Remove HMAC_RNG, X9.31-RNG, BeOS stats, EGD reader, Unix process runner

Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1, whichever is available (in that order).
author: Jack Lloyd <[email protected]> 2016-10-28 16:44:05 -0400
committer: Jack Lloyd <[email protected]> 2016-10-28 16:49:11 -0400
commit: f98c184fe66e6c0f624b381a186c6dddfc62539a (patch)
tree: 325aca069972bf38d92032d74b4a3d53d5b081d9 /src/lib/rng
parent: 8141ea4c2a51e908fae3ebb463154acffeac9186 (diff)
8 files changed, 18 insertions, 504 deletions
diff --git a/src/lib/rng/auto_rng/auto_rng.cpp b/src/lib/rng/auto_rng/auto_rng.cpp
index a9da085bc..e631604c9 100644
--- a/src/lib/rng/auto_rng/auto_rng.cpp
+++ b/src/lib/rng/auto_rng/auto_rng.cpp
@@ -6,19 +6,16 @@
 
 #include <botan/auto_rng.h>
 #include <botan/entropy_src.h>
-
-#if defined(BOTAN_HAS_HMAC_DRBG)
-  #include <botan/hmac_drbg.h>
-#endif
-
-#if defined(BOTAN_HAS_HMAC_RNG)
-  #include <botan/hmac_rng.h>
-#endif
+#include <botan/hmac_drbg.h>
 
 #if defined(BOTAN_HAS_SYSTEM_RNG)
   #include <botan/system_rng.h>
 #endif
 
+#if !defined(BOTAN_AUTO_RNG_HMAC)
+#error "No hash function defined for AutoSeeded_RNG in build.h (try enabling sha2_32)"
+#endif
+
 namespace Botan {
 
 AutoSeeded_RNG::~AutoSeeded_RNG()
@@ -29,18 +26,18 @@ AutoSeeded_RNG::~AutoSeeded_RNG()
 AutoSeeded_RNG::AutoSeeded_RNG(RandomNumberGenerator& underlying_rng,
                                size_t reseed_interval)
    {
-   m_rng.reset(new BOTAN_AUTO_RNG_DRBG(MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC),
-                                       underlying_rng,
-                                       reseed_interval));
+   m_rng.reset(new HMAC_DRBG(MessageAuthenticationCode::create_or_throw(BOTAN_AUTO_RNG_HMAC),
+                             underlying_rng,
+                             reseed_interval));
    force_reseed();
    }
 
 AutoSeeded_RNG::AutoSeeded_RNG(Entropy_Sources& entropy_sources,
                                size_t reseed_interval)
    {
-   m_rng.reset(new BOTAN_AUTO_RNG_DRBG(MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC),
-                                       entropy_sources,
-                                       reseed_interval));
+   m_rng.reset(new HMAC_DRBG(MessageAuthenticationCode::create_or_throw(BOTAN_AUTO_RNG_HMAC),
+                             entropy_sources,
+                             reseed_interval));
    force_reseed();
    }
 
@@ -48,10 +45,9 @@ AutoSeeded_RNG::AutoSeeded_RNG(RandomNumberGenerator& underlying_rng,
                                Entropy_Sources& entropy_sources,
                                size_t reseed_interval)
    {
-   m_rng.reset(new BOTAN_AUTO_RNG_DRBG(MessageAuthenticationCode::create(BOTAN_AUTO_RNG_HMAC),
-                                       underlying_rng,
-                                       entropy_sources,
-                                       reseed_interval));
+   m_rng.reset(new HMAC_DRBG(
+                  MessageAuthenticationCode::create_or_throw(BOTAN_AUTO_RNG_HMAC),
+                  underlying_rng, entropy_sources, reseed_interval));
    force_reseed();
    }
 
diff --git a/src/lib/rng/auto_rng/info.txt b/src/lib/rng/auto_rng/info.txt
index b77e6aa54..b66aafb45 100644
--- a/src/lib/rng/auto_rng/info.txt
+++ b/src/lib/rng/auto_rng/info.txt
@@ -1 +1,5 @@
 define AUTO_SEEDING_RNG 20160821
+
+<requires>
+hmac_drbg
+</requires>
diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp
deleted file mode 100644
index 081d8b38a..000000000
--- a/src/lib/rng/hmac_rng/hmac_rng.cpp
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
-* HMAC_RNG
-* (C) 2008,2009,2013,2015,2016 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/hmac_rng.h>
-#include <botan/entropy_src.h>
-#include <botan/internal/os_utils.h>
-#include <algorithm>
-
-namespace Botan {
-
-HMAC_RNG::HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf,
-                   RandomNumberGenerator& underlying_rng,
-                   Entropy_Sources& entropy_sources,
-                   size_t reseed_interval) :
-   Stateful_RNG(underlying_rng, entropy_sources, reseed_interval),
-   m_prf(std::move(prf))
-   {
-   BOTAN_ASSERT_NONNULL(m_prf);
-
-   if(!m_prf->valid_keylength(m_prf->output_length()))
-      {
-      throw Invalid_Argument("HMAC_RNG cannot use " + m_prf->name());
-      }
-
-   m_extractor.reset(m_prf->clone());
-   this->clear();
-   }
-
-HMAC_RNG::HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf,
-                   RandomNumberGenerator& underlying_rng,
-                   size_t reseed_interval) :
-   Stateful_RNG(underlying_rng, reseed_interval),
-   m_prf(std::move(prf))
-   {
-   BOTAN_ASSERT_NONNULL(m_prf);
-
-   if(!m_prf->valid_keylength(m_prf->output_length()))
-      {
-      throw Invalid_Argument("HMAC_RNG cannot use " + m_prf->name());
-      }
-
-   m_extractor.reset(m_prf->clone());
-   this->clear();
-   }
-
-HMAC_RNG::HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf,
-                   Entropy_Sources& entropy_sources,
-                   size_t reseed_interval) :
-   Stateful_RNG(entropy_sources, reseed_interval),
-   m_prf(std::move(prf)),
-   m_extractor(m_prf->clone())
-   {
-   BOTAN_ASSERT_NONNULL(m_prf);
-
-   if(!m_prf->valid_keylength(m_prf->output_length()))
-      {
-      throw Invalid_Argument("HMAC_RNG cannot use " + m_prf->name());
-      }
-
-   m_extractor.reset(m_prf->clone());
-   this->clear();
-   }
-
-HMAC_RNG::HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf) :
-   Stateful_RNG(),
-   m_prf(std::move(prf))
-   {
-   BOTAN_ASSERT_NONNULL(m_prf);
-
-   if(!m_prf->valid_keylength(m_prf->output_length()))
-      {
-      throw Invalid_Argument("HMAC_RNG cannot use " + m_prf->name());
-      }
-
-   m_extractor.reset(m_prf->clone());
-   this->clear();
-   }
-
-void HMAC_RNG::clear()
-   {
-   Stateful_RNG::clear();
-   m_counter = 0;
-
-   // First PRF inputs are all zero, as specified in section 2
-   m_K.resize(m_prf->output_length());
-   zeroise(m_K);
-
-   /*
-   Normally we want to feedback PRF outputs to the extractor function
-   to ensure a single bad poll does not reduce entropy. Thus in reseed
-   we'll want to invoke the PRF before we reset the PRF key, but until
-   the first reseed the PRF is unkeyed. Rather than trying to keep
-   track of this, just set the initial PRF key to constant zero.
-   Since all PRF inputs in the first reseed are constants, this
-   amounts to suffixing the seed in the first poll with a fixed
-   constant string.
-
-   The PRF key will not be used to generate outputs until after reseed
-   sets m_seeded to true.
-   */
-   std::vector<byte> prf_zero_key(m_extractor->output_length());
-   m_prf->set_key(prf_zero_key.data(), prf_zero_key.size());
-
-   /*
-   Use PRF("Botan HMAC_RNG XTS") as the intitial XTS key.
-
-   This will be used during the first extraction sequence; XTS values
-   after this one are generated using the PRF.
-
-   If I understand the E-t-E paper correctly (specifically Section 4),
-   using this fixed initial extractor key is safe to do.
-   */
-   m_extractor->set_key(m_prf->process("Botan HMAC_RNG XTS"));
-   }
-
-void HMAC_RNG::new_K_value(byte label)
-   {
-   m_prf->update(m_K);
-   m_prf->update_be(last_pid());
-   m_prf->update_be(OS::get_processor_timestamp());
-   m_prf->update_be(OS::get_system_timestamp_ns());
-   m_prf->update_be(m_counter++);
-   m_prf->update(label);
-   m_prf->final(m_K.data());
-   }
-
-/*
-* Generate a buffer of random bytes
-*/
-void HMAC_RNG::randomize(byte out[], size_t length)
-   {
-   reseed_check();
-
-   while(length)
-      {
-      new_K_value(Running);
-
-      const size_t copied = std::min<size_t>(length, m_prf->output_length());
-
-      copy_mem(out, m_K.data(), copied);
-      out += copied;
-      length -= copied;
-      }
-
-   new_K_value(BlockFinished);
-   }
-
-size_t HMAC_RNG::reseed(Entropy_Sources& srcs,
-                        size_t poll_bits,
-                        std::chrono::milliseconds timeout)
-   {
-   new_K_value(Reseed);
-   m_extractor->update(m_K); // m_K is the PRF output
-
-   /*
-   * This ends up calling add_entropy which provides input to the extractor
-   */
-   size_t bits_collected = Stateful_RNG::reseed(srcs, poll_bits, timeout);
-
-   /*
-   Now derive the new PRK using everything that has been fed into
-   the extractor, and set the PRF key to that
-   */
-   m_prf->set_key(m_extractor->final());
-
-   // Now generate a new PRF output to use as the XTS extractor salt
-   new_K_value(ExtractorSeed);
-   m_extractor->set_key(m_K);
-
-   // Reset state
-   zeroise(m_K);
-   m_counter = 0;
-
-   return bits_collected;
-   }
-
-/*
-* Add user-supplied entropy to the extractor input then set remaining
-* output length to for a reseed on next use.
-*/
-void HMAC_RNG::add_entropy(const byte input[], size_t length)
-   {
-   m_extractor->update(input, length);
-   force_reseed();
-   }
-
-/*
-* Return the name of this type
-*/
-std::string HMAC_RNG::name() const
-   {
-   return "HMAC_RNG(" + m_extractor->name() + "," + m_prf->name() + ")";
-   }
-
-}
diff --git a/src/lib/rng/hmac_rng/hmac_rng.h b/src/lib/rng/hmac_rng/hmac_rng.h
deleted file mode 100644
index e4cb4a2bf..000000000
--- a/src/lib/rng/hmac_rng/hmac_rng.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
-* HMAC RNG
-* (C) 2008,2013,2016 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_HMAC_RNG_H__
-#define BOTAN_HMAC_RNG_H__
-
-#include <botan/stateful_rng.h>
-#include <botan/mac.h>
-
-namespace Botan {
-
-/**
-* HMAC_RNG - based on the design described in "On Extract-then-Expand
-* Key Derivation Functions and an HMAC-based KDF" by Hugo Krawczyk
-* (henceforce, 'E-t-E')
-*
-* However it actually could be parameterized with any two MAC functions,
-* not restricted to HMAC (this variation is also described in
-* Krawczyk's paper), for instance one could use HMAC(SHA-512) as the
-* extractor and CMAC(AES-256) as the PRF.
-*/
-class BOTAN_DLL HMAC_RNG final : public Stateful_RNG
-   {
-   public:
-      /**
-      * Initialize an HMAC_RNG instance with the given MAC as PRF (normally HMAC)
-      * @param prf MAC to use as a PRF
-      * @param underlying_rng is a reference to some RNG which will be used
-      * to perform the periodic reseeding.
-      * @param entropy_sources will be polled to perform reseeding periodically
-      * @param reseed_interval specifies a limit of how many times
-      * the RNG will be called before automatic reseeding is performed.
-      */
-      HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf,
-               RandomNumberGenerator& underlying_rng,
-               Entropy_Sources& entropy_sources,
-               size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL);
-
-      /**
-      * Initialize an HMAC_RNG instance with the given MAC as PRF (normally HMAC)
-      * @param prf MAC to use as a PRF
-      * @param underlying_rng is a reference to some RNG which will be used
-      * to perform the periodic reseeding.
-      * @param reseed_interval specifies a limit of how many times
-      * the RNG will be called before automatic reseeding is performed.
-      */
-      HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf,
-               RandomNumberGenerator& underlying_rng,
-               size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL);
-
-      /*
-      * Initialize an HMAC_RNG instance with the given MAC as PRF (normally HMAC)
-      * @param prf MAC to use as a PRF
-      * @param entropy_sources will be polled to perform reseeding periodically
-      * @param reseed_interval specifies a limit of how many times
-      * the RNG will be called before automatic reseeding is performed.
-      */
-      HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf,
-               Entropy_Sources& entropy_sources,
-               size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL);
-
-      /**
-      * Initialize an HMAC_RNG instance with the given MAC as PRF (normally HMAC)
-      * Automatic reseeding is disabled completely.
-      * @param prf MAC to use as a PRF
-      */
-      HMAC_RNG(std::unique_ptr<MessageAuthenticationCode> prf);
-
-      void randomize(byte buf[], size_t len) override;
-      void clear() override;
-      std::string name() const override;
-
-      size_t reseed(Entropy_Sources& srcs,
-                    size_t poll_bits,
-                    std::chrono::milliseconds poll_timeout) override;
-
-      void add_entropy(const byte[], size_t) override;
-
-      size_t security_level() const override { return m_prf->output_length() * 8 / 2; }
-
-   private:
-      std::unique_ptr<MessageAuthenticationCode> m_prf;
-      std::unique_ptr<MessageAuthenticationCode> m_extractor;
-
-      enum HMAC_PRF_Label {
-         Running,
-         BlockFinished,
-         Reseed,
-         ExtractorSeed,
-      };
-      void new_K_value(byte label);
-
-      secure_vector<byte> m_K;
-      u32bit m_counter = 0;
-   };
-
-}
-
-#endif
diff --git a/src/lib/rng/hmac_rng/info.txt b/src/lib/rng/hmac_rng/info.txt
deleted file mode 100644
index 2b7f49c8a..000000000
--- a/src/lib/rng/hmac_rng/info.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-define HMAC_RNG 20131128
-
-<requires>
-mac
-stateful_rng
-</requires>
diff --git a/src/lib/rng/x931_rng/info.txt b/src/lib/rng/x931_rng/info.txt
deleted file mode 100644
index 4a4418083..000000000
--- a/src/lib/rng/x931_rng/info.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-define X931_RNG 20131128
-
-<requires>
-stateful_rng
-</requires>
diff --git a/src/lib/rng/x931_rng/x931_rng.cpp b/src/lib/rng/x931_rng/x931_rng.cpp
deleted file mode 100644
index ed44dc743..000000000
--- a/src/lib/rng/x931_rng/x931_rng.cpp
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
-* ANSI X9.31 RNG
-* (C) 1999-2009,2014 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/x931_rng.h>
-#include <algorithm>
-
-namespace Botan {
-
-void ANSI_X931_RNG::randomize(byte out[], size_t length)
-   {
-   if(!is_seeded())
-      {
-      rekey();
-
-      if(!is_seeded())
-         throw PRNG_Unseeded(name());
-      }
-
-   while(length)
-      {
-      if(m_R_pos == m_R.size())
-         update_buffer();
-
-      const size_t copied = std::min<size_t>(length, m_R.size() - m_R_pos);
-
-      copy_mem(out, &m_R[m_R_pos], copied);
-      out += copied;
-      length -= copied;
-      m_R_pos += copied;
-      }
-   }
-
-/*
-* Refill the internal state
-*/
-void ANSI_X931_RNG::update_buffer()
-   {
-   const size_t BLOCK_SIZE = m_cipher->block_size();
-
-   secure_vector<byte> DT = m_prng->random_vec(BLOCK_SIZE);
-   m_cipher->encrypt(DT);
-
-   xor_buf(m_R.data(), m_V.data(), DT.data(), BLOCK_SIZE);
-   m_cipher->encrypt(m_R);
-
-   xor_buf(m_V.data(), m_R.data(), DT.data(), BLOCK_SIZE);
-   m_cipher->encrypt(m_V);
-
-   m_R_pos = 0;
-   }
-
-/*
-* Reset V and the cipher key with new values
-*/
-void ANSI_X931_RNG::rekey()
-   {
-   const size_t BLOCK_SIZE = m_cipher->block_size();
-
-   if(m_prng->is_seeded())
-      {
-      m_cipher->set_key(m_prng->random_vec(m_cipher->maximum_keylength()));
-
-      if(m_V.size() != BLOCK_SIZE)
-         m_V.resize(BLOCK_SIZE);
-      m_prng->randomize(m_V.data(), m_V.size());
-
-      update_buffer();
-      }
-   }
-
-size_t ANSI_X931_RNG::reseed(Entropy_Sources& srcs,
-                             size_t poll_bits,
-                             std::chrono::milliseconds poll_timeout)
-   {
-   size_t bits = m_prng->reseed(srcs, poll_bits, poll_timeout);
-   rekey();
-   return bits;
-   }
-
-void ANSI_X931_RNG::add_entropy(const byte input[], size_t length)
-   {
-   m_prng->add_entropy(input, length);
-   rekey();
-   }
-
-bool ANSI_X931_RNG::is_seeded() const
-   {
-   return (m_V.size() > 0);
-   }
-
-void ANSI_X931_RNG::clear()
-   {
-   m_cipher->clear();
-   m_prng->clear();
-   zeroise(m_R);
-   m_V.clear();
-
-   m_R_pos = 0;
-   }
-
-std::string ANSI_X931_RNG::name() const
-   {
-   return "X9.31(" + m_cipher->name() + ")";
-   }
-
-ANSI_X931_RNG::ANSI_X931_RNG(BlockCipher* cipher,
-                             RandomNumberGenerator* prng) :
-   m_cipher(cipher),
-   m_prng(prng),
-   m_R(m_cipher->block_size()),
-   m_R_pos(0)
-   {
-   }
-
-}
diff --git a/src/lib/rng/x931_rng/x931_rng.h b/src/lib/rng/x931_rng/x931_rng.h
deleted file mode 100644
index 861fcffde..000000000
--- a/src/lib/rng/x931_rng/x931_rng.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
-* ANSI X9.31 RNG
-* (C) 1999-2009 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_ANSI_X931_RNG_H__
-#define BOTAN_ANSI_X931_RNG_H__
-
-#include <botan/rng.h>
-#include <botan/block_cipher.h>
-
-namespace Botan {
-
-/**
-* ANSI X9.31 RNG
-*/
-class BOTAN_DLL ANSI_X931_RNG final : public RandomNumberGenerator
-   {
-   public:
-      void randomize(byte[], size_t) override;
-      bool is_seeded() const override;
-      void clear() override;
-      std::string name() const override;
-
-      size_t reseed(Entropy_Sources& srcs,
-                    size_t poll_bits,
-                    std::chrono::milliseconds poll_timeout) override;
-
-      void add_entropy(const byte[], size_t) override;
-
-      /**
-      * @param cipher the block cipher to use in this PRNG
-      * @param rng the underlying PRNG for generating inputs
-      * (eg, an HMAC_RNG)
-      */
-      BOTAN_DEPRECATED("X9.31 RNG is deprecated and will be removed soon")
-      ANSI_X931_RNG(BlockCipher* cipher,
-                    RandomNumberGenerator* rng);
-
-   private:
-      void rekey();
-      void update_buffer();
-
-      std::unique_ptr<BlockCipher> m_cipher;
-      std::unique_ptr<RandomNumberGenerator> m_prng;
-      secure_vector<byte> m_V, m_R;
-      size_t m_R_pos;
-   };
-
-}
-
-#endif
author	Jack Lloyd <[email protected]>	2016-10-28 16:44:05 -0400
committer	Jack Lloyd <[email protected]>	2016-10-28 16:49:11 -0400
commit	f98c184fe66e6c0f624b381a186c6dddfc62539a (patch)
tree	325aca069972bf38d92032d74b4a3d53d5b081d9 /src/lib/rng
parent	8141ea4c2a51e908fae3ebb463154acffeac9186 (diff)