robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[rng] Use SHA-256 for Hash_df, and validate the hash function strength 

ANS X9.82 Part 4 (April 2011 Draft) Section 13.3.4.2 states that "When
using the derivation function based on a hash function, the output
length of the hash function shall meet or exceed the security strength
indicated by the min_entropy parameter in the Get_entropy_input call",
although this criteria is missing from the pseudocode provided in the
same section.

Add a test for this condition, and upgrade from SHA-1 to SHA-256 since
SHA-1 has an output length of 160 bits, which is insufficient for
generating the (128 * 3/2 = 192) bits required when instantiating the
128-bit strength DRBG.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 13 years ago
parent
0978251a66
commit
742e43be05
1 changed files with 12 additions and 5 deletions
Unified View Show Diff Stats
  1. 12
    5
      src/include/ipxe/entropy.h

+ 12
- 5
src/include/ipxe/entropy.h View File

14 
 #include <assert.h>
 14 
 #include <assert.h>
15 
 #include <ipxe/api.h>
 15 
 #include <ipxe/api.h>
16 
 #include <ipxe/hash_df.h>
 16 
 #include <ipxe/hash_df.h>
17 
-#include <ipxe/sha1.h>
17 
+#include <ipxe/sha256.h>
18 
 #include <config/entropy.h>
 18 
 #include <config/entropy.h>
19
19
20 
 /**
 20 
 /**
100 
 extern int get_entropy_input_tmp ( unsigned int num_samples,
 100 
 extern int get_entropy_input_tmp ( unsigned int num_samples,
101 
 				   uint8_t *tmp, size_t tmp_len );
 101 
 				   uint8_t *tmp, size_t tmp_len );
102
102
103 
-/** Use SHA-1 as the underlying hash algorithm for Hash_df
103 
+/** Use SHA-256 as the underlying hash algorithm for Hash_df
104 
  *
 104 
  *
105 
- * Hash_df using SHA-1 is an Approved algorithm in ANS X9.82.
105 
+ * Hash_df using SHA-256 is an Approved algorithm in ANS X9.82.
106 
  */
 106 
  */
107 
-#define entropy_hash_df_algorithm sha1_algorithm
107 
+#define entropy_hash_df_algorithm sha256_algorithm
108
108
109 
 /** Underlying hash algorithm output length (in bytes) */
 109 
 /** Underlying hash algorithm output length (in bytes) */
110 
-#define ENTROPY_HASH_DF_OUTLEN_BYTES SHA1_DIGEST_SIZE
110 
+#define ENTROPY_HASH_DF_OUTLEN_BYTES SHA256_DIGEST_SIZE
111
111
112 
 /**
 112 
 /**
113 
  * Obtain entropy input
 113 
  * Obtain entropy input
166 
 	linker_assert ( __builtin_constant_p ( num_samples ),
 166 
 	linker_assert ( __builtin_constant_p ( num_samples ),
167 
 			num_samples_not_constant );
 167 
 			num_samples_not_constant );
168
168
169 
+	/* (Unnumbered).  The output length of the hash function shall
170 
+	 * meet or exceed the security strength indicated by the
171 
+	 * min_entropy parameter.
172 
+	 */
173 
+	linker_assert ( ( ( 8 * ENTROPY_HASH_DF_OUTLEN_BYTES ) >=
174 
+			  min_entropy_bits ), hash_df_algorithm_too_weak );
175 
+
169 
 	/* 1.  If ( min_length > max_length ), then return ( FAILURE, Null ) */
 176 
 	/* 1.  If ( min_length > max_length ), then return ( FAILURE, Null ) */
170 
 	linker_assert ( ( min_len <= max_len ), min_len_greater_than_max_len );
 177 
 	linker_assert ( ( min_len <= max_len ), min_len_greater_than_max_len );
171
178

Write Preview
Loading…
Cancel
Save