summaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
authorMichael Brown2012-03-05 17:21:49 +0100
committerMichael Brown2012-03-06 00:51:54 +0100
commit742e43be05d7525135b81a8bcde44083aa1a0ecd (patch)
tree5f43452e44ab9c745bbda8e6d66df52fffe3d2d1 /src/tests
parent[rng] Add NIST self-tests for Hash_df using SHA-256 (diff)
downloadipxe-742e43be05d7525135b81a8bcde44083aa1a0ecd.tar.gz
ipxe-742e43be05d7525135b81a8bcde44083aa1a0ecd.tar.xz
ipxe-742e43be05d7525135b81a8bcde44083aa1a0ecd.zip
[rng] Use SHA-256 for Hash_df, and validate the hash function strength
ANS X9.82 Part 4 (April 2011 Draft) Section 13.3.4.2 states that "When using the derivation function based on a hash function, the output length of the hash function shall meet or exceed the security strength indicated by the min_entropy parameter in the Get_entropy_input call", although this criteria is missing from the pseudocode provided in the same section. Add a test for this condition, and upgrade from SHA-1 to SHA-256 since SHA-1 has an output length of 160 bits, which is insufficient for generating the (128 * 3/2 = 192) bits required when instantiating the 128-bit strength DRBG. Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/tests')
0 files changed, 0 insertions, 0 deletions