Botan 2.19.3
Crypto and TLS for C&
|
#include <hmac_drbg.h>
Public Member Functions | |
bool | accepts_input () const override final |
void | add_entropy (const uint8_t input[], size_t input_len) override final |
template<typename T > | |
void | add_entropy_T (const T &t) |
void | clear () override final |
void | force_reseed () |
HMAC_DRBG (const std::string &hmac_hash) | |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf) | |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf, Entropy_Sources &entropy_sources, size_t reseed_interval=BOTAN_RNG_DEFAULT_RESEED_INTERVAL, size_t max_number_of_bytes_per_request=64 *1024) | |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf, RandomNumberGenerator &underlying_rng, Entropy_Sources &entropy_sources, size_t reseed_interval=BOTAN_RNG_DEFAULT_RESEED_INTERVAL, size_t max_number_of_bytes_per_request=64 *1024) | |
HMAC_DRBG (std::unique_ptr< MessageAuthenticationCode > prf, RandomNumberGenerator &underlying_rng, size_t reseed_interval=BOTAN_RNG_DEFAULT_RESEED_INTERVAL, size_t max_number_of_bytes_per_request=64 *1024) | |
void | initialize_with (const uint8_t input[], size_t length) |
bool | is_seeded () const override final |
size_t | max_number_of_bytes_per_request () const override |
std::string | name () const override |
uint8_t | next_byte () |
uint8_t | next_nonzero_byte () |
secure_vector< uint8_t > | random_vec (size_t bytes) |
template<typename Alloc > | |
void | random_vec (std::vector< uint8_t, Alloc > &v, size_t bytes) |
void | randomize (uint8_t output[], size_t output_len) override final |
void | randomize_with_input (uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len) override final |
void | randomize_with_ts_input (uint8_t output[], size_t output_len) override final |
size_t | reseed (Entropy_Sources &srcs, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS, std::chrono::milliseconds poll_timeout=BOTAN_RNG_RESEED_DEFAULT_TIMEOUT) override |
void | reseed_from_rng (RandomNumberGenerator &rng, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS) override final |
size_t | reseed_interval () const |
size_t | security_level () const override |
Static Public Member Functions | |
static RandomNumberGenerator * | make_rng () |
Protected Member Functions | |
void | reseed_check () |
HMAC_DRBG from NIST SP800-90A
Definition at line 21 of file hmac_drbg.h.
|
explicit |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding is disabled completely, as it has no access to any source for seed material.
If a fork is detected, the RNG will be unable to reseed itself in response. In this case, an exception will be thrown rather than generating duplicated output.
Definition at line 101 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, and Botan::Stateful_RNG::clear().
|
explicit |
Constructor taking a string for the hash
Definition at line 111 of file hmac_drbg.cpp.
References Botan::Stateful_RNG::clear().
Botan::HMAC_DRBG::HMAC_DRBG | ( | std::unique_ptr< MessageAuthenticationCode > | prf, |
RandomNumberGenerator & | underlying_rng, | ||
size_t | reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL , |
||
size_t | max_number_of_bytes_per_request = 64 * 1024 |
||
) |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding from underlying_rng
will take place after reseed_interval
many requests or after a fork was detected.
prf | MAC to use as a PRF |
underlying_rng | is a reference to some RNG which will be used to perform the periodic reseeding |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed (max. 2^24) |
max_number_of_bytes_per_request | requests that are in size higher than max_number_of_bytes_per_request are treated as if multiple single requests of max_number_of_bytes_per_request size had been made. In theory SP 800-90A requires that we reject any request for a DRBG output longer than max_number_of_bytes_per_request. To avoid inconveniencing the caller who wants an output larger than max_number_of_bytes_per_request, instead treat these requests as if multiple requests of max_number_of_bytes_per_request size had been made. NIST requires for HMAC_DRBG that every implementation set a value no more than 2**19 bits (or 64 KiB). Together with reseed_interval = 1 you can enforce that for example every 512 bit automatic reseeding occurs. |
Definition at line 52 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, Botan::Stateful_RNG::clear(), max_number_of_bytes_per_request(), and Botan::Stateful_RNG::reseed_interval().
Botan::HMAC_DRBG::HMAC_DRBG | ( | std::unique_ptr< MessageAuthenticationCode > | prf, |
Entropy_Sources & | entropy_sources, | ||
size_t | reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL , |
||
size_t | max_number_of_bytes_per_request = 64 * 1024 |
||
) |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding from entropy_sources
will take place after reseed_interval
many requests or after a fork was detected.
prf | MAC to use as a PRF |
entropy_sources | will be polled to perform reseeding periodically |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed (max. 2^24) |
max_number_of_bytes_per_request | requests that are in size higher than max_number_of_bytes_per_request are treated as if multiple single requests of max_number_of_bytes_per_request size had been made. In theory SP 800-90A requires that we reject any request for a DRBG output longer than max_number_of_bytes_per_request. To avoid inconveniencing the caller who wants an output larger than max_number_of_bytes_per_request, instead treat these requests as if multiple requests of max_number_of_bytes_per_request size had been made. NIST requires for HMAC_DRBG that every implementation set a value no more than 2**19 bits (or 64 KiB). Together with reseed_interval = 1 you can enforce that for example every 512 bit automatic reseeding occurs. |
Definition at line 85 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, Botan::Stateful_RNG::clear(), max_number_of_bytes_per_request(), and Botan::Stateful_RNG::reseed_interval().
Botan::HMAC_DRBG::HMAC_DRBG | ( | std::unique_ptr< MessageAuthenticationCode > | prf, |
RandomNumberGenerator & | underlying_rng, | ||
Entropy_Sources & | entropy_sources, | ||
size_t | reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL , |
||
size_t | max_number_of_bytes_per_request = 64 * 1024 |
||
) |
Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
Automatic reseeding from underlying_rng
and entropy_sources
will take place after reseed_interval
many requests or after a fork was detected.
prf | MAC to use as a PRF |
underlying_rng | is a reference to some RNG which will be used to perform the periodic reseeding |
entropy_sources | will be polled to perform reseeding periodically |
reseed_interval | specifies a limit of how many times the RNG will be called before automatic reseeding is performed (max. 2^24) |
max_number_of_bytes_per_request | requests that are in size higher than max_number_of_bytes_per_request are treated as if multiple single requests of max_number_of_bytes_per_request size had been made. In theory SP 800-90A requires that we reject any request for a DRBG output longer than max_number_of_bytes_per_request. To avoid inconveniencing the caller who wants an output larger than max_number_of_bytes_per_request, instead treat these requests as if multiple requests of max_number_of_bytes_per_request size had been made. NIST requires for HMAC_DRBG that every implementation set a value no more than 2**19 bits (or 64 KiB). Together with reseed_interval = 1 you can enforce that for example every 512 bit automatic reseeding occurs. |
Definition at line 68 of file hmac_drbg.cpp.
References BOTAN_ASSERT_NONNULL, Botan::Stateful_RNG::clear(), max_number_of_bytes_per_request(), and Botan::Stateful_RNG::reseed_interval().
|
inlinefinaloverridevirtualinherited |
Returns false if it is known that this RNG object is not able to accept externally provided inputs (via add_entropy, randomize_with_input, etc). In this case, any such provided inputs are ignored.
If this function returns true, then inputs may or may not be accepted.
Implements Botan::RandomNumberGenerator.
Definition at line 79 of file stateful_rng.h.
|
finaloverridevirtualinherited |
Incorporate some additional data into the RNG state. For example adding nonces or timestamps from a peer's protocol message can help hedge against VM state rollback attacks. A few RNG types do not accept any externally provided input, in which case this function is a no-op.
input | a byte array containg the entropy to be added |
length | the length of the byte array in |
Implements Botan::RandomNumberGenerator.
Definition at line 37 of file stateful_rng.cpp.
References Botan::Stateful_RNG::security_level(), and update.
Referenced by Botan::ChaCha_RNG::ChaCha_RNG(), and Botan::Stateful_RNG::initialize_with().
|
inlineinherited |
Incorporate some additional data into the RNG state.
Definition at line 69 of file rng.h.
References T.
Referenced by Botan::Win32_EntropySource::poll().
|
finaloverridevirtualinherited |
Clear all internally held values of this RNG
Implements Botan::RandomNumberGenerator.
Definition at line 17 of file stateful_rng.cpp.
References Botan::Stateful_RNG::clear_state().
Referenced by Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::ChaCha_RNG::ChaCha_RNG(), HMAC_DRBG(), HMAC_DRBG(), HMAC_DRBG(), HMAC_DRBG(), HMAC_DRBG(), and Botan::Stateful_RNG::initialize_with().
|
inherited |
Mark state as requiring a reseed on next use
Definition at line 25 of file stateful_rng.cpp.
|
inherited |
Consume this input and mark the RNG as initialized regardless of the length of the input or the current seeded state of the RNG.
Definition at line 49 of file stateful_rng.cpp.
References Botan::Stateful_RNG::add_entropy(), and Botan::Stateful_RNG::clear().
|
finaloverridevirtualinherited |
Check whether this RNG is seeded.
Implements Botan::RandomNumberGenerator.
Definition at line 31 of file stateful_rng.cpp.
Referenced by Botan::Stateful_RNG::reseed_check().
|
staticinherited |
Create a seeded and active RNG object for general application use Added in 1.8.0 Use AutoSeeded_RNG instead
Definition at line 69 of file rng.cpp.
|
inlineoverridevirtual |
Some DRBGs have a notion of the maximum number of bytes per request. Longer requests (to randomize) will be treated as multiple requests, and may initiate reseeding multiple times, depending on the values of max_number_of_bytes_per_request and reseed_interval(). This function returns zero if the RNG in question does not have such a notion.
Implements Botan::Stateful_RNG.
Definition at line 131 of file hmac_drbg.h.
Referenced by HMAC_DRBG(), HMAC_DRBG(), and HMAC_DRBG().
|
overridevirtual |
Implements Botan::RandomNumberGenerator.
Definition at line 133 of file hmac_drbg.cpp.
|
inlineinherited |
Return a random byte
Definition at line 161 of file rng.h.
Referenced by Botan::random_prime().
|
inlineinherited |
Definition at line 171 of file rng.h.
Referenced by Botan::EME_PKCS1v15::pad().
|
inlineinherited |
Return a random vector
bytes | number of bytes in the result |
Definition at line 143 of file rng.h.
Referenced by Botan::CECPQ1_accept(), Botan::CECPQ1_offer(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::PK_Decryptor::decrypt_or_random(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), Botan::TLS::Session::encrypt(), Botan::KeyPair::encryption_consistency_check(), Botan::generate_bcrypt(), Botan::mceies_encrypt(), Botan::OctetString::OctetString(), Botan::BigInt::randomize(), Botan::TLS::Session_Manager_In_Memory::remove_all(), and Botan::TLS::Session_Manager_SQL::Session_Manager_SQL().
|
inlineinherited |
|
finaloverridevirtualinherited |
Randomize a byte array.
output | the byte array to hold the random output. |
length | the length of the byte array output in bytes. |
Implements Botan::RandomNumberGenerator.
Definition at line 57 of file stateful_rng.cpp.
References Botan::Stateful_RNG::randomize_with_input().
|
finaloverridevirtualinherited |
Incorporate entropy into the RNG state then produce output. Some RNG types implement this using a single operation, default calls add_entropy + randomize in sequence.
Use this to further bind the outputs to your current process/protocol state. For instance if generating a new key for use in a session, include a session ID or other such value. See NIST SP 800-90 A, B, C series for more ideas.
output | buffer to hold the random output |
output_len | size of the output buffer in bytes |
input | entropy buffer to incorporate |
input_len | size of the input buffer in bytes |
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 79 of file stateful_rng.cpp.
References Botan::Stateful_RNG::generate_output(), Botan::Stateful_RNG::max_number_of_bytes_per_request(), and Botan::Stateful_RNG::reseed_check().
Referenced by Botan::Stateful_RNG::randomize(), and Botan::Stateful_RNG::randomize_with_ts_input().
|
finaloverridevirtualinherited |
Overrides default implementation and also includes the current process ID and the reseed counter.
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 62 of file stateful_rng.cpp.
References Botan::OS::get_high_resolution_clock(), Botan::OS::get_process_id(), Botan::OS::get_system_timestamp_ns(), Botan::RandomNumberGenerator::randomize(), Botan::Stateful_RNG::randomize_with_input(), Botan::store_le(), and Botan::system_rng().
|
overridevirtualinherited |
Poll provided sources for up to poll_bits bits of entropy or until the timeout expires. Returns estimate of the number of bits collected.
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 116 of file stateful_rng.cpp.
References Botan::RandomNumberGenerator::reseed(), and Botan::Stateful_RNG::security_level().
Referenced by Botan::Stateful_RNG::reseed_check().
|
protectedinherited |
Definition at line 150 of file stateful_rng.cpp.
References BOTAN_ASSERT, Botan::OS::get_process_id(), Botan::Stateful_RNG::is_seeded(), Botan::RandomNumberGenerator::name(), Botan::Stateful_RNG::reseed(), Botan::Stateful_RNG::reseed_from_rng(), and Botan::Stateful_RNG::security_level().
Referenced by Botan::Stateful_RNG::randomize_with_input().
|
finaloverridevirtualinherited |
Reseed by reading specified bits from the RNG
Reimplemented from Botan::RandomNumberGenerator.
Definition at line 132 of file stateful_rng.cpp.
References Botan::RandomNumberGenerator::reseed_from_rng(), and Botan::Stateful_RNG::security_level().
Referenced by Botan::Stateful_RNG::reseed_check().
|
inlineinherited |
Definition at line 128 of file stateful_rng.h.
Referenced by HMAC_DRBG(), HMAC_DRBG(), and HMAC_DRBG().
|
overridevirtual |
Implements Botan::Stateful_RNG.
Definition at line 193 of file hmac_drbg.cpp.