#include <rng.h>
Public Member Functions | |
| virtual bool | accepts_input () const =0 |
| void | add_entropy (const uint8_t input[], size_t length) |
| void | add_entropy (std::span< const uint8_t > input) |
| template<typename T> requires std::is_standard_layout<T>::value && std::is_trivial<T>::value | |
| void | add_entropy_T (const T &t) |
| virtual void | clear ()=0 |
| virtual bool | is_seeded () const =0 |
| virtual std::string | name () const =0 |
| uint8_t | next_byte () |
| uint8_t | next_nonzero_byte () |
| RandomNumberGenerator & | operator= (const RandomNumberGenerator &rng)=delete |
| template<size_t bytes> | |
| std::array< uint8_t, bytes > | random_array () |
| template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>> requires std::default_initializable<T> | |
| T | random_vec (size_t bytes) |
| void | random_vec (std::span< uint8_t > v) |
| template<concepts::resizable_byte_buffer T> | |
| void | random_vec (T &v, size_t bytes) |
| void | randomize (std::span< uint8_t > output) |
| void | randomize (uint8_t output[], size_t length) |
| void | randomize_with_input (std::span< uint8_t > output, std::span< const uint8_t > input) |
| void | randomize_with_input (uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len) |
| void | randomize_with_ts_input (std::span< uint8_t > output) |
| void | randomize_with_ts_input (uint8_t output[], size_t output_len) |
| RandomNumberGenerator ()=default | |
| RandomNumberGenerator (const RandomNumberGenerator &rng)=delete | |
| virtual size_t | reseed (Entropy_Sources &srcs, size_t poll_bits=RandomNumberGenerator::DefaultPollBits, std::chrono::milliseconds poll_timeout=RandomNumberGenerator::DefaultPollTimeout) |
| virtual void | reseed_from_rng (RandomNumberGenerator &rng, size_t poll_bits=RandomNumberGenerator::DefaultPollBits) |
| virtual | ~RandomNumberGenerator ()=default |
Static Public Attributes | |
| static constexpr size_t | DefaultPollBits = 256 |
| static constexpr auto | DefaultPollTimeout = std::chrono::milliseconds(50) |
| static constexpr size_t | DefaultReseedInterval = 1024 |
Protected Member Functions | |
| virtual void | fill_bytes_with_input (std::span< uint8_t > output, std::span< const uint8_t > input)=0 |
Detailed Description
Constructor & Destructor Documentation
◆ ~RandomNumberGenerator()
|
virtualdefault |
◆ RandomNumberGenerator() [1/2]
|
default |
Referenced by Botan::AutoSeeded_RNG::AutoSeeded_RNG(), Botan::AutoSeeded_RNG::AutoSeeded_RNG(), Botan::Stateful_RNG::clear_state(), is_seeded(), operator=(), RandomNumberGenerator(), reseed_from_rng(), Botan::Stateful_RNG::reseed_from_rng(), Botan::Stateful_RNG::Stateful_RNG(), and Botan::Stateful_RNG::Stateful_RNG().
◆ RandomNumberGenerator() [2/2]
|
delete |
References RandomNumberGenerator().
Member Function Documentation
◆ accepts_input()
|
pure virtual |
Returns false if it is known that this RNG object is not able to accept externally provided inputs (via add_entropy, randomize_with_input, etc). In this case, any such provided inputs are ignored.
If this function returns true, then inputs may or may not be accepted.
Implemented in Botan::AutoSeeded_RNG, Botan::ESDM_RNG, Botan::Jitter_RNG, Botan::Null_RNG, Botan::PKCS11::PKCS11_RNG, Botan::Processor_RNG, Botan::Stateful_RNG, Botan::System_RNG, Botan::TPM2::RandomNumberGenerator, and Botan::TPM_RNG.
Referenced by Botan::System_RNG::accepts_input(), randomize_with_ts_input(), reseed(), and reseed_from_rng().
◆ add_entropy() [1/2]
|
inline |
Definition at line 93 of file rng.h.
References add_entropy().
Referenced by add_entropy().
◆ add_entropy() [2/2]
|
inline |
Incorporate some additional data into the RNG state. For example adding nonces or timestamps from a peer's protocol message can help hedge against VM state rollback attacks. A few RNG types do not accept any externally provided input, in which case this function is a no-op.
- Parameters
-
input a byte array containing the entropy to be added
Definition at line 91 of file rng.h.
References fill_bytes_with_input().
Referenced by add_entropy_T(), Botan::ChaCha_RNG::ChaCha_RNG(), Botan::Stateful_RNG::initialize_with(), Botan::Getentropy::poll(), Botan::Intel_Rdseed::poll(), and reseed_from_rng().
◆ add_entropy_T()
requires std::is_standard_layout<T>::value && std::is_trivial<T>::value
|
inline |
Incorporate some additional data into the RNG state.
Definition at line 100 of file rng.h.
References add_entropy().
Referenced by Botan::Win32_EntropySource::poll().
◆ clear()
|
pure virtual |
Clear all internally held values of this RNG
- Postcondition
- is_seeded() == false if the RNG has an internal state that can be cleared.
Implemented in Botan::AutoSeeded_RNG, Botan::ESDM_RNG, Botan::Hardware_RNG, Botan::Jitter_RNG, Botan::Null_RNG, Botan::Stateful_RNG, and Botan::System_RNG.
Referenced by Botan::System_RNG::clear().
◆ fill_bytes_with_input()
|
protectedpure virtual |
Generic interface to provide entropy to a concrete implementation and to fill a given buffer with random output. Both output and input may be empty and should be ignored in that case. If both buffers are non-empty implementations should typically first apply the input data and then generate random data into output.
This method must be implemented by all RandomNumberGenerator sub-classes.
- Parameters
-
output Byte buffer to write random bytes into. Implementations should not read from this buffer. input Byte buffer that may contain bytes to be incorporated in the RNG's internal state. Implementations may choose to ignore the bytes in this buffer.
Implemented in Botan::ESDM_RNG, and Botan::System_RNG.
Referenced by add_entropy(), next_byte(), randomize(), randomize_with_input(), and randomize_with_ts_input().
◆ is_seeded()
|
pure virtual |
Check whether this RNG is seeded.
- Returns
- true if this RNG was already seeded, false otherwise.
Implemented in Botan::AutoSeeded_RNG, Botan::ESDM_RNG, Botan::Jitter_RNG, Botan::Null_RNG, Botan::PKCS11::PKCS11_RNG, Botan::Processor_RNG, Botan::Stateful_RNG, Botan::System_RNG, Botan::TPM2::RandomNumberGenerator, and Botan::TPM_RNG.
References DefaultPollBits, DefaultPollTimeout, RandomNumberGenerator(), reseed(), and reseed_from_rng().
Referenced by Botan::EC_Point_Var_Point_Precompute::EC_Point_Var_Point_Precompute(), Botan::is_prime(), Botan::System_RNG::is_seeded(), Botan::EC_Point_Base_Point_Precompute::mul(), and Botan::EC_Point::randomize_repr().
◆ name()
|
pure virtual |
- Returns
- the name of this RNG type
Implemented in Botan::AutoSeeded_RNG, Botan::ChaCha_RNG, Botan::ESDM_RNG, Botan::HMAC_DRBG, Botan::Jitter_RNG, Botan::Null_RNG, Botan::PKCS11::PKCS11_RNG, Botan::Processor_RNG, Botan::System_RNG, Botan::TPM2::RandomNumberGenerator, and Botan::TPM_RNG.
Referenced by Botan::System_RNG::name(), and Botan::Stateful_RNG::reseed_check().
◆ next_byte()
|
inline |
Return a random byte
- Returns
- random byte
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails
Definition at line 244 of file rng.h.
References fill_bytes_with_input().
Referenced by next_nonzero_byte(), and Botan::random_prime().
◆ next_nonzero_byte()
|
inline |
- Returns
- a random byte that is greater than zero
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails
Definition at line 255 of file rng.h.
References next_byte().
◆ operator=()
|
delete |
References RandomNumberGenerator().
◆ random_array()
|
inline |
Create a std::array of bytes random bytes
Definition at line 232 of file rng.h.
References random_vec().
◆ random_vec() [1/3]
requires std::default_initializable<T>
|
inline |
Create some byte container type and fill it with some random bytes.
- Template Parameters
-
T the desired byte container type (e.g std::vector<uint8_t>)
- Parameters
-
bytes number of random bytes to initialize the container with
- Returns
- a container of type T with
bytesrandom bytes
Definition at line 222 of file rng.h.
References random_vec().
◆ random_vec() [2/3]
|
inline |
Fill a given byte container with bytes random bytes
- Todo
- deprecate this overload (in favor of randomize())
- Parameters
-
v the container to be filled with bytesrandom bytes
Definition at line 196 of file rng.h.
References randomize().
Referenced by Botan::Classic_McEliece_PrivateKey::Classic_McEliece_PrivateKey(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::PK_Decryptor::decrypt_or_random(), Botan::Dilithium_PrivateKey::Dilithium_PrivateKey(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), Botan::Kyber_KEM_Encryptor::encapsulate(), Botan::ML_KEM_Encryptor::encapsulate(), Botan::TLS::Session::encrypt(), Botan::KeyPair::encryption_consistency_check(), Botan::FrodoKEM_PrivateKey::FrodoKEM_PrivateKey(), Botan::generate_bcrypt(), Botan::HSS_LMS_PrivateKeyInternal::HSS_LMS_PrivateKeyInternal(), Botan::Kyber_PrivateKey::Kyber_PrivateKey(), Botan::TLS::make_hello_random(), Botan::OctetString::OctetString(), random_array(), random_vec(), random_vec(), Botan::BigInt::randomize(), reseed_from_rng(), Botan::SphincsPlus_PrivateKey::SphincsPlus_PrivateKey(), and Botan::X25519_PrivateKey::X25519_PrivateKey().
◆ random_vec() [3/3]
|
inline |
Resize a given byte container to bytes and fill it with random bytes
- Template Parameters
-
T the desired byte container type (e.g std::vector<uint8_t>)
- Parameters
-
v the container to be filled with bytesrandom bytesbytes number of random bytes to initialize the container with
Definition at line 207 of file rng.h.
References random_vec().
◆ randomize() [1/2]
|
inline |
Randomize a byte array.
May block shortly if e.g. the RNG is not yet initialized or a retry because of insufficient entropy is needed.
- Parameters
-
output the byte array to hold the random output.
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails
Definition at line 68 of file rng.h.
References fill_bytes_with_input().
Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::argon2_generate_pwhash(), botan_system_rng_get(), Botan::CryptoBox::encrypt(), Botan::generate_dsa_primes(), Botan::generate_passhash9(), Botan::Roughtime::Nonce::Nonce(), Botan::random_gf2m(), Botan::McEliece_PublicKey::random_plaintext_element(), Botan::random_prime(), random_vec(), Botan::Sodium::randombytes_buf(), randomize_with_ts_input(), Botan::KeyPair::signature_consistency_check(), Botan::RTSS_Share::split(), and Botan::UUID::UUID().
◆ randomize() [2/2]
|
inline |
Definition at line 70 of file rng.h.
References randomize().
Referenced by randomize().
◆ randomize_with_input() [1/2]
|
inline |
Incorporate entropy into the RNG state then produce output. Some RNG types implement this using a single operation, default calls add_entropy + randomize in sequence.
Use this to further bind the outputs to your current process/protocol state. For instance if generating a new key for use in a session, include a session ID or other such value. See NIST SP 800-90 A, B, C series for more ideas.
- Parameters
-
output buffer to hold the random output input entropy buffer to incorporate
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails Exception may throw if the RNG accepts input, but adding the entropy failed.
Definition at line 120 of file rng.h.
References fill_bytes_with_input().
Referenced by Botan::System_RNG::fill_bytes_with_input(), and randomize_with_input().
◆ randomize_with_input() [2/2]
|
inline |
Definition at line 124 of file rng.h.
References randomize_with_input().
◆ randomize_with_ts_input() [1/2]
| void Botan::RandomNumberGenerator::randomize_with_ts_input | ( | std::span< uint8_t > | output | ) |
This calls randomize_with_input using some timestamps as extra input.
For a stateful RNG using non-random but potentially unique data the extra input can help protect against problems with fork, VM state rollback, or other cases where somehow an RNG state is duplicated. If both of the duplicated RNG states later incorporate a timestamp (and the timestamps don't themselves repeat), their outputs will diverge.
- Parameters
-
output buffer to hold the random output
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails Exception may throw if the RNG accepts input, but adding the entropy failed.
Definition at line 27 of file rng.cpp.
References accepts_input(), BOTAN_UNUSED, fill_bytes_with_input(), Botan::OS::get_high_resolution_clock(), Botan::OS::get_process_id(), randomize(), Botan::store_le(), and Botan::system_rng().
Referenced by randomize_with_ts_input().
◆ randomize_with_ts_input() [2/2]
|
inline |
Definition at line 144 of file rng.h.
References randomize_with_ts_input().
◆ reseed()
|
virtual |
Poll provided sources for up to poll_bits bits of entropy or until the timeout expires. Returns estimate of the number of bits collected.
Sets the seeded state to true if enough entropy was added.
Reimplemented in Botan::AutoSeeded_RNG, Botan::PKCS11::PKCS11_RNG, Botan::Processor_RNG, and Botan::Stateful_RNG.
Definition at line 51 of file rng.cpp.
References accepts_input(), BOTAN_UNUSED, and Botan::Entropy_Sources::poll().
Referenced by is_seeded(), and Botan::Stateful_RNG::reseed().
◆ reseed_from_rng()
|
virtual |
Reseed by reading specified bits from the RNG
Sets the seeded state to true if enough entropy was added.
Reimplemented in Botan::Stateful_RNG.
Definition at line 63 of file rng.cpp.
References accepts_input(), add_entropy(), random_vec(), and RandomNumberGenerator().
Referenced by is_seeded(), and Botan::Stateful_RNG::reseed_from_rng().
Member Data Documentation
◆ DefaultPollBits
|
staticconstexpr |
Number of entropy bits polled for reseeding userspace RNGs like HMAC_DRBG
Definition at line 41 of file rng.h.
Referenced by is_seeded().
◆ DefaultPollTimeout
|
staticconstexpr |
◆ DefaultReseedInterval
|
staticconstexpr |
The documentation for this class was generated from the following files:
Generated by
1.13.2