2014-05-07 17:00:08 +02:00
|
|
|
|
Changes v4:
|
|
|
|
|
|
|
|
|
|
* add fail_seed_source to struct drbg_test_data
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
|
|
|
|
---
|
|
|
|
|
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
|
|
|
|
|
index c84a3f7..2a17dcd 100644
|
|
|
|
|
--- a/src/gcrypt.h.in
|
|
|
|
|
+++ b/src/gcrypt.h.in
|
|
|
|
|
@@ -193,7 +193,7 @@ gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err);
|
|
|
|
|
/* Return an error value with the system error ERR. */
|
|
|
|
|
gcry_err_code_t gcry_error_from_errno (int err);
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore
|
|
|
|
|
used. However we keep it to allow for some source code
|
|
|
|
|
compatibility if used in the standard way. */
|
|
|
|
|
@@ -228,7 +228,7 @@ struct gcry_thread_cbs
|
|
|
|
|
(GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8))}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/* A generic context object as used by some functions. */
|
|
|
|
|
struct gcry_context;
|
|
|
|
|
typedef struct gcry_context *gcry_ctx_t;
|
|
|
|
|
@@ -254,7 +254,7 @@ typedef struct
|
|
|
|
|
} gcry_buffer_t;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
|
|
|
|
|
/* Check that the library fulfills the version requirement. */
|
|
|
|
|
const char *gcry_check_version (const char *req_version);
|
|
|
|
|
@@ -329,13 +329,14 @@ enum gcry_ctl_cmds
|
|
|
|
|
GCRYCTL_SET_CCM_LENGTHS = 69,
|
|
|
|
|
GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
|
|
|
|
|
GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
|
|
|
|
|
- GCRYCTL_REACTIVATE_FIPS_FLAG = 72
|
|
|
|
|
+ GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
|
|
|
|
|
+ GCRYCTL_DRBG_REINIT = 73,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Perform various operations defined by CMD. */
|
|
|
|
|
gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...);
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/* S-expression management. */
|
|
|
|
|
|
|
|
|
|
/* The object to represent an S-expression as used with the public key
|
|
|
|
|
@@ -477,7 +478,7 @@ gpg_error_t gcry_sexp_extract_param (gcry_sexp_t sexp,
|
|
|
|
|
const char *list,
|
|
|
|
|
...) _GCRY_GCC_ATTR_SENTINEL(0);
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/*******************************************
|
|
|
|
|
* *
|
|
|
|
|
* Multi Precision Integer Functions *
|
|
|
|
|
@@ -833,7 +834,7 @@ gcry_mpi_t _gcry_mpi_get_const (int no);
|
|
|
|
|
#endif /* GCRYPT_NO_MPI_MACROS */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/************************************
|
|
|
|
|
* *
|
|
|
|
|
* Symmetric Cipher Functions *
|
|
|
|
|
@@ -1015,7 +1016,7 @@ size_t gcry_cipher_get_algo_blklen (int algo);
|
|
|
|
|
#define gcry_cipher_test_algo(a) \
|
|
|
|
|
gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/************************************
|
|
|
|
|
* *
|
|
|
|
|
* Asymmetric Cipher Functions *
|
|
|
|
|
@@ -1114,7 +1115,7 @@ gcry_sexp_t gcry_pk_get_param (int algo, const char *name);
|
|
|
|
|
gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
|
|
|
|
|
int mode, gcry_ctx_t ctx);
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
|
|
|
|
|
/************************************
|
|
|
|
|
* *
|
|
|
|
|
@@ -1291,7 +1292,7 @@ void gcry_md_debug (gcry_md_hd_t hd, const char *suffix);
|
|
|
|
|
#define gcry_md_get_asnoid(a,b,n) \
|
|
|
|
|
gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
|
|
|
|
|
/**********************************************
|
|
|
|
|
* *
|
|
|
|
|
@@ -1411,7 +1412,7 @@ int gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
|
|
|
|
|
#define gcry_mac_test_algo(a) \
|
|
|
|
|
gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/******************************
|
|
|
|
|
* *
|
|
|
|
|
* Key Derivation Functions *
|
|
|
|
|
@@ -1439,7 +1440,7 @@ gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen,
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/************************************
|
|
|
|
|
* *
|
|
|
|
|
* Random Generating Functions *
|
|
|
|
|
@@ -1508,7 +1509,7 @@ void gcry_create_nonce (void *buffer, size_t length);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/*******************************/
|
|
|
|
|
/* */
|
|
|
|
|
/* Prime Number Functions */
|
|
|
|
|
@@ -1567,7 +1568,7 @@ void gcry_prime_release_factors (gcry_mpi_t *factors);
|
|
|
|
|
gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
+
|
|
|
|
|
/************************************
|
|
|
|
|
* *
|
|
|
|
|
* Miscellaneous Stuff *
|
|
|
|
|
@@ -1672,6 +1673,136 @@ int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
|
|
|
|
|
/* Return true if Libgcrypt is in FIPS mode. */
|
|
|
|
|
#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
|
|
|
|
|
|
|
|
|
|
+/* DRBG test data */
|
|
|
|
|
+struct drbg_test_data {
|
|
|
|
|
+ struct drbg_string *testentropy; /* TEST PARAMETER: test entropy */
|
|
|
|
|
+ int fail_seed_source:1; /* if set, the seed function will return an
|
|
|
|
|
+ * error */
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
+/* DRBG input data structure for DRBG generate with additional information
|
|
|
|
|
+ * string */
|
|
|
|
|
+struct drbg_gen {
|
2014-05-11 15:59:51 +02:00
|
|
|
|
+ void *outbuf; /* output buffer for random numbers */
|
2014-05-07 17:00:08 +02:00
|
|
|
|
+ unsigned int outlen; /* size of output buffer */
|
|
|
|
|
+ struct drbg_string *addtl; /* input buffer for
|
|
|
|
|
+ * additional information string */
|
|
|
|
|
+ struct drbg_test_data *test_data; /* test data */
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
+/*
|
|
|
|
|
+ * Concatenation Helper and string operation helper
|
|
|
|
|
+ *
|
|
|
|
|
+ * SP800-90A requires the concatenation of different data. To avoid copying
|
|
|
|
|
+ * buffers around or allocate additional memory, the following data structure
|
|
|
|
|
+ * is used to point to the original memory with its size. In addition, it
|
|
|
|
|
+ * is used to build a linked list. The linked list defines the concatenation
|
|
|
|
|
+ * of individual buffers. The order of memory block referenced in that
|
|
|
|
|
+ * linked list determines the order of concatenation.
|
|
|
|
|
+ */
|
|
|
|
|
+/* DRBG string definition */
|
|
|
|
|
+struct drbg_string {
|
|
|
|
|
+ const unsigned char *buf;
|
|
|
|
|
+ size_t len;
|
|
|
|
|
+ struct drbg_string *next;
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
+static inline void drbg_string_fill(struct drbg_string *string,
|
|
|
|
|
+ const unsigned char *buf, size_t len)
|
|
|
|
|
+{
|
|
|
|
|
+ string->buf = buf;
|
|
|
|
|
+ string->len = len;
|
|
|
|
|
+ string->next = NULL;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+/* this is a wrapper function for users of libgcrypt */
|
|
|
|
|
+static inline void gcry_randomize_drbg(void *outbuf, size_t outlen,
|
|
|
|
|
+ enum gcry_random_level level,
|
|
|
|
|
+ struct drbg_string *addtl)
|
|
|
|
|
+{
|
|
|
|
|
+ struct drbg_gen genbuf;
|
|
|
|
|
+ genbuf.outbuf = outbuf;
|
|
|
|
|
+ genbuf.outlen = outlen;
|
|
|
|
|
+ genbuf.addtl = addtl;
|
|
|
|
|
+ genbuf.test_data = NULL;
|
|
|
|
|
+ gcry_randomize(&genbuf, 0, level);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+/* this is a wrapper function for users of libgcrypt */
|
|
|
|
|
+static inline void gcry_randomize_drbg_test(void *outbuf, size_t outlen,
|
|
|
|
|
+ enum gcry_random_level level,
|
|
|
|
|
+ struct drbg_string *addtl,
|
|
|
|
|
+ struct drbg_test_data *test_data)
|
|
|
|
|
+{
|
|
|
|
|
+ struct drbg_gen genbuf;
|
|
|
|
|
+ genbuf.outbuf = outbuf;
|
|
|
|
|
+ genbuf.outlen = outlen;
|
|
|
|
|
+ genbuf.addtl = addtl;
|
|
|
|
|
+ genbuf.test_data = test_data;
|
|
|
|
|
+ gcry_randomize(&genbuf, 0, level);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
+/*
|
|
|
|
|
+ * DRBG flags bitmasks
|
|
|
|
|
+ *
|
|
|
|
|
+ * 31 (B) 28 19 (A) 0
|
|
|
|
|
+ * +-+-+-+--------+---+-----------+-----+
|
|
|
|
|
+ * |~|~|u|~~~~~~~~| 3 | 2 | 1 |
|
|
|
|
|
+ * +-+-+-+--------+- -+-----------+-----+
|
|
|
|
|
+ * ctl flg| |drbg use selection flags
|
|
|
|
|
+ *
|
|
|
|
|
+ */
|
|
|
|
|
+
|
|
|
|
|
+/* internal state control flags (B) */
|
|
|
|
|
+#define DRBG_PREDICTION_RESIST ((u_int32_t)1<<28)
|
|
|
|
|
+
|
|
|
|
|
+/* CTR type modifiers (A.1)*/
|
|
|
|
|
+#define DRBG_CTRAES ((u_int32_t)1<<0)
|
|
|
|
|
+#define DRBG_CTRSERPENT ((u_int32_t)1<<1)
|
|
|
|
|
+#define DRBG_CTRTWOFISH ((u_int32_t)1<<2)
|
|
|
|
|
+#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT | DRBG_CTRTWOFISH)
|
|
|
|
|
+
|
|
|
|
|
+/* HASH type modifiers (A.2)*/
|
|
|
|
|
+#define DRBG_HASHSHA1 ((u_int32_t)1<<4)
|
|
|
|
|
+#define DRBG_HASHSHA224 ((u_int32_t)1<<5)
|
|
|
|
|
+#define DRBG_HASHSHA256 ((u_int32_t)1<<6)
|
|
|
|
|
+#define DRBG_HASHSHA384 ((u_int32_t)1<<7)
|
|
|
|
|
+#define DRBG_HASHSHA512 ((u_int32_t)1<<8)
|
|
|
|
|
+#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 | \
|
|
|
|
|
+ DRBG_HASHSHA256 | DRBG_HASHSHA384 | \
|
|
|
|
|
+ DRBG_HASHSHA512)
|
|
|
|
|
+/* type modifiers (A.3)*/
|
|
|
|
|
+#define DRBG_HMAC ((u_int32_t)1<<12)
|
|
|
|
|
+#define DRBG_SYM128 ((u_int32_t)1<<13)
|
|
|
|
|
+#define DRBG_SYM192 ((u_int32_t)1<<14)
|
|
|
|
|
+#define DRBG_SYM256 ((u_int32_t)1<<15)
|
|
|
|
|
+#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 | \
|
|
|
|
|
+ DRBG_SYM256)
|
|
|
|
|
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK | DRBG_TYPE_MASK)
|
|
|
|
|
+
|
|
|
|
|
+#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128)
|
|
|
|
|
+#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192)
|
|
|
|
|
+#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256)
|
|
|
|
|
+#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
|
|
|
|
|
+#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
|
|
|
|
|
+#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
|
|
|
|
|
+#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
|
|
|
|
|
+#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
|
|
|
|
|
+#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
|
|
|
|
|
+#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
|
|
|
|
|
+#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
|
|
|
|
|
+#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
|
|
|
|
|
+#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
|
|
|
|
|
+#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
|
|
|
|
|
+#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 | DRBG_HMAC)
|
|
|
|
|
+#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256|DRBG_HMAC)
|
|
|
|
|
+#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384|DRBG_HMAC)
|
|
|
|
|
+#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512|DRBG_HMAC)
|
|
|
|
|
+#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
|
|
|
|
|
+#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
|
|
|
|
|
+#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
|
|
|
|
|
+#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
|
|
|
|
|
|
|
|
|
|
#if 0 /* (Keep Emacsens' auto-indent happy.) */
|
|
|
|
|
{
|