33 void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx)  in mbedtls_hmac_drbg_init()  argument
35     memset(ctx, 0, sizeof(mbedtls_hmac_drbg_context));  in mbedtls_hmac_drbg_init()
37     ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;  in mbedtls_hmac_drbg_init()
43 int mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx,  in mbedtls_hmac_drbg_update()  argument
47     size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);  in mbedtls_hmac_drbg_update()
55         if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {  in mbedtls_hmac_drbg_update()
58         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,  in mbedtls_hmac_drbg_update()
59                                           ctx->V, md_len)) != 0) {  in mbedtls_hmac_drbg_update()
62         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,  in mbedtls_hmac_drbg_update()
67             if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,  in mbedtls_hmac_drbg_update()
72         if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, K)) != 0) {  in mbedtls_hmac_drbg_update()
77         if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, K, md_len)) != 0) {  in mbedtls_hmac_drbg_update()
80         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,  in mbedtls_hmac_drbg_update()
81                                           ctx->V, md_len)) != 0) {  in mbedtls_hmac_drbg_update()
84         if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) {  in mbedtls_hmac_drbg_update()
97 int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,  in mbedtls_hmac_drbg_seed_buf()  argument
103     if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) {  in mbedtls_hmac_drbg_seed_buf()
108     mbedtls_mutex_init(&ctx->mutex);  in mbedtls_hmac_drbg_seed_buf()
116     if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V,  in mbedtls_hmac_drbg_seed_buf()
120     memset(ctx->V, 0x01, mbedtls_md_get_size(md_info));  in mbedtls_hmac_drbg_seed_buf()
122     if ((ret = mbedtls_hmac_drbg_update(ctx, data, data_len)) != 0) {  in mbedtls_hmac_drbg_seed_buf()
134 static int hmac_drbg_reseed_core(mbedtls_hmac_drbg_context *ctx,  in hmac_drbg_reseed_core()  argument
146             total_entropy_len = ctx->entropy_len;  in hmac_drbg_reseed_core()
148             total_entropy_len = ctx->entropy_len * 3 / 2;  in hmac_drbg_reseed_core()
161     if ((ret = ctx->f_entropy(ctx->p_entropy,  in hmac_drbg_reseed_core()
162                               seed, ctx->entropy_len)) != 0) {  in hmac_drbg_reseed_core()
165     seedlen += ctx->entropy_len;  in hmac_drbg_reseed_core()
177         if ((ret = ctx->f_entropy(ctx->p_entropy,  in hmac_drbg_reseed_core()
179                                   ctx->entropy_len / 2)) != 0) {  in hmac_drbg_reseed_core()
183         seedlen += ctx->entropy_len / 2;  in hmac_drbg_reseed_core()
194     if ((ret = mbedtls_hmac_drbg_update(ctx, seed, seedlen)) != 0) {  in hmac_drbg_reseed_core()
199     ctx->reseed_counter = 1;  in hmac_drbg_reseed_core()
210 int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,  in mbedtls_hmac_drbg_reseed()  argument
213     return hmac_drbg_reseed_core(ctx, additional, len, 0);  in mbedtls_hmac_drbg_reseed()
222 int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx,  in mbedtls_hmac_drbg_seed()  argument
232     if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) {  in mbedtls_hmac_drbg_seed()
238     mbedtls_mutex_init(&ctx->mutex);  in mbedtls_hmac_drbg_seed()
248     if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V, md_size)) != 0) {  in mbedtls_hmac_drbg_seed()
251     memset(ctx->V, 0x01, md_size);  in mbedtls_hmac_drbg_seed()
253     ctx->f_entropy = f_entropy;  in mbedtls_hmac_drbg_seed()
254     ctx->p_entropy = p_entropy;  in mbedtls_hmac_drbg_seed()
256     if (ctx->entropy_len == 0) {  in mbedtls_hmac_drbg_seed()
264         ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */  in mbedtls_hmac_drbg_seed()
269     if ((ret = hmac_drbg_reseed_core(ctx, custom, len,  in mbedtls_hmac_drbg_seed()
280 void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,  in mbedtls_hmac_drbg_set_prediction_resistance()  argument
283     ctx->prediction_resistance = resistance;  in mbedtls_hmac_drbg_set_prediction_resistance()
289 void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, size_t len)  in mbedtls_hmac_drbg_set_entropy_len()  argument
291     ctx->entropy_len = len;  in mbedtls_hmac_drbg_set_entropy_len()
297 void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, int interval)  in mbedtls_hmac_drbg_set_reseed_interval()  argument
299     ctx->reseed_interval = interval;  in mbedtls_hmac_drbg_set_reseed_interval()
311     mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;  in mbedtls_hmac_drbg_random_with_add()  local
312     size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info);  in mbedtls_hmac_drbg_random_with_add()
327     if (ctx->f_entropy != NULL && /* For no-reseeding instances */  in mbedtls_hmac_drbg_random_with_add()
328         (ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||  in mbedtls_hmac_drbg_random_with_add()
329          ctx->reseed_counter > ctx->reseed_interval)) {  in mbedtls_hmac_drbg_random_with_add()
330         if ((ret = mbedtls_hmac_drbg_reseed(ctx, additional, add_len)) != 0) {  in mbedtls_hmac_drbg_random_with_add()
339         if ((ret = mbedtls_hmac_drbg_update(ctx,  in mbedtls_hmac_drbg_random_with_add()
349         if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) {  in mbedtls_hmac_drbg_random_with_add()
352         if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx,  in mbedtls_hmac_drbg_random_with_add()
353                                           ctx->V, md_len)) != 0) {  in mbedtls_hmac_drbg_random_with_add()
356         if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) {  in mbedtls_hmac_drbg_random_with_add()
360         memcpy(out, ctx->V, use_len);  in mbedtls_hmac_drbg_random_with_add()
366     if ((ret = mbedtls_hmac_drbg_update(ctx,  in mbedtls_hmac_drbg_random_with_add()
372     ctx->reseed_counter++;  in mbedtls_hmac_drbg_random_with_add()
385     mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;  in mbedtls_hmac_drbg_random()  local
388     if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {  in mbedtls_hmac_drbg_random()
393     ret = mbedtls_hmac_drbg_random_with_add(ctx, output, out_len, NULL, 0);  in mbedtls_hmac_drbg_random()
396     if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {  in mbedtls_hmac_drbg_random()
408 void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx)  in mbedtls_hmac_drbg_free()  argument
410     if (ctx == NULL) {  in mbedtls_hmac_drbg_free()
416     if (ctx->md_ctx.md_info != NULL) {  in mbedtls_hmac_drbg_free()
417         mbedtls_mutex_free(&ctx->mutex);  in mbedtls_hmac_drbg_free()
420     mbedtls_md_free(&ctx->md_ctx);  in mbedtls_hmac_drbg_free()
421     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_hmac_drbg_context));  in mbedtls_hmac_drbg_free()
422     ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;  in mbedtls_hmac_drbg_free()
426 int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path)  in mbedtls_hmac_drbg_write_seed_file()  argument
439     if ((ret = mbedtls_hmac_drbg_random(ctx, buf, sizeof(buf))) != 0) {  in mbedtls_hmac_drbg_write_seed_file()
457 int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path)  in mbedtls_hmac_drbg_update_seed_file()  argument
484     ret = mbedtls_hmac_drbg_update(ctx, buf, n);  in mbedtls_hmac_drbg_update_seed_file()
494     return mbedtls_hmac_drbg_write_seed_file(ctx, path);  in mbedtls_hmac_drbg_update_seed_file()
570     mbedtls_hmac_drbg_context ctx;  in mbedtls_hmac_drbg_self_test()  local
574     mbedtls_hmac_drbg_init(&ctx);  in mbedtls_hmac_drbg_self_test()
584     CHK(mbedtls_hmac_drbg_seed(&ctx, md_info,  in mbedtls_hmac_drbg_self_test()
587     mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON);  in mbedtls_hmac_drbg_self_test()
588     CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));  in mbedtls_hmac_drbg_self_test()
589     CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));  in mbedtls_hmac_drbg_self_test()
591     mbedtls_hmac_drbg_free(&ctx);  in mbedtls_hmac_drbg_self_test()
593     mbedtls_hmac_drbg_free(&ctx);  in mbedtls_hmac_drbg_self_test()
606     mbedtls_hmac_drbg_init(&ctx);  in mbedtls_hmac_drbg_self_test()
609     CHK(mbedtls_hmac_drbg_seed(&ctx, md_info,  in mbedtls_hmac_drbg_self_test()
612     CHK(mbedtls_hmac_drbg_reseed(&ctx, NULL, 0));  in mbedtls_hmac_drbg_self_test()
613     CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));  in mbedtls_hmac_drbg_self_test()
614     CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN));  in mbedtls_hmac_drbg_self_test()
616     mbedtls_hmac_drbg_free(&ctx);  in mbedtls_hmac_drbg_self_test()
618     mbedtls_hmac_drbg_free(&ctx);  in mbedtls_hmac_drbg_self_test()