Software APIs
entropy.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_ENTROPY_H_
5 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_ENTROPY_H_
6 
7 #include <stdbool.h>
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include "sw/device/lib/base/hardened.h"
12 #include "sw/device/lib/base/macros.h"
13 #include "sw/device/lib/base/status.h"
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18 
19 enum {
20  /**
21  * Number of bits in an entropy seed.
22  *
23  * Specified in NIST SP800-90Ar1, table 3. In NIST terminology, the CSRNG
24  * block runs a CTR-DRBG with AES-256 as the underlying cipher, so the seed
25  * is key size + block size = 256 + 128 bits.
26  */
27  kEntropySeedBits = 256 + 128,
28  /**
29  * Number of bytes in an entropy seed.
30  */
31  kEntropySeedBytes = kEntropySeedBits / 8,
32  /**
33  * Number of words in an entropy seed.
34  */
35  kEntropySeedWords = kEntropySeedBytes / sizeof(uint32_t),
36 };
37 
38 /**
39  * Seed material as specified in NIST SP 800-90Ar1 section 10.2.1.3.1. Up to 12
40  * words of seed material can be provided using this interface.
41  */
42 typedef struct entropy_seed_material {
43  /**
44  * Number of words set in `data`. CSRNG will extend the `data` to zeros if the
45  * provided value is less than 12.
46  */
47  size_t len;
48  /**
49  * Seed material in unsigned word format.
50  */
51  uint32_t data[kEntropySeedWords];
52 } entropy_seed_material_t;
53 
54 /**
55  * This enum type contains all the different command types for
56  * csrng_send_app_cmd().
57  */
58 typedef enum entropy_csrng_send_app_cmd_type {
59  /**
60  * Command issued directly to CSRNG.
61  */
62  kEntropyCsrngSendAppCmdTypeCsrng,
63  /**
64  * Command issued to CSRNG via the SW_CMD_REQ register of the EDN.
65  */
66  kEntropyCsrngSendAppCmdTypeEdnSw,
67  /**
68  * Command issued to CSRNG via the GENERATE_CMD register of the EDN.
69  * This type of command will be used in the auto mode of the EDN.
70  */
71  kEntropyCsrngSendAppCmdTypeEdnGen,
72  /**
73  * Command issued to CSRNG via the RESEED_CMD register of the EDN.
74  * This type of command will be used in the auto mode of the EDN.
75  */
76  kEntropyCsrngSendAppCmdTypeEdnRes,
77 } entropy_csrng_send_app_cmd_type_t;
78 
79 /**
80  * Constant empty seed material for the entropy complex.
81  *
82  * This is convenient to have available for some implementations.
83  */
84 extern const entropy_seed_material_t kEntropyEmptySeed;
85 
86 /**
87  * Configures the entropy complex in continuous mode.
88  *
89  * The complex is configured in continuous mode with FIPS mode enabled. This is
90  * the default operational mode of the entropy_src, csrng, edn0 and edn1 blocks.
91  *
92  * @return Operation status in `status_t` format.
93  */
94 OT_WARN_UNUSED_RESULT
95 status_t entropy_complex_init(void);
96 
97 /**
98  * Ensures that the entropy complex is ready for use.
99  *
100  * Ensures that the entropy complex is running and that `entropy_src` is in
101  * FIPS mode, and verifies the thresholds for health tests in `entropy_src`.
102  * This function should be called periodically while the entropy complex is in
103  * use, because the threshold registers are not shadowed.
104  *
105  * This check does not ensure that the SW CSRNG is in FIPS mode, so it is safe
106  * to call it while using the SW CSRNG in manual mode. However, it is important
107  * to note that passing the check does not by itself guarantee FIPS-compatible
108  * entropy from CSRNG.
109  *
110  * @return Operation status in `status_t` format.
111  */
112 OT_WARN_UNUSED_RESULT
113 status_t entropy_complex_check(void);
114 
115 /**
116  * Instantiate the SW CSRNG with a new seed value.
117  *
118  * SW CSRNG refers to the CSRNG hardware instance available for software use.
119  *
120  * @param disable_trng_input Set to kHardenedTrue to disable the random seed
121  * data provided by hardware. This enables the use of the CSRNG in deterministic
122  * mode.
123  * @param seed_material Data used to seed the CSRNG. XOR'ed entropy provided by
124  * hardware when `disable_trng_input` is set to `kHardenedFalse`, otherwise used
125  * directly as the seed.
126  * @return Operation status in `status_t` format.
127  */
128 OT_WARN_UNUSED_RESULT
129 status_t entropy_csrng_instantiate(
130  hardened_bool_t disable_trng_input,
131  const entropy_seed_material_t *seed_material);
132 
133 /**
134  * Reseed the SW CSRNG.
135  *
136  * @param disable_trng_input Set to kHardenedTrue to disable the entropy
137  * provided by hardware.
138  * @param seed_material Data used to reseed the CSRNG. XOR'ed with entropy
139  * provided by hardware when `disable_trng_input` is set to `kHardenedFalse`,
140  * otherwise used directly as the seed
141  * @return Operation status in `status_t` format.
142  */
143 OT_WARN_UNUSED_RESULT
144 status_t entropy_csrng_reseed(hardened_bool_t disable_trng_input,
145  const entropy_seed_material_t *seed_material);
146 
147 /**
148  * Update the SW CSRNG state.
149  *
150  * This command does not update the CSRNG internal reseed counter.
151  *
152  * @param seed_material Additional data used in the CSRNG update operation.
153  * There is no additional entropy loaded from hardware.
154  * @return Operation status in `status_t` format.
155  */
156 OT_WARN_UNUSED_RESULT
157 status_t entropy_csrng_update(const entropy_seed_material_t *seed_material);
158 
159 /**
160  * Request data from the SW CSRNG.
161  *
162  * Use `entropy_csrng_generate_data_get()` to read the data from the CSRNG
163  * output buffer.
164  *
165  * See `entropy_csrng_generate()` for requesting and reading the CSRNG output in
166  * a single call.
167  *
168  * @param seed_material Additional data used in the CSRNG generate operation.
169  * There is no additional entropy loaded from hardware.
170  * @param len Number of uint32_t words to generate.
171  * @return Operation status in `status_t` format.
172  */
173 OT_WARN_UNUSED_RESULT
174 status_t entropy_csrng_generate_start(
175  const entropy_seed_material_t *seed_material, size_t len);
176 
177 /**
178  * Read SW CSRNG output.
179  *
180  * Requires the `entropy_csrng_generate_start()` function to be called in
181  * advance, otherwise the function will block indefinitely.
182  *
183  * @param buf A buffer to fill with words from the CSRNG output buffer.
184  * @param len The number of words to read into `buf`.
185  * @param fips_check Whether to expect FIPS-compatible entropy.
186  * @return Operation status in `status_t` format.
187  */
188 OT_WARN_UNUSED_RESULT
189 status_t entropy_csrng_generate_data_get(uint32_t *buf, size_t len,
190  hardened_bool_t fips_check);
191 
192 /**
193  * Request and read data from the SW CSRNG.
194  *
195  * @param seed_material Additional data used in the CSRNG generate operation.
196  * There is not additional entropy loaded from hardware.
197  * @param buf A buffer to fill with words from the CSRNG output buffer.
198  * @param len The number of words to read into `buf`.
199  * @param fips_check Whether to expect FIPS-compatible entropy.
200  * @return Operation status in `status_t` format. OutOfRange if the `len`
201  * parameter results in a 128bit block level size greater than 0x800.
202  */
203 OT_WARN_UNUSED_RESULT
204 status_t entropy_csrng_generate(const entropy_seed_material_t *seed_material,
205  uint32_t *buf, size_t len,
206  hardened_bool_t fips_check);
207 
208 /**
209  * Uninstantiate the SW CSRNG.
210  *
211  * Thia operation effectively resets the state of the SW CSRNG instance,
212  * clearing any errors that it may have encountered due to bad command syntax or
213  * entropy source failures.
214  *
215  * @return Operation status in `status_t` format.
216  */
217 OT_WARN_UNUSED_RESULT
218 status_t entropy_csrng_uninstantiate(void);
219 
220 #ifdef __cplusplus
221 }
222 #endif
223 
224 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_DRIVERS_ENTROPY_H_
Return to OpenTitan Documentation