Return to wolfssl_plugin.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / wolfssl |
1.1 misho 1: /* 2: * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc. 3: * 4: * Permission is hereby granted, free of charge, to any person obtaining a copy 5: * of this software and associated documentation files (the "Software"), to deal 6: * in the Software without restriction, including without limitation the rights 7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8: * copies of the Software, and to permit persons to whom the Software is 9: * furnished to do so, subject to the following conditions: 10: * 11: * The above copyright notice and this permission notice shall be included in 12: * all copies or substantial portions of the Software. 13: * 14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 20: * THE SOFTWARE. 21: */ 22: 23: #include <library.h> 24: #include <utils/debug.h> 25: 26: #include "wolfssl_common.h" 27: #include "wolfssl_plugin.h" 28: #include "wolfssl_aead.h" 29: #include "wolfssl_crypter.h" 30: #include "wolfssl_diffie_hellman.h" 31: #include "wolfssl_ec_diffie_hellman.h" 32: #include "wolfssl_ec_private_key.h" 33: #include "wolfssl_ec_public_key.h" 34: #include "wolfssl_ed_private_key.h" 35: #include "wolfssl_ed_public_key.h" 36: #include "wolfssl_hasher.h" 37: #include "wolfssl_hmac.h" 38: #include "wolfssl_rsa_private_key.h" 39: #include "wolfssl_rsa_public_key.h" 40: #include "wolfssl_rng.h" 41: #include "wolfssl_sha1_prf.h" 42: #include "wolfssl_x_diffie_hellman.h" 43: 44: #ifndef FIPS_MODE 45: #define FIPS_MODE 0 46: #endif 47: 48: typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t; 49: 50: /** 51: * Private data of wolfssl_plugin 52: */ 53: struct private_wolfssl_plugin_t { 54: 55: /** 56: * Public interface 57: */ 58: wolfssl_plugin_t public; 59: }; 60: 61: METHOD(plugin_t, get_name, char*, 62: private_wolfssl_plugin_t *this) 63: { 64: return "wolfssl"; 65: } 66: 67: METHOD(plugin_t, get_features, int, 68: private_wolfssl_plugin_t *this, plugin_feature_t *features[]) 69: { 70: static plugin_feature_t f[] = { 71: /* crypters */ 72: PLUGIN_REGISTER(CRYPTER, wolfssl_crypter_create), 73: #if !defined(NO_AES) && !defined(NO_AES_CTR) 74: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16), 75: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24), 76: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32), 77: #endif 78: #if !defined(NO_AES) && !defined(NO_AES_CBC) 79: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), 80: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), 81: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), 82: #endif 83: #ifdef HAVE_CAMELLIA 84: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16), 85: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24), 86: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32), 87: #endif 88: #ifndef NO_DES3 89: PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24), 90: PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8), 91: #ifdef WOLFSSL_DES_ECB 92: PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8), 93: #endif 94: #endif 95: PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0), 96: /* hashers */ 97: PLUGIN_REGISTER(HASHER, wolfssl_hasher_create), 98: #ifndef NO_MD5 99: PLUGIN_PROVIDE(HASHER, HASH_MD5), 100: #endif 101: #ifndef NO_SHA 102: PLUGIN_PROVIDE(HASHER, HASH_SHA1), 103: #endif 104: #ifdef WOLFSSL_SHA224 105: PLUGIN_PROVIDE(HASHER, HASH_SHA224), 106: #endif 107: #ifndef NO_SHA256 108: PLUGIN_PROVIDE(HASHER, HASH_SHA256), 109: #endif 110: #ifdef WOLFSSL_SHA384 111: PLUGIN_PROVIDE(HASHER, HASH_SHA384), 112: #endif 113: #ifdef WOLFSSL_SHA512 114: PLUGIN_PROVIDE(HASHER, HASH_SHA512), 115: #endif 116: #ifndef NO_SHA 117: /* keyed sha1 hasher (aka prf) */ 118: PLUGIN_REGISTER(PRF, wolfssl_sha1_prf_create), 119: PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1), 120: #endif 121: #ifndef NO_HMAC 122: PLUGIN_REGISTER(PRF, wolfssl_hmac_prf_create), 123: #ifndef NO_MD5 124: PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5), 125: #endif 126: #ifndef NO_SHA 127: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1), 128: #endif 129: #ifndef NO_SHA256 130: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256), 131: #endif 132: #ifdef WOLFSSL_SHA384 133: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384), 134: #endif 135: #ifdef WOLFSSL_SHA512 136: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512), 137: #endif 138: PLUGIN_REGISTER(SIGNER, wolfssl_hmac_signer_create), 139: #ifndef NO_MD5 140: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96), 141: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128), 142: #endif 143: #ifndef NO_SHA 144: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96), 145: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128), 146: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160), 147: #endif 148: #ifndef NO_SHA256 149: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128), 150: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256), 151: #endif 152: #ifdef WOLFSSL_SHA384 153: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192), 154: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384), 155: #endif 156: #ifdef WOLFSSL_SHA512 157: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), 158: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), 159: #endif 160: #endif /* NO_HMAC */ 161: #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \ 162: (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) 163: PLUGIN_REGISTER(AEAD, wolfssl_aead_create), 164: #if !defined(NO_AES) && defined(HAVE_AESGCM) 165: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16), 166: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24), 167: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32), 168: #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12 169: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16), 170: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24), 171: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32), 172: #endif 173: #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8 174: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16), 175: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24), 176: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32), 177: #endif 178: #endif /* !NO_AES && HAVE_AESGCM */ 179: #if !defined(NO_AES) && defined(HAVE_AESCCM) 180: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16), 181: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24), 182: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32), 183: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16), 184: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24), 185: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32), 186: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16), 187: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24), 188: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32), 189: #endif /* !NO_AES && HAVE_AESCCM */ 190: #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) 191: PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32), 192: #endif /* HAVE_CHACHA && HAVE_POLY1305 */ 193: #endif 194: #ifdef HAVE_ECC_DHE 195: /* EC DH groups */ 196: PLUGIN_REGISTER(DH, wolfssl_ec_diffie_hellman_create), 197: #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) 198: PLUGIN_PROVIDE(DH, ECP_256_BIT), 199: #endif 200: #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) 201: PLUGIN_PROVIDE(DH, ECP_384_BIT), 202: #endif 203: #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) 204: PLUGIN_PROVIDE(DH, ECP_521_BIT), 205: #endif 206: #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) 207: PLUGIN_PROVIDE(DH, ECP_224_BIT), 208: #endif 209: #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) 210: PLUGIN_PROVIDE(DH, ECP_192_BIT), 211: #endif 212: #ifdef HAVE_BRAINPOOL 213: #if !define(NO_ECC256) || defined(HAVE_ALL_CURVES) 214: PLUGIN_PROVIDE(DH, ECP_256_BP), 215: #endif 216: #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) 217: PLUGIN_PROVIDE(DH, ECP_384_BP), 218: #endif 219: #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) 220: PLUGIN_PROVIDE(DH, ECP_512_BP), 221: #endif 222: #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) 223: PLUGIN_PROVIDE(DH, ECP_224_BP), 224: #endif 225: #endif 226: #endif /* HAVE_ECC_DHE */ 227: #ifndef NO_DH 228: /* MODP DH groups */ 229: PLUGIN_REGISTER(DH, wolfssl_diffie_hellman_create), 230: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2) 231: PLUGIN_PROVIDE(DH, MODP_3072_BIT), 232: #endif 233: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2) 234: PLUGIN_PROVIDE(DH, MODP_4096_BIT), 235: #endif 236: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2) 237: PLUGIN_PROVIDE(DH, MODP_6144_BIT), 238: #endif 239: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2) 240: PLUGIN_PROVIDE(DH, MODP_8192_BIT), 241: #endif 242: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2) 243: PLUGIN_PROVIDE(DH, MODP_2048_BIT), 244: PLUGIN_PROVIDE(DH, MODP_2048_224), 245: PLUGIN_PROVIDE(DH, MODP_2048_256), 246: #endif 247: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2) 248: PLUGIN_PROVIDE(DH, MODP_1536_BIT), 249: #endif 250: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2) 251: PLUGIN_PROVIDE(DH, MODP_1024_BIT), 252: PLUGIN_PROVIDE(DH, MODP_1024_160), 253: #endif 254: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2) 255: PLUGIN_PROVIDE(DH, MODP_768_BIT), 256: #endif 257: PLUGIN_PROVIDE(DH, MODP_CUSTOM), 258: #endif /* NO_DH */ 259: #ifndef NO_RSA 260: /* RSA private/public key loading */ 261: PLUGIN_REGISTER(PRIVKEY, wolfssl_rsa_private_key_load, TRUE), 262: PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), 263: PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), 264: PLUGIN_REGISTER(PUBKEY, wolfssl_rsa_public_key_load, TRUE), 265: PLUGIN_PROVIDE(PUBKEY, KEY_RSA), 266: #ifdef WOLFSSL_KEY_GEN 267: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_rsa_private_key_gen, FALSE), 268: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), 269: #endif 270: /* signature/encryption schemes */ 271: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), 272: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), 273: #ifdef WC_RSA_PSS 274: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), 275: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), 276: #endif 277: #ifndef NO_SHA 278: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), 279: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), 280: #endif 281: #ifdef WOLFSSL_SHA224 282: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), 283: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), 284: #endif 285: #ifndef NO_SHA256 286: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), 287: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), 288: #endif 289: #ifdef WOLFSSL_SHA384 290: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), 291: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), 292: #endif 293: #ifdef WOLFSSL_SHA512 294: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), 295: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), 296: #endif 297: #ifndef NO_MD5 298: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), 299: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), 300: #endif 301: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), 302: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), 303: #ifndef WC_NO_RSA_OAEP 304: #ifndef NO_SHA 305: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1), 306: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1), 307: #endif 308: #ifdef WOLFSSL_SHA224 309: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224), 310: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224), 311: #endif 312: #ifndef NO_SHA256 313: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256), 314: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256), 315: #endif 316: #ifdef WOLFSSL_SHA384 317: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384), 318: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384), 319: #endif 320: #ifdef WOLFSSL_SHA512 321: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512), 322: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512), 323: #endif 324: #endif /* !WC_NO_RSA_OAEP */ 325: #endif /* !NO_RSA */ 326: #ifdef HAVE_ECC 327: #ifdef HAVE_ECC_KEY_IMPORT 328: /* EC private/public key loading */ 329: PLUGIN_REGISTER(PRIVKEY, wolfssl_ec_private_key_load, TRUE), 330: PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), 331: PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), 332: #endif 333: #ifdef HAVE_ECC_DHE 334: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ec_private_key_gen, FALSE), 335: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA), 336: #endif 337: #ifdef HAVE_ECC_KEY_IMPORT 338: PLUGIN_REGISTER(PUBKEY, wolfssl_ec_public_key_load, TRUE), 339: PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), 340: #endif 341: #ifdef HAVE_ECC_SIGN 342: /* signature encryption schemes */ 343: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL), 344: #ifndef NO_SHA 345: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER), 346: #endif 347: #ifndef NO_SHA256 348: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER), 349: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256), 350: #endif 351: #ifdef WOLFSSL_SHA384 352: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER), 353: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384), 354: #endif 355: #ifdef WOLFSSL_SHA512 356: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER), 357: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521), 358: #endif 359: #endif /* HAVE_ECC_SIGN */ 360: #ifdef HAVE_ECC_VERIFY 361: /* signature encryption schemes */ 362: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL), 363: #ifndef NO_SHA 364: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER), 365: #endif 366: #ifndef NO_SHA256 367: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER), 368: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256), 369: #endif 370: #ifdef WOLFSSL_SHA384 371: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER), 372: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384), 373: #endif 374: #ifdef WOLFSSL_SHA512 375: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER), 376: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), 377: #endif 378: #endif /* HAVE_ECC_VERIFY */ 379: #endif /* HAVE_ECC */ 380: #ifdef HAVE_CURVE25519 381: PLUGIN_REGISTER(DH, wolfssl_x_diffie_hellman_create), 382: PLUGIN_PROVIDE(DH, CURVE_25519), 383: #endif 384: #ifdef HAVE_ED25519 385: /* EdDSA private/public key loading */ 386: PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE), 387: PLUGIN_PROVIDE(PUBKEY, KEY_ED25519), 388: PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE), 389: PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519), 390: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE), 391: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519), 392: #ifdef HAVE_ED25519_SIGN 393: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519), 394: #endif 395: #ifdef HAVE_ED25519_VERIFY 396: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519), 397: #endif 398: /* register a pro forma identity hasher, never instantiated */ 399: PLUGIN_REGISTER(HASHER, return_null), 400: PLUGIN_PROVIDE(HASHER, HASH_IDENTITY), 401: #endif /* HAVE_ED25519 */ 402: #ifndef WC_NO_RNG 403: /* generic key loader */ 404: PLUGIN_REGISTER(RNG, wolfssl_rng_create), 405: PLUGIN_PROVIDE(RNG, RNG_STRONG), 406: PLUGIN_PROVIDE(RNG, RNG_WEAK), 407: #endif 408: }; 409: *features = f; 410: return countof(f); 411: } 412: 413: METHOD(plugin_t, destroy, void, 414: private_wolfssl_plugin_t *this) 415: { 416: #ifndef WC_NO_RNG 417: wolfssl_rng_global_final(); 418: #endif 419: wolfSSL_Cleanup(); 420: 421: free(this); 422: } 423: 424: /* 425: * Described in header 426: */ 427: plugin_t *wolfssl_plugin_create() 428: { 429: private_wolfssl_plugin_t *this; 430: bool fips_mode; 431: 432: fips_mode = lib->settings->get_bool(lib->settings, 433: "%s.plugins.wolfssl.fips_mode", FALSE, lib->ns); 434: #ifdef HAVE_FIPS 435: if (fips_mode) 436: { 437: int ret = wolfCrypt_GetStatus_fips(); 438: if (ret != 0) 439: { 440: DBG1(DBG_LIB, "wolfssl FIPS mode unavailable (%d)", ret); 441: return NULL; 442: } 443: } 444: #else 445: if (fips_mode) 446: { 447: DBG1(DBG_LIB, "wolfssl FIPS mode unavailable"); 448: return NULL; 449: } 450: #endif 451: 452: wolfSSL_Init(); 453: #ifndef WC_NO_RNG 454: if (!wolfssl_rng_global_init()) 455: { 456: return NULL; 457: } 458: #endif 459: 460: INIT(this, 461: .public = { 462: .plugin = { 463: .get_name = _get_name, 464: .get_features = _get_features, 465: .destroy = _destroy, 466: }, 467: }, 468: ); 469: 470: return &this->public.plugin; 471: }