diff options
| -rw-r--r-- | src/build-data/buildh.in | 23 | ||||
| -rw-r--r-- | src/lib/entropy/beos_stats/es_beos.cpp | 14 | ||||
| -rw-r--r-- | src/lib/entropy/cryptoapi_rng/es_capi.cpp | 4 | ||||
| -rw-r--r-- | src/lib/entropy/darwin_secrandom/darwin_secrandom.cpp | 4 | ||||
| -rw-r--r-- | src/lib/entropy/dev_random/dev_random.cpp | 4 | ||||
| -rw-r--r-- | src/lib/entropy/egd/es_egd.cpp | 4 | ||||
| -rw-r--r-- | src/lib/entropy/hres_timer/hres_timer.cpp | 19 | ||||
| -rw-r--r-- | src/lib/entropy/proc_walk/proc_walk.cpp | 3 | ||||
| -rw-r--r-- | src/lib/entropy/unix_procs/unix_procs.cpp | 15 | ||||
| -rw-r--r-- | src/lib/entropy/win32_stats/es_win32.cpp | 51 | ||||
| -rw-r--r-- | src/lib/rng/system_rng/system_rng.cpp | 10 |
11 files changed, 81 insertions, 70 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index a289fbcd8..49ef89146 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -139,6 +139,29 @@ #define BOTAN_ENTROPY_PROC_FS_PATH "/proc" #define BOTAN_ENTROPY_SAFE_PATHS { "/bin", "/sbin", "/usr/bin", "/usr/sbin" } +/* +* Defines the static entropy estimates which each type of source uses. +* These values are expressed as the bits of entropy per byte of +* output (in double format) and should be conservative. These are used +* unless an entropy source has some more specific opinion on the entropy +* of the underlying source. +*/ + +// We include some high resolution timestamps because it can't hurt +#define BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS 0 + +// Data which is system or process specific, but otherwise static +#define BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA 0 + +// Binary system data of some kind +#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA 0.5 + +// Human readable text which has entropy +#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_TEXT (1.0 / 64) + +// The output of a PRNG we are trusting to be strong +#define BOTAN_ENTROPY_ESTIMATE_STRONG_RNG 7.0 + /* Should we use GCC-style inline assembler? */ #if !defined(BOTAN_USE_GCC_INLINE_ASM) && defined(__GNUG__) #define BOTAN_USE_GCC_INLINE_ASM 1 diff --git a/src/lib/entropy/beos_stats/es_beos.cpp b/src/lib/entropy/beos_stats/es_beos.cpp index c0dfdd89b..aa0e257a9 100644 --- a/src/lib/entropy/beos_stats/es_beos.cpp +++ b/src/lib/entropy/beos_stats/es_beos.cpp @@ -20,40 +20,40 @@ void BeOS_EntropySource::poll(Entropy_Accumulator& accum) { system_info info_sys; get_system_info(&info_sys); - accum.add(info_sys, 2); + accum.add(info_sys, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); key_info info_key; // current state of the keyboard get_key_info(&info_key); - accum.add(info_key, 0); + accum.add(info_key, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); team_info info_team; int32 cookie_team = 0; while(get_next_team_info(&cookie_team, &info_team) == B_OK) { - accum.add(info_team, 2); + accum.add(info_team, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); team_id id = info_team.team; int32 cookie = 0; thread_info info_thr; while(get_next_thread_info(id, &cookie, &info_thr) == B_OK) - accum.add(info_thr, 1); + accum.add(info_thr, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); cookie = 0; image_info info_img; while(get_next_image_info(id, &cookie, &info_img) == B_OK) - accum.add(info_img, 1); + accum.add(info_img, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); cookie = 0; sem_info info_sem; while(get_next_sem_info(id, &cookie, &info_sem) == B_OK) - accum.add(info_sem, 1); + accum.add(info_sem, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); cookie = 0; area_info info_area; while(get_next_area_info(id, &cookie, &info_area) == B_OK) - accum.add(info_area, 2); + accum.add(info_area, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); if(accum.polling_finished()) break; diff --git a/src/lib/entropy/cryptoapi_rng/es_capi.cpp b/src/lib/entropy/cryptoapi_rng/es_capi.cpp index 6ffc03c12..88c8488ad 100644 --- a/src/lib/entropy/cryptoapi_rng/es_capi.cpp +++ b/src/lib/entropy/cryptoapi_rng/es_capi.cpp @@ -57,8 +57,6 @@ class CSP_Handle */ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum) { - const size_t ENTROPY_BITS_PER_BYTE = 8; - secure_vector<byte>& buf = accum.get_io_buf(BOTAN_SYSTEM_RNG_POLL_REQUEST); for(size_t i = 0; i != prov_types.size(); ++i) @@ -67,7 +65,7 @@ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum) if(size_t got = csp.gen_random(buf.data(), buf.size())) { - accum.add(buf.data(), got, ENTROPY_BITS_PER_BYTE); + accum.add(buf.data(), got, BOTAN_ENTROPY_ESTIMATE_STRONG_RNG); break; } } diff --git a/src/lib/entropy/darwin_secrandom/darwin_secrandom.cpp b/src/lib/entropy/darwin_secrandom/darwin_secrandom.cpp index 08b464ff0..4f1ed87bd 100644 --- a/src/lib/entropy/darwin_secrandom/darwin_secrandom.cpp +++ b/src/lib/entropy/darwin_secrandom/darwin_secrandom.cpp @@ -15,13 +15,11 @@ namespace Botan { */ void Darwin_SecRandom::poll(Entropy_Accumulator& accum) { - const size_t ENTROPY_BITS_PER_BYTE = 8; - secure_vector<byte>& buf = accum.get_io_buf(BOTAN_SYSTEM_RNG_POLL_REQUEST); if(0 == SecRandomCopyBytes(kSecRandomDefault, buf.size(), buf.data())) { - accum.add(buf.data(), buf.size(), ENTROPY_BITS_PER_BYTE); + accum.add(buf.data(), buf.size(), BOTAN_ENTROPY_ESTIMATE_STRONG_RNG); } } diff --git a/src/lib/entropy/dev_random/dev_random.cpp b/src/lib/entropy/dev_random/dev_random.cpp index 0115368da..aca161d64 100644 --- a/src/lib/entropy/dev_random/dev_random.cpp +++ b/src/lib/entropy/dev_random/dev_random.cpp @@ -59,8 +59,6 @@ void Device_EntropySource::poll(Entropy_Accumulator& accum) if(m_devices.empty()) return; - const size_t ENTROPY_BITS_PER_BYTE = 8; - fd_type max_fd = m_devices[0]; fd_set read_set; FD_ZERO(&read_set); @@ -86,7 +84,7 @@ void Device_EntropySource::poll(Entropy_Accumulator& accum) { const ssize_t got = ::read(m_devices[i], buf.data(), buf.size()); if(got > 0) - accum.add(buf.data(), got, ENTROPY_BITS_PER_BYTE); + accum.add(buf.data(), got, BOTAN_ENTROPY_ESTIMATE_STRONG_RNG); } } } diff --git a/src/lib/entropy/egd/es_egd.cpp b/src/lib/entropy/egd/es_egd.cpp index 9b625d051..c3b75e8f5 100644 --- a/src/lib/entropy/egd/es_egd.cpp +++ b/src/lib/entropy/egd/es_egd.cpp @@ -137,8 +137,6 @@ EGD_EntropySource::~EGD_EntropySource() */ void EGD_EntropySource::poll(Entropy_Accumulator& accum) { - const size_t ENTROPY_BITS_PER_BYTE = 8; - std::lock_guard<std::mutex> lock(m_mutex); secure_vector<byte>& buf = accum.get_io_buf(BOTAN_SYSTEM_RNG_POLL_REQUEST); @@ -149,7 +147,7 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) if(got) { - accum.add(buf.data(), got, ENTROPY_BITS_PER_BYTE); + accum.add(buf.data(), got, BOTAN_ENTROPY_ESTIMATE_STRONG_RNG); break; } } diff --git a/src/lib/entropy/hres_timer/hres_timer.cpp b/src/lib/entropy/hres_timer/hres_timer.cpp index 6efa3b188..0b39c935a 100644 --- a/src/lib/entropy/hres_timer/hres_timer.cpp +++ b/src/lib/entropy/hres_timer/hres_timer.cpp @@ -26,16 +26,13 @@ namespace Botan { */ void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum) { - // Don't count any timestamps as contributing any entropy - const double ESTIMATED_ENTROPY_PER_BYTE = 0.0; - #if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) -#define CLOCK_GETTIME_POLL(src) \ - do { \ - struct timespec ts; \ - ::clock_gettime(src, &ts); \ - accum.add(&ts, sizeof(ts), ESTIMATED_ENTROPY_PER_BYTE); \ +#define CLOCK_GETTIME_POLL(src) \ + do { \ + struct timespec ts; \ + ::clock_gettime(src, &ts); \ + accum.add(&ts, sizeof(ts), BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); \ } while(0) #if defined(CLOCK_REALTIME) @@ -65,7 +62,7 @@ void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum) #define STD_CHRONO_POLL(clock) \ do { \ auto timestamp = clock::now().time_since_epoch().count(); \ - accum.add(timestamp, ESTIMATED_ENTROPY_PER_BYTE); \ + accum.add(timestamp, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); \ } while(0) STD_CHRONO_POLL(std::chrono::high_resolution_clock); @@ -109,7 +106,7 @@ void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum) #endif - accum.add(rtc, ESTIMATED_ENTROPY_PER_BYTE); + accum.add(rtc, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); #endif @@ -117,7 +114,7 @@ void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum) { LARGE_INTEGER tv; ::QueryPerformanceCounter(&tv); - accum.add(tv.QuadPart, ESTIMATED_ENTROPY_PER_BYTE); + accum.add(tv.QuadPart, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); } #endif } diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp index 817aa80a5..7ef6a8e26 100644 --- a/src/lib/entropy/proc_walk/proc_walk.cpp +++ b/src/lib/entropy/proc_walk/proc_walk.cpp @@ -113,7 +113,6 @@ int Directory_Walker::next_fd() void ProcWalking_EntropySource::poll(Entropy_Accumulator& accum) { const size_t MAX_FILES_READ_PER_POLL = 2048; - const double ENTROPY_ESTIMATE = 1.0 / 128; std::lock_guard<std::mutex> lock(m_mutex); @@ -137,7 +136,7 @@ void ProcWalking_EntropySource::poll(Entropy_Accumulator& accum) ::close(fd); if(got > 0) - accum.add(m_buf.data(), got, ENTROPY_ESTIMATE); + accum.add(m_buf.data(), got, BOTAN_ENTROPY_ESTIMATE_SYSTEM_TEXT); if(accum.polling_finished()) break; diff --git a/src/lib/entropy/unix_procs/unix_procs.cpp b/src/lib/entropy/unix_procs/unix_procs.cpp index abfe341e0..59bb35785 100644 --- a/src/lib/entropy/unix_procs/unix_procs.cpp +++ b/src/lib/entropy/unix_procs/unix_procs.cpp @@ -68,15 +68,15 @@ Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& trusted_p void UnixProcessInfo_EntropySource::poll(Entropy_Accumulator& accum) { - accum.add(::getpid(), 0.0); - accum.add(::getppid(), 0.0); - accum.add(::getuid(), 0.0); - accum.add(::getgid(), 0.0); - accum.add(::getpgrp(), 0.0); + accum.add(::getpid(), BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); + accum.add(::getppid(), BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); + accum.add(::getuid(), BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); + accum.add(::getgid(), BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); + accum.add(::getpgrp(), BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); struct ::rusage usage; ::getrusage(RUSAGE_SELF, &usage); - accum.add(usage, 0.0); + accum.add(usage, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); } void Unix_EntropySource::Unix_Process::spawn(const std::vector<std::string>& args) @@ -194,7 +194,6 @@ void Unix_EntropySource::poll(Entropy_Accumulator& accum) return; // still empty, really nothing to try const size_t MS_WAIT_TIME = 32; - const double ENTROPY_ESTIMATE = 1.0 / 1024; m_buf.resize(4096); @@ -238,7 +237,7 @@ void Unix_EntropySource::poll(Entropy_Accumulator& accum) { const ssize_t got = ::read(fd, m_buf.data(), m_buf.size()); if(got > 0) - accum.add(m_buf.data(), got, ENTROPY_ESTIMATE); + accum.add(m_buf.data(), got, BOTAN_ENTROPY_ESTIMATE_SYSTEM_TEXT); else proc.spawn(next_source()); } diff --git a/src/lib/entropy/win32_stats/es_win32.cpp b/src/lib/entropy/win32_stats/es_win32.cpp index 04e441570..52bb24136 100644 --- a/src/lib/entropy/win32_stats/es_win32.cpp +++ b/src/lib/entropy/win32_stats/es_win32.cpp @@ -20,31 +20,32 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) First query a bunch of basic statistical stuff, though don't count it for much in terms of contributed entropy. */ - accum.add(GetTickCount(), 0); - accum.add(GetMessagePos(), 0); - accum.add(GetMessageTime(), 0); - accum.add(GetInputState(), 0); - accum.add(GetCurrentProcessId(), 0); - accum.add(GetCurrentThreadId(), 0); + accum.add(GetTickCount(), BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); + accum.add(GetMessagePos(), BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); + accum.add(GetMessageTime(), BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); + accum.add(GetInputState(), BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); + + accum.add(GetCurrentProcessId(), BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); + accum.add(GetCurrentThreadId(), BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); SYSTEM_INFO sys_info; GetSystemInfo(&sys_info); - accum.add(sys_info, 1); + accum.add(sys_info, BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA); MEMORYSTATUS mem_info; GlobalMemoryStatus(&mem_info); - accum.add(mem_info, 1); + accum.add(mem_info, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); POINT point; GetCursorPos(&point); - accum.add(point, 1); + accum.add(point, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); GetCaretPos(&point); - accum.add(point, 1); + accum.add(point, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); LARGE_INTEGER perf_counter; QueryPerformanceCounter(&perf_counter); - accum.add(perf_counter, 0); + accum.add(perf_counter, BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS); /* Now use the Tooltip library to iterate throug various objects on @@ -53,18 +54,18 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); -#define TOOLHELP32_ITER(DATA_TYPE, FUNC_FIRST, FUNC_NEXT) \ - if(!accum.polling_finished()) \ - { \ - DATA_TYPE info; \ - info.dwSize = sizeof(DATA_TYPE); \ - if(FUNC_FIRST(snapshot, &info)) \ - { \ - do \ - { \ - accum.add(info, 1); \ - } while(FUNC_NEXT(snapshot, &info)); \ - } \ +#define TOOLHELP32_ITER(DATA_TYPE, FUNC_FIRST, FUNC_NEXT) \ + if(!accum.polling_finished()) \ + { \ + DATA_TYPE info; \ + info.dwSize = sizeof(DATA_TYPE); \ + if(FUNC_FIRST(snapshot, &info)) \ + { \ + do \ + { \ + accum.add(info, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); \ + } while(FUNC_NEXT(snapshot, &info)); \ + } \ } TOOLHELP32_ITER(MODULEENTRY32, Module32First, Module32Next); @@ -86,7 +87,7 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) { do { - accum.add(heap_list, 1); + accum.add(heap_list, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); if(++heap_lists_found > HEAP_LISTS_MAX) break; @@ -101,7 +102,7 @@ void Win32_EntropySource::poll(Entropy_Accumulator& accum) { if(heap_objs_found++ > HEAP_OBJS_PER_LIST) break; - accum.add(heap_entry, 1); + accum.add(heap_entry, BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA); } while(Heap32Next(&heap_entry)); } diff --git a/src/lib/rng/system_rng/system_rng.cpp b/src/lib/rng/system_rng/system_rng.cpp index 02ad07736..50ec696a0 100644 --- a/src/lib/rng/system_rng/system_rng.cpp +++ b/src/lib/rng/system_rng/system_rng.cpp @@ -40,17 +40,17 @@ class System_RNG_Impl : public RandomNumberGenerator void clear() override {} std::string name() const override { return "system"; } - size_t reseed_with_sources(Entropy_Sources& srcs, - size_t poll_bits, - std::chrono::milliseconds poll_timeout) override + size_t reseed_with_sources(Entropy_Sources&, + size_t /*poll_bits*/, + std::chrono::milliseconds /*timeout*/) override { + // We ignore it and assert the PRNG is seeded. + // TODO: could poll and write it to /dev/urandom to help seed it return 0; } void add_entropy(const byte[], size_t) override { - // We could write this back to /dev/urandom to help seed the PRNG - // Unclear if this is valuable on current systems } private: |