Annotation of embedaddon/strongswan/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c, revision 1.1.1.2
1.1 misho 1: /*
2: * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
3: *
4: * Permission is hereby granted, free of charge, to any person obtaining a copy
5: * of this software and associated documentation files (the "Software"), to deal
6: * in the Software without restriction, including without limitation the rights
7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8: * copies of the Software, and to permit persons to whom the Software is
9: * furnished to do so, subject to the following conditions:
10: *
11: * The above copyright notice and this permission notice shall be included in
12: * all copies or substantial portions of the Software.
13: *
14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20: * THE SOFTWARE.
21: */
22:
23: #include <library.h>
24: #include <utils/debug.h>
25:
26: #include "wolfssl_common.h"
27: #include "wolfssl_plugin.h"
28: #include "wolfssl_aead.h"
29: #include "wolfssl_crypter.h"
30: #include "wolfssl_diffie_hellman.h"
31: #include "wolfssl_ec_diffie_hellman.h"
32: #include "wolfssl_ec_private_key.h"
33: #include "wolfssl_ec_public_key.h"
34: #include "wolfssl_ed_private_key.h"
35: #include "wolfssl_ed_public_key.h"
36: #include "wolfssl_hasher.h"
37: #include "wolfssl_hmac.h"
38: #include "wolfssl_rsa_private_key.h"
39: #include "wolfssl_rsa_public_key.h"
40: #include "wolfssl_rng.h"
41: #include "wolfssl_sha1_prf.h"
42: #include "wolfssl_x_diffie_hellman.h"
43:
44: #ifndef FIPS_MODE
45: #define FIPS_MODE 0
46: #endif
47:
48: typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t;
49:
50: /**
51: * Private data of wolfssl_plugin
52: */
53: struct private_wolfssl_plugin_t {
54:
55: /**
56: * Public interface
57: */
58: wolfssl_plugin_t public;
59: };
60:
61: METHOD(plugin_t, get_name, char*,
62: private_wolfssl_plugin_t *this)
63: {
64: return "wolfssl";
65: }
66:
67: METHOD(plugin_t, get_features, int,
68: private_wolfssl_plugin_t *this, plugin_feature_t *features[])
69: {
70: static plugin_feature_t f[] = {
71: /* crypters */
72: PLUGIN_REGISTER(CRYPTER, wolfssl_crypter_create),
73: #if !defined(NO_AES) && !defined(NO_AES_CTR)
74: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
75: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
76: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
77: #endif
78: #if !defined(NO_AES) && !defined(NO_AES_CBC)
79: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
80: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
81: PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
82: #endif
83: #ifdef HAVE_CAMELLIA
84: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
85: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
86: PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
87: #endif
88: #ifndef NO_DES3
89: PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
90: PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
91: #ifdef WOLFSSL_DES_ECB
92: PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
93: #endif
94: #endif
95: PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
96: /* hashers */
97: PLUGIN_REGISTER(HASHER, wolfssl_hasher_create),
98: #ifndef NO_MD5
99: PLUGIN_PROVIDE(HASHER, HASH_MD5),
100: #endif
101: #ifndef NO_SHA
102: PLUGIN_PROVIDE(HASHER, HASH_SHA1),
103: #endif
104: #ifdef WOLFSSL_SHA224
105: PLUGIN_PROVIDE(HASHER, HASH_SHA224),
106: #endif
107: #ifndef NO_SHA256
108: PLUGIN_PROVIDE(HASHER, HASH_SHA256),
109: #endif
110: #ifdef WOLFSSL_SHA384
111: PLUGIN_PROVIDE(HASHER, HASH_SHA384),
112: #endif
113: #ifdef WOLFSSL_SHA512
114: PLUGIN_PROVIDE(HASHER, HASH_SHA512),
115: #endif
116: #ifndef NO_SHA
117: /* keyed sha1 hasher (aka prf) */
118: PLUGIN_REGISTER(PRF, wolfssl_sha1_prf_create),
119: PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
120: #endif
121: #ifndef NO_HMAC
122: PLUGIN_REGISTER(PRF, wolfssl_hmac_prf_create),
123: #ifndef NO_MD5
124: PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5),
125: #endif
126: #ifndef NO_SHA
127: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
128: #endif
129: #ifndef NO_SHA256
130: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
131: #endif
132: #ifdef WOLFSSL_SHA384
133: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
134: #endif
135: #ifdef WOLFSSL_SHA512
136: PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
137: #endif
138: PLUGIN_REGISTER(SIGNER, wolfssl_hmac_signer_create),
139: #ifndef NO_MD5
140: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96),
141: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128),
142: #endif
143: #ifndef NO_SHA
144: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
145: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
146: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
147: #endif
148: #ifndef NO_SHA256
149: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
150: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
151: #endif
152: #ifdef WOLFSSL_SHA384
153: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
154: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
155: #endif
156: #ifdef WOLFSSL_SHA512
157: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
158: PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
159: #endif
160: #endif /* NO_HMAC */
161: #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \
162: (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
163: PLUGIN_REGISTER(AEAD, wolfssl_aead_create),
164: #if !defined(NO_AES) && defined(HAVE_AESGCM)
165: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
166: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
167: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
168: #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12
169: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
170: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
171: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
172: #endif
173: #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8
174: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
175: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
176: PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
177: #endif
178: #endif /* !NO_AES && HAVE_AESGCM */
179: #if !defined(NO_AES) && defined(HAVE_AESCCM)
180: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16),
181: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24),
182: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32),
183: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16),
184: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24),
185: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32),
186: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16),
187: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24),
188: PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32),
189: #endif /* !NO_AES && HAVE_AESCCM */
190: #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
191: PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
192: #endif /* HAVE_CHACHA && HAVE_POLY1305 */
193: #endif
194: #ifdef HAVE_ECC_DHE
195: /* EC DH groups */
196: PLUGIN_REGISTER(DH, wolfssl_ec_diffie_hellman_create),
1.1.1.2 ! misho 197: #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
! 198: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256)
1.1 misho 199: PLUGIN_PROVIDE(DH, ECP_256_BIT),
200: #endif
1.1.1.2 ! misho 201: #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
! 202: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384)
1.1 misho 203: PLUGIN_PROVIDE(DH, ECP_384_BIT),
204: #endif
1.1.1.2 ! misho 205: #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
! 206: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 521)
1.1 misho 207: PLUGIN_PROVIDE(DH, ECP_521_BIT),
208: #endif
1.1.1.2 ! misho 209: #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
! 210: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224)
1.1 misho 211: PLUGIN_PROVIDE(DH, ECP_224_BIT),
212: #endif
1.1.1.2 ! misho 213: #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
! 214: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 192)
1.1 misho 215: PLUGIN_PROVIDE(DH, ECP_192_BIT),
216: #endif
1.1.1.2 ! misho 217: #ifdef HAVE_ECC_BRAINPOOL
! 218: #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
! 219: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256)
1.1 misho 220: PLUGIN_PROVIDE(DH, ECP_256_BP),
221: #endif
1.1.1.2 ! misho 222: #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
! 223: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384)
1.1 misho 224: PLUGIN_PROVIDE(DH, ECP_384_BP),
225: #endif
1.1.1.2 ! misho 226: #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && \
! 227: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 512)
1.1 misho 228: PLUGIN_PROVIDE(DH, ECP_512_BP),
229: #endif
1.1.1.2 ! misho 230: #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
! 231: (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224)
1.1 misho 232: PLUGIN_PROVIDE(DH, ECP_224_BP),
233: #endif
234: #endif
235: #endif /* HAVE_ECC_DHE */
236: #ifndef NO_DH
237: /* MODP DH groups */
238: PLUGIN_REGISTER(DH, wolfssl_diffie_hellman_create),
239: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2)
240: PLUGIN_PROVIDE(DH, MODP_3072_BIT),
241: #endif
242: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2)
243: PLUGIN_PROVIDE(DH, MODP_4096_BIT),
244: #endif
245: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2)
246: PLUGIN_PROVIDE(DH, MODP_6144_BIT),
247: #endif
248: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2)
249: PLUGIN_PROVIDE(DH, MODP_8192_BIT),
250: #endif
251: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2)
252: PLUGIN_PROVIDE(DH, MODP_2048_BIT),
253: PLUGIN_PROVIDE(DH, MODP_2048_224),
254: PLUGIN_PROVIDE(DH, MODP_2048_256),
255: #endif
256: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2)
257: PLUGIN_PROVIDE(DH, MODP_1536_BIT),
258: #endif
259: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2)
260: PLUGIN_PROVIDE(DH, MODP_1024_BIT),
261: PLUGIN_PROVIDE(DH, MODP_1024_160),
262: #endif
263: #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2)
264: PLUGIN_PROVIDE(DH, MODP_768_BIT),
265: #endif
266: PLUGIN_PROVIDE(DH, MODP_CUSTOM),
267: #endif /* NO_DH */
268: #ifndef NO_RSA
269: /* RSA private/public key loading */
270: PLUGIN_REGISTER(PRIVKEY, wolfssl_rsa_private_key_load, TRUE),
271: PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
272: PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
273: PLUGIN_REGISTER(PUBKEY, wolfssl_rsa_public_key_load, TRUE),
274: PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
275: #ifdef WOLFSSL_KEY_GEN
276: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_rsa_private_key_gen, FALSE),
277: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
278: #endif
279: /* signature/encryption schemes */
280: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
281: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
282: #ifdef WC_RSA_PSS
283: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
284: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
285: #endif
286: #ifndef NO_SHA
287: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
288: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
289: #endif
290: #ifdef WOLFSSL_SHA224
291: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
292: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
293: #endif
294: #ifndef NO_SHA256
295: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
296: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
297: #endif
298: #ifdef WOLFSSL_SHA384
299: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
300: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
301: #endif
302: #ifdef WOLFSSL_SHA512
303: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
304: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
305: #endif
306: #ifndef NO_MD5
307: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
308: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
309: #endif
310: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
311: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
312: #ifndef WC_NO_RSA_OAEP
313: #ifndef NO_SHA
314: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1),
315: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1),
316: #endif
317: #ifdef WOLFSSL_SHA224
318: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224),
319: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224),
320: #endif
321: #ifndef NO_SHA256
322: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256),
323: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256),
324: #endif
325: #ifdef WOLFSSL_SHA384
326: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384),
327: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384),
328: #endif
329: #ifdef WOLFSSL_SHA512
330: PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
331: PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512),
332: #endif
333: #endif /* !WC_NO_RSA_OAEP */
334: #endif /* !NO_RSA */
335: #ifdef HAVE_ECC
336: #ifdef HAVE_ECC_KEY_IMPORT
337: /* EC private/public key loading */
338: PLUGIN_REGISTER(PRIVKEY, wolfssl_ec_private_key_load, TRUE),
339: PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
340: PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
341: #endif
342: #ifdef HAVE_ECC_DHE
343: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ec_private_key_gen, FALSE),
344: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
345: #endif
346: #ifdef HAVE_ECC_KEY_IMPORT
347: PLUGIN_REGISTER(PUBKEY, wolfssl_ec_public_key_load, TRUE),
348: PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
349: #endif
350: #ifdef HAVE_ECC_SIGN
351: /* signature encryption schemes */
352: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
353: #ifndef NO_SHA
354: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
355: #endif
356: #ifndef NO_SHA256
357: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
358: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
359: #endif
360: #ifdef WOLFSSL_SHA384
361: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
362: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
363: #endif
364: #ifdef WOLFSSL_SHA512
365: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
366: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
367: #endif
368: #endif /* HAVE_ECC_SIGN */
369: #ifdef HAVE_ECC_VERIFY
370: /* signature encryption schemes */
371: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
372: #ifndef NO_SHA
373: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
374: #endif
375: #ifndef NO_SHA256
376: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
377: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
378: #endif
379: #ifdef WOLFSSL_SHA384
380: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
381: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
382: #endif
383: #ifdef WOLFSSL_SHA512
384: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
385: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
386: #endif
387: #endif /* HAVE_ECC_VERIFY */
388: #endif /* HAVE_ECC */
1.1.1.2 ! misho 389: #if defined (HAVE_CURVE25519) || defined(HAVE_CURVE448)
1.1 misho 390: PLUGIN_REGISTER(DH, wolfssl_x_diffie_hellman_create),
1.1.1.2 ! misho 391: #ifdef HAVE_CURVE25519
1.1 misho 392: PLUGIN_PROVIDE(DH, CURVE_25519),
1.1.1.2 ! misho 393: #endif
! 394: #ifdef HAVE_CURVE448
! 395: PLUGIN_PROVIDE(DH, CURVE_448),
! 396: #endif
! 397: #endif /* HAVE_CURVE25519 || HAVE_CURVE448 */
! 398: #if defined(HAVE_ED25519) || defined(HAVE_ED448)
1.1 misho 399: /* EdDSA private/public key loading */
400: PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE),
1.1.1.2 ! misho 401: #ifdef HAVE_ED25519
1.1 misho 402: PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
1.1.1.2 ! misho 403: #endif
! 404: #ifdef HAVE_ED448
! 405: PLUGIN_PROVIDE(PUBKEY, KEY_ED448),
! 406: #endif
1.1 misho 407: PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE),
1.1.1.2 ! misho 408: #ifdef HAVE_ED25519
1.1 misho 409: PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
1.1.1.2 ! misho 410: #endif
! 411: #ifdef HAVE_ED448
! 412: PLUGIN_PROVIDE(PRIVKEY, KEY_ED448),
! 413: #endif
1.1 misho 414: PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE),
1.1.1.2 ! misho 415: #ifdef HAVE_ED25519
1.1 misho 416: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
1.1.1.2 ! misho 417: #endif
! 418: #ifdef HAVE_ED448
! 419: PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED448),
! 420: #endif
1.1 misho 421: #ifdef HAVE_ED25519_SIGN
422: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
423: #endif
424: #ifdef HAVE_ED25519_VERIFY
425: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
426: #endif
1.1.1.2 ! misho 427: #ifdef HAVE_ED448_SIGN
! 428: PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED448),
! 429: #endif
! 430: #ifdef HAVE_ED448_VERIFY
! 431: PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED448),
! 432: #endif
1.1 misho 433: /* register a pro forma identity hasher, never instantiated */
434: PLUGIN_REGISTER(HASHER, return_null),
435: PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
1.1.1.2 ! misho 436: #endif /* HAVE_ED25519 || HAVE_ED448 */
1.1 misho 437: #ifndef WC_NO_RNG
438: /* generic key loader */
439: PLUGIN_REGISTER(RNG, wolfssl_rng_create),
440: PLUGIN_PROVIDE(RNG, RNG_STRONG),
441: PLUGIN_PROVIDE(RNG, RNG_WEAK),
442: #endif
443: };
444: *features = f;
445: return countof(f);
446: }
447:
448: METHOD(plugin_t, destroy, void,
449: private_wolfssl_plugin_t *this)
450: {
451: #ifndef WC_NO_RNG
452: wolfssl_rng_global_final();
453: #endif
454: wolfSSL_Cleanup();
455:
456: free(this);
457: }
458:
459: /*
460: * Described in header
461: */
462: plugin_t *wolfssl_plugin_create()
463: {
464: private_wolfssl_plugin_t *this;
465: bool fips_mode;
466:
467: fips_mode = lib->settings->get_bool(lib->settings,
468: "%s.plugins.wolfssl.fips_mode", FALSE, lib->ns);
469: #ifdef HAVE_FIPS
470: if (fips_mode)
471: {
472: int ret = wolfCrypt_GetStatus_fips();
473: if (ret != 0)
474: {
475: DBG1(DBG_LIB, "wolfssl FIPS mode unavailable (%d)", ret);
476: return NULL;
477: }
478: }
479: #else
480: if (fips_mode)
481: {
482: DBG1(DBG_LIB, "wolfssl FIPS mode unavailable");
483: return NULL;
484: }
485: #endif
486:
487: wolfSSL_Init();
488: #ifndef WC_NO_RNG
489: if (!wolfssl_rng_global_init())
490: {
491: return NULL;
492: }
493: #endif
494:
495: INIT(this,
496: .public = {
497: .plugin = {
498: .get_name = _get_name,
499: .get_features = _get_features,
500: .destroy = _destroy,
501: },
502: },
503: );
504:
505: return &this->public.plugin;
506: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to wolfssl_plugin.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / wolfssl