aboutsummaryrefslogtreecommitdiffstats
path: root/src/entropy/entropy_src.h
Commit message (Collapse)AuthorAgeFilesLines
* Add new top-level algorithm which provides basic functionality: namelloyd2010-11-011-4/+5
| | | | | | | | query, clearing, and cloning. Applies to ciphers, hashes, MACs, and PBKDFs. May extend to KDFs later as well. A single combined hierarchy in particular will make the algo_factory much simpler.
* Use size_t instead of u32bit in entropy and rnglloyd2010-10-121-11/+11
|
* More Doxygenlloyd2010-06-161-0/+4
|
* Yet more Doxygen commentslloyd2010-06-161-1/+40
|
* More Doxygen updates/fixeslloyd2010-06-151-0/+3
|
* Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-071-1/+1
| | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* Add missing BOTAN_DLL exports.lloyd2009-12-161-2/+2
| | | | Move most of the engine headers to internal
* Rename/remove some secmem member variables for better matching with STLlloyd2009-11-171-1/+1
| | | | | | | | containers (specifically vector). Rename is_empty to empty Remove has_items Rename create to resize
* static_cast a double before returning it as a u32bit to avoid a warninglloyd2009-07-101-1/+1
| | | | with some older versions of gcc
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-301-1/+3
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Recast to byte pointer in Entropy_Accumulator before passing to add_byteslloyd2009-01-311-4/+4
|
* Track the collected entropy as a double instead of a unsigned int. Otherwiselloyd2009-01-311-3/+5
| | | | | | inputs might end up not contributing anything to the count even when they should. This was paricularly noticable with the proc walker - it uses an estimate of .01 bits / byte, so if the file was < 100 bytes it would not count for anything at all.
* Make Entropy_Accumulator a pure virtual to allow other accumulationlloyd2009-01-311-5/+26
| | | | | techniques, with the one using BufferedComputation being the new subclass with the charming name Entropy_Accumulator_BufferedComputation.
* Go back to entropy bits per byte, instead of total estimated entropy oflloyd2009-01-281-4/+4
| | | | the buffer.
* Have Entropy_Accumulator dump everything into a BufferedComputation.lloyd2009-01-271-15/+23
| | | | | | | | | | | | Since both Randpool and HMAC_RNG fed the input into a MAC anyway, this works nicely. (It would be nicer to use tr1::function but, argh, don't want to fully depend on TR1 quite yet. C++0x cannot come soon enough). This avoids requiring to do run length encoding, it just dumps everything as-is into the MAC. This ensures the buffer is not a potential narrow pipe for the entropy (for instance, one might imagine an entropy source which outputs one random byte every 16 bytes, and the rest some repeating pattern - using a 16 byte buffer, you would only get 8 bits of entropy total, no matter how many times you sampled).
* Check in a branch with a major redesign on how entropy polling is performed.lloyd2009-01-271-8/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combine the fast and slow polls, into a single poll() operation. Instead of being given a buffer to write output into, the EntropySource is passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf used to do. It also contains a cached I/O buffer so entropy sources do not individually need to allocate memory for that with each poll. When data is added to the accumulator, the source specifies an estimate of the number of bits of entropy per byte, as a double. This is tracked in the accumulator. Once the estimated entropy hits a target (set by the constructor), the accumulator's member function predicate polling_goal_achieved flips to true. This signals to the PRNG that it can stop performing polling on sources, also polls that take a long time periodically check this flag and return immediately. The Win32 and BeOS entropy sources have been updated, but blindly; testing is needed. The test_es example program has been modified: now it polls twice and outputs the XOR of the two collected results. That helps show if the output is consistent across polls (not a good thing). I have noticed on the Unix entropy source, occasionally there are many 0x00 bytes in the output, which is not optimal. This also needs to be investigated. The RLE is not actually RLE anymore. It works well for non-random inputs (ASCII text, etc), but I noticed that when /dev/random output was fed into it, the output buffer would end up being RR01RR01RR01 where RR is a random byte and 00 is the byte count. The buffer sizing also needs to be examined carefully. It might be useful to choose a prime number for the size to XOR stuff into, to help ensure an even distribution of entropy across the entire buffer space. Or: feed it all into a hash function? This change should (perhaps with further modifications) help WRT the concerns Zack W raised about the RNG on the monotone-dev list.
* Substantially change Randpool's reseed logic. Now when a reseedlloyd2008-10-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | is requested, Randpool will first do a fast poll on each entropy source that has been registered. It will count these poll results towards the collected entropy count, with a maximum of 96 contributed bits of entropy per poll (only /dev/random reaches this, others measure at 50-60 bits typically), and a maximum of 256 for sum contribution of the fast polls. Then it will attempt slow polls of all devices until it thinks enough entropy has been collected (using the rather naive entropy_estimate function). It will count any slow poll for no more than 256 bits (100 or so is typical for every poll but /dev/random), and will attempt to collect at least 512 bits of (estimated/guessed) entropy. This tends to cause Randpool to use significantly more sources. Previously it was common, especially on systems with a /dev/random, for only one or a few sources to be used. This change helps assure that even if /dev/random and company are broken or compromised the RNG output remains secure (assuming at least some amount of entropy unguessable by the attacker can be collected via other sources). Also change AutoSeeded_RNG do an automatic poll/seed when it is created.
* Move EntropySource base class to new entropy_src.h (which allows the ↵lloyd2008-10-261-0/+26
implementations to decouple from knowing about RandomNumberGenerator).