aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/rng
Commit message (Collapse)AuthorAgeFilesLines
* Fix missing virtual destructor on CSP_HandleJack Lloyd2017-08-311-1/+1
| | | | Caught by GCC cross compiling. Also fix a couple 0-as-null warnings.
* Reset the ChaCha key in clearJack Lloyd2017-08-031-0/+1
| | | | | This is not necessary for setup, but we want to zero the key out in the event someone calls clear explicitly.
* Use new reset_reseed_counter function within Stateful_RNG as wellJack Lloyd2017-08-031-3/+3
|
* Add Stateful_RNG::reset_reseed_counterJack Lloyd2017-08-033-4/+7
| | | | Instead of giving subclasses access to the variable directly.
* Refactor stateful RNG tests to cover both HMAC_DRBG and ChaCha_RNGJack Lloyd2017-08-034-17/+38
|
* Add ChaCha_RNGJack Lloyd2017-08-033-0/+238
|
* Add explicit tests for RDRAND_RNG and System_RNGJack Lloyd2017-08-031-9/+7
|
* Fix for #1078Baruch2017-06-191-1/+1
|
* Follow NIST SP 800-57 for HMAC_DRBG security levelRené Korthaus2017-04-031-3/+12
|
* Change security_strength of HMAC_DRBGRené Korthaus2017-04-032-5/+12
| | | | | | | | | | | | | | Looking into SP808-90A, it mentions that the max security strength is the security strength of the hash function for pre-image resistance. The current implementation however always only uses half of the output length, therefore only providing half of the security strength possible. However, SP800-90A supports only up to 256 bit security strength, so we fix it to this upper limit. In a second change, add_entropy() now also resets the reseed counter if enough entropy input provided.
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-025-7/+17
|
* Use arc4random(3) as system rng on OpenBSD.Alexander Bluhm2017-03-301-0/+15
| | | | | | | | | OpenBSD provides the arc4random(3) function in libc for user land programs that need good random data. Use this to implement the Botan system random number generator. It has the advantage over /dev/urandom that it works without file descriptors and in chroot(2) environment. Internally libc is currently using a ChaCha20 cipher as PRNG and getentropy(2) to reseed itself automatically.
* Avoid use of deprecated function in (deprecated) Serialized_RNG constructorJack Lloyd2017-02-192-2/+12
|
* Change meaning of get_processor_timestampJack Lloyd2017-01-272-2/+2
| | | | | | | | | | | Now let it return 0 if we have no hardware timestamp, and add OS::get_high_resolution_clock for best available clock. This is mainly because it's confusing for get_processor_timestamp to return something that is not a processor timestamp and because it simplifies adding cycles/byte output if we know that something is or is not a cycle counter. Also adds Windows SEH version of run_cpu_instruction_probe. Untested, uncompiled.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-188-46/+46
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* IncludeOS has random device files nowJack Lloyd2016-12-181-0/+1
| | | | | | GH #726 [ci skip]
* system_rng: workaround read only urandomAlon Bar-Lev2016-12-011-1/+4
| | | | | | | | botan_rng_reseed: System_RNG write failed error 9 FFI ran 252 tests 1 FAILED Failure 1: FFI botan_rng_reseed unexpectedly failed with error code -1 Signed-off-by: Alon Bar-Lev <[email protected]>
* define NOMINMAX 1 before every include of windows.hBaruch Burstein2016-11-281-2/+1
|
* Simple tests for AutoSeeded_RNGJack Lloyd2016-11-262-1/+2
|
* Avoid having source files start with /**Jack Lloyd2016-11-252-2/+2
| | | | | | | This caused Doxygen to dump the copyright notices for those files into the Botan namespace description, which is not helpful. [ci skip]
* Don't force HMAC_DRBG to be enabledJack Lloyd2016-11-182-1/+2
| | | | | No need to strictly require it, and some applications may only want system RNG or RDRAND.
* Remove HMAC_RNG, X9.31-RNG, BeOS stats, EGD reader, Unix process runnerJack Lloyd2016-10-288-504/+18
| | | | | Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1, whichever is available (in that order).
* HMAC_DRBG - Fix constructor init order. Use create_or_throw to simplify.Jack Lloyd2016-10-281-6/+3
|
* make max_number_of_bytes_per_request configurableDaniel Neus2016-10-282-27/+79
|
* Fix doxygen warnings [ci skip]René Korthaus2016-10-193-2/+6
|
* Improve rng doxygen [ci skip]René Korthaus2016-10-196-11/+82
|
* Add ISA annotations to functions using SIMD, AES, etcJack Lloyd2016-10-141-0/+1
| | | | | | | | Also emit `#pragma GCC target` in the ISA specific amalgamation files. This allows compiling without any special compiler flags, at least with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC, which just emits whatever instruction the intrinsic requires.
* Abstract out mutex type. Make threads optional.Jack Lloyd2016-10-122-9/+13
|
* Resolve #647Nathan Hourt2016-10-031-0/+6
| | | Implement a backoff approach to opening the system RNG: if opening read-write fails, try to open read-only. This will allow the RNG to be used, but attempts to add entropy will fail. If opening as read-only also fails, only then throw an exception.
* HMAC_RNG ignored its entropy_source argument :(Jack Lloyd2016-08-311-1/+1
|
* RNG changes (GH #593)Jack Lloyd2016-08-2420-348/+745
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Fix header guard formatJack Lloyd2016-07-201-2/+2
| | | | | configure.py expects all header guards to match a specific form, for finding them when generating the amalgamation file.
* Add RDRAND_RNGJack Lloyd2016-07-193-0/+161
| | | | | | | | For those that are willing to trust uninspectible hardware. :) Changes RDRAND entropy source to call RDRAND_RNG Add --rdrand flag to rng cmdlet
* Address some review comments from @cordneyJack Lloyd2016-07-179-27/+29
| | | | | | | | | Use consistent naming for the max output before reseed parameter. The constant (default) value is renamed to BOTAN_RNG_DEFAULT_MAX_OUTPUT_BEFORE_RESEED, since without the DEFAULT_ it reads like a compile time maximum instead. Use uint8_t instead of byte.
* Revamp entropy pollingJack Lloyd2016-07-172-4/+11
| | | | | Remove Entropy_Accumulator, instead have entropy sources directly add entropy to the RNG.
* Move poll logic to Entropy_SourcesJack Lloyd2016-07-171-15/+1
|
* Add Stateful_RNGJack Lloyd2016-07-178-140/+135
| | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
* Make the DRBG hash selectable in build.h with BOTAN_AUTO_RNG_DRBG_HASH_FUNCTIONJack Lloyd2016-07-172-3/+3
| | | | Add some missing overrides
* If EPERM when writing to the random device, return silently.Jack Lloyd2016-07-171-1/+13
| | | | | | | | | That failure seems like an explicit system policy decision, so accept it as such. Versus say EBADF or EFAULT which would instead suggest a library bug. This return is seen on OS X Travis CI, unclear if this is a problem with OS X or with how Travis does OS X containers.
* Switch to HMAC_DRBG for all RNG generation.Jack Lloyd2016-07-177-222/+396
| | | | | | | | Add support and tests for additional_data param to HMAC_DRBG Add Stateful_RNG class which has fork detection and periodic reseeding. AutoSeeded_RNG passes the current pid and time as additional_data
* Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-1/+1
| | | | warnings.
* fix linker error if compiling with `--module-policy bsi` on Windows. Fixes ↵Daniel Neus2016-04-081-1/+1
| | | | GH #451
* Use rejection sampling in BigInt::random_integerJack Lloyd2016-03-161-0/+2
| | | | Avoids the test vector contortions in RSA-KEM
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-1/+1
| | | | explicit.
* Add explicit fork check to HMAC_RNGJack Lloyd2016-02-072-5/+8
| | | | | | | | | | | Add OS functions get_process_id, get_processor_timestamp, and get_system_timestamp_ns. HMAC_RNG uses the pid call to detect forks to initiate a reseed. It also adds the output of all three functions (the pid, the CPU cycle counter, and the system timestamp) into the PRF input. Calls the new OS timer functions from hres_timer entropy source. Removes the call to QPC in es_win32 which is mostly redundant with the one in hres_timer.
* Remove RNG::gen_mask, which had undefined behavior when bits >= 32Jack Lloyd2016-01-011-12/+0
| | | | | | | | | | Bug found by Daniel Neus The function wasn't being used anywhere in the library (and was only added in 1.11.20) so it seems easier to remove than fix. And removing it serves to put any user on notice that something bad happened; Daniel tested this as returning just 0 when bits >= 32 with his system's compiler.
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-112-5/+5
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Push the hardcoded entropy estimates up to build.hJack Lloyd2015-11-281-5/+5
| | | | Defaults should be fine for everyone but it makes the values more transparent
* New reseed_with_sources call on RNGsJack Lloyd2015-11-2411-41/+124
| | | | | | | | | | | | | Provides an easier way for an application to configure a list of entropy sources they'd like to use, or add a custom entropy source to their seeding. Exposes some toggles for the global/default entropy sources to build.h Adds basic entropy tests which runs the polls and does sanity checking on the results, including compression tests if available. These are less useful for the CSPRNG outputs but a good check for the ones producing plain ASCII like the /proc reader.
* Update and consolidate the test framework.Jack Lloyd2015-11-111-0/+1
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 12:21:23 +0000