Botan  1.11.15
src/lib/rng/hmac_rng/hmac_rng.h
Go to the documentation of this file.
00001 /*
00002 * HMAC RNG
00003 * (C) 2008,2013 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #ifndef BOTAN_HMAC_RNG_H__
00009 #define BOTAN_HMAC_RNG_H__
00010 
00011 #include <botan/mac.h>
00012 #include <botan/rng.h>
00013 #include <vector>
00014 
00015 namespace Botan {
00016 
00017 /**
00018 * HMAC_RNG - based on the design described in "On Extract-then-Expand
00019 * Key Derivation Functions and an HMAC-based KDF" by Hugo Krawczyk
00020 * (henceforce, 'E-t-E')
00021 *
00022 * However it actually can be parameterized with any two MAC functions,
00023 * not restricted to HMAC (this variation is also described in
00024 * Krawczyk's paper), for instance one could use HMAC(SHA-512) as the
00025 * extractor and CMAC(AES-256) as the PRF.
00026 */
00027 class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator
00028    {
00029    public:
00030       void randomize(byte buf[], size_t len);
00031       bool is_seeded() const;
00032       void clear();
00033       std::string name() const;
00034 
00035       void reseed(size_t poll_bits);
00036       void add_entropy(const byte[], size_t);
00037 
00038       /**
00039       * @param extractor a MAC used for extracting the entropy
00040       * @param prf a MAC used as a PRF using HKDF construction
00041       */
00042       HMAC_RNG(MessageAuthenticationCode* extractor,
00043                MessageAuthenticationCode* prf);
00044    private:
00045       std::unique_ptr<MessageAuthenticationCode> m_extractor;
00046       std::unique_ptr<MessageAuthenticationCode> m_prf;
00047 
00048       size_t m_collected_entropy_estimate = 0;
00049       size_t m_output_since_reseed = 0;
00050 
00051       secure_vector<byte> m_K;
00052       u32bit m_counter = 0;
00053    };
00054 
00055 }
00056 
00057 #endif