gcrypt rng implementation
authorMartin Willi <martin@strongswan.org>
Thu, 4 Jun 2009 19:27:31 +0000 (21:27 +0200)
committerMartin Willi <martin@strongswan.org>
Tue, 9 Jun 2009 09:18:57 +0000 (11:18 +0200)
src/libstrongswan/plugins/gcrypt/Makefile.am
src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
src/libstrongswan/plugins/gcrypt/gcrypt_rng.c [new file with mode: 0644]
src/libstrongswan/plugins/gcrypt/gcrypt_rng.h [new file with mode: 0644]
src/libstrongswan/utils/leak_detective.c

index 6f1f53c..eae3baf 100644 (file)
@@ -6,6 +6,7 @@ AM_CFLAGS = -rdynamic
 plugin_LTLIBRARIES = libstrongswan-gcrypt.la
 
 libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+       gcrypt_rng.h gcrypt_rng.c \
        gcrypt_crypter.h gcrypt_crypter.c \
        gcrypt_hasher.h gcrypt_hasher.c
 
index 4f66e34..4d1137d 100644 (file)
@@ -17,6 +17,7 @@
 
 #include "gcrypt_hasher.h"
 #include "gcrypt_crypter.h"
+#include "gcrypt_rng.h"
 
 #include <library.h>
 #include <debug.h>
@@ -98,6 +99,8 @@ static void destroy(private_gcrypt_plugin_t *this)
                                        (hasher_constructor_t)gcrypt_hasher_create);
        lib->crypto->remove_crypter(lib->crypto,
                                        (crypter_constructor_t)gcrypt_crypter_create);
+       lib->crypto->remove_rng(lib->crypto,
+                                       (rng_constructor_t)gcrypt_rng_create);
        free(this);
 }
 
@@ -162,6 +165,14 @@ plugin_t *plugin_create()
        lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC,
                                        (crypter_constructor_t)gcrypt_crypter_create);
        
+       /* random numbers */
+       lib->crypto->add_rng(lib->crypto, RNG_WEAK, 
+                                                (rng_constructor_t)gcrypt_rng_create);
+       lib->crypto->add_rng(lib->crypto, RNG_STRONG, 
+                                                (rng_constructor_t)gcrypt_rng_create);
+       lib->crypto->add_rng(lib->crypto, RNG_TRUE, 
+                                                (rng_constructor_t)gcrypt_rng_create);
+       
        return &this->public.plugin;
 }
 
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
new file mode 100644 (file)
index 0000000..64b4eb8
--- /dev/null
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcrypt_rng.h"
+
+#include <gcrypt.h>
+
+typedef struct private_gcrypt_rng_t private_gcrypt_rng_t;
+
+/**
+ * Private data of an gcrypt_rng_t object.
+ */
+struct private_gcrypt_rng_t {
+
+       /**
+        * Public gcrypt_rng_t interface.
+        */
+       gcrypt_rng_t public;
+       
+       /**
+        * RNG quality of this instance
+        */
+       rng_quality_t quality;
+};
+
+/**
+ * Implementation of gcrypt_rng_t.get_bytes.
+ */
+static void get_bytes(private_gcrypt_rng_t *this, size_t bytes,
+                                         u_int8_t *buffer)
+{
+       switch (this->quality)
+       {
+               case RNG_WEAK:
+                       gcry_create_nonce(buffer, bytes);
+                       break;
+               case RNG_STRONG:
+                       gcry_randomize(buffer, bytes, GCRY_STRONG_RANDOM);
+                       break;
+               case RNG_TRUE:
+                       gcry_randomize(buffer, bytes, GCRY_VERY_STRONG_RANDOM);
+                       break;
+       }
+}
+
+/**
+ * Implementation of gcrypt_rng_t.allocate_bytes.
+ */
+static void allocate_bytes(private_gcrypt_rng_t *this, size_t bytes,
+                                                  chunk_t *chunk)
+{
+       *chunk = chunk_alloc(bytes);
+       get_bytes(this, chunk->len, chunk->ptr);
+}
+
+/**
+ * Implementation of gcrypt_rng_t.destroy.
+ */
+static void destroy(private_gcrypt_rng_t *this)
+{
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality)
+{
+       private_gcrypt_rng_t *this;
+       
+       switch (quality)
+       {
+               case RNG_WEAK:
+               case RNG_STRONG:
+               case RNG_TRUE:
+                       break;
+               default:
+                       return NULL;
+       }
+       
+       this = malloc_thing(private_gcrypt_rng_t);
+       
+       this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes;
+       this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
+       this->public.rng.destroy = (void (*) (rng_t *))destroy;
+       
+       this->quality = quality;
+       
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
new file mode 100644 (file)
index 0000000..3cfde84
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+/**
+ * @defgroup gcrypt_rng gcrypt_rng
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_RNG_H_
+#define GCRYPT_RNG_H_
+
+typedef struct gcrypt_rng_t gcrypt_rng_t;
+
+#include <library.h>
+
+/**
+ * rng_t implementation using libgcrypt.
+ */
+struct gcrypt_rng_t {
+       
+       /**
+        * Implements rng_t.
+        */
+       rng_t rng;
+};
+
+/**
+ * Creates an gcrypt_rng_t instance.
+ * 
+ * @param quality      required quality of gcryptness
+ * @return                     created gcrypt_rng_t
+ */
+gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality);
+
+#endif /** GCRYPT_RNG_H_ @} */
index 2e7b7c0..2cac3b4 100644 (file)
@@ -203,6 +203,8 @@ char *whitelist[] = {
        /* libgcrypt */
        "gcry_control",
        "gcry_check_version",
+       "gcry_randomize",
+       "gcry_create_nonce",
 };
 
 /**