Security Scol plugin
osrng.h
Go to the documentation of this file.
1// osrng.h - originally written and placed in the public domain by Wei Dai
2
5
6#ifndef CRYPTOPP_OSRNG_H
7#define CRYPTOPP_OSRNG_H
8
9#include "config.h"
10
11#if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE)
12
13#include "cryptlib.h"
14#include "randpool.h"
15#include "smartptr.h"
16#include "fips140.h"
17#include "hkdf.h"
18#include "rng.h"
19#include "aes.h"
20#include "sha.h"
21
22NAMESPACE_BEGIN(CryptoPP)
23
24
25class CRYPTOPP_DLL OS_RNG_Err : public Exception
26{
27public:
30 OS_RNG_Err(const std::string &operation);
31};
32
33#ifdef NONBLOCKING_RNG_AVAILABLE
34
35#ifdef CRYPTOPP_WIN32_AVAILABLE
38class CRYPTOPP_DLL MicrosoftCryptoProvider
39{
40public:
42 MicrosoftCryptoProvider();
43 ~MicrosoftCryptoProvider();
44
45// type HCRYPTPROV and BCRYPT_ALG_HANDLE, avoid #include <windows.h>
46#if defined(USE_MS_CRYPTOAPI)
47# if defined(__CYGWIN__) && defined(__x86_64__)
48 typedef unsigned long long ProviderHandle;
49# elif defined(WIN64) || defined(_WIN64)
50 typedef unsigned __int64 ProviderHandle;
51# else
52 typedef unsigned long ProviderHandle;
53# endif
54#elif defined(USE_MS_CNGAPI)
55 typedef void *PVOID;
56 typedef PVOID ProviderHandle;
57#endif // USE_MS_CRYPTOAPI or USE_MS_CNGAPI
58
66 ProviderHandle GetProviderHandle() const {return m_hProvider;}
67
68private:
69 ProviderHandle m_hProvider;
70};
71
72#if defined(_MSC_VER) && defined(USE_MS_CRYPTOAPI)
73# pragma comment(lib, "advapi32.lib")
74#endif
75
76#if defined(_MSC_VER) && defined(USE_MS_CNGAPI)
77# pragma comment(lib, "bcrypt.lib")
78#endif
79
80#endif // CRYPTOPP_WIN32_AVAILABLE
81
85class CRYPTOPP_DLL NonblockingRng : public RandomNumberGenerator
86{
87public:
88 CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "NonblockingRng"; }
89
90 ~NonblockingRng();
91
93 NonblockingRng();
94
99 void GenerateBlock(byte *output, size_t size);
100
101protected:
102#ifdef CRYPTOPP_WIN32_AVAILABLE
103 MicrosoftCryptoProvider m_Provider;
104#else
105 int m_fd;
106#endif
107};
108
109#endif
110
111#if defined(BLOCKING_RNG_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING)
112
119class CRYPTOPP_DLL BlockingRng : public RandomNumberGenerator
120{
121public:
122 CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "BlockingRng"; }
123
124 ~BlockingRng();
125
127 BlockingRng();
128
133 void GenerateBlock(byte *output, size_t size);
134
135protected:
136 int m_fd;
137};
138
139#endif
140
151CRYPTOPP_DLL void CRYPTOPP_API OS_GenerateRandomBlock(bool blocking, byte *output, size_t size);
152
158class CRYPTOPP_DLL AutoSeededRandomPool : public RandomPool
159{
160public:
161 CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "AutoSeededRandomPool"; }
162
163 ~AutoSeededRandomPool() {}
164
170 explicit AutoSeededRandomPool(bool blocking = false, unsigned int seedSize = 32)
171 {Reseed(blocking, seedSize);}
172
176 void Reseed(bool blocking = false, unsigned int seedSize = 32);
177};
178
189template <class BLOCK_CIPHER>
190class AutoSeededX917RNG : public RandomNumberGenerator, public NotCopyable
191{
192public:
193 static std::string StaticAlgorithmName() {
194 return std::string("AutoSeededX917RNG(") + BLOCK_CIPHER::StaticAlgorithmName() + std::string(")");
195 }
196
197 ~AutoSeededX917RNG() {}
198
205 explicit AutoSeededX917RNG(bool blocking = false, bool autoSeed = true)
206 {if (autoSeed) Reseed(blocking);}
207
215 void Reseed(bool blocking = false, const byte *input = NULLPTR, size_t length = 0);
216
224 void Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector);
225
226 bool CanIncorporateEntropy() const {return true;}
227 void IncorporateEntropy(const byte *input, size_t length) {Reseed(false, input, length);}
228 void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length)
229 {m_rng->GenerateIntoBufferedTransformation(target, channel, length);}
230
231 std::string AlgorithmProvider() const;
232
233private:
235};
236
237template <class BLOCK_CIPHER>
238void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector)
239{
240 m_rng.reset(new X917RNG(new typename BLOCK_CIPHER::Encryption(key, keylength), seed, timeVector));
241}
242
243template <class BLOCK_CIPHER>
244void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(bool blocking, const byte *input, size_t length)
245{
246 enum {BlockSize=BLOCK_CIPHER::BLOCKSIZE};
247 enum {KeyLength=BLOCK_CIPHER::DEFAULT_KEYLENGTH};
248 enum {SeedSize=EnumToInt(BlockSize)+EnumToInt(KeyLength)};
249
250 SecByteBlock seed(SeedSize), temp(SeedSize);
251 const byte label[] = "X9.17 key generation";
252 const byte *key=NULLPTR;
253
254 do
255 {
256 OS_GenerateRandomBlock(blocking, temp, temp.size());
257
258 HKDF<SHA256> hkdf;
259 hkdf.DeriveKey(
260 seed, seed.size(), // derived secret
261 temp, temp.size(), // instance secret
262 input, length, // user secret
263 label, 20 // unique label
264 );
265
266 key = seed + BlockSize;
267 } // check that seed and key don't have same value
268 while (memcmp(key, seed, STDMIN((size_t)BlockSize, (size_t)KeyLength)) == 0);
269
270 Reseed(key, KeyLength, seed, NULLPTR);
271}
272
273template <class BLOCK_CIPHER>
274std::string AutoSeededX917RNG<BLOCK_CIPHER>::AlgorithmProvider() const
275{
276 // Hack for now... We need to instantiate one
277 typename BLOCK_CIPHER::Encryption bc;
278 return bc.AlgorithmProvider();
279}
280
281CRYPTOPP_DLL_TEMPLATE_CLASS AutoSeededX917RNG<AES>;
282
283#if defined(CRYPTOPP_DOXYGEN_PROCESSING)
290class DefaultAutoSeededRNG {}
291#else
292// AutoSeededX917RNG<AES> in FIPS mode, otherwise it's AutoSeededRandomPool
293#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
294typedef AutoSeededX917RNG<AES> DefaultAutoSeededRNG;
295#else
296typedef AutoSeededRandomPool DefaultAutoSeededRNG;
297#endif
298#endif // CRYPTOPP_DOXYGEN_PROCESSING
299
300NAMESPACE_END
301
302#endif
303
304#endif
Class file for the AES cipher (Rijndael)
virtual std::string AlgorithmProvider() const
Retrieve the provider of this algorithm.
Definition cryptlib.h:636
Interface for buffered transformations.
Definition cryptlib.h:1652
Base class for all exceptions thrown by the library.
Definition cryptlib.h:159
Extract-and-Expand Key Derivation Function (HKDF)
Definition hkdf.h:26
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const NameValuePairs &params) const
Derive a key from a seed.
Definition hkdf.h:101
Ensures an object is not copyable.
Definition misc.h:239
Interface for random number generators.
Definition cryptlib.h:1435
virtual void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length)
Generate random bytes into a BufferedTransformation.
Definition cryptlib.cpp:324
virtual void IncorporateEntropy(const byte *input, size_t length)
Update RNG state with additional unpredictable values.
Definition cryptlib.h:1447
virtual bool CanIncorporateEntropy() const
Determines if a generator can accept additional entropy.
Definition cryptlib.h:1455
Randomness Pool based on AES-256.
Definition randpool.h:44
ANSI X9.17 RNG.
Definition rng.h:50
Pointer that overloads operator ->
Definition smartptr.h:38
Library configuration file.
word64 lword
Large word type.
Definition config_int.h:158
Abstract base classes that provide a uniform interface to this library.
Classes and functions for the FIPS 140-2 validated library.
Classes for HKDF from RFC 5869.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition misc.h:655
#define EnumToInt(v)
Integer value.
Definition misc.h:502
Class file for Randomness Pool.
Miscellaneous classes for RNGs.
Classes for SHA-1 and SHA-2 family of message digests.
Classes for automatic resource management.