enable the use of variable size keys in ctr_drbg (was hard-coded 256bit before)

This commit is contained in:
Nir Sonnenschein 2018-07-30 16:59:36 +03:00
parent d22c1b2445
commit a4588d4927

View File

@ -8,8 +8,11 @@
* Recommendation for Random Number Generation Using Deterministic Random * Recommendation for Random Number Generation Using Deterministic Random
* Bit Generators</em>. * Bit Generators</em>.
* *
* The Mbed TLS implementation of CTR_DRBG uses AES-256 as the underlying * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
* block cipher. * as the underlying block cipher.
*
* * \warning ARC4 is considered a weak cipher and its use constitutes a
* security risk. We recommend considering stronger ciphers instead.
*/ */
/* /*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
@ -45,7 +48,16 @@
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */ #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_256)
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ #define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */
#else
#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128)
#warning Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations.
#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */
#else
#error for ctr DRBG either MBEDTLS_CTR_DRBG_KEYSIZE_256 (default) or MBEDTLS_CTR_DRBG_KEYSIZE_128 must be set
#endif
#endif
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ #define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ #define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */