diff options
| author | Daniel Neus <[email protected]> | 2016-10-27 21:13:04 +0200 |
|---|---|---|
| committer | Daniel Neus <[email protected]> | 2016-10-28 11:38:02 +0200 |
| commit | 728f23309d1423bcd4a55c20e0df93f5f7a1e744 (patch) | |
| tree | 36bcf4a427fe36c09c6fee7668f8847d82f8517e /src/lib/rng/hmac_drbg/hmac_drbg.h | |
| parent | 4e6785ff23305c05870074fd0420624cda8b99db (diff) | |
make max_number_of_bytes_per_request configurable
Diffstat (limited to 'src/lib/rng/hmac_drbg/hmac_drbg.h')
| -rw-r--r-- | src/lib/rng/hmac_drbg/hmac_drbg.h | 52 |
1 files changed, 46 insertions, 6 deletions
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.h b/src/lib/rng/hmac_drbg/hmac_drbg.h index 11d355d70..9210cbca2 100644 --- a/src/lib/rng/hmac_drbg/hmac_drbg.h +++ b/src/lib/rng/hmac_drbg/hmac_drbg.h @@ -24,7 +24,7 @@ class BOTAN_DLL HMAC_DRBG final : public Stateful_RNG /** * Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC) * - * Automatic reseeding is disabled completely, as it as no access to + * Automatic reseeding is disabled completely, as it has no access to * any source for seed material. * * If a fork is detected, the RNG will be unable to reseed itself @@ -44,10 +44,22 @@ class BOTAN_DLL HMAC_DRBG final : public Stateful_RNG * to perform the periodic reseeding * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single + * requests of max_number_of_bytes_per_request size had been made. + * In theory SP 800-90A requires that we reject any request for a DRBG + * output longer than max_number_of_bytes_per_request. To avoid inconveniencing + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, RandomNumberGenerator& underlying_rng, - size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL); + size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL, + size_t max_number_of_bytes_per_request = 64 * 1024); /** * Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC) @@ -59,10 +71,22 @@ class BOTAN_DLL HMAC_DRBG final : public Stateful_RNG * @param entropy_sources will be polled to perform reseeding periodically * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed. + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single + * requests of max_number_of_bytes_per_request size had been made. + * In theory SP 800-90A requires that we reject any request for a DRBG + * output longer than max_number_of_bytes_per_request. To avoid inconveniencing + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, Entropy_Sources& entropy_sources, - size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL); + size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL, + size_t max_number_of_bytes_per_request = 64 * 1024); /** * Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC) @@ -77,20 +101,35 @@ class BOTAN_DLL HMAC_DRBG final : public Stateful_RNG * @param entropy_sources will be polled to perform reseeding periodically * @param reseed_interval specifies a limit of how many times * the RNG will be called before automatic reseeding is performed. + * @param max_number_of_bytes_per_request requests that are in size higher + * than max_number_of_bytes_per_request are treated as if multiple single + * requests of max_number_of_bytes_per_request size had been made. + * In theory SP 800-90A requires that we reject any request for a DRBG + * output longer than max_number_of_bytes_per_request. To avoid inconveniencing + * the caller who wants an output larger than max_number_of_bytes_per_request, + * instead treat these requests as if multiple requests of + * max_number_of_bytes_per_request size had been made. NIST requires for + * HMAC_DRBG that every implementation set a value no more than 2**19 bits + * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for + * example every 512 bit automatic reseeding occurs. */ HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, RandomNumberGenerator& underlying_rng, Entropy_Sources& entropy_sources, - size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL); + size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL, + size_t max_number_of_bytes_per_request = 64 * 1024); /** * Constructor taking a string for the hash */ - HMAC_DRBG(const std::string& hmac_hash) : Stateful_RNG() + HMAC_DRBG(const std::string& hmac_hash) : + Stateful_RNG(), m_max_number_of_bytes_per_request(64 * 1024), + m_mac(MessageAuthenticationCode::create("HMAC(" + hmac_hash + ")")) { - m_mac = MessageAuthenticationCode::create("HMAC(" + hmac_hash + ")"); if(!m_mac) + { throw Algorithm_Not_Found(hmac_hash); + } clear(); } @@ -112,6 +151,7 @@ class BOTAN_DLL HMAC_DRBG final : public Stateful_RNG std::unique_ptr<MessageAuthenticationCode> m_mac; secure_vector<byte> m_V; + const size_t m_max_number_of_bytes_per_request; }; } |