497_v9-0007-User-interface-to-DRBG.patch
AbandonedPublic

Authored by smueller_chronox.de on Sep 2 2014, 4:33 AM.

Details

Reviewers
None
Summary

From 581c850aa7ac63086a489480efa4cc0bf8cfd510 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Thu, 21 Aug 2014 21:26:27 +0200
Subject: [PATCH v9 7/7] User interface to DRBG

DRBG Usage

The SP 800-90A DRBG allows the user to specify a personalization string
for initialization as well as an additional information string for each
random number request. The following code fragments show how a caller
uses the kernel crypto API to use the full functionality of the DRBG.

Usage without any additional data

gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with personalization string during initialization

struct drbg_string pers;

drbg_string_fill(&pers, "string", strlen("string"));
The reset completely re-initializes the DRBG with the provided
personalization string without changing the DRBG type
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0, &pers, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with additional information string during random number request

struct drbg_string addtl;

drbg_string_fill(&addtl, "string", strlen("string"));
The following call is a wrapper to gcry_randomize() and returns
the same error codes.
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM, &addtl);

Usage with personalization and additional information strings

Just mix both scenarios above.

Switch the DRBG type to some other type

// Switch to CTR DRBG AES-128 without prediction resistance
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_NOPR_CTRAES128, NULL, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Signed-off-by: Stephan Mueller <smueller@chronox.de>

src/gcrypt.h.in | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 144 insertions(+), 13 deletions(-)

1.9.3

Test Plan

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped