/**
* Construct a SP800-90A Hash DRBG.
* <p>
* Minimum entropy requirement is the security strength requested.
* </p>
* @param digest source digest to use for DRB stream.
* @param securityStrength security strength required (in bits)
* @param entropySource source of entropy to use for seeding/reseeding.
* @param personalizationString personalization string to distinguish this DRBG (may be null).
* @param nonce nonce to further distinguish this DRBG (may be null).
*/
public HashSP800Drbg(IDigest digest, int securityStrength, IEntropySource entropySource, byte[] personalizationString, byte[] nonce)
{
if (securityStrength > DrbgUtilities.GetMaxSecurityStrength(digest))
throw new ArgumentException("Requested security strength is not supported by the derivation function");
if (entropySource.EntropySize < securityStrength)
throw new ArgumentException("Not enough entropy for security strength required");
mDigest = digest;
mEntropySource = entropySource;
mSecurityStrength = securityStrength;
mSeedLength = (int)seedlens[digest.AlgorithmName];
// 1. seed_material = entropy_input || nonce || personalization_string.
// 2. seed = Hash_df (seed_material, seedlen).
// 3. V = seed.
// 4. C = Hash_df ((0x00 || V), seedlen). Comment: Preceed V with a byte
// of zeros.
// 5. reseed_counter = 1.
// 6. Return V, C, and reseed_counter as the initial_working_state
byte[] entropy = GetEntropy();
byte[] seedMaterial = Arrays.ConcatenateAll(entropy, nonce, personalizationString);
byte[] seed = DrbgUtilities.HashDF(mDigest, seedMaterial, mSeedLength);
mV = seed;
byte[] subV = new byte[mV.Length + 1];
Array.Copy(mV, 0, subV, 1, mV.Length);
mC = DrbgUtilities.HashDF(mDigest, subV, mSeedLength);
mReseedCounter = 1;
}
internal SP800SecureRandom(SecureRandom randomSource, IEntropySource entropySource, IDrbgProvider drbgProvider, bool predictionResistant)
: base((IRandomGenerator)null)
{
this.mRandomSource = randomSource;
this.mEntropySource = entropySource;
this.mDrbgProvider = drbgProvider;
this.mPredictionResistant = predictionResistant;
}
public DrbgTestVector(IDigest digest, IEntropySource eSource, bool predictionResistance, string nonce,
int securityStrength, string[] expected)
{
_digest = digest;
_eSource = eSource;
_pr = predictionResistance;
_nonce = nonce;
_ss = securityStrength;
_ev = expected;
_personalisation = null;
}
public DrbgTestVector(IBlockCipher cipher, int keySizeInBits, IEntropySource eSource, bool predictionResistance,
string nonce, int securityStrength, string[] expected)
{
_cipher = cipher;
_keySizeInBits = keySizeInBits;
_eSource = eSource;
_pr = predictionResistance;
_nonce = nonce;
_ss = securityStrength;
_ev = expected;
_personalisation = null;
}
/**
*
* @param engine
* @param entropySource
*/
internal X931Rng(IBlockCipher engine, byte[] dateTimeVector, IEntropySource entropySource)
{
this.mEngine = engine;
this.mEntropySource = entropySource;
this.mDT = new byte[engine.GetBlockSize()];
Array.Copy(dateTimeVector, 0, mDT, 0, mDT.Length);
this.mI = new byte[engine.GetBlockSize()];
this.mR = new byte[engine.GetBlockSize()];
}
/**
* Generate numBytes worth of entropy from the passed in entropy source.
*
* @param entropySource the entropy source to request the data from.
* @param numBytes the number of bytes of entropy requested.
* @return a byte array populated with the random data.
*/
public static byte[] GenerateSeed(IEntropySource entropySource, int numBytes)
{
byte[] bytes = new byte[numBytes];
int count = 0;
while (count < numBytes)
{
byte[] entropy = entropySource.GetEntropy();
int toCopy = System.Math.Min(bytes.Length, numBytes - count);
Array.Copy(entropy, 0, bytes, count, toCopy);
count += toCopy;
}
return bytes;
}
/**
* Construct a SP800-90A Hash DRBG.
* <p>
* Minimum entropy requirement is the security strength requested.
* </p>
* @param hMac Hash MAC to base the DRBG on.
* @param securityStrength security strength required (in bits)
* @param entropySource source of entropy to use for seeding/reseeding.
* @param personalizationString personalization string to distinguish this DRBG (may be null).
* @param nonce nonce to further distinguish this DRBG (may be null).
*/
public HMacSP800Drbg(IMac hMac, int securityStrength, IEntropySource entropySource, byte[] personalizationString, byte[] nonce)
{
if (securityStrength > DrbgUtilities.GetMaxSecurityStrength(hMac))
throw new ArgumentException("Requested security strength is not supported by the derivation function");
if (entropySource.EntropySize < securityStrength)
throw new ArgumentException("Not enough entropy for security strength required");
mHMac = hMac;
mSecurityStrength = securityStrength;
mEntropySource = entropySource;
byte[] entropy = GetEntropy();
byte[] seedMaterial = Arrays.ConcatenateAll(entropy, nonce, personalizationString);
mK = new byte[hMac.GetMacSize()];
mV = new byte[mK.Length];
Arrays.Fill(mV, (byte)1);
hmac_DRBG_Update(seedMaterial);
mReseedCounter = 1;
}
/**
* Construct a SP800-90A CTR DRBG.
* <p>
* Minimum entropy requirement is the security strength requested.
* </p>
* @param engine underlying block cipher to use to support DRBG
* @param keySizeInBits size of the key to use with the block cipher.
* @param securityStrength security strength required (in bits)
* @param entropySource source of entropy to use for seeding/reseeding.
* @param personalizationString personalization string to distinguish this DRBG (may be null).
* @param nonce nonce to further distinguish this DRBG (may be null).
*/
public CtrSP800Drbg(IBlockCipher engine, int keySizeInBits, int securityStrength, IEntropySource entropySource,
byte[] personalizationString, byte[] nonce)
{
if (securityStrength > 256)
throw new ArgumentException("Requested security strength is not supported by the derivation function");
if (GetMaxSecurityStrength(engine, keySizeInBits) < securityStrength)
throw new ArgumentException("Requested security strength is not supported by block cipher and key size");
if (entropySource.EntropySize < securityStrength)
throw new ArgumentException("Not enough entropy for security strength required");
mEntropySource = entropySource;
mEngine = engine;
mKeySizeInBits = keySizeInBits;
mSecurityStrength = securityStrength;
mSeedLength = keySizeInBits + engine.GetBlockSize() * 8;
mIsTdea = IsTdea(engine);
byte[] entropy = GetEntropy(); // Get_entropy_input
CTR_DRBG_Instantiate_algorithm(entropy, nonce, personalizationString);
}
public ISP80090Drbg Get(IEntropySource entropySource)
{
return new CtrSP800Drbg(mBlockCipher, mKeySizeInBits, mSecurityStrength, entropySource, mPersonalizationString, mNonce);
}
public ISP80090Drbg Get(IEntropySource entropySource)
{
return new HMacSP800Drbg(mHMac, mSecurityStrength, entropySource, mPersonalizationString, mNonce);
}
