drbg: The drbg instance owns the entropy rng

2025-10-04 00:00:14 -04:00 · 2019-11-08 13:16:12 +01:00 · 2019-11-08 13:16:12 +01:00 · 11e9d2b8d1
commit 11e9d2b8d1
parent ccaedf8761
7 changed files with 15 additions and 12 deletions
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@ -159,7 +159,7 @@ struct crypto_factory_t {
 	 *
 	 * @param type					DRBG type to use
 	 * @param strength				security strength in bits
-	 * @param entropy				entropy source to be used
+	 * @param entropy				entropy source to be used (adopted)
 	 * @param personalization_str	optional personalization string
 	 * @return						drbg_t instance, NULL if not supported
 	 */
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@ -1279,7 +1279,6 @@ METHOD(crypto_tester_t, test_drbg, bool,

 failure:
 		drbg->destroy(drbg);
-		entropy->destroy(entropy);
 		chunk_free(&out);
 		if (failed)
 		{
--- a/src/libstrongswan/plugins/drbg/drbg_ctr.c
+++ b/src/libstrongswan/plugins/drbg/drbg_ctr.c
@ -236,6 +236,7 @@ METHOD(drbg_t, destroy, void,
 {
 	if (ref_put(&this->ref))
 	{
+		DESTROY_IF(this->entropy);
 		this->crypter->destroy(this->crypter);
 		chunk_clear(&this->key);
 		chunk_clear(&this->value);
@ -318,7 +319,6 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
 		},
 		.type = type,
 		.strength = strength,
-		.entropy = entropy,
 		.crypter = crypter,
 		.key = chunk_alloc(key_len),
 		.value = chunk_alloc(out_len),
@ -333,7 +333,7 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
 	seed = chunk_alloc(seed_len);
 	DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len);

-	if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+	if (!entropy->get_bytes(entropy, seed.len, seed.ptr))
 	{
 		chunk_free(&seed);
 		destroy(this);
@ -351,5 +351,8 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
 		return NULL;
 	}

+	/* ownership of entropy source is transferred to DRBG */
+	this->entropy = entropy;
+
 	return &this->public;
 }
--- a/src/libstrongswan/plugins/drbg/drbg_hmac.c
+++ b/src/libstrongswan/plugins/drbg/drbg_hmac.c
@ -206,6 +206,7 @@ METHOD(drbg_t, destroy, void,
 {
 	if (ref_put(&this->ref))
 	{
+		DESTROY_IF(this->entropy);
 		this->prf->destroy(this->prf);
 		chunk_clear(&this->key);
 		chunk_clear(&this->value);
@ -280,7 +281,6 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
 		},
 		.type = type,
 		.strength = strength,
-		.entropy = entropy,
 		.prf = prf,
 		.key = chunk_alloc(out_len),
 		.value = chunk_alloc(out_len),
@ -296,7 +296,7 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
 	seed = chunk_alloc(entropy_len + personalization_str.len);
 	DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);

-	if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
+	if (!entropy->get_bytes(entropy, entropy_len, seed.ptr))
 	{
 		chunk_free(&seed);
 		destroy(this);
@ -315,5 +315,8 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
 		return NULL;
 	}

+	/* ownership of entropy source is transferred to DRBG */
+	this->entropy = entropy;
+
 	return &this->public;
 }
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@ -817,7 +817,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 	}
 	key_size = key_size / BITS_PER_BYTE;

-	/* Initiate a NIST SP 800-90A DRBG fed by a true random generator */
+	/* Initiate a NIST SP 800-90A DRBG fed by a true rng owned by the drbg */
 	rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
 	if (!rng)
 	{
@ -837,7 +837,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 	if (compute_prime(drbg, key_size/2, safe_prime, &p, &p1) != SUCCESS)
 	{
 		drbg->destroy(drbg);
-		rng->destroy(rng);
 		return NULL;
 	}
 	if (compute_prime(drbg, key_size/2, safe_prime, &q, &q1) != SUCCESS)
@ -845,7 +844,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 		mpz_clear(p);
 		mpz_clear(p1);
 		drbg->destroy(drbg);
-		rng->destroy(rng);
 		return NULL;
 	}

@ -930,7 +928,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 	mpz_clear_sensitive(p1);
 	mpz_clear_sensitive(q1);
 	drbg->destroy(drbg);
-	rng->destroy(rng);

 	if (drbg_failed || invert_failed)
 	{
--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@ -231,7 +231,6 @@ METHOD(diffie_hellman_t, destroy, void,
 	DESTROY_IF(this->privkey);
 	DESTROY_IF(this->pubkey);
 	this->drbg->destroy(this->drbg);
-	this->entropy->destroy(this->entropy);
 	chunk_free(&this->ciphertext);
 	chunk_clear(&this->shared_secret);
 	free(this);
@ -294,6 +293,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
 	DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength,
 				   parameter_set, ntru_param_set_id_names, param_set_id);

+	/* entropy will be owned by drbg */
 	entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
 	if (!entropy)
 	{
--- a/src/libstrongswan/tests/suites/test_ntru.c
+++ b/src/libstrongswan/tests/suites/test_ntru.c
@ -715,6 +715,8 @@ START_TEST(test_ntru_privkey)
 	params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
 						   privkey_tests[_i].id);
 	strength = params->sec_strength_len * BITS_PER_BYTE;
+
+	/* entropy rng will be owned by drbg */
 	entropy = rng_tester_create(privkey_tests[_i].entropy);
 	drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength,
 									entropy, chunk_from_str("IKE NTRU-KE"));
@ -802,7 +804,6 @@ START_TEST(test_ntru_privkey)
 	privkey->destroy(privkey);
 	pubkey->destroy(pubkey);
 	drbg->destroy(drbg);
-	entropy->destroy(entropy);
 }
 END_TEST