496_v9-0006-DRBG-specific-gcry_control-requests.patch
AbandonedPublic

Authored by smueller_chronox.de on Sep 2 2014, 4:33 AM.

Details

Reviewers
None
Summary

From 50a8756141a4df029eca7259dcc0a2f0ff447355 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Thu, 21 Aug 2014 21:22:59 +0200
Subject: [PATCH v9 6/7] DRBG specific gcry_control requests

gcry_control GCRYCTL_DRBG_REINIT

This control request re-initializes the DRBG completely, i.e. the entire
state of the DRBG is zeroized (with two exceptions listed in
GCRYCTL_DRBG_SET_ENTROPY).

The control request takes the following values which influences how
the DRBG is re-initialized:

  • __u32 flags: This variable specifies the DRBG type to be used for
		 the next initialization. If set to 0, the previous DRBG
		 type is used for the initialization. The DRBG type is
		 an OR of the mandatory flags of the requested DRBG
		 strength and DRBG cipher type. Optionally, the prediction
		 resistance flag can be ORed into the flags variable. For
		 example:
                   - CTR-DRBG with AES-128 without prediction
                     resistance:
                        DRBG_CTRAES128
                   - HMAC-DRBG with SHA-512 with prediction resistance:
                        DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST
  * struct drbg_string *pers: personalization string to be used for
                              initialization.
  * struct drbg_test_data *test: TEST parameter only -- should be NULL in
                                 normal use -- parameter sets predefined
                                 "entropy"

The variable of flags is independent from the pers/perslen variables. If
flags is set to 0 and perslen is set to 0, the current DRBG type is
completely reset without using a personalization string.

Signed-off-by: Stephan Mueller <smueller@chronox.de>

src/global.c | 9 +++++++++
1 file changed, 9 insertions(+)

1.9.3

Test Plan

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped