Botan
2.1.0
Crypto and TLS for C++11
|
#include <hmac_drbg.h>
Public Member Functions | |
void | add_entropy (const uint8_t input[], size_t input_len) override |
template<typename T > | |
void | add_entropy_T (const T &t) |
void | clear () override |
void | force_reseed () |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf) | |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf, RandomNumberGenerator &underlying_rng, size_t reseed_interval=BOTAN_RNG_DEFAULT_RESEED_INTERVAL, size_t max_number_of_bytes_per_request=64 *1024) | |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf, Entropy_Sources &entropy_sources, size_t reseed_interval=BOTAN_RNG_DEFAULT_RESEED_INTERVAL, size_t max_number_of_bytes_per_request=64 *1024) | |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf, RandomNumberGenerator &underlying_rng, Entropy_Sources &entropy_sources, size_t reseed_interval=BOTAN_RNG_DEFAULT_RESEED_INTERVAL, size_t max_number_of_bytes_per_request=64 *1024) | |
HMAC_DRBG (const std::string &hmac_hash) | |
void | initialize_with (const uint8_t input[], size_t length) |
bool | is_seeded () const overridefinal |
std::string | name () const override |
uint8_t | next_byte () |
uint8_t | next_nonzero_byte () |
secure_vector< uint8_t > | random_vec (size_t bytes) |
void | randomize (uint8_t output[], size_t output_len) override |
void | randomize_with_input (uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len) override |
void | randomize_with_ts_input (uint8_t output[], size_t output_len) overridefinal |
size_t | reseed (Entropy_Sources &srcs, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS, std::chrono::milliseconds poll_timeout=BOTAN_RNG_RESEED_DEFAULT_TIMEOUT) override |
void | reseed_from_rng (RandomNumberGenerator &rng, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS) overridefinal |
size_t | security_level () const override |
Static Public Member Functions | |
static RandomNumberGenerator * | make_rng () |
Protected Member Functions | |
uint32_t | last_pid () const |
void | reseed_check () |
Protected Attributes | |
size_t | m_reseed_counter = 0 |
HMAC_DRBG from NIST SP800-90A
Definition at line 21 of file hmac_drbg.h.
Botan::HMAC_DRBG::HMAC_DRBG | ( | std::unique_ptr< MessageAuthenticationCode > | prf | ) |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding is disabled completely, as it has no access to any source for seed material.
If a fork is detected, the RNG will be unable to reseed itself in response. In this case, an exception will be thrown rather than generating duplicated output.
Definition at line 68 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, and clear().
Botan::HMAC_DRBG::HMAC_DRBG | ( | std::unique_ptr< MessageAuthenticationCode > | prf, |
RandomNumberGenerator & | underlying_rng, | ||
size_t | reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL , |
||
size_t | max_number_of_bytes_per_request = 64 * 1024 |
||
) |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding from underlying_rng
will take place after reseed_interval
many requests or after a fork was detected.
prf | MAC to use as a PRF |
underlying_rng | is a reference to some RNG which will be used to perform the periodic reseeding |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed |
max_number_of_bytes_per_request | requests that are in size higher than max_number_of_bytes_per_request are treated as if multiple single requests of max_number_of_bytes_per_request size had been made. In theory SP 800-90A requires that we reject any request for a DRBG output longer than max_number_of_bytes_per_request. To avoid inconveniencing the caller who wants an output larger than max_number_of_bytes_per_request, instead treat these requests as if multiple requests of max_number_of_bytes_per_request size had been made. NIST requires for HMAC_DRBG that every implementation set a value no more than 2**19 bits (or 64 KiB). Together with reseed_interval = 1 you can enforce that for example every 512 bit automatic reseeding occurs. |
Definition at line 13 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, and clear().
Botan::HMAC_DRBG::HMAC_DRBG | ( | std::unique_ptr< MessageAuthenticationCode > | prf, |
Entropy_Sources & | entropy_sources, | ||
size_t | reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL , |
||
size_t | max_number_of_bytes_per_request = 64 * 1024 |
||
) |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding from entropy_sources
will take place after reseed_interval
many requests or after a fork was detected.
prf | MAC to use as a PRF |
entropy_sources | will be polled to perform reseeding periodically |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed. |
max_number_of_bytes_per_request | requests that are in size higher than max_number_of_bytes_per_request are treated as if multiple single requests of max_number_of_bytes_per_request size had been made. In theory SP 800-90A requires that we reject any request for a DRBG output longer than max_number_of_bytes_per_request. To avoid inconveniencing the caller who wants an output larger than max_number_of_bytes_per_request, instead treat these requests as if multiple requests of max_number_of_bytes_per_request size had been made. NIST requires for HMAC_DRBG that every implementation set a value no more than 2**19 bits (or 64 KiB). Together with reseed_interval = 1 you can enforce that for example every 512 bit automatic reseeding occurs. |
Definition at line 50 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, and clear().
Botan::HMAC_DRBG::HMAC_DRBG | ( | std::unique_ptr< MessageAuthenticationCode > | prf, |
RandomNumberGenerator & | underlying_rng, | ||
Entropy_Sources & | entropy_sources, | ||
size_t | reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL , |
||
size_t | max_number_of_bytes_per_request = 64 * 1024 |
||
) |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding from underlying_rng
and entropy_sources
will take place after reseed_interval
many requests or after a fork was detected.
prf | MAC to use as a PRF |
underlying_rng | is a reference to some RNG which will be used to perform the periodic reseeding |
entropy_sources | will be polled to perform reseeding periodically |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed. |
max_number_of_bytes_per_request | requests that are in size higher than max_number_of_bytes_per_request are treated as if multiple single requests of max_number_of_bytes_per_request size had been made. In theory SP 800-90A requires that we reject any request for a DRBG output longer than max_number_of_bytes_per_request. To avoid inconveniencing the caller who wants an output larger than max_number_of_bytes_per_request, instead treat these requests as if multiple requests of max_number_of_bytes_per_request size had been made. NIST requires for HMAC_DRBG that every implementation set a value no more than 2**19 bits (or 64 KiB). Together with reseed_interval = 1 you can enforce that for example every 512 bit automatic reseeding occurs. |
Definition at line 31 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, and clear().
|
inline |
Constructor taking a string for the hash
Definition at line 125 of file hmac_drbg.h.
|
overridevirtual |
Incorporate some additional data into the RNG state. For example adding nonces or timestamps from a peer's protocol message can help hedge against VM state rollback attacks. A few RNG types do not accept any externally provided input, in which case this function is a no-op.
input | a byte array containg the entropy to be added |
length | the length of the byte array in |
Implements Botan::RandomNumberGenerator.
Definition at line 158 of file hmac_drbg.cpp.
References Botan::Stateful_RNG::m_reseed_counter, and security_level().
|
inlineinherited |
Incorporate some additional data into the RNG state.
Definition at line 60 of file rng.h.
Referenced by Botan::Win32_EntropySource::poll().
|
overridevirtual |
Clear all internally held values of this RNG
Implements Botan::RandomNumberGenerator.
Definition at line 77 of file hmac_drbg.cpp.
References Botan::Stateful_RNG::clear().
Referenced by HMAC_DRBG().
|
inherited |
Mark state as requiring a reseed on next use
Definition at line 19 of file stateful_rng.cpp.
References Botan::Stateful_RNG::m_reseed_counter.
|
inherited |
Consume this input and mark the RNG as initialized regardless of the length of the input or the current seeded state of the RNG.
Definition at line 29 of file stateful_rng.cpp.
References Botan::RandomNumberGenerator::add_entropy(), Botan::Stateful_RNG::m_reseed_counter, and Botan::Stateful_RNG::security_level().
|
finaloverridevirtualinherited |
Check whether this RNG is seeded.
Implements Botan::RandomNumberGenerator.
Definition at line 24 of file stateful_rng.cpp.
References Botan::Stateful_RNG::m_reseed_counter.
Referenced by Botan::Stateful_RNG::reseed_check().
|
inlineprotectedinherited |
Definition at line 114 of file stateful_rng.h.
|
staticinherited |
Create a seeded and active RNG object for general application use Added in 1.8.0 Use AutoSeeded_RNG instead
|
overridevirtual |
Implements Botan::RandomNumberGenerator.
Definition at line 87 of file hmac_drbg.cpp.
|
inlineinherited |
Return a random byte
Definition at line 144 of file rng.h.
Referenced by Botan::Blinded_Point_Multiply::blinded_multiply(), and Botan::random_prime().
|
inlineinherited |
|
inlineinherited |
Return a random vector
bytes | number of bytes in the result |
Definition at line 133 of file rng.h.
Referenced by Botan::CECPQ1_accept(), Botan::CECPQ1_offer(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::PK_Decryptor::decrypt_or_random(), Botan::TLS::Session::encrypt(), Botan::KeyPair::encryption_consistency_check(), Botan::generate_bcrypt(), Botan::mceies_encrypt(), Botan::OctetString::OctetString(), Botan::BigInt::randomize(), Botan::TLS::Session_Manager_In_Memory::remove_all(), and Botan::TLS::Session_Manager_SQL::Session_Manager_SQL().
|
overridevirtual |
Randomize a byte array.
output | the byte array to hold the random output. |
length | the length of the byte array output in bytes. |
Implements Botan::RandomNumberGenerator.
Definition at line 92 of file hmac_drbg.cpp.
References randomize_with_input().
|
overridevirtual |
Incorporate entropy into the RNG state then produce output. Some RNG types implement this using a single operation, default calls add_entropy + randomize in sequence.
Use this to further bind the outputs to your current process/protocol state. For instance if generating a new key for use in a session, include a session ID or other such value. See NIST SP 800-90 A, B, C series for more ideas.
output | buffer to hold the random output |
output_len | size of the output buffer in bytes |
input | entropy buffer to incorporate |
input_len | size of the input buffer in bytes |
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 101 of file hmac_drbg.cpp.
References Botan::copy_mem(), Botan::CT::min(), and Botan::Stateful_RNG::reseed_check().
Referenced by randomize().
|
finaloverridevirtualinherited |
Overrides default implementation and also includes the current process ID and the reseed counter.
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 39 of file stateful_rng.cpp.
References Botan::OS::get_high_resolution_clock(), Botan::OS::get_system_timestamp_ns(), Botan::Stateful_RNG::m_reseed_counter, Botan::RandomNumberGenerator::randomize_with_input(), and Botan::store_le().
|
overridevirtualinherited |
Poll provided sources for up to poll_bits bits of entropy or until the timeout expires. Returns estimate of the number of bits collected.
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 50 of file stateful_rng.cpp.
References Botan::Stateful_RNG::m_reseed_counter, Botan::RandomNumberGenerator::reseed(), and Botan::Stateful_RNG::security_level().
Referenced by Botan::Stateful_RNG::reseed_check().
|
protectedinherited |
Called with lock held
Definition at line 74 of file stateful_rng.cpp.
References BOTAN_ASSERT, Botan::OS::get_process_id(), Botan::Stateful_RNG::is_seeded(), Botan::Stateful_RNG::m_reseed_counter, Botan::RandomNumberGenerator::name(), Botan::Stateful_RNG::reseed(), Botan::Stateful_RNG::reseed_from_rng(), and Botan::Stateful_RNG::security_level().
Referenced by randomize_with_input().
|
finaloverridevirtualinherited |
Reseed by reading specified bits from the RNG
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 64 of file stateful_rng.cpp.
References Botan::Stateful_RNG::m_reseed_counter, Botan::RandomNumberGenerator::reseed_from_rng(), and Botan::Stateful_RNG::security_level().
Referenced by Botan::Stateful_RNG::reseed_check().
|
overridevirtual |
Implements Botan::Stateful_RNG.
Definition at line 168 of file hmac_drbg.cpp.
Referenced by add_entropy().
|
protectedinherited |
Definition at line 132 of file stateful_rng.h.
Referenced by add_entropy(), Botan::Stateful_RNG::clear(), Botan::Stateful_RNG::force_reseed(), Botan::Stateful_RNG::initialize_with(), Botan::Stateful_RNG::is_seeded(), Botan::Stateful_RNG::randomize_with_ts_input(), Botan::Stateful_RNG::reseed(), Botan::Stateful_RNG::reseed_check(), and Botan::Stateful_RNG::reseed_from_rng().