[PATCH 0/2] SP800-90A DRBG

Stephan Mueller smueller at chronox.de
Fri Feb 19 16:47:39 CET 2016 

Am Freitag, 19. Februar 2016, 15:58:30 schrieb Werner Koch:

Hi Werner,

> On Wed, 17 Feb 2016 18:30, smueller at chronox.de said:
> > The question is what kind of support do you want to have with the DRBG.
> > The
> > implementation in the patch includes all bells and whistles defined in
> > SP800-90A. The following listing enumerates options which may be removed
> > from
> > the current implementation:
> Thanks for the list.  Meanwhile I hacked a bit on the code and I kept
> all algorithms except that SHA384 is not anymore accessible (does that
> make sense at all?)

It probably does not make sense for libgcrypt, you are right.
> 
> > - remove support for additional information
> > 
> > - remove support for personalization string
> 
> Keeping this would require a new API call.  I do not really like the
> clever overloading trick fro gcry_randomize.  However the code is still
> tehre and could be added in the future.

Perfectly fine.
> 
> > - remove reseed support
> 
> I kept this one but with a change to the gcry_control API: Now a
> gcry_buffer_t is used instead of your internal string type.  To use this
> one can do:
> 
>   char pers_string[] = "I'm a doctor, not an engineer.";
>   gcry_buffer_t pers[1];
> 
>   memset (pers, 0, sizeof pers);
>   pers[0].data = pers_string;
>   pers[0].len = strlen (pers_string);
> 
>   err = gcry_control (GCRYCTL_DRBG_REINIT, "aes sym128 pr", pers, 1, NULL);

That call is perfectly fine.

I only now have the question whether this change is visible to the API/ABI 
because people were in need of the DRBG for libgcrypt: The DRBG is out in the 
wild for quite some time now. RHEL and SLES use the DRBG code base in 
productive environments with the original code base from me.

I would think it is visible to the API/ABI.
> 
> This also shows the use of the new API.  tests/random.c has a couple of
> tests for that API.
> 
> I also introduced a new gcrypt-testapi.h file which can be used for
> example by tests/fipsdrv.c to run the tests.  That header also declares
> the test vector struct.
> 
> Thanks for your contribution - I hope I did not broke too much.

Thank you. I offer to perform a full CAVS test on your code changes. Where can 
I find your patch set?

Ciao
Stephan

More information about the Gcrypt-devel mailing list