32 #if !defined(POLARSSL_CONFIG_FILE)
35 #include POLARSSL_CONFIG_FILE
38 #if defined(POLARSSL_HMAC_DRBG_C)
42 #if defined(POLARSSL_FS_IO)
46 #if defined(POLARSSL_PLATFORM_C)
49 #define polarssl_printf printf
53 static void polarssl_zeroize(
void *v,
size_t n ) {
54 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
61 const unsigned char *additional,
size_t add_len )
64 unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
68 for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
90 const unsigned char *data,
size_t data_len )
107 memset( ctx->
V, 0x01, md_info->
size );
118 const unsigned char *additional,
size_t len )
139 if( additional != NULL && len != 0 )
141 memcpy( seed + seedlen, additional, len );
160 int (*f_entropy)(
void *,
unsigned char *,
size_t),
162 const unsigned char *custom,
181 memset( ctx->
V, 0x01, md_info->
size );
195 entropy_len = md_info->
size <= 20 ? 16 :
196 md_info->
size <= 28 ? 24 :
243 unsigned char *output,
size_t out_len,
244 const unsigned char *additional,
size_t add_len )
249 size_t left = out_len;
250 unsigned char *out = output;
272 if( additional != NULL && add_len != 0 )
278 size_t use_len = left > md_len ? md_len : left;
284 memcpy( out, ctx->
V, use_len );
320 #if defined(POLARSSL_FS_IO)
327 if( ( f = fopen( path,
"wb" ) ) == NULL )
333 if( fwrite( buf, 1,
sizeof( buf ), f ) !=
sizeof( buf ) )
352 if( ( f = fopen( path,
"rb" ) ) == NULL )
355 fseek( f, 0, SEEK_END );
356 n = (size_t) ftell( f );
357 fseek( f, 0, SEEK_SET );
365 if( fread( buf, 1, n, f ) != n )
375 return( hmac_drbg_write_seed_file( ctx, path ) );
380 #if defined(POLARSSL_SELF_TEST)
384 #if !defined(POLARSSL_SHA1_C)
386 int hmac_drbg_self_test(
int verbose )
396 #define OUTPUT_LEN 80
399 static unsigned char entropy_pr[] = {
400 0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
401 0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
402 0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
403 0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
404 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
405 static const unsigned char result_pr[OUTPUT_LEN] = {
406 0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
407 0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
408 0x10, 0x10, 0x98, 0x12, 0x93, 0x25, 0xca, 0xb8, 0xfc, 0xcc, 0x2d, 0x54,
409 0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
410 0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
411 0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
412 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
415 static unsigned char entropy_nopr[] = {
416 0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
417 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
418 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
419 0xe9, 0x9d, 0xfe, 0xdf };
420 static const unsigned char result_nopr[OUTPUT_LEN] = {
421 0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
422 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
423 0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a,
424 0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
425 0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
426 0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
427 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
430 static size_t test_offset;
431 static int hmac_drbg_self_test_entropy(
void *data,
432 unsigned char *buf,
size_t len )
434 const unsigned char *p = data;
435 memcpy( buf, p + test_offset, len );
440 #define CHK( c ) if( (c) != 0 ) \
443 polarssl_printf( "failed\n" ); \
450 int hmac_drbg_self_test(
int verbose )
453 unsigned char buf[OUTPUT_LEN];
464 hmac_drbg_self_test_entropy, entropy_pr,
469 CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
483 hmac_drbg_self_test_entropy, entropy_nopr,
488 CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
unsigned char V[POLARSSL_MD_MAX_SIZE]
#define POLARSSL_HMAC_DRBG_MAX_INPUT
Maximum number of additional input bytes.
#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL
Interval before reseed is performed by default.
void hmac_drbg_set_entropy_len(hmac_drbg_context *ctx, size_t len)
Set the amount of entropy grabbed on each reseed (Default: given by the security strength, which depends on the hash used, see hmac_drbg_init() )
int(* f_entropy)(void *, unsigned char *, size_t)
int hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len)
HMAC_DRBG generate random.
void hmac_drbg_set_reseed_interval(hmac_drbg_context *ctx, int interval)
Set the reseed interval (Default: POLARSSL_HMAC_DRBG_RESEED_INTERVAL)
void md_init(md_context_t *ctx)
Initialize a md_context (as NONE)
#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
The entropy source failed.
#define POLARSSL_HMAC_DRBG_MAX_REQUEST
Maximum number of requested bytes per call.
int md_init_ctx(md_context_t *ctx, const md_info_t *md_info)
Initialises and fills the message digest context structure with the appropriate values.
Configuration options (set of defines)
static unsigned char md_get_size(const md_info_t *md_info)
Returns the size of the message digest output.
#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG
Input too large (Entropy + additional).
#define POLARSSL_HMAC_DRBG_PR_ON
Prediction resistance enabled.
const md_info_t * md_info
Information about the associated message digest.
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT
Maximum size of (re)seed buffer.
#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR
Read/write error in file.
int hmac_drbg_reseed(hmac_drbg_context *ctx, const unsigned char *additional, size_t len)
HMAC_DRBG reseeding (extracts data from entropy source)
void hmac_drbg_free(hmac_drbg_context *ctx)
Free an HMAC_DRBG context.
int md_hmac_starts(md_context_t *ctx, const unsigned char *key, size_t keylen)
Generic HMAC context setup.
void hmac_drbg_set_prediction_resistance(hmac_drbg_context *ctx, int resistance)
Enable / disable prediction resistance (Default: Off)
int md_hmac_reset(md_context_t *ctx)
Generic HMAC context reset.
#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG
Too many random requested in single call.
int hmac_drbg_init(hmac_drbg_context *ctx, const md_info_t *md_info, int(*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len)
HMAC_DRBG initialisation.
int md_hmac_update(md_context_t *ctx, const unsigned char *input, size_t ilen)
Generic HMAC process buffer.
#define POLARSSL_MD_MAX_SIZE
int hmac_drbg_random_with_add(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len)
HMAC_DRBG generate random with additional update input.
int hmac_drbg_init_buf(hmac_drbg_context *ctx, const md_info_t *md_info, const unsigned char *data, size_t data_len)
Initilisation of simpified HMAC_DRBG (never reseeds).
int prediction_resistance
int size
Output length of the digest function.
void hmac_drbg_update(hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len)
HMAC_DRBG update state.
int md_free_ctx(md_context_t *ctx)
Free the message-specific context of ctx.
Message digest information.
int md_hmac_finish(md_context_t *ctx, unsigned char *output)
Generic HMAC final digest.
HMAC_DRBG (NIST SP 800-90A)