sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

drbg: The drbg instance owns the entropy rng

Browse Source
This commit is contained in:
Andreas Steffen 2019-11-08 13:16:12 +01:00 committed by Tobias Brunner
parent ccaedf8761
commit 11e9d2b8d1
7 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libstrongswan/crypto/crypto_factory.h
View File

@ -159,7 +159,7 @@ struct crypto_factory_t {
* *
* @param type DRBG type to use * @param type DRBG type to use
* @param strength security strength in bits * @param strength security strength in bits
* @param entropy entropy source to be used * @param entropy entropy source to be used (adopted)
* @param personalization_str optional personalization string * @param personalization_str optional personalization string
* @return drbg_t instance, NULL if not supported * @return drbg_t instance, NULL if not supported
*/ */

1
src/libstrongswan/crypto/crypto_tester.c
View File

@ -1279,7 +1279,6 @@ METHOD(crypto_tester_t, test_drbg, bool,
failure: failure:
drbg->destroy(drbg); drbg->destroy(drbg);
entropy->destroy(entropy);
chunk_free(&out); chunk_free(&out);
if (failed) if (failed)
{ {

7
src/libstrongswan/plugins/drbg/drbg_ctr.c
View File

@ -236,6 +236,7 @@ METHOD(drbg_t, destroy, void,
{ {
if (ref_put(&this->ref)) if (ref_put(&this->ref))
{ {
DESTROY_IF(this->entropy);
this->crypter->destroy(this->crypter); this->crypter->destroy(this->crypter);
chunk_clear(&this->key); chunk_clear(&this->key);
chunk_clear(&this->value); chunk_clear(&this->value);
@ -318,7 +319,6 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
}, },
.type = type, .type = type,
.strength = strength, .strength = strength,
.entropy = entropy,
.crypter = crypter, .crypter = crypter,
.key = chunk_alloc(key_len), .key = chunk_alloc(key_len),
.value = chunk_alloc(out_len), .value = chunk_alloc(out_len),
@ -333,7 +333,7 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
seed = chunk_alloc(seed_len); seed = chunk_alloc(seed_len);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len); DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len);
if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr)) if (!entropy->get_bytes(entropy, seed.len, seed.ptr))
{ {
chunk_free(&seed); chunk_free(&seed);
destroy(this); destroy(this);
@ -351,5 +351,8 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
return NULL; return NULL;
} }
/* ownership of entropy source is transferred to DRBG */
this->entropy = entropy;
return &this->public; return &this->public;
} }

7
src/libstrongswan/plugins/drbg/drbg_hmac.c
View File

@ -206,6 +206,7 @@ METHOD(drbg_t, destroy, void,
{ {
if (ref_put(&this->ref)) if (ref_put(&this->ref))
{ {
DESTROY_IF(this->entropy);
this->prf->destroy(this->prf); this->prf->destroy(this->prf);
chunk_clear(&this->key); chunk_clear(&this->key);
chunk_clear(&this->value); chunk_clear(&this->value);
@ -280,7 +281,6 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
}, },
.type = type, .type = type,
.strength = strength, .strength = strength,
.entropy = entropy,
.prf = prf, .prf = prf,
.key = chunk_alloc(out_len), .key = chunk_alloc(out_len),
.value = chunk_alloc(out_len), .value = chunk_alloc(out_len),
@ -296,7 +296,7 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
seed = chunk_alloc(entropy_len + personalization_str.len); seed = chunk_alloc(entropy_len + personalization_str.len);
DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len); DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr)) if (!entropy->get_bytes(entropy, entropy_len, seed.ptr))
{ {
chunk_free(&seed); chunk_free(&seed);
destroy(this); destroy(this);
@ -315,5 +315,8 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
return NULL; return NULL;
} }
/* ownership of entropy source is transferred to DRBG */
this->entropy = entropy;
return &this->public; return &this->public;
} }

5
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
View File

@ -817,7 +817,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
} }
key_size = key_size / BITS_PER_BYTE; key_size = key_size / BITS_PER_BYTE;
/* Initiate a NIST SP 800-90A DRBG fed by a true random generator */ /* Initiate a NIST SP 800-90A DRBG fed by a true rng owned by the drbg */
rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
if (!rng) if (!rng)
{ {
@ -837,7 +837,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
if (compute_prime(drbg, key_size/2, safe_prime, &p, &p1) != SUCCESS) if (compute_prime(drbg, key_size/2, safe_prime, &p, &p1) != SUCCESS)
{ {
drbg->destroy(drbg); drbg->destroy(drbg);
rng->destroy(rng);
return NULL; return NULL;
} }
if (compute_prime(drbg, key_size/2, safe_prime, &q, &q1) != SUCCESS) if (compute_prime(drbg, key_size/2, safe_prime, &q, &q1) != SUCCESS)
@ -845,7 +844,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
mpz_clear(p); mpz_clear(p);
mpz_clear(p1); mpz_clear(p1);
drbg->destroy(drbg); drbg->destroy(drbg);
rng->destroy(rng);
return NULL; return NULL;
} }
@ -930,7 +928,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
mpz_clear_sensitive(p1); mpz_clear_sensitive(p1);
mpz_clear_sensitive(q1); mpz_clear_sensitive(q1);
drbg->destroy(drbg); drbg->destroy(drbg);
rng->destroy(rng);
if (drbg_failed || invert_failed) if (drbg_failed || invert_failed)
{ {

2
src/libstrongswan/plugins/ntru/ntru_ke.c
View File

@ -231,7 +231,6 @@ METHOD(diffie_hellman_t, destroy, void,
DESTROY_IF(this->privkey); DESTROY_IF(this->privkey);
DESTROY_IF(this->pubkey); DESTROY_IF(this->pubkey);
this->drbg->destroy(this->drbg); this->drbg->destroy(this->drbg);
this->entropy->destroy(this->entropy);
chunk_free(&this->ciphertext); chunk_free(&this->ciphertext);
chunk_clear(&this->shared_secret); chunk_clear(&this->shared_secret);
free(this); free(this);
@ -294,6 +293,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength, DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength,
parameter_set, ntru_param_set_id_names, param_set_id); parameter_set, ntru_param_set_id_names, param_set_id);
/* entropy will be owned by drbg */
entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE); entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
if (!entropy) if (!entropy)
{ {

3
src/libstrongswan/tests/suites/test_ntru.c
View File

@ -715,6 +715,8 @@ START_TEST(test_ntru_privkey)
params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id, params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
privkey_tests[_i].id); privkey_tests[_i].id);
strength = params->sec_strength_len * BITS_PER_BYTE; strength = params->sec_strength_len * BITS_PER_BYTE;
/* entropy rng will be owned by drbg */
entropy = rng_tester_create(privkey_tests[_i].entropy); entropy = rng_tester_create(privkey_tests[_i].entropy);
drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength, drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength,
entropy, chunk_from_str("IKE NTRU-KE")); entropy, chunk_from_str("IKE NTRU-KE"));
@ -802,7 +804,6 @@ START_TEST(test_ntru_privkey)
privkey->destroy(privkey); privkey->destroy(privkey);
pubkey->destroy(pubkey); pubkey->destroy(pubkey);
drbg->destroy(drbg); drbg->destroy(drbg);
entropy->destroy(entropy);
} }
END_TEST END_TEST