Remove the notion of counting entropy bits in HMAC_RNG or Randpool.

Instead simply consider the PRNG seeded if a poll kicked off from reseed met its goal, or if the user adds data. Doing anything else prevents creating (for instance) a PRNG seeded with 64 bits of entropy, which is unsafe for some purposes (key generation) but quite possibly safe enough for others (generating salts and such).
author: lloyd <[email protected]> 2009-01-31 12:24:50 +0000
committer: lloyd <[email protected]> 2009-01-31 12:24:50 +0000
commit: f985e438ca768e59626ff08b143a6c80cf671b9e (patch)
tree: c5d85e1f997dc8178878ea3d3d45bdafa4316c91 /src/rng
parent: 2ceccebc5ee5ccc1f30ea57584479e638e6e38d4 (diff)
4 files changed, 14 insertions, 35 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp
index ede2b5a08..458118e11 100644
--- a/src/rng/hmac_rng/hmac_rng.cpp
+++ b/src/rng/hmac_rng/hmac_rng.cpp
@@ -112,9 +112,8 @@ void HMAC_RNG::reseed_with_input(u32bit poll_bits,
    K.clear();
    counter = 0;
 
-   // Upper bound entropy estimate at the extractor output size
-   entropy = std::min<u32bit>(entropy + accum.bits_collected(),
-                              8 * extractor->OUTPUT_LENGTH);
+   if(input_length || accum.bits_collected() >= poll_bits)
+      seeded = true;
    }
 
 /**
@@ -142,14 +141,6 @@ void HMAC_RNG::add_entropy_source(EntropySource* src)
    entropy_sources.push_back(src);
    }
 
-/**
-* Check if the the pool is seeded
-*/
-bool HMAC_RNG::is_seeded() const
-   {
-   return (entropy >= 8 * prf->OUTPUT_LENGTH);
-   }
-
 /*
 * Clear memory of sensitive data
 */
@@ -158,8 +149,8 @@ void HMAC_RNG::clear() throw()
    extractor->clear();
    prf->clear();
    K.clear();
-   entropy = 0;
    counter = 0;
+   seeded = false;
    }
 
 /**
@@ -177,11 +168,10 @@ HMAC_RNG::HMAC_RNG(MessageAuthenticationCode* extractor_mac,
                    MessageAuthenticationCode* prf_mac) :
    extractor(extractor_mac), prf(prf_mac)
    {
-   entropy = 0;
-
    // First PRF inputs are all zero, as specified in section 2
    K.create(prf->OUTPUT_LENGTH);
    counter = 0;
+   seeded = false;
 
    /*
    Normally we want to feedback PRF output into the input to the
@@ -223,7 +213,6 @@ HMAC_RNG::~HMAC_RNG()
    std::for_each(entropy_sources.begin(), entropy_sources.end(),
                  del_fun<EntropySource>());
 
-   entropy = 0;
    counter = 0;
    }
 
diff --git a/src/rng/hmac_rng/hmac_rng.h b/src/rng/hmac_rng/hmac_rng.h
index fbfa8df19..16adddd60 100644
--- a/src/rng/hmac_rng/hmac_rng.h
+++ b/src/rng/hmac_rng/hmac_rng.h
@@ -26,7 +26,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator
    {
    public:
       void randomize(byte buf[], u32bit len);
-      bool is_seeded() const;
+      bool is_seeded() const { return seeded; }
       void clear() throw();
       std::string name() const;
 
@@ -46,7 +46,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator
       MessageAuthenticationCode* prf;
 
       std::vector<EntropySource*> entropy_sources;
-      u32bit entropy;
+      bool seeded;
 
       SecureVector<byte> K, io_buffer;
       u32bit counter, source_index;
diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp
index 98b088808..af36c335f 100644
--- a/src/rng/randpool/randpool.cpp
+++ b/src/rng/randpool/randpool.cpp
@@ -116,8 +116,8 @@ void Randpool::reseed(u32bit poll_bits)
    xor_buf(pool, mac_val, mac_val.size());
    mix_pool();
 
-   entropy = std::min<u32bit>(entropy + accum.bits_collected(),
-                              8 * mac_val.size());
+   if(accum.bits_collected() >= poll_bits)
+      seeded = true;
    }
 
 /**
@@ -129,8 +129,8 @@ void Randpool::add_entropy(const byte input[], u32bit length)
    xor_buf(pool, mac_val, mac_val.size());
    mix_pool();
 
-   // Assume 1 bit conditional entropy per byte of input
-   entropy = std::min<u32bit>(entropy + length, 8 * mac_val.size());
+   if(length)
+      seeded = true;
    }
 
 /**
@@ -142,14 +142,6 @@ void Randpool::add_entropy_source(EntropySource* src)
    }
 
 /**
-* Check if the the pool is seeded
-*/
-bool Randpool::is_seeded() const
-   {
-   return (entropy >= 7 * mac->OUTPUT_LENGTH);
-   }
-
-/**
 * Clear memory of sensitive data
 */
 void Randpool::clear() throw()
@@ -159,7 +151,7 @@ void Randpool::clear() throw()
    pool.clear();
    buffer.clear();
    counter.clear();
-   entropy = 0;
+   seeded = false;
    }
 
 /**
@@ -198,7 +190,7 @@ Randpool::Randpool(BlockCipher* cipher_in,
    buffer.create(BLOCK_SIZE);
    pool.create(POOL_BLOCKS * BLOCK_SIZE);
    counter.create(12);
-   entropy = 0;
+   seeded = false;
    }
 
 /**
@@ -211,8 +203,6 @@ Randpool::~Randpool()
 
    std::for_each(entropy_sources.begin(), entropy_sources.end(),
                  del_fun<EntropySource>());
-
-   entropy = 0;
    }
 
 }
diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h
index 46683934e..f44527609 100644
--- a/src/rng/randpool/randpool.h
+++ b/src/rng/randpool/randpool.h
@@ -20,7 +20,7 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator
    {
    public:
       void randomize(byte[], u32bit);
-      bool is_seeded() const;
+      bool is_seeded() const { return seeded; }
       void clear() throw();
       std::string name() const;
 
@@ -43,7 +43,7 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator
 
       std::vector<EntropySource*> entropy_sources;
       SecureVector<byte> pool, buffer, counter;
-      u32bit entropy;
+      bool seeded;
    };
 
 }
author	lloyd <[email protected]>	2009-01-31 12:24:50 +0000
committer	lloyd <[email protected]>	2009-01-31 12:24:50 +0000
commit	f985e438ca768e59626ff08b143a6c80cf671b9e (patch)
tree	c5d85e1f997dc8178878ea3d3d45bdafa4316c91 /src/rng
parent	2ceccebc5ee5ccc1f30ea57584479e638e6e38d4 (diff)