Security Scol plugin
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Hash_DRBG< HASH, STRENGTH, SEEDLENGTH > Class Template Reference

Hash_DRBG from SP 800-90A Rev 1 (June 2015) More...

#include <drbg.h>

Inheritance diagram for Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >:
NIST_DRBG NotCopyable RandomNumberGenerator Algorithm Clonable

Public Member Functions

 CRYPTOPP_CONSTANT (SECURITY_STRENGTH=STRENGTH)
 
 CRYPTOPP_CONSTANT (SEED_LENGTH=SEEDLENGTH)
 
 CRYPTOPP_CONSTANT (MINIMUM_ENTROPY=STRENGTH)
 
 CRYPTOPP_CONSTANT (MINIMUM_NONCE=0)
 
 CRYPTOPP_CONSTANT (MINIMUM_ADDITIONAL=0)
 
 CRYPTOPP_CONSTANT (MINIMUM_PERSONALIZATION=0)
 
 CRYPTOPP_CONSTANT (MAXIMUM_ENTROPY=INT_MAX)
 
 CRYPTOPP_CONSTANT (MAXIMUM_NONCE=INT_MAX)
 
 CRYPTOPP_CONSTANT (MAXIMUM_ADDITIONAL=INT_MAX)
 
 CRYPTOPP_CONSTANT (MAXIMUM_PERSONALIZATION=INT_MAX)
 
 CRYPTOPP_CONSTANT (MAXIMUM_BYTES_PER_REQUEST=65536)
 
 CRYPTOPP_CONSTANT (MAXIMUM_REQUESTS_BEFORE_RESEED=INT_MAX)
 
 Hash_DRBG (const byte *entropy=NULLPTR, size_t entropyLength=STRENGTH, const byte *nonce=NULLPTR, size_t nonceLength=0, const byte *personalization=NULLPTR, size_t personalizationLength=0)
 Construct a Hash DRBG.
 
unsigned int SecurityStrength () const
 Provides the security strength.
 
unsigned int SeedLength () const
 Provides the seed length.
 
unsigned int MinEntropyLength () const
 Provides the minimum entropy size.
 
unsigned int MaxEntropyLength () const
 Provides the maximum entropy size.
 
unsigned int MinNonceLength () const
 Provides the minimum nonce size.
 
unsigned int MaxNonceLength () const
 Provides the maximum nonce size.
 
unsigned int MaxBytesPerRequest () const
 Provides the maximum size of a request to GenerateBlock.
 
unsigned int MaxRequestBeforeReseed () const
 Provides the maximum number of requests before a reseed.
 
void IncorporateEntropy (const byte *input, size_t length)
 Update RNG state with additional unpredictable values.
 
void IncorporateEntropy (const byte *entropy, size_t entropyLength, const byte *additional, size_t additionaLength)
 Update RNG state with additional unpredictable values.
 
void GenerateBlock (byte *output, size_t size)
 Generate random array of bytes.
 
void GenerateBlock (const byte *additional, size_t additionaLength, byte *output, size_t size)
 Generate random array of bytes.
 
std::string AlgorithmProvider () const
 Retrieve the provider of this algorithm.
 
- Public Member Functions inherited from NIST_DRBG
virtual bool CanIncorporateEntropy () const
 Determines if a generator can accept additional entropy.
 
- Public Member Functions inherited from RandomNumberGenerator
virtual byte GenerateByte ()
 Generate new random byte and return it.
 
virtual unsigned int GenerateBit ()
 Generate new random bit and return it.
 
virtual word32 GenerateWord32 (word32 min=0, word32 max=0xffffffffUL)
 Generate a random 32 bit word in the range min to max, inclusive.
 
virtual void GenerateIntoBufferedTransformation (BufferedTransformation &target, const std::string &channel, lword length)
 Generate random bytes into a BufferedTransformation.
 
virtual void DiscardBytes (size_t n)
 Generate and discard n bytes.
 
template<class IT >
void Shuffle (IT begin, IT end)
 Randomly shuffle the specified array.
 
- Public Member Functions inherited from Algorithm
 Algorithm (bool checkSelfTestStatus=true)
 Interface for all crypto algorithms.
 
virtual std::string AlgorithmName () const
 Provides the name of this algorithm.
 
- Public Member Functions inherited from Clonable
virtual ClonableClone () const
 Copies this object.
 

Static Public Member Functions

static std::string StaticAlgorithmName ()
 

Protected Member Functions

void DRBG_Instantiate (const byte *entropy, size_t entropyLength, const byte *nonce, size_t nonceLength, const byte *personalization, size_t personalizationLength)
 
void DRBG_Reseed (const byte *entropy, size_t entropyLength, const byte *additional, size_t additionaLength)
 
void Hash_Generate (const byte *additional, size_t additionaLength, byte *output, size_t size)
 
void Hash_Update (const byte *input1, size_t inlen1, const byte *input2, size_t inlen2, const byte *input3, size_t inlen3, const byte *input4, size_t inlen4, byte *output, size_t outlen)
 

Detailed Description

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
class Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >

Hash_DRBG from SP 800-90A Rev 1 (June 2015)

Template Parameters
HASHNIST approved hash derived from HashTransformation
STRENGTHsecurity strength, in bytes
SEEDLENGTHseed length, in bytes

The NIST Hash DRBG is instantiated with a number of parameters. Two of the parameters, Security Strength and Seed Length, depend on the hash and are specified as template parameters. The remaining parameters are included in the class. The parameters and their values are listed in NIST SP 800-90A Rev. 1, Table 2: Definitions for Hash-Based DRBG Mechanisms (p.38).

Some parameters have been reduce to fit C++ datatypes. For example, NIST allows upto 248 requests before a reseed. However, Hash_DRBG limits it to INT_MAX due to the limited data range of an int.

You should reseed the generator after a fork() to avoid multiple generators with the same internal state.

See also
Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Rev 1 (June 2015)
Since
Crypto++ 6.0

Definition at line 167 of file drbg.h.

Constructor & Destructor Documentation

◆ Hash_DRBG()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::Hash_DRBG ( const byte entropy = NULLPTR,
size_t  entropyLength = STRENGTH,
const byte nonce = NULLPTR,
size_t  nonceLength = 0,
const byte personalization = NULLPTR,
size_t  personalizationLength = 0 
)
inline

Construct a Hash DRBG.

Parameters
entropythe entropy to instantiate the generator
entropyLengththe size of the entropy buffer
nonceadditional input to instantiate the generator
nonceLengththe size of the nonce buffer
personalizationadditional input to instantiate the generator
personalizationLengththe size of the personalization buffer
Exceptions
NIST_DRBG::Errif the generator is instantiated with insufficient entropy

All NIST DRBGs must be instaniated with at least MINIMUM_ENTROPY bytes of entropy. The byte array for entropy must meet NIST SP 800-90B or SP 800-90C requirements.

The nonce and personalization are optional byte arrays. If nonce is supplied, then it should be at least MINIMUM_NONCE bytes of entropy.

An example of instantiating a SHA256 generator is shown below. The example provides more entropy than required for SHA256. The NonblockingRng meets the requirements of NIST SP 800-90B or SP 800-90C. RDRAND() and RDSEED() generators would work as well.

  SecByteBlock entropy(48), result(128);
  NonblockingRng prng;
  RandomNumberSource rns(prng, entropy.size(), new ArraySink(entropy, entropy.size()));

  Hash_DRBG<SHA256, 128/8, 440/8> drbg(entropy, 32, entropy+32, 16);
  drbg.GenerateBlock(result, result.size());

Definition at line 210 of file drbg.h.

Member Function Documentation

◆ AlgorithmProvider()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
std::string Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::AlgorithmProvider ( ) const
inlinevirtual

Retrieve the provider of this algorithm.

Returns
the algorithm provider

The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, usually indicate a specialized implementation using instructions from a higher instruction set architecture (ISA). Future labels may include external hardware like a hardware security module (HSM).

Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics instead of ASM.

Algorithms which combine different instructions or ISAs provide the dominant one. For example on x86 AES/GCM returns "AESNI" rather than "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".

Note
Provider is not universally implemented yet.
Since
Crypto++ 8.0

Reimplemented from Algorithm.

Definition at line 244 of file drbg.h.

◆ DRBG_Instantiate()

template<typename HASH , unsigned int STRENGTH, unsigned int SEEDLENGTH>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::DRBG_Instantiate ( const byte entropy,
size_t  entropyLength,
const byte nonce,
size_t  nonceLength,
const byte personalization,
size_t  personalizationLength 
)
protectedvirtual

Implements NIST_DRBG.

Definition at line 400 of file drbg.h.

◆ DRBG_Reseed()

template<typename HASH , unsigned int STRENGTH, unsigned int SEEDLENGTH>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::DRBG_Reseed ( const byte entropy,
size_t  entropyLength,
const byte additional,
size_t  additionaLength 
)
protectedvirtual

Implements NIST_DRBG.

Definition at line 429 of file drbg.h.

◆ GenerateBlock() [1/2]

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GenerateBlock ( byte output,
size_t  size 
)
inlinevirtual

Generate random array of bytes.

Parameters
outputthe byte buffer
sizethe length of the buffer, in bytes
Exceptions
NIST_DRBG::Errif a reseed is required
NIST_DRBG::Errif the size exceeds MAXIMUM_BYTES_PER_REQUEST

Implements NIST_DRBG.

Definition at line 238 of file drbg.h.

◆ GenerateBlock() [2/2]

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GenerateBlock ( const byte additional,
size_t  additionaLength,
byte output,
size_t  size 
)
inlinevirtual

Generate random array of bytes.

Parameters
additionaladditional input to add to the generator
additionaLengththe size of the additional input buffer
outputthe byte buffer
sizethe length of the buffer, in bytes
Exceptions
NIST_DRBG::Errif a reseed is required
NIST_DRBG::Errif the size exceeds MAXIMUM_BYTES_PER_REQUEST

GenerateBlock() is an overload provided to match NIST requirements. The byte array for additional input is optional. If present the additional randomness is mixed before generating the output bytes.

Implements NIST_DRBG.

Definition at line 241 of file drbg.h.

◆ Hash_Generate()

template<typename HASH , unsigned int STRENGTH, unsigned int SEEDLENGTH>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::Hash_Generate ( const byte additional,
size_t  additionaLength,
byte output,
size_t  size 
)
protected

Definition at line 456 of file drbg.h.

◆ Hash_Update()

template<typename HASH , unsigned int STRENGTH, unsigned int SEEDLENGTH>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::Hash_Update ( const byte input1,
size_t  inlen1,
const byte input2,
size_t  inlen2,
const byte input3,
size_t  inlen3,
const byte input4,
size_t  inlen4,
byte output,
size_t  outlen 
)
protected

Definition at line 550 of file drbg.h.

◆ IncorporateEntropy() [1/2]

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::IncorporateEntropy ( const byte entropy,
size_t  entropyLength,
const byte additional,
size_t  additionaLength 
)
inlinevirtual

Update RNG state with additional unpredictable values.

Parameters
entropythe entropy to add to the generator
entropyLengththe size of the input buffer
additionaladditional input to add to the generator
additionaLengththe size of the additional input buffer
Exceptions
NIST_DRBG::Errif the generator is reseeded with insufficient entropy

IncorporateEntropy() is an overload provided to match NIST requirements. NIST instantiation and reseed requirements demand the generator is constructed with at least MINIMUM_ENTROPY entropy. The byte array for entropy must meet NIST SP 800-90B or SP 800-90C requirements.

Implements NIST_DRBG.

Definition at line 235 of file drbg.h.

◆ IncorporateEntropy() [2/2]

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::IncorporateEntropy ( const byte input,
size_t  length 
)
inlinevirtual

Update RNG state with additional unpredictable values.

Parameters
inputthe entropy to add to the generator
lengththe size of the input buffer
Exceptions
NIST_DRBG::Errif the generator is reseeded with insufficient entropy

NIST instantiation and reseed requirements demand the generator is constructed with at least MINIMUM_ENTROPY entropy. The byte array for input must meet NIST SP 800-90B or SP 800-90C requirements.

Implements NIST_DRBG.

Definition at line 232 of file drbg.h.

◆ MaxBytesPerRequest()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::MaxBytesPerRequest ( ) const
inlinevirtual

Provides the maximum size of a request to GenerateBlock.

Returns
The maximum size of a request to GenerateBlock(), in bytes

The equivalent class constant is MAXIMUM_BYTES_PER_REQUEST

Implements NIST_DRBG.

Definition at line 229 of file drbg.h.

◆ MaxEntropyLength()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::MaxEntropyLength ( ) const
inlinevirtual

Provides the maximum entropy size.

Returns
The maximum entropy size that can be consumed by the generator, in bytes

The equivalent class constant is MAXIMUM_ENTROPY. The bytes must meet NIST SP 800-90B or SP 800-90C requirements. MAXIMUM_ENTROPY has been reduced from 235 to INT_MAX to fit the underlying C++ datatype.

Implements NIST_DRBG.

Definition at line 226 of file drbg.h.

◆ MaxNonceLength()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::MaxNonceLength ( ) const
inlinevirtual

Provides the maximum nonce size.

Returns
The maximum nonce that can be consumed by the generator, in bytes

The equivalent class constant is MAXIMUM_NONCE. MAXIMUM_NONCE has been reduced from 235 to INT_MAX to fit the underlying C++ datatype. If a nonce is not required then MINIMUM_NONCE is 0. Hash_DRBG does not require a nonce, while HMAC_DRBG and CTR_DRBG require a nonce.

Implements NIST_DRBG.

Definition at line 228 of file drbg.h.

◆ MaxRequestBeforeReseed()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::MaxRequestBeforeReseed ( ) const
inlinevirtual

Provides the maximum number of requests before a reseed.

Returns
The maximum number of requests before a reseed, in bytes

The equivalent class constant is MAXIMUM_REQUESTS_BEFORE_RESEED. MAXIMUM_REQUESTS_BEFORE_RESEED has been reduced from 248 to INT_MAX to fit the underlying C++ datatype.

Implements NIST_DRBG.

Definition at line 230 of file drbg.h.

◆ MinEntropyLength()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::MinEntropyLength ( ) const
inlinevirtual

Provides the minimum entropy size.

Returns
The minimum entropy size required by the generator, in bytes

The equivalent class constant is MINIMUM_ENTROPY. All NIST DRBGs must be instaniated with at least MINIMUM_ENTROPY bytes of entropy. The bytes must meet NIST SP 800-90B or SP 800-90C requirements.

Implements NIST_DRBG.

Definition at line 225 of file drbg.h.

◆ MinNonceLength()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::MinNonceLength ( ) const
inlinevirtual

Provides the minimum nonce size.

Returns
The minimum nonce size recommended for the generator, in bytes

The equivalent class constant is MINIMUM_NONCE. If a nonce is not required then MINIMUM_NONCE is 0. Hash_DRBG does not require a nonce, while HMAC_DRBG and CTR_DRBG require a nonce.

Implements NIST_DRBG.

Definition at line 227 of file drbg.h.

◆ SecurityStrength()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::SecurityStrength ( ) const
inlinevirtual

Provides the security strength.

Returns
The security strength of the generator, in bytes

The equivalent class constant is SECURITY_STRENGTH

Implements NIST_DRBG.

Definition at line 223 of file drbg.h.

◆ SeedLength()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::SeedLength ( ) const
inlinevirtual

Provides the seed length.

Returns
The seed size of the generator, in bytes

The equivalent class constant is SEED_LENGTH. The size is used to maintain internal state of V and C.

Implements NIST_DRBG.

Definition at line 224 of file drbg.h.

◆ StaticAlgorithmName()

template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
static std::string Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::StaticAlgorithmName ( )
inlinestatic

Definition at line 183 of file drbg.h.


The documentation for this class was generated from the following file: