narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[rng] Use SHA-256 for Hash_df, and validate the hash function strength 

ANS X9.82 Part 4 (April 2011 Draft) Section 13.3.4.2 states that "When
using the derivation function based on a hash function, the output
length of the hash function shall meet or exceed the security strength
indicated by the min_entropy parameter in the Get_entropy_input call",
although this criteria is missing from the pseudocode provided in the
same section.

Add a test for this condition, and upgrade from SHA-1 to SHA-256 since
SHA-1 has an output length of 160 bits, which is insufficient for
generating the (128 * 3/2 = 192) bits required when instantiating the
128-bit strength DRBG.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/6/head
Michael Brown 2012-03-05 16:21:49 +00:00
parent 0978251a66
commit 742e43be05
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/include/ipxe/entropy.h
View File

@ -14,7 +14,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <assert.h>
#include <ipxe/api.h>
#include <ipxe/hash_df.h>
#include <ipxe/sha1.h>
#include <ipxe/sha256.h>
#include <config/entropy.h>
/**
@ -100,14 +100,14 @@ int get_noise ( noise_sample_t *noise );
extern int get_entropy_input_tmp ( unsigned int num_samples,
uint8_t *tmp, size_t tmp_len );
/** Use SHA-1 as the underlying hash algorithm for Hash_df
/** Use SHA-256 as the underlying hash algorithm for Hash_df
*
* Hash_df using SHA-1 is an Approved algorithm in ANS X9.82.
* Hash_df using SHA-256 is an Approved algorithm in ANS X9.82.
*/
#define entropy_hash_df_algorithm sha1_algorithm
#define entropy_hash_df_algorithm sha256_algorithm
/** Underlying hash algorithm output length (in bytes) */
#define ENTROPY_HASH_DF_OUTLEN_BYTES SHA1_DIGEST_SIZE
#define ENTROPY_HASH_DF_OUTLEN_BYTES SHA256_DIGEST_SIZE
/**
* Obtain entropy input
@ -166,6 +166,13 @@ get_entropy_input ( unsigned int min_entropy_bits, void *data, size_t min_len,
linker_assert ( __builtin_constant_p ( num_samples ),
num_samples_not_constant );
/* (Unnumbered). The output length of the hash function shall
* meet or exceed the security strength indicated by the
* min_entropy parameter.
*/
linker_assert ( ( ( 8 * ENTROPY_HASH_DF_OUTLEN_BYTES ) >=
min_entropy_bits ), hash_df_algorithm_too_weak );
/* 1. If ( min_length > max_length ), then return ( FAILURE, Null ) */
linker_assert ( ( min_len <= max_len ), min_len_greater_than_max_len );