33 #if defined(POLARSSL_CTR_DRBG_C)
37 #if defined(POLARSSL_FS_IO)
45 int ctr_drbg_init_entropy_len(
47 int (*f_entropy)(
void *,
unsigned char *,
size_t),
49 const unsigned char *custom,
77 int (*f_entropy)(
void *,
unsigned char *,
size_t),
79 const unsigned char *custom,
82 return( ctr_drbg_init_entropy_len( ctx, f_entropy, p_entropy, custom, len,
101 int block_cipher_df(
unsigned char *output,
102 const unsigned char *data,
size_t data_len )
108 unsigned char *p = buf, *iv;
111 int i, j, buf_len, use_len;
123 *p++ = ( data_len >> 24 ) & 0xff;
124 *p++ = ( data_len >> 16 ) & 0xff;
125 *p++ = ( data_len >> 8 ) & 0xff;
126 *p++ = ( data_len ) & 0xff;
129 memcpy( p, data, data_len );
132 buf_len = CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
145 memset( chain, 0, CTR_DRBG_BLOCKSIZE );
158 memcpy( tmp + j, chain, CTR_DRBG_BLOCKSIZE );
176 memcpy( p, iv, CTR_DRBG_BLOCKSIZE );
184 const unsigned char data[CTR_DRBG_SEEDLEN] )
187 unsigned char *p = tmp;
190 memset( tmp, 0, CTR_DRBG_SEEDLEN );
197 for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
198 if( ++ctx->
counter[i - 1] != 0 )
216 memcpy( ctx->
counter, tmp + CTR_DRBG_KEYSIZE, CTR_DRBG_BLOCKSIZE );
222 const unsigned char *additional,
size_t add_len )
228 block_cipher_df( add_input, additional, add_len );
229 ctr_drbg_update_internal( ctx, add_input );
234 const unsigned char *additional,
size_t len )
258 if( additional && len )
260 memcpy( seed + seedlen, additional, len );
267 block_cipher_df( seed, seed, seedlen );
272 ctr_drbg_update_internal( ctx, seed );
279 unsigned char *output,
size_t output_len,
280 const unsigned char *additional,
size_t add_len )
285 unsigned char *p = output;
296 memset( add_input, 0, CTR_DRBG_SEEDLEN );
309 block_cipher_df( add_input, additional, add_len );
310 ctr_drbg_update_internal( ctx, add_input );
313 while( output_len > 0 )
318 for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
319 if( ++ctx->
counter[i - 1] != 0 )
331 memcpy( p, tmp, use_len );
333 output_len -= use_len;
336 ctr_drbg_update_internal( ctx, add_input );
343 int ctr_drbg_random(
void *p_rng,
unsigned char *output,
size_t output_len )
348 #if defined(POLARSSL_FS_IO)
355 if( ( f = fopen( path,
"wb" ) ) == NULL )
377 if( ( f = fopen( path,
"rb" ) ) == NULL )
380 fseek( f, 0, SEEK_END );
381 n = (size_t) ftell( f );
382 fseek( f, 0, SEEK_SET );
387 if( fread( buf, 1, n, f ) != n )
401 #if defined(POLARSSL_SELF_TEST)
405 unsigned char entropy_source_pr[96] =
406 { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
407 0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
408 0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
409 0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb,
410 0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9,
411 0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95,
412 0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63,
413 0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3,
414 0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31,
415 0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4,
416 0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
417 0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
419 unsigned char entropy_source_nopr[64] =
420 { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
421 0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
422 0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
423 0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20,
424 0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9,
425 0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46,
426 0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
427 0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
429 unsigned char nonce_pers_pr[16] =
430 { 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
431 0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
433 unsigned char nonce_pers_nopr[16] =
434 { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
435 0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
437 unsigned char result_pr[16] =
438 { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
439 0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
441 unsigned char result_nopr[16] =
442 { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
443 0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
446 int ctr_drbg_self_test_entropy(
void *data,
unsigned char *buf,
size_t len )
448 unsigned char *p = data;
449 memcpy( buf, p + test_offset, len );
460 unsigned char buf[16];
466 printf(
" CTR_DRBG (PR = TRUE) : " );
469 if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_pr, nonce_pers_pr, 16, 32 ) != 0 )
472 printf(
"failed\n" );
481 printf(
"failed\n" );
489 printf(
"failed\n" );
494 if( memcmp( buf, result_pr, CTR_DRBG_BLOCKSIZE ) != 0 )
497 printf(
"failed\n" );
503 printf(
"passed\n" );
509 printf(
" CTR_DRBG (PR = FALSE): " );
512 if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_nopr, nonce_pers_nopr, 16, 32 ) != 0 )
515 printf(
"failed\n" );
523 printf(
"failed\n" );
531 printf(
"failed\n" );
539 printf(
"failed\n" );
544 if( memcmp( buf, result_nopr, 16 ) != 0 )
547 printf(
"failed\n" );
553 printf(
"passed\n" );