Return to wolfssl_plugin.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / wolfssl |
1.1 misho 1: /* 2: * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc. 3: * 4: * Permission is hereby granted, free of charge, to any person obtaining a copy 5: * of this software and associated documentation files (the "Software"), to deal 6: * in the Software without restriction, including without limitation the rights 7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8: * copies of the Software, and to permit persons to whom the Software is 9: * furnished to do so, subject to the following conditions: 10: * 11: * The above copyright notice and this permission notice shall be included in 12: * all copies or substantial portions of the Software. 13: * 14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 20: * THE SOFTWARE. 21: */ 22: 23: #include <library.h> 24: #include <utils/debug.h> 25: 26: #include "wolfssl_common.h" 27: #include "wolfssl_plugin.h" 28: #include "wolfssl_aead.h" 29: #include "wolfssl_crypter.h" 30: #include "wolfssl_diffie_hellman.h" 31: #include "wolfssl_ec_diffie_hellman.h" 32: #include "wolfssl_ec_private_key.h" 33: #include "wolfssl_ec_public_key.h" 34: #include "wolfssl_ed_private_key.h" 35: #include "wolfssl_ed_public_key.h" 36: #include "wolfssl_hasher.h" 37: #include "wolfssl_hmac.h" 38: #include "wolfssl_rsa_private_key.h" 39: #include "wolfssl_rsa_public_key.h" 40: #include "wolfssl_rng.h" 41: #include "wolfssl_sha1_prf.h" 42: #include "wolfssl_x_diffie_hellman.h" 43: 44: #ifndef FIPS_MODE 45: #define FIPS_MODE 0 46: #endif 47: 48: typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t; 49: 50: /** 51: * Private data of wolfssl_plugin 52: */ 53: struct private_wolfssl_plugin_t { 54: 55: /** 56: * Public interface 57: */ 58: wolfssl_plugin_t public; 59: }; 60: 61: METHOD(plugin_t, get_name, char*, 62: private_wolfssl_plugin_t *this) 63: { 64: return "wolfssl"; 65: } 66: 67: METHOD(plugin_t, get_features, int, 68: private_wolfssl_plugin_t *this, plugin_feature_t *features[]) 69: { 70: static plugin_feature_t f[] = { 71: /* crypters */ 72: PLUGIN_REGISTER(CRYPTER, wolfssl_crypter_create), 73: #if !defined(NO_AES) && !defined(NO_AES_CTR) 74: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16), 75: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24), 76: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32), 77: #endif 78: #if !defined(NO_AES) && !defined(NO_AES_CBC) 79: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), 80: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), 81: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), 82: #endif 83: #ifdef HAVE_CAMELLIA 84: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16), 85: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24), 86: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32), 87: #endif 88: #ifndef NO_DES3 89: PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24), 90: PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8), 91: #ifdef WOLFSSL_DES_ECB 92: PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8), 93: #endif 94: #endif 95: PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0), 96: /* hashers */ 97: PLUGIN_REGISTER(HASHER, wolfssl_hasher_create), 98: #ifndef NO_MD5 99: PLUGIN_PROVIDE(HASHER, HASH_MD5), 100: #endif 101: #ifndef NO_SHA 102: PLUGIN_PROVIDE(HASHER, HASH_SHA1), 103: #endif 104: #ifdef WOLFSSL_SHA224 105: PLUGIN_PROVIDE(HASHER, HASH_SHA224), 106: #endif 107: #ifndef NO_SHA256 108: PLUGIN_PROVIDE(HASHER, HASH_SHA256), 109: #endif 110: #ifdef WOLFSSL_SHA384 111: PLUGIN_PROVIDE(HASHER, HASH_SHA384), 112: #endif 113: #ifdef WOLFSSL_SHA512 114: PLUGIN_PROVIDE(HASHER, HASH_SHA512), 115: #endif 116: #ifndef NO_SHA 117: /* keyed sha1 hasher (aka prf) */ 118: PLUGIN_REGISTER(PRF, wolfssl_sha1_prf_create), 119: PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1), 120: #endif 121: #ifndef NO_HMAC 122: PLUGIN_REGISTER(PRF, wolfssl_hmac_prf_create), 123: #ifndef NO_MD5 124: PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5), 125: #endif 126: #ifndef NO_SHA 127: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1), 128: #endif 129: #ifndef NO_SHA256 130: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256), 131: #endif 132: #ifdef WOLFSSL_SHA384 133: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384), 134: #endif 135: #ifdef WOLFSSL_SHA512 136: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512), 137: #endif 138: PLUGIN_REGISTER(SIGNER, wolfssl_hmac_signer_create), 139: #ifndef NO_MD5 140: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96), 141: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128), 142: #endif 143: #ifndef NO_SHA 144: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96), 145: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128), 146: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160), 147: #endif 148: #ifndef NO_SHA256 149: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128), 150: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256), 151: #endif 152: #ifdef WOLFSSL_SHA384 153: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192), 154: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384), 155: #endif 156: #ifdef WOLFSSL_SHA512 157: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), 158: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), 159: #endif 160: #endif /* NO_HMAC */ 161: #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \ 162: (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) 163: PLUGIN_REGISTER(AEAD, wolfssl_aead_create), 164: #if !defined(NO_AES) && defined(HAVE_AESGCM) 165: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16), 166: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24), 167: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32), 168: #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12 169: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16), 170: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24), 171: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32), 172: #endif 173: #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8 174: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16), 175: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24), 176: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32), 177: #endif 178: #endif /* !NO_AES && HAVE_AESGCM */ 179: #if !defined(NO_AES) && defined(HAVE_AESCCM) 180: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16), 181: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24), 182: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32), 183: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16), 184: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24), 185: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32), 186: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16), 187: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24), 188: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32), 189: #endif /* !NO_AES && HAVE_AESCCM */ 190: #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) 191: PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32), 192: #endif /* HAVE_CHACHA && HAVE_POLY1305 */ 193: #endif 194: #ifdef HAVE_ECC_DHE 195: /* EC DH groups */ 196: PLUGIN_REGISTER(DH, wolfssl_ec_diffie_hellman_create), 1.1.1.2 ! misho 197: #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ ! 198: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256) 1.1 misho 199: PLUGIN_PROVIDE(DH, ECP_256_BIT), 200: #endif 1.1.1.2 ! misho 201: #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ ! 202: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384) 1.1 misho 203: PLUGIN_PROVIDE(DH, ECP_384_BIT), 204: #endif 1.1.1.2 ! misho 205: #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ ! 206: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 521) 1.1 misho 207: PLUGIN_PROVIDE(DH, ECP_521_BIT), 208: #endif 1.1.1.2 ! misho 209: #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \ ! 210: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224) 1.1 misho 211: PLUGIN_PROVIDE(DH, ECP_224_BIT), 212: #endif 1.1.1.2 ! misho 213: #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \ ! 214: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 192) 1.1 misho 215: PLUGIN_PROVIDE(DH, ECP_192_BIT), 216: #endif 1.1.1.2 ! misho 217: #ifdef HAVE_ECC_BRAINPOOL ! 218: #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ ! 219: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256) 1.1 misho 220: PLUGIN_PROVIDE(DH, ECP_256_BP), 221: #endif 1.1.1.2 ! misho 222: #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ ! 223: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384) 1.1 misho 224: PLUGIN_PROVIDE(DH, ECP_384_BP), 225: #endif 1.1.1.2 ! misho 226: #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && \ ! 227: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 512) 1.1 misho 228: PLUGIN_PROVIDE(DH, ECP_512_BP), 229: #endif 1.1.1.2 ! misho 230: #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \ ! 231: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224) 1.1 misho 232: PLUGIN_PROVIDE(DH, ECP_224_BP), 233: #endif 234: #endif 235: #endif /* HAVE_ECC_DHE */ 236: #ifndef NO_DH 237: /* MODP DH groups */ 238: PLUGIN_REGISTER(DH, wolfssl_diffie_hellman_create), 239: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2) 240: PLUGIN_PROVIDE(DH, MODP_3072_BIT), 241: #endif 242: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2) 243: PLUGIN_PROVIDE(DH, MODP_4096_BIT), 244: #endif 245: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2) 246: PLUGIN_PROVIDE(DH, MODP_6144_BIT), 247: #endif 248: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2) 249: PLUGIN_PROVIDE(DH, MODP_8192_BIT), 250: #endif 251: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2) 252: PLUGIN_PROVIDE(DH, MODP_2048_BIT), 253: PLUGIN_PROVIDE(DH, MODP_2048_224), 254: PLUGIN_PROVIDE(DH, MODP_2048_256), 255: #endif 256: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2) 257: PLUGIN_PROVIDE(DH, MODP_1536_BIT), 258: #endif 259: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2) 260: PLUGIN_PROVIDE(DH, MODP_1024_BIT), 261: PLUGIN_PROVIDE(DH, MODP_1024_160), 262: #endif 263: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2) 264: PLUGIN_PROVIDE(DH, MODP_768_BIT), 265: #endif 266: PLUGIN_PROVIDE(DH, MODP_CUSTOM), 267: #endif /* NO_DH */ 268: #ifndef NO_RSA 269: /* RSA private/public key loading */ 270: PLUGIN_REGISTER(PRIVKEY, wolfssl_rsa_private_key_load, TRUE), 271: PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), 272: PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), 273: PLUGIN_REGISTER(PUBKEY, wolfssl_rsa_public_key_load, TRUE), 274: PLUGIN_PROVIDE(PUBKEY, KEY_RSA), 275: #ifdef WOLFSSL_KEY_GEN 276: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_rsa_private_key_gen, FALSE), 277: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), 278: #endif 279: /* signature/encryption schemes */ 280: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), 281: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), 282: #ifdef WC_RSA_PSS 283: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), 284: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), 285: #endif 286: #ifndef NO_SHA 287: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), 288: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), 289: #endif 290: #ifdef WOLFSSL_SHA224 291: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), 292: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), 293: #endif 294: #ifndef NO_SHA256 295: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), 296: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), 297: #endif 298: #ifdef WOLFSSL_SHA384 299: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), 300: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), 301: #endif 302: #ifdef WOLFSSL_SHA512 303: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), 304: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), 305: #endif 306: #ifndef NO_MD5 307: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), 308: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), 309: #endif 310: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), 311: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), 312: #ifndef WC_NO_RSA_OAEP 313: #ifndef NO_SHA 314: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1), 315: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1), 316: #endif 317: #ifdef WOLFSSL_SHA224 318: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224), 319: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224), 320: #endif 321: #ifndef NO_SHA256 322: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256), 323: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256), 324: #endif 325: #ifdef WOLFSSL_SHA384 326: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384), 327: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384), 328: #endif 329: #ifdef WOLFSSL_SHA512 330: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512), 331: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512), 332: #endif 333: #endif /* !WC_NO_RSA_OAEP */ 334: #endif /* !NO_RSA */ 335: #ifdef HAVE_ECC 336: #ifdef HAVE_ECC_KEY_IMPORT 337: /* EC private/public key loading */ 338: PLUGIN_REGISTER(PRIVKEY, wolfssl_ec_private_key_load, TRUE), 339: PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), 340: PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), 341: #endif 342: #ifdef HAVE_ECC_DHE 343: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ec_private_key_gen, FALSE), 344: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA), 345: #endif 346: #ifdef HAVE_ECC_KEY_IMPORT 347: PLUGIN_REGISTER(PUBKEY, wolfssl_ec_public_key_load, TRUE), 348: PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), 349: #endif 350: #ifdef HAVE_ECC_SIGN 351: /* signature encryption schemes */ 352: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL), 353: #ifndef NO_SHA 354: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER), 355: #endif 356: #ifndef NO_SHA256 357: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER), 358: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256), 359: #endif 360: #ifdef WOLFSSL_SHA384 361: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER), 362: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384), 363: #endif 364: #ifdef WOLFSSL_SHA512 365: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER), 366: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521), 367: #endif 368: #endif /* HAVE_ECC_SIGN */ 369: #ifdef HAVE_ECC_VERIFY 370: /* signature encryption schemes */ 371: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL), 372: #ifndef NO_SHA 373: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER), 374: #endif 375: #ifndef NO_SHA256 376: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER), 377: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256), 378: #endif 379: #ifdef WOLFSSL_SHA384 380: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER), 381: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384), 382: #endif 383: #ifdef WOLFSSL_SHA512 384: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER), 385: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), 386: #endif 387: #endif /* HAVE_ECC_VERIFY */ 388: #endif /* HAVE_ECC */ 1.1.1.2 ! misho 389: #if defined (HAVE_CURVE25519) || defined(HAVE_CURVE448) 1.1 misho 390: PLUGIN_REGISTER(DH, wolfssl_x_diffie_hellman_create), 1.1.1.2 ! misho 391: #ifdef HAVE_CURVE25519 1.1 misho 392: PLUGIN_PROVIDE(DH, CURVE_25519), 1.1.1.2 ! misho 393: #endif ! 394: #ifdef HAVE_CURVE448 ! 395: PLUGIN_PROVIDE(DH, CURVE_448), ! 396: #endif ! 397: #endif /* HAVE_CURVE25519 || HAVE_CURVE448 */ ! 398: #if defined(HAVE_ED25519) || defined(HAVE_ED448) 1.1 misho 399: /* EdDSA private/public key loading */ 400: PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE), 1.1.1.2 ! misho 401: #ifdef HAVE_ED25519 1.1 misho 402: PLUGIN_PROVIDE(PUBKEY, KEY_ED25519), 1.1.1.2 ! misho 403: #endif ! 404: #ifdef HAVE_ED448 ! 405: PLUGIN_PROVIDE(PUBKEY, KEY_ED448), ! 406: #endif 1.1 misho 407: PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE), 1.1.1.2 ! misho 408: #ifdef HAVE_ED25519 1.1 misho 409: PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519), 1.1.1.2 ! misho 410: #endif ! 411: #ifdef HAVE_ED448 ! 412: PLUGIN_PROVIDE(PRIVKEY, KEY_ED448), ! 413: #endif 1.1 misho 414: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE), 1.1.1.2 ! misho 415: #ifdef HAVE_ED25519 1.1 misho 416: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519), 1.1.1.2 ! misho 417: #endif ! 418: #ifdef HAVE_ED448 ! 419: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED448), ! 420: #endif 1.1 misho 421: #ifdef HAVE_ED25519_SIGN 422: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519), 423: #endif 424: #ifdef HAVE_ED25519_VERIFY 425: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519), 426: #endif 1.1.1.2 ! misho 427: #ifdef HAVE_ED448_SIGN ! 428: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED448), ! 429: #endif ! 430: #ifdef HAVE_ED448_VERIFY ! 431: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED448), ! 432: #endif 1.1 misho 433: /* register a pro forma identity hasher, never instantiated */ 434: PLUGIN_REGISTER(HASHER, return_null), 435: PLUGIN_PROVIDE(HASHER, HASH_IDENTITY), 1.1.1.2 ! misho 436: #endif /* HAVE_ED25519 || HAVE_ED448 */ 1.1 misho 437: #ifndef WC_NO_RNG 438: /* generic key loader */ 439: PLUGIN_REGISTER(RNG, wolfssl_rng_create), 440: PLUGIN_PROVIDE(RNG, RNG_STRONG), 441: PLUGIN_PROVIDE(RNG, RNG_WEAK), 442: #endif 443: }; 444: *features = f; 445: return countof(f); 446: } 447: 448: METHOD(plugin_t, destroy, void, 449: private_wolfssl_plugin_t *this) 450: { 451: #ifndef WC_NO_RNG 452: wolfssl_rng_global_final(); 453: #endif 454: wolfSSL_Cleanup(); 455: 456: free(this); 457: } 458: 459: /* 460: * Described in header 461: */ 462: plugin_t *wolfssl_plugin_create() 463: { 464: private_wolfssl_plugin_t *this; 465: bool fips_mode; 466: 467: fips_mode = lib->settings->get_bool(lib->settings, 468: "%s.plugins.wolfssl.fips_mode", FALSE, lib->ns); 469: #ifdef HAVE_FIPS 470: if (fips_mode) 471: { 472: int ret = wolfCrypt_GetStatus_fips(); 473: if (ret != 0) 474: { 475: DBG1(DBG_LIB, "wolfssl FIPS mode unavailable (%d)", ret); 476: return NULL; 477: } 478: } 479: #else 480: if (fips_mode) 481: { 482: DBG1(DBG_LIB, "wolfssl FIPS mode unavailable"); 483: return NULL; 484: } 485: #endif 486: 487: wolfSSL_Init(); 488: #ifndef WC_NO_RNG 489: if (!wolfssl_rng_global_init()) 490: { 491: return NULL; 492: } 493: #endif 494: 495: INIT(this, 496: .public = { 497: .plugin = { 498: .get_name = _get_name, 499: .get_features = _get_features, 500: .destroy = _destroy, 501: }, 502: }, 503: ); 504: 505: return &this->public.plugin; 506: }