drbg_8h_source.html

 #ifndef _IPXE_DRBG_H
 #define _IPXE_DRBG_H

 /** @file
  *
  * DRBG mechanism
  *
  */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <ipxe/sha256.h>
 #include <ipxe/hmac_drbg.h>

 /** Choose HMAC_DRBG using SHA-256
  *
  * HMAC_DRBG using SHA-256 is an Approved algorithm in ANS X9.82.
  */
 #define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA256

 /** Maximum security strength */
 #define DRBG_MAX_SECURITY_STRENGTH \
         HMAC_DRBG_MAX_SECURITY_STRENGTH ( HMAC_DRBG_ALGORITHM )

 /** Security strength
  *
  * We choose to operate at a strength of 128 bits.
  */
 #define DRBG_SECURITY_STRENGTH 128

 /** Minimum entropy input length */
 #define DRBG_MIN_ENTROPY_LEN_BYTES \
         HMAC_DRBG_MIN_ENTROPY_LEN_BYTES ( DRBG_SECURITY_STRENGTH )

 /** Maximum entropy input length */
 #define DRBG_MAX_ENTROPY_LEN_BYTES HMAC_DRBG_MAX_ENTROPY_LEN_BYTES

 /** Maximum personalisation string length */
 #define DRBG_MAX_PERSONAL_LEN_BYTES HMAC_DRBG_MAX_PERSONAL_LEN_BYTES

 /** Maximum additional input length */
 #define DRBG_MAX_ADDITIONAL_LEN_BYTES HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES

 /** Maximum length of generated pseudorandom data per request */
 #define DRBG_MAX_GENERATED_LEN_BYTES HMAC_DRBG_MAX_GENERATED_LEN_BYTES

 /** A Deterministic Random Bit Generator */
 struct drbg_state {
         /** Algorithm internal state */
         struct hmac_drbg_state internal;
         /** Reseed required flag */
         int reseed_required;
         /** State is valid */
         int valid;
 };

 /**
  * Instantiate DRBG algorithm
  *
  * @v state             Algorithm state
  * @v entropy           Entropy input
  * @v entropy_len       Length of entropy input
  * @v personal          Personalisation string
  * @v personal_len      Length of personalisation string
  *
  * This is the Instantiate_algorithm function defined in ANS X9.82
  * Part 3-2007 Section 9.2 (NIST SP 800-90 Section 9.1).
  */
 static inline void drbg_instantiate_algorithm ( struct drbg_state *state,
                                                 const void *entropy,
                                                 size_t entropy_len,
                                                 const void *personal,
                                                 size_t personal_len ) {
         hmac_drbg_instantiate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ),
                                 &state->internal, entropy, entropy_len,
                                 personal, personal_len );
 }

 /**
  * Reseed DRBG algorithm
  *
  * @v state             Algorithm state
  * @v entropy           Entropy input
  * @v entropy_len       Length of entropy input
  * @v additional        Additional input
  * @v additional_len    Length of additional input
  *
  * This is the Reseed_algorithm function defined in ANS X9.82
  * Part 3-2007 Section 9.3 (NIST SP 800-90 Section 9.2).
  */
 static inline void drbg_reseed_algorithm ( struct drbg_state *state,
                                            const void *entropy,
                                            size_t entropy_len,
                                            const void *additional,
                                            size_t additional_len ) {
         hmac_drbg_reseed ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ),
                            &state->internal, entropy, entropy_len,
                            additional, additional_len );
 }

 /**
  * Generate pseudorandom bits using DRBG algorithm
  *
  * @v state             Algorithm state
  * @v additional        Additional input
  * @v additional_len    Length of additional input
  * @v data              Output buffer
  * @v len               Length of output buffer
  * @ret rc              Return status code
  *
  * This is the Generate_algorithm function defined in ANS X9.82
  * Part 3-2007 Section 9.4 (NIST SP 800-90 Section 9.3).
  *
  * Note that the only permitted error is "reseed required".
  */
 static inline int drbg_generate_algorithm ( struct drbg_state *state,
                                             const void *additional,
                                             size_t additional_len,
                                             void *data, size_t len ) {
         return hmac_drbg_generate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ),
                                     &state->internal, additional,
                                     additional_len, data, len );
 }

 extern int drbg_instantiate ( struct drbg_state *state, const void *personal,
                               size_t personal_len );
 extern int drbg_reseed ( struct drbg_state *state, const void *additional,
                          size_t additional_len );
 extern int drbg_generate ( struct drbg_state *state, const void *additional,
                            size_t additional_len, int prediction_resist,
                            void *data, size_t len );
 extern void drbg_uninstantiate ( struct drbg_state *state );

 #endif /* _IPXE_DRBG_H */
hmac_drbg_generate
int hmac_drbg_generate(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len)
Generate pseudorandom bits using HMAC_DRBG.
Definition: hmac_drbg.c:307

drbg_state::reseed_required
int reseed_required
Reseed required flag.
Definition: drbg.h:54

state
uint8_t state
State.
Definition: eth_slow.h:48

hmac_drbg_instantiate
void hmac_drbg_instantiate(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len)
Instantiate HMAC_DRBG.
Definition: hmac_drbg.c:207

drbg_instantiate_algorithm
static void drbg_instantiate_algorithm(struct drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len)
Instantiate DRBG algorithm.
Definition: drbg.h:71

drbg_state::internal
struct hmac_drbg_state internal
Algorithm internal state.
Definition: drbg.h:52

drbg_instantiate
int drbg_instantiate(struct drbg_state *state, const void *personal, size_t personal_len)
Instantiate DRBG.
Definition: drbg.c:79

hmac_drbg_reseed
void hmac_drbg_reseed(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len)
Reseed HMAC_DRBG.
Definition: hmac_drbg.c:256

drbg_state
A Deterministic Random Bit Generator.
Definition: drbg.h:50

drbg_uninstantiate
void drbg_uninstantiate(struct drbg_state *state)
Uninstantiate DRBG.
Definition: drbg.c:424

HMAC_DRBG_HASH
#define HMAC_DRBG_HASH(hmac_drbg)
Underlying hash algorithm.
Definition: hmac_drbg.h:91

HMAC_DRBG_ALGORITHM
#define HMAC_DRBG_ALGORITHM
Choose HMAC_DRBG using SHA-256.
Definition: drbg.h:21

drbg_reseed_algorithm
static void drbg_reseed_algorithm(struct drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len)
Reseed DRBG algorithm.
Definition: drbg.h:93

drbg_state::valid
int valid
State is valid.
Definition: drbg.h:56

additional
uint16_t additional
Additional sense code and qualifier.
Definition: scsi.h:28

drbg_generate_algorithm
static int drbg_generate_algorithm(struct drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len)
Generate pseudorandom bits using DRBG algorithm.
Definition: drbg.h:118

len
ring len
Length.
Definition: dwmac.h:231

hmac_drbg_state
HMAC_DRBG internal state.
Definition: hmac_drbg.h:219

drbg_generate
int drbg_generate(struct drbg_state *state, const void *additional, size_t additional_len, int prediction_resist, void *data, size_t len)
Generate pseudorandom bits using DRBG.
Definition: drbg.c:284

data
uint8_t data[48]
Additional event data.
Definition: ena.h:22

stdint.h

FILE_SECBOOT
FILE_SECBOOT(PERMITTED)

drbg_reseed
int drbg_reseed(struct drbg_state *state, const void *additional, size_t additional_len)
Reseed DRBG.
Definition: drbg.c:191

sha256.h
SHA-256 algorithm.

FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)

hmac_drbg.h
HMAC_DRBG algorithm.