diff options
| author | René Korthaus <[email protected]> | 2017-02-18 20:56:00 +0100 |
|---|---|---|
| committer | René Korthaus <[email protected]> | 2017-04-03 21:15:41 +0200 |
| commit | d5554270aff53ec3856b62dbb7cb48ec26b87009 (patch) | |
| tree | d36b65d49b1a98c7bd584f075fed4d4a3790965f /src/lib/rng | |
| parent | 753b4c2d5301574d3c9390b79aa275a49809e6c8 (diff) | |
Change security_strength of HMAC_DRBG
Looking into SP808-90A, it mentions that the max
security strength is the security strength
of the hash function for pre-image resistance.
The current implementation however always only
uses half of the output length, therefore only providing
half of the security strength possible.
However, SP800-90A supports only up to 256 bit
security strength, so we fix it to this upper limit.
In a second change, add_entropy() now also resets
the reseed counter if enough entropy input provided.
Diffstat (limited to 'src/lib/rng')
| -rw-r--r-- | src/lib/rng/hmac_drbg/hmac_drbg.cpp | 12 | ||||
| -rw-r--r-- | src/lib/rng/stateful_rng/stateful_rng.h | 5 |
2 files changed, 12 insertions, 5 deletions
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.cpp b/src/lib/rng/hmac_drbg/hmac_drbg.cpp index e47d49628..03ea2013a 100644 --- a/src/lib/rng/hmac_drbg/hmac_drbg.cpp +++ b/src/lib/rng/hmac_drbg/hmac_drbg.cpp @@ -158,12 +158,18 @@ void HMAC_DRBG::update(const uint8_t input[], size_t input_len) void HMAC_DRBG::add_entropy(const uint8_t input[], size_t input_len) { update(input, input_len); + + if(8*input_len >= security_level()) + { + m_reseed_counter = 1; + } } size_t HMAC_DRBG::security_level() const { - // sqrt of hash size - return m_mac->output_length() * 8 / 2; + // security strength of the hash function + // for pre-image resistance (see NIST SP800-57), + // but NIST SP800-90A only supports up to 256 bits + return std::min(m_mac->output_length(), size_t(32)) * 8; } - } diff --git a/src/lib/rng/stateful_rng/stateful_rng.h b/src/lib/rng/stateful_rng/stateful_rng.h index 982747e01..ed51aac6a 100644 --- a/src/lib/rng/stateful_rng/stateful_rng.h +++ b/src/lib/rng/stateful_rng/stateful_rng.h @@ -121,14 +121,15 @@ class BOTAN_DLL Stateful_RNG : public RandomNumberGenerator Entropy_Sources* m_entropy_sources = nullptr; const size_t m_reseed_interval; + uint32_t m_last_pid = 0; + protected: /* - * Set to 1 after a sucessful seeding, then incremented. Reset + * Set to 1 after a successful seeding, then incremented. Reset * to 0 by clear() or a fork. This logic is used even if * automatic reseeding is disabled (via m_reseed_interval = 0) */ size_t m_reseed_counter = 0; - uint32_t m_last_pid = 0; }; } |