diff options
| author | Michael Brown <mcb30@ipxe.org> | 2012-03-06 12:58:56 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2012-03-06 13:12:30 +0000 |
| commit | b9d9c3f1d5b0a92cd7c07df1c180f915ad2e6018 (patch) | |
| tree | ddb8ce9a5f466db5ecb13f70d5d695caf4ec3f34 /src/include/ipxe/drbg.h | |
| parent | 742e43be05d7525135b81a8bcde44083aa1a0ecd (diff) | |
| download | ipxe-b9d9c3f1d5b0a92cd7c07df1c180f915ad2e6018.tar.gz | |
[rng] Allow HMAC_DRBG to use multiple underlying hash algorithms
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe/drbg.h')
| -rw-r--r-- | src/include/ipxe/drbg.h | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/src/include/ipxe/drbg.h b/src/include/ipxe/drbg.h index 3cf4584ac..139f03c54 100644 --- a/src/include/ipxe/drbg.h +++ b/src/include/ipxe/drbg.h @@ -10,16 +10,29 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include <stdint.h> +#include <ipxe/sha1.h> #include <ipxe/hmac_drbg.h> +/** Choose HMAC_DRBG using SHA-1 + * + * HMAC_DRBG using SHA-1 is an Approved algorithm in ANS X9.82. + */ +#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA1 + /** Maximum security strength */ -#define DRBG_MAX_SECURITY_STRENGTH HMAC_DRBG_MAX_SECURITY_STRENGTH +#define DRBG_MAX_SECURITY_STRENGTH \ + HMAC_DRBG_MAX_SECURITY_STRENGTH ( HMAC_DRBG_ALGORITHM ) -/** Security strength */ -#define DRBG_SECURITY_STRENGTH HMAC_DRBG_SECURITY_STRENGTH +/** Security strength + * + * We choose to operate at the maximum security strength supported by + * the algorithm. + */ +#define DRBG_SECURITY_STRENGTH DRBG_MAX_SECURITY_STRENGTH /** Minimum entropy input length */ -#define DRBG_MIN_ENTROPY_LEN_BYTES HMAC_DRBG_MIN_ENTROPY_LEN_BYTES +#define DRBG_MIN_ENTROPY_LEN_BYTES \ + HMAC_DRBG_MIN_ENTROPY_LEN_BYTES ( DRBG_SECURITY_STRENGTH ) /** Maximum entropy input length */ #define DRBG_MAX_ENTROPY_LEN_BYTES HMAC_DRBG_MAX_ENTROPY_LEN_BYTES @@ -60,7 +73,8 @@ static inline void drbg_instantiate_algorithm ( struct drbg_state *state, size_t entropy_len, const void *personal, size_t personal_len ) { - hmac_drbg_instantiate ( &state->internal, entropy, entropy_len, + hmac_drbg_instantiate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ), + &state->internal, entropy, entropy_len, personal, personal_len ); } @@ -81,7 +95,8 @@ static inline void drbg_reseed_algorithm ( struct drbg_state *state, size_t entropy_len, const void *additional, size_t additional_len ) { - hmac_drbg_reseed ( &state->internal, entropy, entropy_len, + hmac_drbg_reseed ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ), + &state->internal, entropy, entropy_len, additional, additional_len ); } @@ -104,7 +119,8 @@ static inline int drbg_generate_algorithm ( struct drbg_state *state, const void *additional, size_t additional_len, void *data, size_t len ) { - return hmac_drbg_generate ( &state->internal, additional, + return hmac_drbg_generate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ), + &state->internal, additional, additional_len, data, len ); } |