private void init(IDigest digest, int securityStrength, IEntropySource entropySource, byte[] personalizationString, byte[] nonce)
{
if (securityStrength > DrbgUtilities.GetMaxSecurityStrength(digest))
{
throw new ArgumentException("Requested security strength is not supported by the derivation function");
}
if (entropySource.EntropySize < securityStrength)
{
throw new ArgumentException("Not enough entropy for security strength required");
}
mDigest = digest;
mEntropySource = entropySource;
mSecurityStrength = securityStrength;
mSeedLength = (int)seedlens[digest.AlgorithmName];
// 1. seed_material = entropy_input || nonce || personalization_string.
// 2. seed = Hash_df (seed_material, seedlen).
// 3. V = seed.
// 4. C = Hash_df ((0x00 || V), seedlen). Comment: Preceed V with a byte
// of zeros.
// 5. reseed_counter = 1.
// 6. Return V, C, and reseed_counter as the initial_working_state
byte[] entropy = getEntropy();
byte[] seedMaterial = Arrays.ConcatenateAll(entropy, nonce, personalizationString);
Arrays.Fill(entropy, (byte)0);
reseedFromSeedMaterial(seedMaterial);
}
private void init(IMac hMac, int securityStrength, IEntropySource entropySource, byte[] personalizationString, byte[] nonce)
{
if (securityStrength > DrbgUtilities.GetMaxSecurityStrength(hMac))
{
throw new ArgumentException("Requested security strength is not supported by the derivation function");
}
if (entropySource.EntropySize < securityStrength)
{
throw new ArgumentException("Not enough entropy for security strength required");
}
mSecurityStrength = securityStrength;
mEntropySource = entropySource;
mHMac = hMac;
mEntropySource = entropySource;
mK = new byte[hMac.GetMacSize()];
mV = new byte[mK.Length];
Arrays.Fill(mV, (byte)1);
byte[] entropy = getEntropy();
byte[] seedMaterial = Arrays.ConcatenateAll(entropy, nonce, personalizationString);
Arrays.Fill(entropy, (byte)0);
reseedFromSeedMaterial(seedMaterial);
}
internal override void Evaluate()
{
byte[] origV = parent.mV;
byte[] origC = parent.mC;
long origReseedCounter = parent.mReseedCounter;
IEntropySource origEntropySource = parent.mEntropySource;
int origSeedLength = parent.mSeedLength;
int origSecurityStrength = parent.mSecurityStrength;
try
{
byte[] additionalInput = Hex.Decode("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576");
int entropyStrength = DrbgUtilities.GetMaxSecurityStrength(parent.mDigest);
byte[][] expected = (byte[][])reseedKats[algorithm.Name];
parent.mV = Arrays.Clone((byte[])reseedVs[algorithm.Name]);
parent.mEntropySource = new DrbgUtilities.KatEntropyProvider().Get(entropyStrength);
parent.Reseed(additionalInput);
if (parent.mReseedCounter != 1)
{
Fail("DRBG reseedCounter failed to reset");
}
byte[] output = new byte[expected[0].Length];
parent.Generate(output, null, false);
if (!Arrays.AreEqual(expected[0], output))
{
Fail("DRBG Block 1 reseed KAT failure");
}
output = new byte[expected[1].Length];
parent.Generate(output, null, false);
if (!Arrays.AreEqual(expected[1], output))
{
Fail("DRBG Block 2 reseed KAT failure");
}
try
{
parent.mEntropySource = new DrbgUtilities.LyingEntropySource(entropyStrength);
parent.Reseed(null);
Fail("DRBG LyingEntropySource not detected on reseed");
}
catch (InvalidOperationException e)
{
if (!e.Message.Equals("Insufficient entropy provided by entropy source"))
{
Fail("DRBG self test failed reseed entropy check");
}
}
}
finally
{
parent.mV = origV;
parent.mC = origC;
parent.mReseedCounter = origReseedCounter;
parent.mEntropySource = origEntropySource;
parent.mSeedLength = origSeedLength;
parent.mSecurityStrength = origSecurityStrength;
}
}
internal override void Evaluate()
{
byte[] origV = parent.mV;
byte[] origC = parent.mC;
long origReseedCounter = parent.mReseedCounter;
IEntropySource origEntropySource = parent.mEntropySource;
int origSeedLength = parent.mSeedLength;
int origSecurityStrength = parent.mSecurityStrength;
try
{
byte[] personalization = Hex.Decode("404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576");
byte[] nonce = Hex.Decode("2021222324");
int entropyStrength = DrbgUtilities.GetMaxSecurityStrength(parent.mDigest);
byte[][] expected = (byte[][])kats[algorithm.Name];
parent.init(parent.mDigest, parent.mSecurityStrength, new DrbgUtilities.KatEntropyProvider().Get(entropyStrength), personalization, nonce);
byte[] output = new byte[expected[0].Length];
parent.Generate(output, null, true);
if (!Arrays.AreEqual(expected[0], output))
{
Fail("DRBG Block 1 KAT failure");
}
output = new byte[expected[1].Length];
parent.Generate(output, null, true);
if (!Arrays.AreEqual(expected[1], output))
{
Fail("DRBG Block 2 KAT failure");
}
try
{
parent.init(parent.mDigest, parent.mSecurityStrength, new DrbgUtilities.LyingEntropySource(entropyStrength), personalization, nonce);
Fail("DRBG LyingEntropySource not detected in init");
}
catch (InvalidOperationException e)
{
if (!e.Message.Equals("Insufficient entropy provided by entropy source"))
{
Fail("DRBG self test failed init entropy check");
}
}
try
{
parent.init(parent.mDigest, parent.mSecurityStrength, new DrbgUtilities.LyingEntropySource(20), personalization, nonce);
Fail("DRBG insufficient EntropySource not detected");
}
catch (ArgumentException e)
{
if (!e.Message.Equals("Not enough entropy for security strength required"))
{
Fail("DRBG self test failed init entropy check");
}
}
try
{
parent.mEntropySource = new DrbgUtilities.LyingEntropySource(entropyStrength);
parent.Reseed(null);
Fail("DRBG LyingEntropySource not detected in reseed");
}
catch (InvalidOperationException e)
{
if (!e.Message.Equals("Insufficient entropy provided by entropy source"))
{
Fail("DRBG self test failed reseed entropy check");
}
}
try
{
parent.init(parent.mDigest, entropyStrength + 1, new DrbgUtilities.KatEntropyProvider().Get(entropyStrength), personalization, nonce);
Fail("DRBG successful initialise with too high security strength");
}
catch (ArgumentException e)
{
if (!e.Message.Equals("Requested security strength is not supported by the derivation function"))
{
Fail("DRBG self test failed init security strength check");
}
}
}
finally
{
parent.mV = origV;
parent.mC = origC;
parent.mReseedCounter = origReseedCounter;
parent.mEntropySource = origEntropySource;
parent.mSeedLength = origSeedLength;
parent.mSecurityStrength = origSecurityStrength;
}
}