From a3b341947f605e4951b47c9564822dfd79f88bf9 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Thu, 21 Aug 2014 21:26:27 +0200
Subject: [PATCH v7 7/7] User interface to DRBG
DRBG Usage
The SP 800-90A DRBG allows the user to specify a personalization string
for initialization as well as an additional information string for each
random number request. The following code fragments show how a caller
uses the kernel crypto API to use the full functionality of the DRBG.
Usage without any additional data
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Usage with personalization string during initialization
struct drbg_string pers;
drbg_string_fill(&pers, "string", strlen("string"));
The reset completely re-initializes the DRBG with the provided
personalization string without changing the DRBG type
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0, &pers, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
Usage with additional information string during random number request
struct drbg_string addtl;
drbg_string_fill(&addtl, "string", strlen("string"));
The following call is a wrapper to gcry_randomize() and returns
the same error codes.
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM, &addtl);
Usage with personalization and additional information strings
Just mix both scenarios above.
Switch the DRBG type to some other type
// Switch to CTR DRBG AES-128 without prediction resistance
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_NOPR_CTRAES128, NULL, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
src/gcrypt.h.in | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 144 insertions(+), 13 deletions(-)
1.9.3