nrf_crypto_rng.h 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285
  1. /**
  2. * Copyright (c) 2018 - 2020, Nordic Semiconductor ASA
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without modification,
  7. * are permitted provided that the following conditions are met:
  8. *
  9. * 1. Redistributions of source code must retain the above copyright notice, this
  10. * list of conditions and the following disclaimer.
  11. *
  12. * 2. Redistributions in binary form, except as embedded into a Nordic
  13. * Semiconductor ASA integrated circuit in a product or a software update for
  14. * such product, must reproduce the above copyright notice, this list of
  15. * conditions and the following disclaimer in the documentation and/or other
  16. * materials provided with the distribution.
  17. *
  18. * 3. Neither the name of Nordic Semiconductor ASA nor the names of its
  19. * contributors may be used to endorse or promote products derived from this
  20. * software without specific prior written permission.
  21. *
  22. * 4. This software, with or without modification, must only be used with a
  23. * Nordic Semiconductor ASA integrated circuit.
  24. *
  25. * 5. Any software provided in binary form under this license must not be reverse
  26. * engineered, decompiled, modified and/or disassembled.
  27. *
  28. * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
  29. * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  30. * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
  31. * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
  32. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  33. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  34. * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  35. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  36. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  37. * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  38. *
  39. */
  40. #ifndef NRF_CRYPTO_RNG_H__
  41. #define NRF_CRYPTO_RNG_H__
  42. /** @file
  43. *
  44. * @defgroup nrf_crypto_rng RNG related functions
  45. * @{
  46. * @ingroup nrf_crypto
  47. *
  48. * @brief RNG related functions
  49. *
  50. * @details There are two available RNG backends:
  51. * - ARM CryptoCell CC310 (default for devices with CC310).
  52. * - nRF HW RNG peripheral.
  53. * * CTR-DRBG mode - nRF HW RNG used for seeding mbed TLS CTR-DRBG (default for
  54. * devices without CC310).
  55. * * Raw mode - all data is generated by the nRF HW RNG.
  56. *
  57. * The CC310 backend meets the standards NIST 800-90B3 and AIS-31 (Class “P2 High”), and
  58. * should be preferred in most cases on devices that includes the CC310 core. Devices that
  59. * do not include CC310 should normally use the nRF HW RNG with mbed TLS CTR-DRBG. The
  60. * mbed TLS CTR-DRBG code is standardized by NIST (SP 800-90A Rev. 1).
  61. */
  62. #include "sdk_common.h"
  63. #include "nrf_crypto_error.h"
  64. #include "nrf_crypto_rng_shared.h"
  65. #include "nrf_crypto_rng_backend.h"
  66. #ifdef __cplusplus
  67. extern "C" {
  68. #endif
  69. /**
  70. * @brief Context type for RNG.
  71. *
  72. * @note The actual type depend on the backend in use.
  73. */
  74. typedef nrf_crypto_backend_rng_context_t nrf_crypto_rng_context_t;
  75. /**
  76. * @brief Temporary work buffer type for RNG.
  77. *
  78. * @details Only needed during initializing. Can be freed when @ref nrf_crypto_rng_init has
  79. * returned. Not needed if @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
  80. * in @ref sdk_config.
  81. *
  82. * @note The actual type depend on the backend in use.
  83. */
  84. typedef nrf_crypto_backend_rng_temp_buffer_t nrf_crypto_rng_temp_buffer_t;
  85. /**@brief Initialize the random number generator.
  86. *
  87. * @details This function has no effect when @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is enabled.
  88. *
  89. * @warning The p_temp_buffer is 6112 bytes when using the CC310 backend. Ensure that stack size
  90. * is sufficient if allocated on stack. Applications that use nRF HW RNG as backend or are
  91. * not RAM constrained can use internal static allocation of context and temporary buffers
  92. * (@ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED).
  93. *
  94. * @note The context object can be reused without the need for a full reinitialization of the
  95. * backend in case of for example wakeup from system OFF, provided that the context is
  96. * located in a memory block that is retained. This only apply to the CC310 backend, and when
  97. * the context is allocated manually (NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED disabled).
  98. *
  99. * @param[in] p_context Pointer to context memory. The context will be managed
  100. * internally, and the pointer is not used for subsequent calls to
  101. * the nrf_crypto_rng API. The context memory is needed until
  102. * @ref nrf_crypto_rng_uninit is called, so it should normally not
  103. * be on the stack. Use NULL if
  104. * @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
  105. * in @ref sdk_config (recommended for most applications).
  106. *
  107. * @param[in,out] p_temp_buffer Temporary buffer needed during initialization of the backend. It
  108. * is not used after the return of this function, and can be freed
  109. * at that point. Buffer is allocated internally if the pointer is
  110. * NULL, using the allocated defined by @ref NRF_CRYPTO_ALLOCATOR
  111. * in @c sdk_config.h. Use NULL if
  112. * @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
  113. * in @ref sdk_config (recommended for most applications).
  114. *
  115. * @retval NRF_SUCCESS If random number generator was initialized
  116. * successfully.
  117. * @retval NRF_ERROR_CRYPTO_NOT_INITIALIZED @ref nrf_crypto_init was not called prior to this
  118. * function.
  119. * @retval NRF_ERROR_CRYPTO_CONTEXT_NULL p_context was NULL.
  120. * @retval NRF_ERROR_CRYPTO_INTERNAL If an internal error occurred in the nrf_crypto
  121. * backend.
  122. * @retval NRF_ERROR_CRYPTO_ALLOC_FAILED Unable to allocate memory for the context or work
  123. * buffer.
  124. * @retval NRF_ERROR_CRYPTO_STACK_OVERFLOW Stack overflow detected. Typically caused by
  125. * allocating an instance of
  126. * @ref nrf_crypto_rng_temp_buffer_t
  127. * on the stack when using CC310 backend.
  128. * @retval NRF_ERROR_CRYPTO_BUSY RNG is busy. Rerun at a later time.
  129. */
  130. ret_code_t nrf_crypto_rng_init(nrf_crypto_rng_context_t * p_context,
  131. nrf_crypto_rng_temp_buffer_t * p_temp_buffer);
  132. /**@brief Uninitialize the random number generator.
  133. *
  134. * @retval NRF_SUCCESS If RNG was uninitialized successfully.
  135. * @retval NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED RNG has not been initialized.
  136. * @retval NRF_ERROR_CRYPTO_INTERNAL If an internal error occurred in the
  137. * nrf_crypto backend.
  138. * @retval NRF_ERROR_CRYPTO_BUSY RNG is busy. Rerun at a later time.
  139. */
  140. ret_code_t nrf_crypto_rng_uninit(void);
  141. /**@brief Generate random data of given size.
  142. *
  143. * @details @ref nrf_crypto_rng_init must be called prior to this function unless
  144. * @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is enabled in @ref sdk_config.
  145. *
  146. * @param[in,out] p_target Buffer to hold the random generated data.
  147. * This buffer must be at least as large as the size parameter.
  148. * @param[in] size Length (in bytes) to generate random data for.
  149. *
  150. * @retval NRF_SUCCESS Data was generated successfully.
  151. * @retval NRF_ERROR_CRYPTO_NOT_INITIALIZED @ref nrf_crypto_init was not called prior to
  152. * this function.
  153. * @retval NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED @ref nrf_crypto_rng_init was not called
  154. * prior to this function and
  155. * @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is
  156. * disabled.
  157. * @retval NRF_ERROR_CRYPTO_OUTPUT_NULL p_target was NULL.
  158. * @retval NRF_ERROR_CRYPTO_OUTPUT_LENGTH Size was 0 or larger than the backend
  159. * supports.
  160. * @retval NRF_ERROR_CRYPTO_INTERNAL If an internal error occurred in the
  161. * backend.
  162. * @retval NRF_ERROR_CRYPTO_STACK_OVERFLOW Stack overflow detected in
  163. * @ref nrf_crypto_rng_init when using auto
  164. * initialization. Typically caused by
  165. * allocating an instance of
  166. * @ref nrf_crypto_rng_temp_buffer_t
  167. * on the stack when using CC310 backend.
  168. * @retval NRF_ERROR_CRYPTO_BUSY RNG is busy. Rerun at a later time.
  169. */
  170. ret_code_t nrf_crypto_rng_vector_generate(uint8_t * const p_target, size_t size);
  171. /**@brief Generate a vector of constrained random data of given size, between the specified min
  172. * and max values.
  173. *
  174. * @details @ref nrf_crypto_rng_init must be called prior to this function unless
  175. * @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is enabled in @ref sdk_config.
  176. *
  177. * All vectors are in big-endian format, with the most significant byte as the first
  178. * element / lowest address.
  179. *
  180. * @note This function may execute for a long time if the window between p_min and p_max is small.
  181. *
  182. * @param[in,out] p_target Buffer to hold the random generated data.
  183. * This buffer must be at least as large as the size parameter.
  184. * @param[in] p_min Byte array defining the lower limit of the random vector.
  185. * @param[in] p_max Byte array defining the upper limit of the random vector.
  186. * @param[in] size Length (in bytes) to generate random data for. Note that all three
  187. * buffers (p_target, p_min and p_max) must be of this size.
  188. *
  189. * @retval NRF_SUCCESS Data was generated successfully.
  190. * @retval NRF_ERROR_CRYPTO_NOT_INITIALIZED @ref nrf_crypto_init was not called prior to
  191. * this function.
  192. * @retval NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED @ref nrf_crypto_rng_init was not called
  193. * prior to this function and
  194. * @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is
  195. * disabled.
  196. * @retval NRF_ERROR_CRYPTO_OUTPUT_NULL p_target was NULL.
  197. * @retval NRF_ERROR_CRYPTO_INPUT_NULL p_min or p_max was NULL.
  198. * @retval NRF_ERROR_CRYPTO_OUTPUT_LENGTH Size was 0 or larger than the backend
  199. * supports.
  200. * @retval NRF_ERROR_CRYPTO_INTERNAL If an internal error occurred in the
  201. * backend.
  202. * @retval NRF_ERROR_CRYPTO_STACK_OVERFLOW Stack overflow detected in
  203. * @ref nrf_crypto_rng_init when using auto
  204. * initialization. Typically caused by
  205. * allocating an instance of
  206. * @ref nrf_crypto_rng_temp_buffer_t
  207. * on the stack when using CC310 backend.
  208. * @retval NRF_ERROR_CRYPTO_BUSY RNG is busy. Rerun at a later time.
  209. */
  210. ret_code_t nrf_crypto_rng_vector_generate_in_range(uint8_t * const p_target,
  211. uint8_t const * const p_min,
  212. uint8_t const * const p_max,
  213. size_t size);
  214. /**
  215. * @brief This function is used for reseeding the RNG with additional entropy.
  216. *
  217. * @details The backends will reseed automatically when required. This function can be used to
  218. * reseed at specific times and to provide additional data that is used to add personalized
  219. * randomness.
  220. *
  221. * @note Reseeding is not supported if using the nRF HW RNG backend without mbed TLS CTR-DRBG
  222. * (NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED disabled in sdk_config.h).
  223. *
  224. * @warning The p_temp_buffer is 6112 bytes when the CC310 backend is used. Ensure that stack size
  225. * is sufficient if allocated on stack.
  226. *
  227. * @param[in,out] p_temp_buffer Temporary buffer needed during reseeding. It
  228. * is not used after the return of this function, and can be freed
  229. * at that point. Buffer is allocated internally if the pointer is
  230. * NULL, using the allocated defined by @ref NRF_CRYPTO_ALLOCATOR
  231. * in @c sdk_config.h. Use NULL if
  232. * @ref NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED is enabled
  233. * in @ref sdk_config (recommended for most applications).
  234. * @param[in] p_input_data Optional input data used to increase the entropy.
  235. * @param[in] size Length of input data. Must be 0, 4, 8 or 12 for CC310.
  236. *
  237. * @retval NRF_SUCCESS Data was generated successfully.
  238. * @retval NRF_ERROR_CRYPTO_NOT_INITIALIZED @ref nrf_crypto_init was not called prior to
  239. * this function.
  240. * @retval NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED @ref nrf_crypto_rng_init was not called
  241. * prior to this function and
  242. * @ref NRF_CRYPTO_RNG_AUTO_INIT_ENABLED is
  243. * disabled.
  244. * @retval NRF_ERROR_CRYPTO_INPUT_NULL p_temp_buffer was NULL or p_input_data was
  245. * NULL and size > 0 .
  246. * @retval NRF_ERROR_CRYPTO_INPUT_LENGTH Invalid input data size.
  247. * @retval NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE Reseeding not supported by backend.
  248. * @retval NRF_ERROR_CRYPTO_INTERNAL If an internal error occurred in the
  249. * backend.
  250. * @retval NRF_ERROR_CRYPTO_STACK_OVERFLOW Stack overflow detected. Typically caused by
  251. * allocating an instance of
  252. * @ref nrf_crypto_rng_temp_buffer_t
  253. * on the stack when using CC310 backend.
  254. * @retval NRF_ERROR_CRYPTO_BUSY RNG is busy. Rerun at a later time.
  255. */
  256. ret_code_t nrf_crypto_rng_reseed(nrf_crypto_rng_temp_buffer_t * p_temp_buffer,
  257. uint8_t * p_input_data,
  258. size_t size);
  259. #ifdef __cplusplus
  260. }
  261. #endif
  262. /**@} */
  263. #endif // NRF_CRYPTO_RNG_H__