diff options
| author | Jack Lloyd <[email protected]> | 2015-12-27 00:22:14 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2015-12-27 00:22:14 -0500 |
| commit | d27416e791c9aed684efe0d6071fe66a43cf7af0 (patch) | |
| tree | 8da077c7ac4a0b4d7c368e63591716d4b665f224 | |
| parent | b36cb4b4ab944f91fbf34d730806fc74640cd2f8 (diff) | |
Add Command::rng()
for when a command wants an RNG but doesn't much care what kind.
This adds a place where a future --rng-type= option can be consulted
to eg use the system RNG or a user seeded DRBG.
| -rw-r--r-- | src/cli/bench.cpp | 4 | ||||
| -rw-r--r-- | src/cli/cli.h | 16 | ||||
| -rw-r--r-- | src/cli/math.cpp | 12 | ||||
| -rw-r--r-- | src/cli/pubkey.cpp | 22 | ||||
| -rw-r--r-- | src/cli/tls_client.cpp | 8 | ||||
| -rw-r--r-- | src/cli/tls_proxy.cpp | 7 | ||||
| -rw-r--r-- | src/cli/tls_server.cpp | 9 | ||||
| -rw-r--r-- | src/cli/utils.cpp | 3 | ||||
| -rw-r--r-- | src/cli/x509.cpp | 19 |
9 files changed, 42 insertions, 58 deletions
diff --git a/src/cli/bench.cpp b/src/cli/bench.cpp index 1928b50d0..0d77ac2ec 100644 --- a/src/cli/bench.cpp +++ b/src/cli/bench.cpp @@ -17,7 +17,6 @@ #include <botan/hash.h> #include <botan/mac.h> #include <botan/cipher_mode.h> -#include <botan/auto_rng.h> #if defined(BOTAN_HAS_PUBLIC_KEY_CRYPTO) #include <botan/pkcs8.h> @@ -339,9 +338,6 @@ class Benchmark : public Command private: - Botan::AutoSeeded_RNG m_rng; - Botan::RandomNumberGenerator& rng() { return m_rng; } - template<typename T> using bench_fn = std::function<void (T&, std::string, diff --git a/src/cli/cli.h b/src/cli/cli.h index 85d6770ba..f55316b9d 100644 --- a/src/cli/cli.h +++ b/src/cli/cli.h @@ -10,6 +10,11 @@ #include <botan/build.h> #include <botan/parsing.h> #include <botan/rng.h> +#include <botan/auto_rng.h> + +#if defined(BOTAN_HAS_SYSTEM_RNG) + #include <botan/system_rng.h> +#endif #include <fstream> #include <iostream> @@ -445,6 +450,16 @@ class Command output().write(reinterpret_cast<const char*>(vec.data()), vec.size()); } + Botan::RandomNumberGenerator& rng() + { + if(m_rng == nullptr) + { + m_rng.reset(new Botan::AutoSeeded_RNG); + } + + return *m_rng; + } + private: // set in constructor std::string m_spec; @@ -463,6 +478,7 @@ class Command std::unique_ptr<std::ofstream> m_output_stream; std::unique_ptr<std::ofstream> m_error_output_stream; + std::unique_ptr<Botan::RandomNumberGenerator> m_rng; public: // the registry interface: diff --git a/src/cli/math.cpp b/src/cli/math.cpp index c6f40e785..07b809d19 100644 --- a/src/cli/math.cpp +++ b/src/cli/math.cpp @@ -10,7 +10,6 @@ #include <botan/reducer.h> #include <botan/numthry.h> -#include <botan/auto_rng.h> #include <iterator> namespace Botan_CLI { @@ -22,14 +21,12 @@ class Gen_Prime : public Command void go() override { - Botan::AutoSeeded_RNG rng; - const size_t bits = get_arg_sz("bits"); const size_t cnt = get_arg_sz("count"); for(size_t i = 0; i != cnt; ++i) { - const Botan::BigInt p = Botan::random_prime(rng, bits); + const Botan::BigInt p = Botan::random_prime(rng(), bits); output() << p << "\n"; } } @@ -46,8 +43,7 @@ class Is_Prime : public Command { Botan::BigInt n(get_arg("n")); const size_t prob = get_arg_sz("prob"); - Botan::AutoSeeded_RNG rng; - const bool prime = Botan::is_prime(n, rng, prob); + const bool prime = Botan::is_prime(n, rng(), prob); output() << n << " is " << (prime ? "probably prime" : "composite") << "\n"; } @@ -68,9 +64,7 @@ class Factor : public Command { Botan::BigInt n(get_arg("n")); - Botan::AutoSeeded_RNG rng; - - std::vector<Botan::BigInt> factors = factorize(n, rng); + std::vector<Botan::BigInt> factors = factorize(n, rng()); std::sort(factors.begin(), factors.end()); output() << n << ": "; diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 2616f6065..fcda6d21e 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -9,7 +9,6 @@ #if defined(BOTAN_HAS_PUBLIC_KEY_CRYPTO) -#include <botan/auto_rng.h> #include <botan/base64.h> #include <botan/pk_keys.h> @@ -114,8 +113,7 @@ class PK_Keygen : public Command void go() override { - Botan::AutoSeeded_RNG rng; - std::unique_ptr<Botan::Private_Key> key(do_keygen(get_arg("algo"), get_arg("params"), rng)); + std::unique_ptr<Botan::Private_Key> key(do_keygen(get_arg("algo"), get_arg("params"), rng())); const std::string pass = get_arg("passphrase"); const bool der_out = flag_set("der-out"); @@ -173,10 +171,8 @@ class PK_Sign : public Command void go() override { - Botan::AutoSeeded_RNG rng; - std::unique_ptr<Botan::Private_Key> key(Botan::PKCS8::load_key(get_arg("key"), - rng, + rng(), get_arg("passphrase"))); if(!key) @@ -234,20 +230,18 @@ class Gen_DL_Group : public Command void go() override { - Botan::AutoSeeded_RNG rng; - const size_t pbits = get_arg_sz("pbits"); const std::string type = get_arg("type"); if(type == "strong") { - Botan::DL_Group grp(rng, Botan::DL_Group::Strong, pbits); + Botan::DL_Group grp(rng(), Botan::DL_Group::Strong, pbits); output() << grp.PEM_encode(Botan::DL_Group::ANSI_X9_42); } else if(type == "subgroup") { - Botan::DL_Group grp(rng, Botan::DL_Group::Prime_Subgroup, pbits, get_arg_sz("qbits")); + Botan::DL_Group grp(rng(), Botan::DL_Group::Prime_Subgroup, pbits, get_arg_sz("qbits")); output() << grp.PEM_encode(Botan::DL_Group::ANSI_X9_42); } else @@ -266,11 +260,9 @@ class PKCS8_Tool : public Command void go() override { - Botan::AutoSeeded_RNG rng; - std::unique_ptr<Botan::Private_Key> key( Botan::PKCS8::load_key(get_arg("key"), - rng, + rng(), get_arg("pass-in"))); const std::chrono::milliseconds pbe_millis(get_arg_sz("pbe-millis")); @@ -300,7 +292,7 @@ class PKCS8_Tool : public Command } else { - write_output(Botan::PKCS8::BER_encode(*key, rng, pass, pbe_millis, pbe)); + write_output(Botan::PKCS8::BER_encode(*key, rng(), pass, pbe_millis, pbe)); } } else @@ -311,7 +303,7 @@ class PKCS8_Tool : public Command } else { - output() << Botan::PKCS8::PEM_encode(*key, rng, pass, pbe_millis, pbe); + output() << Botan::PKCS8::PEM_encode(*key, rng(), pass, pbe_millis, pbe); } } } diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp index 1f69473c1..0d584dee0 100644 --- a/src/cli/tls_client.cpp +++ b/src/cli/tls_client.cpp @@ -9,7 +9,6 @@ #if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_SOCKETS) #include <botan/tls_client.h> -#include <botan/auto_rng.h> #include <botan/hex.h> #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER) @@ -44,7 +43,6 @@ class TLS_Client : public Command void go() override { - Botan::AutoSeeded_RNG rng; Botan::TLS::Policy policy; // TODO read from a file // TODO client cert auth @@ -57,12 +55,12 @@ class TLS_Client : public Command if(!sessions_db.empty()) { - session_mgr.reset(new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng, sessions_db)); + session_mgr.reset(new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng(), sessions_db)); } #endif if(!session_mgr) { - session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); + session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng())); } Basic_Credentials_Manager creds; @@ -96,7 +94,7 @@ class TLS_Client : public Command *session_mgr, creds, policy, - rng, + rng(), Botan::TLS::Server_Information(host, port), version, protocols_to_offer); diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp index e28ef14bc..1457700cf 100644 --- a/src/cli/tls_proxy.cpp +++ b/src/cli/tls_proxy.cpp @@ -401,8 +401,7 @@ class TLS_Proxy : public Command const size_t num_threads = get_arg_sz("threads") || std::thread::hardware_concurrency() || 2; - Botan::AutoSeeded_RNG rng; - Basic_Credentials_Manager creds(rng, server_crt, server_key); + Basic_Credentials_Manager creds(rng(), server_crt, server_key); Botan::TLS::Policy policy; // TODO: Read policy from text file @@ -419,12 +418,12 @@ class TLS_Proxy : public Command if(!sessions_db.empty()) { - session_mgr.reset(new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng, sessions_db)); + session_mgr.reset(new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng(), sessions_db)); } #endif if(!session_mgr) { - session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng)); + session_mgr.reset(new Botan::TLS::Session_Manager_In_Memory(rng())); } tls_proxy_server server(io, listen_port, server_endpoint_iterator, creds, policy, *session_mgr); diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index f6a3a311e..f83f008f7 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -11,7 +11,6 @@ #include <botan/tls_server.h> #include <botan/hex.h> -#include <botan/auto_rng.h> #include "credentials.h" #include <list> @@ -48,13 +47,11 @@ class TLS_Server : public Command const bool is_tcp = (transport == "tcp"); - Botan::AutoSeeded_RNG rng; - Botan::TLS::Policy policy; // TODO read policy from file - Botan::TLS::Session_Manager_In_Memory session_manager(rng); // TODO sqlite3 + Botan::TLS::Session_Manager_In_Memory session_manager(rng()); // TODO sqlite3 - Basic_Credentials_Manager creds(rng, server_crt, server_key); + Basic_Credentials_Manager creds(rng(), server_crt, server_key); auto protocol_chooser = [](const std::vector<std::string>& protocols) -> std::string { for(size_t i = 0; i != protocols.size(); ++i) @@ -116,7 +113,7 @@ class TLS_Server : public Command session_manager, creds, policy, - rng, + rng(), protocol_chooser, !is_tcp); diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp index 9302ec5d0..ac2d62396 100644 --- a/src/cli/utils.cpp +++ b/src/cli/utils.cpp @@ -235,8 +235,7 @@ class Generate_Bcrypt : public Command const std::string password = get_arg("password"); const size_t wf = get_arg_sz("work_factor"); - Botan::AutoSeeded_RNG rng; - output() << Botan::generate_bcrypt(password, rng, wf) << "\n"; + output() << Botan::generate_bcrypt(password, rng(), wf) << "\n"; } }; diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp index add73a466..7cac858a7 100644 --- a/src/cli/x509.cpp +++ b/src/cli/x509.cpp @@ -8,7 +8,6 @@ #if defined(BOTAN_HAS_X509_CERTIFICATES) -#include <botan/auto_rng.h> #include <botan/certstor.h> #include <botan/pkcs8.h> #include <botan/x509_ca.h> @@ -30,13 +29,11 @@ class Sign_Cert : public Command void go() override { - Botan::AutoSeeded_RNG rng; - Botan::X509_Certificate ca_cert(get_arg("ca_cert")); std::unique_ptr<Botan::PKCS8_PrivateKey> key( Botan::PKCS8::load_key(get_arg("ca_key"), - rng, + rng(), get_arg("ca_key_pass"))); if(!key) @@ -54,7 +51,7 @@ class Sign_Cert : public Command Botan::X509_Time end_time(now + days(get_arg_sz("duration"))); - Botan::X509_Certificate new_cert = ca.sign_request(req, rng, + Botan::X509_Certificate new_cert = ca.sign_request(req, rng(), start_time, end_time); output() << new_cert.PEM_encode(); @@ -153,11 +150,9 @@ class Gen_Self_Signed : public Command void go() override { - Botan::AutoSeeded_RNG rng; - std::unique_ptr<Botan::Private_Key> key( Botan::PKCS8::load_key(get_arg("key"), - rng, + rng(), get_arg("key-pass"))); if(!key) @@ -175,7 +170,7 @@ class Gen_Self_Signed : public Command opts.CA_key(); Botan::X509_Certificate cert = - Botan::X509::create_self_signed_cert(opts, *key, get_arg("hash"), rng); + Botan::X509::create_self_signed_cert(opts, *key, get_arg("hash"), rng()); output() << cert.PEM_encode(); } @@ -191,11 +186,9 @@ class Generate_PKCS10 : public Command void go() override { - Botan::AutoSeeded_RNG rng; - std::unique_ptr<Botan::Private_Key> key( Botan::PKCS8::load_key(get_arg("key"), - rng, + rng(), get_arg("key-pass"))); if(!key) @@ -211,7 +204,7 @@ class Generate_PKCS10 : public Command Botan::PKCS10_Request req = Botan::X509::create_cert_req(opts, *key, get_arg("hash"), - rng); + rng()); output() << req.PEM_encode(); } |