botan: Use strongSwan's RNG interface in Botan plugin
This allows using rng_t implementations provided by other plugins to serve as RNG for Botan. Closes strongswan/strongswan#192.
This commit is contained in:
parent
5ffc1ec423
commit
4261fcedec
|
@ -33,6 +33,7 @@ plugins = \
|
|||
plugins/attr.opt \
|
||||
plugins/attr-sql.opt \
|
||||
plugins/bliss.opt \
|
||||
plugins/botan.opt \
|
||||
plugins/bypass-lan.opt \
|
||||
plugins/certexpire.opt \
|
||||
plugins/coupling.opt \
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
charon.plugins.botan.internal_rng_only = no
|
||||
Force the use of Botan's internal RNG.
|
||||
|
||||
If enabled, only Botan's internal RNG will be used throughout the plugin.
|
||||
Otherwise, and if supported by Botan, rng_t implementations provided by
|
||||
other loaded plugins will be used as RNG.
|
|
@ -1177,6 +1177,10 @@ if test x$botan = xtrue; then
|
|||
[PKG_CHECK_MODULES(botan, [botan-2])])
|
||||
AC_SUBST(botan_CFLAGS)
|
||||
AC_SUBST(botan_LIBS)
|
||||
saved_LIBS=$LIBS
|
||||
LIBS="$botan_LIBS"
|
||||
AC_CHECK_FUNCS(botan_rng_init_custom)
|
||||
LIBS=$saved_LIBS
|
||||
fi
|
||||
|
||||
if test x$uci = xtrue; then
|
||||
|
|
|
@ -205,7 +205,7 @@ botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
free(this);
|
||||
return NULL;
|
||||
|
|
|
@ -329,7 +329,7 @@ botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "system"))
|
||||
if (!botan_get_rng(&rng, RNG_TRUE))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
@ -429,7 +429,7 @@ botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, va_list args)
|
|||
|
||||
this = create_empty(oid);
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
chunk_clear(&pkcs8);
|
||||
free(this);
|
||||
|
|
|
@ -216,7 +216,7 @@ private_key_t *botan_ed_private_key_gen(key_type_t type, va_list args)
|
|||
break;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "system"))
|
||||
if (!botan_get_rng(&rng, RNG_TRUE))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -369,7 +369,7 @@ botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "system"))
|
||||
if (!botan_get_rng(&rng, RNG_TRUE))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
@ -448,7 +448,7 @@ static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d,
|
|||
goto error;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
goto error;
|
||||
}
|
||||
|
|
|
@ -171,7 +171,7 @@ METHOD(public_key_t, encrypt, bool,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
|
|
@ -238,7 +238,7 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
botan_pk_op_sign_destroy(sign_op);
|
||||
return FALSE;
|
||||
|
@ -345,3 +345,63 @@ const char *botan_map_rng_quality(rng_quality_t quality)
|
|||
}
|
||||
return rng_name;
|
||||
}
|
||||
|
||||
#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
|
||||
|
||||
CALLBACK(get_random, int,
|
||||
rng_t *rng, uint8_t *out, size_t out_len)
|
||||
{
|
||||
if (!rng->get_bytes(rng, out_len, out))
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
CALLBACK(destroy_rng, void,
|
||||
rng_t *rng)
|
||||
{
|
||||
if (rng)
|
||||
{
|
||||
rng->destroy(rng);
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality)
|
||||
{
|
||||
#ifdef HAVE_BOTAN_RNG_INIT_CUSTOM
|
||||
if (!lib->settings->get_bool(lib->settings,
|
||||
"%s.plugins.botan.internal_rng_only", FALSE, lib->ns))
|
||||
{
|
||||
rng_t *rng = lib->crypto->create_rng(lib->crypto, quality);
|
||||
|
||||
if (!rng)
|
||||
{
|
||||
DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
|
||||
quality);
|
||||
return FALSE;
|
||||
}
|
||||
if (botan_rng_init_custom(botan_rng, "strongswan", rng,
|
||||
get_random, NULL, destroy_rng))
|
||||
{
|
||||
DBG1(DBG_LIB, "Botan RNG creation failed");
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_BOTAN_RNG_INIT_CUSTOM */
|
||||
{
|
||||
const char *rng_name = botan_map_rng_quality(quality);
|
||||
|
||||
if (!rng_name || botan_rng_init(botan_rng, rng_name))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
|
|
@ -133,4 +133,13 @@ bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret);
|
|||
*/
|
||||
const char *botan_map_rng_quality(rng_quality_t quality);
|
||||
|
||||
/**
|
||||
* Get RNG for Botan API calls.
|
||||
*
|
||||
* @param botan_rng Botan RNG
|
||||
* @param quality RNG quality requested
|
||||
* @return TRUE if Botan RNG creation was successful
|
||||
*/
|
||||
bool botan_get_rng(botan_rng_t *botan_rng, rng_quality_t quality);
|
||||
|
||||
#endif /** BOTAN_UTIL_H_ @}*/
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
* THE SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "botan_util.h"
|
||||
#include "botan_util_keys.h"
|
||||
#include "botan_ec_public_key.h"
|
||||
#include "botan_ec_private_key.h"
|
||||
|
@ -81,7 +82,7 @@ public_key_t *botan_public_key_load(key_type_t type, va_list args)
|
|||
break;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
@ -183,7 +184,7 @@ private_key_t *botan_private_key_load(key_type_t type, va_list args)
|
|||
break;
|
||||
}
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -155,7 +155,7 @@ diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group)
|
|||
},
|
||||
);
|
||||
|
||||
if (botan_rng_init(&rng, "user"))
|
||||
if (!botan_get_rng(&rng, RNG_STRONG))
|
||||
{
|
||||
free(this);
|
||||
return NULL;
|
||||
|
|
Loading…
Reference in New Issue