32 #if !defined(POLARSSL_CONFIG_FILE)
35 #include POLARSSL_CONFIG_FILE
38 #if defined(POLARSSL_HMAC_DRBG_C)
42 #if defined(POLARSSL_FS_IO)
46 #if defined(POLARSSL_PLATFORM_C)
49 #define polarssl_printf printf
56 const unsigned char *additional,
size_t add_len )
59 unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
63 for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
85 const unsigned char *data,
size_t data_len )
100 memset( ctx->
V, 0x01, md_info->
size );
111 const unsigned char *additional,
size_t len )
132 if( additional != NULL && len != 0 )
134 memcpy( seed + seedlen, additional, len );
153 int (*f_entropy)(
void *,
unsigned char *,
size_t),
155 const unsigned char *custom,
172 memset( ctx->
V, 0x01, md_info->
size );
186 entropy_len = md_info->
size <= 20 ? 16 :
187 md_info->
size <= 28 ? 24 :
234 unsigned char *output,
size_t out_len,
235 const unsigned char *additional,
size_t add_len )
240 size_t left = out_len;
241 unsigned char *out = output;
263 if( additional != NULL && add_len != 0 )
269 size_t use_len = left > md_len ? md_len : left;
275 memcpy( out, ctx->
V, use_len );
311 #if defined(POLARSSL_FS_IO)
318 if( ( f = fopen( path,
"wb" ) ) == NULL )
324 if( fwrite( buf, 1,
sizeof( buf ), f ) !=
sizeof( buf ) )
343 if( ( f = fopen( path,
"rb" ) ) == NULL )
346 fseek( f, 0, SEEK_END );
347 n = (size_t) ftell( f );
348 fseek( f, 0, SEEK_SET );
356 if( fread( buf, 1, n, f ) != n )
366 return( hmac_drbg_write_seed_file( ctx, path ) );
371 #if defined(POLARSSL_SELF_TEST)
375 #if !defined(POLARSSL_SHA1_C)
377 int hmac_drbg_self_test(
int verbose )
387 #define OUTPUT_LEN 80
390 static unsigned char entropy_pr[] = {
391 0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
392 0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
393 0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
394 0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
395 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
396 static const unsigned char result_pr[OUTPUT_LEN] = {
397 0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
398 0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
399 0x10, 0x10, 0x98, 0x12, 0x93, 0x25, 0xca, 0xb8, 0xfc, 0xcc, 0x2d, 0x54,
400 0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
401 0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
402 0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
403 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
406 static unsigned char entropy_nopr[] = {
407 0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
408 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
409 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
410 0xe9, 0x9d, 0xfe, 0xdf };
411 static const unsigned char result_nopr[OUTPUT_LEN] = {
412 0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
413 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
414 0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a,
415 0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
416 0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
417 0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
418 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
421 static size_t test_offset;
422 static int hmac_drbg_self_test_entropy(
void *data,
423 unsigned char *buf,
size_t len )
425 const unsigned char *p = data;
426 memcpy( buf, p + test_offset, len );
431 #define CHK( c ) if( (c) != 0 ) \
434 polarssl_printf( "failed\n" ); \
441 int hmac_drbg_self_test(
int verbose )
444 unsigned char buf[OUTPUT_LEN];
455 hmac_drbg_self_test_entropy, entropy_pr,
460 CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
474 hmac_drbg_self_test_entropy, entropy_nopr,
479 CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
unsigned char V[POLARSSL_MD_MAX_SIZE]
#define POLARSSL_HMAC_DRBG_MAX_INPUT
Maximum number of additional input bytes.
#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL
Interval before reseed is performed by default.
void hmac_drbg_set_entropy_len(hmac_drbg_context *ctx, size_t len)
Set the amount of entropy grabbed on each reseed (Default: given by the security strength, which depends on the hash used, see hmac_drbg_init() )
int(* f_entropy)(void *, unsigned char *, size_t)
int hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len)
HMAC_DRBG generate random.
void hmac_drbg_set_reseed_interval(hmac_drbg_context *ctx, int interval)
Set the reseed interval (Default: POLARSSL_HMAC_DRBG_RESEED_INTERVAL)
#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
The entropy source failed.
#define POLARSSL_HMAC_DRBG_MAX_REQUEST
Maximum number of requested bytes per call.
int md_init_ctx(md_context_t *ctx, const md_info_t *md_info)
Initialises and fills the message digest context structure with the appropriate values.
Configuration options (set of defines)
static unsigned char md_get_size(const md_info_t *md_info)
Returns the size of the message digest output.
#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG
Input too large (Entropy + additional).
#define POLARSSL_HMAC_DRBG_PR_ON
Prediction resistance enabled.
const md_info_t * md_info
Information about the associated message digest.
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT
Maximum size of (re)seed buffer.
#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR
Read/write error in file.
int hmac_drbg_reseed(hmac_drbg_context *ctx, const unsigned char *additional, size_t len)
HMAC_DRBG reseeding (extracts data from entropy source)
void hmac_drbg_free(hmac_drbg_context *ctx)
Free an HMAC_DRBG context.
int md_hmac_starts(md_context_t *ctx, const unsigned char *key, size_t keylen)
Generic HMAC context setup.
void hmac_drbg_set_prediction_resistance(hmac_drbg_context *ctx, int resistance)
Enable / disable prediction resistance (Default: Off)
int md_hmac_reset(md_context_t *ctx)
Generic HMAC context reset.
#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG
Too many random requested in single call.
int hmac_drbg_init(hmac_drbg_context *ctx, const md_info_t *md_info, int(*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, size_t len)
HMAC_DRBG initialisation.
int md_hmac_update(md_context_t *ctx, const unsigned char *input, size_t ilen)
Generic HMAC process buffer.
#define POLARSSL_MD_MAX_SIZE
int hmac_drbg_random_with_add(void *p_rng, unsigned char *output, size_t output_len, const unsigned char *additional, size_t add_len)
HMAC_DRBG generate random with additional update input.
int hmac_drbg_init_buf(hmac_drbg_context *ctx, const md_info_t *md_info, const unsigned char *data, size_t data_len)
Initilisation of simpified HMAC_DRBG (never reseeds).
int prediction_resistance
int size
Output length of the digest function.
void hmac_drbg_update(hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len)
HMAC_DRBG update state.
int md_free_ctx(md_context_t *ctx)
Free the message-specific context of ctx.
Message digest information.
int md_hmac_finish(md_context_t *ctx, unsigned char *output)
Generic HMAC final digest.
HMAC_DRBG (NIST SP 800-90A)