Contiki-NG
csprng.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2013, Hasso-Plattner-Institut.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the Institute nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * This file is part of the Contiki operating system.
30 *
31 */
32
33/**
34 * \file
35 * An OFB-AES-128-based CSPRNG.
36 * \author
37 * Konrad Krentz <konrad.krentz@gmail.com>
38 */
39
40/**
41 * \addtogroup lib
42 * @{
43 */
44
45/**
46 * \defgroup csprng Cryptographically-secure PRNG
47 *
48 * \brief Expands a truly random seed into a stream of pseudo-random numbers.
49 *
50 * In contrast to a normal PRNG, a CSPRNG generates a stream of pseudo-random
51 * numbers that is indistinguishable from the uniform distribution to a
52 * computationally-bounded adversary who does not know the seed.
53 *
54 * @{
55 */
56
57#ifndef CSPRNG_H_
58#define CSPRNG_H_
59
60#include "contiki.h"
61#include "lib/aes-128.h"
62#include <stdint.h>
63#include <stdbool.h>
64
65#ifdef CSPRNG_CONF_ENABLED
66#define CSPRNG_ENABLED CSPRNG_CONF_ENABLED
67#else /* CSPRNG_CONF_ENABLED */
68#define CSPRNG_ENABLED 0
69#endif /* CSPRNG_CONF_ENABLED */
70
71#define CSPRNG_KEY_LEN AES_128_KEY_LENGTH
72#define CSPRNG_STATE_LEN AES_128_BLOCK_SIZE
73#define CSPRNG_SEED_LEN (CSPRNG_KEY_LEN + CSPRNG_STATE_LEN)
74
75/** This is the structure of a seed. */
76struct csprng_seed {
77 union {
78 struct {
79 uint8_t key[CSPRNG_KEY_LEN]; /**< AES-128 key of the CSPRNG */
80 uint8_t state[CSPRNG_STATE_LEN]; /**< internal state of the CSPRNG */
81 };
82
83 uint8_t u8[CSPRNG_SEED_LEN]; /**< for convenience */
84 };
85};
86
87/**
88 * \brief Mixes a new seed with the current one.
89 * \param new_seed Pointer to the new seed.
90 *
91 * This function is called at start up and/or at runtime by
92 * what we call a "seeder". Seeders generate seeds in arbi-
93 * trary ways and feed this CSPRNG with their generated seeds.
94 */
95void csprng_feed(struct csprng_seed *new_seed);
96
97/**
98 * \brief Generates a cryptographic random number.
99 * \param result The place to store the generated cryptographic random number.
100 * \param len The length of the cryptographic random number to be generated.
101 *
102 * We use output feedback mode (OFB) for generating cryptographic
103 * pseudo-random numbers [RFC 4086]. A potential problem with OFB
104 * is that OFB at some point enters a cycle. However, the
105 * expected cycle length given a random key and a random state
106 * is about 2^127 in our case [Davies and Parkin, The Average
107 * Cycle Size of The Key Stream in Output Feedback Encipherment].
108 * \return Returns true on success and false otherwise.
109 */
110bool csprng_rand(uint8_t *result, unsigned len);
111
112#endif /* CSPRNG_H_ */
113
114/** @} */
115/** @} */
aes-128.h
AES-128.
csprng_feed
void csprng_feed(struct csprng_seed *new_seed)
Mixes a new seed with the current one.
Definition: csprng.c:61
csprng_rand
bool csprng_rand(uint8_t *result, unsigned len)
Generates a cryptographic random number.
Definition: csprng.c:84
csprng_seed
This is the structure of a seed.
Definition: csprng.h:76
csprng_seed::state
uint8_t state[CSPRNG_STATE_LEN]
internal state of the CSPRNG
Definition: csprng.h:80
csprng_seed::key
uint8_t key[CSPRNG_KEY_LEN]
AES-128 key of the CSPRNG.
Definition: csprng.h:79
csprng_seed::u8
uint8_t u8[CSPRNG_SEED_LEN]
for convenience
Definition: csprng.h:83