Botan
2.1.0
Crypto and TLS for C++11
|
#include <stateful_rng.h>
Public Member Functions | |
virtual void | add_entropy (const uint8_t input[], size_t length)=0 |
template<typename T > | |
void | add_entropy_T (const T &t) |
void | clear () override |
void | force_reseed () |
void | initialize_with (const uint8_t input[], size_t length) |
bool | is_seeded () const overridefinal |
virtual std::string | name () const =0 |
uint8_t | next_byte () |
uint8_t | next_nonzero_byte () |
secure_vector< uint8_t > | random_vec (size_t bytes) |
virtual void | randomize (uint8_t output[], size_t length)=0 |
virtual void | randomize_with_input (uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len) |
void | randomize_with_ts_input (uint8_t output[], size_t output_len) overridefinal |
size_t | reseed (Entropy_Sources &srcs, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS, std::chrono::milliseconds poll_timeout=BOTAN_RNG_RESEED_DEFAULT_TIMEOUT) override |
void | reseed_from_rng (RandomNumberGenerator &rng, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS) overridefinal |
virtual size_t | security_level () const =0 |
Stateful_RNG (RandomNumberGenerator &rng, Entropy_Sources &entropy_sources, size_t reseed_interval) | |
Stateful_RNG (RandomNumberGenerator &rng, size_t reseed_interval) | |
Stateful_RNG (Entropy_Sources &entropy_sources, size_t reseed_interval) | |
Stateful_RNG () | |
Static Public Member Functions | |
static RandomNumberGenerator * | make_rng () |
Protected Member Functions | |
uint32_t | last_pid () const |
void | reseed_check () |
Protected Attributes | |
size_t | m_reseed_counter = 0 |
Inherited by RNGs which maintain in-process state, like HMAC_DRBG. On Unix these RNGs are vulnerable to problems with fork, where the RNG state is duplicated, and the parent and child process RNGs will produce identical output until one of them reseeds. Stateful_RNG reseeds itself whenever a fork is detected, or after a set number of bytes have been output.
Not implemented by RNGs which access an external RNG, such as the system PRNG or a hardware RNG.
Definition at line 25 of file stateful_rng.h.
|
inline |
rng | is a reference to some RNG which will be used to perform the periodic reseeding |
entropy_sources | will be polled to perform reseeding periodically |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed |
Definition at line 35 of file stateful_rng.h.
|
inline |
rng | is a reference to some RNG which will be used to perform the periodic reseeding |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed |
Definition at line 49 of file stateful_rng.h.
|
inline |
entropy_sources | will be polled to perform reseeding periodically |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed |
Definition at line 59 of file stateful_rng.h.
|
inline |
In this case, automatic reseeding is impossible
Definition at line 67 of file stateful_rng.h.
|
pure virtualinherited |
Incorporate some additional data into the RNG state. For example adding nonces or timestamps from a peer's protocol message can help hedge against VM state rollback attacks. A few RNG types do not accept any externally provided input, in which case this function is a no-op.
input | a byte array containg the entropy to be added |
length | the length of the byte array in |
Implemented in Botan::Null_RNG, Botan::HMAC_DRBG, Botan::TPM_RNG, Botan::RDRAND_RNG, Botan::AutoSeeded_RNG, and Botan::System_RNG.
Referenced by Botan::System_RNG::add_entropy(), initialize_with(), Botan::Intel_Rdrand::poll(), Botan::Getentropy::poll(), Botan::Darwin_SecRandom::poll(), Botan::Win32_CAPI_EntropySource::poll(), Botan::Device_EntropySource::poll(), Botan::ProcWalking_EntropySource::poll(), Botan::RandomNumberGenerator::randomize_with_input(), and Botan::RandomNumberGenerator::reseed_from_rng().
|
inlineinherited |
Incorporate some additional data into the RNG state.
Definition at line 60 of file rng.h.
Referenced by Botan::Win32_EntropySource::poll().
|
overridevirtual |
Clear all internally held values of this RNG
Implements Botan::RandomNumberGenerator.
Definition at line 13 of file stateful_rng.cpp.
References m_reseed_counter.
Referenced by Botan::HMAC_DRBG::clear().
void Botan::Stateful_RNG::force_reseed | ( | ) |
Mark state as requiring a reseed on next use
Definition at line 19 of file stateful_rng.cpp.
References m_reseed_counter.
void Botan::Stateful_RNG::initialize_with | ( | const uint8_t | input[], |
size_t | length | ||
) |
Consume this input and mark the RNG as initialized regardless of the length of the input or the current seeded state of the RNG.
Definition at line 29 of file stateful_rng.cpp.
References Botan::RandomNumberGenerator::add_entropy(), m_reseed_counter, and security_level().
|
finaloverridevirtual |
Check whether this RNG is seeded.
Implements Botan::RandomNumberGenerator.
Definition at line 24 of file stateful_rng.cpp.
References m_reseed_counter.
Referenced by reseed_check().
|
inlineprotected |
Definition at line 114 of file stateful_rng.h.
|
staticinherited |
Create a seeded and active RNG object for general application use Added in 1.8.0 Use AutoSeeded_RNG instead
|
pure virtualinherited |
Implemented in Botan::Null_RNG, Botan::HMAC_DRBG, Botan::TPM_RNG, Botan::RDRAND_RNG, Botan::AutoSeeded_RNG, Botan::PKCS11::PKCS11_RNG, and Botan::System_RNG.
Referenced by Botan::System_RNG::name(), and reseed_check().
|
inlineinherited |
Return a random byte
Definition at line 144 of file rng.h.
Referenced by Botan::Blinded_Point_Multiply::blinded_multiply(), and Botan::random_prime().
|
inlineinherited |
|
inlineinherited |
Return a random vector
bytes | number of bytes in the result |
Definition at line 133 of file rng.h.
Referenced by Botan::CECPQ1_accept(), Botan::CECPQ1_offer(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::PK_Decryptor::decrypt_or_random(), Botan::TLS::Session::encrypt(), Botan::KeyPair::encryption_consistency_check(), Botan::generate_bcrypt(), Botan::mceies_encrypt(), Botan::OctetString::OctetString(), Botan::BigInt::randomize(), Botan::TLS::Session_Manager_In_Memory::remove_all(), and Botan::TLS::Session_Manager_SQL::Session_Manager_SQL().
|
pure virtualinherited |
Randomize a byte array.
output | the byte array to hold the random output. |
length | the length of the byte array output in bytes. |
Implemented in Botan::Null_RNG, Botan::HMAC_DRBG, Botan::TPM_RNG, Botan::RDRAND_RNG, Botan::System_RNG, and Botan::AutoSeeded_RNG.
Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), botan_mp_rand_bits(), botan_rng_get(), Botan::CryptoBox::encrypt(), Botan::generate_dsa_primes(), Botan::generate_passhash9(), Botan::TLS::make_hello_random(), Botan::newhope_keygen(), Botan::random_gf2m(), Botan::McEliece_PublicKey::random_plaintext_element(), Botan::System_RNG::randomize(), Botan::RandomNumberGenerator::randomize_with_input(), Botan::RandomNumberGenerator::reseed_from_rng(), Botan::KeyPair::signature_consistency_check(), Botan::RTSS_Share::split(), and Botan::UUID::UUID().
|
virtualinherited |
Incorporate entropy into the RNG state then produce output. Some RNG types implement this using a single operation, default calls add_entropy + randomize in sequence.
Use this to further bind the outputs to your current process/protocol state. For instance if generating a new key for use in a session, include a session ID or other such value. See NIST SP 800-90 A, B, C series for more ideas.
output | buffer to hold the random output |
output_len | size of the output buffer in bytes |
input | entropy buffer to incorporate |
input_len | size of the input buffer in bytes |
Reimplemented in Botan::HMAC_DRBG, and Botan::AutoSeeded_RNG.
Definition at line 30 of file rng.cpp.
References Botan::RandomNumberGenerator::add_entropy(), and Botan::RandomNumberGenerator::randomize().
Referenced by randomize_with_ts_input(), and Botan::RandomNumberGenerator::randomize_with_ts_input().
|
finaloverridevirtual |
Overrides default implementation and also includes the current process ID and the reseed counter.
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 39 of file stateful_rng.cpp.
References Botan::OS::get_high_resolution_clock(), Botan::OS::get_system_timestamp_ns(), m_reseed_counter, Botan::RandomNumberGenerator::randomize_with_input(), and Botan::store_le().
|
overridevirtual |
Poll provided sources for up to poll_bits bits of entropy or until the timeout expires. Returns estimate of the number of bits collected.
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 50 of file stateful_rng.cpp.
References m_reseed_counter, Botan::RandomNumberGenerator::reseed(), and security_level().
Referenced by reseed_check().
|
protected |
Called with lock held
Definition at line 74 of file stateful_rng.cpp.
References BOTAN_ASSERT, Botan::OS::get_process_id(), is_seeded(), m_reseed_counter, Botan::RandomNumberGenerator::name(), reseed(), reseed_from_rng(), and security_level().
Referenced by Botan::HMAC_DRBG::randomize_with_input().
|
finaloverridevirtual |
Reseed by reading specified bits from the RNG
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 64 of file stateful_rng.cpp.
References m_reseed_counter, Botan::RandomNumberGenerator::reseed_from_rng(), and security_level().
Referenced by reseed_check().
|
pure virtual |
Implemented in Botan::HMAC_DRBG.
Referenced by initialize_with(), reseed(), reseed_check(), and reseed_from_rng().
|
protected |
Definition at line 132 of file stateful_rng.h.
Referenced by Botan::HMAC_DRBG::add_entropy(), clear(), force_reseed(), initialize_with(), is_seeded(), randomize_with_ts_input(), reseed(), reseed_check(), and reseed_from_rng().