diff options
| author | lloyd <[email protected]> | 2009-01-31 12:24:50 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2009-01-31 12:24:50 +0000 |
| commit | f985e438ca768e59626ff08b143a6c80cf671b9e (patch) | |
| tree | c5d85e1f997dc8178878ea3d3d45bdafa4316c91 /src | |
| parent | 2ceccebc5ee5ccc1f30ea57584479e638e6e38d4 (diff) | |
Remove the notion of counting entropy bits in HMAC_RNG or Randpool.
Instead simply consider the PRNG seeded if a poll kicked off from reseed
met its goal, or if the user adds data.
Doing anything else prevents creating (for instance) a PRNG seeded with
64 bits of entropy, which is unsafe for some purposes (key generation)
but quite possibly safe enough for others (generating salts and such).
Diffstat (limited to 'src')
| -rw-r--r-- | src/rng/hmac_rng/hmac_rng.cpp | 19 | ||||
| -rw-r--r-- | src/rng/hmac_rng/hmac_rng.h | 4 | ||||
| -rw-r--r-- | src/rng/randpool/randpool.cpp | 22 | ||||
| -rw-r--r-- | src/rng/randpool/randpool.h | 4 |
4 files changed, 14 insertions, 35 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index ede2b5a08..458118e11 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -112,9 +112,8 @@ void HMAC_RNG::reseed_with_input(u32bit poll_bits, K.clear(); counter = 0; - // Upper bound entropy estimate at the extractor output size - entropy = std::min<u32bit>(entropy + accum.bits_collected(), - 8 * extractor->OUTPUT_LENGTH); + if(input_length || accum.bits_collected() >= poll_bits) + seeded = true; } /** @@ -142,14 +141,6 @@ void HMAC_RNG::add_entropy_source(EntropySource* src) entropy_sources.push_back(src); } -/** -* Check if the the pool is seeded -*/ -bool HMAC_RNG::is_seeded() const - { - return (entropy >= 8 * prf->OUTPUT_LENGTH); - } - /* * Clear memory of sensitive data */ @@ -158,8 +149,8 @@ void HMAC_RNG::clear() throw() extractor->clear(); prf->clear(); K.clear(); - entropy = 0; counter = 0; + seeded = false; } /** @@ -177,11 +168,10 @@ HMAC_RNG::HMAC_RNG(MessageAuthenticationCode* extractor_mac, MessageAuthenticationCode* prf_mac) : extractor(extractor_mac), prf(prf_mac) { - entropy = 0; - // First PRF inputs are all zero, as specified in section 2 K.create(prf->OUTPUT_LENGTH); counter = 0; + seeded = false; /* Normally we want to feedback PRF output into the input to the @@ -223,7 +213,6 @@ HMAC_RNG::~HMAC_RNG() std::for_each(entropy_sources.begin(), entropy_sources.end(), del_fun<EntropySource>()); - entropy = 0; counter = 0; } diff --git a/src/rng/hmac_rng/hmac_rng.h b/src/rng/hmac_rng/hmac_rng.h index fbfa8df19..16adddd60 100644 --- a/src/rng/hmac_rng/hmac_rng.h +++ b/src/rng/hmac_rng/hmac_rng.h @@ -26,7 +26,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator { public: void randomize(byte buf[], u32bit len); - bool is_seeded() const; + bool is_seeded() const { return seeded; } void clear() throw(); std::string name() const; @@ -46,7 +46,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator MessageAuthenticationCode* prf; std::vector<EntropySource*> entropy_sources; - u32bit entropy; + bool seeded; SecureVector<byte> K, io_buffer; u32bit counter, source_index; diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index 98b088808..af36c335f 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -116,8 +116,8 @@ void Randpool::reseed(u32bit poll_bits) xor_buf(pool, mac_val, mac_val.size()); mix_pool(); - entropy = std::min<u32bit>(entropy + accum.bits_collected(), - 8 * mac_val.size()); + if(accum.bits_collected() >= poll_bits) + seeded = true; } /** @@ -129,8 +129,8 @@ void Randpool::add_entropy(const byte input[], u32bit length) xor_buf(pool, mac_val, mac_val.size()); mix_pool(); - // Assume 1 bit conditional entropy per byte of input - entropy = std::min<u32bit>(entropy + length, 8 * mac_val.size()); + if(length) + seeded = true; } /** @@ -142,14 +142,6 @@ void Randpool::add_entropy_source(EntropySource* src) } /** -* Check if the the pool is seeded -*/ -bool Randpool::is_seeded() const - { - return (entropy >= 7 * mac->OUTPUT_LENGTH); - } - -/** * Clear memory of sensitive data */ void Randpool::clear() throw() @@ -159,7 +151,7 @@ void Randpool::clear() throw() pool.clear(); buffer.clear(); counter.clear(); - entropy = 0; + seeded = false; } /** @@ -198,7 +190,7 @@ Randpool::Randpool(BlockCipher* cipher_in, buffer.create(BLOCK_SIZE); pool.create(POOL_BLOCKS * BLOCK_SIZE); counter.create(12); - entropy = 0; + seeded = false; } /** @@ -211,8 +203,6 @@ Randpool::~Randpool() std::for_each(entropy_sources.begin(), entropy_sources.end(), del_fun<EntropySource>()); - - entropy = 0; } } diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h index 46683934e..f44527609 100644 --- a/src/rng/randpool/randpool.h +++ b/src/rng/randpool/randpool.h @@ -20,7 +20,7 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator { public: void randomize(byte[], u32bit); - bool is_seeded() const; + bool is_seeded() const { return seeded; } void clear() throw(); std::string name() const; @@ -43,7 +43,7 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator std::vector<EntropySource*> entropy_sources; SecureVector<byte> pool, buffer, counter; - u32bit entropy; + bool seeded; }; } |