EVP_RAND-HMAC-DRBG.7ossl - Man Page

The HMAC DRBG EVP_RAND implementation

Description

Support for the HMAC deterministic random bit generator through the EVP_RAND API.

Identity

"HMAC-DRBG" is the name for this implementation; it can be used with the EVP_RAND_fetch() function.

Supported parameters

The supported parameters are:

"state" (OSSL_RAND_PARAM_STATE) <integer>
"strength" (OSSL_RAND_PARAM_STRENGTH) <unsigned integer>
"max_request" (OSSL_RAND_PARAM_MAX_REQUEST) <unsigned integer>
"reseed_requests" (OSSL_DRBG_PARAM_RESEED_REQUESTS) <unsigned integer>
"reseed_time_interval" (OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL) <integer>
"min_entropylen" (OSSL_DRBG_PARAM_MIN_ENTROPYLEN) <unsigned integer>
"max_entropylen" (OSSL_DRBG_PARAM_MAX_ENTROPYLEN) <unsigned integer>
"min_noncelen" (OSSL_DRBG_PARAM_MIN_NONCELEN) <unsigned integer>
"max_noncelen" (OSSL_DRBG_PARAM_MAX_NONCELEN) <unsigned integer>
"max_perslen" (OSSL_DRBG_PARAM_MAX_PERSLEN) <unsigned integer>
"max_adinlen" (OSSL_DRBG_PARAM_MAX_ADINLEN) <unsigned integer>
"reseed_counter" (OSSL_DRBG_PARAM_RESEED_COUNTER) <unsigned integer>
"properties" (OSSL_DRBG_PARAM_PROPERTIES) <UTF8 string>
"mac" (OSSL_DRBG_PARAM_MAC) <UTF8 string>
"digest" (OSSL_DRBG_PARAM_DIGEST) <UTF8 string>

These parameters work as described in "PARAMETERS" in EVP_RAND(3).

Notes

When using the FIPS provider, only these digests are permitted (as per FIPS 140-3 IG D.R <https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf>):

SHA-1

SHA2-256

SHA2-512

SHA3-256

SHA3-512

A context for HMAC DRBG can be obtained by calling:

 EVP_RAND *rand = EVP_RAND_fetch(NULL, "HMAC-DRBG", NULL);
 EVP_RAND_CTX *rctx = EVP_RAND_CTX_new(rand, NULL);

Examples

 EVP_RAND *rand;
 EVP_RAND_CTX *rctx;
 unsigned char bytes[100];
 OSSL_PARAM params[3], *p = params;
 unsigned int strength = 128;

 rand = EVP_RAND_fetch(NULL, "HMAC-DRBG", NULL);
 rctx = EVP_RAND_CTX_new(rand, NULL);
 EVP_RAND_free(rand);

 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, SN_hmac, 0);
 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, SN_sha256, 0);
 *p = OSSL_PARAM_construct_end();
 EVP_RAND_instantiate(rctx, strength, 0, NULL, 0, params);

 EVP_RAND_generate(rctx, bytes, sizeof(bytes), strength, 0, NULL, 0);

 EVP_RAND_CTX_free(rctx);

Conforming to

NIST SP 800-90A and SP 800-90B

See Also

EVP_RAND(3), "PARAMETERS" in EVP_RAND(3), openssl-fipsinstall(1)

History

OpenSSL 3.1.1 introduced the -no_drbg_truncated_digests option to fipsinstall which restricts the permitted digests when using the FIPS provider in a complaint manner.  For details refer to FIPS 140-3 IG D.R <https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf>).

Referenced By

EVP_KDF-HMAC-DRBG.7ossl(7), EVP_RAND.3ossl(3), OSSL_PROVIDER-default.7ossl(7), OSSL_PROVIDER-FIPS.7ossl(7).

2024-03-07 3.2.1 OpenSSL