/src/cryptopp/randpool.h

Source (jump to first uncovered line)
// randpool.h - originally written and placed in the public domain by Wei Dai
//              OldRandPool added by JW in August, 2017.

/// \file randpool.h
/// \brief Class file for Randomness Pool
/// \details RandomPool can be used to generate cryptographic quality pseudorandom bytes
///  after seeding the pool with IncorporateEntropy(). Internally, the generator uses
///  AES-256 to produce the stream. Entropy is stirred in using SHA-256.
/// \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5
///  RandomPool was redesigned to reduce the risk of reusing random numbers after state
///  rollback (which may occur when running in a virtual machine like VMware or a hosted
///  environment).
/// \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. You
///  should migrate away from OldRandomPool at the earliest opportunity. Use RandomPool
///  or AutoSeededRandomPool instead.
/// \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based)

#ifndef CRYPTOPP_RANDPOOL_H
#define CRYPTOPP_RANDPOOL_H

#include "cryptlib.h"
#include "filters.h"
#include "secblock.h"
#include "smartptr.h"
#include "aes.h"

NAMESPACE_BEGIN(CryptoPP)

/// \brief Randomness Pool based on AES-256
/// \details RandomPool can be used to generate cryptographic quality pseudorandom bytes
///  after seeding the pool with IncorporateEntropy(). Internally, the generator uses
///  AES-256 to produce the stream. Entropy is stirred in using SHA-256.
/// \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5
///  RandomPool was redesigned to reduce the risk of reusing random numbers after state
///  rollback, which may occur when running in a virtual machine like VMware or a hosted
///  environment.
/// \details You should reseed the generator after a fork() to avoid multiple generators
///  with the same internal state.
/// \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. You
///  should migrate away from OldRandomPool at the earliest opportunity.
/// \sa OldRandomPool
/// \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based)
class CRYPTOPP_DLL RandomPool : public RandomNumberGenerator, public NotCopyable
{
public:
  /// \brief Construct a RandomPool
  RandomPool();

  bool CanIncorporateEntropy() const {return true;}
  void IncorporateEntropy(const byte *input, size_t length);
  void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size);

private:
  FixedSizeAlignedSecBlock<byte, 16, true> m_seed;
  FixedSizeAlignedSecBlock<byte, 32> m_key;
  member_ptr<BlockCipher> m_pCipher;
  bool m_keySet;
};

/// \brief Randomness Pool based on PGP 2.6.x with MDC
/// \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. The
///  OldRandomPool also provides the modern interface, including <tt>CanIncorporateEntropy</tt>,
///  <tt>IncorporateEntropy</tt> and <tt>GenerateIntoBufferedTransformation</tt>.
/// \details You should reseed the generator after a fork() to avoid multiple generators
///  with the same internal state.
/// \details You should migrate away from OldRandomPool at the earliest opportunity. Use a
///  modern random number generator or key derivation function, like AutoSeededRandomPool or
///  HKDF.
/// \warning This class uses an old style PGP 2.6.x with MDC. The generator risks reusing
///  random numbers after state rollback. You should migrate away from OldRandomPool at
///  the earliest opportunity.
/// \sa RandomPool, AutoSeededRandomPool, HKDF, P1363_KDF2, PKCS12_PBKDF, PKCS5_PBKDF2_HMAC
/// \since Crypto++ 6.0
class CRYPTOPP_DLL OldRandomPool : public RandomNumberGenerator
{
public:
  /// \brief Construct an OldRandomPool
  /// \param poolSize internal pool size of the generator
  /// \details poolSize must be greater than 16
  OldRandomPool(unsigned int poolSize=384);

  // RandomNumberGenerator interface (Crypto++ 5.5 and above)
  bool CanIncorporateEntropy() const {return true;}
  void IncorporateEntropy(const byte *input, size_t length);
  void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size);

  byte GenerateByte();
  void GenerateBlock(byte *output, size_t size);

  // GenerateWord32 is overridden and provides Crypto++ 5.4 behavior.
  // Taken from RandomNumberSource::GenerateWord32 in cryptlib.cpp.
  word32 GenerateWord32 (word32 min=0, word32 max=0xffffffffUL);

protected:
  void Stir();

private:
  SecByteBlock pool, key;
  size_t addPos, getPos;
};

NAMESPACE_END

#endif

Coverage Report

Created: 2024-11-21 07:03

Line	Count	Source (jump to first uncovered line)
1		// randpool.h - originally written and placed in the public domain by Wei Dai
2		// OldRandPool added by JW in August, 2017.
3
4		/// \file randpool.h
5		/// \brief Class file for Randomness Pool
6		/// \details RandomPool can be used to generate cryptographic quality pseudorandom bytes
7		/// after seeding the pool with IncorporateEntropy(). Internally, the generator uses
8		/// AES-256 to produce the stream. Entropy is stirred in using SHA-256.
9		/// \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5
10		/// RandomPool was redesigned to reduce the risk of reusing random numbers after state
11		/// rollback (which may occur when running in a virtual machine like VMware or a hosted
12		/// environment).
13		/// \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. You
14		/// should migrate away from OldRandomPool at the earliest opportunity. Use RandomPool
15		/// or AutoSeededRandomPool instead.
16		/// \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based)
17
18		#ifndef CRYPTOPP_RANDPOOL_H
19		#define CRYPTOPP_RANDPOOL_H
20
21		#include "cryptlib.h"
22		#include "filters.h"
23		#include "secblock.h"
24		#include "smartptr.h"
25		#include "aes.h"
26
27		NAMESPACE_BEGIN(CryptoPP)
28
29		/// \brief Randomness Pool based on AES-256
30		/// \details RandomPool can be used to generate cryptographic quality pseudorandom bytes
31		/// after seeding the pool with IncorporateEntropy(). Internally, the generator uses
32		/// AES-256 to produce the stream. Entropy is stirred in using SHA-256.
33		/// \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5
34		/// RandomPool was redesigned to reduce the risk of reusing random numbers after state
35		/// rollback, which may occur when running in a virtual machine like VMware or a hosted
36		/// environment.
37		/// \details You should reseed the generator after a fork() to avoid multiple generators
38		/// with the same internal state.
39		/// \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. You
40		/// should migrate away from OldRandomPool at the earliest opportunity.
41		/// \sa OldRandomPool
42		/// \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based)
43		class CRYPTOPP_DLL RandomPool : public RandomNumberGenerator, public NotCopyable
44		{
45		public:
46		/// \brief Construct a RandomPool
47		RandomPool();
48
49	0	bool CanIncorporateEntropy() const {return true;}
50		void IncorporateEntropy(const byte *input, size_t length);
51		void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size);
52
53		private:
54		FixedSizeAlignedSecBlock<byte, 16, true> m_seed;
55		FixedSizeAlignedSecBlock<byte, 32> m_key;
56		member_ptr<BlockCipher> m_pCipher;
57		bool m_keySet;
58		};
59
60		/// \brief Randomness Pool based on PGP 2.6.x with MDC
61		/// \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. The
62		/// OldRandomPool also provides the modern interface, including <tt>CanIncorporateEntropy</tt>,
63		/// <tt>IncorporateEntropy</tt> and <tt>GenerateIntoBufferedTransformation</tt>.
64		/// \details You should reseed the generator after a fork() to avoid multiple generators
65		/// with the same internal state.
66		/// \details You should migrate away from OldRandomPool at the earliest opportunity. Use a
67		/// modern random number generator or key derivation function, like AutoSeededRandomPool or
68		/// HKDF.
69		/// \warning This class uses an old style PGP 2.6.x with MDC. The generator risks reusing
70		/// random numbers after state rollback. You should migrate away from OldRandomPool at
71		/// the earliest opportunity.
72		/// \sa RandomPool, AutoSeededRandomPool, HKDF, P1363_KDF2, PKCS12_PBKDF, PKCS5_PBKDF2_HMAC
73		/// \since Crypto++ 6.0
74		class CRYPTOPP_DLL OldRandomPool : public RandomNumberGenerator
75		{
76		public:
77		/// \brief Construct an OldRandomPool
78		/// \param poolSize internal pool size of the generator
79		/// \details poolSize must be greater than 16
80		OldRandomPool(unsigned int poolSize=384);
81
82		// RandomNumberGenerator interface (Crypto++ 5.5 and above)
83	0	bool CanIncorporateEntropy() const {return true;}
84		void IncorporateEntropy(const byte *input, size_t length);
85		void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size);
86
87		byte GenerateByte();
88		void GenerateBlock(byte *output, size_t size);
89
90		// GenerateWord32 is overridden and provides Crypto++ 5.4 behavior.
91		// Taken from RandomNumberSource::GenerateWord32 in cryptlib.cpp.
92		word32 GenerateWord32 (word32 min=0, word32 max=0xffffffffUL);
93
94		protected:
95		void Stir();
96
97		private:
98		SecByteBlock pool, key;
99		size_t addPos, getPos;
100		};
101
102		NAMESPACE_END
103
104		#endif