iPXE
Data Structures | Macros | Functions
hmac_drbg.h File Reference

HMAC_DRBG algorithm. More...

#include <stdint.h>
#include <ipxe/crypto.h>

Go to the source code of this file.

Data Structures

struct  hmac_drbg_state
 HMAC_DRBG internal state. More...

Macros

#define HMAC_DRBG(hash, max_security_strength, out_len_bits)
 Declare an HMAC_DRBG algorithm.
#define HMAC_DRBG_SHA1   HMAC_DRBG ( &sha1_algorithm, 128, 160 )
 HMAC_DRBG using SHA-1.
#define HMAC_DRBG_SHA224   HMAC_DRBG ( &sha224_algorithm, 192, 224 )
 HMAC_DRBG using SHA-224.
#define HMAC_DRBG_SHA256   HMAC_DRBG ( &sha256_algorithm, 256, 256 )
 HMAC_DRBG using SHA-256.
#define HMAC_DRBG_SHA384   HMAC_DRBG ( &sha384_algorithm, 256, 384 )
 HMAC_DRBG using SHA-384.
#define HMAC_DRBG_SHA512   HMAC_DRBG ( &sha512_algorithm, 256, 512 )
 HMAC_DRBG using SHA-512.
#define HMAC_DRBG_HASH(hmac_drbg)
 Underlying hash algorithm.
#define HMAC_DRBG_EXTRACT_HASH(hash, max_security_strength, out_len_bits)
#define HMAC_DRBG_MAX_SECURITY_STRENGTH(hmac_drbg)
 Maximum security strength.
#define HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH(hash, max_security_strength, out_len_bits)
#define HMAC_DRBG_OUTLEN_BITS(hmac_drbg)
 Output block length, in bits.
#define HMAC_DRBG_EXTRACT_OUTLEN_BITS(hash, max_security_strength, out_len_bits)
#define HMAC_DRBG_OUTLEN_BYTES(hmac_drbg)
 Output block length, in bytes.
#define HMAC_DRBG_MAX_OUTLEN_BYTES   HMAC_DRBG_OUTLEN_BYTES ( HMAC_DRBG_SHA512 )
 Maximum output block length, in bytes.
#define HMAC_DRBG_MIN_ENTROPY(security_strength)
 Required minimum entropy for instantiate and reseed.
#define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES(security_strength)
 Minimum entropy input length.
#define HMAC_DRBG_MAX_ENTROPY_LEN_BYTES   32
 Maximum entropy input length.
#define HMAC_DRBG_MAX_PERSONAL_LEN_BYTES   0xffffffffUL
 Maximum personalisation string length.
#define HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES   0xffffffffUL
 Maximum additional input length.
#define HMAC_DRBG_MAX_GENERATED_LEN_BYTES   0x0000ffffUL
 Maximum length of generated pseudorandom data per request.
#define HMAC_DRBG_RESEED_INTERVAL   1024
 Reseed interval.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)
void hmac_drbg_instantiate (struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len)
 Instantiate HMAC_DRBG.
void hmac_drbg_reseed (struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len)
 Reseed HMAC_DRBG.
int hmac_drbg_generate (struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len)
 Generate pseudorandom bits using HMAC_DRBG.

Detailed Description

HMAC_DRBG algorithm.

Definition in file hmac_drbg.h.

Macro Definition Documentation

◆ HMAC_DRBG

#define HMAC_DRBG ( hash,
max_security_strength,
out_len_bits )
Value:
( hash, max_security_strength, out_len_bits )
hash
pseudo_bit_t hash[0x00010]
Definition arbel.h:2

Declare an HMAC_DRBG algorithm.

Parameters
hashUnderlying hash algorithm
max_security_strengthMaxmimum security strength
out_len_bitsOutput block length, in bits
Return values
hmac_drbgHMAC_DRBG algorithm

Definition at line 23 of file hmac_drbg.h.

23#define HMAC_DRBG( hash, max_security_strength, out_len_bits ) \
24 ( hash, max_security_strength, out_len_bits )

◆ HMAC_DRBG_SHA1

#define HMAC_DRBG_SHA1   HMAC_DRBG ( &sha1_algorithm, 128, 160 )

HMAC_DRBG using SHA-1.

The maximum security strength of HMAC_DRBG using SHA-1 is 128 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.

The output block length of HMAC_DRBG using SHA-1 is 160 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 36 of file hmac_drbg.h.

Referenced by HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_INSTANTIATE(), HMAC_DRBG_TEST_INSTANTIATE(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), and HMAC_DRBG_TEST_RESEED().

◆ HMAC_DRBG_SHA224

#define HMAC_DRBG_SHA224   HMAC_DRBG ( &sha224_algorithm, 192, 224 )

HMAC_DRBG using SHA-224.

The maximum security strength of HMAC_DRBG using SHA-224 is 192 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.

The output block length of HMAC_DRBG using SHA-224 is 224 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 48 of file hmac_drbg.h.

◆ HMAC_DRBG_SHA256

#define HMAC_DRBG_SHA256   HMAC_DRBG ( &sha256_algorithm, 256, 256 )

HMAC_DRBG using SHA-256.

The maximum security strength of HMAC_DRBG using SHA-256 is 256 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.

The output block length of HMAC_DRBG using SHA-256 is 256 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 60 of file hmac_drbg.h.

Referenced by HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_GENERATE_FAIL(), HMAC_DRBG_TEST_INSTANTIATE(), HMAC_DRBG_TEST_INSTANTIATE(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), HMAC_DRBG_TEST_RESEED(), and HMAC_DRBG_TEST_RESEED().

◆ HMAC_DRBG_SHA384

#define HMAC_DRBG_SHA384   HMAC_DRBG ( &sha384_algorithm, 256, 384 )

HMAC_DRBG using SHA-384.

The maximum security strength of HMAC_DRBG using SHA-384 is 256 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.

The output block length of HMAC_DRBG using SHA-384 is 384 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 72 of file hmac_drbg.h.

◆ HMAC_DRBG_SHA512

#define HMAC_DRBG_SHA512   HMAC_DRBG ( &sha512_algorithm, 256, 512 )

HMAC_DRBG using SHA-512.

The maximum security strength of HMAC_DRBG using SHA-512 is 256 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.

The output block length of HMAC_DRBG using SHA-512 is 512 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 84 of file hmac_drbg.h.

◆ HMAC_DRBG_HASH

#define HMAC_DRBG_HASH ( hmac_drbg)
Value:
HMAC_DRBG_EXTRACT_HASH hmac_drbg
HMAC_DRBG_EXTRACT_HASH
#define HMAC_DRBG_EXTRACT_HASH(hash, max_security_strength, out_len_bits)
Definition hmac_drbg.h:93

Underlying hash algorithm.

Parameters
hmac_drbgHMAC_DRBG algorithm
Return values
hashUnderlying hash algorithm

Definition at line 91 of file hmac_drbg.h.

91#define HMAC_DRBG_HASH( hmac_drbg ) \
92 HMAC_DRBG_EXTRACT_HASH hmac_drbg

Referenced by drbg_generate_algorithm(), drbg_instantiate_algorithm(), and drbg_reseed_algorithm().

◆ HMAC_DRBG_EXTRACT_HASH

#define HMAC_DRBG_EXTRACT_HASH ( hash,
max_security_strength,
out_len_bits )
Value:
hash

Definition at line 93 of file hmac_drbg.h.

93#define HMAC_DRBG_EXTRACT_HASH( hash, max_security_strength, out_len_bits ) \
94 hash

◆ HMAC_DRBG_MAX_SECURITY_STRENGTH

#define HMAC_DRBG_MAX_SECURITY_STRENGTH ( hmac_drbg)
Value:
HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH hmac_drbg
HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH
#define HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH(hash, max_security_strength, out_len_bits)
Definition hmac_drbg.h:103

Maximum security strength.

Parameters
hmac_drbgHMAC_DRBG algorithm
Return values
max_security_strengthMaxmimum security strength

Definition at line 101 of file hmac_drbg.h.

101#define HMAC_DRBG_MAX_SECURITY_STRENGTH( hmac_drbg ) \
102 HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH hmac_drbg

◆ HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH

#define HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH ( hash,
max_security_strength,
out_len_bits )
Value:
max_security_strength

Definition at line 103 of file hmac_drbg.h.

◆ HMAC_DRBG_OUTLEN_BITS

#define HMAC_DRBG_OUTLEN_BITS ( hmac_drbg)
Value:
HMAC_DRBG_EXTRACT_OUTLEN_BITS hmac_drbg
HMAC_DRBG_EXTRACT_OUTLEN_BITS
#define HMAC_DRBG_EXTRACT_OUTLEN_BITS(hash, max_security_strength, out_len_bits)
Definition hmac_drbg.h:114

Output block length, in bits.

Parameters
hmac_drbgHMAC_DRBG algorithm
Return values
out_len_bitsOutput block length, in bits

Definition at line 112 of file hmac_drbg.h.

112#define HMAC_DRBG_OUTLEN_BITS( hmac_drbg ) \
113 HMAC_DRBG_EXTRACT_OUTLEN_BITS hmac_drbg

◆ HMAC_DRBG_EXTRACT_OUTLEN_BITS

#define HMAC_DRBG_EXTRACT_OUTLEN_BITS ( hash,
max_security_strength,
out_len_bits )
Value:
out_len_bits

Definition at line 114 of file hmac_drbg.h.

◆ HMAC_DRBG_OUTLEN_BYTES

#define HMAC_DRBG_OUTLEN_BYTES ( hmac_drbg)
Value:
( HMAC_DRBG_OUTLEN_BITS ( hmac_drbg ) / 8 )
HMAC_DRBG_OUTLEN_BITS
#define HMAC_DRBG_OUTLEN_BITS(hmac_drbg)
Output block length, in bits.
Definition hmac_drbg.h:112

Output block length, in bytes.

Parameters
hmac_drbgHMAC_DRBG algorithm
Return values
out_len_bytesOutput block length, in bytes

Definition at line 123 of file hmac_drbg.h.

123#define HMAC_DRBG_OUTLEN_BYTES( hmac_drbg ) \
124 ( HMAC_DRBG_OUTLEN_BITS ( hmac_drbg ) / 8 )

◆ HMAC_DRBG_MAX_OUTLEN_BYTES

#define HMAC_DRBG_MAX_OUTLEN_BYTES   HMAC_DRBG_OUTLEN_BYTES ( HMAC_DRBG_SHA512 )

Maximum output block length, in bytes.

The maximum output block length for HMAC_DRBG is 512 bits for SHA-512 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 132 of file hmac_drbg.h.

◆ HMAC_DRBG_MIN_ENTROPY

#define HMAC_DRBG_MIN_ENTROPY ( security_strength)
Value:
(security_strength)

Required minimum entropy for instantiate and reseed.

Parameters
security_strengthSecurity strength
Return values
min_entropyRequired minimum entropy

The minimum required entropy for HMAC_DRBG is equal to the security strength according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 143 of file hmac_drbg.h.

◆ HMAC_DRBG_MIN_ENTROPY_LEN_BYTES

#define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES ( security_strength)
Value:
( (security_strength) / 8 )

Minimum entropy input length.

Parameters
security_strengthSecurity strength
Return values
min_entropy_len_bytesRequired minimum entropy length (in bytes)

The minimum entropy input length for HMAC_DRBG is equal to the security strength according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

Definition at line 154 of file hmac_drbg.h.

154#define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES( security_strength ) \
155 ( (security_strength) / 8 )

◆ HMAC_DRBG_MAX_ENTROPY_LEN_BYTES

#define HMAC_DRBG_MAX_ENTROPY_LEN_BYTES   32

Maximum entropy input length.

The maximum entropy input length for HMAC_DRBG is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).

We choose to allow up to 32 bytes.

Definition at line 165 of file hmac_drbg.h.

◆ HMAC_DRBG_MAX_PERSONAL_LEN_BYTES

#define HMAC_DRBG_MAX_PERSONAL_LEN_BYTES   0xffffffffUL

Maximum personalisation string length.

The maximum permitted personalisation string length for HMAC_DRBG is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP 800-90 Section 10.1 Table 2).

We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).

Definition at line 175 of file hmac_drbg.h.

◆ HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES

#define HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES   0xffffffffUL

Maximum additional input length.

The maximum permitted additional input length for HMAC_DRBG is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP 800-90 Section 10.1 Table 2).

We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).

Definition at line 185 of file hmac_drbg.h.

◆ HMAC_DRBG_MAX_GENERATED_LEN_BYTES

#define HMAC_DRBG_MAX_GENERATED_LEN_BYTES   0x0000ffffUL

Maximum length of generated pseudorandom data per request.

The maximum number of bits per request for HMAC_DRBG is 2^19 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP 800-90 Section 10.1 Table 2).

We choose to allow up to 2^16-1 bytes (i.e. 2^19-8 bits).

Definition at line 195 of file hmac_drbg.h.

◆ HMAC_DRBG_RESEED_INTERVAL

#define HMAC_DRBG_RESEED_INTERVAL   1024

Reseed interval.

The maximum permitted reseed interval for HMAC_DRBG is 2^48 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2). However, the sample implementation given in ANS X9.82 Part 3-2007 Annex E.2.1 (NIST SP 800-90 Appendix F.2) shows a reseed interval of 10000.

We choose a very conservative reseed interval.

Definition at line 207 of file hmac_drbg.h.

Referenced by force_reseed_required(), and hmac_drbg_generate().

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ hmac_drbg_instantiate()

void hmac_drbg_instantiate ( struct digest_algorithm * hash,
struct hmac_drbg_state * state,
const void * entropy,
size_t entropy_len,
const void * personal,
size_t personal_len )
extern

Instantiate HMAC_DRBG.

Parameters
hashUnderlying hash algorithm
stateHMAC_DRBG internal state to be initialised
entropyEntropy input
entropy_lenLength of entropy input
personalPersonalisation string
personal_lenLength of personalisation string

This is the HMAC_DRBG_Instantiate_algorithm function defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.3 (NIST SP 800-90 Section 10.1.2.3).

The nonce must be included within the entropy input (i.e. the entropy input must contain at least 3/2 * security_strength bits of entropy, as per ANS X9.82 Part 3-2007 Section 8.4.2 (NIST SP 800-90 Section 8.6.7).

The key, value and reseed counter are updated in-place within the HMAC_DRBG internal state.

Definition at line 207 of file hmac_drbg.c.

210 {
211 size_t out_len = hash->digestsize;
212
213 DBGC ( state, "HMAC_DRBG_%s %p instantiate\n", hash->name, state );
214
215 /* Sanity checks */
216 assert ( hash != NULL );
217 assert ( state != NULL );
218 assert ( entropy != NULL );
219 assert ( ( personal != NULL ) || ( personal_len == 0 ) );
220
221 /* 1. seed_material = entropy_input || nonce ||
222 * personalisation_string
223 */
224
225 /* 2. Key = 0x00 00..00 */
226 memset ( state->key, 0x00, out_len );
227
228 /* 3. V = 0x01 01...01 */
229 memset ( state->value, 0x01, out_len );
230
231 /* 4. ( Key, V ) = HMAC_DBRG_Update ( seed_material, Key, V )
232 * 5. reseed_counter = 1
233 * 6. Return V, Key and reseed_counter as the
234 * initial_working_state
235 */
236 hmac_drbg_reseed ( hash, state, entropy, entropy_len,
237 personal, personal_len );
238}
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
assert
#define assert(condition)
Assert a condition at run-time.
Definition assert.h:50
state
uint8_t state
State.
Definition eth_slow.h:36
DBGC
#define DBGC(...)
Definition compiler.h:505
hmac_drbg_reseed
void hmac_drbg_reseed(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len)
Reseed HMAC_DRBG.
Definition hmac_drbg.c:256
memset
void * memset(void *dest, int character, size_t len) __nonnull

References assert, DBGC, hash, hmac_drbg_reseed(), memset(), NULL, and state.

Referenced by drbg_instantiate_algorithm(), and ecdsa_sign().

◆ hmac_drbg_reseed()

void hmac_drbg_reseed ( struct digest_algorithm * hash,
struct hmac_drbg_state * state,
const void * entropy,
size_t entropy_len,
const void * additional,
size_t additional_len )
extern

Reseed HMAC_DRBG.

Parameters
hashUnderlying hash algorithm
stateHMAC_DRBG internal state
entropyEntropy input
entropy_lenLength of entropy input
additionalAdditional input
additional_lenLength of additional input

This is the HMAC_DRBG_Reseed_algorithm function defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.4 (NIST SP 800-90 Section 10.1.2.4).

The key, value and reseed counter are updated in-place within the HMAC_DRBG internal state.

Definition at line 256 of file hmac_drbg.c.

259 {
260 uint8_t seed_material[ entropy_len + additional_len ];
261
262 DBGC ( state, "HMAC_DRBG_%s %p (re)seed\n", hash->name, state );
263
264 /* Sanity checks */
265 assert ( hash != NULL );
266 assert ( state != NULL );
267 assert ( entropy != NULL );
268 assert ( ( additional != NULL ) || ( additional_len == 0 ) );
269
270 /* 1. seed_material = entropy_input || additional_input */
271 memcpy ( seed_material, entropy, entropy_len );
272 memcpy ( ( seed_material + entropy_len ), additional, additional_len );
273 DBGC ( state, "HMAC_DRBG_%s %p seed material :\n", hash->name, state );
274 DBGC_HDA ( state, 0, seed_material, sizeof ( seed_material ) );
275
276 /* 2. ( Key, V ) = HMAC_DBRG_Update ( seed_material, Key, V ) */
277 hmac_drbg_update ( hash, state, seed_material,
278 sizeof ( seed_material ) );
279
280 /* 3. reseed_counter = 1 */
281 state->reseed_counter = 1;
282
283 /* 4. Return V, Key and reseed_counter as the new_working_state */
284}
uint8_t
unsigned char uint8_t
Definition stdint.h:10
DBGC_HDA
#define DBGC_HDA(...)
Definition compiler.h:506
hmac_drbg_update
static void hmac_drbg_update(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *data, size_t len)
Update HMAC_DRBG internal state.
Definition hmac_drbg.c:155
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
additional
uint16_t additional
Additional sense code and qualifier.
Definition scsi.h:13

References additional, assert, DBGC, DBGC_HDA, hash, hmac_drbg_update(), memcpy(), NULL, and state.

Referenced by drbg_reseed_algorithm(), and hmac_drbg_instantiate().

◆ hmac_drbg_generate()

int hmac_drbg_generate ( struct digest_algorithm * hash,
struct hmac_drbg_state * state,
const void * additional,
size_t additional_len,
void * data,
size_t len )
extern

Generate pseudorandom bits using HMAC_DRBG.

Parameters
hashUnderlying hash algorithm
stateHMAC_DRBG internal state
additionalAdditional input
additional_lenLength of additional input
dataOutput buffer
lenLength of output buffer
Return values
rcReturn status code

This is the HMAC_DRBG_Generate_algorithm function defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST SP 800-90 Section 10.1.2.5).

Requests must be for an integral number of bytes.

The key, value and reseed counter are updated in-place within the HMAC_DRBG internal state.

Note that the only permitted error is "reseed required".

Definition at line 307 of file hmac_drbg.c.

310 {
311 size_t out_len = hash->digestsize;
312 void *orig_data = data;
313 size_t orig_len = len;
314 size_t frag_len;
315
316 DBGC ( state, "HMAC_DRBG_%s %p generate\n", hash->name, state );
317
318 /* Sanity checks */
319 assert ( hash != NULL );
320 assert ( state != NULL );
321 assert ( data != NULL );
322 assert ( ( additional != NULL ) || ( additional_len == 0 ) );
323
324 /* 1. If reseed_counter > reseed_interval, then return an
325 * indication that a reseed is required
326 */
327 if ( state->reseed_counter > HMAC_DRBG_RESEED_INTERVAL ) {
328 DBGC ( state, "HMAC_DRBG_%s %p reseed interval exceeded\n",
329 hash->name, state );
330 return -ESTALE;
331 }
332
333 /* 2. If additional_input != Null, then
334 * ( Key, V ) = HMAC_DRBG_Update ( additional_input, Key, V )
335 */
336 if ( additional_len )
337 hmac_drbg_update ( hash, state, additional, additional_len );
338
339 /* 3. temp = Null
340 * 4. While ( len ( temp ) < requested_number_of_bits ) do:
341 */
342 while ( len ) {
343
344 /* 4.1 V = HMAC ( Key, V ) */
345 hmac_drbg_update_value ( hash, state );
346
347 /* 4.2. temp = temp || V
348 * 5. returned_bits = Leftmost requested_number_of_bits
349 * of temp
350 */
351 frag_len = len;
352 if ( frag_len > out_len )
353 frag_len = out_len;
354 memcpy ( data, state->value, frag_len );
355 data += frag_len;
356 len -= frag_len;
357 }
358
359 /* 6. ( Key, V ) = HMAC_DRBG_Update ( additional_input, Key, V ) */
360 hmac_drbg_update ( hash, state, additional, additional_len );
361
362 /* 7. reseed_counter = reseed_counter + 1 */
363 state->reseed_counter++;
364
365 DBGC ( state, "HMAC_DRBG_%s %p generated :\n", hash->name, state );
366 DBGC_HDA ( state, 0, orig_data, orig_len );
367
368 /* 8. Return SUCCESS, returned_bits, and the new values of
369 * Key, V and reseed_counter as the new_working_state
370 */
371 return 0;
372}
len
ring len
Length.
Definition dwmac.h:226
data
uint8_t data[48]
Additional event data.
Definition ena.h:11
ESTALE
#define ESTALE
Stale file handle.
Definition errno.h:660
hmac_drbg_update_value
static void hmac_drbg_update_value(struct digest_algorithm *hash, struct hmac_drbg_state *state)
Update the HMAC_DRBG value.
Definition hmac_drbg.c:122
HMAC_DRBG_RESEED_INTERVAL
#define HMAC_DRBG_RESEED_INTERVAL
Reseed interval.
Definition hmac_drbg.h:207

References additional, assert, data, DBGC, DBGC_HDA, ESTALE, hash, HMAC_DRBG_RESEED_INTERVAL, hmac_drbg_update(), hmac_drbg_update_value(), len, memcpy(), NULL, and state.

Referenced by drbg_generate_algorithm(), and ecdsa_sign_rs().

Generated by doxygen 1.14.0