random: Add SP800-90A DRBG

* random/drbg.c: New. * random/random.c (_gcry_random_initialize): Replace rngfips init by drbg init. (__gcry_random_close_fds): Likewise. (_gcry_random_dump_stats): Likewise. (_gcry_random_is_faked): Likewise. (do_randomize): Likewise. (_gcry_random_selftest): Likewise. (_gcry_create_nonce): Replace rngfips_create_noce by drbg_randomize. (_gcry_random_init_external_test): Remove. (_gcry_random_run_external_test): Remove. (_gcry_random_deinit_external_test): Remove. * random/random.h (struct gcry_drbg_test_vector): New. * src/gcrypt.h.in (struct gcry_drbg_gen): New. (struct gcry_drbg_string): New. (gcry_drbg_string_fill): New. (gcry_randomize_drbg): New. (GCRY_DRBG_): Lots of new macros. * src/global.c (_gcry_vcontrol) <Init external random test>: Turn into a nop. (_gcry_vcontrol) <Deinit external random test>: Ditto. (_gcry_vcontrol) <Run external random test>: Change. (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: New. -- This patch set adds the SP800-90A DRBG for AES128, AES192, AES256 with derivation function, SHA-1 through SHA-512 with derivation function, HMAC SHA-1 through HMAC SHA-512. All DRBGs are provided with and without prediction resistance. In addition, all DRBGs allow reseeding by the caller. The default DRBG is HMAC SHA-256 without prediction resistance. The caller may re-initialize the DRBG with the control GCRYCTL_DRBG_REINIT: The patch replaces the invocation of the existing ANSI X9.31 DRNG. This covers the control calls of 58 through 60. Control call 58 and 60 are simply deactivated. Control 59 is replaced with the DRBG CAVS test interface. Signed-off-by: Stephan Mueller <smueller@chronox.de> ChangeLog entries added by -wk
author: Stephan Mueller <smueller@chronox.de> 2016-02-16 22:04:28 +0100
committer: Werner Koch <wk@gnupg.org> 2016-02-18 15:21:59 +0100
commit: ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7 (patch)
tree: e31597afaf4b900f518f418656238eac4fc27e34 /src/global.c
parent: 1da793d089b65ac8c1ead65dacb6b8699f5b6e69 (diff)
download: libgcrypt-ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7.tar.gz
1 files changed, 19 insertions, 26 deletions
diff --git a/src/global.c b/src/global.c
index 889de4c4..e14d8c44 100644
--- a/src/global.c
+++ b/src/global.c
@@ -576,38 +576,22 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
 # pragma GCC diagnostic ignored "-Wswitch"
 #endif
     case 58:  /* Init external random test.  */
-      {
-        void **rctx        = va_arg (arg_ptr, void **);
-        unsigned int flags = va_arg (arg_ptr, unsigned int);
-        const void *key    = va_arg (arg_ptr, const void *);
-        size_t keylen      = va_arg (arg_ptr, size_t);
-        const void *seed   = va_arg (arg_ptr, const void *);
-        size_t seedlen     = va_arg (arg_ptr, size_t);
-        const void *dt     = va_arg (arg_ptr, const void *);
-        size_t dtlen       = va_arg (arg_ptr, size_t);
-        if (!fips_is_operational ())
-          rc = fips_not_operational ();
-        else
-          rc = _gcry_random_init_external_test (rctx, flags, key, keylen,
-                                                seed, seedlen, dt, dtlen);
-      }
+      rc = GPG_ERR_NOT_SUPPORTED;
       break;
-    case 59:  /* Run external random test.  */
+    case 59:  /* Run external DRBG test.  */
       {
-        void *ctx     = va_arg (arg_ptr, void *);
-        void *buffer  = va_arg (arg_ptr, void *);
-        size_t buflen = va_arg (arg_ptr, size_t);
-        if (!fips_is_operational ())
-          rc = fips_not_operational ();
+        struct gcry_drbg_test_vector *test =
+	  va_arg (arg_ptr, struct gcry_drbg_test_vector *);
+        unsigned char *buf = va_arg (arg_ptr, unsigned char *);
+
+        if (buf)
+          rc = gcry_drbg_cavs_test (test, buf);
         else
-          rc = _gcry_random_run_external_test (ctx, buffer, buflen);
+          rc = gcry_drbg_healthcheck_one (test);
       }
       break;
     case 60:  /* Deinit external random test.  */
-      {
-        void *ctx = va_arg (arg_ptr, void *);
-        _gcry_random_deinit_external_test (ctx);
-      }
+      rc = GPG_ERR_NOT_SUPPORTED;
       break;
     case 61:  /* Run external lock test */
       rc = external_lock_test (va_arg (arg_ptr, int));
@@ -671,6 +655,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       rc = GPG_ERR_NOT_IMPLEMENTED;
       break;
 
+    case GCRYCTL_DRBG_REINIT:
+      {
+        u32 flags = va_arg (arg_ptr, u32);
+        struct gcry_drbg_string *pers = va_arg (arg_ptr,
+						struct gcry_drbg_string *);
+        rc = _gcry_drbg_reinit(flags, pers);
+      }
+      break;
+
     default:
       _gcry_set_preferred_rng_type (0);
       rc = GPG_ERR_INV_OP;
author	Stephan Mueller <smueller@chronox.de>	2016-02-16 22:04:28 +0100
committer	Werner Koch <wk@gnupg.org>	2016-02-18 15:21:59 +0100
commit	ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7 (patch)
tree	e31597afaf4b900f518f418656238eac4fc27e34 /src/global.c
parent	1da793d089b65ac8c1ead65dacb6b8699f5b6e69 (diff)
download	libgcrypt-ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7.tar.gz