73 void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)  in mbedtls_ctr_drbg_init()  argument
75     memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context));  in mbedtls_ctr_drbg_init()
77     ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT;  in mbedtls_ctr_drbg_init()
78     ctx->psa_ctx.operation = psa_cipher_operation_init();  in mbedtls_ctr_drbg_init()
80     mbedtls_aes_init(&ctx->aes_ctx);  in mbedtls_ctr_drbg_init()
84     ctx->reseed_counter = -1;  in mbedtls_ctr_drbg_init()
86     ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;  in mbedtls_ctr_drbg_init()
93 void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)  in mbedtls_ctr_drbg_free()  argument
95     if (ctx == NULL) {  in mbedtls_ctr_drbg_free()
101     if (ctx->f_entropy != NULL) {  in mbedtls_ctr_drbg_free()
102         mbedtls_mutex_free(&ctx->mutex);  in mbedtls_ctr_drbg_free()
106     ctr_drbg_destroy_psa_contex(&ctx->psa_ctx);  in mbedtls_ctr_drbg_free()
108     mbedtls_aes_free(&ctx->aes_ctx);  in mbedtls_ctr_drbg_free()
110     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context));  in mbedtls_ctr_drbg_free()
111     ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;  in mbedtls_ctr_drbg_free()
112     ctx->reseed_counter = -1;  in mbedtls_ctr_drbg_free()
115 void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_set_prediction_resistance()  argument
118     ctx->prediction_resistance = resistance;  in mbedtls_ctr_drbg_set_prediction_resistance()
121 void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_set_entropy_len()  argument
124     ctx->entropy_len = len;  in mbedtls_ctr_drbg_set_entropy_len()
127 int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_set_nonce_len()  argument
132     if (ctx->f_entropy != NULL) {  in mbedtls_ctr_drbg_set_nonce_len()
151     ctx->reseed_counter = (int) len;  in mbedtls_ctr_drbg_set_nonce_len()
155 void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_set_reseed_interval()  argument
158     ctx->reseed_interval = interval;  in mbedtls_ctr_drbg_set_reseed_interval()
332 static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,  in ctr_drbg_update_internal()  argument
350         mbedtls_ctr_increment_counter(ctx->counter);  in ctr_drbg_update_internal()
356         status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter),  in ctr_drbg_update_internal()
363         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,  in ctr_drbg_update_internal()
364                                          ctx->counter, p)) != 0) {  in ctr_drbg_update_internal()
378     ctr_drbg_destroy_psa_contex(&ctx->psa_ctx);  in ctr_drbg_update_internal()
380     status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE);  in ctr_drbg_update_internal()
386     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,  in ctr_drbg_update_internal()
391     memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,  in ctr_drbg_update_internal()
411 int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_update()  argument
425     if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {  in mbedtls_ctr_drbg_update()
447 static int mbedtls_ctr_drbg_reseed_internal(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_reseed_internal()  argument
456     if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {  in mbedtls_ctr_drbg_reseed_internal()
459     if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) {  in mbedtls_ctr_drbg_reseed_internal()
462     if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) {  in mbedtls_ctr_drbg_reseed_internal()
469     if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {  in mbedtls_ctr_drbg_reseed_internal()
472     seedlen += ctx->entropy_len;  in mbedtls_ctr_drbg_reseed_internal()
476         if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) {  in mbedtls_ctr_drbg_reseed_internal()
494     if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) {  in mbedtls_ctr_drbg_reseed_internal()
497     ctx->reseed_counter = 1;  in mbedtls_ctr_drbg_reseed_internal()
504 int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_reseed()  argument
507     return mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0);  in mbedtls_ctr_drbg_reseed()
535 int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_seed()  argument
549     mbedtls_mutex_init(&ctx->mutex);  in mbedtls_ctr_drbg_seed()
552     ctx->f_entropy = f_entropy;  in mbedtls_ctr_drbg_seed()
553     ctx->p_entropy = p_entropy;  in mbedtls_ctr_drbg_seed()
555     if (ctx->entropy_len == 0) {  in mbedtls_ctr_drbg_seed()
556         ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;  in mbedtls_ctr_drbg_seed()
562     nonce_len = (ctx->reseed_counter >= 0 ?  in mbedtls_ctr_drbg_seed()
563                  (size_t) ctx->reseed_counter :  in mbedtls_ctr_drbg_seed()
564                  good_nonce_len(ctx->entropy_len));  in mbedtls_ctr_drbg_seed()
570     status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, key, MBEDTLS_CTR_DRBG_KEYSIZE);  in mbedtls_ctr_drbg_seed()
576     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,  in mbedtls_ctr_drbg_seed()
583     if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,  in mbedtls_ctr_drbg_seed()
614     mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;  in mbedtls_ctr_drbg_random_with_add()  local
632     if (ctx->reseed_counter > ctx->reseed_interval ||  in mbedtls_ctr_drbg_random_with_add()
633         ctx->prediction_resistance) {  in mbedtls_ctr_drbg_random_with_add()
634         if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) {  in mbedtls_ctr_drbg_random_with_add()
644         if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) {  in mbedtls_ctr_drbg_random_with_add()
653         mbedtls_ctr_increment_counter(ctx->counter);  in mbedtls_ctr_drbg_random_with_add()
662         status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter),  in mbedtls_ctr_drbg_random_with_add()
669         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,  in mbedtls_ctr_drbg_random_with_add()
670                                          ctx->counter, locals.tmp)) != 0) {  in mbedtls_ctr_drbg_random_with_add()
685     if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) {  in mbedtls_ctr_drbg_random_with_add()
689     ctx->reseed_counter++;  in mbedtls_ctr_drbg_random_with_add()
700     mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;  in mbedtls_ctr_drbg_random()  local
703     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {  in mbedtls_ctr_drbg_random()
708     ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0);  in mbedtls_ctr_drbg_random()
711     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {  in mbedtls_ctr_drbg_random()
720 int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_write_seed_file()  argument
734     if ((ret = mbedtls_ctr_drbg_random(ctx, buf,  in mbedtls_ctr_drbg_write_seed_file()
753 int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,  in mbedtls_ctr_drbg_update_seed_file()  argument
781     ret = mbedtls_ctr_drbg_update(ctx, buf, n);  in mbedtls_ctr_drbg_update_seed_file()
791     return mbedtls_ctr_drbg_write_seed_file(ctx, path);  in mbedtls_ctr_drbg_update_seed_file()
951     mbedtls_ctr_drbg_context ctx;  in mbedtls_ctr_drbg_self_test()  local
954     mbedtls_ctr_drbg_init(&ctx);  in mbedtls_ctr_drbg_self_test()
964     mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);  in mbedtls_ctr_drbg_self_test()
965     mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2);  in mbedtls_ctr_drbg_self_test()
966     CHK(mbedtls_ctr_drbg_seed(&ctx,  in mbedtls_ctr_drbg_self_test()
970     mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON);  in mbedtls_ctr_drbg_self_test()
971     CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH));  in mbedtls_ctr_drbg_self_test()
972     CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_pr)));  in mbedtls_ctr_drbg_self_test()
975     mbedtls_ctr_drbg_free(&ctx);  in mbedtls_ctr_drbg_self_test()
988     mbedtls_ctr_drbg_init(&ctx);  in mbedtls_ctr_drbg_self_test()
991     mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);  in mbedtls_ctr_drbg_self_test()
992     mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2);  in mbedtls_ctr_drbg_self_test()
993     CHK(mbedtls_ctr_drbg_seed(&ctx,  in mbedtls_ctr_drbg_self_test()
997     CHK(mbedtls_ctr_drbg_reseed(&ctx, NULL, 0));  in mbedtls_ctr_drbg_self_test()
998     CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH));  in mbedtls_ctr_drbg_self_test()
999     CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_nopr)));  in mbedtls_ctr_drbg_self_test()
1002     mbedtls_ctr_drbg_free(&ctx);  in mbedtls_ctr_drbg_self_test()