[PATCH 1/8] SP800-90A Deterministic Random Bit Generator

Stephan Mueller smueller at chronox.de
Mon Mar 3 16:23:16 CET 2014

(resent as the mail list manager does not like emails larger than 40 KB)

This is a clean-room implementation of the DRBG defined in SP800-90A.
All three viable DRBGs defined in the standard are implemented:

 * HMAC: This is the leanest DRBG and compiled per default
 * Hash: The more complex DRBG can be enabled at compile time
 * CTR: The most complex DRBG can also be enabled at compile time

The DRBG implementation offers the following:

 * All three DRBG types are implemented with a derivation function.
 * All DRBG types are available with and without prediction resistance.
 * All SHA types of SHA-1, SHA-256, SHA-384, SHA-512 are available for the HMAC and Hash DRBGs.
 * All AES types of AES-128, AES-192 and AES-256 are available for the CTR DRBG.
 * A self test is implemented with drbg_healthcheck().
 * The FIPS 140-2 continuous self test is implemented.
 * Additional cipher primitives, such as Serpent or Twofish, can be added to the DRBG without changing the implementation. The only change necessary is to the DRBG definition given in the cores[] array.

Signed-off-by: Stephan Mueller <smueller at chronox.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
Type: application/x-bzip
Size: 21376 bytes
Desc: not available
URL: </pipermail/attachments/20140303/5407cd9a/attachment-0001.bin>

More information about the Gcrypt-devel mailing list