[PATCH v2 8/8] User interface to DRBG

Stephan Mueller smueller at chronox.de
Sun Mar 9 00:29:59 CET 2014 

DRBG Usage
==========
The SP 800-90A DRBG allows the user to specify a personalization string
for initialization as well as an additional information string for each
random number request. The following code fragments show how a caller
uses the kernel crypto API to use the full functionality of the DRBG.

Usage without any additional data
---------------------------------
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with personalization string during initialization
-------------------------------------------------------
char personalization = "some-string";

// The reset completely re-initializes the DRBG with the provided
// personalization string without changing the DRBG type
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0,
                   personalization, strlen(personalization));
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Usage with additional information string during random number request
---------------------------------------------------------------------
char addtl = "some-string";

// The following call is a wrapper to gcry_randomize() and returns
// the same error codes.
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM,
                    addtl, strlen(addtl));

Usage with personalization and additional information strings
-------------------------------------------------------------
Just mix both scenarios above.

Switch the DRBG type to some other type
---------------------------------------
// Switch to CTR DRBG AES-128 without prediction resistance
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_CTRAES128, NULL, 0);
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);

Signed-off-by: Stephan Mueller <smueller at chronox.de>

diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index c84a3f7..675a8c8 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -329,7 +329,9 @@ enum gcry_ctl_cmds
     GCRYCTL_SET_CCM_LENGTHS = 69,
     GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
     GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
-    GCRYCTL_REACTIVATE_FIPS_FLAG = 72
+    GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
+    GCRYCTL_DRBG_REINIT = 73,
+    GCRYCTL_DRBG_SET_ENTROPY = 74,
   };
 
 /* Perform various operations defined by CMD. */
@@ -1673,6 +1675,84 @@ int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
 #define gcry_fips_mode_active()  !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
 
 
+/* DRBG input data structure for DRBG generate with additional information
+ * string */
+struct drbg_gen
+{
+	unsigned char *outbuf;	/* output buffer for random numbers */
+	unsigned int outlen;	/* size of output buffer */
+	unsigned char *addtl_input;	/* input buffer for
+					 * additional information string */
+	unsigned int addtllen;	/* length of addtl_input */
+};
+
+/* this is a wrapper function for users of libgcrypt */
+static inline void gcry_randomize_drbg(void *outbuf, size_t outlen,
+				       enum gcry_random_level level,
+				       unsigned char *addtl_input,
+				       size_t addtllen)
+{
+	struct drbg_gen genbuf;
+	genbuf.outbuf = outbuf;
+	genbuf.outlen = outlen;
+	genbuf.addtl_input = addtl_input;
+	genbuf.addtllen = addtllen;
+	gcry_randomize(&genbuf, 0, level);
+}
+
+/*
+ * DRBG flags bitmasks
+ *
+ * 31  (B)  27    19         (A)           0
+ *  +-+-+-+-+------+---+---+---------------+
+ *  |~|~|u|p|~~~~~~| 3 | 2 |       1       |
+ *  +-+-+-+-+------+- -+---+---------------+
+ * ctl flags|      |drbg use selection flags
+ *
+ */
+
+/* internal state control flags (B) */
+#define DRBG_UNSEEDED		((__u32)1<<27)
+#define DRBG_PREDICTION_RESIST	((__u32)1<<28)
+
+/* CTR type modifiers (A.1)*/
+#define DRBG_CTRAES128		((__u32)1<<0)
+#define DRBG_CTRAES192		((__u32)1<<1)
+#define DRBG_CTRAES256		((__u32)1<<2)
+#define DRBG_CTRSERPENT128	((__u32)1<<3)
+#define DRBG_CTRSERPENT192	((__u32)1<<4)
+#define DRBG_CTRSERPENT256	((__u32)1<<5)
+#define DRBG_CTRTWOFISH128	((__u32)1<<6)
+#define DRBG_CTRTWOFISH192	((__u32)1<<7)
+#define DRBG_CTRTWOFISH256	((__u32)1<<8)
+#define DRBG_CTR_MASK	(DRBG_CTRAES128 | DRBG_CTRAES192 | DRBG_CTRAES256| \
+			 DRBG_CTRSERPENT128 | DRBG_CTRSERPENT192 | \
+			 DRBG_CTRSERPENT256 | DRBG_CTRTWOFISH128 | \
+			 DRBG_CTRTWOFISH192 | DRBG_CTRTWOFISH256)
+
+
+/* HASH type modifiers (A.2)*/
+#define DRBG_HASHSHA1		((__u32)1<<9)
+#define DRBG_HASHSHA224		((__u32)1<<10)
+#define DRBG_HASHSHA256		((__u32)1<<11)
+#define DRBG_HASHSHA384		((__u32)1<<12)
+#define DRBG_HASHSHA512		((__u32)1<<13)
+#define DRBG_HASH_MASK		(DRBG_HASHSHA1 | DRBG_HASHSHA224 | \
+				 DRBG_HASHSHA256 | DRBG_HASHSHA384 | \
+				 DRBG_HASHSHA512)
+
+/* HMAC type modifiers (A.2)*/
+#define DRBG_HMACSHA1		((__u32)1<<14)
+#define DRBG_HMACSHA224		((__u32)1<<15)
+#define DRBG_HMACSHA256		((__u32)1<<16)
+#define DRBG_HMACSHA384		((__u32)1<<17)
+#define DRBG_HMACSHA512		((__u32)1<<18)
+#define DRBG_HMAC_MASK		(DRBG_HMACSHA1 | DRBG_HMACSHA224 | \
+				 DRBG_HMACSHA256 | DRBG_HMACSHA384 | \
+				 DRBG_HMACSHA512)
+
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK | DRBG_HMAC_MASK)
+
 #if 0 /* (Keep Emacsens' auto-indent happy.) */
 {
 #endif
-- 
1.8.5.3

More information about the Gcrypt-devel mailing list