33 #if defined(POLARSSL_CTR_DRBG_C)
37 #if defined(POLARSSL_FS_IO)
45 int ctr_drbg_init_entropy_len(
47 int (*f_entropy)(
void *,
unsigned char *,
size_t),
49 const unsigned char *custom,
53 int ctr_drbg_init_entropy_len(
55 int (*f_entropy)(
void *,
unsigned char *,
size_t),
57 const unsigned char *custom,
85 int (*f_entropy)(
void *,
unsigned char *,
size_t),
87 const unsigned char *custom,
90 return( ctr_drbg_init_entropy_len( ctx, f_entropy, p_entropy, custom, len,
109 static int block_cipher_df(
unsigned char *output,
110 const unsigned char *data,
size_t data_len )
116 unsigned char *p, *iv;
119 int i, j, buf_len, use_len;
131 *p++ = ( data_len >> 24 ) & 0xff;
132 *p++ = ( data_len >> 16 ) & 0xff;
133 *p++ = ( data_len >> 8 ) & 0xff;
134 *p++ = ( data_len ) & 0xff;
137 memcpy( p, data, data_len );
140 buf_len = CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
153 memset( chain, 0, CTR_DRBG_BLOCKSIZE );
166 memcpy( tmp + j, chain, CTR_DRBG_BLOCKSIZE );
184 memcpy( p, iv, CTR_DRBG_BLOCKSIZE );
192 const unsigned char data[CTR_DRBG_SEEDLEN] )
195 unsigned char *p = tmp;
198 memset( tmp, 0, CTR_DRBG_SEEDLEN );
205 for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
206 if( ++ctx->
counter[i - 1] != 0 )
224 memcpy( ctx->
counter, tmp + CTR_DRBG_KEYSIZE, CTR_DRBG_BLOCKSIZE );
230 const unsigned char *additional,
size_t add_len )
236 block_cipher_df( add_input, additional, add_len );
237 ctr_drbg_update_internal( ctx, add_input );
242 const unsigned char *additional,
size_t len )
266 if( additional && len )
268 memcpy( seed + seedlen, additional, len );
275 block_cipher_df( seed, seed, seedlen );
280 ctr_drbg_update_internal( ctx, seed );
287 unsigned char *output,
size_t output_len,
288 const unsigned char *additional,
size_t add_len )
293 unsigned char *p = output;
304 memset( add_input, 0, CTR_DRBG_SEEDLEN );
317 block_cipher_df( add_input, additional, add_len );
318 ctr_drbg_update_internal( ctx, add_input );
321 while( output_len > 0 )
326 for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
327 if( ++ctx->
counter[i - 1] != 0 )
339 memcpy( p, tmp, use_len );
341 output_len -= use_len;
344 ctr_drbg_update_internal( ctx, add_input );
351 int ctr_drbg_random(
void *p_rng,
unsigned char *output,
size_t output_len )
356 #if defined(POLARSSL_FS_IO)
363 if( ( f = fopen( path,
"wb" ) ) == NULL )
388 if( ( f = fopen( path,
"rb" ) ) == NULL )
391 fseek( f, 0, SEEK_END );
392 n = (size_t) ftell( f );
393 fseek( f, 0, SEEK_SET );
401 if( fread( buf, 1, n, f ) != n )
415 #if defined(POLARSSL_SELF_TEST)
419 unsigned char entropy_source_pr[96] =
420 { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
421 0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
422 0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
423 0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb,
424 0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9,
425 0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95,
426 0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63,
427 0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3,
428 0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31,
429 0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4,
430 0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
431 0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
433 unsigned char entropy_source_nopr[64] =
434 { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
435 0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
436 0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
437 0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20,
438 0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9,
439 0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46,
440 0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
441 0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
443 unsigned char nonce_pers_pr[16] =
444 { 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
445 0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
447 unsigned char nonce_pers_nopr[16] =
448 { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
449 0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
451 unsigned char result_pr[16] =
452 { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
453 0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
455 unsigned char result_nopr[16] =
456 { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
457 0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
459 static size_t test_offset;
460 static int ctr_drbg_self_test_entropy(
void *data,
unsigned char *buf,
463 unsigned char *p = data;
464 memcpy( buf, p + test_offset, len );
475 unsigned char buf[16];
481 printf(
" CTR_DRBG (PR = TRUE) : " );
484 if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_pr, nonce_pers_pr, 16, 32 ) != 0 )
487 printf(
"failed\n" );
496 printf(
"failed\n" );
504 printf(
"failed\n" );
509 if( memcmp( buf, result_pr, CTR_DRBG_BLOCKSIZE ) != 0 )
512 printf(
"failed\n" );
518 printf(
"passed\n" );
524 printf(
" CTR_DRBG (PR = FALSE): " );
527 if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_nopr, nonce_pers_nopr, 16, 32 ) != 0 )
530 printf(
"failed\n" );
538 printf(
"failed\n" );
546 printf(
"failed\n" );
554 printf(
"failed\n" );
559 if( memcmp( buf, result_nopr, 16 ) != 0 )
562 printf(
"failed\n" );
568 printf(
"passed\n" );