如何在AutoSeededX917RNG中重新生成值

时间:2015-02-14 12:48:10

标签: c++ random crypto++

我需要在需要时重新生成pseuorandom值。我的代码是:

static const unsigned int BLOCKSIZE = 5; 
byte scratch[ BLOCKSIZE ];

CryptoPP::AutoSeededX917RNG<CryptoPP::AES> rng;
rng.GenerateBlock(scratch,BLOCKSIZE);

std::cout << "The generated random block is:" << std::endl;
for( unsigned int i = 0; i < BLOCKSIZE; i++ )
{
    std::cout << std::setw(2) << std::setfill('0');
    std::cout << static_cast<unsigned int>( scratch[ i ] );
}
std::cout << std::endl;

1 个答案:

答案 0 :(得分:1)

  

如何在AutoSeededX917RNG中重新生成值

您无法使用AutoSeeded*生成器。

-----

  

我需要在需要时重新生成pseuorandom值...

在这种情况下,我认为你只有两个选择 - LC_RNG(不安全)或RandomPool(更安全,但有差距)。两者都需要您使用 运行生成器 相同的种子来生成相同的位流。

RandomPool是PGP样式生成器,其基础算法为MDC<SHA>它将产生相同的比特流给定相同的种子。它使用时间,因此它为每次运行产生不同的流(即使使用相同的种子)。

使用AutoSeeded*生成器,例如AutoSeededRandomPoolAutoSeededX917RNGAutoSeeded*从操作系统的熵池读取,然后用它读取的位为种子生成种子。

另请参阅Crypto ++ wiki上的RandomNumberGenerator

-----

更新RandomPool使用时间(抱歉,我应该在推荐之前进行检查)。

可以使用OFB_Mode<T>::Encryption生成可重现的随机流。 Crypto ++测试程序使用它(参见test.cpp - 它是从GlobalRNG()返回的生成器)。示例如下所示。

SecByteBlock seed(32 + 16);
OS_GenerateRandomBlock(false, seed, seed.size());

for(unsigned int i = 0; i < 10; i++)
{
    OFB_Mode<AES>::Encryption prng;
    prng.SetKeyWithIV(seed, 32, seed + 32, 16);

    SecByteBlock t(16);
    prng.GenerateBlock(t, t.size());

    string s;
    HexEncoder hex(new StringSink(s));

    hex.Put(t, t.size());
    hex.MessageEnd();

    cout << "Random: " << s << endl;
}

OFB_mode<T>::Encryption可以用作生成器,因为OFB模式使用AdditiveCipherTemplate<T>,它派生自RandomNumberGenerator

运行它会产生类似于下面的内容。

$ ./cryptopp-test.exe
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD
Random: DF3D3F8E8A21C39C0871B375013AA2CD

-----

您还可以将AES_RNG.h中的以下代码用于基于AES-256的确定性生成器。如果使用相同的种子,它将产生相同的比特流。它比OFB_Mode<T>::Encryption更灵活,因为它可以采用任意大小的种子。

测试它的代码如下:

SecByteBlock seed(32);
OS_GenerateRandomBlock(false, seed, seed.size());

for(unsigned int i = 0; i < 10; i++)
{
    AES_RNG prng(seed, seed.size());

    SecByteBlock t(16);
    prng.GenerateBlock(t, t.size());

    string s;
    HexEncoder hex(new StringSink(s));

    hex.Put(t, t.size());
    hex.MessageEnd();

    cout << "Random: " << s << endl << endl;
}

它的输出看起来类似于下面。程序的每次运行都会有所不同,因为每次运行都使用不同的种子(通过OS_GenerateRandomBlock):

$ ./cryptopp-test.exe 
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812
Random: D9B48CB7D37C88BDF2A0B0022AB1A812

<强> AES_RNG.h 

#include <cryptopp/cryptlib.h>
using CryptoPP::NotCopyable;
using CryptoPP::BufferedTransformation;
using CryptoPP::BlockCipher;

#include <cryptopp/secblock.h>
using CryptoPP::AlignedSecByteBlock;
using CryptoPP::FixedSizeSecBlock;

#include <cryptopp/smartptr.h>
using CryptoPP::member_ptr;

#include <cryptopp/osrng.h>
using CryptoPP::OS_GenerateRandomBlock;
using CryptoPP::RandomNumberGenerator;

#include <cryptopp/aes.h>
using CryptoPP::AES;

#include <cryptopp/sha.h>
using CryptoPP::SHA512;

class AES_RNG : public RandomNumberGenerator, public NotCopyable
{
public:
    explicit AES_RNG(const byte *seed = NULL, size_t length = 0)
    : m_pCipher(new AES::Encryption), m_keyed(SeedHelper(seed, length))
    {
    }

    bool CanIncorporateEntropy() const
    {
        return true;
    }

    void IncorporateEntropy(const byte *input, size_t length)
    {
        m_keyed = SeedHelper(input, length, false);
    }

    void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size)
    {
        if (!m_keyed) {
            m_pCipher->SetKey(m_key, m_key.size());
            m_keyed = true;
        }

        while (size > 0)
        {
            m_pCipher->ProcessBlock(m_seed);
            size_t len = std::min((size_t)16, (size_t)size);
            target.ChannelPut(channel, m_seed, len);
            size -= len;
        }
    }

protected:
    // Sets up to use the cipher. Its a helper to allow a throw
    //   in the contructor during initialization.  Returns true
    //   if the cipher was keyed, and false if it was not.
    bool SeedHelper(const byte* input, size_t length, bool ctor = true)
    {
        // 32-byte key, 16-byte seed
        AlignedSecByteBlock seed(32 + 16);
        SHA512 hash;

        if(ctor)
        {
            memset(m_key, 0x00, m_key.size());
            memset(m_seed, 0x00, m_seed.size());
        }

        if(input && length)
        {
            // Use the user supplied seed.
            hash.Update(input, length);
        }
        else
        {
            // No seed or size. Use the OS to gather entropy.
            OS_GenerateRandomBlock(false, seed, seed.size());
            hash.Update(seed, seed.size());
        }

        hash.Update(m_key.data(), m_key.size());
        hash.TruncatedFinal(seed.data(), seed.size());

        memcpy(m_key.data(), seed.data() + 0, 32);
        memcpy(m_seed.data(), seed.data() + 32, 16);

        // Return false. This allows the constructor to complete
        //   before the pointer m_pCipher is used.
        return false;
    }

private: 
    FixedSizeSecBlock<byte, 32> m_key;
    FixedSizeSecBlock<byte, 16> m_seed;    
    member_ptr<BlockCipher> m_pCipher;
    bool m_keyed;
};
相关问题
最新问题