[SB][Documentation][Feature] Added documentation for Hash DRBG (#795)

Author: egrabovskaya

doc/source/drbg/hash-drbg-entr-input-get-size.rst

@@ -0,0 +1,65 @@
+.. _hash-drbg-entr-input-get-size:
+
+ippsHashDRBG_EntropyInputCtxGetSize
+====================================
+
+Gets the size (in bytes) for the Entropy input context.
+
+Syntax
+------
+
+.. code:: cpp
+
+    IppStatus ippsHashDRBG_EntropyInputCtxGetSize(int* pEntrInputSize,
+                                                  const int entrInputBufBitsLen,
+                                                  const IppsHashMethod* pHashMethod);
+
+Include Files
+-------------
+
+``ippcp.h``
+
+Parameters
+----------
+
+.. list-table::
+   :header-rows: 0
+
+   * - pEntrInputSize
+     - Pointer to the Entropy input context size.
+   * - entrInputBufBitsLen
+     - The length of the buffer containing the entropy input and the nonce.
+       ``entrInputBufBitsLen`` must be at least equal to the minimum entropy input length
+       specified in :ref:`Minimum and maximum values for the Hash DRBG <hash-drbg-min-and-max-values>` to accommodate both
+       the entropy input and the nonce during instantiation.
+   * - pHashMethod
+     - Pointer to the hash method (may be NULL).
+
+Description
+------------
+
+Gets the size for the ``IppsHashDRBG_EntropyInputCtx``.
+
+The result is stored to ``*pEntrInputSize``.
+
+.. note::
+
+   If the hash method is not specified (NULL pointer is passed), SHA-256 is used by default.
+
+Return Values
+-------------
+
+.. list-table::
+   :header-rows: 0
+
+   * - ippStsNoErr
+     - Indicates no error. All single operations executed without errors.
+       Any other value indicates an error.
+   * - ippStsNullPtrErr
+     - ``pEntrInputSize`` is a NULL pointer.
+   * - ippStsOutOfRangeErr
+     - ``entrInputBufBitsLen < 1``.
+   * - ippStsNotSupportedModeErr
+     - The hash algorithm is not supported.
+   * - ippStsLengthErr
+     - The length of the Entropy input buffer is less than the minimum entropy input length (see :ref:`Minimum and maximum values for the Hash DRBG <hash-drbg-min-and-max-values>`).

doc/source/drbg/hash-drbg-entr-input-init.rst

@@ -0,0 +1,66 @@
+.. _hash-drbg-entr-input-init:
+
+ippsHashDRBG_EntropyInputCtxInit
+=================================
+
+Initializes the Entropy input context.
+
+Syntax
+------
+
+.. code:: cpp
+
+    IppStatus ippsHashDRBG_EntropyInputCtxInit(IppsHashDRBG_EntropyInputCtx* pEntrInputCtx,
+                                               const int entrInputBufBitsLen,
+                                               IppEntropyInputSupplier getEntropyInput);
+
+Include Files
+-------------
+
+``ippcp.h``
+
+Parameters
+----------
+
+.. list-table::
+   :header-rows: 0
+
+   * - pEntrInputCtx
+     - Pointer to the Entropy input context.
+   * - entrInputBufBitsLen
+     - The length of the buffer containing the entropy input and the nonce.
+   * - getEntropyInput
+     - Callback function for supplying the entropy input, providing both an entropy input
+       and a nonce during instantiation, and an entropy input during reseeding or whenever
+       prediction resistance is requested.
+
+       The callback function must have the following signature:
+
+       ``IppStatus _STDCALL getEntropyInput(Ipp8u* pEntropyInput, int* pEntropyInputBitsLen, const int minEntropyInBits, const int maxBitsLen, const int predictionResistanceRequest)``.
+
+       - ``pEntropyInput`` is a pointer to a byte string containing at least ``minEntropyInBits`` bits of entropy.
+       - ``pEntropyInputBitsLen`` is the entropy input buffer length in bits.
+       - ``minEntropyInBits`` and ``maxBitsLen`` is the minimum and maximum number bits of the entropy input.
+       - ``predictionResistanceRequest`` parameter indicates whether or not prediction resistance is to be provided during the request.
+
+       Refer to the `NIST SP 800-90C <https://csrc.nist.gov/pubs/sp/800/90/c/final>`__ to figure out more about Sources of Randomness.
+
+Description
+-----------
+
+The function initializes the ``IppsHashDRBG_EntropyInputCtx`` which encapsulates objects necessary
+for entropy input and nonce generation during the Hash DRBG operations.
+
+Return Values
+-------------
+
+.. list-table::
+   :header-rows: 0
+
+   * - ippStsNoErr
+     - Indicates no error. All single operations executed without errors.
+       Any other value indicates an error.
+   * - ippStsNullPtrErr
+     - ``pEntrInputCtx`` is a NULL pointer.
+   * - ippStsOutOfRangeErr
+     - ``entrInputBufBitsLen < 1``.

doc/source/drbg/hash-drbg-gen-bn.rst

@@ -0,0 +1,89 @@
+.. _hash-drbg-gen-bn:
+
+ippsHashDRBG_GenBN
+===================
+
+Generates a pseudorandom positive Big Number of the specified bit length.
+
+Syntax
+------
+
+.. code:: cpp
+
+    IppStatus ippsHashDRBG_GenBN(IppsBigNumState* pRand,
+                                 int nBits,
+                                 const int requestedSecurityStrength,
+                                 const int predictionResistanceRequest,
+                                 const Ipp8u* addlInput,
+                                 const int addlInputBitsLen,
+                                 IppsHashDRBG_EntropyInputCtx* pEntrInputCtx,
+                                 IppsHashDRBGState* pDrbgCtx);
+
+Include Files
+-------------
+
+``ippcp.h``
+
+Parameters
+----------
+
+.. list-table::
+   :header-rows: 0
+
+   * - pRand
+     - Pointer to the output pseudorandom Big Number.
+   * - nBits
+     - Requested number of bits to be generated.
+   * - requestedSecurityStrength
+     - The security strength to be associated with the requested pseudorandom bits.
+   * - predictionResistanceRequest
+     - Indicates whether or not prediction resistance is to be provided during the request
+       (whether or not fresh entropy bits are required).
+   * - addlInput
+     - Pointer to the array containing additional input (optional).
+   * - addlInputBitsLen
+     - Length of the ``addlInput`` in bits (may be zero).
+   * - pEntrInputCtx
+     - Pointer to the Entropy input context.
+       The size is equal to the value returned by ``ippsHashDRBG_EntropyInputCtxGetSize``.
+   * - pDrbgCtx
+     - Pointer to the ``IppsHashDRBGState`` context.
+       Size equals to the value returned by ``ippsHashDRBG_GetSize``.
+
+Description
+-----------
+
+The ``ippsHashDRBG_GenBN`` function:
+
+- Calls the reseed function to incorporate fresh entropy when prediction resistance is requested or
+  the Hash DRBG has reached the end of its reseed interval.
+
+- Generates a pseudorandom Big Number of the specified ``nBits`` length and updates the working state.
+
+Return Values
+-------------
+
+.. list-table::
+   :header-rows: 0
+
+   * - ippStsNoErr
+     - Indicates no error. All single operations executed without errors.
+       Any other value indicates an error.
+   * - ippStsNullPtrErr
+     - ``pRand``, ``pDrbgCtx`` or ``pEntrInputCtx`` is a NULL pointer.
+   * - ippStsContextMatchErr
+     - If the Big Number identifier doesn't match.
+       If the Hash DRBG identifier doesn't match.
+       If the Entropy input context identifier doesn't match.
+   * - ippStsBadArgErr
+     - Prediction resistance is requested but ``predictionResistanceFlag`` has been set to 0 during the initialization of `pDrbgCtx` state.
+       The ``nBits`` exceeds the maximum possible number of bits per request or the maximum possible value.
+       The ``addlInput`` is NULL with non-zero ``addlInputBitsLen``, or the ``addlInput`` is not NULL, but ``addlInputBitsLen`` is 0.
+   * - ippStsOutOfRangeErr
+     - The length of ``addlInput`` exceeds the maximum possible value.
+       The length for the entropy input, passed to the getEntropyInput callback function, is less than the *security strength*
+       or exceeds the length of the entropy input buffer.
+   * - ippStsNotSupportedModeErr
+     - The CPU does not support the ``RDSEED`` and/or ``RDRAND`` instructions.
+   * - ippStsHashOperationErr
+     - An error status code was returned during hashing operations.

doc/source/drbg/hash-drbg-gen-test.rst

@@ -0,0 +1,75 @@
+.. _hash-drbg-gen-test:
+
+ippsHashDRBG_GenTest
+=====================
+
+Tests the ``ippsHashDRBG_Gen`` function on demand.
+
+Syntax
+------
+
+.. code:: cpp
+
+    IppStatus ippsHashDRBG_GenTest(Ipp32u* pRandBuf,
+                                   int nBits,
+                                   IppsHashDRBG_EntropyInputCtx* pEntrInputCtxTempBuf,
+                                   IppsHashDRBGState* pDrbgCtxTempBuf);
+
+Include Files
+-------------
+
+``ippcp.h``
+
+Parameters
+----------
+
+.. list-table::
+   :header-rows: 0
+
+   * - pRandBuf
+     - Pointer to a buffer used to store the output generated during ``ippsHashDRBG_Gen`` testing.
+   * - nBits
+     - Number of bits to be generated to test ``ippsHashDRBG_Gen``.
+   * - pEntrInputCtxTempBuf
+     - Pointer to a temporarily allocated buffer used to store the Entropy input context.
+   * - pDrbgCtxTempBuf
+     - Pointer to a temporarily allocated buffer used to store the Hash DRBG state.
+
+.. note::
+
+   .. rubric:: Important
+      :class: NoteTipHead
+
+   - The ``pRandBuf`` buffer size must be at least 128 bytes (or 1024 bits) in size to
+     accommodate the pseudorandom data that will be generated. However, ``nBits`` must be
+     equal to or less than 1024 bits, which is the maximum number of bits that can be generated.
+   - Separate buffers must be allocated for the Entropy input context and the Hash DRBG state
+     and passed to the ``ippsHashDRBG_GenTest`` function. Otherwise, the working buffers' current
+     state will be corrupted, leading to incorrect pseudorandom number sequences.
+
+Description
+-----------
+
+This function tests the ``ippsHashDRBG_Gen`` function using the minimum security strength, representative
+values for the entropy input, nonce and personalization string, and the requested prediction resistance.
+
+Return Values
+-------------
+
+.. list-table::
+   :header-rows: 0
+
+   * - ippStsNoErr
+     - Indicates no error. All single operations executed without errors.
+       The values used during the test produce the expected results.
+   * - ippStsNullPtrErr
+     - ``pRandBuf``, ``pEntrInputCtxTempBuf``, or ``pDrbgCtxTempBuf`` is a NULL pointer.
+       The pointer to the buffer that contains the entropy input is NULL.
+   * - ippStsContextMatchErr
+     - If the Entropy input context identifier or the Hash DRBG identifier doesn't match.
+   * - ippStsOutOfRangeErr
+     - ``entrInputBufBitsLen < 1``.
+   * - ippStsNotSupportedModeErr
+     - The CPU does not support the ``RDSEED`` and/or ``RDRAND`` instructions.
+   * - ippStsHashOperationErr
+     - An error status code was returned during hashing operations.

doc/source/drbg/hash-drbg-gen.rst

@@ -0,0 +1,89 @@
+.. _hash-drbg-gen:
+
+ippsHashDRBG_Gen
+=================
+
+Generates a pseudorandom unsigned 32-bit integer buffer of the specified bit length.
+
+Syntax
+------
+
+.. code:: cpp
+
+    IppStatus ippsHashDRBG_Gen(Ipp32u* pRand,
+                               int nBits,
+                               const int requestedSecurityStrength,
+                               const int predictionResistanceRequest,
+                               const Ipp8u* addlInput,
+                               const int addlInputBitsLen,
+                               IppsHashDRBG_EntropyInputCtx* pEntrInputCtx,
+                               IppsHashDRBGState* pDrbgCtx);
+
+Include Files
+-------------
+
+``ippcp.h``
+
+Parameters
+----------
+
+.. list-table::
+   :header-rows: 0
+
+   * - pRand
+     - Pointer to the output pseudorandom unsigned integer buffer.
+   * - nBits
+     - Requested number of bits to be generated.
+   * - requestedSecurityStrength
+     - The security strength to be associated with the requested pseudorandom bits.
+   * - predictionResistanceRequest
+     - Indicates whether or not prediction resistance is to be provided during the request
+       (whether or not fresh entropy bits are required).
+   * - addlInput
+     - Pointer to the array containing additional input (optional).
+   * - addlInputBitsLen
+     - Length of the ``addlInput`` in bits (may be zero).
+   * - pEntrInputCtx
+     - Pointer to the Entropy input context.
+       The size is equal to the value returned by ``ippsHashDRBG_EntropyInputCtxGetSize``.
+   * - pDrbgCtx
+     - Pointer to the ``IppsHashDRBGState`` context.
+       Size equals to the value returned by ``ippsHashDRBG_GetSize``.
+
+Description
+-----------
+
+The ``ippsHashDRBG_Gen`` function:
+
+- Calls the reseed function to incorporate fresh entropy when prediction resistance is requested or
+  the Hash DRBG has reached the end of its reseed interval.
+
+- Generates a pseudorandom unsigned integer big number of the specified ``nBits`` length and updates the working state.
+
+Return Values
+-------------
+
+.. list-table::
+   :header-rows: 0
+
+   * - ippStsNoErr
+     - Indicates no error. All single operations executed without errors.
+       Any other value indicates an error.
+   * - ippStsNullPtrErr
+     - ``pRand``, ``pDrbgCtx`` or ``pEntrInputCtx`` is a NULL pointer.
+       The pointer to the buffer that contains the entropy input is NULL.
+   * - ippStsContextMatchErr
+     - If the Hash DRBG identifier doesn't match.
+       If the Entropy input context identifier doesn't match.
+   * - ippStsBadArgErr
+     - Prediction resistance is requested, but ``predictionResistanceFlag`` has been set to 0 during the initialization of `pDrbgCtx` state.
+       The ``nBits`` exceeds the maximum possible number of bits per request or the maximum possible value.
+       The ``addlInput`` is NULL with non-zero ``addlInputBitsLen``, or the ``addlInput`` is not NULL, but ``addlInputBitsLen`` is 0.
+   * - ippStsOutOfRangeErr
+     - The length of the ``addlInput`` exceeds the maximum possible value.
+       The length for the entropy input, passed to the getEntropyInput callback function, is less than the *security strength*
+       or exceeds the length of the entropy input buffer.
+   * - ippStsNotSupportedModeErr
+     - The CPU does not support the ``RDSEED`` and/or ``RDRAND`` instructions.
+   * - ippStsHashOperationErr
+     - An error status code was returned during hashing operations.