iPXE
hmac_drbg.h
Go to the documentation of this file.
1 #ifndef _IPXE_HMAC_DRBG_H
2 #define _IPXE_HMAC_DRBG_H
3 
4 /** @file
5  *
6  * HMAC_DRBG algorithm
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 FILE_SECBOOT ( PERMITTED );
12 
13 #include <stdint.h>
14 #include <ipxe/crypto.h>
15 
16 /** Declare an HMAC_DRBG algorithm
17  *
18  * @v hash Underlying hash algorithm
19  * @v max_security_strength Maxmimum security strength
20  * @v out_len_bits Output block length, in bits
21  * @ret hmac_drbg HMAC_DRBG algorithm
22  */
23 #define HMAC_DRBG( hash, max_security_strength, out_len_bits ) \
24  ( hash, max_security_strength, out_len_bits )
25 
26 /** HMAC_DRBG using SHA-1
27  *
28  * The maximum security strength of HMAC_DRBG using SHA-1 is 128 bits
29  * according to the list of maximum security strengths documented in
30  * NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
31  *
32  * The output block length of HMAC_DRBG using SHA-1 is 160 bits
33  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
34  * 800-90 Section 10.1 Table 2).
35  */
36 #define HMAC_DRBG_SHA1 HMAC_DRBG ( &sha1_algorithm, 128, 160 )
37 
38 /** HMAC_DRBG using SHA-224
39  *
40  * The maximum security strength of HMAC_DRBG using SHA-224 is 192
41  * bits according to the list of maximum security strengths documented
42  * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
43  *
44  * The output block length of HMAC_DRBG using SHA-224 is 224 bits
45  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
46  * 800-90 Section 10.1 Table 2).
47  */
48 #define HMAC_DRBG_SHA224 HMAC_DRBG ( &sha224_algorithm, 192, 224 )
49 
50 /** HMAC_DRBG using SHA-256
51  *
52  * The maximum security strength of HMAC_DRBG using SHA-256 is 256
53  * bits according to the list of maximum security strengths documented
54  * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
55  *
56  * The output block length of HMAC_DRBG using SHA-256 is 256 bits
57  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
58  * 800-90 Section 10.1 Table 2).
59  */
60 #define HMAC_DRBG_SHA256 HMAC_DRBG ( &sha256_algorithm, 256, 256 )
61 
62 /** HMAC_DRBG using SHA-384
63  *
64  * The maximum security strength of HMAC_DRBG using SHA-384 is 256
65  * bits according to the list of maximum security strengths documented
66  * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
67  *
68  * The output block length of HMAC_DRBG using SHA-384 is 384 bits
69  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
70  * 800-90 Section 10.1 Table 2).
71  */
72 #define HMAC_DRBG_SHA384 HMAC_DRBG ( &sha384_algorithm, 256, 384 )
73 
74 /** HMAC_DRBG using SHA-512
75  *
76  * The maximum security strength of HMAC_DRBG using SHA-512 is 256
77  * bits according to the list of maximum security strengths documented
78  * in NIST SP 800-57 Part 1 Section 5.6.1 Table 3.
79  *
80  * The output block length of HMAC_DRBG using SHA-512 is 512 bits
81  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
82  * 800-90 Section 10.1 Table 2).
83  */
84 #define HMAC_DRBG_SHA512 HMAC_DRBG ( &sha512_algorithm, 256, 512 )
85 
86 /** Underlying hash algorithm
87  *
88  * @v hmac_drbg HMAC_DRBG algorithm
89  * @ret hash Underlying hash algorithm
90  */
91 #define HMAC_DRBG_HASH( hmac_drbg ) \
92  HMAC_DRBG_EXTRACT_HASH hmac_drbg
93 #define HMAC_DRBG_EXTRACT_HASH( hash, max_security_strength, out_len_bits ) \
94  hash
95 
96 /** Maximum security strength
97  *
98  * @v hmac_drbg HMAC_DRBG algorithm
99  * @ret max_security_strength Maxmimum security strength
100  */
101 #define HMAC_DRBG_MAX_SECURITY_STRENGTH( hmac_drbg ) \
102  HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH hmac_drbg
103 #define HMAC_DRBG_EXTRACT_MAX_SECURITY_STRENGTH( hash, max_security_strength, \
104  out_len_bits ) \
105  max_security_strength
106 
107 /** Output block length, in bits
108  *
109  * @v hmac_drbg HMAC_DRBG algorithm
110  * @ret out_len_bits Output block length, in bits
111  */
112 #define HMAC_DRBG_OUTLEN_BITS( hmac_drbg ) \
113  HMAC_DRBG_EXTRACT_OUTLEN_BITS hmac_drbg
114 #define HMAC_DRBG_EXTRACT_OUTLEN_BITS( hash, max_security_strength, \
115  out_len_bits ) \
116  out_len_bits
117 
118 /** Output block length, in bytes
119  *
120  * @v hmac_drbg HMAC_DRBG algorithm
121  * @ret out_len_bytes Output block length, in bytes
122  */
123 #define HMAC_DRBG_OUTLEN_BYTES( hmac_drbg ) \
124  ( HMAC_DRBG_OUTLEN_BITS ( hmac_drbg ) / 8 )
125 
126 /** Maximum output block length, in bytes
127  *
128  * The maximum output block length for HMAC_DRBG is 512 bits for
129  * SHA-512 according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2
130  * (NIST SP 800-90 Section 10.1 Table 2).
131  */
132 #define HMAC_DRBG_MAX_OUTLEN_BYTES HMAC_DRBG_OUTLEN_BYTES ( HMAC_DRBG_SHA512 )
133 
134 /** Required minimum entropy for instantiate and reseed
135  *
136  * @v security_strength Security strength
137  * @ret min_entropy Required minimum entropy
138  *
139  * The minimum required entropy for HMAC_DRBG is equal to the security
140  * strength according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2
141  * (NIST SP 800-90 Section 10.1 Table 2).
142  */
143 #define HMAC_DRBG_MIN_ENTROPY( security_strength ) (security_strength)
144 
145 /** Minimum entropy input length
146  *
147  * @v security_strength Security strength
148  * @ret min_entropy_len_bytes Required minimum entropy length (in bytes)
149  *
150  * The minimum entropy input length for HMAC_DRBG is equal to the
151  * security strength according to ANS X9.82 Part 3-2007 Section 10.2.1
152  * Table 2 (NIST SP 800-90 Section 10.1 Table 2).
153  */
154 #define HMAC_DRBG_MIN_ENTROPY_LEN_BYTES( security_strength ) \
155  ( (security_strength) / 8 )
156 
157 /** Maximum entropy input length
158  *
159  * The maximum entropy input length for HMAC_DRBG is 2^35 bits
160  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
161  * 800-90 Section 10.1 Table 2).
162  *
163  * We choose to allow up to 32 bytes.
164  */
165 #define HMAC_DRBG_MAX_ENTROPY_LEN_BYTES 32
166 
167 /** Maximum personalisation string length
168  *
169  * The maximum permitted personalisation string length for HMAC_DRBG
170  * is 2^35 bits according to ANS X9.82 Part 3-2007 Section 10.2.1
171  * Table 1 (NIST SP 800-90 Section 10.1 Table 2).
172  *
173  * We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).
174  */
175 #define HMAC_DRBG_MAX_PERSONAL_LEN_BYTES 0xffffffffUL
176 
177 /** Maximum additional input length
178  *
179  * The maximum permitted additional input length for HMAC_DRBG is 2^35
180  * bits according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1
181  * (NIST SP 800-90 Section 10.1 Table 2).
182  *
183  * We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits).
184  */
185 #define HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES 0xffffffffUL
186 
187 /** Maximum length of generated pseudorandom data per request
188  *
189  * The maximum number of bits per request for HMAC_DRBG is 2^19 bits
190  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 1 (NIST SP
191  * 800-90 Section 10.1 Table 2).
192  *
193  * We choose to allow up to 2^16-1 bytes (i.e. 2^19-8 bits).
194  */
195 #define HMAC_DRBG_MAX_GENERATED_LEN_BYTES 0x0000ffffUL
196 
197 /** Reseed interval
198  *
199  * The maximum permitted reseed interval for HMAC_DRBG is 2^48
200  * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP
201  * 800-90 Section 10.1 Table 2). However, the sample implementation
202  * given in ANS X9.82 Part 3-2007 Annex E.2.1 (NIST SP 800-90 Appendix
203  * F.2) shows a reseed interval of 10000.
204  *
205  * We choose a very conservative reseed interval.
206  */
207 #define HMAC_DRBG_RESEED_INTERVAL 1024
208 
209 /**
210  * HMAC_DRBG internal state
211  *
212  * This structure is defined by ANS X9.82 Part 3-2007 Section
213  * 10.2.2.2.1 (NIST SP 800-90 Section 10.1.2.1).
214  *
215  * The "administrative information" portions (security_strength and
216  * prediction_resistance) are design-time constants and so are not
217  * present as fields in this structure.
218  */
219 struct hmac_drbg_state {
220  /** Current value
221  *
222  * "The value V of outlen bits, which is updated each time
223  * another outlen bits of output are produced"
224  */
225  uint8_t value[HMAC_DRBG_MAX_OUTLEN_BYTES];
226  /** Current key
227  *
228  * "The outlen-bit Key, which is updated at least once each
229  * time that the DRBG mechanism generates pseudorandom bits."
230  */
231  uint8_t key[HMAC_DRBG_MAX_OUTLEN_BYTES];
232  /** Reseed counter
233  *
234  * "A counter (reseed_counter) that indicates the number of
235  * requests for pseudorandom bits since instantiation or
236  * reseeding"
237  */
238  unsigned int reseed_counter;
239 };
240 
241 extern void hmac_drbg_instantiate ( struct digest_algorithm *hash,
242  struct hmac_drbg_state *state,
243  const void *entropy, size_t entropy_len,
244  const void *personal, size_t personal_len );
245 extern void hmac_drbg_reseed ( struct digest_algorithm *hash,
246  struct hmac_drbg_state *state,
247  const void *entropy, size_t entropy_len,
248  const void *additional, size_t additional_len );
249 extern int hmac_drbg_generate ( struct digest_algorithm *hash,
250  struct hmac_drbg_state *state,
251  const void *additional, size_t additional_len,
252  void *data, size_t len );
253 
254 #endif /* _IPXE_HMAC_DRBG_H */
hash
pseudo_bit_t hash[0x00010]
Definition: arbel.h:13
state
uint8_t state
State.
Definition: eth_slow.h:48
HMAC_DRBG_MAX_OUTLEN_BYTES
#define HMAC_DRBG_MAX_OUTLEN_BYTES
Maximum output block length, in bytes.
Definition: hmac_drbg.h:132
hmac_drbg_state::reseed_counter
unsigned int reseed_counter
Reseed counter.
Definition: hmac_drbg.h:238
crypto.h
Cryptographic API.
hmac_drbg_reseed
void hmac_drbg_reseed(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *additional, size_t additional_len)
Reseed HMAC_DRBG.
Definition: hmac_drbg.c:256
additional
uint16_t additional
Additional sense code and qualifier.
Definition: scsi.h:28
len
ring len
Length.
Definition: dwmac.h:231
FILE_SECBOOT
FILE_SECBOOT(PERMITTED)
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
hmac_drbg_state::value
uint8_t value[HMAC_DRBG_MAX_OUTLEN_BYTES]
Current value.
Definition: hmac_drbg.h:225
hmac_drbg_state::key
uint8_t key[HMAC_DRBG_MAX_OUTLEN_BYTES]
Current key.
Definition: hmac_drbg.h:231
hmac_drbg_state
HMAC_DRBG internal state.
Definition: hmac_drbg.h:219
hmac_drbg_instantiate
void hmac_drbg_instantiate(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *entropy, size_t entropy_len, const void *personal, size_t personal_len)
Instantiate HMAC_DRBG.
Definition: hmac_drbg.c:207
digest_algorithm
A message digest algorithm.
Definition: crypto.h:19
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
hmac_drbg_generate
int hmac_drbg_generate(struct digest_algorithm *hash, struct hmac_drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len)
Generate pseudorandom bits using HMAC_DRBG.
Definition: hmac_drbg.c:307
Generated by   doxygen 1.8.15