]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libstrongswan/plugins/botan/botan_plugin.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'rsa-oaep-encryption'
[people/ms/strongswan.git] / src / libstrongswan / plugins / botan / botan_plugin.c
1 /*
2 * Copyright (C) 2018 Tobias Brunner
3 * Copyright (C) 2018 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * Copyright (C) 2018 René Korthaus
7 * Copyright (C) 2018 Konstantinos Kolelis
8 * Rohde & Schwarz Cybersecurity GmbH
9 *
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
16 *
17 * The above copyright notice and this permission notice shall be included in
18 * all copies or substantial portions of the Software.
19 *
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 * THE SOFTWARE.
27 */
28
29 #include "botan_plugin.h"
30 #include "botan_rng.h"
31 #include "botan_hasher.h"
32 #include "botan_crypter.h"
33 #include "botan_diffie_hellman.h"
34 #include "botan_hmac.h"
35 #include "botan_rsa_public_key.h"
36 #include "botan_rsa_private_key.h"
37 #include "botan_ec_diffie_hellman.h"
38 #include "botan_ec_public_key.h"
39 #include "botan_ec_private_key.h"
40 #include "botan_ed_public_key.h"
41 #include "botan_ed_private_key.h"
42 #include "botan_aead.h"
43 #include "botan_util_keys.h"
44 #include "botan_x25519.h"
45
46 #include <library.h>
47
48 #include <botan/build.h>
49 #include <botan/ffi.h>
50
51 typedef struct private_botan_plugin_t private_botan_plugin_t;
52
53 /**
54 * private data of botan_plugin
55 */
56 struct private_botan_plugin_t {
57
58 /**
59 * public functions
60 */
61 botan_plugin_t public;
62 };
63
64 METHOD(plugin_t, get_name, char*,
65 private_botan_plugin_t *this)
66 {
67 return "botan";
68 }
69
70 METHOD(plugin_t, get_features, int,
71 private_botan_plugin_t *this, plugin_feature_t *features[])
72 {
73 static plugin_feature_t f[] = {
74
75 #ifdef BOTAN_HAS_DIFFIE_HELLMAN
76 /* MODP DH groups */
77 PLUGIN_REGISTER(DH, botan_diffie_hellman_create),
78 PLUGIN_PROVIDE(DH, MODP_3072_BIT),
79 PLUGIN_PROVIDE(DH, MODP_4096_BIT),
80 PLUGIN_PROVIDE(DH, MODP_6144_BIT),
81 PLUGIN_PROVIDE(DH, MODP_8192_BIT),
82 PLUGIN_PROVIDE(DH, MODP_2048_BIT),
83 PLUGIN_PROVIDE(DH, MODP_2048_224),
84 PLUGIN_PROVIDE(DH, MODP_2048_256),
85 PLUGIN_PROVIDE(DH, MODP_1536_BIT),
86 PLUGIN_PROVIDE(DH, MODP_1024_BIT),
87 PLUGIN_PROVIDE(DH, MODP_1024_160),
88 PLUGIN_PROVIDE(DH, MODP_768_BIT),
89 PLUGIN_PROVIDE(DH, MODP_CUSTOM),
90 #endif
91 #ifdef BOTAN_HAS_ECDH
92 /* EC DH groups */
93 PLUGIN_REGISTER(DH, botan_ec_diffie_hellman_create),
94 PLUGIN_PROVIDE(DH, ECP_256_BIT),
95 PLUGIN_PROVIDE(DH, ECP_384_BIT),
96 PLUGIN_PROVIDE(DH, ECP_521_BIT),
97 PLUGIN_PROVIDE(DH, ECP_256_BP),
98 PLUGIN_PROVIDE(DH, ECP_384_BP),
99 PLUGIN_PROVIDE(DH, ECP_512_BP),
100 #endif
101 #ifdef BOTAN_HAS_X25519
102 PLUGIN_REGISTER(DH, botan_x25519_create),
103 PLUGIN_PROVIDE(DH, CURVE_25519),
104 #endif
105
106 /* crypters */
107 #if defined(BOTAN_HAS_AES) && defined(BOTAN_HAS_MODE_CBC)
108 PLUGIN_REGISTER(CRYPTER, botan_crypter_create),
109 #ifdef BOTAN_HAS_AES
110 #ifdef BOTAN_HAS_MODE_CBC
111 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
112 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
113 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
114 #endif
115 #endif
116 #endif
117
118 /* AEAD */
119 #if (defined(BOTAN_HAS_AES) && \
120 (defined(BOTAN_HAS_AEAD_GCM) || defined(BOTAN_HAS_AEAD_CCM))) || \
121 defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305)
122 PLUGIN_REGISTER(AEAD, botan_aead_create),
123 #ifdef BOTAN_HAS_AES
124 #ifdef BOTAN_HAS_AEAD_GCM
125 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
126 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
127 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
128 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
129 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
130 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
131 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
132 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
133 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
134 #endif
135 #ifdef BOTAN_HAS_AEAD_CCM
136 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16),
137 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24),
138 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32),
139 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16),
140 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24),
141 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32),
142 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16),
143 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24),
144 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32),
145 #endif
146 #endif
147 #ifdef BOTAN_HAS_AEAD_CHACHA20_POLY1305
148 PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
149 #endif
150 #endif
151
152 /* hashers */
153 PLUGIN_REGISTER(HASHER, botan_hasher_create),
154 #ifdef BOTAN_HAS_MD5
155 PLUGIN_PROVIDE(HASHER, HASH_MD5),
156 #endif
157 #ifdef BOTAN_HAS_SHA1
158 PLUGIN_PROVIDE(HASHER, HASH_SHA1),
159 #endif
160 #ifdef BOTAN_HAS_SHA2_32
161 PLUGIN_PROVIDE(HASHER, HASH_SHA224),
162 PLUGIN_PROVIDE(HASHER, HASH_SHA256),
163 #endif
164 #ifdef BOTAN_HAS_SHA2_64
165 PLUGIN_PROVIDE(HASHER, HASH_SHA384),
166 PLUGIN_PROVIDE(HASHER, HASH_SHA512),
167 #endif
168 #ifdef BOTAN_HAS_SHA3
169 PLUGIN_PROVIDE(HASHER, HASH_SHA3_224),
170 PLUGIN_PROVIDE(HASHER, HASH_SHA3_256),
171 PLUGIN_PROVIDE(HASHER, HASH_SHA3_384),
172 PLUGIN_PROVIDE(HASHER, HASH_SHA3_512),
173 #endif
174
175 /* prfs */
176 #ifdef BOTAN_HAS_HMAC
177 PLUGIN_REGISTER(PRF, botan_hmac_prf_create),
178 #ifdef BOTAN_HAS_SHA1
179 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
180 #endif
181 #ifdef BOTAN_HAS_SHA2_32
182 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
183 #endif
184 #ifdef BOTAN_HAS_SHA2_64
185 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
186 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
187 #endif
188 /* signer */
189 PLUGIN_REGISTER(SIGNER, botan_hmac_signer_create),
190 #ifdef BOTAN_HAS_SHA1
191 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
192 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
193 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
194 #endif
195 #ifdef BOTAN_HAS_SHA2_32
196 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
197 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
198 #endif
199 #ifdef BOTAN_HAS_SHA2_64
200 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
201 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
202 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
203 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
204 #endif
205 #endif /* BOTAN_HAS_HMAC */
206
207 /* generic key loaders */
208 #if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA) || \
209 defined(BOTAN_HAS_ED25519)
210 PLUGIN_REGISTER(PUBKEY, botan_public_key_load, TRUE),
211 PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
212 #ifdef BOTAN_HAS_RSA
213 PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
214 #endif
215 #ifdef BOTAN_HAS_ECDSA
216 PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
217 #endif
218 #ifdef BOTAN_HAS_ED25519
219 PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
220 #endif
221 PLUGIN_REGISTER(PRIVKEY, botan_private_key_load, TRUE),
222 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
223 #ifdef BOTAN_HAS_RSA
224 PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
225 #endif
226 #ifdef BOTAN_HAS_ECDSA
227 PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
228 #endif
229 #ifdef BOTAN_HAS_ED25519
230 PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
231 #endif
232 #endif
233 /* RSA */
234 #ifdef BOTAN_HAS_RSA
235 /* public/private key loading/generation */
236 PLUGIN_REGISTER(PUBKEY, botan_rsa_public_key_load, TRUE),
237 PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
238 PLUGIN_REGISTER(PRIVKEY, botan_rsa_private_key_load, TRUE),
239 PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
240 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
241 PLUGIN_REGISTER(PRIVKEY_GEN, botan_rsa_private_key_gen, FALSE),
242 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
243 /* encryption/signature schemes */
244 #ifdef BOTAN_HAS_EMSA_PKCS1
245 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
246 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
247 #ifdef BOTAN_HAS_SHA1
248 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
249 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
250 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
251 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
252 #endif
253 #ifdef BOTAN_HAS_SHA2_32
254 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
255 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
256 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
257 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
258 #endif
259 #ifdef BOTAN_HAS_SHA2_64
260 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
261 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
262 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
263 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
264 #endif
265 #ifdef BOTAN_HAS_SHA3
266 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
267 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
268 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
269 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
270 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
271 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
272 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
273 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
274 #endif
275 #endif
276 #ifdef BOTAN_HAS_EMSA_PSSR
277 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
278 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
279 #endif
280 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
281 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
282 #ifdef BOTAN_HAS_EME_OAEP
283 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1),
284 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1),
285 #ifdef BOTAN_HAS_SHA2_32
286 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224),
287 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224),
288 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256),
289 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256),
290 #endif
291 #ifdef BOTAN_HAS_SHA2_64
292 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384),
293 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384),
294 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512),
295 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
296 #endif
297 #endif
298 #endif /* BOTAN_HAS_RSA */
299
300 #ifdef BOTAN_HAS_ECDSA
301 /* EC private/public key loading */
302 PLUGIN_REGISTER(PRIVKEY, botan_ec_private_key_load, TRUE),
303 PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
304 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
305 PLUGIN_REGISTER(PRIVKEY_GEN, botan_ec_private_key_gen, FALSE),
306 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
307 #ifdef BOTAN_HAS_EMSA_RAW
308 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
309 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
310 #endif
311 #ifdef BOTAN_HAS_EMSA1
312 #ifdef BOTAN_HAS_SHA1
313 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
314 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
315 #endif
316 #ifdef BOTAN_HAS_SHA2_32
317 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
318 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
319 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
320 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
321 #endif
322 #ifndef BOTAN_HAS_SHA2_64
323 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
324 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
325 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
326 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
327 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
328 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
329 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
330 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
331 #endif
332 #endif /* BOTAN_HAS_EMSA1 */
333 #endif /* BOTAN_HAS_ECDSA */
334
335 #ifdef BOTAN_HAS_ED25519
336 /* EdDSA private/public key loading */
337 PLUGIN_REGISTER(PUBKEY, botan_ed_public_key_load, TRUE),
338 PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
339 PLUGIN_REGISTER(PRIVKEY, botan_ed_private_key_load, TRUE),
340 PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
341 PLUGIN_REGISTER(PRIVKEY_GEN, botan_ed_private_key_gen, FALSE),
342 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
343 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
344 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
345 /* register a pro forma identity hasher, never instantiated */
346 PLUGIN_REGISTER(HASHER, return_null),
347 PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
348 #endif
349
350 /* random numbers */
351 #if BOTAN_HAS_SYSTEM_RNG
352 #if BOTAN_HAS_HMAC_DRBG
353 PLUGIN_REGISTER(RNG, botan_rng_create),
354 PLUGIN_PROVIDE(RNG, RNG_WEAK),
355 PLUGIN_PROVIDE(RNG, RNG_STRONG),
356 PLUGIN_PROVIDE(RNG, RNG_TRUE)
357 #endif
358 #endif
359 };
360 *features = f;
361 return countof(f);
362 }
363
364 METHOD(plugin_t, destroy, void,
365 private_botan_plugin_t *this)
366 {
367 free(this);
368 }
369
370 /*
371 * Described in header
372 */
373 plugin_t *botan_plugin_create()
374 {
375 private_botan_plugin_t *this;
376
377 INIT(this,
378 .public = {
379 .plugin = {
380 .get_name = _get_name,
381 .get_features = _get_features,
382 .destroy = _destroy,
383 },
384 },
385 );
386
387 return &this->public.plugin;
388 }
Michael's strongswan development tree