botan: Use strongSwan's RNG interface in Botan plugin
This allows using rng_t implementations provided by other plugins to serve as RNG for Botan. Closes strongswan/strongswan#192.
This commit is contained in:
parent
5ffc1ec423
commit
4261fcedec
|
@ -33,6 +33,7 @@ plugins = \
|
||||||
plugins/attr.opt \
|
plugins/attr.opt \
|
||||||
plugins/attr-sql.opt \
|
plugins/attr-sql.opt \
|
||||||
plugins/bliss.opt \
|
plugins/bliss.opt \
|
||||||
|
plugins/botan.opt \
|
||||||
plugins/bypass-lan.opt \
|
plugins/bypass-lan.opt \
|
||||||
plugins/certexpire.opt \
|
plugins/certexpire.opt \
|
||||||
plugins/coupling.opt \
|
plugins/coupling.opt \
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
charon.plugins.botan.internal_rng_only = no
|
||||||
|
Force the use of Botan's internal RNG.
|
||||||
|
|
||||||
|
If enabled, only Botan's internal RNG will be used throughout the plugin.
|
||||||
|
Otherwise, and if supported by Botan, rng_t implementations provided by
|
||||||
|
other loaded plugins will be used as RNG.
|
|
@ -1177,6 +1177,10 @@ if test x$botan = xtrue; then
|
||||||
[PKG_CHECK_MODULES(botan, [botan-2])])
|
[PKG_CHECK_MODULES(botan, [botan-2])])
|
||||||
AC_SUBST(botan_CFLAGS)
|
AC_SUBST(botan_CFLAGS)
|
||||||
AC_SUBST(botan_LIBS)
|
AC_SUBST(botan_LIBS)
|
||||||
|
saved_LIBS=$LIBS
|
||||||
|
LIBS="$botan_LIBS"
|
||||||
|
AC_CHECK_FUNCS(botan_rng_init_custom)
|
||||||
|
LIBS=$saved_LIBS
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test x$uci = xtrue; then
|
if test x$uci = xtrue; then
|
||||||
|
|
|
@ -205,7 +205,7 @@ botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
free(this);
|
free(this);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -329,7 +329,7 @@ botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "system"))
|
if (!botan_get_rng(&rng, RNG_TRUE))
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -429,7 +429,7 @@ botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, va_list args)
|
||||||
|
|
||||||
this = create_empty(oid);
|
this = create_empty(oid);
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
chunk_clear(&pkcs8);
|
chunk_clear(&pkcs8);
|
||||||
free(this);
|
free(this);
|
||||||
|
|
|
@ -216,7 +216,7 @@ private_key_t *botan_ed_private_key_gen(key_type_t type, va_list args)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "system"))
|
if (!botan_get_rng(&rng, RNG_TRUE))
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -369,7 +369,7 @@ botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "system"))
|
if (!botan_get_rng(&rng, RNG_TRUE))
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -448,7 +448,7 @@ static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d,
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
|
@ -171,7 +171,7 @@ METHOD(public_key_t, encrypt, bool,
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
|
@ -238,7 +238,7 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme,
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
botan_pk_op_sign_destroy(sign_op);
|
botan_pk_op_sign_destroy(sign_op);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -345,3 +345,63 @@ const char *botan_map_rng_quality(rng_quality_t quality)
|
||||||
}
|
}
|
||||||
return rng_name;
|
return rng_name;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
|
||||||
|
|
||||||
|
CALLBACK(get_random, int,
|
||||||
|
rng_t *rng, uint8_t *out, size_t out_len)
|
||||||
|
{
|
||||||
|
if (!rng->get_bytes(rng, out_len, out))
|
||||||
|
{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
CALLBACK(destroy_rng, void,
|
||||||
|
rng_t *rng)
|
||||||
|
{
|
||||||
|
if (rng)
|
||||||
|
{
|
||||||
|
rng->destroy(rng);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Described in header
|
||||||
|
*/
|
||||||
|
bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
|
||||||
|
if (!lib->settings->get_bool(lib->settings,
|
||||||
|
"%s.plugins.botan.internal_rng_only", FALSE, lib->ns))
|
||||||
|
{
|
||||||
|
rng_t *rng = lib->crypto->create_rng(lib->crypto, quality);
|
||||||
|
|
||||||
|
if (!rng)
|
||||||
|
{
|
||||||
|
DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
|
||||||
|
quality);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
if (botan_rng_init_custom(botan_rng, "strongswan", rng,
|
||||||
|
get_random, NULL, destroy_rng))
|
||||||
|
{
|
||||||
|
DBG1(DBG_LIB, "Botan RNG creation failed");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
|
||||||
|
{
|
||||||
|
const char *rng_name = botan_map_rng_quality(quality);
|
||||||
|
|
||||||
|
if (!rng_name || botan_rng_init(botan_rng, rng_name))
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
|
@ -133,4 +133,13 @@ bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret);
|
||||||
*/
|
*/
|
||||||
const char *botan_map_rng_quality(rng_quality_t quality);
|
const char *botan_map_rng_quality(rng_quality_t quality);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get RNG for Botan API calls.
|
||||||
|
*
|
||||||
|
* @param botan_rng Botan RNG
|
||||||
|
* @param quality RNG quality requested
|
||||||
|
* @return TRUE if Botan RNG creation was successful
|
||||||
|
*/
|
||||||
|
bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality);
|
||||||
|
|
||||||
#endif /** BOTAN_UTIL_H_ @}*/
|
#endif /** BOTAN_UTIL_H_ @}*/
|
||||||
|
|
|
@ -21,6 +21,7 @@
|
||||||
* THE SOFTWARE.
|
* THE SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include "botan_util.h"
|
||||||
#include "botan_util_keys.h"
|
#include "botan_util_keys.h"
|
||||||
#include "botan_ec_public_key.h"
|
#include "botan_ec_public_key.h"
|
||||||
#include "botan_ec_private_key.h"
|
#include "botan_ec_private_key.h"
|
||||||
|
@ -81,7 +82,7 @@ public_key_t *botan_public_key_load(key_type_t type, va_list args)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -183,7 +184,7 @@ private_key_t *botan_private_key_load(key_type_t type, va_list args)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -155,7 +155,7 @@ diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group)
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
|
|
||||||
if (botan_rng_init(&rng, "user"))
|
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||||
{
|
{
|
||||||
free(this);
|
free(this);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
Loading…
Reference in New Issue