 61*699cd480SApple OSS Distributions 62*699cd480SApple OSS Distributions @return CCERR_OK on success; CCERR_OUT_OF_ENTROPY if entropy is 63*699cd480SApple OSS Distributions temporarily unavailable; some implementation-defined error (or 64*699cd480SApple OSS Distributions abort) otherwise. 65*699cd480SApple OSS Distributions */ 66*699cd480SApple OSS Distributions int ccentropy_get_seed(ccentropy_ctx_t *ctx, 67*699cd480SApple OSS Distributions size_t seed_nbytes, 68*699cd480SApple OSS Distributions void *seed); 69*699cd480SApple OSS Distributions 70*699cd480SApple OSS Distributions /*! 71*699cd480SApple OSS Distributions @function ccentropy_add_entropy 72*699cd480SApple OSS Distributions @abstract Add fresh entropy samples to the context. 73*699cd480SApple OSS Distributions 74*699cd480SApple OSS Distributions @param ctx The entropy context. 75*699cd480SApple OSS Distributions @param entropy_nsamples The count of samples included in this batch. 76*699cd480SApple OSS Distributions @param entropy_nbytes The size of the entropy payload in bytes. 77*699cd480SApple OSS Distributions @param entropy A buffer containing the fresh entropy samples. 78*699cd480SApple OSS Distributions 79*699cd480SApple OSS Distributions @return CCERR_OK on success; CCERR_NOT_SUPPORTED if this operation 80*699cd480SApple OSS Distributions is not supported for the implementation; some implementation-defined 81*699cd480SApple OSS Distributions error (or abort) otherwise. 82*699cd480SApple OSS Distributions 83*699cd480SApple OSS Distributions @discussion This operation is optional and will not be supported by 84*699cd480SApple OSS Distributions all implementations. 85*699cd480SApple OSS Distributions */ 86*699cd480SApple OSS Distributions int ccentropy_add_entropy(ccentropy_ctx_t *ctx, 87*699cd480SApple OSS Distributions uint32_t entropy_nsamples, 88*699cd480SApple OSS Distributions size_t entropy_nbytes, 89*699cd480SApple OSS Distributions const void *entropy); 90*699cd480SApple OSS Distributions 91*699cd480SApple OSS Distributions // A simple wrapper around a ccrng instance. This implementation does 92*699cd480SApple OSS Distributions // not support the add_entropy interface. 93*699cd480SApple OSS Distributions typedef struct ccentropy_rng_ctx { 94*699cd480SApple OSS Distributions ccentropy_ctx_t entropy_ctx; 95*699cd480SApple OSS Distributions struct ccrng_state *rng_ctx; 96*699cd480SApple OSS Distributions size_t seed_max_nbytes; 97*699cd480SApple OSS Distributions } ccentropy_rng_ctx_t; 98*699cd480SApple OSS Distributions 99*699cd480SApple OSS Distributions /*! 100*699cd480SApple OSS Distributions @function ccentropy_rng_init 101*699cd480SApple OSS Distributions @abstract Wrap a ccrng instance in the ccentropy interface. 102*699cd480SApple OSS Distributions 103*699cd480SApple OSS Distributions @param ctx The entropy context. 104*699cd480SApple OSS Distributions @param rng_ctx The RNG to wrap. 105*699cd480SApple OSS Distributions @param seed_max_nbytes The maximum seed size that this RNG can provide. 106*699cd480SApple OSS Distributions 107*699cd480SApple OSS Distributions @return CCERR_OK on success. 108*699cd480SApple OSS Distributions 109*699cd480SApple OSS Distributions @discussion seed_max_nbytes should correspond to the security level 110*699cd480SApple OSS Distributions of the underlying RNG. 111*699cd480SApple OSS Distributions */ 112*699cd480SApple OSS Distributions int ccentropy_rng_init(ccentropy_rng_ctx_t *ctx, 113*699cd480SApple OSS Distributions struct ccrng_state *rng_ctx, 114*699cd480SApple OSS Distributions size_t seed_max_nbytes); 115*699cd480SApple OSS Distributions 116*699cd480SApple OSS Distributions // An entropy conditioner based on digest functions. We assume a fixed 117*699cd480SApple OSS Distributions // per-sample entropy estimate measured in millibits 118*699cd480SApple OSS Distributions // (i.e. mbits). This estimate should be determined via offline 119*699cd480SApple OSS Distributions // analysis. 120*699cd480SApple OSS Distributions typedef struct ccentropy_digest_ctx { 121*699cd480SApple OSS Distributions ccentropy_ctx_t entropy_ctx; 122*699cd480SApple OSS Distributions const struct ccdigest_info *digest_info; 123*699cd480SApple OSS Distributions ccdigest_ctx_decl(MAX_DIGEST_STATE_SIZE, 124*699cd480SApple OSS Distributions MAX_DIGEST_BLOCK_SIZE, 125*699cd480SApple OSS Distributions digest_ctx); 126*699cd480SApple OSS Distributions uint32_t entropy_mbits_per_sample; 127*699cd480SApple OSS Distributions uint32_t entropy_mbits; 128*699cd480SApple OSS Distributions } ccentropy_digest_ctx_t; 129*699cd480SApple OSS Distributions 130*699cd480SApple OSS Distributions #define CCENTROPY_MBITS_PER_BYTE ((uint32_t)(8000)) 131*699cd480SApple OSS Distributions 132*699cd480SApple OSS Distributions /*! 133*699cd480SApple OSS Distributions @function ccentropy_digest_init 134*699cd480SApple OSS Distributions @abstract Initialize a digest-based entropy conditioner. 135*699cd480SApple OSS Distributions 136*699cd480SApple OSS Distributions @param ctx The entropy context. 137*699cd480SApple OSS Distributions @param digest_info A descriptor for the digest. 138*699cd480SApple OSS Distributions @param entropy_mbits_per_sample An estimate of per-sample entropy measured in millibits. 139*699cd480SApple OSS Distributions 140*699cd480SApple OSS Distributions @return CCERR_OK on success. 141*699cd480SApple OSS Distributions 142*699cd480SApple OSS Distributions @discussion The estimated entropy per sample should be determined 143*699cd480SApple OSS Distributions via offline analysis. 144*699cd480SApple OSS Distributions */ 145*699cd480SApple OSS Distributions int ccentropy_digest_init(struct ccentropy_digest_ctx *ctx, 146*699cd480SApple OSS Distributions const struct ccdigest_info *digest_info, 147*699cd480SApple OSS Distributions uint32_t entropy_mbits_per_sample); 148*699cd480SApple OSS Distributions 149*699cd480SApple OSS Distributions #endif /* _CORECRYPTO_CCENTROPY_H_ */ 150