[PATCH 8/8] User interface to DRBG

Stephan Mueller smueller at chronox.de
Sun Mar 2 14:11:05 CET 2014 

DRBG Usage
==========
The SP 800-90A DRBG allows the user to specify a personalization string
for initialization as well as an additional information string for each
random number request. The following code fragments show how a caller
uses the kernel crypto API to use the full functionality of the DRBG.

Usage without any additional data
---------------------------------
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with personalization string during initialization
-------------------------------------------------------
char personalization = "some-string";

// The reset completely re-initializes the DRBG with the provided
// personalization string without changing the DRBG type
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0,
                   personalization, strlen(personalization));
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with additional information string during random number request
---------------------------------------------------------------------
char addtl = "some-string";

// The following call is a wrapper to gcry_randomize() and returns
// the same error codes.
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM,
                    addtl, strlen(addtl));

Usage with personalization and additional information strings
-------------------------------------------------------------
Just mix both scenarios above.

Switch the DRBG type to some other type
---------------------------------------
// Switch to CTR DRBG AES-128 without prediction resistance
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_CTRAES128, NULL, 0);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Signed-off-by: Stephan Mueller <smueller at chronox.de>
---
 src/gcrypt.h.in | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 61 insertions(+), 1 deletion(-)

diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index c84a3f7..b62a832 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -329,7 +329,9 @@ enum gcry_ctl_cmds
     GCRYCTL_SET_CCM_LENGTHS = 69,
     GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
     GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
-    GCRYCTL_REACTIVATE_FIPS_FLAG = 72
+    GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
+    GCRYCTL_DRBG_REINIT = 73,
+    GCRYCTL_DRBG_SET_ENTROPY = 74,
   };
 
 /* Perform various operations defined by CMD. */
@@ -1673,6 +1675,64 @@ int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
 #define gcry_fips_mode_active()  !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
 
 
+/* DRBG input data structure for DRBG generate with additional information
+ * string */
+struct drbg_gen
+{
+	unsigned char *outbuf;	/* output buffer for random numbers */
+	unsigned int outlen;	/* size of output buffer */
+	unsigned char *addtl_input;	/* input buffer for
+					 * additional information string */
+	unsigned int addtllen;	/* length of addtl_input */
+};
+
+/* this is a wrapper function for users of libgcrypt */
+static inline void gcry_randomize_drbg(void *outbuf, size_t outlen,
+				       enum gcry_random_level level,
+				       unsigned char *addtl_input,
+				       size_t addtllen)
+{
+	struct drbg_gen genbuf;
+	genbuf.outbuf = outbuf;
+	genbuf.outlen = outlen;
+	genbuf.addtl_input = addtl_input;
+	genbuf.addtllen = addtllen;
+	gcry_randomize(&genbuf, 0, level);
+}
+
+/* DRBG type definitions */
+/* strength requests */
+#define DRBG_USERFLAG_MASK	((1UL<<40) - 1)
+#define DRBG_PREDICTION_RESIST	1UL<<36
+/* cipher type */
+#define DRBG_CIPHER_MASK ((1UL<<32) - 1)
+
+#define DRBG_CTR_MASK		((1<<9) - 1)
+#define DRBG_CTRAES128		1<<0
+#define DRBG_CTRAES192		1<<1
+#define DRBG_CTRAES256		1<<2
+#define DRBG_CTRSERPENT128	1<<3
+#define DRBG_CTRSERPENT192	1<<4
+#define DRBG_CTRSERPENT256	1<<5
+#define DRBG_CTRTWOFISH128	1<<6
+#define DRBG_CTRTWOFISH192	1<<7
+#define DRBG_CTRTWOFISH256	1<<8
+
+#define DRBG_HASH_MASK		((1<<14) - (1<<9))
+#define DRBG_HASHSHA1		1<<9
+#define DRBG_HASHSHA224		1<<10
+#define DRBG_HASHSHA256		1<<11
+#define DRBG_HASHSHA384		1<<12
+#define DRBG_HASHSHA512		1<<13
+
+#define DRBG_HMAC_MASK		((1<<19) - (1<<14))
+#define DRBG_HMACSHA1		1<<14
+#define DRBG_HMACSHA224		1<<15
+#define DRBG_HMACSHA256		1<<16
+#define DRBG_HMACSHA384		1<<17
+#define DRBG_HMACSHA512		1<<18
+
+
 #if 0 /* (Keep Emacsens' auto-indent happy.) */
 {
 #endif
-- 
1.8.5.3

More information about the Gcrypt-devel mailing list