From 5ddb2c0a8a184f6c74e674bf0859508c5d78a365 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Thu, 27 Oct 2022 12:19:06 +1100 Subject: [PATCH] Expose randomness source for `KeyPair::generate` --- src/lib.rs | 14 ++++++++------ tests/generic.rs | 2 +- tests/webpki.rs | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 1d003ea8..2966d31c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1335,6 +1335,9 @@ fn write_general_subtrees(writer :DERWriter, tag :u64, general_subtrees :&[Gener impl Certificate { /// Generates a new certificate from the given parameters + /// + /// This function will generate a random (using `ring`'s [`SystemRandom`]) [`KeyPair`] if none is provided in the [`CertificateParams`]. + /// If you need to control the [`KeyPair`], set it ahead of time before calling this function. pub fn from_params(mut params :CertificateParams) -> Result { let key_pair = if let Some(key_pair) = params.key_pair.take() { if !key_pair.is_compatible(¶ms.alg) { @@ -1342,7 +1345,7 @@ impl Certificate { } key_pair } else { - KeyPair::generate(¶ms.alg)? + KeyPair::generate(¶ms.alg, &SystemRandom::new())? }; Ok(Certificate { @@ -1715,14 +1718,13 @@ impl From for RcgenError { impl KeyPair { /// Generate a new random key pair for the specified signature algorithm - pub fn generate(alg :&'static SignatureAlgorithm) -> Result { - let system_random = SystemRandom::new(); + pub fn generate(alg :&'static SignatureAlgorithm, rng: &dyn SecureRandom) -> Result { match alg.sign_alg { SignAlgo::EcDsa(sign_alg) => { - let key_pair_doc = EcdsaKeyPair::generate_pkcs8(sign_alg, &system_random)?; + let key_pair_doc = EcdsaKeyPair::generate_pkcs8(sign_alg, rng)?; let key_pair_serialized = key_pair_doc.as_ref().to_vec(); - let key_pair = EcdsaKeyPair::from_pkcs8(&sign_alg, &&key_pair_doc.as_ref(), &system_random).unwrap(); + let key_pair = EcdsaKeyPair::from_pkcs8(&sign_alg, &&key_pair_doc.as_ref(), rng).unwrap(); Ok(KeyPair { kind : KeyPairKind::Ec(key_pair), alg, @@ -1730,7 +1732,7 @@ impl KeyPair { }) }, SignAlgo::EdDsa(_sign_alg) => { - let key_pair_doc = Ed25519KeyPair::generate_pkcs8(&system_random)?; + let key_pair_doc = Ed25519KeyPair::generate_pkcs8(rng)?; let key_pair_serialized = key_pair_doc.as_ref().to_vec(); let key_pair = Ed25519KeyPair::from_pkcs8(&&key_pair_doc.as_ref()).unwrap(); diff --git a/tests/generic.rs b/tests/generic.rs index c8008ad4..2d195cde 100644 --- a/tests/generic.rs +++ b/tests/generic.rs @@ -31,7 +31,7 @@ fn test_key_params_mismatch() { let mut wrong_params = util::default_params(); if i != 0 { - wrong_params.key_pair = Some(KeyPair::generate(kalg_1).unwrap()); + wrong_params.key_pair = Some(KeyPair::generate(kalg_1, &ring::rand::SystemRandom::new()).unwrap()); } else { let kp = KeyPair::from_pem(util::RSA_TEST_KEY_PAIR_PEM, &ring::rand::SystemRandom::new()).unwrap(); wrong_params.key_pair = Some(kp); diff --git a/tests/webpki.rs b/tests/webpki.rs index 8cdf0ac8..4439c617 100644 --- a/tests/webpki.rs +++ b/tests/webpki.rs @@ -271,7 +271,7 @@ fn from_remote() { } } - let key_pair = KeyPair::generate(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap(); + let key_pair = KeyPair::generate(&rcgen::PKCS_ECDSA_P256_SHA256, &SystemRandom::new()).unwrap(); let remote = EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P256_SHA256_ASN1_SIGNING, &key_pair.serialize_der(), &SystemRandom::new()).unwrap(); let key_pair = EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P256_SHA256_ASN1_SIGNING, &key_pair.serialize_der(), &SystemRandom::new()).unwrap(); let remote = KeyPair::from_remote(Box::new(Remote(remote))).unwrap();