Page MenuHome GnuPG


Authored by on Sep 7 2014, 2:57 AM.



From d1e3e61b0133cb5772971653da4ddbc9312c6696 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <>
Date: Sun, 7 Sep 2014 02:39:32 +0200
Subject: [PATCH v10] SP800-90A Deterministic Random Bit Generator

This is a clean-room implementation of the DRBG defined in SP800-90A.
All three viable DRBGs defined in the standard are implemented:

  • HMAC: This is the leanest DRBG and compiled per default
  • Hash: The more complex DRBG can be enabled at compile time
  • CTR: The most complex DRBG can also be enabled at compile time

The DRBG implementation offers the following:

  • All three DRBG types are implemented with a derivation function.
  • All DRBG types are available with and without prediction resistance.
  • All SHA types of SHA-1, SHA-256, SHA-384, SHA-512 are available for
  • the HMAC and Hash DRBGs.
  • All AES types of AES-128, AES-192 and AES-256 are available for the
  • A self test is implemented with drbg_healthcheck().
  • The FIPS 140-2 continuous self test is implemented.
  • Additional cipher primitives, such as Serpent or Twofish, can be
  • added to the DRBG without changing the implementation. The only
  • change necessary is to the DRBG definition given in the cores[]
  • array.

Signed-off-by: Stephan Mueller <>

random/ | 1 +
random/drbg.c | 2303 ++++++++++++++++++++++++++++++++++++++++++++++++
random/rand-internal.h | 9 +
random/random.c | 33 +-
random/random.h | 22 +
src/ | 109 ++-
src/global.c | 22 +
7 files changed, 2488 insertions(+), 11 deletions(-)
create mode 100644 random/drbg.c


Test Plan

Diff Detail

Lint Skipped
Unit Tests Skipped