gcrypt rng implementation

4 files changed, 162 insertions, 0 deletions

diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am
index 6f1f53c5f..eae3bafce 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.am
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.am
@@ -6,6 +6,7 @@ AM_CFLAGS = -rdynamic
 plugin_LTLIBRARIES = libstrongswan-gcrypt.la
 
 libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+	gcrypt_rng.h gcrypt_rng.c \
 	gcrypt_crypter.h gcrypt_crypter.c \
 	gcrypt_hasher.h gcrypt_hasher.c
 
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 4f66e3421..4d1137d44 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -17,6 +17,7 @@
 
 #include "gcrypt_hasher.h"
 #include "gcrypt_crypter.h"
+#include "gcrypt_rng.h"
 
 #include <library.h>
 #include <debug.h>
@@ -98,6 +99,8 @@ static void destroy(private_gcrypt_plugin_t *this)
 					(hasher_constructor_t)gcrypt_hasher_create);
 	lib->crypto->remove_crypter(lib->crypto,
 					(crypter_constructor_t)gcrypt_crypter_create);
+	lib->crypto->remove_rng(lib->crypto,
+					(rng_constructor_t)gcrypt_rng_create);
 	free(this);
 }
 
@@ -162,6 +165,14 @@ plugin_t *plugin_create()
 	lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC,
 					(crypter_constructor_t)gcrypt_crypter_create);
 	
+	/* random numbers */
+	lib->crypto->add_rng(lib->crypto, RNG_WEAK, 
+						 (rng_constructor_t)gcrypt_rng_create);
+	lib->crypto->add_rng(lib->crypto, RNG_STRONG, 
+						 (rng_constructor_t)gcrypt_rng_create);
+	lib->crypto->add_rng(lib->crypto, RNG_TRUE, 
+						 (rng_constructor_t)gcrypt_rng_create);
+	
 	return &this->public.plugin;
 }
 
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
new file mode 100644
index 000000000..64b4eb8d0
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcrypt_rng.h"
+
+#include <gcrypt.h>
+
+typedef struct private_gcrypt_rng_t private_gcrypt_rng_t;
+
+/**
+ * Private data of an gcrypt_rng_t object.
+ */
+struct private_gcrypt_rng_t {
+
+	/**
+	 * Public gcrypt_rng_t interface.
+	 */
+	gcrypt_rng_t public;
+	
+	/**
+	 * RNG quality of this instance
+	 */
+	rng_quality_t quality;
+};
+
+/**
+ * Implementation of gcrypt_rng_t.get_bytes.
+ */
+static void get_bytes(private_gcrypt_rng_t *this, size_t bytes,
+					  u_int8_t *buffer)
+{
+	switch (this->quality)
+	{
+		case RNG_WEAK:
+			gcry_create_nonce(buffer, bytes);
+			break;
+		case RNG_STRONG:
+			gcry_randomize(buffer, bytes, GCRY_STRONG_RANDOM);
+			break;
+		case RNG_TRUE:
+			gcry_randomize(buffer, bytes, GCRY_VERY_STRONG_RANDOM);
+			break;
+	}
+}
+
+/**
+ * Implementation of gcrypt_rng_t.allocate_bytes.
+ */
+static void allocate_bytes(private_gcrypt_rng_t *this, size_t bytes,
+						   chunk_t *chunk)
+{
+	*chunk = chunk_alloc(bytes);
+	get_bytes(this, chunk->len, chunk->ptr);
+}
+
+/**
+ * Implementation of gcrypt_rng_t.destroy.
+ */
+static void destroy(private_gcrypt_rng_t *this)
+{
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality)
+{
+	private_gcrypt_rng_t *this;
+	
+	switch (quality)
+	{
+		case RNG_WEAK:
+		case RNG_STRONG:
+		case RNG_TRUE:
+			break;
+		default:
+			return NULL;
+	}
+	
+	this = malloc_thing(private_gcrypt_rng_t);
+	
+	this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes;
+	this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
+	this->public.rng.destroy = (void (*) (rng_t *))destroy;
+	
+	this->quality = quality;
+	
+	return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
new file mode 100644
index 000000000..3cfde8447
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+ 
+/**
+ * @defgroup gcrypt_rng gcrypt_rng
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_RNG_H_
+#define GCRYPT_RNG_H_
+
+typedef struct gcrypt_rng_t gcrypt_rng_t;
+
+#include <library.h>
+
+/**
+ * rng_t implementation using libgcrypt.
+ */
+struct gcrypt_rng_t {
+	
+	/**
+	 * Implements rng_t.
+	 */
+	rng_t rng;
+};
+
+/**
+ * Creates an gcrypt_rng_t instance.
+ * 
+ * @param quality	required quality of gcryptness
+ * @return			created gcrypt_rng_t
+ */
+gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality);
+
+#endif /** GCRYPT_RNG_H_ @} */