Botan
1.11.15
|
00001 /* 00002 * HMAC RNG 00003 * (C) 2008,2013 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #ifndef BOTAN_HMAC_RNG_H__ 00009 #define BOTAN_HMAC_RNG_H__ 00010 00011 #include <botan/mac.h> 00012 #include <botan/rng.h> 00013 #include <vector> 00014 00015 namespace Botan { 00016 00017 /** 00018 * HMAC_RNG - based on the design described in "On Extract-then-Expand 00019 * Key Derivation Functions and an HMAC-based KDF" by Hugo Krawczyk 00020 * (henceforce, 'E-t-E') 00021 * 00022 * However it actually can be parameterized with any two MAC functions, 00023 * not restricted to HMAC (this variation is also described in 00024 * Krawczyk's paper), for instance one could use HMAC(SHA-512) as the 00025 * extractor and CMAC(AES-256) as the PRF. 00026 */ 00027 class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator 00028 { 00029 public: 00030 void randomize(byte buf[], size_t len); 00031 bool is_seeded() const; 00032 void clear(); 00033 std::string name() const; 00034 00035 void reseed(size_t poll_bits); 00036 void add_entropy(const byte[], size_t); 00037 00038 /** 00039 * @param extractor a MAC used for extracting the entropy 00040 * @param prf a MAC used as a PRF using HKDF construction 00041 */ 00042 HMAC_RNG(MessageAuthenticationCode* extractor, 00043 MessageAuthenticationCode* prf); 00044 private: 00045 std::unique_ptr<MessageAuthenticationCode> m_extractor; 00046 std::unique_ptr<MessageAuthenticationCode> m_prf; 00047 00048 size_t m_collected_entropy_estimate = 0; 00049 size_t m_output_since_reseed = 0; 00050 00051 secure_vector<byte> m_K; 00052 u32bit m_counter = 0; 00053 }; 00054 00055 } 00056 00057 #endif