diff options
author | René Korthaus <[email protected]> | 2017-04-03 21:55:03 +0200 |
---|---|---|
committer | René Korthaus <[email protected]> | 2017-04-03 21:55:03 +0200 |
commit | d00cb108f6d3f5b7dee7b8426169f9e186235d54 (patch) | |
tree | 37f91d87067becd698340c8843fc226908a645f6 /src/lib/rng | |
parent | d5554270aff53ec3856b62dbb7cb48ec26b87009 (diff) |
Follow NIST SP 800-57 for HMAC_DRBG security level
Diffstat (limited to 'src/lib/rng')
-rw-r--r-- | src/lib/rng/hmac_drbg/hmac_drbg.cpp | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.cpp b/src/lib/rng/hmac_drbg/hmac_drbg.cpp index 03ea2013a..4f19b5256 100644 --- a/src/lib/rng/hmac_drbg/hmac_drbg.cpp +++ b/src/lib/rng/hmac_drbg/hmac_drbg.cpp @@ -168,8 +168,17 @@ void HMAC_DRBG::add_entropy(const uint8_t input[], size_t input_len) size_t HMAC_DRBG::security_level() const { // security strength of the hash function - // for pre-image resistance (see NIST SP800-57), - // but NIST SP800-90A only supports up to 256 bits - return std::min(m_mac->output_length(), size_t(32)) * 8; + // for pre-image resistance (see NIST SP 800-57) + // SHA-160: 128 bits, SHA-224, SHA-512/224: 192 bits, + // SHA-256, SHA-512/256, SHA-384, SHA-512: >= 256 bits + // NIST SP 800-90A only supports up to 256 bits though + if(m_mac->output_length() < 32) + { + return (m_mac->output_length() - 4) * 8; + } + else + { + return 32 * 8; + } } } |