1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
// randpool.h - originally written and placed in the public domain by Wei Dai
// OldRandPool added by JW in August, 2017.
//! \file randpool.h
//! \brief Class file for Randomness Pool
//! \details RandomPool can be used to generate cryptographic quality pseudorandom bytes
//! after seeding the pool with IncorporateEntropy(). Internally, the generator uses
//! AES-256 to produce the stream. Entropy is stirred in using SHA-256.
//! \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5
//! RandomPool was redesigned to reduce the risk of reusing random numbers after state
//! rollback (which may occur when running in a virtual machine like VMware or a hosted
//! environment).
//! \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. You
//! should migrate away from OldRandomPool at the earliest opportunity. Use RandomPool
//! or AutoSeededRandomPool instead.
//! \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based)
#ifndef CRYPTOPP_RANDPOOL_H
#define CRYPTOPP_RANDPOOL_H
#include "cryptlib.h"
#include "filters.h"
#include "secblock.h"
#include "smartptr.h"
#include "aes.h"
NAMESPACE_BEGIN(CryptoPP)
//! \class RandomPool
//! \brief Randomness Pool based on AES-256
//! \details RandomPool can be used to generate cryptographic quality pseudorandom bytes
//! after seeding the pool with IncorporateEntropy(). Internally, the generator uses
//! AES-256 to produce the stream. Entropy is stirred in using SHA-256.
//! \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5
//! RandomPool was redesigned to reduce the risk of reusing random numbers after state
//! rollback, which may occur when running in a virtual machine like VMware or a hosted
//! environment.
//! \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. You
//! should migrate away from OldRandomPool at the earliest opportunity.
//! \sa OldRandomPool
//! \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based)
class CRYPTOPP_DLL RandomPool : public RandomNumberGenerator, public NotCopyable
{
public:
//! \brief Construct a RandomPool
RandomPool();
bool CanIncorporateEntropy() const {return true;}
void IncorporateEntropy(const byte *input, size_t length);
void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size);
private:
FixedSizeAlignedSecBlock<byte, 16, true> m_seed;
FixedSizeAlignedSecBlock<byte, 32> m_key;
member_ptr<BlockCipher> m_pCipher;
bool m_keySet;
};
//! \class OldRandomPool
//! \brief Randomness Pool based on PGP 2.6.x with MDC
//! \details If you need the pre-Crypto++ 5.5 generator then use OldRandomPool class. The
//! OldRandomPool class is always available so you dont need to define
//! CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY. OldRandomPool also provides the modern
//! interface, including <tt>CanIncorporateEntropy</tt>, <tt>IncorporateEntropy</tt> and
//! <tt>GenerateIntoBufferedTransformation</tt>.
//! \details You should migrate away from OldRandomPool at the earliest opportunity. Use a
//! modern random number generator or key derivation function, like AutoSeededRandomPool or
//! HKDF.
//! \deprecated This class uses an old style PGP 2.6.x with MDC. The generator risks reusing
//! random random numbers after state rollback. You should migrate away from OldRandomPool
//! at the earliest opportunity.
//! HKDF.
//! \sa RandomPool, AutoSeededRandomPool, HKDF, P1363_KDF2, PKCS12_PBKDF, PKCS5_PBKDF2_HMAC
//! \since Crypto++ 6.0 (PGP 2.6.x style)
class CRYPTOPP_DLL OldRandomPool : public RandomNumberGenerator
{
public:
//! \brief Construct an OldRandomPool
//! \param poolSize internal pool size of the generator
//! \details poolSize must be greater than 16
OldRandomPool(unsigned int poolSize=384);
// RandomNumberGenerator interface (Crypto++ 5.5 and above)
bool CanIncorporateEntropy() const {return true;}
void IncorporateEntropy(const byte *input, size_t length);
void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size);
byte GenerateByte();
void GenerateBlock(byte *output, size_t size);
protected:
void Stir();
private:
SecByteBlock pool, key;
size_t addPos, getPos;
};
NAMESPACE_END
#endif
|
