/src/Botan-3.4.0/build/include/public/botan/hmac_drbg.h
Line | Count | Source |
1 | | /* |
2 | | * HMAC_DRBG (SP800-90A) |
3 | | * (C) 2014,2015,2016 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_HMAC_DRBG_H_ |
9 | | #define BOTAN_HMAC_DRBG_H_ |
10 | | |
11 | | #include <botan/mac.h> |
12 | | #include <botan/stateful_rng.h> |
13 | | |
14 | | namespace Botan { |
15 | | |
16 | | class Entropy_Sources; |
17 | | |
18 | | /** |
19 | | * HMAC_DRBG from NIST SP800-90A |
20 | | */ |
21 | | class BOTAN_PUBLIC_API(2, 0) HMAC_DRBG final : public Stateful_RNG { |
22 | | public: |
23 | | /** |
24 | | * Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC) |
25 | | * |
26 | | * Automatic reseeding is disabled completely, as it has no access to |
27 | | * any source for seed material. |
28 | | * |
29 | | * If a fork is detected, the RNG will be unable to reseed itself |
30 | | * in response. In this case, an exception will be thrown rather |
31 | | * than generating duplicated output. |
32 | | */ |
33 | | explicit HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf); |
34 | | |
35 | | /** |
36 | | * Constructor taking a string for the hash |
37 | | */ |
38 | | explicit HMAC_DRBG(std::string_view hmac_hash); |
39 | | |
40 | | /** |
41 | | * Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC) |
42 | | * |
43 | | * Automatic reseeding from @p underlying_rng will take place after |
44 | | * @p reseed_interval many requests or after a fork was detected. |
45 | | * |
46 | | * @param prf MAC to use as a PRF |
47 | | * @param underlying_rng is a reference to some RNG which will be used |
48 | | * to perform the periodic reseeding |
49 | | * @param reseed_interval specifies a limit of how many times |
50 | | * the RNG will be called before automatic reseeding is performed (max. 2^24) |
51 | | * @param max_number_of_bytes_per_request requests that are in size higher |
52 | | * than max_number_of_bytes_per_request are treated as if multiple single |
53 | | * requests of max_number_of_bytes_per_request size had been made. |
54 | | * In theory SP 800-90A requires that we reject any request for a DRBG |
55 | | * output longer than max_number_of_bytes_per_request. To avoid inconveniencing |
56 | | * the caller who wants an output larger than max_number_of_bytes_per_request, |
57 | | * instead treat these requests as if multiple requests of |
58 | | * max_number_of_bytes_per_request size had been made. NIST requires for |
59 | | * HMAC_DRBG that every implementation set a value no more than 2**19 bits |
60 | | * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for |
61 | | * example every 512 bit automatic reseeding occurs. |
62 | | */ |
63 | | HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, |
64 | | RandomNumberGenerator& underlying_rng, |
65 | | size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL, |
66 | | size_t max_number_of_bytes_per_request = 64 * 1024); |
67 | | |
68 | | /** |
69 | | * Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC) |
70 | | * |
71 | | * Automatic reseeding from @p entropy_sources will take place after |
72 | | * @p reseed_interval many requests or after a fork was detected. |
73 | | * |
74 | | * @param prf MAC to use as a PRF |
75 | | * @param entropy_sources will be polled to perform reseeding periodically |
76 | | * @param reseed_interval specifies a limit of how many times |
77 | | * the RNG will be called before automatic reseeding is performed (max. 2^24) |
78 | | * @param max_number_of_bytes_per_request requests that are in size higher |
79 | | * than max_number_of_bytes_per_request are treated as if multiple single |
80 | | * requests of max_number_of_bytes_per_request size had been made. |
81 | | * In theory SP 800-90A requires that we reject any request for a DRBG |
82 | | * output longer than max_number_of_bytes_per_request. To avoid inconveniencing |
83 | | * the caller who wants an output larger than max_number_of_bytes_per_request, |
84 | | * instead treat these requests as if multiple requests of |
85 | | * max_number_of_bytes_per_request size had been made. NIST requires for |
86 | | * HMAC_DRBG that every implementation set a value no more than 2**19 bits |
87 | | * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for |
88 | | * example every 512 bit automatic reseeding occurs. |
89 | | */ |
90 | | HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, |
91 | | Entropy_Sources& entropy_sources, |
92 | | size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL, |
93 | | size_t max_number_of_bytes_per_request = 64 * 1024); |
94 | | |
95 | | /** |
96 | | * Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC) |
97 | | * |
98 | | * Automatic reseeding from @p underlying_rng and @p entropy_sources |
99 | | * will take place after @p reseed_interval many requests or after |
100 | | * a fork was detected. |
101 | | * |
102 | | * @param prf MAC to use as a PRF |
103 | | * @param underlying_rng is a reference to some RNG which will be used |
104 | | * to perform the periodic reseeding |
105 | | * @param entropy_sources will be polled to perform reseeding periodically |
106 | | * @param reseed_interval specifies a limit of how many times |
107 | | * the RNG will be called before automatic reseeding is performed (max. 2^24) |
108 | | * @param max_number_of_bytes_per_request requests that are in size higher |
109 | | * than max_number_of_bytes_per_request are treated as if multiple single |
110 | | * requests of max_number_of_bytes_per_request size had been made. |
111 | | * In theory SP 800-90A requires that we reject any request for a DRBG |
112 | | * output longer than max_number_of_bytes_per_request. To avoid inconveniencing |
113 | | * the caller who wants an output larger than max_number_of_bytes_per_request, |
114 | | * instead treat these requests as if multiple requests of |
115 | | * max_number_of_bytes_per_request size had been made. NIST requires for |
116 | | * HMAC_DRBG that every implementation set a value no more than 2**19 bits |
117 | | * (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for |
118 | | * example every 512 bit automatic reseeding occurs. |
119 | | */ |
120 | | HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf, |
121 | | RandomNumberGenerator& underlying_rng, |
122 | | Entropy_Sources& entropy_sources, |
123 | | size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL, |
124 | | size_t max_number_of_bytes_per_request = 64 * 1024); |
125 | | |
126 | | std::string name() const override; |
127 | | |
128 | | size_t security_level() const override; |
129 | | |
130 | 179k | size_t max_number_of_bytes_per_request() const override { return m_max_number_of_bytes_per_request; } |
131 | | |
132 | | private: |
133 | | void update(std::span<const uint8_t> input) override; |
134 | | |
135 | | void generate_output(std::span<uint8_t> output, std::span<const uint8_t> input) override; |
136 | | |
137 | | void clear_state() override; |
138 | | |
139 | | std::unique_ptr<MessageAuthenticationCode> m_mac; |
140 | | secure_vector<uint8_t> m_V; |
141 | | const size_t m_max_number_of_bytes_per_request; |
142 | | const size_t m_security_level; |
143 | | }; |
144 | | |
145 | | } // namespace Botan |
146 | | |
147 | | #endif |