diff options
| author | Michael Brown | 2012-03-05 17:21:49 +0100 |
|---|---|---|
| committer | Michael Brown | 2012-03-06 00:51:54 +0100 |
| commit | 742e43be05d7525135b81a8bcde44083aa1a0ecd (patch) | |
| tree | 5f43452e44ab9c745bbda8e6d66df52fffe3d2d1 /src/include/ipxe | |
| parent | [rng] Add NIST self-tests for Hash_df using SHA-256 (diff) | |
| download | ipxe-742e43be05d7525135b81a8bcde44083aa1a0ecd.tar.gz ipxe-742e43be05d7525135b81a8bcde44083aa1a0ecd.tar.xz ipxe-742e43be05d7525135b81a8bcde44083aa1a0ecd.zip | |
[rng] Use SHA-256 for Hash_df, and validate the hash function strength
ANS X9.82 Part 4 (April 2011 Draft) Section 13.3.4.2 states that "When
using the derivation function based on a hash function, the output
length of the hash function shall meet or exceed the security strength
indicated by the min_entropy parameter in the Get_entropy_input call",
although this criteria is missing from the pseudocode provided in the
same section.
Add a test for this condition, and upgrade from SHA-1 to SHA-256 since
SHA-1 has an output length of 160 bits, which is insufficient for
generating the (128 * 3/2 = 192) bits required when instantiating the
128-bit strength DRBG.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe')
| -rw-r--r-- | src/include/ipxe/entropy.h | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/include/ipxe/entropy.h b/src/include/ipxe/entropy.h index 7208ac87a..02dde2f1d 100644 --- a/src/include/ipxe/entropy.h +++ b/src/include/ipxe/entropy.h @@ -14,7 +14,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include <assert.h> #include <ipxe/api.h> #include <ipxe/hash_df.h> -#include <ipxe/sha1.h> +#include <ipxe/sha256.h> #include <config/entropy.h> /** @@ -100,14 +100,14 @@ int get_noise ( noise_sample_t *noise ); extern int get_entropy_input_tmp ( unsigned int num_samples, uint8_t *tmp, size_t tmp_len ); -/** Use SHA-1 as the underlying hash algorithm for Hash_df +/** Use SHA-256 as the underlying hash algorithm for Hash_df * - * Hash_df using SHA-1 is an Approved algorithm in ANS X9.82. + * Hash_df using SHA-256 is an Approved algorithm in ANS X9.82. */ -#define entropy_hash_df_algorithm sha1_algorithm +#define entropy_hash_df_algorithm sha256_algorithm /** Underlying hash algorithm output length (in bytes) */ -#define ENTROPY_HASH_DF_OUTLEN_BYTES SHA1_DIGEST_SIZE +#define ENTROPY_HASH_DF_OUTLEN_BYTES SHA256_DIGEST_SIZE /** * Obtain entropy input @@ -166,6 +166,13 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len, linker_assert ( __builtin_constant_p ( num_samples ), num_samples_not_constant ); + /* (Unnumbered). The output length of the hash function shall + * meet or exceed the security strength indicated by the + * min_entropy parameter. + */ + linker_assert ( ( ( 8 * ENTROPY_HASH_DF_OUTLEN_BYTES ) >= + min_entropy_bits ), hash_df_algorithm_too_weak ); + /* 1. If ( min_length > max_length ), then return ( FAILURE, Null ) */ linker_assert ( ( min_len <= max_len ), min_len_greater_than_max_len ); |