473_v7-0007-User-interface-to-DRBG.patch
AbandonedPublic

Authored by smueller_chronox.de on Aug 21 2014, 9:45 PM.

Details

Reviewers
None
Summary

From a3b341947f605e4951b47c9564822dfd79f88bf9 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Thu, 21 Aug 2014 21:26:27 +0200
Subject: [PATCH v7 7/7] User interface to DRBG

DRBG Usage

The SP 800-90A DRBG allows the user to specify a personalization string
for initialization as well as an additional information string for each
random number request. The following code fragments show how a caller
uses the kernel crypto API to use the full functionality of the DRBG.

Usage without any additional data

gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with personalization string during initialization

struct drbg_string pers;

drbg_string_fill(&pers, "string", strlen("string"));
The reset completely re-initializes the DRBG with the provided
personalization string without changing the DRBG type
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0, &pers, NULL);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with additional information string during random number request

struct drbg_string addtl;

drbg_string_fill(&addtl, "string", strlen("string"));
The following call is a wrapper to gcry_randomize() and returns
the same error codes.
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM, &addtl);

Usage with personalization and additional information strings

Just mix both scenarios above.

Switch the DRBG type to some other type

// Switch to CTR DRBG AES-128 without prediction resistance
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_NOPR_CTRAES128, NULL, NULL);

gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

src/gcrypt.h.in | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 144 insertions(+), 13 deletions(-)

1.9.3

Test Plan

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped