}
}
-/* provided_data is either NULL or a pointer to
- DRBG_CTR_AES256_SEED_SIZE (= 48) bytes. */
-static void
-drbg_ctr_aes256_update (struct aes256_ctx *key,
- union nettle_block16 *V, const uint8_t *provided_data)
+void
+drbg_ctr_aes256_update (struct drbg_ctr_aes256_ctx *ctx,
+ const uint8_t *provided_data)
{
union nettle_block16 tmp[3];
- drbg_ctr_aes256_output (key, V, DRBG_CTR_AES256_SEED_SIZE, tmp[0].b);
+ drbg_ctr_aes256_output (&ctx->key, &ctx->V, DRBG_CTR_AES256_SEED_SIZE, tmp[0].b);
if (provided_data)
memxor (tmp[0].b, provided_data, DRBG_CTR_AES256_SEED_SIZE);
- aes256_set_encrypt_key (key, tmp[0].b);
- block16_set (V, &tmp[2]);
+ aes256_set_encrypt_key (&ctx->key, tmp[0].b);
+ block16_set (&ctx->V, &tmp[2]);
}
void
aes256_set_encrypt_key (&ctx->key, zero_key);
block16_zero (&ctx->V);
- drbg_ctr_aes256_update (&ctx->key, &ctx->V, seed_material);
+ drbg_ctr_aes256_update (ctx, seed_material);
}
void
size_t n, uint8_t *dst)
{
drbg_ctr_aes256_output (&ctx->key, &ctx->V, n, dst);
- drbg_ctr_aes256_update (&ctx->key, &ctx->V, NULL);
+ drbg_ctr_aes256_update (ctx, NULL);
}
/* Namespace mangling */
#define drbg_ctr_aes256_init nettle_drbg_ctr_aes256_init
#define drbg_ctr_aes256_random nettle_drbg_ctr_aes256_random
+#define drbg_ctr_aes256_update nettle_drbg_ctr_aes256_update
#define DRBG_CTR_AES256_SEED_SIZE (AES_BLOCK_SIZE + AES256_KEY_SIZE)
drbg_ctr_aes256_random (struct drbg_ctr_aes256_ctx *ctx,
size_t n, uint8_t *dst);
+/* Update the internal state of CTX with PROVIDED_DATA. PROVIDED_DATA
+ is either NULL or a pointer to DRBG_CTR_AES256_SEED_SIZE (= 48)
+ bytes. */
+void
+drbg_ctr_aes256_update (struct drbg_ctr_aes256_ctx *ctx,
+ const uint8_t *provided_data);
+
#ifdef __cplusplus
}
#endif
We support what we believe is the reasonable parts of the CTR_DRBG
algorithm for AES256. Re-seeding, personalization strings, derivation
functions and support for non-AES256 is not implemented.
-Personalization strings can be implemented by the caller, if desired,
-with xor. If you need re-seeding or entropy derivation, we suggest that
-you use Yarrow instead.
+
+Re-seeding and personalization strings can be implemented by the
+caller, if desired. To implement re-seeding, use
+@code{drbg_ctr_aes256_update}. Similarly, personalization strings can
+be implemented with @code{memxor}. If you need entropy derivation, we
+suggest that you use Yarrow instead.
The security bounds of DRBG-CTR are not intuitive, see ``Security Bounds
for the NIST Codebook-based Deterministic Random Bit Generator'' by
@deftypefun void drbg_ctr_aes256_random (struct drbg_ctr_aes256_ctx *@var{ctx}, size_t n, uint8_t *@var{dst})
Generates @var{n} octets of output into @var{dst}. The generator must
be initialized before you call this function.
+
+@deftypefun void drbg_ctr_aes256_update (struct drbg_ctr_aes256_ctx *@var{ctx}, const uint8_t *@var{provided_data})
+Updates the internal state of @var{ctx} with @var{provided_data},
+which is either NULL or a pointer to data of
+@code{DRBG_CTR_AES256_SEED_SIZE} octets. This function is used for re-seeding.
@end deftypefun
@node ASCII encoding
projects / thirdparty / nettle.git / commitdiff
