iPXE
|
HMAC_DRBG algorithm. More...
Go to the source code of this file.
Data Structures | |
struct | hmac_drbg_state |
HMAC_DRBG internal state. More... | |
Macros | |
#define | HMAC_DRBG(hash, max_security_strength, out_len_bits) ( hash, max_security_strength, out_len_bits ) |
Declare an HMAC_DRBG algorithm. More... | |
#define | HMAC_DRBG_SHA1 HMAC_DRBG ( &sha1_algorithm, 128, 160 ) |
HMAC_DRBG using SHA-1. More... | |
#define | HMAC_DRBG_SHA224 HMAC_DRBG ( &sha224_algorithm, 192, 224 ) |
HMAC_DRBG using SHA-224. More... | |
#define | HMAC_DRBG_SHA256 HMAC_DRBG ( &sha256_algorithm, 256, 256 ) |
HMAC_DRBG using SHA-256. More... | |
#define | HMAC_DRBG_SHA384 HMAC_DRBG ( &sha384_algorithm, 256, 384 ) |
HMAC_DRBG using SHA-384. More... | |
#define | HMAC_DRBG_SHA512 HMAC_DRBG ( &sha512_algorithm, 256, 512 ) |
HMAC_DRBG using SHA-512. More... | |
#define | HMAC_DRBG_HASH(hmac_drbg) HMAC_DRBG_EXTRACT_HASH hmac_drbg |
Underlying hash algorithm. More... | |
#define | HMAC_DRBG_EXTRACT_HASH(hash, max_security_strength, out_len_bits) hash |
#define | HMAC_DRBG_MAX_SECURITY_STRENGTH(hmac_drbg) HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH hmac_drbg |
Maximum security strength. More... | |
#define | HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH(hash, max_security_strength, out_len_bits) max_security_strength |
#define | HMAC_DRBG_OUTLEN_BITS(hmac_drbg) HMAC_DRBG_EXTRACT_OUTLEN_BITS hmac_drbg |
Output block length, in bits. More... | |
#define | HMAC_DRBG_EXTRACT_OUTLEN_BITS(hash, max_security_strength, out_len_bits) out_len_bits |
#define | HMAC_DRBG_OUTLEN_BYTES(hmac_drbg) ( HMAC_DRBG_OUTLEN_BITS ( hmac_drbg ) / 8 ) |
Output block length, in bytes. More... | |
#define | HMAC_DRBG_MAX_OUTLEN_BYTES HMAC_DRBG_OUTLEN_BYTES ( HMAC_DRBG_SHA512 ) |
Maximum output block length, in bytes. More... | |
#define | HMAC_DRBG_MIN_ENTROPY(security_strength) (security_strength) |
Required minimum entropy for instantiate and reseed. More... | |
#define | HMAC_DRBG_MIN_ENTROPY_LEN_BYTES(security_strength) ( (security_strength) / 8 ) |
Minimum entropy input length. More... | |
#define | HMAC_DRBG_MAX_ENTROPY_LEN_BYTES 32 |
Maximum entropy input length. More... | |
#define | HMAC_DRBG_MAX_PERSONAL_LEN_BYTES 0xffffffffUL |
Maximum personalisation string length. More... | |
#define | HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES 0xffffffffUL |
Maximum additional input length. More... | |
#define | HMAC_DRBG_MAX_GENERATED_LEN_BYTES 0x0000ffffUL |
Maximum length of generated pseudorandom data per request. More... | |
#define | HMAC_DRBG_RESEED_INTERVAL 1024 |
Reseed interval. More... | |
Functions | |
FILE_LICENCE (GPL2_OR_LATER_OR_UBDL) | |
void | hmac_drbg_instantiate (struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len) |
Instantiate HMAC_DRBG. More... | |
void | hmac_drbg_reseed (struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len) |
Reseed HMAC_DRBG. More... | |
int | hmac_drbg_generate (struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len) |
Generate pseudorandom bits using HMAC_DRBG. More... | |
HMAC_DRBG algorithm.
Definition in file hmac_drbg.h.
#define HMAC_DRBG | ( | hash, | |
max_security_strength, | |||
out_len_bits | |||
) | ( hash, max_security_strength, out_len_bits ) |
Declare an HMAC_DRBG algorithm.
hash | Underlying hash algorithm |
max_security_strength | Maxmimum security strength |
out_len_bits | Output block length, in bits |
hmac_drbg | HMAC_DRBG algorithm |
Definition at line 22 of file hmac_drbg.h.
#define HMAC_DRBG_SHA1 HMAC_DRBG ( &sha1_algorithm, 128, 160 ) |
HMAC_DRBG using SHA-1.
The maximum security strength of HMAC_DRBG using SHA-1 is 128 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
The output block length of HMAC_DRBG using SHA-1 is 160 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 35 of file hmac_drbg.h.
#define HMAC_DRBG_SHA224 HMAC_DRBG ( &sha224_algorithm, 192, 224 ) |
HMAC_DRBG using SHA-224.
The maximum security strength of HMAC_DRBG using SHA-224 is 192 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
The output block length of HMAC_DRBG using SHA-224 is 224 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 47 of file hmac_drbg.h.
#define HMAC_DRBG_SHA256 HMAC_DRBG ( &sha256_algorithm, 256, 256 ) |
HMAC_DRBG using SHA-256.
The maximum security strength of HMAC_DRBG using SHA-256 is 256 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
The output block length of HMAC_DRBG using SHA-256 is 256 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 59 of file hmac_drbg.h.
#define HMAC_DRBG_SHA384 HMAC_DRBG ( &sha384_algorithm, 256, 384 ) |
HMAC_DRBG using SHA-384.
The maximum security strength of HMAC_DRBG using SHA-384 is 256 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
The output block length of HMAC_DRBG using SHA-384 is 384 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 71 of file hmac_drbg.h.
#define HMAC_DRBG_SHA512 HMAC_DRBG ( &sha512_algorithm, 256, 512 ) |
HMAC_DRBG using SHA-512.
The maximum security strength of HMAC_DRBG using SHA-512 is 256 bits according to the list of maximum security strengths documented in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
The output block length of HMAC_DRBG using SHA-512 is 512 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 83 of file hmac_drbg.h.
#define HMAC_DRBG_HASH | ( | hmac_drbg | ) | HMAC_DRBG_EXTRACT_HASH hmac_drbg |
Underlying hash algorithm.
hmac_drbg | HMAC_DRBG algorithm |
hash | Underlying hash algorithm |
Definition at line 90 of file hmac_drbg.h.
Definition at line 92 of file hmac_drbg.h.
#define HMAC_DRBG_MAX_SECURITY_STRENGTH | ( | hmac_drbg | ) | HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH hmac_drbg |
Maximum security strength.
hmac_drbg | HMAC_DRBG algorithm |
max_security_strength | Maxmimum security strength |
Definition at line 100 of file hmac_drbg.h.
#define HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH | ( | hash, | |
max_security_strength, | |||
out_len_bits | |||
) | max_security_strength |
Definition at line 102 of file hmac_drbg.h.
#define HMAC_DRBG_OUTLEN_BITS | ( | hmac_drbg | ) | HMAC_DRBG_EXTRACT_OUTLEN_BITS hmac_drbg |
Output block length, in bits.
hmac_drbg | HMAC_DRBG algorithm |
out_len_bits | Output block length, in bits |
Definition at line 111 of file hmac_drbg.h.
#define HMAC_DRBG_EXTRACT_OUTLEN_BITS | ( | hash, | |
max_security_strength, | |||
out_len_bits | |||
) | out_len_bits |
Definition at line 113 of file hmac_drbg.h.
#define HMAC_DRBG_OUTLEN_BYTES | ( | hmac_drbg | ) | ( HMAC_DRBG_OUTLEN_BITS ( hmac_drbg ) / 8 ) |
Output block length, in bytes.
hmac_drbg | HMAC_DRBG algorithm |
out_len_bytes | Output block length, in bytes |
Definition at line 122 of file hmac_drbg.h.
#define HMAC_DRBG_MAX_OUTLEN_BYTES HMAC_DRBG_OUTLEN_BYTES ( HMAC_DRBG_SHA512 ) |
Maximum output block length, in bytes.
The maximum output block length for HMAC_DRBG is 512 bits for SHA-512 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 131 of file hmac_drbg.h.
#define HMAC_DRBG_MIN_ENTROPY | ( | security_strength | ) | (security_strength) |
Required minimum entropy for instantiate and reseed.
security_strength | Security strength |
min_entropy | Required minimum entropy |
The minimum required entropy for HMAC_DRBG is equal to the security strength according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 142 of file hmac_drbg.h.
#define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES | ( | security_strength | ) | ( (security_strength) / 8 ) |
Minimum entropy input length.
security_strength | Security strength |
min_entropy_len_bytes | Required minimum entropy length (in bytes) |
The minimum entropy input length for HMAC_DRBG is equal to the security strength according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
Definition at line 153 of file hmac_drbg.h.
#define HMAC_DRBG_MAX_ENTROPY_LEN_BYTES 32 |
Maximum entropy input length.
The maximum entropy input length for HMAC_DRBG is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2).
We choose to allow up to 32 bytes.
Definition at line 164 of file hmac_drbg.h.
#define HMAC_DRBG_MAX_PERSONAL_LEN_BYTES 0xffffffffUL |
Maximum personalisation string length.
The maximum permitted personalisation string length for HMAC_DRBG is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP 800-90 Section 10.1 Table 2).
We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).
Definition at line 174 of file hmac_drbg.h.
#define HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES 0xffffffffUL |
Maximum additional input length.
The maximum permitted additional input length for HMAC_DRBG is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP 800-90 Section 10.1 Table 2).
We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).
Definition at line 184 of file hmac_drbg.h.
#define HMAC_DRBG_MAX_GENERATED_LEN_BYTES 0x0000ffffUL |
Maximum length of generated pseudorandom data per request.
The maximum number of bits per request for HMAC_DRBG is 2^19 bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP 800-90 Section 10.1 Table 2).
We choose to allow up to 2^16-1 bytes (i.e. 2^19-8 bits).
Definition at line 194 of file hmac_drbg.h.
#define HMAC_DRBG_RESEED_INTERVAL 1024 |
Reseed interval.
The maximum permitted reseed interval for HMAC_DRBG is 2^48 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP 800-90 Section 10.1 Table 2). However, the sample implementation given in ANS X9.82 Part 3-2007 Annex E.2.1 (NIST SP 800-90 Appendix F.2) shows a reseed interval of 10000.
We choose a very conservative reseed interval.
Definition at line 206 of file hmac_drbg.h.
FILE_LICENCE | ( | GPL2_OR_LATER_OR_UBDL | ) |
void hmac_drbg_instantiate | ( | struct digest_algorithm * | hash, |
struct hmac_drbg_state * | state, | ||
const void * | entropy, | ||
size_t | entropy_len, | ||
const void * | personal, | ||
size_t | personal_len | ||
) |
Instantiate HMAC_DRBG.
hash | Underlying hash algorithm |
state | HMAC_DRBG internal state to be initialised |
entropy | Entropy input |
entropy_len | Length of entropy input |
personal | Personalisation string |
personal_len | Length of personalisation string |
This is the HMAC_DRBG_Instantiate_algorithm function defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.3 (NIST SP 800-90 Section 10.1.2.3).
The nonce must be included within the entropy input (i.e. the entropy input must contain at least 3/2 * security_strength bits of entropy, as per ANS X9.82 Part 3-2007 Section 8.4.2 (NIST SP 800-90 Section 8.6.7).
The key, value and reseed counter are updated in-place within the HMAC_DRBG internal state.
Definition at line 206 of file hmac_drbg.c.
References assert(), DBGC, hash, hmac_drbg_reseed(), memset(), NULL, and state.
Referenced by drbg_instantiate_algorithm().
void hmac_drbg_reseed | ( | struct digest_algorithm * | hash, |
struct hmac_drbg_state * | state, | ||
const void * | entropy, | ||
size_t | entropy_len, | ||
const void * | additional, | ||
size_t | additional_len | ||
) |
Reseed HMAC_DRBG.
hash | Underlying hash algorithm |
state | HMAC_DRBG internal state |
entropy | Entropy input |
entropy_len | Length of entropy input |
additional | Additional input |
additional_len | Length of additional input |
This is the HMAC_DRBG_Reseed_algorithm function defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.4 (NIST SP 800-90 Section 10.1.2.4).
The key, value and reseed counter are updated in-place within the HMAC_DRBG internal state.
Definition at line 255 of file hmac_drbg.c.
References additional, assert(), DBGC, DBGC_HDA, hash, hmac_drbg_update(), memcpy(), NULL, and state.
Referenced by drbg_reseed_algorithm(), and hmac_drbg_instantiate().
int hmac_drbg_generate | ( | struct digest_algorithm * | hash, |
struct hmac_drbg_state * | state, | ||
const void * | additional, | ||
size_t | additional_len, | ||
void * | data, | ||
size_t | len | ||
) |
Generate pseudorandom bits using HMAC_DRBG.
hash | Underlying hash algorithm |
state | HMAC_DRBG internal state |
additional | Additional input |
additional_len | Length of additional input |
data | Output buffer |
len | Length of output buffer |
rc | Return status code |
This is the HMAC_DRBG_Generate_algorithm function defined in ANS X9.82 Part 3-2007 Section 10.2.2.2.5 (NIST SP 800-90 Section 10.1.2.5).
Requests must be for an integral number of bytes.
The key, value and reseed counter are updated in-place within the HMAC_DRBG internal state.
Note that the only permitted error is "reseed required".
Definition at line 306 of file hmac_drbg.c.
References additional, assert(), data, DBGC, DBGC_HDA, ESTALE, hash, HMAC_DRBG_RESEED_INTERVAL, hmac_drbg_update(), hmac_drbg_update_value(), len, memcpy(), NULL, and state.
Referenced by drbg_generate_algorithm().