Lines Matching +full:for +full:- +full:context
4 * \brief This file contains definitions and functions for the
7 * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
8 * in counter mode operation, as defined in <em>NIST SP 800-90A:
9 * Recommendation for Random Number Generation Using Deterministic Random
12 * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
16 * The security strength as defined in NIST SP 800-90A is
17 * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
21 * See the documentation of mbedtls_ctr_drbg_seed() for more
26 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
35 /* The CTR_DRBG implementation can either directly call the low-level AES
37 * operations. Calling the AES module directly is the default, both for
65 #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
67 #define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
69 #define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
71 #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
79 * Compile-time choice: 16 bytes (128 bits)
86 * Compile-time choice: 32 bytes (256 bits)
91 #define MBEDTLS_CTR_DRBG_KEYBITS (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for …
97 * The configuration options you can set for this module are in this section.
109 /** This is 48 bytes because the entropy module uses SHA-512.
115 /** This is 32 bytes because the entropy module uses SHA-256.
118 /** \warning To achieve a 256-bit security strength, you must pass a nonce
162 * See the documentation of mbedtls_ctr_drbg_seed() for more information.
170 * See the documentation of mbedtls_ctr_drbg_seed() for more information.
183 * \brief The CTR_DRBG context structure.
193 * to use as a nonce for the initial seeding,
194 * or -1 if no nonce length has been explicitly
208 mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */
210 mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
219 void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
235 * \brief This function initializes the CTR_DRBG context,
236 * and prepares it for mbedtls_ctr_drbg_seed()
244 * \param ctx The CTR_DRBG context to initialize.
250 * entropy source for future reseeds.
252 * A typical choice for the \p f_entropy and \p p_entropy parameters is
254 * - \p f_entropy is mbedtls_entropy_func();
255 * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
263 * - \c 0 if the entropy length is at least 3/2 times the entropy length,
265 * by the key size and entropy length according to NIST SP 800-90A §10.2.1;
266 * - Half the entropy length otherwise.
273 * See SP 800-90A §8.6.7 for more details about nonces.
276 * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2
278 * - A string obtained by calling \p f_entropy function for the entropy
283 * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string
284 * obtained by calling \p f_entropy function for the specified length.
288 * - A string obtained by calling \p f_entropy function for the entropy nonce
299 * reseeding, are not thread-safe.
303 * - The \p custom string.
307 * - at least 16 bytes for a 128-bit strength
308 * (maximum achievable strength when using AES-128);
309 * - at least 32 bytes for a 256-bit strength
310 * (maximum achievable strength when using AES-256).
315 * - at least 24 bytes for a 128-bit strength
316 * (maximum achievable strength when using AES-128);
317 * - at least 48 bytes for a 256-bit strength
318 * (maximum achievable strength when using AES-256).
320 * \param ctx The CTR_DRBG context to seed.
325 * the same context unless you call
331 * \p p_entropy context, the buffer to fill, and the
335 * \param p_entropy The entropy context to pass to \p f_entropy.
342 * - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
354 * \brief This function resets CTR_DRBG context to the state immediately
357 * \param ctx The CTR_DRBG context to clear.
371 * \param ctx The CTR_DRBG context.
385 * - When using AES-256
389 * to achieve a 256-bit strength.
390 * - When using AES-128
393 * to achieve a 128-bit strength.
395 * \param ctx The CTR_DRBG context.
399 * entropy function that is set in the context.
406 * as a nonce for the initial seeding.
411 * \param ctx The CTR_DRBG context.
412 * \param len The amount of entropy to grab for the nonce, in bytes.
415 * entropy function that is set in the context.
435 * \param ctx The CTR_DRBG context.
442 * \brief This function reseeds the CTR_DRBG context, that is
445 * \note This function is not thread-safe. It is not safe
448 * context or updating or reseeding the same context.
450 * \param ctx The CTR_DRBG context.
454 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
456 * configured for the context.
465 * \brief This function updates the state of the CTR_DRBG context.
467 * \note This function is not thread-safe. It is not safe
470 * context or updating or reseeding the same context.
472 * \param ctx The CTR_DRBG context.
495 * \note This function is not thread-safe. It is not safe
498 * context or updating or reseeding the same context.
500 * \param p_rng The CTR_DRBG context. This must be a pointer to a
511 * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
513 * configured for the context.
534 * reseeding, are not thread-safe.
538 * \param p_rng The CTR_DRBG context. This must be a pointer to a
554 * \param ctx The CTR_DRBG context.
568 * \param ctx The CTR_DRBG context.