botan: Use strongSwan's RNG interface in Botan plugin

This allows using rng_t implementations provided by other plugins to
serve as RNG for Botan.

Closes strongswan/strongswan#192.
This commit is contained in:
René Fischer 2021-01-22 13:38:01 +01:00 committed by Tobias Brunner
parent 5ffc1ec423
commit 4261fcedec
12 changed files with 92 additions and 11 deletions

View File

@ -33,6 +33,7 @@ plugins = \
plugins/attr.opt \
plugins/attr-sql.opt \
plugins/bliss.opt \
plugins/botan.opt \
plugins/bypass-lan.opt \
plugins/certexpire.opt \
plugins/coupling.opt \

6
conf/plugins/botan.opt Normal file
View File

@ -0,0 +1,6 @@
charon.plugins.botan.internal_rng_only = no
Force the use of Botan's internal RNG.
If enabled, only Botan's internal RNG will be used throughout the plugin.
Otherwise, and if supported by Botan, rng_t implementations provided by
other loaded plugins will be used as RNG.

View File

@ -1177,6 +1177,10 @@ if test x$botan = xtrue; then
[PKG_CHECK_MODULES(botan, [botan-2])])
AC_SUBST(botan_CFLAGS)
AC_SUBST(botan_LIBS)
saved_LIBS=$LIBS
LIBS="$botan_LIBS"
AC_CHECK_FUNCS(botan_rng_init_custom)
LIBS=$saved_LIBS
fi
if test x$uci = xtrue; then

View File

@ -205,7 +205,7 @@ botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
return NULL;
}
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
free(this);
return NULL;

View File

@ -329,7 +329,7 @@ botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args)
return NULL;
}
if (botan_rng_init(&rng, "system"))
if (!botan_get_rng(&rng, RNG_TRUE))
{
return NULL;
}
@ -429,7 +429,7 @@ botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, va_list args)
this = create_empty(oid);
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
chunk_clear(&pkcs8);
free(this);

View File

@ -216,7 +216,7 @@ private_key_t *botan_ed_private_key_gen(key_type_t type, va_list args)
break;
}
if (botan_rng_init(&rng, "system"))
if (!botan_get_rng(&rng, RNG_TRUE))
{
return NULL;
}

View File

@ -369,7 +369,7 @@ botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
return NULL;
}
if (botan_rng_init(&rng, "system"))
if (!botan_get_rng(&rng, RNG_TRUE))
{
return NULL;
}
@ -448,7 +448,7 @@ static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d,
goto error;
}
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
goto error;
}

View File

@ -171,7 +171,7 @@ METHOD(public_key_t, encrypt, bool,
return FALSE;
}
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
return FALSE;
}

View File

@ -238,7 +238,7 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme,
return FALSE;
}
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
botan_pk_op_sign_destroy(sign_op);
return FALSE;
@ -345,3 +345,63 @@ const char *botan_map_rng_quality(rng_quality_t quality)
}
return rng_name;
}
#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
CALLBACK(get_random, int,
rng_t *rng, uint8_t *out, size_t out_len)
{
if (!rng->get_bytes(rng, out_len, out))
{
return -1;
}
return 0;
}
CALLBACK(destroy_rng, void,
rng_t *rng)
{
if (rng)
{
rng->destroy(rng);
}
}
#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
/*
* Described in header
*/
bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality)
{
#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
if (!lib->settings->get_bool(lib->settings,
"%s.plugins.botan.internal_rng_only", FALSE, lib->ns))
{
rng_t *rng = lib->crypto->create_rng(lib->crypto, quality);
if (!rng)
{
DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
quality);
return FALSE;
}
if (botan_rng_init_custom(botan_rng, "strongswan", rng,
get_random, NULL, destroy_rng))
{
DBG1(DBG_LIB, "Botan RNG creation failed");
return FALSE;
}
}
else
#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
{
const char *rng_name = botan_map_rng_quality(quality);
if (!rng_name || botan_rng_init(botan_rng, rng_name))
{
return FALSE;
}
}
return TRUE;
}

View File

@ -133,4 +133,13 @@ bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret);
*/
const char *botan_map_rng_quality(rng_quality_t quality);
/**
* Get RNG for Botan API calls.
*
* @param botan_rng Botan RNG
* @param quality RNG quality requested
* @return TRUE if Botan RNG creation was successful
*/
bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality);
#endif /** BOTAN_UTIL_H_ @}*/

View File

@ -21,6 +21,7 @@
* THE SOFTWARE.
*/
#include "botan_util.h"
#include "botan_util_keys.h"
#include "botan_ec_public_key.h"
#include "botan_ec_private_key.h"
@ -81,7 +82,7 @@ public_key_t *botan_public_key_load(key_type_t type, va_list args)
break;
}
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
return NULL;
}
@ -183,7 +184,7 @@ private_key_t *botan_private_key_load(key_type_t type, va_list args)
break;
}
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
return NULL;
}

View File

@ -155,7 +155,7 @@ diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group)
},
);
if (botan_rng_init(&rng, "user"))
if (!botan_get_rng(&rng, RNG_STRONG))
{
free(this);
return NULL;