#include <rng.h>
Public Member Functions | |
| virtual bool | accepts_input () const =0 |
| void | add_entropy (const uint8_t input[], size_t length) |
| void | add_entropy (std::span< const uint8_t > input) |
| template<typename T > requires std::is_standard_layout<T> | |
| void | add_entropy_T (const T &t) |
| virtual void | clear ()=0 |
| virtual bool | is_seeded () const =0 |
| virtual std::string | name () const =0 |
| uint8_t | next_byte () |
| uint8_t | next_nonzero_byte () |
| RandomNumberGenerator & | operator= (const RandomNumberGenerator &rng)=delete |
| template<concepts::resizable_byte_buffer T = secure_vector<uint8_t>> requires concepts::default_initializable<T> | |
| T | random_vec (size_t bytes) |
| void | random_vec (std::span< uint8_t > v) |
| template<concepts::resizable_byte_buffer T> | |
| void | random_vec (T &v, size_t bytes) |
| void | randomize (std::span< uint8_t > output) |
| void | randomize (uint8_t output[], size_t length) |
| void | randomize_with_input (uint8_t output[], size_t output_len, const uint8_t input[], size_t input_len) |
| void | randomize_with_ts_input (std::span< uint8_t > output) |
| void | randomize_with_ts_input (uint8_t output[], size_t output_len) |
| RandomNumberGenerator ()=default | |
| RandomNumberGenerator (const RandomNumberGenerator &rng)=delete | |
| virtual size_t | reseed (Entropy_Sources &srcs, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS, std::chrono::milliseconds poll_timeout=BOTAN_RNG_RESEED_DEFAULT_TIMEOUT) |
| virtual void | reseed_from_rng (RandomNumberGenerator &rng, size_t poll_bits=BOTAN_RNG_RESEED_POLL_BITS) |
| virtual | ~RandomNumberGenerator ()=default |
Protected Member Functions | |
| virtual void | fill_bytes_with_input (std::span< uint8_t > output, std::span< const uint8_t > input)=0 |
Detailed Description
Constructor & Destructor Documentation
◆ ~RandomNumberGenerator()
|
virtualdefault |
◆ RandomNumberGenerator() [1/2]
|
default |
◆ RandomNumberGenerator() [2/2]
|
delete |
Member Function Documentation
◆ accepts_input()
|
pure virtual |
Returns false if it is known that this RNG object is not able to accept externally provided inputs (via add_entropy, randomize_with_input, etc). In this case, any such provided inputs are ignored.
If this function returns true, then inputs may or may not be accepted.
Implemented in Botan::Stateful_RNG, Botan::PKCS11::PKCS11_RNG, Botan::TPM_RNG, Botan::AutoSeeded_RNG, Botan::Processor_RNG, Botan::Null_RNG, and Botan::System_RNG.
Referenced by Botan::System_RNG::accepts_input(), randomize_with_ts_input(), reseed(), and reseed_from_rng().
◆ add_entropy() [1/2]
|
inline |
Definition at line 77 of file rng.h.
References add_entropy().
Referenced by add_entropy().
◆ add_entropy() [2/2]
|
inline |
Incorporate some additional data into the RNG state. For example adding nonces or timestamps from a peer's protocol message can help hedge against VM state rollback attacks. A few RNG types do not accept any externally provided input, in which case this function is a no-op.
- Parameters
-
input a byte array containing the entropy to be added
- Exceptions
-
Exception may throw if the RNG accepts input, but adding the entropy failed.
Definition at line 75 of file rng.h.
Referenced by Botan::ChaCha_RNG::ChaCha_RNG(), Botan::Stateful_RNG::initialize_with(), Botan::Getentropy::poll(), Botan::Intel_Rdseed::poll(), and reseed_from_rng().
◆ add_entropy_T()
|
inline |
Incorporate some additional data into the RNG state. Incorporate entropy into the RNG state then produce output. Some RNG types implement this using a single operation, default calls add_entropy + randomize in sequence.
Use this to further bind the outputs to your current process/protocol state. For instance if generating a new key for use in a session, include a session ID or other such value. See NIST SP 800-90 A, B, C series for more ideas.
- Parameters
-
output buffer to hold the random output input entropy buffer to incorporate
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails Exception may throw if the RNG accepts input, but adding the entropy failed.
Definition at line 83 of file rng.h.
References T.
Referenced by Botan::Win32_EntropySource::poll().
◆ clear()
|
pure virtual |
Clear all internally held values of this RNG
- Postcondition
- is_seeded() == false if the RNG has an internal state that can be cleared.
Implemented in Botan::Hardware_RNG, Botan::Stateful_RNG, Botan::AutoSeeded_RNG, Botan::Null_RNG, and Botan::System_RNG.
Referenced by Botan::System_RNG::clear().
◆ fill_bytes_with_input()
|
protectedpure virtual |
Generic interface to provide entropy to a concrete implementation and to fill a given buffer with random output. Both output and input may be empty and should be ignored in that case. If both buffers are non-empty implementations should typically first apply the input data and then generate random data into output.
This method must be implemented by all RandomNumberGenerator sub-classes.
- Parameters
-
output Byte buffer to write random bytes into. Implementations should not read from this buffer. input Byte buffer that may contain bytes to be incorporated in the RNG's internal state. Implementations may choose to ignore the bytes in this buffer.
Implemented in Botan::System_RNG.
Referenced by randomize_with_ts_input().
◆ is_seeded()
|
pure virtual |
Check whether this RNG is seeded.
- Returns
- true if this RNG was already seeded, false otherwise.
Implemented in Botan::Stateful_RNG, Botan::PKCS11::PKCS11_RNG, Botan::TPM_RNG, Botan::AutoSeeded_RNG, Botan::Processor_RNG, Botan::Null_RNG, and Botan::System_RNG.
Referenced by Botan::EC_Point_Var_Point_Precompute::EC_Point_Var_Point_Precompute(), Botan::is_prime(), Botan::System_RNG::is_seeded(), and Botan::EC_Point_Base_Point_Precompute::mul().
◆ name()
|
pure virtual |
- Returns
- the name of this RNG type
Implemented in Botan::PKCS11::PKCS11_RNG, Botan::TPM_RNG, Botan::AutoSeeded_RNG, Botan::ChaCha_RNG, Botan::HMAC_DRBG, Botan::Processor_RNG, Botan::Null_RNG, and Botan::System_RNG.
Referenced by Botan::System_RNG::name(), and Botan::Stateful_RNG::reseed_check().
◆ next_byte()
|
inline |
Return a random byte
- Returns
- random byte
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails
Definition at line 218 of file rng.h.
Referenced by Botan::random_prime().
◆ next_nonzero_byte()
|
inline |
- Returns
- a random byte that is greater than zero
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails
Definition at line 229 of file rng.h.
Referenced by Botan::EME_PKCS1v15::pad().
◆ operator=()
|
delete |
◆ random_vec() [1/3]
requires concepts::default_initializable<T>
|
inline |
Create some byte container type and fill it with some random bytes.
- Template Parameters
-
T the desired byte container type (e.g std::vector<uint8_t>)
- Parameters
-
bytes number of random bytes to initialize the container with
- Returns
- a container of type T with
bytesrandom bytes
- Exceptions
-
Exception if RNG or memory allocation fails
Definition at line 206 of file rng.h.
References T.
◆ random_vec() [2/3]
|
inline |
Fill a given byte container with bytes random bytes
- Todo:
- deprecate this overload (in favor of randomize())
- Parameters
-
v the container to be filled with bytesrandom bytes
- Exceptions
-
Exception if RNG fails
Definition at line 180 of file rng.h.
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::Curve25519_PrivateKey::Curve25519_PrivateKey(), Botan::PK_Decryptor::decrypt_or_random(), Botan::Dilithium_PrivateKey::Dilithium_PrivateKey(), Botan::Ed25519_PrivateKey::Ed25519_PrivateKey(), Botan::TLS::Session::encrypt(), Botan::KeyPair::encryption_consistency_check(), Botan::generate_bcrypt(), Botan::Kyber_PrivateKey::Kyber_PrivateKey(), Botan::TLS::make_hello_random(), Botan::OctetString::OctetString(), Botan::BigInt::randomize(), reseed_from_rng(), and Botan::SphincsPlus_PrivateKey::SphincsPlus_PrivateKey().
◆ random_vec() [3/3]
|
inline |
Resize a given byte container to bytes and fill it with random bytes
- Template Parameters
-
T the desired byte container type (e.g std::vector<uint8_t>)
- Parameters
-
v the container to be filled with bytesrandom bytesbytes number of random bytes to initialize the container with
- Exceptions
-
Exception if RNG or memory allocation fails
◆ randomize() [1/2]
|
inline |
Randomize a byte array.
May block shortly if e.g. the RNG is not yet initialized or a retry because of insufficient entropy is needed.
- Parameters
-
output the byte array to hold the random output.
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails
Definition at line 52 of file rng.h.
Referenced by Botan::TLS::Connection_Cipher_State::aead_nonce(), Botan::argon2_generate_pwhash(), botan_system_rng_get(), Botan::CryptoBox::encrypt(), Botan::generate_dsa_primes(), Botan::generate_passhash9(), Botan::Roughtime::Nonce::Nonce(), Botan::EME_PKCS1v15::pad(), Botan::random_gf2m(), Botan::McEliece_PublicKey::random_plaintext_element(), Botan::random_prime(), Botan::Sodium::randombytes_buf(), randomize_with_ts_input(), Botan::KeyPair::signature_consistency_check(), Botan::RTSS_Share::split(), and Botan::UUID::UUID().
◆ randomize() [2/2]
|
inline |
Definition at line 54 of file rng.h.
References randomize().
Referenced by randomize().
◆ randomize_with_input()
|
inline |
Definition at line 109 of file rng.h.
Referenced by Botan::System_RNG::fill_bytes_with_input().
◆ randomize_with_ts_input() [1/2]
| void Botan::RandomNumberGenerator::randomize_with_ts_input | ( | std::span< uint8_t > | output | ) |
This calls randomize_with_input using some timestamps as extra input.
For a stateful RNG using non-random but potentially unique data the extra input can help protect against problems with fork, VM state rollback, or other cases where somehow an RNG state is duplicated. If both of the duplicated RNG states later incorporate a timestamp (and the timestamps don't themselves repeat), their outputs will diverge.
- Parameters
-
output buffer to hold the random output
- Exceptions
-
PRNG_Unseeded if the RNG fails because it has not enough entropy Exception if the RNG fails Exception may throw if the RNG accepts input, but adding the entropy failed.
Definition at line 21 of file rng.cpp.
References accepts_input(), fill_bytes_with_input(), Botan::OS::get_high_resolution_clock(), Botan::OS::get_process_id(), Botan::OS::get_system_timestamp_ns(), randomize(), Botan::store_le(), and Botan::system_rng().
◆ randomize_with_ts_input() [2/2]
|
inline |
Definition at line 129 of file rng.h.
◆ reseed()
|
virtual |
Poll provided sources for up to poll_bits bits of entropy or until the timeout expires. Returns estimate of the number of bits collected.
Sets the seeded state to true if enough entropy was added.
Reimplemented in Botan::PKCS11::PKCS11_RNG, Botan::Processor_RNG, Botan::AutoSeeded_RNG, and Botan::Stateful_RNG.
Definition at line 49 of file rng.cpp.
References accepts_input(), and Botan::Entropy_Sources::poll().
Referenced by Botan::Stateful_RNG::reseed().
◆ reseed_from_rng()
|
virtual |
Reseed by reading specified bits from the RNG
Sets the seeded state to true if enough entropy was added.
- Exceptions
-
Exception if RNG accepts input but reseeding failed.
Reimplemented in Botan::Stateful_RNG.
Definition at line 57 of file rng.cpp.
References accepts_input(), add_entropy(), and random_vec().
Referenced by Botan::Stateful_RNG::reseed_from_rng().
The documentation for this class was generated from the following files:
