Botan 3.0.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Null_RNG Class Referencefinal

#include <rng.h>

Inheritance diagram for Botan::Null_RNG:
Botan::RandomNumberGenerator

Public Member Functions

bool accepts_input () const override
 
void add_entropy (const uint8_t input[], size_t length)
 
void add_entropy (std::span< const uint8_t > input)
 
template<typename T >
requires std::is_standard_layout<T>
void add_entropy_T (const T &t)
 
void clear () override
 
bool is_seeded () const override
 
std::string name () const override
 
uint8_t next_byte ()
 
uint8_t next_nonzero_byte ()
 
template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
requires concepts::default_initializable<T>
T random_vec (size_t bytes)
 
void random_vec (std::span< uint8_t > v)
 
template<concepts::resizable_byte_buffer T>
void random_vec (T &v, size_t bytes)
 
void randomize (std::span< uint8_t > output)
 
void randomize (uint8_t output[], size_t length)
 
void randomize_with_input (uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len)
 
void randomize_with_ts_input (std::span< uint8_t > output)
 
void randomize_with_ts_input (uint8_t output[], size_t output_len)
 
virtual size_t reseed (Entropy_Sources &srcs, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS, std::chrono::milliseconds poll_timeout=BOTAN_RNG_RESEED_DEFAULT_TIMEOUT)
 
virtual void reseed_from_rng (RandomNumberGenerator &rng, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS)
 

Detailed Description

Null/stub RNG - fails if you try to use it for anything This is not generally useful except for in certain tests

Definition at line 276 of file rng.h.

Member Function Documentation

◆ accepts_input()

bool Botan::Null_RNG::accepts_input ( ) const
inlineoverridevirtual

Returns false if it is known that this RNG object is not able to accept externally provided inputs (via add_entropy, randomize_with_input, etc). In this case, any such provided inputs are ignored.

If this function returns true, then inputs may or may not be accepted.

Implements Botan::RandomNumberGenerator.

Definition at line 281 of file rng.h.

281{ return false; }

◆ add_entropy() [1/2]

void Botan::RandomNumberGenerator::add_entropy ( const uint8_t  input[],
size_t  length 
)
inlineinherited

Definition at line 78 of file rng.h.

79 { this->add_entropy(std::span(input, length)); }
Botan::RandomNumberGenerator::add_entropy
void add_entropy(std::span< const uint8_t > input)
Definition: rng.h:77

◆ add_entropy() [2/2]

void Botan::RandomNumberGenerator::add_entropy ( std::span< const uint8_t >  input)
inlineinherited

Incorporate some additional data into the RNG state. For example adding nonces or timestamps from a peer's protocol message can help hedge against VM state rollback attacks. A few RNG types do not accept any externally provided input, in which case this function is a no-op.

Parameters
inputa byte array containing the entropy to be added
Exceptions
Exceptionmay throw if the RNG accepts input, but adding the entropy failed.

Definition at line 77 of file rng.h.

77{ this->fill_bytes_with_input({}, input); }
Botan::RandomNumberGenerator::fill_bytes_with_input
virtual void fill_bytes_with_input(std::span< uint8_t > output, std::span< const uint8_t > input)=0

Referenced by Botan::ChaCha_RNG::ChaCha_RNG(), Botan::Stateful_RNG::initialize_with(), Botan::Getentropy::poll(), Botan::Intel_Rdseed::poll(), and Botan::RandomNumberGenerator::reseed_from_rng().

◆ add_entropy_T()

template<typename T >
requires std::is_standard_layout<T>
void Botan::RandomNumberGenerator::add_entropy_T ( const T t)
inlineinherited

Incorporate some additional data into the RNG state. Incorporate entropy into the RNG state then produce output. Some RNG types implement this using a single operation, default calls add_entropy + randomize in sequence.

Use this to further bind the outputs to your current process/protocol state. For instance if generating a new key for use in a session, include a session ID or other such value. See NIST SP 800-90 A, B, C series for more ideas.

Parameters
outputbuffer to hold the random output
inputentropy buffer to incorporate
Exceptions
PRNG_Unseededif the RNG fails because it has not enough entropy
Exceptionif the RNG fails
Exceptionmay throw if the RNG accepts input, but adding the entropy failed.

Definition at line 84 of file rng.h.

86 {
87 this->add_entropy(reinterpret_cast<const uint8_t*>(&t), sizeof(T));
88 }
89
90 /**
91 * Incorporate entropy into the RNG state then produce output.
92 * Some RNG types implement this using a single operation, default
93 * calls add_entropy + randomize in sequence.
94 *
95 * Use this to further bind the outputs to your current
96 * process/protocol state. For instance if generating a new key
97 * for use in a session, include a session ID or other such
98 * value. See NIST SP 800-90 A, B, C series for more ideas.
99 *
100 * @param output buffer to hold the random output
101 * @param input entropy buffer to incorporate
102 * @throws PRNG_Unseeded if the RNG fails because it has not enough entropy
103 * @throws Exception if the RNG fails
104 * @throws Exception may throw if the RNG accepts input, but adding the entropy failed.
105 */
106 void randomize_with_input(std::span<uint8_t> output, std::span<const uint8_t> input)
107 { this->fill_bytes_with_input(output, input); }
Botan::RandomNumberGenerator::randomize_with_input
void randomize_with_input(uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len)
Definition: rng.h:108
T
FE_25519 T
Definition: ge.cpp:36

References T.

Referenced by Botan::Win32_EntropySource::poll().

◆ clear()

void Botan::Null_RNG::clear ( )
inlineoverridevirtual

Clear all internally held values of this RNG

Postcondition
is_seeded() == false if the RNG has an internal state that can be cleared.

Implements Botan::RandomNumberGenerator.

Definition at line 283 of file rng.h.

283{}

◆ is_seeded()

bool Botan::Null_RNG::is_seeded ( ) const
inlineoverridevirtual

Check whether this RNG is seeded.

Returns
true if this RNG was already seeded, false otherwise.

Implements Botan::RandomNumberGenerator.

Definition at line 279 of file rng.h.

279{ return false; }

◆ name()

std::string Botan::Null_RNG::name ( ) const
inlineoverridevirtual
Returns
the name of this RNG type

Implements Botan::RandomNumberGenerator.

Definition at line 285 of file rng.h.

285{ return "Null_RNG"; }

◆ next_byte()

uint8_t Botan::RandomNumberGenerator::next_byte ( )
inlineinherited

Return a random byte

Returns
random byte
Exceptions
PRNG_Unseededif the RNG fails because it has not enough entropy
Exceptionif the RNG fails

Definition at line 219 of file rng.h.

220 {
221 uint8_t b;
222 this->fill_bytes_with_input(std::span(&b, 1), {});
223 return b;
224 }

Referenced by Botan::random_prime().

◆ next_nonzero_byte()

uint8_t Botan::RandomNumberGenerator::next_nonzero_byte ( )
inlineinherited
Returns
a random byte that is greater than zero
Exceptions
PRNG_Unseededif the RNG fails because it has not enough entropy
Exceptionif the RNG fails

Definition at line 231 of file rng.h.

232 {
233 uint8_t b = this->next_byte();
234 while(b == 0)
235 b = this->next_byte();
236 return b;
237 }

Referenced by Botan::EME_PKCS1v15::pad().

◆ random_vec() [1/3]

template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>>
requires concepts::default_initializable<T>
T Botan::RandomNumberGenerator::random_vec ( size_t  bytes)
inlineinherited

Create some byte container type and fill it with some random bytes.

Template Parameters
Tthe desired byte container type (e.g std::vector<uint8_t>)
Parameters
bytesnumber of random bytes to initialize the container with
Returns
a container of type T with bytes random bytes
Exceptions
Exceptionif RNG or memory allocation fails

Definition at line 206 of file rng.h.

207 {
208 T result;
209 random_vec(result, bytes);
210 return result;
211 }
Botan::RandomNumberGenerator::random_vec
void random_vec(std::span< uint8_t > v)
Definition: rng.h:178

References T.

◆ random_vec() [2/3]

void Botan::RandomNumberGenerator::random_vec ( std::span< uint8_t >  v)
inlineinherited

Fill a given byte container with bytes random bytes

Todo:
deprecate this overload (in favor of randomize())
Parameters
vthe container to be filled with bytes random bytes
Exceptions
Exceptionif RNG fails

Definition at line 178 of file rng.h.

179 { this->randomize(v); }
Botan::RandomNumberGenerator::randomize
void randomize(std::span< uint8_t > output)
Definition: rng.h:53

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::PK_Decryptor::decrypt_or_random(), Botan::Dilithium_PrivateKey::Dilithium_PrivateKey(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), Botan::TLS::Session::encrypt(), Botan::KeyPair::encryption_consistency_check(), Botan::generate_bcrypt(), Botan::Kyber_PrivateKey::Kyber_PrivateKey(), Botan::TLS::make_hello_random(), Botan::OctetString::OctetString(), Botan::BigInt::randomize(), and Botan::RandomNumberGenerator::reseed_from_rng().

◆ random_vec() [3/3]

template<concepts::resizable_byte_buffer T>
void Botan::RandomNumberGenerator::random_vec ( T v,
size_t  bytes 
)
inlineinherited

Resize a given byte container to bytes and fill it with random bytes

Template Parameters
Tthe desired byte container type (e.g std::vector<uint8_t>)
Parameters
vthe container to be filled with bytes random bytes
bytesnumber of random bytes to initialize the container with
Exceptions
Exceptionif RNG or memory allocation fails

Definition at line 190 of file rng.h.

191 {
192 v.resize(bytes);
193 random_vec(v);
194 }

◆ randomize() [1/2]

void Botan::RandomNumberGenerator::randomize ( std::span< uint8_t >  output)
inlineinherited

Randomize a byte array.

May block shortly if e.g. the RNG is not yet initialized or a retry because of insufficient entropy is needed.

Parameters
outputthe byte array to hold the random output.
Exceptions
PRNG_Unseededif the RNG fails because it has not enough entropy
Exceptionif the RNG fails

Definition at line 53 of file rng.h.

54 { this->fill_bytes_with_input(output, {}); }

Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::argon2_generate_pwhash(), botan_system_rng_get(), Botan::CryptoBox::encrypt(), Botan::generate_dsa_primes(), Botan::generate_passhash9(), Botan::Roughtime::Nonce::Nonce(), Botan::EME_PKCS1v15::pad(), Botan::random_gf2m(), Botan::McEliece_PublicKey::random_plaintext_element(), Botan::random_prime(), Botan::Sodium::randombytes_buf(), Botan::RandomNumberGenerator::randomize_with_ts_input(), Botan::KeyPair::signature_consistency_check(), Botan::RTSS_Share::split(), and Botan::UUID::UUID().

◆ randomize() [2/2]

void Botan::RandomNumberGenerator::randomize ( uint8_t  output[],
size_t  length 
)
inlineinherited

Definition at line 55 of file rng.h.

56 { this->randomize(std::span(output, length)); }

◆ randomize_with_input()

void Botan::RandomNumberGenerator::randomize_with_input ( uint8_t  output[],
size_t  output_len,
const uint8_t  input[],
size_t  input_len 
)
inlineinherited

Definition at line 108 of file rng.h.

110 { this->randomize_with_input(std::span(output, output_len), std::span(input, input_len)); }

Referenced by Botan::System_RNG::fill_bytes_with_input().

◆ randomize_with_ts_input() [1/2]

void Botan::RandomNumberGenerator::randomize_with_ts_input ( std::span< uint8_t >  output)
inherited

This calls randomize_with_input using some timestamps as extra input.

For a stateful RNG using non-random but potentially unique data the extra input can help protect against problems with fork, VM state rollback, or other cases where somehow an RNG state is duplicated. If both of the duplicated RNG states later incorporate a timestamp (and the timestamps don't themselves repeat), their outputs will diverge.

Parameters
outputbuffer to hold the random output
Exceptions
PRNG_Unseededif the RNG fails because it has not enough entropy
Exceptionif the RNG fails
Exceptionmay throw if the RNG accepts input, but adding the entropy failed.

Definition at line 20 of file rng.cpp.

21 {
22 if(this->accepts_input())
23 {
24 constexpr auto s_hd_clk = sizeof(decltype(OS::get_high_resolution_clock()));
25 constexpr auto s_sys_ts = sizeof(decltype(OS::get_system_timestamp_ns()));
26 constexpr auto s_pid = sizeof(decltype(OS::get_process_id()));
27
28 std::array<uint8_t, s_hd_clk + s_sys_ts + s_pid> additional_input = {0};
29 auto s_additional_input = std::span(additional_input.begin(), additional_input.end());
30
31 store_le(OS::get_high_resolution_clock(), s_additional_input.data());
32 s_additional_input = s_additional_input.subspan(s_hd_clk);
33
34#if defined(BOTAN_HAS_SYSTEM_RNG)
35 System_RNG system_rng;
36 system_rng.randomize(s_additional_input);
37#else
38 store_le(OS::get_system_timestamp_ns(), s_additional_input.data());
39 s_additional_input = s_additional_input.subspan(s_sys_ts);
40
41 store_le(OS::get_process_id(), s_additional_input.data());
42#endif
43
44 this->fill_bytes_with_input(output, additional_input);
45 }
46 else
47 {
48 this->fill_bytes_with_input(output, {});
49 }
50 }
Botan::RandomNumberGenerator::accepts_input
virtual bool accepts_input() const =0
Botan::OS::get_high_resolution_clock
uint64_t BOTAN_TEST_API get_high_resolution_clock()
Definition: os_utils.cpp:268
Botan::OS::get_system_timestamp_ns
uint64_t BOTAN_TEST_API get_system_timestamp_ns()
Definition: os_utils.cpp:320
Botan::OS::get_process_id
uint32_t BOTAN_TEST_API get_process_id()
Definition: os_utils.cpp:111
Botan::store_le
constexpr void store_le(uint16_t in, uint8_t out[2])
Definition: loadstor.h:465
Botan::system_rng
RandomNumberGenerator & system_rng()
Definition: system_rng.cpp:376

References Botan::RandomNumberGenerator::accepts_input(), Botan::RandomNumberGenerator::fill_bytes_with_input(), Botan::OS::get_high_resolution_clock(), Botan::OS::get_process_id(), Botan::OS::get_system_timestamp_ns(), Botan::RandomNumberGenerator::randomize(), Botan::store_le(), and Botan::system_rng().

◆ randomize_with_ts_input() [2/2]

void Botan::RandomNumberGenerator::randomize_with_ts_input ( uint8_t  output[],
size_t  output_len 
)
inlineinherited

Definition at line 127 of file rng.h.

128 { this->randomize_with_ts_input(std::span(output, output_len)); }
Botan::RandomNumberGenerator::randomize_with_ts_input
void randomize_with_ts_input(std::span< uint8_t > output)
Definition: rng.cpp:20

◆ reseed()

size_t Botan::RandomNumberGenerator::reseed ( Entropy_Sources srcs,
size_t  poll_bits = BOTAN_RNG_RESEED_POLL_BITS,
std::chrono::milliseconds  poll_timeout = BOTAN_RNG_RESEED_DEFAULT_TIMEOUT 
)
virtualinherited

Poll provided sources for up to poll_bits bits of entropy or until the timeout expires. Returns estimate of the number of bits collected.

Sets the seeded state to true if enough entropy was added.

Reimplemented in Botan::PKCS11::PKCS11_RNG, Botan::Processor_RNG, Botan::AutoSeeded_RNG, and Botan::Stateful_RNG.

Definition at line 52 of file rng.cpp.

55 {
56 if(this->accepts_input())
57 {
58 return srcs.poll(*this, poll_bits, poll_timeout);
59 }
60 else
61 {
62 return 0;
63 }
64 }

References Botan::RandomNumberGenerator::accepts_input(), and Botan::Entropy_Sources::poll().

Referenced by Botan::Stateful_RNG::reseed().

◆ reseed_from_rng()

void Botan::RandomNumberGenerator::reseed_from_rng ( RandomNumberGenerator rng,
size_t  poll_bits = BOTAN_RNG_RESEED_POLL_BITS 
)
virtualinherited

Reseed by reading specified bits from the RNG

Sets the seeded state to true if enough entropy was added.

Exceptions
Exceptionif RNG accepts input but reseeding failed.

Reimplemented in Botan::Stateful_RNG.

Definition at line 66 of file rng.cpp.

67 {
68 if(this->accepts_input())
69 {
70 this->add_entropy(rng.random_vec(poll_bits / 8));
71 }
72 }

References Botan::RandomNumberGenerator::accepts_input(), Botan::RandomNumberGenerator::add_entropy(), and Botan::RandomNumberGenerator::random_vec().

Referenced by Botan::Stateful_RNG::reseed_from_rng().

The documentation for this class was generated from the following file:
Generated by doxygen 1.9.6