|
| Hash_DRBG (const byte *entropy=NULL, size_t entropyLength=STRENGTH, const byte *nonce=NULL, size_t nonceLength=0, const byte *personalization=NULL, size_t personalizationLength=0) |
| Construct a Hash DRBG. More...
|
|
unsigned int | SecurityStrength () const |
| Provides the security strength. More...
|
|
unsigned int | SeedLength () const |
| Provides the seed length. More...
|
|
unsigned int | MinEntropyLength () const |
| Provides the minimum entropy size. More...
|
|
unsigned int | MaxEntropyLength () const |
| Provides the maximum entropy size. More...
|
|
unsigned int | MinNonceLength () const |
| Provides the minimum nonce size. More...
|
|
unsigned int | MaxNonceLength () const |
| Provides the maximum nonce size. More...
|
|
unsigned int | MaxBytesPerRequest () const |
| Provides the maximum size of a request to GenerateBlock. More...
|
|
unsigned int | MaxRequestBeforeReseed () const |
| Provides the maximum number of requests before a reseed. More...
|
|
void | IncorporateEntropy (const byte *input, size_t length) |
| Update RNG state with additional unpredictable values. More...
|
|
void | IncorporateEntropy (const byte *entropy, size_t entropyLength, const byte *additional, size_t additionaLength) |
| Update RNG state with additional unpredictable values. More...
|
|
void | GenerateBlock (byte *output, size_t size) |
| Generate random array of bytes. More...
|
|
void | GenerateBlock (const byte *additional, size_t additionaLength, byte *output, size_t size) |
| Generate random array of bytes. More...
|
|
std::string | AlgorithmProvider () const |
| Retrieve the provider of this algorithm. More...
|
|
virtual bool | CanIncorporateEntropy () const |
| Determines if a generator can accept additional entropy. More...
|
|
virtual void | IncorporateEntropy (const byte *input, size_t length)=0 |
| Update RNG state with additional unpredictable values. More...
|
|
virtual void | IncorporateEntropy (const byte *entropy, size_t entropyLength, const byte *additional, size_t additionaLength)=0 |
| Update RNG state with additional unpredictable values. More...
|
|
virtual void | GenerateBlock (byte *output, size_t size)=0 |
| Generate random array of bytes. More...
|
|
virtual void | GenerateBlock (const byte *additional, size_t additionaLength, byte *output, size_t size)=0 |
| Generate random array of bytes. More...
|
|
virtual unsigned int | SecurityStrength () const =0 |
| Provides the security strength. More...
|
|
virtual unsigned int | SeedLength () const =0 |
| Provides the seed length. More...
|
|
virtual unsigned int | MinEntropyLength () const =0 |
| Provides the minimum entropy size. More...
|
|
virtual unsigned int | MaxEntropyLength () const =0 |
| Provides the maximum entropy size. More...
|
|
virtual unsigned int | MinNonceLength () const =0 |
| Provides the minimum nonce size. More...
|
|
virtual unsigned int | MaxNonceLength () const =0 |
| Provides the maximum nonce size. More...
|
|
virtual unsigned int | MaxBytesPerRequest () const =0 |
| Provides the maximum size of a request to GenerateBlock. More...
|
|
virtual unsigned int | MaxRequestBeforeReseed () const =0 |
| Provides the maximum number of requests before a reseed. More...
|
|
Public Member Functions inherited from RandomNumberGenerator |
virtual void | IncorporateEntropy (const byte *input, size_t length) |
| Update RNG state with additional unpredictable values. More...
|
|
virtual bool | CanIncorporateEntropy () const |
| Determines if a generator can accept additional entropy. More...
|
|
virtual byte | GenerateByte () |
| Generate new random byte and return it. More...
|
|
virtual unsigned int | GenerateBit () |
| Generate new random bit and return it. More...
|
|
virtual word32 | GenerateWord32 (word32 min=0, word32 max=0xffffffffUL) |
| Generate a random 32 bit word in the range min to max, inclusive. More...
|
|
virtual void | GenerateBlock (byte *output, size_t size) |
| Generate random array of bytes. More...
|
|
virtual void | GenerateIntoBufferedTransformation (BufferedTransformation &target, const std::string &channel, lword length) |
| Generate random bytes into a BufferedTransformation. More...
|
|
virtual void | DiscardBytes (size_t n) |
| Generate and discard n bytes. More...
|
|
template<class IT > |
void | Shuffle (IT begin, IT end) |
| Randomly shuffle the specified array. More...
|
|
| Algorithm (bool checkSelfTestStatus=true) |
| Interface for all crypto algorithms. More...
|
|
virtual std::string | AlgorithmName () const |
| Provides the name of this algorithm. More...
|
|
virtual std::string | AlgorithmProvider () const |
| Retrieve the provider of this algorithm. More...
|
|
virtual Clonable * | Clone () const |
| Copies this object. More...
|
|
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
class Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >
Hash_DRBG from SP 800-90A Rev 1 (June 2015)
- Template Parameters
-
HASH | NIST approved hash derived from HashTransformation |
STRENGTH | security strength, in bytes |
SEEDLENGTH | seed length, in bytes |
The NIST Hash DRBG is instantiated with a number of parameters. Two of the parameters, Security Strength and Seed Length, depend on the hash and are specified as template parameters. The remaining parameters are included in the class. The parameters and their values are listed in NIST SP 800-90A Rev. 1, Table 2: Definitions for Hash-Based DRBG Mechanisms (p.38).
Some parameters have been reduce to fit C++ datatypes. For example, NIST allows upto 248 requests before a reseed. However, Hash_DRBG limits it to INT_MAX
due to the limited data range of an int.
You should reseed the generator after a fork() to avoid multiple generators with the same internal state.
- See also
- Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Rev 1 (June 2015)
- Since
- Crypto++ 6.0
Definition at line 167 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::Hash_DRBG |
( |
const byte * |
entropy = NULL , |
|
|
size_t |
entropyLength = STRENGTH , |
|
|
const byte * |
nonce = NULL , |
|
|
size_t |
nonceLength = 0 , |
|
|
const byte * |
personalization = NULL , |
|
|
size_t |
personalizationLength = 0 |
|
) |
| |
|
inline |
Construct a Hash DRBG.
- Parameters
-
entropy | the entropy to instantiate the generator |
entropyLength | the size of the entropy buffer |
nonce | additional input to instantiate the generator |
nonceLength | the size of the nonce buffer |
personalization | additional input to instantiate the generator |
personalizationLength | the size of the personalization buffer |
- Exceptions
-
NIST_DRBG::Err | if the generator is instantiated with insufficient entropy |
All NIST DRBGs must be instaniated with at least MINIMUM_ENTROPY
bytes of entropy. The byte array for entropy
must meet NIST SP 800-90B or SP 800-90C requirements.
The nonce
and personalization
are optional byte arrays. If nonce
is supplied, then it should be at least MINIMUM_NONCE
bytes of entropy.
An example of instantiating a SHA256 generator is shown below. The example provides more entropy than required for SHA256. The NonblockingRng
meets the requirements of NIST SP 800-90B or SP 800-90C. RDRAND() and RDSEED() generators would work as well.
SecByteBlock entropy(48), result(128);
NonblockingRng prng;
RandomNumberSource rns(prng, entropy.size(), new ArraySink(entropy, entropy.size()));
Hash_DRBG<SHA256, 128/8, 440/8> drbg(entropy, 32, entropy+32, 16);
drbg.GenerateBlock(result, result.size());
Definition at line 210 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
std::string Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::AlgorithmProvider |
( |
| ) |
const |
|
inlinevirtual |
Retrieve the provider of this algorithm.
- Returns
- the algorithm provider
The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, usually indicate a specialized implementation using instructions from a higher instruction set architecture (ISA). Future labels may include external hardware like a hardware security module (HSM).
Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics instead of ASM.
Algorithms which combine different instructions or ISAs provide the dominant one. For example on x86 AES/GCM
returns "AESNI" rather than "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL".
- Note
- Provider is not universally implemented yet.
- Since
- Crypto++ 8.0
Reimplemented from Algorithm.
Definition at line 244 of file drbg.h.