RNG changes (GH #593)

Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
author: Jack Lloyd <[email protected]> 2016-08-19 07:51:47 -0400
committer: Jack Lloyd <[email protected]> 2016-08-24 11:31:54 -0400
commit: 80c160f08f2a69eb4e41a68380796bf31fd2f924 (patch)
tree: 83259da316524ed3b96b0913e5b023bc40f26a28 /src/cli
parent: 91474f60d72937ad3c21d8aa53c14f7a0cceb9ca (diff)
3 files changed, 26 insertions, 7 deletions
diff --git a/src/cli/cli.h b/src/cli/cli.h
index 11cc8add7..7e2d49f0f 100644
--- a/src/cli/cli.h
+++ b/src/cli/cli.h
@@ -10,7 +10,10 @@
 #include <botan/build.h>
 #include <botan/parsing.h>
 #include <botan/rng.h>
-#include <botan/auto_rng.h>
+
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
+  #include <botan/auto_rng.h>
+#endif
 
 #if defined(BOTAN_HAS_SYSTEM_RNG)
   #include <botan/system_rng.h>
@@ -471,7 +474,9 @@ class Command
 
             if(rng_type == "auto")
                {
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
                m_rng.reset(new Botan::AutoSeeded_RNG);
+#endif
                }
 
             if(!m_rng)
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp
index 1299b0d19..222a98d3f 100644
--- a/src/cli/speed.cpp
+++ b/src/cli/speed.cpp
@@ -19,9 +19,12 @@
 #include <botan/hash.h>
 #include <botan/mac.h>
 #include <botan/cipher_mode.h>
-#include <botan/auto_rng.h>
 #include <botan/entropy_src.h>
 
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
+  #include <botan/auto_rng.h>
+#endif
+
 #if defined(BOTAN_HAS_SYSTEM_RNG)
   #include <botan/system_rng.h>
 #endif
@@ -413,8 +416,10 @@ class Speed final : public Command
 #endif
             else if(algo == "RNG")
                {
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
                Botan::AutoSeeded_RNG auto_rng;
                bench_rng(auto_rng, "AutoSeeded_RNG (periodic reseed)", msec, buf_size);
+#endif
 
 #if defined(BOTAN_HAS_SYSTEM_RNG)
                bench_rng(Botan::system_rng(), "System_RNG", msec, buf_size);
@@ -428,7 +433,7 @@ class Speed final : public Command
 #if defined(BOTAN_HAS_HMAC_DRBG)
                for(std::string hash : { "SHA-256", "SHA-384", "SHA-512" })
                   {
-                  Botan::HMAC_DRBG hmac_drbg(hash, 0);
+                  Botan::HMAC_DRBG hmac_drbg(hash);
                   bench_rng(hmac_drbg, hmac_drbg.name(), msec, buf_size);
                   }
 #endif
@@ -436,7 +441,7 @@ class Speed final : public Command
 #if defined(BOTAN_HAS_HMAC_RNG)
                for(std::string hash : { "SHA-256", "SHA-384", "SHA-512" })
                   {
-                  Botan::HMAC_RNG hmac_rng(hash, 0);
+                  Botan::HMAC_RNG hmac_rng(Botan::MessageAuthenticationCode::create("HMAC(" + hash + ")"));
                   bench_rng(hmac_rng, hmac_rng.name(), msec, buf_size);
                   }
 #endif
@@ -595,8 +600,9 @@ class Speed final : public Command
          {
          Botan::secure_vector<uint8_t> buffer(buf_size);
 
-         rng.add_entropy(buffer.data(), buffer.size());
-         rng.reseed(256);
+#if defined(BOTAN_HAS_SYSTEM_RNG)
+         rng.reseed_from_rng(Botan::system_rng(), 256);
+#endif
 
          Timer timer(rng_name, "", "generate", buffer.size());
          timer.run_until_elapsed(runtime, [&] { rng.randomize(buffer.data(), buffer.size()); });
diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp
index b0d364581..610a14dc1 100644
--- a/src/cli/utils.cpp
+++ b/src/cli/utils.cpp
@@ -7,7 +7,6 @@
 #include "cli.h"
 
 #include <botan/version.h>
-#include <botan/auto_rng.h>
 #include <botan/hash.h>
 #include <botan/cpuid.h>
 #include <botan/hex.h>
@@ -16,6 +15,10 @@
   #include <botan/base64.h>
 #endif
 
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
+  #include <botan/auto_rng.h>
+#endif
+
 #if defined(BOTAN_HAS_SYSTEM_RNG)
   #include <botan/system_rng.h>
 #endif
@@ -179,7 +182,12 @@ class RNG final : public Command
             }
          else
             {
+#if defined(BOTAN_HAS_AUTO_SEEDING_RNG)
             rng.reset(new Botan::AutoSeeded_RNG);
+#else
+            error_output() << "auto_rng disabled in build\n";
+            return;
+#endif
             }
 
          for(const std::string& req : get_arg_list("bytes"))
author	Jack Lloyd <[email protected]>	2016-08-19 07:51:47 -0400
committer	Jack Lloyd <[email protected]>	2016-08-24 11:31:54 -0400
commit	80c160f08f2a69eb4e41a68380796bf31fd2f924 (patch)
tree	83259da316524ed3b96b0913e5b023bc40f26a28 /src/cli
parent	91474f60d72937ad3c21d8aa53c14f7a0cceb9ca (diff)