use single define for 128bit key for ctr_drbg and update test dependencies

the change is designed to make configuring 128bit keys for ctr_drbg more similar to other configuration options. Tests have been updated accordingly.
also clarified test naming.
This commit is contained in:
Nir Sonnenschein 2018-08-29 10:11:46 +03:00
parent aecf8c941a
commit ce266e4ca2
3 changed files with 291 additions and 61 deletions

View file

@ -2018,7 +2018,9 @@
/** /**
* \def MBEDTLS_CTR_DRBG_C * \def MBEDTLS_CTR_DRBG_C
* *
* Enable the CTR_DRBG AES-256-based(default) or AES-128-based random generator. * Enable the CTR_DRBG AES-based random generator.
* The CTR_DRBG generator uses AES-256 by default.
* To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
* *
* Module: library/ctr_drbg.c * Module: library/ctr_drbg.c
* Caller: * Caller:
@ -2029,16 +2031,6 @@
*/ */
#define MBEDTLS_CTR_DRBG_C #define MBEDTLS_CTR_DRBG_C
/**
* configure key size for ctr DRBG , either
* MBEDTLS_CTR_DRBG_KEYSIZE_256 (default)
* or
* MBEDTLS_CTR_DRBG_KEYSIZE_128
* must be set.
*/
#if !defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128)
#define MBEDTLS_CTR_DRBG_KEY_SIZE_256 1
#endif
/** /**
* \def MBEDTLS_DEBUG_C * \def MBEDTLS_DEBUG_C
* *
@ -2920,6 +2912,7 @@
//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ //#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ //#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
/* HMAC_DRBG options */ /* HMAC_DRBG options */
//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */

View file

@ -48,15 +48,11 @@
#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */ #define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read or write error in file. */
#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */ #define MBEDTLS_CTR_DRBG_BLOCKSIZE 16 /**< The block size used by the cipher. */
#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_256)
#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) /* Use default 256-bit key for CTR_DRBG. */
#define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */ #define MBEDTLS_CTR_DRBG_KEYSIZE 32 /**< The key size used by the cipher. */
#else #else
#if defined(MBEDTLS_CTR_DRBG_KEY_SIZE_128)
#pragma message("Warning: using smaller (128bit) key size for CTR DRBG may reduce the security of some operations.")
#define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */ #define MBEDTLS_CTR_DRBG_KEYSIZE 16 /**< The key size used by the cipher. */
#else
#error for ctr DRBG either MBEDTLS_CTR_DRBG_KEY_SIZE_256 (default) or MBEDTLS_CTR_DRBG_KEY_SIZE_128 must be set
#endif
#endif #endif
#define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */ #define MBEDTLS_CTR_DRBG_KEYBITS ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
#define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */ #define MBEDTLS_CTR_DRBG_SEEDLEN ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */

File diff suppressed because it is too large Load diff