[PATCH 6/8] DRBG specific gcry_control requests
Stephan Mueller
smueller at chronox.de
Sun Mar 2 14:09:58 CET 2014
gcry_control GCRYCTL_DRBG_REINIT
================================
This control request re-initializes the DRBG completely, i.e. thr entire
state of the DRBG is zeroized (with two exceptions listed in
GCRYCTL_DRBG_SET_ENTROPY).
The control request takes the following values which influences how
the DRBG is re-initialized:
* __u64 flags: This variable specifies the DRBG type to be used for the
next initialization. If set to 0, the previous DRBG type is
used for the initialization. The DRBG type is an OR of the
mandatory flags of the requested DRBG strength and DRBG
cipher type. Optionally, the prediction resistance flag
can be ORed into the flags variable. For example:
- CTR-DRBG with AES-128 without prediction resistance:
DRBG_CTRAES128
- HMAC-DRBG with SHA-512 with prediction resistance:
DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST
* unsigned char *pers: personalization string to be used for initialization.
* size_t perslen: Length of personalization string. If set to 0, no
personalization string is used for initialization.
The variable of flags is independent from the pers/perslen variables. If
flags is set to 0 and perslen is set to 0, the current DRBG type is
completely reset without using a personalization string.
gcry_control GCRYCTL_DRBG_SET_ENTROPY
=====================================
This control request sets a predefined "entropy" value. When set, the DRBG
does not seed itself from a known seed source, but using that known value.
This "entropy" value is not reset even during an initialization! This
control request is ONLY intended for testing, especially to implement the
FIPS 140-2 CAVS testing. DO NEVER USE IT DURING REGULAR OPERATION.
The control request takes the following values:
* unsigned char *entropy: string to be used as "entropy" (i.e. the
replacement of the data read from the seed
source). If this variable is set to NULL, the
regular seed source is again used when the DRBG
reseeds again.
* size_t entropylen: Length of entropy string.
Signed-off-by: Stephan Mueller <smueller at chronox.de>
---
src/global.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/src/global.c b/src/global.c
index 4e8df86..3e6f97d 100644
--- a/src/global.c
+++ b/src/global.c
@@ -671,6 +671,23 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
rc = GPG_ERR_NOT_IMPLEMENTED;
break;
+ case GCRYCTL_DRBG_REINIT:
+ {
+ __u64 flags = va_arg (arg_ptr, __u64);
+ unsigned char *pers = va_arg (arg_ptr, unsigned char *);
+ size_t perslen = va_arg (arg_ptr, size_t);
+ rc = _gcry_drbg_reinit(flags, pers, perslen);
+ }
+ break;
+
+ case GCRYCTL_DRBG_SET_ENTROPY:
+ {
+ unsigned char *entropy = va_arg (arg_ptr, unsigned char *);
+ size_t entropylen = va_arg (arg_ptr, size_t);
+ rc = _gcry_drbg_set_entropy(entropy, entropylen);
+ }
+ break;
+
default:
_gcry_set_preferred_rng_type (0);
rc = GPG_ERR_INV_OP;
--
1.8.5.3
More information about the Gcrypt-devel
mailing list