aboutsummaryrefslogtreecommitdiffstats
path: root/src/rng/hmac_rng
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-11-09 16:53:25 +0000
committerlloyd <[email protected]>2013-11-09 16:53:25 +0000
commit7aacde3df5e8755a01b6948d42322d182ddc36c1 (patch)
treef9cff257756a12e310bbac5fb96a9027202f22d7 /src/rng/hmac_rng
parentad9b75f7211bcc5f6c4e9d49cce3e6f61431b593 (diff)
In HMAC_RNG record number of bytes since last poll and reseed based on
that rather than the counter.
Diffstat (limited to 'src/rng/hmac_rng')
-rw-r--r--src/rng/hmac_rng/hmac_rng.cpp34
-rw-r--r--src/rng/hmac_rng/hmac_rng.h9
2 files changed, 26 insertions, 17 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp
index 0f6a15a0b..33881b685 100644
--- a/src/rng/hmac_rng/hmac_rng.cpp
+++ b/src/rng/hmac_rng/hmac_rng.cpp
@@ -17,6 +17,10 @@ namespace Botan {
namespace {
+// make these build.h constants?
+const size_t BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED = 512;
+const size_t BOTAN_RNG_RESEED_POLL_BITS = 128;
+
void hmac_prf(MessageAuthenticationCode& prf,
secure_vector<byte>& K,
u32bit& counter,
@@ -96,14 +100,16 @@ void HMAC_RNG::randomize(byte out[], size_t length)
{
hmac_prf(*m_prf, m_K, m_counter, "rng");
- if(m_counter % AUTOMATIC_RESEED_RATE == 0)
- reseed(AUTOMATIC_RESEED_BITS);
-
const size_t copied = std::min<size_t>(m_K.size() / 2, length);
copy_mem(out, &m_K[0], copied);
out += copied;
length -= copied;
+
+ m_output_since_reseed += copied;
+
+ if(m_output_since_reseed >= BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED)
+ reseed(BOTAN_RNG_RESEED_POLL_BITS);
}
}
@@ -153,12 +159,18 @@ void HMAC_RNG::reseed(size_t poll_bits)
zeroise(m_K);
m_counter = 0;
- /*
- * Consider ourselves seeded once we've collected an estimated 128 bits of
- * entropy in a single poll.
- */
- if(accum.bits_collected() >= 128)
- m_seeded = true;
+ m_collected_entropy_estimate =
+ std::min(m_collected_entropy_estimate + accum.bits_collected(),
+ m_extractor->output_length() * 8);
+
+ m_output_since_reseed = 0;
+ }
+
+bool HMAC_RNG::is_seeded() const
+ {
+ if(m_collected_entropy_estimate >= 256)
+ return true;
+ return false;
}
/*
@@ -167,7 +179,7 @@ void HMAC_RNG::reseed(size_t poll_bits)
void HMAC_RNG::add_entropy(const byte input[], size_t length)
{
m_extractor->update(input, length);
- reseed(AUTOMATIC_RESEED_BITS);
+ reseed(BOTAN_RNG_RESEED_POLL_BITS);
}
/*
@@ -175,7 +187,7 @@ void HMAC_RNG::add_entropy(const byte input[], size_t length)
*/
void HMAC_RNG::clear()
{
- m_seeded = false;
+ m_collected_entropy_estimate = 0;
m_extractor->clear();
m_prf->clear();
zeroise(m_K);
diff --git a/src/rng/hmac_rng/hmac_rng.h b/src/rng/hmac_rng/hmac_rng.h
index 6d7c3228a..8fee5be5a 100644
--- a/src/rng/hmac_rng/hmac_rng.h
+++ b/src/rng/hmac_rng/hmac_rng.h
@@ -28,7 +28,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator
{
public:
void randomize(byte buf[], size_t len);
- bool is_seeded() const { return m_seeded; }
+ bool is_seeded() const;
void clear();
std::string name() const;
@@ -42,14 +42,11 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator
HMAC_RNG(MessageAuthenticationCode* extractor,
MessageAuthenticationCode* prf);
private:
- // make these build.h constants?
- const size_t AUTOMATIC_RESEED_RATE = 16;
- const size_t AUTOMATIC_RESEED_BITS = 128;
-
std::unique_ptr<MessageAuthenticationCode> m_extractor;
std::unique_ptr<MessageAuthenticationCode> m_prf;
- bool m_seeded = false;
+ size_t m_collected_entropy_estimate = 0;
+ size_t m_output_since_reseed = 0;
secure_vector<byte> m_K;
u32bit m_counter = 0;