Lines Matching +full:in3 +full:- +full:in2
2 * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
44 * Called twice by SP800-90Ar1 10.1.2.2 HMAC_DRBG_Update_Process.
48 * in1, in2, in3 are optional inputs that can be NULL.
52 * hmac->K = HMAC(hmac->K, hmac->V || inbyte || [in1] || [in2] || [in3])
53 * hmac->V = HMAC(hmac->K, hmac->V)
59 const unsigned char *in2, size_t in2len,
60 const unsigned char *in3, size_t in3len)
62 EVP_MAC_CTX *ctx = hmac->ctx;
64 if (!EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL)
65 /* K = HMAC(K, V || inbyte || [in1] || [in2] || [in3]) */
66 || !EVP_MAC_update(ctx, hmac->V, hmac->blocklen)
69 || !(in2 == NULL || in2len == 0 || EVP_MAC_update(ctx, in2, in2len))
70 || !(in3 == NULL || in3len == 0 || EVP_MAC_update(ctx, in3, in3len))
71 || !EVP_MAC_final(ctx, hmac->K, NULL, sizeof(hmac->K)))
75 return EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL)
76 && EVP_MAC_update(ctx, hmac->V, hmac->blocklen)
77 && EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V));
81 * SP800-90Ar1 10.1.2.2 HMAC_DRBG_Update_Process
85 * K,V = do_hmac(hmac, 0, in1, in2, in3)
87 * K,V = do_hmac(hmac, 1, in1, in2, in3)
89 * where in1, in2, in3 are optional input buffers that can be NULL.
96 const unsigned char *in2, size_t in2len,
97 const unsigned char *in3, size_t in3len)
99 PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
101 /* (Steps 1-2) K = HMAC(K, V||0x00||provided_data). V = HMAC(K,V) */
102 if (!do_hmac(hmac, 0x00, in1, in1len, in2, in2len, in3, in3len))
107 /* (Steps 4-5) K = HMAC(K, V||0x01||provided_data). V = HMAC(K,V) */
108 return do_hmac(hmac, 0x01, in1, in1len, in2, in2len, in3, in3len);
112 * SP800-90Ar1 10.1.2.3 HMAC_DRBG_Instantiate_Process:
127 PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
129 if (hmac->ctx == NULL) {
135 memset(hmac->K, 0x00, hmac->blocklen);
137 memset(hmac->V, 0x01, hmac->blocklen);
158 * SP800-90Ar1 10.1.2.4 HMAC_DRBG_Reseed_Process:
186 * SP800-90Ar1 10.1.2.5 HMAC_DRBG_Generate_Process:
198 PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
199 EVP_MAC_CTX *ctx = hmac->ctx;
200 const unsigned char *temp = hmac->V;
209 * (Steps 3-5) temp = NULL
216 if (!EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL)
217 || !EVP_MAC_update(ctx, temp, hmac->blocklen))
220 if (outlen > hmac->blocklen) {
225 if (!EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V)))
227 memcpy(out, hmac->V, outlen);
230 out += hmac->blocklen;
231 outlen -= hmac->blocklen;
252 PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
254 OPENSSL_cleanse(hmac->K, sizeof(hmac->K));
255 OPENSSL_cleanse(hmac->V, sizeof(hmac->V));
267 PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
269 PROV_DRBG_VERYIFY_ZEROIZATION(hmac->K);
270 PROV_DRBG_VERYIFY_ZEROIZATION(hmac->V);
284 drbg->data = hmac;
285 /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
286 drbg->max_entropylen = DRBG_MAX_LENGTH;
287 drbg->max_noncelen = DRBG_MAX_LENGTH;
288 drbg->max_perslen = DRBG_MAX_LENGTH;
289 drbg->max_adinlen = DRBG_MAX_LENGTH;
292 drbg->max_request = 1 << 16;
310 if (drbg != NULL && (hmac = (PROV_DRBG_HMAC *)drbg->data) != NULL) {
311 EVP_MAC_CTX_free(hmac->ctx);
312 ossl_prov_digest_reset(&hmac->digest);
321 PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
328 if (hmac->ctx == NULL)
330 name = EVP_MAC_get0_name(EVP_MAC_CTX_get0_mac(hmac->ctx));
337 md = ossl_prov_digest_md(&hmac->digest);
360 PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)ctx->data;
361 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
364 if (!ossl_prov_digest_load_from_params(&hmac->digest, params, libctx))
369 * (such as SHAKE). In FIPS mode, the fetch will fail for non-approved
372 md = ossl_prov_digest_md(&hmac->digest);
378 if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params,
382 if (hmac->ctx != NULL) {
383 /* These are taken from SP 800-90 10.1 Table 2 */
384 hmac->blocklen = EVP_MD_get_size(md);
385 /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
386 ctx->strength = 64 * (int)(hmac->blocklen >> 3);
387 if (ctx->strength > 256)
388 ctx->strength = 256;
389 ctx->seedlen = hmac->blocklen;
390 ctx->min_entropylen = ctx->strength / 8;
391 ctx->min_noncelen = ctx->min_entropylen / 2;