From bfd8226625ecae4ed461e7cebc1e47dcdbca0d35 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 3 Jan 2025 10:42:59 -0500 Subject: [PATCH] Let the entropy module be optional It was previously required by the rng module, but this isn't really necessary, especially for anyone who is just using the system RNG. (And/or NIST DRBGs seeded with the system RNG.) --- src/cli/cli_rng.cpp | 10 ++++++++- src/cli/entropy.cpp | 12 ++++++++--- src/lib/prov/pkcs11/p11_randomgenerator.h | 1 - src/lib/rng/auto_rng/auto_rng.cpp | 19 +++++++++++------ src/lib/rng/info.txt | 4 ---- src/lib/rng/rng.cpp | 13 +++++++++--- src/tests/test_entropy.cpp | 13 +++++++++--- src/tests/test_pkcs11_high_level.cpp | 6 ++++++ src/tests/test_rng_behavior.cpp | 26 +++++++++++++++++------ 9 files changed, 76 insertions(+), 28 deletions(-) diff --git a/src/cli/cli_rng.cpp b/src/cli/cli_rng.cpp index 4d375025a21..2d4e8b2ae3e 100644 --- a/src/cli/cli_rng.cpp +++ b/src/cli/cli_rng.cpp @@ -5,11 +5,15 @@ */ #include "cli.h" -#include + #include #include #include +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + #include +#endif + #if defined(BOTAN_HAS_AUTO_SEEDING_RNG) #include #endif @@ -56,7 +60,11 @@ std::shared_ptr cli_make_rng(const std::string& rn std::shared_ptr rng; if(rng_type == "entropy") { + #if defined(BOTAN_HAS_ENTROPY_SOURCE) rng = std::make_shared(Botan::Entropy_Sources::global_sources()); + #else + throw CLI_Error_Unsupported("Entropy sources not included in this build"); + #endif } else { rng = std::make_shared(); } diff --git a/src/cli/entropy.cpp b/src/cli/entropy.cpp index a1efb5d85d8..b24e7cf0ab5 100644 --- a/src/cli/entropy.cpp +++ b/src/cli/entropy.cpp @@ -7,7 +7,9 @@ #include "../tests/test_rng.h" // FIXME #include "cli.h" -#include +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + #include +#endif #if defined(BOTAN_HAS_COMPRESSION) #include @@ -15,6 +17,8 @@ namespace Botan_CLI { +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + class Entropy final : public Command { public: Entropy() : Command("entropy --truncate-at=128 source") {} @@ -50,7 +54,7 @@ class Entropy final : public Command { output() << "Polling " << source << " gathered " << sample.size() << " bytes in " << rng.samples() << " outputs with estimated entropy " << entropy_estimate << "\n"; -#if defined(BOTAN_HAS_COMPRESSION) + #if defined(BOTAN_HAS_COMPRESSION) if(!sample.empty()) { auto comp = Botan::Compression_Algorithm::create("zlib"); if(comp) { @@ -69,7 +73,7 @@ class Entropy final : public Command { } } } -#endif + #endif if(sample.size() <= truncate_sample) { output() << Botan::hex_encode(sample) << "\n"; @@ -82,4 +86,6 @@ class Entropy final : public Command { BOTAN_REGISTER_COMMAND("entropy", Entropy); +#endif + } // namespace Botan_CLI diff --git a/src/lib/prov/pkcs11/p11_randomgenerator.h b/src/lib/prov/pkcs11/p11_randomgenerator.h index 8784978bd02..db826016df8 100644 --- a/src/lib/prov/pkcs11/p11_randomgenerator.h +++ b/src/lib/prov/pkcs11/p11_randomgenerator.h @@ -9,7 +9,6 @@ #ifndef BOTAN_P11_RNG_H_ #define BOTAN_P11_RNG_H_ -#include #include #include diff --git a/src/lib/rng/auto_rng/auto_rng.cpp b/src/lib/rng/auto_rng/auto_rng.cpp index e3dc28d2792..42b76020cbe 100644 --- a/src/lib/rng/auto_rng/auto_rng.cpp +++ b/src/lib/rng/auto_rng/auto_rng.cpp @@ -6,11 +6,12 @@ #include -#include #include #include -#include +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + #include +#endif #if defined(BOTAN_HAS_SYSTEM_RNG) #include @@ -27,7 +28,7 @@ std::unique_ptr auto_rng_hmac() { }; for(const auto& hmac : possible_auto_rng_hmacs) { - if(auto mac = MessageAuthenticationCode::create_or_throw(hmac)) { + if(auto mac = MessageAuthenticationCode::create(hmac)) { return mac; } } @@ -60,13 +61,17 @@ AutoSeeded_RNG::AutoSeeded_RNG(RandomNumberGenerator& underlying_rng, force_reseed(); } -AutoSeeded_RNG::AutoSeeded_RNG(size_t reseed_interval) : +AutoSeeded_RNG::AutoSeeded_RNG(size_t reseed_interval) { #if defined(BOTAN_HAS_SYSTEM_RNG) - AutoSeeded_RNG(system_rng(), reseed_interval) + m_rng = std::make_unique(auto_rng_hmac(), system_rng(), reseed_interval); +#elif defined(BOTAN_HAS_ENTROPY_SOURCE) + m_rng = std::make_unique(auto_rng_hmac(), Entropy_Sources::global_sources(), reseed_interval); #else - AutoSeeded_RNG(Entropy_Sources::global_sources(), reseed_interval) + BOTAN_UNUSED(reseed_interval); + throw Not_Implemented("AutoSeeded_RNG default constructor not available due to no RNG or entropy sources"); #endif -{ + + force_reseed(); } void AutoSeeded_RNG::force_reseed() { diff --git a/src/lib/rng/info.txt b/src/lib/rng/info.txt index 2b5b3acda3d..abec96cd5b2 100644 --- a/src/lib/rng/info.txt +++ b/src/lib/rng/info.txt @@ -1,7 +1,3 @@ - -entropy - - name -> "Random Number Generators" brief -> "Implementations of Random Number Generators" diff --git a/src/lib/rng/rng.cpp b/src/lib/rng/rng.cpp index d5055145449..7c70cd6636e 100644 --- a/src/lib/rng/rng.cpp +++ b/src/lib/rng/rng.cpp @@ -6,9 +6,12 @@ #include -#include #include +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + #include +#endif + #if defined(BOTAN_HAS_SYSTEM_RNG) #include #endif @@ -47,10 +50,14 @@ void RandomNumberGenerator::randomize_with_ts_input(std::span output) { size_t RandomNumberGenerator::reseed(Entropy_Sources& srcs, size_t poll_bits, std::chrono::milliseconds poll_timeout) { if(this->accepts_input()) { +#if defined(BOTAN_HAS_ENTROPY_SOURCE) return srcs.poll(*this, poll_bits, poll_timeout); - } else { - return 0; +#else + BOTAN_UNUSED(srcs, poll_bits, poll_timeout); +#endif } + + return 0; } void RandomNumberGenerator::reseed_from_rng(RandomNumberGenerator& rng, size_t poll_bits) { diff --git a/src/tests/test_entropy.cpp b/src/tests/test_entropy.cpp index a1e6c81f1cd..293354687f6 100644 --- a/src/tests/test_entropy.cpp +++ b/src/tests/test_entropy.cpp @@ -6,7 +6,10 @@ #include "test_rng.h" #include "tests.h" -#include + +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + #include +#endif #if defined(BOTAN_HAS_COMPRESSION) #include @@ -14,6 +17,8 @@ namespace Botan_Tests { +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + namespace { class Entropy_Source_Tests final : public Test { @@ -44,7 +49,7 @@ class Entropy_Source_Tests final : public Test { result.test_note("poll result", rng.seed_material()); -#if defined(BOTAN_HAS_COMPRESSION) + #if defined(BOTAN_HAS_COMPRESSION) if(!rng.seed_material().empty()) { /* * Skip bzip2 both due to OS X problem (GH #394) and because bzip2's @@ -102,7 +107,7 @@ class Entropy_Source_Tests final : public Test { } } } -#endif + #endif } catch(std::exception& e) { result.test_failure("during entropy collection test", e.what()); } @@ -119,4 +124,6 @@ BOTAN_REGISTER_TEST("rng", "entropy", Entropy_Source_Tests); } // namespace +#endif + } // namespace Botan_Tests diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index 1d23df73142..5b432d828a9 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -26,6 +26,10 @@ #include #endif +#if defined(BOTAN_HAS_ENTROPY_SOURCE) + #include +#endif + #if defined(BOTAN_HAS_PUBLIC_KEY_CRYPTO) #include #endif @@ -1404,9 +1408,11 @@ Test::Result test_rng_add_entropy() { p11_rng.clear(); result.confirm("RNG ignores call to clear", p11_rng.is_seeded()); + #if defined(BOTAN_HAS_ENTROPY_SOURCE) result.test_eq("RNG ignores calls to reseed", p11_rng.reseed(Botan::Entropy_Sources::global_sources(), 256, std::chrono::milliseconds(300)), 0); + #endif auto rng = Test::new_rng(__func__); auto random = rng->random_vec(20); diff --git a/src/tests/test_rng_behavior.cpp b/src/tests/test_rng_behavior.cpp index 2be03aed795..87744c3c70b 100644 --- a/src/tests/test_rng_behavior.cpp +++ b/src/tests/test_rng_behavior.cpp @@ -146,6 +146,7 @@ class Stateful_RNG_Tests : public Test { Test::Result test_broken_entropy_input() { Test::Result result(rng_name() + " Broken Entropy Input"); + #if defined(BOTAN_HAS_ENTROPY_SOURCE) class Broken_Entropy_Source final : public Botan::Entropy_Source { public: std::string name() const override { return "Broken Entropy Source"; } @@ -161,6 +162,7 @@ class Stateful_RNG_Tests : public Test { size_t poll(Botan::RandomNumberGenerator& /*rng*/) override { return 0; } }; + #endif // make sure no output is generated when the entropy input source is broken @@ -171,6 +173,8 @@ class Stateful_RNG_Tests : public Test { result.test_throws("broken underlying rng", [&rng_with_broken_rng]() { rng_with_broken_rng->random_vec(16); }); + #if defined(BOTAN_HAS_ENTROPY_SOURCE) + // entropy_sources throw exception auto broken_entropy_source_1 = std::make_unique(); auto broken_entropy_source_2 = std::make_unique(); @@ -209,6 +213,7 @@ class Stateful_RNG_Tests : public Test { result.test_throws("underlying rng and entropy sources broken", [&rng_with_broken_rng_and_broken_es]() { rng_with_broken_rng_and_broken_es->random_vec(16); }); + #endif return result; } @@ -678,22 +683,24 @@ class AutoSeeded_RNG_Tests final : public Test { static Test::Result auto_rng_tests() { Test::Result result("AutoSeeded_RNG"); - Botan::Entropy_Sources no_entropy_for_you; Botan::Null_RNG null_rng; result.test_eq("Null_RNG is null", null_rng.is_seeded(), false); try { - Botan::AutoSeeded_RNG rng(no_entropy_for_you); - result.test_failure("AutoSeeded_RNG should have rejected useless entropy source"); + Botan::AutoSeeded_RNG rng(null_rng); } catch(Botan::PRNG_Unseeded&) { - result.test_success("AutoSeeded_RNG rejected empty entropy source"); + result.test_success("AutoSeeded_RNG rejected useless RNG"); } + #if defined(BOTAN_HAS_ENTROPY_SOURCE) + Botan::Entropy_Sources no_entropy_for_you; + try { - Botan::AutoSeeded_RNG rng(null_rng); + Botan::AutoSeeded_RNG rng(no_entropy_for_you); + result.test_failure("AutoSeeded_RNG should have rejected useless entropy source"); } catch(Botan::PRNG_Unseeded&) { - result.test_success("AutoSeeded_RNG rejected useless RNG"); + result.test_success("AutoSeeded_RNG rejected empty entropy source"); } try { @@ -701,6 +708,7 @@ class AutoSeeded_RNG_Tests final : public Test { } catch(Botan::PRNG_Unseeded&) { result.test_success("AutoSeeded_RNG rejected useless RNG+entropy sources"); } + #endif Botan::AutoSeeded_RNG rng; @@ -720,9 +728,11 @@ class AutoSeeded_RNG_Tests final : public Test { rng.clear(); result.test_eq("AutoSeeded_RNG unseeded after calling clear", rng.is_seeded(), false); + #if defined(BOTAN_HAS_ENTROPY_SOURCE) const size_t no_entropy_bits = rng.reseed(no_entropy_for_you, 256, std::chrono::milliseconds(300)); result.test_eq("AutoSeeded_RNG can't reseed from nothing", no_entropy_bits, 0); result.test_eq("AutoSeeded_RNG still unseeded", rng.is_seeded(), false); + #endif rng.random_vec(16); // generate and discard output result.confirm("AutoSeeded_RNG can be reseeded", rng.is_seeded()); @@ -767,7 +777,9 @@ class System_RNG_Tests final : public Test { rng.clear(); // clear is a noop for system rng result.confirm("System RNG always seeded", rng.is_seeded()); + #if defined(BOTAN_HAS_ENTROPY_SOURCE) rng.reseed(Botan::Entropy_Sources::global_sources(), 256, std::chrono::milliseconds(100)); + #endif for(size_t i = 0; i != 128; ++i) { std::vector out_buf(i); @@ -813,8 +825,10 @@ class Processor_RNG_Tests final : public Test { rng.clear(); // clear is a noop for rdrand result.confirm("CPU RNG always seeded", rng.is_seeded()); + #if defined(BOTAN_HAS_ENTROPY_SOURCE) size_t reseed_bits = rng.reseed(Botan::Entropy_Sources::global_sources(), 256, std::chrono::seconds(1)); result.test_eq("CPU RNG cannot consume inputs", reseed_bits, size_t(0)); + #endif /* Processor_RNG ignores add_entropy calls - confirm this by passing