|
| | Hash_DRBG (const byte *entropy, size_t entropyLength=STRENGTH, const byte *nonce=NULL, size_t nonceLength=0, const byte *personalization=NULL, size_t personalizationLength=0) |
| | Construct a Hash DRBG. More...
|
| |
| unsigned int | GetSecurityStrength () const |
| | Provides the security strength. More...
|
| |
| unsigned int | GetSeedLength () const |
| | Provides the seed length. More...
|
| |
| unsigned int | GetMinEntropy () const |
| | Provides the minimum entropy size. More...
|
| |
| unsigned int | GetMaxEntropy () const |
| | Provides the maximum entropy size. More...
|
| |
| unsigned int | GetMinNonce () const |
| | Provides the minimum nonce size. More...
|
| |
| unsigned int | GetMaxNonce () const |
| | Provides the maximum nonce size. More...
|
| |
| unsigned int | GetMaxBytesPerRequest () const |
| | Provides the maximum size of a request to GenerateBlock. More...
|
| |
| unsigned int | GetMaxRequestBeforeReseed () const |
| | Provides the maximum number of requests before a reseed. More...
|
| |
| void | IncorporateEntropy (const byte *input, size_t length) |
| | Update RNG state with additional unpredictable values. More...
|
| |
| void | IncorporateEntropy (const byte *entropy, size_t entropyLength, const byte *additional, size_t additionaLength) |
| | Update RNG state with additional unpredictable values. More...
|
| |
| void | GenerateBlock (byte *output, size_t size) |
| | Generate random array of bytes. More...
|
| |
| void | GenerateBlock (const byte *additional, size_t additionaLength, byte *output, size_t size) |
| | Generate random array of bytes. More...
|
| |
| virtual | ~NIST_DRBG () |
| |
| virtual bool | CanIncorporateEntropy () const |
| | Determines if a generator can accept additional entropy. More...
|
| |
 Public Member Functions inherited from RandomNumberGenerator |
| virtual | ~RandomNumberGenerator () |
| |
| virtual byte | GenerateByte () |
| | Generate new random byte and return it. More...
|
| |
| virtual unsigned int | GenerateBit () |
| | Generate new random bit and return it. More...
|
| |
| virtual word32 | GenerateWord32 (word32 min=0, word32 max=0xffffffffUL) |
| | Generate a random 32 bit word in the range min to max, inclusive. More...
|
| |
| virtual void | GenerateIntoBufferedTransformation (BufferedTransformation &target, const std::string &channel, lword length) |
| | Generate random bytes into a BufferedTransformation. More...
|
| |
| virtual void | DiscardBytes (size_t n) |
| | Generate and discard n bytes. More...
|
| |
| template<class IT > |
| void | Shuffle (IT begin, IT end) |
| | Randomly shuffle the specified array. More...
|
| |
| virtual | ~Algorithm () |
| |
| | Algorithm (bool checkSelfTestStatus=true) |
| | Interface for all crypto algorithms. More...
|
| |
| virtual std::string | AlgorithmName () const |
| | Provides the name of this algorithm. More...
|
| |
| virtual | ~Clonable () |
| |
| virtual Clonable * | Clone () const |
| | Copies this object. More...
|
| |
|
| void | Hash_df (const byte *input1, size_t inlen1, const byte *input2, size_t inlen2, const byte *input3, size_t inlen3, const byte *input4, size_t inlen4, byte *output, size_t outlen) |
| |
| void | DRBG_Instantiate (const byte *entropy, size_t entropyLength, const byte *nonce, size_t nonceLength, const byte *personalization, size_t personalizationLength) |
| |
| void | DRBG_Reseed (const byte *entropy, size_t entropyLength, const byte *additional, size_t additionaLength) |
| |
| void | Hash_Generate (const byte *additional, size_t additionaLength, byte *output, size_t size) |
| |
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
class Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >
Hash_DRBG from SP 800-90A Rev 1 (June 2015)
- Template Parameters
-
| HASH | NIST approved hash derived from HashTransformation |
| STRENGTH | security strength, in bytes |
| SEEDLENGTH | seed length, in bytes |
The NIST Hash DRBG is instantiated with a number of parameters. Two of the parameters, Security Strength and Seed Length, depend on the hash and are specified as template parameters. The remaining parameters are included in the class. The parameters and their values are listed in NIST SP 800-90A Rev. 1, Table 2: Definitions for Hash-Based DRBG Mechanisms (p.38).
Some parameters have been reduce to fit C++ datatypes. For example, NIST allows upto 248 requests before a reseed. However, Hash_DRBG limits it to INT_MAX due to the limited data range of an int.
- See also
- Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Rev 1 (June 2015)
- Since
- Crypto++ 5.7
Definition at line 156 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::Hash_DRBG |
( |
const byte * |
entropy, |
|
|
size_t |
entropyLength = STRENGTH, |
|
|
const byte * |
nonce = NULL, |
|
|
size_t |
nonceLength = 0, |
|
|
const byte * |
personalization = NULL, |
|
|
size_t |
personalizationLength = 0 |
|
) |
| |
|
inline |
Construct a Hash DRBG.
- Parameters
-
| entropy | the entropy to instantiate the generator |
| entropyLength | the size of the entropy buffer |
| nonce | additional input to instantiate the generator |
| nonceLength | the size of the nonce buffer |
| personalization | additional input to instantiate the generator |
| personalizationLength | the size of the personalization buffer |
- Exceptions
-
| NIST_DRBG::Err | if the generator is instantiated with insufficient entropy |
All NIST DRBGs must be instaniated with at least MINIMUM_ENTROPY bytes of entropy. The byte array for entropy must meet NIST SP 800-90B or SP 800-90C requirements.
The nonce and personalization are optional byte arrays. If nonce is supplied, then it should be at least MINIMUM_NONCE bytes of entropy.
An example of instantiating a SHA256 generator is shown below. The example provides more entropy than required for SHA256. The NonblockingRng meets the requirements of NIST SP 800-90B or SP 800-90C. RDRAND() and RDSEED() generators would work as well.
SecByteBlock entropy(48), result(128);
NonblockingRng prng;
RandomNumberSource rns(prng, entropy.size(), new ArraySink(entropy, entropy.size()));
Hash_DRBG<SHA256, 128/8, 440/8> drbg(entropy, 32, entropy+32, 16);
drbg.GenerateBlock(result, result.size());
Definition at line 197 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GenerateBlock |
( |
const byte * |
additional, |
|
|
size_t |
additionaLength, |
|
|
byte * |
output, |
|
|
size_t |
size |
|
) |
| |
|
inlinevirtual |
Generate random array of bytes.
- Parameters
-
| additional | additional input to add to the generator |
| additionaLength | the size of the additional input buffer |
| output | the byte buffer |
| size | the length of the buffer, in bytes |
- Exceptions
-
GenerateBlock() is an overload provided to match NIST requirements. The byte array for additional input is optional. If present the additional randomness is mixed before generating the output bytes.
Implements NIST_DRBG.
Definition at line 222 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetMaxBytesPerRequest |
( |
| ) |
const |
|
inlinevirtual |
Provides the maximum size of a request to GenerateBlock.
- Returns
- The the maximum size of a request to GenerateBlock(), in bytes
The equivalent class constant is MAXIMUM_BYTES_PER_REQUEST
Implements NIST_DRBG.
Definition at line 210 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetMaxEntropy |
( |
| ) |
const |
|
inlinevirtual |
Provides the maximum entropy size.
- Returns
- The maximum entropy size that can be consumed by the generator, in bytes
The equivalent class constant is MAXIMUM_ENTROPY. The bytes must meet NIST SP 800-90B or SP 800-90C requirements. MAXIMUM_ENTROPY has been reduced from 235 to INT_MAX to fit the underlying C++ datatype.
Implements NIST_DRBG.
Definition at line 207 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetMaxNonce |
( |
| ) |
const |
|
inlinevirtual |
Provides the maximum nonce size.
- Returns
- The maximum nonce that can be consumed by the generator, in bytes
The equivalent class constant is MAXIMUM_NONCE. MAXIMUM_NONCE has been reduced from 235 to INT_MAX to fit the underlying C++ datatype. If a nonce is not required then MINIMUM_NONCE is 0. Hash_DRBG does not require a nonce, while HMAC_DRBG and CTR_DRBG require a nonce.
Implements NIST_DRBG.
Definition at line 209 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetMaxRequestBeforeReseed |
( |
| ) |
const |
|
inlinevirtual |
Provides the maximum number of requests before a reseed.
- Returns
- The the maximum number of requests before a reseed, in bytes
The equivalent class constant is MAXIMUM_REQUESTS_BEFORE_RESEED. MAXIMUM_REQUESTS_BEFORE_RESEED has been reduced from 248 to INT_MAX to fit the underlying C++ datatype.
Implements NIST_DRBG.
Definition at line 211 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetMinEntropy |
( |
| ) |
const |
|
inlinevirtual |
Provides the minimum entropy size.
- Returns
- The minimum entropy size required by the generator, in bytes
The equivalent class constant is MINIMUM_ENTROPY. All NIST DRBGs must be instaniated with at least MINIMUM_ENTROPY bytes of entropy. The bytes must meet NIST SP 800-90B or SP 800-90C requirements.
Implements NIST_DRBG.
Definition at line 206 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetMinNonce |
( |
| ) |
const |
|
inlinevirtual |
Provides the minimum nonce size.
- Returns
- The minimum nonce size recommended for the generator, in bytes
The equivalent class constant is MINIMUM_NONCE. If a nonce is not required then MINIMUM_NONCE is 0. Hash_DRBG does not require a nonce, while HMAC_DRBG and CTR_DRBG require a nonce.
Implements NIST_DRBG.
Definition at line 208 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetSecurityStrength |
( |
| ) |
const |
|
inlinevirtual |
Provides the security strength.
- Returns
- The security strength of the generator, in bytes
The equivalent class constant is SECURITY_STRENGTH
Implements NIST_DRBG.
Definition at line 204 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| unsigned int Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::GetSeedLength |
( |
| ) |
const |
|
inlinevirtual |
Provides the seed length.
- Returns
- The seed size of the generator, in bytes
The equivalent class constant is SEED_LENGTH. The size is used to maintain internal state of V and C.
Implements NIST_DRBG.
Definition at line 205 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::IncorporateEntropy |
( |
const byte * |
input, |
|
|
size_t |
length |
|
) |
| |
|
inlinevirtual |
Update RNG state with additional unpredictable values.
- Parameters
-
| input | the entropy to add to the generator |
| length | the size of the input buffer |
- Exceptions
-
NIST instantiation and reseed requirements demand the generator is constructed with at least MINIMUM_ENTROPY entropy. The byte array for input must meet NIST SP 800-90B or SP 800-90C requirements.
Implements NIST_DRBG.
Definition at line 213 of file drbg.h.
template<typename HASH = SHA256, unsigned int STRENGTH = 128/8, unsigned int SEEDLENGTH = 440/8>
| void Hash_DRBG< HASH, STRENGTH, SEEDLENGTH >::IncorporateEntropy |
( |
const byte * |
entropy, |
|
|
size_t |
entropyLength, |
|
|
const byte * |
additional, |
|
|
size_t |
additionaLength |
|
) |
| |
|
inlinevirtual |
Update RNG state with additional unpredictable values.
- Parameters
-
| entropy | the entropy to add to the generator |
| entropyLength | the size of the input buffer |
| additional | additional input to add to the generator |
| additionaLength | the size of the additional input buffer |
- Exceptions
-
IncorporateEntropy() is an overload provided to match NIST requirements. NIST instantiation and reseed requirements demand the generator is constructed with at least MINIMUM_ENTROPY entropy. The byte array for entropy must meet NIST SP 800-90B or SP 800-90C requirements.
Implements NIST_DRBG.
Definition at line 216 of file drbg.h.
1.8.11
