10 FILE_LICENCE ( GPL2_OR_LATER );
13 #include <ipxe/sha256.h>
14 #include <ipxe/hmac_drbg.h>
16 /** Choose HMAC_DRBG using SHA-256
18 * HMAC_DRBG using SHA-256 is an Approved algorithm in ANS X9.82.
20 #define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA256
22 /** Maximum security strength */
23 #define DRBG_MAX_SECURITY_STRENGTH \
24 HMAC_DRBG_MAX_SECURITY_STRENGTH ( HMAC_DRBG_ALGORITHM )
28 * We choose to operate at a strength of 128 bits.
30 #define DRBG_SECURITY_STRENGTH 128
32 /** Minimum entropy input length */
33 #define DRBG_MIN_ENTROPY_LEN_BYTES \
34 HMAC_DRBG_MIN_ENTROPY_LEN_BYTES ( DRBG_SECURITY_STRENGTH )
36 /** Maximum entropy input length */
37 #define DRBG_MAX_ENTROPY_LEN_BYTES HMAC_DRBG_MAX_ENTROPY_LEN_BYTES
39 /** Maximum personalisation string length */
40 #define DRBG_MAX_PERSONAL_LEN_BYTES HMAC_DRBG_MAX_PERSONAL_LEN_BYTES
42 /** Maximum additional input length */
43 #define DRBG_MAX_ADDITIONAL_LEN_BYTES HMAC_DRBG_MAX_ADDITIONAL_LEN_BYTES
45 /** Maximum length of generated pseudorandom data per request */
46 #define DRBG_MAX_GENERATED_LEN_BYTES HMAC_DRBG_MAX_GENERATED_LEN_BYTES
48 /** A Deterministic Random Bit Generator */
50 /** Algorithm internal state */
51 struct hmac_drbg_state internal;
52 /** Reseed required flag */
59 * Instantiate DRBG algorithm
61 * @v state Algorithm state
62 * @v entropy Entropy input
63 * @v entropy_len Length of entropy input
64 * @v personal Personalisation string
65 * @v personal_len Length of personalisation string
67 * This is the Instantiate_algorithm function defined in ANS X9.82
68 * Part 3-2007 Section 9.2 (NIST SP 800-90 Section 9.1).
70 static inline void drbg_instantiate_algorithm ( struct drbg_state *state,
74 size_t personal_len ) {
75 hmac_drbg_instantiate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ),
76 &state->internal, entropy, entropy_len,
77 personal, personal_len );
81 * Reseed DRBG algorithm
83 * @v state Algorithm state
84 * @v entropy Entropy input
85 * @v entropy_len Length of entropy input
86 * @v additional Additional input
87 * @v additional_len Length of additional input
89 * This is the Reseed_algorithm function defined in ANS X9.82
90 * Part 3-2007 Section 9.3 (NIST SP 800-90 Section 9.2).
92 static inline void drbg_reseed_algorithm ( struct drbg_state *state,
95 const void *additional,
96 size_t additional_len ) {
97 hmac_drbg_reseed ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ),
98 &state->internal, entropy, entropy_len,
99 additional, additional_len );
103 * Generate pseudorandom bits using DRBG algorithm
105 * @v state Algorithm state
106 * @v additional Additional input
107 * @v additional_len Length of additional input
108 * @v data Output buffer
109 * @v len Length of output buffer
110 * @ret rc Return status code
112 * This is the Generate_algorithm function defined in ANS X9.82
113 * Part 3-2007 Section 9.4 (NIST SP 800-90 Section 9.3).
115 * Note that the only permitted error is "reseed required".
117 static inline int drbg_generate_algorithm ( struct drbg_state *state,
118 const void *additional,
119 size_t additional_len,
120 void *data, size_t len ) {
121 return hmac_drbg_generate ( HMAC_DRBG_HASH ( HMAC_DRBG_ALGORITHM ),
122 &state->internal, additional,
123 additional_len, data, len );
126 extern int drbg_instantiate ( struct drbg_state *state, const void *personal,
127 size_t personal_len );
128 extern int drbg_reseed ( struct drbg_state *state, const void *additional,
129 size_t additional_len );
130 extern int drbg_generate ( struct drbg_state *state, const void *additional,
131 size_t additional_len, int prediction_resist,
132 void *data, size_t len );
133 extern void drbg_uninstantiate ( struct drbg_state *state );
135 #endif /* _IPXE_DRBG_H */