Openwrt-EcoNet/kernel-49
1
0
Fork 0
Code Activity
Files
kernel-49/include/crypto/drbg.h
Eric Biggers cb74d5c7ab Merge 4.9.320 into android-4.9-q 
Changes in 4.9.320
	9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
	random: remove stale maybe_reseed_primary_crng
	random: remove stale urandom_init_wait
	random: remove variable limit
	random: fix comment for unused random_min_urandom_seed
	random: convert get_random_int/long into get_random_u32/u64
	random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
	random: invalidate batched entropy after crng init
	random: silence compiler warnings and fix race
	random: add wait_for_random_bytes() API
	random: add get_random_{bytes,u32,u64,int,long,once}_wait family
	random: warn when kernel uses unseeded randomness
	random: do not ignore early device randomness
	random: suppress spammy warnings about unseeded randomness
	random: reorder READ_ONCE() in get_random_uXX
	random: fix warning message on ia64 and parisc
	random: use a different mixing algorithm for add_device_randomness()
	random: set up the NUMA crng instances after the CRNG is fully initialized
	random: fix possible sleeping allocation from irq context
	random: rate limit unseeded randomness warnings
	random: add a spinlock_t to struct batched_entropy
	char/random: silence a lockdep splat with printk()
	Revert "char/random: silence a lockdep splat with printk()"
	random: always use batched entropy for get_random_u{32,64}
	random: fix data race on crng_node_pool
	crypto: chacha20 - Fix keystream alignment for chacha20_block()
	random: always fill buffer in get_random_bytes_wait
	random: optimize add_interrupt_randomness
	drivers/char/random.c: remove unused dont_count_entropy
	random: Fix whitespace pre random-bytes work
	random: Return nbytes filled from hw RNG
	random: add a config option to trust the CPU's hwrng
	random: remove preempt disabled region
	random: Make crng state queryable
	random: make CPU trust a boot parameter
	drivers/char/random.c: constify poolinfo_table
	drivers/char/random.c: remove unused stuct poolinfo::poolbits
	drivers/char/random.c: make primary_crng static
	random: only read from /dev/random after its pool has received 128 bits
	random: move rand_initialize() earlier
	random: document get_random_int() family
	latent_entropy: avoid build error when plugin cflags are not set
	random: fix soft lockup when trying to read from an uninitialized blocking pool
	random: Support freezable kthreads in add_hwgenerator_randomness()
	fdt: add support for rng-seed
	random: Use wait_event_freezable() in add_hwgenerator_randomness()
	char/random: Add a newline at the end of the file
	Revert "hwrng: core - Freeze khwrng thread during suspend"
	crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
	crypto: blake2s - generic C library implementation and selftest
	lib/crypto: blake2s: move hmac construction into wireguard
	lib/crypto: sha1: re-roll loops to reduce code size
	random: Don't wake crng_init_wait when crng_init == 1
	random: Add a urandom_read_nowait() for random APIs that don't warn
	random: add GRND_INSECURE to return best-effort non-cryptographic bytes
	random: ignore GRND_RANDOM in getentropy(2)
	random: make /dev/random be almost like /dev/urandom
	random: fix crash on multiple early calls to add_bootloader_randomness()
	random: remove the blocking pool
	random: delete code to pull data into pools
	random: remove kernel.random.read_wakeup_threshold
	random: remove unnecessary unlikely()
	random: convert to ENTROPY_BITS for better code readability
	random: Add and use pr_fmt()
	random: fix typo in add_timer_randomness()
	random: remove some dead code of poolinfo
	random: split primary/secondary crng init paths
	random: avoid warnings for !CONFIG_NUMA builds
	x86: Remove arch_has_random, arch_has_random_seed
	powerpc: Remove arch_has_random, arch_has_random_seed
	linux/random.h: Remove arch_has_random, arch_has_random_seed
	linux/random.h: Use false with bool
	linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
	powerpc: Use bool in archrandom.h
	random: add arch_get_random_*long_early()
	random: avoid arch_get_random_seed_long() when collecting IRQ randomness
	random: remove dead code left over from blocking pool
	MAINTAINERS: co-maintain random.c
	crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
	crypto: blake2s - adjust include guard naming
	random: document add_hwgenerator_randomness() with other input functions
	random: remove unused irq_flags argument from add_interrupt_randomness()
	random: use BLAKE2s instead of SHA1 in extraction
	random: do not sign extend bytes for rotation when mixing
	random: do not re-init if crng_reseed completes before primary init
	random: mix bootloader randomness into pool
	random: harmonize "crng init done" messages
	random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
	random: initialize ChaCha20 constants with correct endianness
	random: early initialization of ChaCha constants
	random: avoid superfluous call to RDRAND in CRNG extraction
	random: don't reset crng_init_cnt on urandom_read()
	random: fix typo in comments
	random: cleanup poolinfo abstraction
	crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
	random: cleanup integer types
	random: remove incomplete last_data logic
	random: remove unused extract_entropy() reserved argument
	random: try to actively add entropy rather than passively wait for it
	random: rather than entropy_store abstraction, use global
	random: remove unused OUTPUT_POOL constants
	random: de-duplicate INPUT_POOL constants
	random: prepend remaining pool constants with POOL_
	random: cleanup fractional entropy shift constants
	random: access input_pool_data directly rather than through pointer
	random: simplify arithmetic function flow in account()
	random: continually use hwgenerator randomness
	random: access primary_pool directly rather than through pointer
	random: only call crng_finalize_init() for primary_crng
	random: use computational hash for entropy extraction
	random: simplify entropy debiting
	random: use linear min-entropy accumulation crediting
	random: always wake up entropy writers after extraction
	random: make credit_entropy_bits() always safe
	random: remove use_input_pool parameter from crng_reseed()
	random: remove batched entropy locking
	random: fix locking in crng_fast_load()
	random: use RDSEED instead of RDRAND in entropy extraction
	random: inline leaves of rand_initialize()
	random: ensure early RDSEED goes through mixer on init
	random: do not xor RDRAND when writing into /dev/random
	random: absorb fast pool into input pool after fast load
	random: use hash function for crng_slow_load()
	random: remove outdated INT_MAX >> 6 check in urandom_read()
	random: zero buffer after reading entropy from userspace
	random: tie batched entropy generation to base_crng generation
	random: remove ifdef'd out interrupt bench
	random: remove unused tracepoints
	random: add proper SPDX header
	random: deobfuscate irq u32/u64 contributions
	random: introduce drain_entropy() helper to declutter crng_reseed()
	random: remove useless header comment
	random: remove whitespace and reorder includes
	random: group initialization wait functions
	random: group entropy extraction functions
	random: group entropy collection functions
	random: group userspace read/write functions
	random: group sysctl functions
	random: rewrite header introductory comment
	workqueue: make workqueue available early during boot
	random: defer fast pool mixing to worker
	random: do not take pool spinlock at boot
	random: unify early init crng load accounting
	random: check for crng_init == 0 in add_device_randomness()
	hwrng: core - do not use multiple blank lines
	hwrng: core - rewrite better comparison to NULL
	hwrng: core - Rewrite the header
	hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
	hwrng: core - remove unused PFX macro
	hwrng: use rng source with best quality
	hwrng: remember rng chosen by user
	random: pull add_hwgenerator_randomness() declaration into random.h
	random: clear fast pool, crng, and batches in cpuhp bring up
	random: round-robin registers as ulong, not u32
	random: only wake up writers after zap if threshold was passed
	random: cleanup UUID handling
	random: unify cycles_t and jiffies usage and types
	random: do crng pre-init loading in worker rather than irq
	random: give sysctl_random_min_urandom_seed a more sensible value
	random: don't let 644 read-only sysctls be written to
	random: replace custom notifier chain with standard one
	random: use SipHash as interrupt entropy accumulator
	random: make consistent usage of crng_ready()
	random: reseed more often immediately after booting
	random: check for signal and try earlier when generating entropy
	random: skip fast_init if hwrng provides large chunk of entropy
	random: treat bootloader trust toggle the same way as cpu trust toggle
	random: re-add removed comment about get_random_{u32,u64} reseeding
	random: mix build-time latent entropy into pool at init
	random: do not split fast init input in add_hwgenerator_randomness()
	random: do not allow user to keep crng key around on stack
	random: check for signal_pending() outside of need_resched() check
	random: check for signals every PAGE_SIZE chunk of /dev/[u]random
	random: make random_get_entropy() return an unsigned long
	random: document crng_fast_key_erasure() destination possibility
	random: fix sysctl documentation nits
	init: call time_init() before rand_initialize()
	ia64: define get_cycles macro for arch-override
	s390: define get_cycles macro for arch-override
	parisc: define get_cycles macro for arch-override
	alpha: define get_cycles macro for arch-override
	powerpc: define get_cycles macro for arch-override
	timekeeping: Add raw clock fallback for random_get_entropy()
	m68k: use fallback for random_get_entropy() instead of zero
	mips: use fallback for random_get_entropy() instead of just c0 random
	arm: use fallback for random_get_entropy() instead of zero
	nios2: use fallback for random_get_entropy() instead of zero
	x86/tsc: Use fallback for random_get_entropy() instead of zero
	um: use fallback for random_get_entropy() instead of zero
	sparc: use fallback for random_get_entropy() instead of zero
	xtensa: use fallback for random_get_entropy() instead of zero
	uapi: rename ext2_swab() to swab() and share globally in swab.h
	random: insist on random_get_entropy() existing in order to simplify
	random: do not use batches when !crng_ready()
	random: do not pretend to handle premature next security model
	random: order timer entropy functions below interrupt functions
	random: do not use input pool from hard IRQs
	random: help compiler out with fast_mix() by using simpler arguments
	siphash: use one source of truth for siphash permutations
	random: use symbolic constants for crng_init states
	random: avoid initializing twice in credit race
	random: remove ratelimiting for in-kernel unseeded randomness
	random: use proper jiffies comparison macro
	random: handle latent entropy and command line from random_init()
	random: credit architectural init the exact amount
	random: use static branch for crng_ready()
	random: remove extern from functions in header
	random: use proper return types on get_random_{int,long}_wait()
	random: move initialization functions out of hot pages
	random: move randomize_page() into mm where it belongs
	random: convert to using fops->write_iter()
	random: wire up fops->splice_{read,write}_iter()
	random: check for signals after page of pool writes
	Revert "random: use static branch for crng_ready()"
	crypto: drbg - add FIPS 140-2 CTRNG for noise source
	crypto: drbg - always seeded with SP800-90B compliant noise source
	crypto: drbg - prepare for more fine-grained tracking of seeding state
	crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
	crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
	crypto: drbg - always try to free Jitter RNG instance
	crypto: drbg - make reseeding from get_random_bytes() synchronous
	random: avoid checking crng_ready() twice in random_init()
	random: mark bootloader randomness code as __init
	random: account for arch randomness in bits
	ASoC: cs42l52: Fix TLV scales for mixer controls
	ASoC: cs53l30: Correct number of volume levels on SX controls
	ASoC: cs42l52: Correct TLV for Bypass Volume
	ASoC: cs42l56: Correct typo in minimum level for SX volume controls
	ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
	ASoC: wm8962: Fix suspend while playing music
	scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
	scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
	virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
	nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
	ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
	net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
	random: credit cpu and bootloader seeds by default
	pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
	misc: atmel-ssc: Fix IRQ check in ssc_probe
	irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
	irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
	comedi: vmk80xx: fix expression for tx buffer size
	USB: serial: option: add support for Cinterion MV31 with new baseline
	USB: serial: io_ti: add Agilent E5805A support
	usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
	serial: 8250: Store to lsr_save_flags after lsr read
	ext4: fix bug_on ext4_mb_use_inode_pa
	ext4: make variable "count" signed
	ext4: add reserved GDT blocks check
	l2tp: don't use inet_shutdown on ppp session destroy
	l2tp: fix race in pppol2tp_release with session object destroy
	s390/mm: use non-quiescing sske for KVM switch to keyed guest
	xprtrdma: fix incorrect header size calculations
	swiotlb: fix info leak with DMA_FROM_DEVICE
	Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
	fuse: fix pipe buffer lifetime for direct_io
	tcp: change source port randomizarion at connect() time
	tcp: add some entropy in __inet_hash_connect()
	secure_seq: use the 64 bits of the siphash for port offset calculation
	tcp: use different parts of the port_offset for index and offset
	tcp: add small random increments to the source port
	tcp: dynamically allocate the perturb table used by source ports
	tcp: increase source port perturb table to 2^16
	tcp: drop the hash_32() part from the index calculation
	Linux 4.9.320

Conflicts:
	crypto/chacha20_generic.c
	drivers/char/random.c
	drivers/of/fdt.c
	include/crypto/chacha20.h
	lib/chacha20.c

Merge resolution notes:
  - Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
    chacha.h, to minimize changes from the 4.9.320 version of random.c

  - Updated lib/vsprintf.c for
    "random: replace custom notifier chain with standard one".

Change-Id: Ia7a12d8883b808f88bbe807d6150552bb084f6b3
Signed-off-by: Eric Biggers <ebiggers@google.com>
2022-07-04 10:26:10 +03:00

288 lines
9.1 KiB
C
Raw Permalink Blame History

/*
* DRBG based on NIST SP800-90A
*
* Copyright Stephan Mueller <smueller@chronox.de>, 2014
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, and the entire permission notice in its entirety,
* including the disclaimer of warranties.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* ALTERNATIVELY, this product may be distributed under the terms of
* the GNU General Public License, in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
* WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
#ifndef _DRBG_H
#define _DRBG_H
#include <linux/random.h>
#include <linux/scatterlist.h>
#include <crypto/hash.h>
#include <crypto/skcipher.h>
#include <linux/module.h>
#include <linux/crypto.h>
#include <linux/slab.h>
#include <crypto/internal/rng.h>
#include <crypto/rng.h>
#include <linux/fips.h>
#include <linux/mutex.h>
#include <linux/list.h>
#include <linux/workqueue.h>
/*
* Concatenation Helper and string operation helper
*
* SP800-90A requires the concatenation of different data. To avoid copying
* buffers around or allocate additional memory, the following data structure
* is used to point to the original memory with its size. In addition, it
* is used to build a linked list. The linked list defines the concatenation
* of individual buffers. The order of memory block referenced in that
* linked list determines the order of concatenation.
*/
struct drbg_string {
const unsigned char *buf;
size_t len;
struct list_head list;
};
static inline void drbg_string_fill(struct drbg_string *string,
const unsigned char *buf, size_t len)
{
string->buf = buf;
string->len = len;
INIT_LIST_HEAD(&string->list);
}
struct drbg_state;
typedef uint32_t drbg_flag_t;
struct drbg_core {
drbg_flag_t flags; /* flags for the cipher */
__u8 statelen; /* maximum state length */
__u8 blocklen_bytes; /* block size of output in bytes */
char cra_name[CRYPTO_MAX_ALG_NAME]; /* mapping to kernel crypto API */
/* kernel crypto API backend cipher name */
char backend_cra_name[CRYPTO_MAX_ALG_NAME];
};
struct drbg_state_ops {
int (*update)(struct drbg_state *drbg, struct list_head *seed,
int reseed);
int (*generate)(struct drbg_state *drbg,
unsigned char *buf, unsigned int buflen,
struct list_head *addtl);
int (*crypto_init)(struct drbg_state *drbg);
int (*crypto_fini)(struct drbg_state *drbg);
};
struct drbg_test_data {
struct drbg_string *testentropy; /* TEST PARAMETER: test entropy */
};
enum drbg_seed_state {
DRBG_SEED_STATE_UNSEEDED,
DRBG_SEED_STATE_PARTIAL, /* Seeded with !rng_is_initialized() */
DRBG_SEED_STATE_FULL,
};
struct drbg_state {
struct mutex drbg_mutex; /* lock around DRBG */
unsigned char *V; /* internal state 10.1.1.1 1a) */
unsigned char *Vbuf;
/* hash: static value 10.1.1.1 1b) hmac / ctr: key */
unsigned char *C;
unsigned char *Cbuf;
/* Number of RNG requests since last reseed -- 10.1.1.1 1c) */
size_t reseed_ctr;
size_t reseed_threshold;
/* some memory the DRBG can use for its operation */
unsigned char *scratchpad;
unsigned char *scratchpadbuf;
void *priv_data; /* Cipher handle */
struct crypto_skcipher *ctr_handle; /* CTR mode cipher handle */
struct skcipher_request *ctr_req; /* CTR mode request handle */
__u8 *ctr_null_value_buf; /* CTR mode unaligned buffer */
__u8 *ctr_null_value; /* CTR mode aligned zero buf */
__u8 *outscratchpadbuf; /* CTR mode output scratchpad */
__u8 *outscratchpad; /* CTR mode aligned outbuf */
struct completion ctr_completion; /* CTR mode async handler */
int ctr_async_err; /* CTR mode async error */
enum drbg_seed_state seeded; /* DRBG fully seeded? */
bool pr; /* Prediction resistance enabled? */
bool fips_primed; /* Continuous test primed? */
unsigned char *prev; /* FIPS 140-2 continuous test value */
struct crypto_rng *jent;
const struct drbg_state_ops *d_ops;
const struct drbg_core *core;
struct drbg_string test_data;
};
static inline __u8 drbg_statelen(struct drbg_state *drbg)
{
if (drbg && drbg->core)
return drbg->core->statelen;
return 0;
}
static inline __u8 drbg_blocklen(struct drbg_state *drbg)
{
if (drbg && drbg->core)
return drbg->core->blocklen_bytes;
return 0;
}
static inline __u8 drbg_keylen(struct drbg_state *drbg)
{
if (drbg && drbg->core)
return (drbg->core->statelen - drbg->core->blocklen_bytes);
return 0;
}
static inline size_t drbg_max_request_bytes(struct drbg_state *drbg)
{
/* SP800-90A requires the limit 2**19 bits, but we return bytes */
return (1 << 16);
}
static inline size_t drbg_max_addtl(struct drbg_state *drbg)
{
/* SP800-90A requires 2**35 bytes additional info str / pers str */
#if (__BITS_PER_LONG == 32)
/*
* SP800-90A allows smaller maximum numbers to be returned -- we
* return SIZE_MAX - 1 to allow the verification of the enforcement
* of this value in drbg_healthcheck_sanity.
*/
return (SIZE_MAX - 1);
#else
return (1UL<<35);
#endif
}
static inline size_t drbg_max_requests(struct drbg_state *drbg)
{
/* SP800-90A requires 2**48 maximum requests before reseeding */
return (1<<20);
}
/*
* This is a wrapper to the kernel crypto API function of
* crypto_rng_generate() to allow the caller to provide additional data.
*
* @drng DRBG handle -- see crypto_rng_get_bytes
* @outbuf output buffer -- see crypto_rng_get_bytes
* @outlen length of output buffer -- see crypto_rng_get_bytes
* @addtl_input additional information string input buffer
* @addtllen length of additional information string buffer
*
* return
* see crypto_rng_get_bytes
*/
static inline int crypto_drbg_get_bytes_addtl(struct crypto_rng *drng,
unsigned char *outbuf, unsigned int outlen,
struct drbg_string *addtl)
{
return crypto_rng_generate(drng, addtl->buf, addtl->len,
outbuf, outlen);
}
/*
* TEST code
*
* This is a wrapper to the kernel crypto API function of
* crypto_rng_generate() to allow the caller to provide additional data and
* allow furnishing of test_data
*
* @drng DRBG handle -- see crypto_rng_get_bytes
* @outbuf output buffer -- see crypto_rng_get_bytes
* @outlen length of output buffer -- see crypto_rng_get_bytes
* @addtl_input additional information string input buffer
* @addtllen length of additional information string buffer
* @test_data filled test data
*
* return
* see crypto_rng_get_bytes
*/
static inline int crypto_drbg_get_bytes_addtl_test(struct crypto_rng *drng,
unsigned char *outbuf, unsigned int outlen,
struct drbg_string *addtl,
struct drbg_test_data *test_data)
{
crypto_rng_set_entropy(drng, test_data->testentropy->buf,
test_data->testentropy->len);
return crypto_rng_generate(drng, addtl->buf, addtl->len,
outbuf, outlen);
}
/*
* TEST code
*
* This is a wrapper to the kernel crypto API function of
* crypto_rng_reset() to allow the caller to provide test_data
*
* @drng DRBG handle -- see crypto_rng_reset
* @pers personalization string input buffer
* @perslen length of additional information string buffer
* @test_data filled test data
*
* return
* see crypto_rng_reset
*/
static inline int crypto_drbg_reset_test(struct crypto_rng *drng,
struct drbg_string *pers,
struct drbg_test_data *test_data)
{
crypto_rng_set_entropy(drng, test_data->testentropy->buf,
test_data->testentropy->len);
return crypto_rng_reset(drng, pers->buf, pers->len);
}
/* DRBG type flags */
#define DRBG_CTR ((drbg_flag_t)1<<0)
#define DRBG_HMAC ((drbg_flag_t)1<<1)
#define DRBG_HASH ((drbg_flag_t)1<<2)
#define DRBG_TYPE_MASK (DRBG_CTR | DRBG_HMAC | DRBG_HASH)
/* DRBG strength flags */
#define DRBG_STRENGTH128 ((drbg_flag_t)1<<3)
#define DRBG_STRENGTH192 ((drbg_flag_t)1<<4)
#define DRBG_STRENGTH256 ((drbg_flag_t)1<<5)
#define DRBG_STRENGTH_MASK (DRBG_STRENGTH128 | DRBG_STRENGTH192 | \
DRBG_STRENGTH256)
enum drbg_prefixes {
DRBG_PREFIX0 = 0x00,
DRBG_PREFIX1,
DRBG_PREFIX2,
DRBG_PREFIX3
};
#endif /* _DRBG_H */
View Git Blame Copy Permalink