diff options
author | lloyd <[email protected]> | 2013-11-09 16:53:25 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2013-11-09 16:53:25 +0000 |
commit | 7aacde3df5e8755a01b6948d42322d182ddc36c1 (patch) | |
tree | f9cff257756a12e310bbac5fb96a9027202f22d7 | |
parent | ad9b75f7211bcc5f6c4e9d49cce3e6f61431b593 (diff) |
In HMAC_RNG record number of bytes since last poll and reseed based on
that rather than the counter.
-rw-r--r-- | src/rng/hmac_rng/hmac_rng.cpp | 34 | ||||
-rw-r--r-- | src/rng/hmac_rng/hmac_rng.h | 9 |
2 files changed, 26 insertions, 17 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index 0f6a15a0b..33881b685 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -17,6 +17,10 @@ namespace Botan { namespace { +// make these build.h constants? +const size_t BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED = 512; +const size_t BOTAN_RNG_RESEED_POLL_BITS = 128; + void hmac_prf(MessageAuthenticationCode& prf, secure_vector<byte>& K, u32bit& counter, @@ -96,14 +100,16 @@ void HMAC_RNG::randomize(byte out[], size_t length) { hmac_prf(*m_prf, m_K, m_counter, "rng"); - if(m_counter % AUTOMATIC_RESEED_RATE == 0) - reseed(AUTOMATIC_RESEED_BITS); - const size_t copied = std::min<size_t>(m_K.size() / 2, length); copy_mem(out, &m_K[0], copied); out += copied; length -= copied; + + m_output_since_reseed += copied; + + if(m_output_since_reseed >= BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED) + reseed(BOTAN_RNG_RESEED_POLL_BITS); } } @@ -153,12 +159,18 @@ void HMAC_RNG::reseed(size_t poll_bits) zeroise(m_K); m_counter = 0; - /* - * Consider ourselves seeded once we've collected an estimated 128 bits of - * entropy in a single poll. - */ - if(accum.bits_collected() >= 128) - m_seeded = true; + m_collected_entropy_estimate = + std::min(m_collected_entropy_estimate + accum.bits_collected(), + m_extractor->output_length() * 8); + + m_output_since_reseed = 0; + } + +bool HMAC_RNG::is_seeded() const + { + if(m_collected_entropy_estimate >= 256) + return true; + return false; } /* @@ -167,7 +179,7 @@ void HMAC_RNG::reseed(size_t poll_bits) void HMAC_RNG::add_entropy(const byte input[], size_t length) { m_extractor->update(input, length); - reseed(AUTOMATIC_RESEED_BITS); + reseed(BOTAN_RNG_RESEED_POLL_BITS); } /* @@ -175,7 +187,7 @@ void HMAC_RNG::add_entropy(const byte input[], size_t length) */ void HMAC_RNG::clear() { - m_seeded = false; + m_collected_entropy_estimate = 0; m_extractor->clear(); m_prf->clear(); zeroise(m_K); diff --git a/src/rng/hmac_rng/hmac_rng.h b/src/rng/hmac_rng/hmac_rng.h index 6d7c3228a..8fee5be5a 100644 --- a/src/rng/hmac_rng/hmac_rng.h +++ b/src/rng/hmac_rng/hmac_rng.h @@ -28,7 +28,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator { public: void randomize(byte buf[], size_t len); - bool is_seeded() const { return m_seeded; } + bool is_seeded() const; void clear(); std::string name() const; @@ -42,14 +42,11 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator HMAC_RNG(MessageAuthenticationCode* extractor, MessageAuthenticationCode* prf); private: - // make these build.h constants? - const size_t AUTOMATIC_RESEED_RATE = 16; - const size_t AUTOMATIC_RESEED_BITS = 128; - std::unique_ptr<MessageAuthenticationCode> m_extractor; std::unique_ptr<MessageAuthenticationCode> m_prf; - bool m_seeded = false; + size_t m_collected_entropy_estimate = 0; + size_t m_output_since_reseed = 0; secure_vector<byte> m_K; u32bit m_counter = 0; |