drbg: The drbg instance owns the entropy rng
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 8 Nov 2019 12:16:12 +0000 (13:16 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 28 Nov 2019 08:55:56 +0000 (09:55 +0100)
src/libstrongswan/crypto/crypto_factory.h
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/plugins/drbg/drbg_ctr.c
src/libstrongswan/plugins/drbg/drbg_hmac.c
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
src/libstrongswan/plugins/ntru/ntru_ke.c
src/libstrongswan/tests/suites/test_ntru.c

index 87e2cd2..3901cce 100644 (file)
@@ -159,7 +159,7 @@ struct crypto_factory_t {
         *
         * @param type                                  DRBG type to use
         * @param strength                              security strength in bits
-        * @param entropy                               entropy source to be used
+        * @param entropy                               entropy source to be used (adopted)
         * @param personalization_str   optional personalization string
         * @return                                              drbg_t instance, NULL if not supported
         */
index a04543e..04ed228 100644 (file)
@@ -1279,7 +1279,6 @@ METHOD(crypto_tester_t, test_drbg, bool,
 
 failure:
                drbg->destroy(drbg);
-               entropy->destroy(entropy);
                chunk_free(&out);
                if (failed)
                {
index 39801b6..a851166 100644 (file)
@@ -236,6 +236,7 @@ METHOD(drbg_t, destroy, void,
 {
        if (ref_put(&this->ref))
        {
+               DESTROY_IF(this->entropy);
                this->crypter->destroy(this->crypter);
                chunk_clear(&this->key);
                chunk_clear(&this->value);
@@ -318,7 +319,6 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
                },
                .type = type,
                .strength = strength,
-               .entropy = entropy,
                .crypter = crypter,
                .key = chunk_alloc(key_len),
                .value = chunk_alloc(out_len),
@@ -333,7 +333,7 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
        seed = chunk_alloc(seed_len);
        DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len);
 
-       if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+       if (!entropy->get_bytes(entropy, seed.len, seed.ptr))
        {
                chunk_free(&seed);
                destroy(this);
@@ -351,5 +351,8 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
                return NULL;
        }
 
+       /* ownership of entropy source is transferred to DRBG */
+       this->entropy = entropy;
+
        return &this->public;
 }
index 2006e10..353cdcf 100644 (file)
@@ -206,6 +206,7 @@ METHOD(drbg_t, destroy, void,
 {
        if (ref_put(&this->ref))
        {
+               DESTROY_IF(this->entropy);
                this->prf->destroy(this->prf);
                chunk_clear(&this->key);
                chunk_clear(&this->value);
@@ -280,7 +281,6 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
                },
                .type = type,
                .strength = strength,
-               .entropy = entropy,
                .prf = prf,
                .key = chunk_alloc(out_len),
                .value = chunk_alloc(out_len),
@@ -296,7 +296,7 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
        seed = chunk_alloc(entropy_len + personalization_str.len);
        DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
 
-       if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
+       if (!entropy->get_bytes(entropy, entropy_len, seed.ptr))
        {
                chunk_free(&seed);
                destroy(this);
@@ -315,5 +315,8 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
                return NULL;
        }
 
+       /* ownership of entropy source is transferred to DRBG */
+       this->entropy = entropy;
+
        return &this->public;
 }
index 852e235..3c5c31b 100644 (file)
@@ -817,7 +817,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
        }
        key_size = key_size / BITS_PER_BYTE;
 
-       /* Initiate a NIST SP 800-90A DRBG fed by a true random generator */
+       /* Initiate a NIST SP 800-90A DRBG fed by a true rng owned by the drbg */
        rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
        if (!rng)
        {
@@ -837,7 +837,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
        if (compute_prime(drbg, key_size/2, safe_prime, &p, &p1) != SUCCESS)
        {
                drbg->destroy(drbg);
-               rng->destroy(rng);
                return NULL;
        }
        if (compute_prime(drbg, key_size/2, safe_prime, &q, &q1) != SUCCESS)
@@ -845,7 +844,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
                mpz_clear(p);
                mpz_clear(p1);
                drbg->destroy(drbg);
-               rng->destroy(rng);
                return NULL;
        }
 
@@ -930,7 +928,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
        mpz_clear_sensitive(p1);
        mpz_clear_sensitive(q1);
        drbg->destroy(drbg);
-       rng->destroy(rng);
 
        if (drbg_failed || invert_failed)
        {
index 7fb4439..60a2b5a 100644 (file)
@@ -231,7 +231,6 @@ METHOD(diffie_hellman_t, destroy, void,
        DESTROY_IF(this->privkey);
        DESTROY_IF(this->pubkey);
        this->drbg->destroy(this->drbg);
-       this->entropy->destroy(this->entropy);
        chunk_free(&this->ciphertext);
        chunk_clear(&this->shared_secret);
        free(this);
@@ -294,6 +293,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
        DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength,
                                   parameter_set, ntru_param_set_id_names, param_set_id);
 
+       /* entropy will be owned by drbg */
        entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
        if (!entropy)
        {
index 1867639..2144d1d 100644 (file)
@@ -715,6 +715,8 @@ START_TEST(test_ntru_privkey)
        params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
                                                   privkey_tests[_i].id);
        strength = params->sec_strength_len * BITS_PER_BYTE;
+
+       /* entropy rng will be owned by drbg */
        entropy = rng_tester_create(privkey_tests[_i].entropy);
        drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength,
                                                                        entropy, chunk_from_str("IKE NTRU-KE"));
@@ -802,7 +804,6 @@ START_TEST(test_ntru_privkey)
        privkey->destroy(privkey);
        pubkey->destroy(pubkey);
        drbg->destroy(drbg);
-       entropy->destroy(entropy);
 }
 END_TEST