Annotation of embedaddon/strongswan/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "gcrypt_plugin.h"
! 17:
! 18: #include "gcrypt_hasher.h"
! 19: #include "gcrypt_crypter.h"
! 20: #include "gcrypt_rng.h"
! 21: #include "gcrypt_dh.h"
! 22: #include "gcrypt_rsa_private_key.h"
! 23: #include "gcrypt_rsa_public_key.h"
! 24:
! 25: #include <library.h>
! 26: #include <utils/debug.h>
! 27: #include <threading/mutex.h>
! 28:
! 29: #include <errno.h>
! 30: #include <gcrypt.h>
! 31: #include <pthread.h>
! 32:
! 33: typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t;
! 34:
! 35: /**
! 36: * private data of gcrypt_plugin
! 37: */
! 38: struct private_gcrypt_plugin_t {
! 39:
! 40: /**
! 41: * public functions
! 42: */
! 43: gcrypt_plugin_t public;
! 44: };
! 45:
! 46: #if GCRYPT_VERSION_NUMBER < 0x010600
! 47: /**
! 48: * Define gcrypt multi-threading callbacks as gcry_threads_pthread
! 49: */
! 50: GCRY_THREAD_OPTION_PTHREAD_IMPL;
! 51: #endif
! 52:
! 53: METHOD(plugin_t, get_name, char*,
! 54: private_gcrypt_plugin_t *this)
! 55: {
! 56: return "gcrypt";
! 57: }
! 58:
! 59: METHOD(plugin_t, get_features, int,
! 60: private_gcrypt_plugin_t *this, plugin_feature_t *features[])
! 61: {
! 62: static plugin_feature_t f[] = {
! 63: /* we provide threading-safe initialization of libgcrypt */
! 64: PLUGIN_PROVIDE(CUSTOM, "gcrypt-threading"),
! 65: /* crypters */
! 66: PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
! 67: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
! 68: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
! 69: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
! 70: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
! 71: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
! 72: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
! 73: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 16),
! 74: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 24),
! 75: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 32),
! 76: /* gcrypt only supports 128 bit blowfish */
! 77: PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 16),
! 78: #ifdef HAVE_GCRY_CIPHER_CAMELLIA
! 79: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 16),
! 80: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 24),
! 81: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 32),
! 82: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
! 83: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
! 84: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
! 85: #endif
! 86: PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0),
! 87: PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
! 88: PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
! 89: PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
! 90: PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 16),
! 91: PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 24),
! 92: PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 32),
! 93: PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 16),
! 94: PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 32),
! 95: /* hashers */
! 96: PLUGIN_REGISTER(HASHER, gcrypt_hasher_create),
! 97: PLUGIN_PROVIDE(HASHER, HASH_MD4),
! 98: PLUGIN_PROVIDE(HASHER, HASH_MD5),
! 99: PLUGIN_PROVIDE(HASHER, HASH_SHA1),
! 100: PLUGIN_PROVIDE(HASHER, HASH_SHA224),
! 101: PLUGIN_PROVIDE(HASHER, HASH_SHA256),
! 102: PLUGIN_PROVIDE(HASHER, HASH_SHA384),
! 103: PLUGIN_PROVIDE(HASHER, HASH_SHA512),
! 104: /* MODP DH groups */
! 105: PLUGIN_REGISTER(DH, gcrypt_dh_create),
! 106: PLUGIN_PROVIDE(DH, MODP_3072_BIT),
! 107: PLUGIN_PROVIDE(DH, MODP_4096_BIT),
! 108: PLUGIN_PROVIDE(DH, MODP_6144_BIT),
! 109: PLUGIN_PROVIDE(DH, MODP_8192_BIT),
! 110: PLUGIN_PROVIDE(DH, MODP_2048_BIT),
! 111: PLUGIN_PROVIDE(DH, MODP_2048_224),
! 112: PLUGIN_PROVIDE(DH, MODP_2048_256),
! 113: PLUGIN_PROVIDE(DH, MODP_1536_BIT),
! 114: PLUGIN_PROVIDE(DH, MODP_1024_BIT),
! 115: PLUGIN_PROVIDE(DH, MODP_1024_160),
! 116: PLUGIN_PROVIDE(DH, MODP_768_BIT),
! 117: PLUGIN_REGISTER(DH, gcrypt_dh_create_custom),
! 118: PLUGIN_PROVIDE(DH, MODP_CUSTOM),
! 119: /* RSA private/public key loading */
! 120: PLUGIN_REGISTER(PUBKEY, gcrypt_rsa_public_key_load, TRUE),
! 121: PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
! 122: PLUGIN_REGISTER(PRIVKEY, gcrypt_rsa_private_key_load, TRUE),
! 123: PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
! 124: PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE),
! 125: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
! 126: /* signature schemes, private */
! 127: #if GCRYPT_VERSION_NUMBER >= 0x010700
! 128: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
! 129: #endif
! 130: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
! 131: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
! 132: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
! 133: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
! 134: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
! 135: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
! 136: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
! 137: /* signature verification schemes */
! 138: #if GCRYPT_VERSION_NUMBER >= 0x010700
! 139: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
! 140: #endif
! 141: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
! 142: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
! 143: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
! 144: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
! 145: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
! 146: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
! 147: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
! 148: /* random numbers */
! 149: PLUGIN_REGISTER(RNG, gcrypt_rng_create),
! 150: PLUGIN_PROVIDE(RNG, RNG_WEAK),
! 151: PLUGIN_PROVIDE(RNG, RNG_STRONG),
! 152: PLUGIN_PROVIDE(RNG, RNG_TRUE),
! 153: };
! 154: *features = f;
! 155: return countof(f);
! 156: }
! 157:
! 158: METHOD(plugin_t, destroy, void,
! 159: private_gcrypt_plugin_t *this)
! 160: {
! 161: free(this);
! 162: }
! 163:
! 164: /*
! 165: * see header file
! 166: */
! 167: plugin_t *gcrypt_plugin_create()
! 168: {
! 169: private_gcrypt_plugin_t *this;
! 170:
! 171: #if GCRYPT_VERSION_NUMBER < 0x010600
! 172: gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
! 173: #endif
! 174:
! 175: if (!gcry_check_version(GCRYPT_VERSION))
! 176: {
! 177: DBG1(DBG_LIB, "libgcrypt version mismatch");
! 178: return NULL;
! 179: }
! 180:
! 181: /* we currently do not use secure memory */
! 182: gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
! 183: if (lib->settings->get_bool(lib->settings, "%s.plugins.gcrypt.quick_random",
! 184: FALSE, lib->ns))
! 185: {
! 186: gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
! 187: }
! 188: gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
! 189:
! 190: /* initialize static allocations we want to exclude from leak-detective */
! 191: gcry_create_nonce(NULL, 0);
! 192:
! 193: INIT(this,
! 194: .public = {
! 195: .plugin = {
! 196: .get_name = _get_name,
! 197: .get_features = _get_features,
! 198: .destroy = _destroy,
! 199: },
! 200: },
! 201: );
! 202:
! 203: return &this->public.plugin;
! 204: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>