iPXE
hmac_drbg.h
Go to the documentation of this file.
1#ifndef _IPXE_HMAC_DRBG_H
2#define _IPXE_HMAC_DRBG_H
3
4/** @file
5 *
6 * HMAC_DRBG algorithm
7 *
8 */
9
10FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11FILE_SECBOOT ( PERMITTED );
12
13#include <stdint.h>
14#include <ipxe/crypto.h>
15
16/** Declare an HMAC_DRBG algorithm
17 *
18 * @v hash Underlying hash algorithm
19 * @v max_security_strength Maxmimum security strength
20 * @v out_len_bits Output block length, in bits
21 * @ret hmac_drbg HMAC_DRBG algorithm
22 */
23#define HMAC_DRBG( hash, max_security_strength, out_len_bits ) \
24 ( hash, max_security_strength, out_len_bits )
25
26/** HMAC_DRBG using SHA-1
27 *
28 * The maximum security strength of HMAC_DRBG using SHA-1 is 128 bits
29 * according to the list of maximum security strengths documented in
30 * NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
31 *
32 * The output block length of HMAC_DRBG using SHA-1 is 160 bits
33 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
34 * 800-90 Section 10.1 Table 2).
35 */
36#define HMAC_DRBG_SHA1 HMAC_DRBG ( &sha1_algorithm, 128, 160 )
37
38/** HMAC_DRBG using SHA-224
39 *
40 * The maximum security strength of HMAC_DRBG using SHA-224 is 192
41 * bits according to the list of maximum security strengths documented
42 * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
43 *
44 * The output block length of HMAC_DRBG using SHA-224 is 224 bits
45 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
46 * 800-90 Section 10.1 Table 2).
47 */
48#define HMAC_DRBG_SHA224 HMAC_DRBG ( &sha224_algorithm, 192, 224 )
49
50/** HMAC_DRBG using SHA-256
51 *
52 * The maximum security strength of HMAC_DRBG using SHA-256 is 256
53 * bits according to the list of maximum security strengths documented
54 * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
55 *
56 * The output block length of HMAC_DRBG using SHA-256 is 256 bits
57 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
58 * 800-90 Section 10.1 Table 2).
59 */
60#define HMAC_DRBG_SHA256 HMAC_DRBG ( &sha256_algorithm, 256, 256 )
61
62/** HMAC_DRBG using SHA-384
63 *
64 * The maximum security strength of HMAC_DRBG using SHA-384 is 256
65 * bits according to the list of maximum security strengths documented
66 * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
67 *
68 * The output block length of HMAC_DRBG using SHA-384 is 384 bits
69 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
70 * 800-90 Section 10.1 Table 2).
71 */
72#define HMAC_DRBG_SHA384 HMAC_DRBG ( &sha384_algorithm, 256, 384 )
73
74/** HMAC_DRBG using SHA-512
75 *
76 * The maximum security strength of HMAC_DRBG using SHA-512 is 256
77 * bits according to the list of maximum security strengths documented
78 * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
79 *
80 * The output block length of HMAC_DRBG using SHA-512 is 512 bits
81 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
82 * 800-90 Section 10.1 Table 2).
83 */
84#define HMAC_DRBG_SHA512 HMAC_DRBG ( &sha512_algorithm, 256, 512 )
85
86/** Underlying hash algorithm
87 *
88 * @v hmac_drbg HMAC_DRBG algorithm
89 * @ret hash Underlying hash algorithm
90 */
91#define HMAC_DRBG_HASH( hmac_drbg ) \
92 HMAC_DRBG_EXTRACT_HASH hmac_drbg
93#define HMAC_DRBG_EXTRACT_HASH( hash, max_security_strength, out_len_bits ) \
94 hash
95
96/** Maximum security strength
97 *
98 * @v hmac_drbg HMAC_DRBG algorithm
99 * @ret max_security_strength Maxmimum security strength
100 */
101#define HMAC_DRBG_MAX_SECURITY_STRENGTH( hmac_drbg ) \
102 HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH hmac_drbg
103#define HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH( hash, max_security_strength, \
104 out_len_bits ) \
105 max_security_strength
106
107/** Output block length, in bits
108 *
109 * @v hmac_drbg HMAC_DRBG algorithm
110 * @ret out_len_bits Output block length, in bits
111 */
112#define HMAC_DRBG_OUTLEN_BITS( hmac_drbg ) \
113 HMAC_DRBG_EXTRACT_OUTLEN_BITS hmac_drbg
114#define HMAC_DRBG_EXTRACT_OUTLEN_BITS( hash, max_security_strength, \
115 out_len_bits ) \
116 out_len_bits
117
118/** Output block length, in bytes
119 *
120 * @v hmac_drbg HMAC_DRBG algorithm
121 * @ret out_len_bytes Output block length, in bytes
122 */
123#define HMAC_DRBG_OUTLEN_BYTES( hmac_drbg ) \
124 ( HMAC_DRBG_OUTLEN_BITS ( hmac_drbg ) / 8 )
125
126/** Maximum output block length, in bytes
127 *
128 * The maximum output block length for HMAC_DRBG is 512 bits for
129 * SHA-512 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2
130 * (NIST SP 800-90 Section 10.1 Table 2).
131 */
132#define HMAC_DRBG_MAX_OUTLEN_BYTES HMAC_DRBG_OUTLEN_BYTES ( HMAC_DRBG_SHA512 )
133
134/** Required minimum entropy for instantiate and reseed
135 *
136 * @v security_strength Security strength
137 * @ret min_entropy Required minimum entropy
138 *
139 * The minimum required entropy for HMAC_DRBG is equal to the security
140 * strength according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2
141 * (NIST SP 800-90 Section 10.1 Table 2).
142 */
143#define HMAC_DRBG_MIN_ENTROPY( security_strength ) (security_strength)
144
145/** Minimum entropy input length
146 *
147 * @v security_strength Security strength
148 * @ret min_entropy_len_bytes Required minimum entropy length (in bytes)
149 *
150 * The minimum entropy input length for HMAC_DRBG is equal to the
151 * security strength according to ANS X9.82 Part 3-2007 Section 10.2.1
152 * Table 2 (NIST SP 800-90 Section 10.1 Table 2).
153 */
154#define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES( security_strength ) \
155 ( (security_strength) / 8 )
156
157/** Maximum entropy input length
158 *
159 * The maximum entropy input length for HMAC_DRBG is 2^35 bits
160 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
161 * 800-90 Section 10.1 Table 2).
162 *
163 * We choose to allow up to 32 bytes.
164 */
165#define HMAC_DRBG_MAX_ENTROPY_LEN_BYTES 32
166
167/** Maximum personalisation string length
168 *
169 * The maximum permitted personalisation string length for HMAC_DRBG
170 * is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1
171 * Table 1 (NIST SP 800-90 Section 10.1 Table 2).
172 *
173 * We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).
174 */
175#define HMAC_DRBG_MAX_PERSONAL_LEN_BYTES 0xffffffffUL
176
177/** Maximum additional input length
178 *
179 * The maximum permitted additional input length for HMAC_DRBG is 2^35
180 * bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1
181 * (NIST SP 800-90 Section 10.1 Table 2).
182 *
183 * We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).
184 */
185#define HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES 0xffffffffUL
186
187/** Maximum length of generated pseudorandom data per request
188 *
189 * The maximum number of bits per request for HMAC_DRBG is 2^19 bits
190 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP
191 * 800-90 Section 10.1 Table 2).
192 *
193 * We choose to allow up to 2^16-1 bytes (i.e. 2^19-8 bits).
194 */
195#define HMAC_DRBG_MAX_GENERATED_LEN_BYTES 0x0000ffffUL
196
197/** Reseed interval
198 *
199 * The maximum permitted reseed interval for HMAC_DRBG is 2^48
200 * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
201 * 800-90 Section 10.1 Table 2). However, the sample implementation
202 * given in ANS X9.82 Part 3-2007 Annex E.2.1 (NIST SP 800-90 Appendix
203 * F.2) shows a reseed interval of 10000.
204 *
205 * We choose a very conservative reseed interval.
206 */
207#define HMAC_DRBG_RESEED_INTERVAL 1024
208
209/**
210 * HMAC_DRBG internal state
211 *
212 * This structure is defined by ANS X9.82 Part 3-2007 Section
213 * 10.2.2.2.1 (NIST SP 800-90 Section 10.1.2.1).
214 *
215 * The "administrative information" portions (security_strength and
216 * prediction_resistance) are design-time constants and so are not
217 * present as fields in this structure.
218 */
220 /** Current value
221 *
222 * "The value V of outlen bits, which is updated each time
223 * another outlen bits of output are produced"
224 */
226 /** Current key
227 *
228 * "The outlen-bit Key, which is updated at least once each
229 * time that the DRBG mechanism generates pseudorandom bits."
230 */
232 /** Reseed counter
233 *
234 * "A counter (reseed_counter) that indicates the number of
235 * requests for pseudorandom bits since instantiation or
236 * reseeding"
237 */
238 unsigned int reseed_counter;
239};
240
241extern void hmac_drbg_instantiate ( struct digest_algorithm *hash,
242 struct hmac_drbg_state *state,
243 const void *entropy, size_t entropy_len,
244 const void *personal, size_t personal_len );
245extern void hmac_drbg_reseed ( struct digest_algorithm *hash,
246 struct hmac_drbg_state *state,
247 const void *entropy, size_t entropy_len,
248 const void *additional, size_t additional_len );
249extern int hmac_drbg_generate ( struct digest_algorithm *hash,
250 struct hmac_drbg_state *state,
251 const void *additional, size_t additional_len,
252 void *data, size_t len );
253
254#endif /* _IPXE_HMAC_DRBG_H */
pseudo_bit_t hash[0x00010]
Definition arbel.h:2
unsigned char uint8_t
Definition stdint.h:10
ring len
Length.
Definition dwmac.h:226
uint8_t data[48]
Additional event data.
Definition ena.h:11
uint8_t state
State.
Definition eth_slow.h:36
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
Definition compiler.h:926
#define HMAC_DRBG_MAX_OUTLEN_BYTES
Maximum output block length, in bytes.
Definition hmac_drbg.h:132
int hmac_drbg_generate(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len)
Generate pseudorandom bits using HMAC_DRBG.
Definition hmac_drbg.c:307
void hmac_drbg_reseed(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len)
Reseed HMAC_DRBG.
Definition hmac_drbg.c:256
void hmac_drbg_instantiate(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len)
Instantiate HMAC_DRBG.
Definition hmac_drbg.c:207
Cryptographic API.
uint16_t additional
Additional sense code and qualifier.
Definition scsi.h:13
A message digest algorithm.
Definition crypto.h:19
HMAC_DRBG internal state.
Definition hmac_drbg.h:219
uint8_t value[HMAC_DRBG_MAX_OUTLEN_BYTES]
Current value.
Definition hmac_drbg.h:225
uint8_t key[HMAC_DRBG_MAX_OUTLEN_BYTES]
Current key.
Definition hmac_drbg.h:231
unsigned int reseed_counter
Reseed counter.
Definition hmac_drbg.h:238