summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2016-02-18 20:44:10 +0100
committerWerner Koch <wk@gnupg.org>2016-02-19 14:35:33 +0100
commit85ed07790552297586258e8fe09b546eee357a8b (patch)
tree7e88d7913dd4944292140374886b5965b7226bc4
parent7cf3c929331133e4381dbceac53d3addd921c929 (diff)
downloadlibgcrypt-85ed07790552297586258e8fe09b546eee357a8b.tar.gz
random: Symbol name cleanup for random-drbg.c.
* random/random-drbg.c: Rename all static objects and macros from "gcry_drbg" to "drbg". (drbg_string_t): New typedef. (drbg_gen_t): New typedef. (drbg_state_t): New typedef. Replace all "struct drbg_state_s *" by this. (_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so that an error if actually returned. (gcry_rngdrbg_cavs_test): Ditto. (gcry_drbg_healthcheck_sanity): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat
-rw-r--r--random/random-drbg.c1116
1 files changed, 565 insertions, 551 deletions
diff --git a/random/random-drbg.c b/random/random-drbg.c
index 2f1296b9..1623d774 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -1,4 +1,6 @@
-/*
+/* random-drbg.c - Deterministic Random Bits Generator
+ * Copyright 2014 Stephan Mueller <smueller@chronox.de>
+ *
* DRBG: Deterministic Random Bits Generator
* Based on NIST Recommended DRBG from NIST SP800-90A with the following
* properties:
@@ -7,8 +9,6 @@
* * HMAC DRBG with DF with SHA-1, SHA-256, SHA-384, SHA-512 cores
* * with and without prediction resistance
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2014
- *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -52,7 +52,7 @@
* the DRBG is re-initialized:
*
* - const char *flagstr
-
+ *
* This variable specifies the DRBG type to be used for the next
* initialization. If set to NULL, the previous DRBG type is
* used for the initialization. If not NULL a space separated
@@ -113,10 +113,10 @@
*
* Usage with personalization string during initialization
* -------------------------------------------------------
- * struct gcry_drbg_string pers;
+ * drbg_string_t pers;
* char personalization[11] = "some-string";
*
- * gcry_drbg_string_fill(&pers, personalization, strlen(personalization));
+ * drbg_string_fill(&pers, personalization, strlen(personalization));
* // The reset completely re-initializes the DRBG with the provided
* // personalization string without changing the DRBG type
* ret = gcry_control(GCRYCTL_DRBG_REINIT, 0, &pers);
@@ -125,10 +125,10 @@
*
* Usage with additional information string during random number request
* ---------------------------------------------------------------------
- * struct gcry_drbg_string addtl;
+ * drbg_string_t addtl;
* char addtl_string[11] = "some-string";
*
- * gcry_drbg_string_fill(&addtl, addtl_string, strlen(addtl_string));
+ * drbg_string_fill(&addtl, addtl_string, strlen(addtl_string));
* // The following call is a wrapper to gcry_randomize() and returns
* // the same error codes.
* gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM, &addtl);
@@ -177,54 +177,60 @@
*/
/* Internal state control flags (B) */
-#define GCRY_DRBG_PREDICTION_RESIST ((u_int32_t)1<<28)
+#define DRBG_PREDICTION_RESIST ((u_int32_t)1<<28)
/* CTR type modifiers (A.1)*/
-#define GCRY_DRBG_CTRAES ((u_int32_t)1<<0)
-#define GCRY_DRBG_CTRSERPENT ((u_int32_t)1<<1)
-#define GCRY_DRBG_CTRTWOFISH ((u_int32_t)1<<2)
-#define GCRY_DRBG_CTR_MASK (GCRY_DRBG_CTRAES | GCRY_DRBG_CTRSERPENT | GCRY_DRBG_CTRTWOFISH)
+#define DRBG_CTRAES ((u_int32_t)1<<0)
+#define DRBG_CTRSERPENT ((u_int32_t)1<<1)
+#define DRBG_CTRTWOFISH ((u_int32_t)1<<2)
+#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT \
+ | DRBG_CTRTWOFISH)
/* HASH type modifiers (A.2)*/
-#define GCRY_DRBG_HASHSHA1 ((u_int32_t)1<<4)
-#define GCRY_DRBG_HASHSHA224 ((u_int32_t)1<<5)
-#define GCRY_DRBG_HASHSHA256 ((u_int32_t)1<<6)
-#define GCRY_DRBG_HASHSHA384 ((u_int32_t)1<<7)
-#define GCRY_DRBG_HASHSHA512 ((u_int32_t)1<<8)
-#define GCRY_DRBG_HASH_MASK (GCRY_DRBG_HASHSHA1 | GCRY_DRBG_HASHSHA224 | \
- GCRY_DRBG_HASHSHA256 | GCRY_DRBG_HASHSHA384 | \
- GCRY_DRBG_HASHSHA512)
+#define DRBG_HASHSHA1 ((u_int32_t)1<<4)
+#define DRBG_HASHSHA224 ((u_int32_t)1<<5)
+#define DRBG_HASHSHA256 ((u_int32_t)1<<6)
+#define DRBG_HASHSHA384 ((u_int32_t)1<<7)
+#define DRBG_HASHSHA512 ((u_int32_t)1<<8)
+#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 \
+ | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
+ | DRBG_HASHSHA512)
/* type modifiers (A.3)*/
-#define GCRY_DRBG_HMAC ((u_int32_t)1<<12)
-#define GCRY_DRBG_SYM128 ((u_int32_t)1<<13)
-#define GCRY_DRBG_SYM192 ((u_int32_t)1<<14)
-#define GCRY_DRBG_SYM256 ((u_int32_t)1<<15)
-#define GCRY_DRBG_TYPE_MASK (GCRY_DRBG_HMAC | GCRY_DRBG_SYM128 | GCRY_DRBG_SYM192 | \
- GCRY_DRBG_SYM256)
-#define GCRY_DRBG_CIPHER_MASK (GCRY_DRBG_CTR_MASK | GCRY_DRBG_HASH_MASK | GCRY_DRBG_TYPE_MASK)
-
-#define GCRY_DRBG_PR_CTRAES128 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_CTRAES | GCRY_DRBG_SYM128)
-#define GCRY_DRBG_PR_CTRAES192 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_CTRAES | GCRY_DRBG_SYM192)
-#define GCRY_DRBG_PR_CTRAES256 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_CTRAES | GCRY_DRBG_SYM256)
-#define GCRY_DRBG_NOPR_CTRAES128 (GCRY_DRBG_CTRAES | GCRY_DRBG_SYM128)
-#define GCRY_DRBG_NOPR_CTRAES192 (GCRY_DRBG_CTRAES | GCRY_DRBG_SYM192)
-#define GCRY_DRBG_NOPR_CTRAES256 (GCRY_DRBG_CTRAES | GCRY_DRBG_SYM256)
-#define GCRY_DRBG_PR_HASHSHA1 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA1)
-#define GCRY_DRBG_PR_HASHSHA256 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA256)
-#define GCRY_DRBG_PR_HASHSHA384 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA384)
-#define GCRY_DRBG_PR_HASHSHA512 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA512)
-#define GCRY_DRBG_NOPR_HASHSHA1 (GCRY_DRBG_HASHSHA1)
-#define GCRY_DRBG_NOPR_HASHSHA256 (GCRY_DRBG_HASHSHA256)
-#define GCRY_DRBG_NOPR_HASHSHA384 (GCRY_DRBG_HASHSHA384)
-#define GCRY_DRBG_NOPR_HASHSHA512 (GCRY_DRBG_HASHSHA512)
-#define GCRY_DRBG_PR_HMACSHA1 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA1 | GCRY_DRBG_HMAC)
-#define GCRY_DRBG_PR_HMACSHA256 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA256 | GCRY_DRBG_HMAC)
-#define GCRY_DRBG_PR_HMACSHA384 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA384 | GCRY_DRBG_HMAC)
-#define GCRY_DRBG_PR_HMACSHA512 (GCRY_DRBG_PREDICTION_RESIST | GCRY_DRBG_HASHSHA512 | GCRY_DRBG_HMAC)
-#define GCRY_DRBG_NOPR_HMACSHA1 (GCRY_DRBG_HASHSHA1 | GCRY_DRBG_HMAC)
-#define GCRY_DRBG_NOPR_HMACSHA256 (GCRY_DRBG_HASHSHA256 | GCRY_DRBG_HMAC)
-#define GCRY_DRBG_NOPR_HMACSHA384 (GCRY_DRBG_HASHSHA384 | GCRY_DRBG_HMAC)
-#define GCRY_DRBG_NOPR_HMACSHA512 (GCRY_DRBG_HASHSHA512 | GCRY_DRBG_HMAC)
+#define DRBG_HMAC ((u_int32_t)1<<12)
+#define DRBG_SYM128 ((u_int32_t)1<<13)
+#define DRBG_SYM192 ((u_int32_t)1<<14)
+#define DRBG_SYM256 ((u_int32_t)1<<15)
+#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 \
+ | DRBG_SYM256)
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK \
+ | DRBG_TYPE_MASK)
+
+#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
+#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
+#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
+#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
+#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
+#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
+#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
+#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
+#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
+#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
+#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
+#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
+ | DRBG_HMAC)
+#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
+ | DRBG_HMAC)
+#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
+ | DRBG_HMAC)
+#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
+ | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
+#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
@@ -232,17 +238,6 @@
* Common data structures
******************************************************************/
-/* DRBG input data structure for DRBG generate with additional information
- * string */
-struct gcry_drbg_gen
-{
- unsigned char *outbuf; /* output buffer for random numbers */
- unsigned int outlen; /* size of output buffer */
- struct gcry_drbg_string *addtl; /* input buffer for
- * additional information string */
-};
-
-
/*
* SP800-90A requires the concatenation of different data. To avoid copying
* buffers around or allocate additional memory, the following data structure
@@ -251,18 +246,33 @@ struct gcry_drbg_gen
* of individual buffers. The order of memory block referenced in that
* linked list determines the order of concatenation.
*/
-struct gcry_drbg_string
+struct drbg_string_s
{
const unsigned char *buf;
size_t len;
- struct gcry_drbg_string *next;
+ struct drbg_string_s *next;
};
+typedef struct drbg_string_s drbg_string_t;
-/* (Declared below) */
-struct gcry_drbg_state;
+/* DRBG input data structure for DRBG generate with additional
+ * information string. */
+struct drbg_gen_s
+{
+ unsigned char *outbuf; /* output buffer for random numbers */
+ unsigned int outlen; /* size of output buffer */
+ drbg_string_t *addtl; /* input buffer for
+ * additional information string */
+};
+typedef struct drbg_gen_s drbg_gen_t;
-struct gcry_drbg_core
+
+/* Forward declaration of the state object pointer. */
+struct drbg_state_s;
+typedef struct drbg_state_s *drbg_state_t;
+
+
+struct drbg_core_s
{
u32 flags; /* flags for the cipher */
ushort statelen; /* maximum state length */
@@ -270,24 +280,25 @@ struct gcry_drbg_core
int backend_cipher; /* libgcrypt backend cipher */
};
-struct gcry_drbg_state_ops
+struct drbg_state_ops_s
{
- gpg_err_code_t (*update) (struct gcry_drbg_state * drbg,
- struct gcry_drbg_string * seed, int reseed);
- gpg_err_code_t (*generate) (struct gcry_drbg_state * drbg,
+ gpg_err_code_t (*update) (drbg_state_t drbg,
+ drbg_string_t *seed, int reseed);
+ gpg_err_code_t (*generate) (drbg_state_t drbg,
unsigned char *buf, unsigned int buflen,
- struct gcry_drbg_string * addtl);
+ drbg_string_t *addtl);
};
-/* DRBG test data */
-struct gcry_drbg_test_data
+struct drbg_test_data_s
{
- struct gcry_drbg_string *testentropy; /* TEST PARAMETER: test entropy */
- int fail_seed_source:1; /* if set, the seed function will return an error */
+ drbg_string_t *testentropy; /* TEST PARAMETER: test entropy */
+ int fail_seed_source:1; /* If set, the seed function will
+ * return an error. */
};
-struct gcry_drbg_state
+/* This state object keeps the state of an DRBG instance. */
+struct drbg_state_s
{
unsigned char *V; /* internal state 10.1.1.1 1a) */
unsigned char *C; /* hash: static value 10.1.1.1 1b)
@@ -303,12 +314,12 @@ struct gcry_drbg_state
* The volatile modifier is required so that the compiler does not
* optimize it away in case the getpid function is badly attributed. */
pid_t seed_init_pid;
- const struct gcry_drbg_state_ops *d_ops;
- const struct gcry_drbg_core *core;
- struct gcry_drbg_test_data *test_data;
+ const struct drbg_state_ops_s *d_ops;
+ const struct drbg_core_s *core;
+ struct drbg_test_data_s *test_data;
};
-enum gcry_drbg_prefixes
+enum drbg_prefixes
{
DRBG_PREFIX0 = 0x00,
DRBG_PREFIX1,
@@ -319,34 +330,46 @@ enum gcry_drbg_prefixes
#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
/***************************************************************
+ * Global variables
+ ***************************************************************/
+
+/* Global state variable holding the current instance of the DRBG -- the
+ * default DRBG type is defined in _gcry_rngdrbg_inititialize. */
+static drbg_state_t drbg_state;
+
+/* This is the lock variable we use to serialize access to this RNG. */
+GPGRT_LOCK_DEFINE(drbg_lock_var);
+
+
+/***************************************************************
* Backend cipher definitions available to DRBG
***************************************************************/
-static const struct gcry_drbg_core gcry_drbg_cores[] = {
+static const struct drbg_core_s drbg_cores[] = {
/* Hash DRBGs */
- {GCRY_DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},
- {GCRY_DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},
- {GCRY_DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},
- {GCRY_DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},
+ {DRBG_HASHSHA1, 55, 20, GCRY_MD_SHA1},
+ {DRBG_HASHSHA256, 55, 32, GCRY_MD_SHA256},
+ {DRBG_HASHSHA384, 111, 48, GCRY_MD_SHA384},
+ {DRBG_HASHSHA512, 111, 64, GCRY_MD_SHA512},
/* HMAC DRBGs */
- {GCRY_DRBG_HASHSHA1 | GCRY_DRBG_HMAC, 20, 20, GCRY_MD_SHA1},
- {GCRY_DRBG_HASHSHA256 | GCRY_DRBG_HMAC, 32, 32, GCRY_MD_SHA256},
- {GCRY_DRBG_HASHSHA384 | GCRY_DRBG_HMAC, 48, 48, GCRY_MD_SHA384},
- {GCRY_DRBG_HASHSHA512 | GCRY_DRBG_HMAC, 64, 64, GCRY_MD_SHA512},
+ {DRBG_HASHSHA1 | DRBG_HMAC, 20, 20, GCRY_MD_SHA1},
+ {DRBG_HASHSHA256 | DRBG_HMAC, 32, 32, GCRY_MD_SHA256},
+ {DRBG_HASHSHA384 | DRBG_HMAC, 48, 48, GCRY_MD_SHA384},
+ {DRBG_HASHSHA512 | DRBG_HMAC, 64, 64, GCRY_MD_SHA512},
/* block ciphers */
- {GCRY_DRBG_CTRAES | GCRY_DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},
- {GCRY_DRBG_CTRAES | GCRY_DRBG_SYM192, 40, 16, GCRY_CIPHER_AES192},
- {GCRY_DRBG_CTRAES | GCRY_DRBG_SYM256, 48, 16, GCRY_CIPHER_AES256},
+ {DRBG_CTRAES | DRBG_SYM128, 32, 16, GCRY_CIPHER_AES128},
+ {DRBG_CTRAES | DRBG_SYM192, 40, 16, GCRY_CIPHER_AES192},
+ {DRBG_CTRAES | DRBG_SYM256, 48, 16, GCRY_CIPHER_AES256}
};
-static gpg_err_code_t gcry_drbg_sym (struct gcry_drbg_state *drbg,
- const unsigned char *key,
- unsigned char *outval,
- const struct gcry_drbg_string *buf);
-static gpg_err_code_t gcry_drbg_hmac (struct gcry_drbg_state *drbg,
- const unsigned char *key,
- unsigned char *outval,
- const struct gcry_drbg_string *buf);
+static gpg_err_code_t drbg_sym (drbg_state_t drbg,
+ const unsigned char *key,
+ unsigned char *outval,
+ const drbg_string_t *buf);
+static gpg_err_code_t drbg_hmac (drbg_state_t drbg,
+ const unsigned char *key,
+ unsigned char *outval,
+ const drbg_string_t *buf);
/******************************************************************
******************************************************************
@@ -377,17 +400,17 @@ parse_flag_string (const char *string, u32 *r_flags)
const char *name;
u32 flag;
} table[] = {
- { "aes", GCRY_DRBG_CTRAES },
- { "serpent", GCRY_DRBG_CTRSERPENT },
- { "twofish", GCRY_DRBG_CTRTWOFISH },
- { "sha1", GCRY_DRBG_HASHSHA1 },
- { "sha256", GCRY_DRBG_HASHSHA256 },
- { "sha512", GCRY_DRBG_HASHSHA512 },
- { "hmac", GCRY_DRBG_HMAC },
- { "sym128", GCRY_DRBG_SYM128 },
- { "sym192", GCRY_DRBG_SYM192 },
- { "sym256", GCRY_DRBG_SYM256 },
- { "pr", GCRY_DRBG_PREDICTION_RESIST }
+ { "aes", DRBG_CTRAES },
+ { "serpent", DRBG_CTRSERPENT },
+ { "twofish", DRBG_CTRTWOFISH },
+ { "sha1", DRBG_HASHSHA1 },
+ { "sha256", DRBG_HASHSHA256 },
+ { "sha512", DRBG_HASHSHA512 },
+ { "hmac", DRBG_HMAC },
+ { "sym128", DRBG_SYM128 },
+ { "sym192", DRBG_SYM192 },
+ { "sym256", DRBG_SYM256 },
+ { "pr", DRBG_PREDICTION_RESIST }
};
*r_flags = 0;
@@ -421,7 +444,7 @@ parse_flag_string (const char *string, u32 *r_flags)
}
static inline void
-gcry_drbg_string_fill (struct gcry_drbg_string *string,
+drbg_string_fill (drbg_string_t *string,
const unsigned char *buf, size_t len)
{
string->buf = buf;
@@ -430,7 +453,7 @@ gcry_drbg_string_fill (struct gcry_drbg_string *string,
}
static inline ushort
-gcry_drbg_statelen (struct gcry_drbg_state *drbg)
+drbg_statelen (drbg_state_t drbg)
{
if (drbg && drbg->core)
return drbg->core->statelen;
@@ -438,7 +461,7 @@ gcry_drbg_statelen (struct gcry_drbg_state *drbg)
}
static inline ushort
-gcry_drbg_blocklen (struct gcry_drbg_state *drbg)
+drbg_blocklen (drbg_state_t drbg)
{
if (drbg && drbg->core)
return drbg->core->blocklen_bytes;
@@ -446,7 +469,7 @@ gcry_drbg_blocklen (struct gcry_drbg_state *drbg)
}
static inline ushort
-gcry_drbg_keylen (struct gcry_drbg_state *drbg)
+drbg_keylen (drbg_state_t drbg)
{
if (drbg && drbg->core)
return (drbg->core->statelen - drbg->core->blocklen_bytes);
@@ -454,14 +477,14 @@ gcry_drbg_keylen (struct gcry_drbg_state *drbg)
}
static inline size_t
-gcry_drbg_max_request_bytes (void)
+drbg_max_request_bytes (void)
{
/* SP800-90A requires the limit 2**19 bits, but we return bytes */
return (1 << 16);
}
static inline size_t
-gcry_drbg_max_addtl (void)
+drbg_max_addtl (void)
{
/* SP800-90A requires 2**35 bytes additional info str / pers str */
#ifdef __LP64__
@@ -470,14 +493,14 @@ gcry_drbg_max_addtl (void)
/*
* SP800-90A allows smaller maximum numbers to be returned -- we
* return SIZE_MAX - 1 to allow the verification of the enforcement
- * of this value in gcry_drbg_healthcheck_sanity.
+ * of this value in drbg_healthcheck_sanity.
*/
return (SIZE_MAX - 1);
#endif
}
static inline size_t
-gcry_drbg_max_requests (void)
+drbg_max_requests (void)
{
/* SP800-90A requires 2**48 maximum requests before reseeding */
#ifdef __LP64__
@@ -496,14 +519,14 @@ gcry_drbg_max_requests (void)
* programming errors
*/
static inline unsigned short
-gcry_drbg_sec_strength (u32 flags)
+drbg_sec_strength (u32 flags)
{
- if ((flags & GCRY_DRBG_HASHSHA1) || (flags & GCRY_DRBG_SYM128))
+ if ((flags & DRBG_HASHSHA1) || (flags & DRBG_SYM128))
return 16;
- else if (flags & GCRY_DRBG_SYM192)
+ else if (flags & DRBG_SYM192)
return 24;
- else if ((flags & GCRY_DRBG_SYM256) || (flags & GCRY_DRBG_HASHSHA256) ||
- (flags & GCRY_DRBG_HASHSHA384) || (flags & GCRY_DRBG_HASHSHA512))
+ else if ((flags & DRBG_SYM256) || (flags & DRBG_HASHSHA256) ||
+ (flags & DRBG_HASHSHA384) || (flags & DRBG_HASHSHA512))
return 32;
else
return 32;
@@ -518,8 +541,9 @@ gcry_drbg_sec_strength (u32 flags)
* buffer size is at least 32 bit
*/
static inline void
-gcry_drbg_cpu_to_be32 (u32 val, unsigned char *buf)
+drbg_cpu_to_be32 (u32 val, unsigned char *buf)
{
+ /* FIXME: This may raise a bus error. */
struct s
{
u32 conv;
@@ -530,8 +554,8 @@ gcry_drbg_cpu_to_be32 (u32 val, unsigned char *buf)
}
static void
-gcry_drbg_add_buf (unsigned char *dst, size_t dstlen,
- unsigned char *add, size_t addlen)
+drbg_add_buf (unsigned char *dst, size_t dstlen,
+ unsigned char *add, size_t addlen)
{
/* implied: dstlen > addlen */
unsigned char *dstptr, *addptr;
@@ -566,15 +590,16 @@ gcry_drbg_add_buf (unsigned char *dst, size_t dstlen,
* data pointer. Thus we need to use a global variable for
* communication. However, the then required locking is anyway a good
* idea because it does not make sense to have several readers of (say
- * /dev/random). It is easier to serve them one after the other. */
+ * /dev/random). It is easier to serve them one after the other.
+ */
static unsigned char *read_cb_buffer; /* The buffer. */
-static size_t read_cb_size; /* Size of the buffer. */
-static size_t read_cb_len; /* Used length. */
+static size_t read_cb_size; /* Size of the buffer. */
+static size_t read_cb_len; /* Used length. */
/* Callback for generating seed from kernel device. */
static void
-gcry_drbg_read_cb (const void *buffer, size_t length,
- enum random_origins origin)
+drbg_read_cb (const void *buffer, size_t length,
+ enum random_origins origin)
{
const unsigned char *p = buffer;
@@ -588,7 +613,7 @@ gcry_drbg_read_cb (const void *buffer, size_t length,
}
static inline int
-gcry_drbg_get_entropy (struct gcry_drbg_state *drbg, unsigned char *buffer,
+drbg_get_entropy (drbg_state_t drbg, unsigned char *buffer,
size_t len)
{
int rc = 0;
@@ -601,7 +626,7 @@ gcry_drbg_get_entropy (struct gcry_drbg_state *drbg, unsigned char *buffer,
read_cb_size = len;
read_cb_len = 0;
#if USE_RNDLINUX
- rc = _gcry_rndlinux_gather_random (gcry_drbg_read_cb, 0, len,
+ rc = _gcry_rndlinux_gather_random (drbg_read_cb, 0, len,
GCRY_VERY_STRONG_RANDOM);
#elif USE_RNDUNIX
rc = _gcry_rndunix_gather_random (read_cb, 0, length,
@@ -625,27 +650,27 @@ gcry_drbg_get_entropy (struct gcry_drbg_state *drbg, unsigned char *buffer,
/* BCC function for CTR DRBG as defined in 10.4.3 */
static gpg_err_code_t
-gcry_drbg_ctr_bcc (struct gcry_drbg_state *drbg,
- unsigned char *out, const unsigned char *key,
- struct gcry_drbg_string *in)
+drbg_ctr_bcc (drbg_state_t drbg,
+ unsigned char *out, const unsigned char *key,
+ drbg_string_t *in)
{
gpg_err_code_t ret = GPG_ERR_GENERAL;
- struct gcry_drbg_string *curr = in;
+ drbg_string_t *curr = in;
size_t inpos = curr->len;
const unsigned char *pos = curr->buf;
- struct gcry_drbg_string data;
+ drbg_string_t data;
- gcry_drbg_string_fill (&data, out, gcry_drbg_blocklen (drbg));
+ drbg_string_fill (&data, out, drbg_blocklen (drbg));
/* 10.4.3 step 1 */
- memset (out, 0, gcry_drbg_blocklen (drbg));
+ memset (out, 0, drbg_blocklen (drbg));
/* 10.4.3 step 2 / 4 */
while (inpos)
{
short cnt = 0;
/* 10.4.3 step 4.1 */
- for (cnt = 0; cnt < gcry_drbg_blocklen (drbg); cnt++)
+ for (cnt = 0; cnt < drbg_blocklen (drbg); cnt++)
{
out[cnt] ^= *pos;
pos++;
@@ -672,7 +697,7 @@ gcry_drbg_ctr_bcc (struct gcry_drbg_state *drbg,
}
}
/* 10.4.3 step 4.2 */
- ret = gcry_drbg_sym (drbg, key, out, &data);
+ ret = drbg_sym (drbg, key, out, &data);
if (ret)
return ret;
/* 10.4.3 step 2 */
@@ -682,13 +707,13 @@ gcry_drbg_ctr_bcc (struct gcry_drbg_state *drbg,
/*
- * scratchpad usage: gcry_drbg_ctr_update is interlinked with gcry_drbg_ctr_df
- * (and gcry_drbg_ctr_bcc, but this function does not need any temporary buffers),
+ * scratchpad usage: drbg_ctr_update is interlinked with drbg_ctr_df
+ * (and drbg_ctr_bcc, but this function does not need any temporary buffers),
* the scratchpad is used as follows:
- * gcry_drbg_ctr_update:
+ * drbg_ctr_update:
* temp
* start: drbg->scratchpad
- * length: gcry_drbg_statelen(drbg) + gcry_drbg_blocklen(drbg)
+ * length: drbg_statelen(drbg) + drbg_blocklen(drbg)
* note: the cipher writing into this variable works
* blocklen-wise. Now, when the statelen is not a multiple
* of blocklen, the generateion loop below "spills over"
@@ -696,44 +721,44 @@ gcry_drbg_ctr_bcc (struct gcry_drbg_state *drbg,
* memory.
* df_data
* start: drbg->scratchpad +
- * gcry_drbg_statelen(drbg) +
- * gcry_drbg_blocklen(drbg)
- * length: gcry_drbg_statelen(drbg)
+ * drbg_statelen(drbg) +
+ * drbg_blocklen(drbg)
+ * length: drbg_statelen(drbg)
*
- * gcry_drbg_ctr_df:
+ * drbg_ctr_df:
* pad
- * start: df_data + gcry_drbg_statelen(drbg)
- * length: gcry_drbg_blocklen(drbg)
+ * start: df_data + drbg_statelen(drbg)
+ * length: drbg_blocklen(drbg)
* iv
- * start: pad + gcry_drbg_blocklen(drbg)
- * length: gcry_drbg_blocklen(drbg)
+ * start: pad + drbg_blocklen(drbg)
+ * length: drbg_blocklen(drbg)
* temp
- * start: iv + gcry_drbg_blocklen(drbg)
- * length: gcry_drbg_satelen(drbg) + gcry_drbg_blocklen(drbg)
+ * start: iv + drbg_blocklen(drbg)
+ * length: drbg_satelen(drbg) + drbg_blocklen(drbg)
* note: temp is the buffer that the BCC function operates
- * on. BCC operates blockwise. gcry_drbg_statelen(drbg)
+ * on. BCC operates blockwise. drbg_statelen(drbg)
* is sufficient when the DRBG state length is a multiple
* of the block size. For AES192 (and maybe other ciphers)
* this is not correct and the length for temp is
* insufficient (yes, that also means for such ciphers,
* the final output of all BCC rounds are truncated).
- * Therefore, add gcry_drbg_blocklen(drbg) to cover all
+ * Therefore, add drbg_blocklen(drbg) to cover all
* possibilities.
*/
/* Derivation Function for CTR DRBG as defined in 10.4.2 */
static gpg_err_code_t
-gcry_drbg_ctr_df (struct gcry_drbg_state *drbg, unsigned char *df_data,
- size_t bytes_to_return, struct gcry_drbg_string *addtl)
+drbg_ctr_df (drbg_state_t drbg, unsigned char *df_data,
+ size_t bytes_to_return, drbg_string_t *addtl)
{
gpg_err_code_t ret = GPG_ERR_GENERAL;
unsigned char L_N[8];
/* S3 is input */
- struct gcry_drbg_string S1, S2, S4, cipherin;
- struct gcry_drbg_string *tempstr = addtl;
- unsigned char *pad = df_data + gcry_drbg_statelen (drbg);
- unsigned char *iv = pad + gcry_drbg_blocklen (drbg);
- unsigned char *temp = iv + gcry_drbg_blocklen (drbg);
+ drbg_string_t S1, S2, S4, cipherin;
+ drbg_string_t *tempstr = addtl;
+ unsigned char *pad = df_data + drbg_statelen (drbg);
+ unsigned char *iv = pad + drbg_blocklen (drbg);
+ unsigned char *temp = iv + drbg_blocklen (drbg);
size_t padlen = 0;
unsigned int templen = 0;
/* 10.4.2 step 7 */
@@ -746,9 +771,9 @@ gcry_drbg_ctr_df (struct gcry_drbg_state *drbg, unsigned char *df_data,
size_t generated_len = 0;
size_t inputlen = 0;
- memset (pad, 0, gcry_drbg_blocklen (drbg));
- memset (iv, 0, gcry_drbg_blocklen (drbg));
- memset (temp, 0, gcry_drbg_statelen (drbg));
+ memset (pad, 0, drbg_blocklen (drbg));
+ memset (iv, 0, drbg_blocklen (drbg));
+ memset (temp, 0, drbg_statelen (drbg));
/* 10.4.2 step 1 is implicit as we work byte-wise */
@@ -759,25 +784,25 @@ gcry_drbg_ctr_df (struct gcry_drbg_state *drbg, unsigned char *df_data,
/* 10.4.2 step 2 -- calculate the entire length of all input data */
for (; NULL != tempstr; tempstr = tempstr->next)
inputlen += tempstr->len;
- gcry_drbg_cpu_to_be32 (inputlen, &L_N[0]);
+ drbg_cpu_to_be32 (inputlen, &L_N[0]);
/* 10.4.2 step 3 */
- gcry_drbg_cpu_to_be32 (bytes_to_return, &L_N[4]);
+ drbg_cpu_to_be32 (bytes_to_return, &L_N[4]);
/* 10.4.2 step 5: length is size of L_N, input_string, one byte, padding */
- padlen = (inputlen + sizeof (L_N) + 1) % (gcry_drbg_blocklen (drbg));
+ padlen = (inputlen + sizeof (L_N) + 1) % (drbg_blocklen (drbg));
/* wrap the padlen appropriately */
if (padlen)
- padlen = gcry_drbg_blocklen (drbg) - padlen;
+ padlen = drbg_blocklen (drbg) - padlen;
/* pad / padlen contains the 0x80 byte and the following zero bytes, so
* add one for byte for 0x80 */
padlen++;
pad[0] = 0x80;
/* 10.4.2 step 4 -- first fill the linked list and then order it */
- gcry_drbg_string_fill (&S1, iv, gcry_drbg_blocklen (drbg));
- gcry_drbg_string_fill (&S2, L_N, sizeof (L_N));
- gcry_drbg_string_fill (&S4, pad, padlen);
+ drbg_string_fill (&S1, iv, drbg_blocklen (drbg));
+ drbg_string_fill (&S2, L_N, sizeof (L_N));
+ drbg_string_fill (&S4, pad, padlen);
S1.next = &S2;
S2.next = addtl;
@@ -790,25 +815,25 @@ gcry_drbg_ctr_df (struct gcry_drbg_state *drbg, unsigned char *df_data,
tempstr->next = &S4;
/* 10.4.2 step 9 */
- while (templen < (gcry_drbg_keylen (drbg) + (gcry_drbg_blocklen (drbg))))
+ while (templen < (drbg_keylen (drbg) + (drbg_blocklen (drbg))))
{
/* 10.4.2 step 9.1 - the padding is implicit as the buffer
* holds zeros after allocation -- even the increment of i
* is irrelevant as the increment remains within length of i */
- gcry_drbg_cpu_to_be32 (i, iv);
+ drbg_cpu_to_be32 (i, iv);
/* 10.4.2 step 9.2 -- BCC and concatenation with temp */
- ret = gcry_drbg_ctr_bcc (drbg, temp + templen, K, &S1);
+ ret = drbg_ctr_bcc (drbg, temp + templen, K, &S1);
if (ret)
goto out;
/* 10.4.2 step 9.3 */
i++;
- templen += gcry_drbg_blocklen (drbg);
+ templen += drbg_blocklen (drbg);
}
/* 10.4.2 step 11 */
/* implicit key len with seedlen - blocklen according to table 3 */
- X = temp + (gcry_drbg_keylen (drbg));
- gcry_drbg_string_fill (&cipherin, X, gcry_drbg_blocklen (drbg));
+ X = temp + (drbg_keylen (drbg));
+ drbg_string_fill (&cipherin, X, drbg_blocklen (drbg));
/* 10.4.2 step 12: overwriting of outval */
@@ -818,14 +843,14 @@ gcry_drbg_ctr_df (struct gcry_drbg_state *drbg, unsigned char *df_data,
short blocklen = 0;
/* 10.4.2 step 13.1 */
/* the truncation of the key length is implicit as the key
- * is only gcry_drbg_blocklen in size -- check for the implementation
+ * is only drbg_blocklen in size -- check for the implementation
* of the cipher function callback */
- ret = gcry_drbg_sym (drbg, temp, X, &cipherin);
+ ret = drbg_sym (drbg, temp, X, &cipherin);
if (ret)
goto out;
- blocklen = (gcry_drbg_blocklen (drbg) <
+ blocklen = (drbg_blocklen (drbg) <
(bytes_to_return - generated_len)) ?
- gcry_drbg_blocklen (drbg) : (bytes_to_return - generated_len);
+ drbg_blocklen (drbg) : (bytes_to_return - generated_len);
/* 10.4.2 step 13.2 and 14 */
memcpy (df_data + generated_len, X, blocklen);
generated_len += blocklen;
@@ -833,45 +858,44 @@ gcry_drbg_ctr_df (struct gcry_drbg_state *drbg, unsigned char *df_data,
ret = 0;
-out:
- memset (iv, 0, gcry_drbg_blocklen (drbg));
- memset (temp, 0, gcry_drbg_statelen (drbg));
- memset (pad, 0, gcry_drbg_blocklen (drbg));
+ out:
+ memset (iv, 0, drbg_blocklen (drbg));
+ memset (temp, 0, drbg_statelen (drbg));
+ memset (pad, 0, drbg_blocklen (drbg));
return ret;
}
/*
- * update function of CTR DRBG as defined in 10.2.1.2
+ * Update function of CTR DRBG as defined in 10.2.1.2
*
* The reseed variable has an enhanced meaning compared to the update
* functions of the other DRBGs as follows:
* 0 => initial seed from initialization
- * 1 => reseed via gcry_drbg_seed
- * 2 => first invocation from gcry_drbg_ctr_update when addtl is present. In
+ * 1 => reseed via drbg_seed
+ * 2 => first invocation from drbg_ctr_update when addtl is present. In
* this case, the df_data scratchpad is not deleted so that it is
* available for another calls to prevent calling the DF function
* again.
- * 3 => second invocation from gcry_drbg_ctr_update. When the update function
+ * 3 => second invocation from drbg_ctr_update. When the update function
* was called with addtl, the df_data memory already contains the
* DFed addtl information and we do not need to call DF again.
*/
static gpg_err_code_t
-gcry_drbg_ctr_update (struct gcry_drbg_state *drbg,
- struct gcry_drbg_string *addtl, int reseed)
+drbg_ctr_update (drbg_state_t drbg, drbg_string_t *addtl, int reseed)
{
gpg_err_code_t ret = GPG_ERR_GENERAL;
/* 10.2.1.2 step 1 */
unsigned char *temp = drbg->scratchpad;
unsigned char *df_data = drbg->scratchpad +
- gcry_drbg_statelen (drbg) + gcry_drbg_blocklen (drbg);
+ drbg_statelen (drbg) + drbg_blocklen (drbg);
unsigned char *temp_p, *df_data_p; /* pointer to iterate over buffers */
unsigned int len = 0;
- struct gcry_drbg_string cipherin;
+ drbg_string_t cipherin;
unsigned char prefix = DRBG_PREFIX1;
- memset (temp, 0, gcry_drbg_statelen (drbg) + gcry_drbg_blocklen (drbg));
+ memset (temp, 0, drbg_statelen (drbg) + drbg_blocklen (drbg));
if (3 > reseed)
- memset (df_data, 0, gcry_drbg_statelen (drbg));
+ memset (df_data, 0, drbg_statelen (drbg));
/* 10.2.1.3.2 step 2 and 10.2.1.4.2 step 2 */
/* TODO use reseed variable to avoid re-doing DF operation */
@@ -879,31 +903,31 @@ gcry_drbg_ctr_update (struct gcry_drbg_state *drbg,
if (addtl && 0 < addtl->len)
{
ret =
- gcry_drbg_ctr_df (drbg, df_data, gcry_drbg_statelen (drbg), addtl);
+ drbg_ctr_df (drbg, df_data, drbg_statelen (drbg), addtl);
if (ret)
goto out;
}
- gcry_drbg_string_fill (&cipherin, drbg->V, gcry_drbg_blocklen (drbg));
+ drbg_string_fill (&cipherin, drbg->V, drbg_blocklen (drbg));
/* 10.2.1.3.2 step 2 and 3 -- are already covered as we memset(0)
* all memory during initialization */
- while (len < (gcry_drbg_statelen (drbg)))
+ while (len < (drbg_statelen (drbg)))
{
/* 10.2.1.2 step 2.1 */
- gcry_drbg_add_buf (drbg->V, gcry_drbg_blocklen (drbg), &prefix, 1);
+ drbg_add_buf (drbg->V, drbg_blocklen (drbg), &prefix, 1);
/* 10.2.1.2 step 2.2 */
/* using target of temp + len: 10.2.1.2 step 2.3 and 3 */
- ret = gcry_drbg_sym (drbg, drbg->C, temp + len, &cipherin);
+ ret = drbg_sym (drbg, drbg->C, temp + len, &cipherin);
if (ret)
goto out;
/* 10.2.1.2 step 2.3 and 3 */
- len += gcry_drbg_blocklen (drbg);
+ len += drbg_blocklen (drbg);
}
/* 10.2.1.2 step 4 */
temp_p = temp;
df_data_p = df_data;
- for (len = 0; len < gcry_drbg_statelen (drbg); len++)
+ for (len = 0; len < drbg_statelen (drbg); len++)
{
*temp_p ^= *df_data_p;
df_data_p++;
@@ -911,77 +935,77 @@ gcry_drbg_ctr_update (struct gcry_drbg_state *drbg,
}
/* 10.2.1.2 step 5 */
- memcpy (drbg->C, temp, gcry_drbg_keylen (drbg));
+ memcpy (drbg->C, temp, drbg_keylen (drbg));
/* 10.2.1.2 step 6 */
- memcpy (drbg->V, temp + gcry_drbg_keylen (drbg), gcry_drbg_blocklen (drbg));
+ memcpy (drbg->V, temp + drbg_keylen (drbg), drbg_blocklen (drbg));
ret = 0;
-out:
- memset (temp, 0, gcry_drbg_statelen (drbg) + gcry_drbg_blocklen (drbg));
+ out:
+ memset (temp, 0, drbg_statelen (drbg) + drbg_blocklen (drbg));
if (2 != reseed)
- memset (df_data, 0, gcry_drbg_statelen (drbg));
+ memset (df_data, 0, drbg_statelen (drbg));
return ret;
}
/*
- * scratchpad use: gcry_drbg_ctr_update is called independently from
- * gcry_drbg_ctr_extract_bytes. Therefore, the scratchpad is reused
+ * scratchpad use: drbg_ctr_update is called independently from
+ * drbg_ctr_extract_bytes. Therefore, the scratchpad is reused
*/
/* Generate function of CTR DRBG as defined in 10.2.1.5.2 */
static gpg_err_code_t
-gcry_drbg_ctr_generate (struct gcry_drbg_state *drbg,
- unsigned char *buf, unsigned int buflen,
- struct gcry_drbg_string *addtl)
+drbg_ctr_generate (drbg_state_t drbg,
+ unsigned char *buf, unsigned int buflen,
+ drbg_string_t *addtl)
{
gpg_err_code_t ret = 0;
unsigned int len = 0;
- struct gcry_drbg_string data;
+ drbg_string_t data;
unsigned char prefix = DRBG_PREFIX1;
- memset (drbg->scratchpad, 0, gcry_drbg_blocklen (drbg));
+ memset (drbg->scratchpad, 0, drbg_blocklen (drbg));
/* 10.2.1.5.2 step 2 */
if (addtl && 0 < addtl->len)
{
addtl->next = NULL;
- ret = gcry_drbg_ctr_update (drbg, addtl, 2);
+ ret = drbg_ctr_update (drbg, addtl, 2);
if (ret)
return ret;
}
/* 10.2.1.5.2 step 4.1 */
- gcry_drbg_add_buf (drbg->V, gcry_drbg_blocklen (drbg), &prefix, 1);
- gcry_drbg_string_fill (&data, drbg->V, gcry_drbg_blocklen (drbg));
+ drbg_add_buf (drbg->V, drbg_blocklen (drbg), &prefix, 1);
+ drbg_string_fill (&data, drbg->V, drbg_blocklen (drbg));
while (len < buflen)
{
unsigned int outlen = 0;
/* 10.2.1.5.2 step 4.2 */
- ret = gcry_drbg_sym (drbg, drbg->C, drbg->scratchpad, &data);
+ ret = drbg_sym (drbg, drbg->C, drbg->scratchpad, &data);
if (ret)
goto out;
- outlen = (gcry_drbg_blocklen (drbg) < (buflen - len)) ?
- gcry_drbg_blocklen (drbg) : (buflen - len);
+ outlen = (drbg_blocklen (drbg) < (buflen - len)) ?
+ drbg_blocklen (drbg) : (buflen - len);
/* 10.2.1.5.2 step 4.3 */
memcpy (buf + len, drbg->scratchpad, outlen);
len += outlen;
/* 10.2.1.5.2 step 6 */
if (len < buflen)
- gcry_drbg_add_buf (drbg->V, gcry_drbg_blocklen (drbg), &prefix, 1);
+ drbg_add_buf (drbg->V, drbg_blocklen (drbg), &prefix, 1);
}
/* 10.2.1.5.2 step 6 */
if (addtl)
addtl->next = NULL;
- ret = gcry_drbg_ctr_update (drbg, addtl, 3);
+ ret = drbg_ctr_update (drbg, addtl, 3);
-out:
- memset (drbg->scratchpad, 0, gcry_drbg_blocklen (drbg));
+ out:
+ memset (drbg->scratchpad, 0, drbg_blocklen (drbg));
return ret;
}
-static struct gcry_drbg_state_ops gcry_drbg_ctr_ops = {
- gcry_drbg_ctr_update,
- gcry_drbg_ctr_generate,
+static struct drbg_state_ops_s drbg_ctr_ops = {
+ drbg_ctr_update,
+ drbg_ctr_generate
};
/******************************************************************
@@ -989,28 +1013,29 @@ static struct gcry_drbg_state_ops gcry_drbg_ctr_ops = {
******************************************************************/
static gpg_err_code_t
-gcry_drbg_hmac_update (struct gcry_drbg_state *drbg,
- struct gcry_drbg_string *seed, int reseed)
+drbg_hmac_update (drbg_state_t drbg, drbg_string_t *seed, int reseed)
{
gpg_err_code_t ret = GPG_ERR_GENERAL;
int i = 0;
- struct gcry_drbg_string seed1, seed2, cipherin;
+ drbg_string_t seed1, seed2, cipherin;
if (!reseed)
- /* 10.1.2.3 step 2 already implicitly covered with
- * the initial memset(0) of drbg->C */
- memset (drbg->V, 1, gcry_drbg_statelen (drbg));
+ {
+ /* 10.1.2.3 step 2 already implicitly covered with
+ * the initial memset(0) of drbg->C */
+ memset (drbg->V, 1, drbg_statelen (drbg));
+ }
/* build linked list which implements the concatenation and fill
* first part*/
- gcry_drbg_string_fill (&seed1, drbg->V, gcry_drbg_statelen (drbg));
+ drbg_string_fill (&seed1, drbg->V, drbg_statelen (drbg));
/* buffer will be filled in for loop below with one byte */
- gcry_drbg_string_fill (&seed2, NULL, 1);
+ drbg_string_fill (&seed2, NULL, 1);
seed1.next = &seed2;
/* seed may be NULL */
seed2.next = seed;
- gcry_drbg_string_fill (&cipherin, drbg->V, gcry_drbg_statelen (drbg));
+ drbg_string_fill (&cipherin, drbg->V, drbg_statelen (drbg));
/* we execute two rounds of V/K massaging */
for (i = 2; 0 < i; i--)
{
@@ -1020,12 +1045,12 @@ gcry_drbg_hmac_update (struct gcry_drbg_state *drbg,
prefix = DRBG_PREFIX1;
/* 10.1.2.2 step 1 and 4 -- concatenation and HMAC for key */
seed2.buf = &prefix;
- ret = gcry_drbg_hmac (drbg, drbg->C, drbg->C, &seed1);
+ ret = drbg_hmac (drbg, drbg->C, drbg->C, &seed1);
if (ret)
return ret;
/* 10.1.2.2 step 2 and 5 -- HMAC for V */
- ret = gcry_drbg_hmac (drbg, drbg->C, drbg->V, &cipherin);
+ ret = drbg_hmac (drbg, drbg->C, drbg->V, &cipherin);
if (ret)
return ret;
@@ -1038,33 +1063,32 @@ gcry_drbg_hmac_update (struct gcry_drbg_state *drbg,
/* generate function of HMAC DRBG as defined in 10.1.2.5 */
static gpg_err_code_t
-gcry_drbg_hmac_generate (struct gcry_drbg_state *drbg,
- unsigned char *buf,
- unsigned int buflen, struct gcry_drbg_string *addtl)
+drbg_hmac_generate (drbg_state_t drbg, unsigned char *buf, unsigned int buflen,
+ drbg_string_t *addtl)
{
gpg_err_code_t ret = 0;
unsigned int len = 0;
- struct gcry_drbg_string data;
+ drbg_string_t data;
/* 10.1.2.5 step 2 */
if (addtl && 0 < addtl->len)
{
addtl->next = NULL;
- ret = gcry_drbg_hmac_update (drbg, addtl, 1);
+ ret = drbg_hmac_update (drbg, addtl, 1);
if (ret)
return ret;
}
- gcry_drbg_string_fill (&data, drbg->V, gcry_drbg_statelen (drbg));
+ drbg_string_fill (&data, drbg->V, drbg_statelen (drbg));
while (len < buflen)
{
unsigned int outlen = 0;
/* 10.1.2.5 step 4.1 */
- ret = gcry_drbg_hmac (drbg, drbg->C, drbg->V, &data);
+ ret = drbg_hmac (drbg, drbg->C, drbg->V, &data);
if (ret)
return ret;
- outlen = (gcry_drbg_blocklen (drbg) < (buflen - len)) ?
- gcry_drbg_blocklen (drbg) : (buflen - len);
+ outlen = (drbg_blocklen (drbg) < (buflen - len)) ?
+ drbg_blocklen (drbg) : (buflen - len);
/* 10.1.2.5 step 4.2 */
memcpy (buf + len, drbg->V, outlen);
@@ -1074,14 +1098,14 @@ gcry_drbg_hmac_generate (struct gcry_drbg_state *drbg,
/* 10.1.2.5 step 6 */
if (addtl)
addtl->next = NULL;
- ret = gcry_drbg_hmac_update (drbg, addtl, 1);
+ ret = drbg_hmac_update (drbg, addtl, 1);
return ret;
}
-static struct gcry_drbg_state_ops gcry_drbg_hmac_ops = {
- gcry_drbg_hmac_update,
- gcry_drbg_hmac_generate,
+static struct drbg_state_ops_s drbg_hmac_ops = {
+ drbg_hmac_update,
+ drbg_hmac_generate
};
/******************************************************************
@@ -1089,35 +1113,35 @@ static struct gcry_drbg_state_ops gcry_drbg_hmac_ops = {
******************************************************************/
/*
- * scratchpad usage: as gcry_drbg_hash_update and gcry_drbg_hash_df are used
+ * scratchpad usage: as drbg_hash_update and drbg_hash_df are used
* interlinked, the scratchpad is used as follows:
- * gcry_drbg_hash_update
+ * drbg_hash_update
* start: drbg->scratchpad
- * length: gcry_drbg_statelen(drbg)
- * gcry_drbg_hash_df:
- * start: drbg->scratchpad + gcry_drbg_statelen(drbg)
- * length: gcry_drbg_blocklen(drbg)
+ * length: drbg_statelen(drbg)
+ * drbg_hash_df:
+ * start: drbg->scratchpad + drbg_statelen(drbg)
+ * length: drbg_blocklen(drbg)
*/
/* Derivation Function for Hash DRBG as defined in 10.4.1 */
static gpg_err_code_t
-gcry_drbg_hash_df (struct gcry_drbg_state *drbg,
- unsigned char *outval, size_t outlen,
- struct gcry_drbg_string *entropy)
+drbg_hash_df (drbg_state_t drbg,
+ unsigned char *outval, size_t outlen,
+ drbg_string_t *entropy)
{
gpg_err_code_t ret = 0;
size_t len = 0;
unsigned char input[5];
- unsigned char *tmp = drbg->scratchpad + gcry_drbg_statelen (drbg);
- struct gcry_drbg_string data1;
+ unsigned char *tmp = drbg->scratchpad + drbg_statelen (drbg);
+ drbg_string_t data1;
- memset (tmp, 0, gcry_drbg_blocklen (drbg));
+ memset (tmp, 0, drbg_blocklen (drbg));
/* 10.4.1 step 3 */
input[0] = 1;
- gcry_drbg_cpu_to_be32 ((outlen * 8), &input[1]);
+ drbg_cpu_to_be32 ((outlen * 8), &input[1]);
/* 10.4.1 step 4.1 -- concatenation of data for input into hash */
- gcry_drbg_string_fill (&data1, input, 5);
+ drbg_string_fill (&data1, input, 5);
data1.next = entropy;
/* 10.4.1 step 4 */
@@ -1125,33 +1149,32 @@ gcry_drbg_hash_df (struct gcry_drbg_state *drbg,
{
short blocklen = 0;
/* 10.4.1 step 4.1 */
- ret = gcry_drbg_hmac (drbg, NULL, tmp, &data1);
+ ret = drbg_hmac (drbg, NULL, tmp, &data1);
if (ret)
goto out;
/* 10.4.1 step 4.2 */
input[0]++;
- blocklen = (gcry_drbg_blocklen (drbg) < (outlen - len)) ?
- gcry_drbg_blocklen (drbg) : (outlen - len);
+ blocklen = (drbg_blocklen (drbg) < (outlen - len)) ?
+ drbg_blocklen (drbg) : (outlen - len);
memcpy (outval + len, tmp, blocklen);
len += blocklen;
}
-out:
- memset (tmp, 0, gcry_drbg_blocklen (drbg));
+ out:
+ memset (tmp, 0, drbg_blocklen (drbg));
return ret;
}
/* update function for Hash DRBG as defined in 10.1.1.2 / 10.1.1.3 */
static gpg_err_code_t
-gcry_drbg_hash_update (struct gcry_drbg_state *drbg,
- struct gcry_drbg_string *seed, int reseed)
+drbg_hash_update (drbg_state_t drbg, drbg_string_t *seed, int reseed)
{
gpg_err_code_t ret = 0;
- struct gcry_drbg_string data1, data2;
+ drbg_string_t data1, data2;
unsigned char *V = drbg->scratchpad;
unsigned char prefix = DRBG_PREFIX1;
- memset (drbg->scratchpad, 0, gcry_drbg_statelen (drbg));
+ memset (drbg->scratchpad, 0, drbg_statelen (drbg));
if (!seed)
return GPG_ERR_INV_ARG;
@@ -1161,71 +1184,70 @@ gcry_drbg_hash_update (struct gcry_drbg_state *drbg,
* 1 byte, V and seed (which is concatenated entropy/addtl
* input)
*/
- memcpy (V, drbg->V, gcry_drbg_statelen (drbg));
- gcry_drbg_string_fill (&data1, &prefix, 1);
- gcry_drbg_string_fill (&data2, V, gcry_drbg_statelen (drbg));
+ memcpy (V, drbg->V, drbg_statelen (drbg));
+ drbg_string_fill (&data1, &prefix, 1);
+ drbg_string_fill (&data2, V, drbg_statelen (drbg));
data1.next = &data2;
data2.next = seed;
}
else
{
- gcry_drbg_string_fill (&data1, seed->buf, seed->len);
+ drbg_string_fill (&data1, seed->buf, seed->len);
data1.next = seed->next;
}
/* 10.1.1.2 / 10.1.1.3 step 2 and 3 */
- ret = gcry_drbg_hash_df (drbg, drbg->V, gcry_drbg_statelen (drbg), &data1);
+ ret = drbg_hash_df (drbg, drbg->V, drbg_statelen (drbg), &data1);
if (ret)
goto out;
/* 10.1.1.2 / 10.1.1.3 step 4 -- concatenation */
prefix = DRBG_PREFIX0;
- gcry_drbg_string_fill (&data1, &prefix, 1);
- gcry_drbg_string_fill (&data2, drbg->V, gcry_drbg_statelen (drbg));
+ drbg_string_fill (&data1, &prefix, 1);
+ drbg_string_fill (&data2, drbg->V, drbg_statelen (drbg));
data1.next = &data2;
/* 10.1.1.2 / 10.1.1.3 step 4 -- df operation */
- ret = gcry_drbg_hash_df (drbg, drbg->C, gcry_drbg_statelen (drbg), &data1);
+ ret = drbg_hash_df (drbg, drbg->C, drbg_statelen (drbg), &data1);
-out:
- memset (drbg->scratchpad, 0, gcry_drbg_statelen (drbg));
+ out:
+ memset (drbg->scratchpad, 0, drbg_statelen (drbg));
return ret;
}
-/* processing of additional information string for Hash DRBG */
+/* Processing of additional information string for Hash DRBG. */
static gpg_err_code_t
-gcry_drbg_hash_process_addtl (struct gcry_drbg_state *drbg,
- struct gcry_drbg_string *addtl)
+drbg_hash_process_addtl (drbg_state_t drbg, drbg_string_t *addtl)
{
gpg_err_code_t ret = 0;
- struct gcry_drbg_string data1, data2;
- struct gcry_drbg_string *data3;
+ drbg_string_t data1, data2;
+ drbg_string_t *data3;
unsigned char prefix = DRBG_PREFIX2;
/* this is value w as per documentation */
- memset (drbg->scratchpad, 0, gcry_drbg_blocklen (drbg));
+ memset (drbg->scratchpad, 0, drbg_blocklen (drbg));
/* 10.1.1.4 step 2 */
if (!addtl || 0 == addtl->len)
return 0;
/* 10.1.1.4 step 2a -- concatenation */
- gcry_drbg_string_fill (&data1, &prefix, 1);
- gcry_drbg_string_fill (&data2, drbg->V, gcry_drbg_statelen (drbg));
+ drbg_string_fill (&data1, &prefix, 1);
+ drbg_string_fill (&data2, drbg->V, drbg_statelen (drbg));
data3 = addtl;
data1.next = &data2;
data2.next = data3;
data3->next = NULL;
/* 10.1.1.4 step 2a -- cipher invocation */
- ret = gcry_drbg_hmac (drbg, NULL, drbg->scratchpad, &data1);
+ ret = drbg_hmac (drbg, NULL, drbg->scratchpad, &data1);
if (ret)
goto out;
/* 10.1.1.4 step 2b */
- gcry_drbg_add_buf (drbg->V, gcry_drbg_statelen (drbg),
- drbg->scratchpad, gcry_drbg_blocklen (drbg));
+ drbg_add_buf (drbg->V, drbg_statelen (drbg),
+ drbg->scratchpad, drbg_blocklen (drbg));
-out:
- memset (drbg->scratchpad, 0, gcry_drbg_blocklen (drbg));
+ out:
+ memset (drbg->scratchpad, 0, drbg_blocklen (drbg));
return ret;
}
@@ -1233,56 +1255,56 @@ out:
* Hashgen defined in 10.1.1.4
*/
static gpg_err_code_t
-gcry_drbg_hash_hashgen (struct gcry_drbg_state *drbg,
- unsigned char *buf, unsigned int buflen)
+drbg_hash_hashgen (drbg_state_t drbg,
+ unsigned char *buf, unsigned int buflen)
{
gpg_err_code_t ret = 0;
unsigned int len = 0;
unsigned char *src = drbg->scratchpad;
- unsigned char *dst = drbg->scratchpad + gcry_drbg_statelen (drbg);
- struct gcry_drbg_string data;
+ unsigned char *dst = drbg->scratchpad + drbg_statelen (drbg);
+ drbg_string_t data;
unsigned char prefix = DRBG_PREFIX1;
/* use the scratchpad as a lookaside buffer */
- memset (src, 0, gcry_drbg_statelen (drbg));
- memset (dst, 0, gcry_drbg_blocklen (drbg));
+ memset (src, 0, drbg_statelen (drbg));
+ memset (dst, 0, drbg_blocklen (drbg));
/* 10.1.1.4 step hashgen 2 */
- memcpy (src, drbg->V, gcry_drbg_statelen (drbg));
+ memcpy (src, drbg->V, drbg_statelen (drbg));
- gcry_drbg_string_fill (&data, src, gcry_drbg_statelen (drbg));
+ drbg_string_fill (&data, src, drbg_statelen (drbg));
while (len < buflen)
{
unsigned int outlen = 0;
/* 10.1.1.4 step hashgen 4.1 */
- ret = gcry_drbg_hmac (drbg, NULL, dst, &data);
+ ret = drbg_hmac (drbg, NULL, dst, &data);
if (ret)
goto out;
- outlen = (gcry_drbg_blocklen (drbg) < (buflen - len)) ?
- gcry_drbg_blocklen (drbg) : (buflen - len);
+ outlen = (drbg_blocklen (drbg) < (buflen - len)) ?
+ drbg_blocklen (drbg) : (buflen - len);
/* 10.1.1.4 step hashgen 4.2 */
memcpy (buf + len, dst, outlen);
len += outlen;
/* 10.1.1.4 hashgen step 4.3 */
if (len < buflen)
- gcry_drbg_add_buf (src, gcry_drbg_statelen (drbg), &prefix, 1);
+ drbg_add_buf (src, drbg_statelen (drbg), &prefix, 1);
}
-out:
+ out:
memset (drbg->scratchpad, 0,
- (gcry_drbg_statelen (drbg) + gcry_drbg_blocklen (drbg)));
+ (drbg_statelen (drbg) + drbg_blocklen (drbg)));
return ret;
}
-/* generate function for Hash DRBG as defined in 10.1.1.4 */
+/* Generate function for Hash DRBG as defined in 10.1.1.4 */
static gpg_err_code_t
-gcry_drbg_hash_generate (struct gcry_drbg_state *drbg,
+drbg_hash_generate (drbg_state_t drbg,
unsigned char *buf, unsigned int buflen,
- struct gcry_drbg_string *addtl)
+ drbg_string_t *addtl)
{
gpg_err_code_t ret = 0;
unsigned char prefix = DRBG_PREFIX3;
- struct gcry_drbg_string data1, data2;
+ drbg_string_t data1, data2;
union
{
unsigned char req[8];
@@ -1290,40 +1312,40 @@ gcry_drbg_hash_generate (struct gcry_drbg_state *drbg,
} u;
/*
- * scratchpad usage: gcry_drbg_hash_process_addtl uses the scratchpad, but
+ * scratchpad usage: drbg_hash_process_addtl uses the scratchpad, but
* fully completes before returning. Thus, we can reuse the scratchpad
*/
/* 10.1.1.4 step 2 */
- ret = gcry_drbg_hash_process_addtl (drbg, addtl);
+ ret = drbg_hash_process_addtl (drbg, addtl);
if (ret)
return ret;
/* 10.1.1.4 step 3 -- invocation of the Hashgen function defined in
* 10.1.1.4 */
- ret = gcry_drbg_hash_hashgen (drbg, buf, buflen);
+ ret = drbg_hash_hashgen (drbg, buf, buflen);
if (ret)
return ret;
/* this is the value H as documented in 10.1.1.4 */
- memset (drbg->scratchpad, 0, gcry_drbg_blocklen (drbg));
+ memset (drbg->scratchpad, 0, drbg_blocklen (drbg));
/* 10.1.1.4 step 4 */
- gcry_drbg_string_fill (&data1, &prefix, 1);
- gcry_drbg_string_fill (&data2, drbg->V, gcry_drbg_statelen (drbg));
+ drbg_string_fill (&data1, &prefix, 1);
+ drbg_string_fill (&data2, drbg->V, drbg_statelen (drbg));
data1.next = &data2;
- ret = gcry_drbg_hmac (drbg, NULL, drbg->scratchpad, &data1);
+ ret = drbg_hmac (drbg, NULL, drbg->scratchpad, &data1);
if (ret)
goto out;
/* 10.1.1.4 step 5 */
- gcry_drbg_add_buf (drbg->V, gcry_drbg_statelen (drbg),
- drbg->scratchpad, gcry_drbg_blocklen (drbg));
- gcry_drbg_add_buf (drbg->V, gcry_drbg_statelen (drbg), drbg->C,
- gcry_drbg_statelen (drbg));
+ drbg_add_buf (drbg->V, drbg_statelen (drbg),
+ drbg->scratchpad, drbg_blocklen (drbg));
+ drbg_add_buf (drbg->V, drbg_statelen (drbg), drbg->C,
+ drbg_statelen (drbg));
u.req_int = be_bswap64 (drbg->reseed_ctr);
- gcry_drbg_add_buf (drbg->V, gcry_drbg_statelen (drbg), u.req,
+ drbg_add_buf (drbg->V, drbg_statelen (drbg), u.req,
sizeof (u.req));
-out:
- memset (drbg->scratchpad, 0, gcry_drbg_blocklen (drbg));
+ out:
+ memset (drbg->scratchpad, 0, drbg_blocklen (drbg));
return ret;
}
@@ -1331,9 +1353,9 @@ out:
* scratchpad usage: as update and generate are used isolated, both
* can use the scratchpad
*/
-static struct gcry_drbg_state_ops gcry_drbg_hash_ops = {
- gcry_drbg_hash_update,
- gcry_drbg_hash_generate,
+static struct drbg_state_ops_s drbg_hash_ops = {
+ drbg_hash_update,
+ drbg_hash_generate
};
/******************************************************************
@@ -1352,23 +1374,22 @@ static struct gcry_drbg_state_ops gcry_drbg_hash_ops = {
* error value otherwise
*/
static gpg_err_code_t
-gcry_drbg_seed (struct gcry_drbg_state *drbg, struct gcry_drbg_string *pers,
- int reseed)
+drbg_seed (drbg_state_t drbg, drbg_string_t *pers, int reseed)
{
gpg_err_code_t ret = 0;
unsigned char *entropy = NULL;
size_t entropylen = 0;
- struct gcry_drbg_string data1;
+ drbg_string_t data1;
/* 9.1 / 9.2 / 9.3.1 step 3 */
- if (pers && pers->len > (gcry_drbg_max_addtl ()))
+ if (pers && pers->len > (drbg_max_addtl ()))
{
dbg (("DRBG: personalization string too long %lu\n", pers->len));
return GPG_ERR_INV_ARG;
}
if (drbg->test_data && drbg->test_data->testentropy)
{
- gcry_drbg_string_fill (&data1, drbg->test_data->testentropy->buf,
+ drbg_string_fill (&data1, drbg->test_data->testentropy->buf,
drbg->test_data->testentropy->len);
dbg (("DRBG: using test entropy\n"));
}
@@ -1380,7 +1401,7 @@ gcry_drbg_seed (struct gcry_drbg_state *drbg, struct gcry_drbg_string *pers,
* strength of the DRBG in size. Thus, entropy * nonce is 3/2
* of the strength. The consideration of a nonce is only
* applicable during initial seeding. */
- entropylen = gcry_drbg_sec_strength (drbg->core->flags);
+ entropylen = drbg_sec_strength (drbg->core->flags);
if (!entropylen)
return GPG_ERR_GENERAL;
if (0 == reseed)
@@ -1391,10 +1412,10 @@ gcry_drbg_seed (struct gcry_drbg_state *drbg, struct gcry_drbg_string *pers,
entropy = xcalloc_secure (1, entropylen);
if (!entropy)
return GPG_ERR_ENOMEM;
- ret = gcry_drbg_get_entropy (drbg, entropy, entropylen);
+ ret = drbg_get_entropy (drbg, entropy, entropylen);
if (ret)
goto out;
- gcry_drbg_string_fill (&data1, entropy, entropylen);
+ drbg_string_fill (&data1, entropy, entropylen);
}
/* concatenation of entropy with personalization str / addtl input)
@@ -1414,35 +1435,36 @@ gcry_drbg_seed (struct gcry_drbg_state *drbg, struct gcry_drbg_string *pers,
/* 10.1.1.2 / 10.1.1.3 step 5 */
drbg->reseed_ctr = 1;
-out:
+ out:
xfree (entropy);
return ret;
}
+
/*************************************************************************
- * exported interfaces
+ * Exported interfaces.
*************************************************************************/
/*
* DRBG generate function as required by SP800-90A - this function
* generates random numbers
*
- * @drbg DRBG state handle
- * @buf Buffer where to store the random numbers -- the buffer must already
- * be pre-allocated by caller
+ * @drbg DRBG state handle
+ * @buf Buffer where to store the random numbers -- the buffer must already
+ * be pre-allocated by caller
* @buflen Length of output buffer - this value defines the number of random
* bytes pulled from DRBG
- * @addtl Additional input that is mixed into state, may be NULL -- note
- * the entropy is pulled by the DRBG internally unconditionally
- * as defined in SP800-90A. The additional input is mixed into
- * the state in addition to the pulled entropy.
+ * @addtl Additional input that is mixed into state, may be NULL -- note
+ * the entropy is pulled by the DRBG internally unconditionally
+ * as defined in SP800-90A. The additional input is mixed into
+ * the state in addition to the pulled entropy.
*
- * return: generated number of bytes
+ * return: Generated number of bytes.
*/
static gpg_err_code_t
-gcry_drbg_generate (struct gcry_drbg_state *drbg,
- unsigned char *buf, unsigned int buflen,
- struct gcry_drbg_string *addtl)
+drbg_generate (drbg_state_t drbg,
+ unsigned char *buf, unsigned int buflen,
+ drbg_string_t *addtl)
{
gpg_err_code_t ret = GPG_ERR_INV_ARG;
@@ -1458,14 +1480,14 @@ gcry_drbg_generate (struct gcry_drbg_state *drbg,
}
/* 9.3.1 step 2 */
- if (buflen > (gcry_drbg_max_request_bytes ()))
+ if (buflen > (drbg_max_request_bytes ()))
{
dbg (("DRBG: requested random numbers too large %u\n", buflen));
return ret;
}
/* 9.3.1 step 3 is implicit with the chosen DRBG */
/* 9.3.1 step 4 */
- if (addtl && addtl->len > (gcry_drbg_max_addtl ()))
+ if (addtl && addtl->len > (drbg_max_addtl ()))
{
dbg (("DRBG: additional information string too long %lu\n",
addtl->len));
@@ -1474,14 +1496,14 @@ gcry_drbg_generate (struct gcry_drbg_state *drbg,
/* 9.3.1 step 5 is implicit with the chosen DRBG */
/* 9.3.1 step 6 and 9 supplemented by 9.3.2 step c -- the spec is a
* bit convoluted here, we make it simpler */
- if ((gcry_drbg_max_requests ()) < drbg->reseed_ctr)
+ if ((drbg_max_requests ()) < drbg->reseed_ctr)
drbg->seeded = 0;
if (drbg->pr || !drbg->seeded)
{
dbg (("DRBG: reseeding before generation (prediction resistance: %s, state %s)\n", drbg->pr ? "true" : "false", drbg->seeded ? "seeded" : "unseeded"));
/* 9.3.1 steps 7.1 through 7.3 */
- ret = gcry_drbg_seed (drbg, addtl, 1);
+ ret = drbg_seed (drbg, addtl, 1);
if (ret)
return ret;
/* 9.3.1 step 7.4 */
@@ -1516,7 +1538,7 @@ gcry_drbg_generate (struct gcry_drbg_state *drbg,
if (drbg->reseed_ctr && !(drbg->reseed_ctr % 4096))
{
dbg (("DRBG: start to perform self test\n"));
- ret = gcry_drbg_healthcheck ();
+ ret = drbg_healthcheck ();
if (ret)
{
log_fatal (("DRBG: self test failed\n"));
@@ -1533,17 +1555,17 @@ gcry_drbg_generate (struct gcry_drbg_state *drbg,
}
/*
- * Wrapper around gcry_drbg_generate which can pull arbitrary long strings
+ * Wrapper around drbg_generate which can pull arbitrary long strings
* from the DRBG without hitting the maximum request limitation.
*
- * Parameters: see gcry_drbg_generate
- * Return codes: see gcry_drbg_generate -- if one gcry_drbg_generate request fails,
- * the entire gcry_drbg_generate_long request fails
+ * Parameters: see drbg_generate
+ * Return codes: see drbg_generate -- if one drbg_generate request fails,
+ * the entire drbg_generate_long request fails
*/
static gpg_err_code_t
-gcry_drbg_generate_long (struct gcry_drbg_state *drbg,
- unsigned char *buf, unsigned int buflen,
- struct gcry_drbg_string *addtl)
+drbg_generate_long (drbg_state_t drbg,
+ unsigned char *buf, unsigned int buflen,
+ drbg_string_t *addtl)
{
gpg_err_code_t ret = 0;
unsigned int slice = 0;
@@ -1552,9 +1574,9 @@ gcry_drbg_generate_long (struct gcry_drbg_state *drbg,
do
{
unsigned int chunk = 0;
- slice = ((buflen - len) / gcry_drbg_max_request_bytes ());
- chunk = slice ? gcry_drbg_max_request_bytes () : (buflen - len);
- ret = gcry_drbg_generate (drbg, buf_p, chunk, addtl);
+ slice = ((buflen - len) / drbg_max_request_bytes ());
+ chunk = slice ? drbg_max_request_bytes () : (buflen - len);
+ ret = drbg_generate (drbg, buf_p, chunk, addtl);
if (ret)
return ret;
buf_p += chunk;
@@ -1574,7 +1596,7 @@ gcry_drbg_generate_long (struct gcry_drbg_state *drbg,
* 0 on success
*/
static gpg_err_code_t
-gcry_drbg_uninstantiate (struct gcry_drbg_state *drbg)
+drbg_uninstantiate (drbg_state_t drbg)
{
if (!drbg)
return GPG_ERR_INV_ARG;
@@ -1614,8 +1636,8 @@ gcry_drbg_uninstantiate (struct gcry_drbg_state *drbg)
* error value otherwise
*/
static gpg_err_code_t
-gcry_drbg_instantiate (struct gcry_drbg_state *drbg,
- struct gcry_drbg_string *pers, int coreref, int pr)
+drbg_instantiate (drbg_state_t drbg,
+ drbg_string_t *pers, int coreref, int pr)
{
gpg_err_code_t ret = GPG_ERR_ENOMEM;
unsigned int sb_size = 0;
@@ -1625,44 +1647,44 @@ gcry_drbg_instantiate (struct gcry_drbg_state *drbg,
dbg (("DRBG: Initializing DRBG core %d with prediction resistance %s\n",
coreref, pr ? "enabled" : "disabled"));
- drbg->core = &gcry_drbg_cores[coreref];
+ drbg->core = &drbg_cores[coreref];
drbg->pr = pr;
drbg->seeded = 0;
- if (drbg->core->flags & GCRY_DRBG_HMAC)
- drbg->d_ops = &gcry_drbg_hmac_ops;
- else if (drbg->core->flags & GCRY_DRBG_HASH_MASK)
- drbg->d_ops = &gcry_drbg_hash_ops;
- else if (drbg->core->flags & GCRY_DRBG_CTR_MASK)
- drbg->d_ops = &gcry_drbg_ctr_ops;
+ if (drbg->core->flags & DRBG_HMAC)
+ drbg->d_ops = &drbg_hmac_ops;
+ else if (drbg->core->flags & DRBG_HASH_MASK)
+ drbg->d_ops = &drbg_hash_ops;
+ else if (drbg->core->flags & DRBG_CTR_MASK)
+ drbg->d_ops = &drbg_ctr_ops;
else
return GPG_ERR_GENERAL;
/* 9.1 step 1 is implicit with the selected DRBG type -- see
- * gcry_drbg_sec_strength() */
+ * drbg_sec_strength() */
/* 9.1 step 2 is implicit as caller can select prediction resistance
* and the flag is copied into drbg->flags --
* all DRBG types support prediction resistance */
- /* 9.1 step 4 is implicit in gcry_drbg_sec_strength */
+ /* 9.1 step 4 is implicit in drbg_sec_strength */
/* no allocation of drbg as this is done by the kernel crypto API */
- drbg->V = xcalloc_secure (1, gcry_drbg_statelen (drbg));
+ drbg->V = xcalloc_secure (1, drbg_statelen (drbg));
if (!drbg->V)
goto err;
- drbg->C = xcalloc_secure (1, gcry_drbg_statelen (drbg));
+ drbg->C = xcalloc_secure (1, drbg_statelen (drbg));
if (!drbg->C)
goto err;
/* scratchpad is only generated for CTR and Hash */
- if (drbg->core->flags & GCRY_DRBG_HMAC)
+ if (drbg->core->flags & DRBG_HMAC)
sb_size = 0;
- else if (drbg->core->flags & GCRY_DRBG_CTR_MASK)
- sb_size = gcry_drbg_statelen (drbg) + gcry_drbg_blocklen (drbg) + /* temp */
- gcry_drbg_statelen (drbg) + /* df_data */
- gcry_drbg_blocklen (drbg) + /* pad */
- gcry_drbg_blocklen (drbg) + /* iv */
- gcry_drbg_statelen (drbg) + gcry_drbg_blocklen (drbg); /* temp */
+ else if (drbg->core->flags & DRBG_CTR_MASK)
+ sb_size = drbg_statelen (drbg) + drbg_blocklen (drbg) + /* temp */
+ drbg_statelen (drbg) + /* df_data */
+ drbg_blocklen (drbg) + /* pad */
+ drbg_blocklen (drbg) + /* iv */
+ drbg_statelen (drbg) + drbg_blocklen (drbg); /* temp */
else
- sb_size = gcry_drbg_statelen (drbg) + gcry_drbg_blocklen (drbg);
+ sb_size = drbg_statelen (drbg) + drbg_blocklen (drbg);
if (0 < sb_size)
{
@@ -1673,7 +1695,7 @@ gcry_drbg_instantiate (struct gcry_drbg_state *drbg,
dbg (("DRBG: state allocated with scratchpad size %u bytes\n", sb_size));
/* 9.1 step 6 through 11 */
- ret = gcry_drbg_seed (drbg, pers, 0);
+ ret = drbg_seed (drbg, pers, 0);
if (ret)
goto err;
@@ -1681,8 +1703,8 @@ gcry_drbg_instantiate (struct gcry_drbg_state *drbg,
coreref, pr ? "with" : "without"));
return 0;
-err:
- gcry_drbg_uninstantiate (drbg);
+ err:
+ drbg_uninstantiate (drbg);
return ret;
}
@@ -1700,51 +1722,41 @@ err:
* error value otherwise
*/
static gpg_err_code_t
-gcry_drbg_reseed (struct gcry_drbg_state *drbg,
- struct gcry_drbg_string *addtl)
+drbg_reseed (drbg_state_t drbg,drbg_string_t *addtl)
{
gpg_err_code_t ret = 0;
- ret = gcry_drbg_seed (drbg, addtl, 1);
+ ret = drbg_seed (drbg, addtl, 1);
return ret;
}
+
+
/******************************************************************
- ******************************************************************
- ******************************************************************
- * libgcrypt integration code
- ******************************************************************
- ******************************************************************
+ * Libgcrypt integration code.
******************************************************************/
-/***************************************************************
- * libgcrypt backend functions to the RNG API code
- ***************************************************************/
-
-/* Global state variable holding the current instance of the DRBG -- the
- * default DRBG type is defined in _gcry_rngdrbg_inititialize. */
-static struct gcry_drbg_state *gcry_drbg = NULL;
-
-/* This is the lock we use to serialize access to this RNG. */
-GPGRT_LOCK_DEFINE(drbg_lock);
+/***************************************************
+ * Libgcrypt backend functions to the RNG API code.
+ ***************************************************/
static inline void
-gcry_drbg_lock (void)
+drbg_lock (void)
{
- gpg_err_code_t my_errno;
+ gpg_err_code_t ec;
- my_errno = gpgrt_lock_lock (&drbg_lock);
- if (my_errno)
- log_fatal ("failed to acquire the RNG lock: %s\n", strerror (my_errno));
+ ec = gpgrt_lock_lock (&drbg_lock_var);
+ if (ec)
+ log_fatal ("failed to acquire the RNG lock: %s\n", gpg_strerror (ec));
}
static inline void
-gcry_drbg_unlock (void)
+drbg_unlock (void)
{
- gpg_err_code_t my_errno;
+ gpg_err_code_t ec;
- my_errno = gpgrt_lock_unlock (&drbg_lock);
- if (my_errno)
- log_fatal ("failed to release the RNG lock: %s\n", strerror (my_errno));
+ ec = gpgrt_lock_unlock (&drbg_lock_var);
+ if (ec)
+ log_fatal ("failed to release the RNG lock: %s\n", gpg_strerror (ec));
}
/* Basic initialization is required to initialize mutexes and
@@ -1769,13 +1781,13 @@ basic_initialization (void)
/* Check whether given flags are known to point to an applicable DRBG */
static gpg_err_code_t
-gcry_drbg_algo_available (u32 flags, int *coreref)
+drbg_algo_available (u32 flags, int *coreref)
{
int i = 0;
- for (i = 0; ARRAY_SIZE (gcry_drbg_cores) > i; i++)
+ for (i = 0; ARRAY_SIZE (drbg_cores) > i; i++)
{
- if ((gcry_drbg_cores[i].flags & GCRY_DRBG_CIPHER_MASK) ==
- (flags & GCRY_DRBG_CIPHER_MASK))
+ if ((drbg_cores[i].flags & DRBG_CIPHER_MASK) ==
+ (flags & DRBG_CIPHER_MASK))
{
*coreref = i;
return 0;
@@ -1785,7 +1797,7 @@ gcry_drbg_algo_available (u32 flags, int *coreref)
}
static gpg_err_code_t
-_gcry_drbg_init_internal (u32 flags, struct gcry_drbg_string *pers)
+_drbg_init_internal (u32 flags, drbg_string_t *pers)
{
gpg_err_code_t ret = 0;
static u32 oldflags = 0;
@@ -1796,32 +1808,32 @@ _gcry_drbg_init_internal (u32 flags, struct gcry_drbg_string *pers)
* initialization, otherwise use the current flags and remember them
* for the next invocation
*/
- if (0 == flags)
+ if (!flags)
flags = oldflags;
else
oldflags = flags;
- ret = gcry_drbg_algo_available (flags, &coreref);
+ ret = drbg_algo_available (flags, &coreref);
if (ret)
return ret;
- if (NULL != gcry_drbg)
+ if (drbg_state)
{
- gcry_drbg_uninstantiate (gcry_drbg);
+ drbg_uninstantiate (drbg_state);
}
else
{
- gcry_drbg = xcalloc_secure (1, sizeof (struct gcry_drbg_state));
- if (!gcry_drbg)
- return GPG_ERR_ENOMEM;
+ drbg_state = xtrycalloc_secure (1, sizeof *drbg_state);
+ if (!drbg_state)
+ return gpg_err_code_from_syserror ();
}
- if (flags & GCRY_DRBG_PREDICTION_RESIST)
+ if (flags & DRBG_PREDICTION_RESIST)
pr = 1;
- ret = gcry_drbg_instantiate (gcry_drbg, pers, coreref, pr);
+ ret = drbg_instantiate (drbg_state, pers, coreref, pr);
if (ret)
fips_signal_error ("DRBG cannot be initialized");
else
- gcry_drbg->seed_init_pid = getpid ();
+ drbg_state->seed_init_pid = getpid ();
return ret;
}
@@ -1834,14 +1846,14 @@ void
_gcry_rngdrbg_inititialize (int full)
{
/* default DRBG */
- u32 flags = GCRY_DRBG_NOPR_HMACSHA256;
+ u32 flags = DRBG_NOPR_HMACSHA256;
basic_initialization ();
if (!full)
return;
- gcry_drbg_lock ();
- if (NULL == gcry_drbg)
- _gcry_drbg_init_internal (flags, NULL);
- gcry_drbg_unlock ();
+ drbg_lock ();
+ if (!drbg_state)
+ _drbg_init_internal (flags, NULL);
+ drbg_unlock ();
}
/*
@@ -1876,19 +1888,19 @@ _gcry_rngdrbg_reinit (const char *flagstr, gcry_buffer_t *pers, int npers)
if (!ret)
{
dbg (("DRBG: reinitialize internal DRBG state with flags %u\n", flags));
- gcry_drbg_lock ();
+ drbg_lock ();
if (pers)
{
- struct gcry_drbg_string persbuf;
+ drbg_string_t persbuf;
- gcry_drbg_string_fill
+ drbg_string_fill
(&persbuf, (const unsigned char *)pers[0].data + pers[0].off,
pers[0].len);
- ret = _gcry_drbg_init_internal (flags, &persbuf);
+ ret = _drbg_init_internal (flags, &persbuf);
}
else
- ret = _gcry_drbg_init_internal (flags, NULL);
- gcry_drbg_unlock ();
+ ret = _drbg_init_internal (flags, NULL);
+ drbg_unlock ();
}
return ret;
}
@@ -1899,9 +1911,9 @@ void
_gcry_rngdrbg_close_fds (void)
{
#if USE_RNDLINUX
- gcry_drbg_lock ();
+ drbg_lock ();
_gcry_rndlinux_gather_random (NULL, 0, 0, 0);
- gcry_drbg_unlock ();
+ drbg_unlock ();
#endif
}
@@ -1928,15 +1940,15 @@ gcry_error_t
_gcry_rngdrbg_add_bytes (const void *buf, size_t buflen, int quality)
{
gpg_err_code_t ret = 0;
- struct gcry_drbg_string seed;
+ drbg_string_t seed;
(void) quality;
_gcry_rngdrbg_inititialize (1); /* Auto-initialize if needed */
- if (NULL == gcry_drbg)
+ if (!drbg_state)
return GPG_ERR_GENERAL;
- gcry_drbg_string_fill (&seed, (unsigned char *) buf, buflen);
- gcry_drbg_lock ();
- ret = gcry_drbg_reseed (gcry_drbg, &seed);
- gcry_drbg_unlock ();
+ drbg_string_fill (&seed, (unsigned char *) buf, buflen);
+ drbg_lock ();
+ ret = drbg_reseed (drbg_state, &seed);
+ drbg_unlock ();
return ret;
}
@@ -1949,8 +1961,8 @@ _gcry_rngdrbg_randomize (void *buffer, size_t length,
{
(void) level;
_gcry_rngdrbg_inititialize (1); /* Auto-initialize if needed */
- gcry_drbg_lock ();
- if (NULL == gcry_drbg)
+ drbg_lock ();
+ if (!drbg_state)
{
fips_signal_error ("DRBG is not initialized");
goto bailout;
@@ -1958,41 +1970,41 @@ _gcry_rngdrbg_randomize (void *buffer, size_t length,
/* As reseeding changes the entire state of the DRBG, including any
* key, either a re-init or a reseed is sufficient for a fork */
- if (gcry_drbg->seed_init_pid != getpid ())
+ if (drbg_state->seed_init_pid != getpid ())
{
/* We are in a child of us. Perform a reseeding. */
- if (gcry_drbg_reseed (gcry_drbg, NULL))
+ if (drbg_reseed (drbg_state, NULL))
{
fips_signal_error ("reseeding upon fork failed");
log_fatal ("severe error getting random\n");
goto bailout;
}
}
- /* potential integer overflow is covered by gcry_drbg_generate which
+ /* potential integer overflow is covered by drbg_generate which
* ensures that length cannot overflow an unsigned int */
if (0 < length)
{
if (!buffer)
goto bailout;
- if (gcry_drbg_generate_long
- (gcry_drbg, buffer, (unsigned int) length, NULL))
+ if (drbg_generate_long (drbg_state, buffer, (unsigned int) length, NULL))
log_fatal ("No random numbers generated\n");
}
else
{
- struct gcry_drbg_gen *data = (struct gcry_drbg_gen *) buffer;
+ drbg_gen_t *data = (drbg_gen_t *)buffer;
/* catch NULL pointer */
if (!data || !data->outbuf)
{
fips_signal_error ("No output buffer provided");
goto bailout;
}
- if (gcry_drbg_generate_long (gcry_drbg, data->outbuf, data->outlen,
- data->addtl))
+ if (drbg_generate_long (drbg_state, data->outbuf, data->outlen,
+ data->addtl))
log_fatal ("No random numbers generated\n");
}
-bailout:
- gcry_drbg_unlock ();
+
+ bailout:
+ drbg_unlock ();
return;
}
@@ -2005,9 +2017,9 @@ bailout:
* Test vectors from
* http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
*/
-struct gcry_drbg_test_vector gcry_drbg_test_pr[] = {
+struct gcry_drbg_test_vector drbg_test_pr[] = {
{
- .flags = (GCRY_DRBG_PR_HASHSHA256),
+ .flags = (DRBG_PR_HASHSHA256),
.entropy = (unsigned char *)
"\x5d\xf2\x14\xbc\xf6\xb5\x4e\x0b\xf0\x0d\x6f\x2d"
"\xe2\x01\x66\x7b\xd0\xa4\x73\xa4\x21\xdd\xb0\xc0"
@@ -2049,7 +2061,7 @@ struct gcry_drbg_test_vector gcry_drbg_test_pr[] = {
.perslen = 0,
},
{
- .flags = (GCRY_DRBG_PR_HMACSHA256),
+ .flags = (DRBG_PR_HMACSHA256),
.entropy = (unsigned char *)
"\x13\x54\x96\xfc\x1b\x7d\x28\xf3\x18\xc9\xa7\x89"
"\xb6\xb3\xc8\x72\xac\x00\xd4\x59\x36\x25\x05\xaf"
@@ -2088,7 +2100,7 @@ struct gcry_drbg_test_vector gcry_drbg_test_pr[] = {
.perslen = 32,
},
{
- .flags = (GCRY_DRBG_PR_CTRAES128),
+ .flags = (DRBG_PR_CTRAES128),
.entropy = (unsigned char *)
"\x92\x89\x8f\x31\xfa\x1c\xff\x6d\x18\x2f\x26\x06"
"\x43\xdf\xf8\x18\xc2\xa4\xd9\x72\xc3\xb9\xb6\x97",
@@ -2122,9 +2134,9 @@ struct gcry_drbg_test_vector gcry_drbg_test_pr[] = {
},
};
-struct gcry_drbg_test_vector gcry_drbg_test_nopr[] = {
+struct gcry_drbg_test_vector drbg_test_nopr[] = {
{
- .flags = GCRY_DRBG_NOPR_HASHSHA256,
+ .flags = DRBG_NOPR_HASHSHA256,
.entropy = (unsigned char *)
"\x73\xd3\xfb\xa3\x94\x5f\x2b\x5f\xb9\x8f\xf6\x9c"
"\x8a\x93\x17\xae\x19\xc3\x4c\xc3\xd6\xca\xa3\x2d"
@@ -2157,7 +2169,7 @@ struct gcry_drbg_test_vector gcry_drbg_test_nopr[] = {
.perslen = 0,
},
{
- .flags = GCRY_DRBG_NOPR_HMACSHA256,
+ .flags = DRBG_NOPR_HMACSHA256,
.entropy = (unsigned char *)
"\x8d\xf0\x13\xb4\xd1\x03\x52\x30\x73\x91\x7d\xdf"
"\x6a\x86\x97\x93\x05\x9e\x99\x43\xfc\x86\x54\x54"
@@ -2187,7 +2199,7 @@ struct gcry_drbg_test_vector gcry_drbg_test_nopr[] = {
.perslen = 32,
},
{
- .flags = GCRY_DRBG_NOPR_CTRAES128,
+ .flags = DRBG_NOPR_CTRAES128,
.entropy = (unsigned char *)
"\xc0\x70\x1f\x92\x50\x75\x8f\xcd\xf2\xbe\x73\x98"
"\x80\xdb\x66\xeb\x14\x68\xb4\xa5\x87\x9c\x2d\xa6",
@@ -2213,7 +2225,7 @@ struct gcry_drbg_test_vector gcry_drbg_test_nopr[] = {
.perslen = 16,
},
{
- .flags = GCRY_DRBG_NOPR_HASHSHA1,
+ .flags = DRBG_NOPR_HASHSHA1,
.entropy = (unsigned char *)
"\x16\x10\xb8\x28\xcc\xd2\x7d\xe0\x8c\xee\xa0\x32"
"\xa2\x0e\x92\x08\x49\x2c\xf1\x70\x92\x42\xf6\xb5",
@@ -2240,7 +2252,7 @@ struct gcry_drbg_test_vector gcry_drbg_test_nopr[] = {
.addtl_reseed_len = 0,
},
{
- .flags = GCRY_DRBG_NOPR_HASHSHA1,
+ .flags = DRBG_NOPR_HASHSHA1,
.entropy = (unsigned char *)
"\xd9\xba\xb5\xce\xdc\xa9\x6f\x61\x78\xd6\x45\x09"
"\xa0\xdf\xdc\x5e\xda\xd8\x98\x94\x14\x45\x0e\x01",
@@ -2290,62 +2302,62 @@ gpg_err_code_t
gcry_rngdrbg_cavs_test (struct gcry_drbg_test_vector *test, unsigned char *buf)
{
gpg_err_code_t ret = 0;
- struct gcry_drbg_state *drbg = NULL;
- struct gcry_drbg_test_data test_data;
- struct gcry_drbg_string addtl, pers, testentropy;
+ drbg_state_t drbg = NULL;
+ struct drbg_test_data_s test_data;
+ drbg_string_t addtl, pers, testentropy;
int coreref = 0;
int pr = 0;
- ret = gcry_drbg_algo_available (test->flags, &coreref);
+ ret = drbg_algo_available (test->flags, &coreref);
if (ret)
goto outbuf;
- drbg = xcalloc_secure (1, sizeof (struct gcry_drbg_state));
+ drbg = xtrycalloc_secure (1, sizeof *drbg);
if (!drbg)
{
- ret = GPG_ERR_ENOMEM;
+ ret = gpg_err_code_from_syserror ();
goto outbuf;
}
- if (test->flags & GCRY_DRBG_PREDICTION_RESIST)
+ if (test->flags & DRBG_PREDICTION_RESIST)
pr = 1;
test_data.testentropy = &testentropy;
- gcry_drbg_string_fill (&testentropy, test->entropy, test->entropylen);
+ drbg_string_fill (&testentropy, test->entropy, test->entropylen);
drbg->test_data = &test_data;
- gcry_drbg_string_fill (&pers, test->pers, test->perslen);
- ret = gcry_drbg_instantiate (drbg, &pers, coreref, pr);
+ drbg_string_fill (&pers, test->pers, test->perslen);
+ ret = drbg_instantiate (drbg, &pers, coreref, pr);
if (ret)
goto outbuf;
if (test->entropyreseed)
{
- gcry_drbg_string_fill (&testentropy, test->entropyreseed,
+ drbg_string_fill (&testentropy, test->entropyreseed,
test->entropyreseed_len);
- gcry_drbg_string_fill (&addtl, test->addtl_reseed,
+ drbg_string_fill (&addtl, test->addtl_reseed,
test->addtl_reseed_len);
- if (gcry_drbg_reseed (drbg, &addtl))
+ if (drbg_reseed (drbg, &addtl))
goto outbuf;
}
- gcry_drbg_string_fill (&addtl, test->addtla, test->addtllen);
+ drbg_string_fill (&addtl, test->addtla, test->addtllen);
if (test->entpra)
{
- gcry_drbg_string_fill (&testentropy, test->entpra, test->entprlen);
+ drbg_string_fill (&testentropy, test->entpra, test->entprlen);
drbg->test_data = &test_data;
}
- gcry_drbg_generate_long (drbg, buf, test->expectedlen, &addtl);
+ drbg_generate_long (drbg, buf, test->expectedlen, &addtl);
- gcry_drbg_string_fill (&addtl, test->addtlb, test->addtllen);
+ drbg_string_fill (&addtl, test->addtlb, test->addtllen);
if (test->entprb)
{
- gcry_drbg_string_fill (&testentropy, test->entprb, test->entprlen);
+ drbg_string_fill (&testentropy, test->entprb, test->entprlen);
drbg->test_data = &test_data;
}
- gcry_drbg_generate_long (drbg, buf, test->expectedlen, &addtl);
- gcry_drbg_uninstantiate (drbg);
+ drbg_generate_long (drbg, buf, test->expectedlen, &addtl);
+ drbg_uninstantiate (drbg);
-outbuf:
+ outbuf:
xfree (drbg);
return ret;
}
@@ -2377,17 +2389,17 @@ gcry_rngdrbg_healthcheck_one (struct gcry_drbg_test_vector * test)
* of the error handling.
*
* Note, testing the reseed counter is not done as an automatic reseeding
- * is performed in gcry_drbg_generate when the reseed counter is too large.
+ * is performed in drbg_generate when the reseed counter is too large.
*/
static gpg_err_code_t
-gcry_drbg_healthcheck_sanity (struct gcry_drbg_test_vector *test)
+drbg_healthcheck_sanity (struct gcry_drbg_test_vector *test)
{
unsigned int len = 0;
- struct gcry_drbg_state *drbg = NULL;
+ drbg_state_t drbg = NULL;
gpg_err_code_t ret = GPG_ERR_GENERAL;
gpg_err_code_t tmpret = GPG_ERR_GENERAL;
- struct gcry_drbg_test_data test_data;
- struct gcry_drbg_string addtl, testentropy;
+ struct drbg_test_data_s test_data;
+ drbg_string_t addtl, testentropy;
int coreref = 0;
unsigned char *buf = NULL;
size_t max_addtllen, max_request_bytes;
@@ -2399,54 +2411,57 @@ gcry_drbg_healthcheck_sanity (struct gcry_drbg_test_vector *test)
buf = xcalloc_secure (1, test->expectedlen);
if (!buf)
return GPG_ERR_ENOMEM;
- tmpret = gcry_drbg_algo_available (test->flags, &coreref);
+ tmpret = drbg_algo_available (test->flags, &coreref);
if (tmpret)
goto outbuf;
- drbg = xcalloc_secure (1, sizeof (struct gcry_drbg_state));
+ drbg = xtrycalloc_secure (1, sizeof *drbg);
if (!drbg)
- goto outbuf;
+ {
+ ret = gpg_err_code_from_syserror ();
+ goto outbuf;
+ }
/* if the following tests fail, it is likely that there is a buffer
* overflow and we get a SIGSEV */
- ret = gcry_drbg_instantiate (drbg, NULL, coreref, 1);
+ ret = drbg_instantiate (drbg, NULL, coreref, 1);
if (ret)
goto outbuf;
- max_addtllen = gcry_drbg_max_addtl ();
- max_request_bytes = gcry_drbg_max_request_bytes ();
+ max_addtllen = drbg_max_addtl ();
+ max_request_bytes = drbg_max_request_bytes ();
/* overflow addtllen with additonal info string */
- gcry_drbg_string_fill (&addtl, test->addtla, (max_addtllen + 1));
- len = gcry_drbg_generate (drbg, buf, test->expectedlen, &addtl);
+ drbg_string_fill (&addtl, test->addtla, (max_addtllen + 1));
+ len = drbg_generate (drbg, buf, test->expectedlen, &addtl);
if (len)
goto outdrbg;
/* overflow max_bits */
- len = gcry_drbg_generate (drbg, buf, (max_request_bytes + 1), NULL);
+ len = drbg_generate (drbg, buf, (max_request_bytes + 1), NULL);
if (len)
goto outdrbg;
- gcry_drbg_uninstantiate (drbg);
+ drbg_uninstantiate (drbg);
/* test failing entropy source as defined in 11.3.2 */
test_data.testentropy = NULL;
test_data.fail_seed_source = 1;
drbg->test_data = &test_data;
- tmpret = gcry_drbg_instantiate (drbg, NULL, coreref, 0);
+ tmpret = drbg_instantiate (drbg, NULL, coreref, 0);
if (!tmpret)
goto outdrbg;
test_data.fail_seed_source = 0;
test_data.testentropy = &testentropy;
- gcry_drbg_string_fill (&testentropy, test->entropy, test->entropylen);
+ drbg_string_fill (&testentropy, test->entropy, test->entropylen);
/* overflow max addtllen with personalization string */
- tmpret = gcry_drbg_instantiate (drbg, &addtl, coreref, 0);
+ tmpret = drbg_instantiate (drbg, &addtl, coreref, 0);
if (!tmpret)
goto outdrbg;
dbg (("DRBG: Sanity tests for failure code paths successfully completed\n"));
ret = 0;
-outdrbg:
- gcry_drbg_uninstantiate (drbg);
-outbuf:
+ outdrbg:
+ drbg_uninstantiate (drbg);
+ outbuf:
xfree (buf);
xfree (drbg);
return ret;
@@ -2460,18 +2475,18 @@ outbuf:
* >0 on error (return code indicate the number of failures)
*/
static int
-gcry_drbg_healthcheck (void)
+drbg_healthcheck (void)
{
int ret = 0;
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_nopr[0]);
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_nopr[1]);
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_nopr[2]);
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_nopr[3]);
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_nopr[4]);
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_pr[0]);
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_pr[1]);
- ret += gcry_rngdrbg_healthcheck_one (&gcry_drbg_test_pr[2]);
- ret += gcry_drbg_healthcheck_sanity (&gcry_drbg_test_nopr[0]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_nopr[0]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_nopr[1]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_nopr[2]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_nopr[3]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_nopr[4]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_pr[0]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_pr[1]);
+ ret += gcry_rngdrbg_healthcheck_one (&drbg_test_pr[2]);
+ ret += drbg_healthcheck_sanity (&drbg_test_nopr[0]);
return ret;
}
@@ -2481,10 +2496,10 @@ _gcry_rngdrbg_selftest (selftest_report_func_t report)
{
gcry_err_code_t ec;
const char *errtxt = NULL;
- gcry_drbg_lock ();
- if (0 != gcry_drbg_healthcheck ())
+ drbg_lock ();
+ if (0 != drbg_healthcheck ())
errtxt = "RNG output does not match known value";
- gcry_drbg_unlock ();
+ drbg_unlock ();
if (report && errtxt)
report ("random", 0, "KAT", errtxt);
ec = errtxt ? GPG_ERR_SELFTEST_FAILED : 0;
@@ -2496,8 +2511,8 @@ _gcry_rngdrbg_selftest (selftest_report_func_t report)
***************************************************************/
static gpg_err_code_t
-gcry_drbg_hmac (struct gcry_drbg_state *drbg, const unsigned char *key,
- unsigned char *outval, const struct gcry_drbg_string *buf)
+drbg_hmac (drbg_state_t drbg, const unsigned char *key,
+ unsigned char *outval, const drbg_string_t *buf)
{
gpg_error_t err;
gcry_md_hd_t hd;
@@ -2508,7 +2523,7 @@ gcry_drbg_hmac (struct gcry_drbg_state *drbg, const unsigned char *key,
_gcry_md_open (&hd, drbg->core->backend_cipher, GCRY_MD_FLAG_HMAC);
if (err)
return err;
- err = _gcry_md_setkey (hd, key, gcry_drbg_statelen (drbg));
+ err = _gcry_md_setkey (hd, key, drbg_statelen (drbg));
if (err)
return err;
}
@@ -2522,33 +2537,32 @@ gcry_drbg_hmac (struct gcry_drbg_state *drbg, const unsigned char *key,
_gcry_md_write (hd, buf->buf, buf->len);
_gcry_md_final (hd);
memcpy (outval, _gcry_md_read (hd, drbg->core->backend_cipher),
- gcry_drbg_blocklen (drbg));
+ drbg_blocklen (drbg));
_gcry_md_close (hd);
return 0;
}
static gpg_err_code_t
-gcry_drbg_sym (struct gcry_drbg_state *drbg, const unsigned char *key,
- unsigned char *outval, const struct gcry_drbg_string *buf)
+drbg_sym (drbg_state_t drbg, const unsigned char *key,
+ unsigned char *outval, const drbg_string_t *buf)
{
gpg_error_t err;
gcry_cipher_hd_t hd;
- err =
- _gcry_cipher_open (&hd, drbg->core->backend_cipher, GCRY_CIPHER_MODE_ECB,
- 0);
+ err = _gcry_cipher_open (&hd, drbg->core->backend_cipher,
+ GCRY_CIPHER_MODE_ECB, 0);
if (err)
return err;
- if (gcry_drbg_blocklen (drbg) !=
+ if (drbg_blocklen (drbg) !=
_gcry_cipher_get_algo_blklen (drbg->core->backend_cipher))
return -GPG_ERR_NO_ERROR;
- if (gcry_drbg_blocklen (drbg) < buf->len)
+ if (drbg_blocklen (drbg) < buf->len)
return -GPG_ERR_NO_ERROR;
- err = _gcry_cipher_setkey (hd, key, gcry_drbg_keylen (drbg));
+ err = _gcry_cipher_setkey (hd, key, drbg_keylen (drbg));
if (err)
return err;
/* in is only component */
- _gcry_cipher_encrypt (hd, outval, gcry_drbg_blocklen (drbg), buf->buf,
+ _gcry_cipher_encrypt (hd, outval, drbg_blocklen (drbg), buf->buf,
buf->len);
_gcry_cipher_close (hd);
return 0;
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-25 04:48:28 +0000