aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/rng/hmac_drbg/hmac_drbg.cpp15
-rw-r--r--src/tests/test_rng.cpp26
2 files changed, 38 insertions, 3 deletions
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.cpp b/src/lib/rng/hmac_drbg/hmac_drbg.cpp
index 03ea2013a..4f19b5256 100644
--- a/src/lib/rng/hmac_drbg/hmac_drbg.cpp
+++ b/src/lib/rng/hmac_drbg/hmac_drbg.cpp
@@ -168,8 +168,17 @@ void HMAC_DRBG::add_entropy(const uint8_t input[], size_t input_len)
size_t HMAC_DRBG::security_level() const
{
// security strength of the hash function
- // for pre-image resistance (see NIST SP800-57),
- // but NIST SP800-90A only supports up to 256 bits
- return std::min(m_mac->output_length(), size_t(32)) * 8;
+ // for pre-image resistance (see NIST SP 800-57)
+ // SHA-160: 128 bits, SHA-224, SHA-512/224: 192 bits,
+ // SHA-256, SHA-512/256, SHA-384, SHA-512: >= 256 bits
+ // NIST SP 800-90A only supports up to 256 bits though
+ if(m_mac->output_length() < 32)
+ {
+ return (m_mac->output_length() - 4) * 8;
+ }
+ else
+ {
+ return 32 * 8;
+ }
}
}
diff --git a/src/tests/test_rng.cpp b/src/tests/test_rng.cpp
index 3fb5bd461..f65c122fa 100644
--- a/src/tests/test_rng.cpp
+++ b/src/tests/test_rng.cpp
@@ -489,6 +489,31 @@ class HMAC_DRBG_Unit_Tests : public Test
return result;
}
+ Test::Result test_security_level()
+ {
+ Test::Result result("HMAC_DRBG Security Level");
+
+ std::vector<std::string> approved_hash_fns { "SHA-160", "SHA-224", "SHA-256", "SHA-512/256", "SHA-384", "SHA-512" };
+ std::vector<uint32_t> security_strengths { 128, 192, 256, 256, 256, 256 };
+
+ for( size_t i = 0; i < approved_hash_fns.size(); ++i )
+ {
+ std::string hash_fn = approved_hash_fns[i];
+ std::string mac_name = "HMAC(" + hash_fn + ")";
+ auto mac = Botan::MessageAuthenticationCode::create(mac_name);
+ if(!mac)
+ {
+ result.note_missing(mac_name);
+ continue;
+ }
+
+ Botan::HMAC_DRBG rng(std::move(mac));
+ result.test_eq(hash_fn + " security level", rng.security_level(), security_strengths[i]);
+ }
+
+ return result;
+ }
+
Test::Result test_randomize_with_ts_input()
{
Test::Result result("HMAC_DRBG Randomize With Timestamp Input");
@@ -538,6 +563,7 @@ class HMAC_DRBG_Unit_Tests : public Test
results.push_back(test_prediction_resistance());
results.push_back(test_fork_safety());
results.push_back(test_randomize_with_ts_input());
+ results.push_back(test_security_level());
return results;
}
};