[thirdparty/strongswan.git] / src / libstrongswan / plugins / gcrypt / gcrypt_plugin.c

/*
 * Copyright (C) 2009 Martin Willi
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "gcrypt_plugin.h"

#include "gcrypt_hasher.h"
#include "gcrypt_crypter.h"
#include "gcrypt_rng.h"
#include "gcrypt_dh.h"
#include "gcrypt_rsa_private_key.h"
#include "gcrypt_rsa_public_key.h"

#include <library.h>
#include <utils/debug.h>
#include <threading/mutex.h>

#include <errno.h>
#include <gcrypt.h>

typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t;

/**
 * private data of gcrypt_plugin
 */
struct private_gcrypt_plugin_t {

	/**
	 * public functions
	 */
	gcrypt_plugin_t public;
};

/**
 * gcrypt mutex initialization wrapper
 */
static int mutex_init(void **lock)
{
	*lock = mutex_create(MUTEX_TYPE_DEFAULT);
	return 0;
}

/**
 * gcrypt mutex cleanup wrapper
 */
static int mutex_destroy(void **lock)
{
	mutex_t *mutex = *lock;

	mutex->destroy(mutex);
	return 0;
}

/**
 * gcrypt mutex lock wrapper
 */
static int mutex_lock(void **lock)
{
	mutex_t *mutex = *lock;

	mutex->lock(mutex);
	return 0;
}

/**
 * gcrypt mutex unlock wrapper
 */
static int mutex_unlock(void **lock)
{
	mutex_t *mutex = *lock;

	mutex->unlock(mutex);
	return 0;
}

/**
 * gcrypt locking functions using our mutex_t
 */
static struct gcry_thread_cbs thread_functions = {
	GCRY_THREAD_OPTION_USER, NULL,
	mutex_init, mutex_destroy, mutex_lock, mutex_unlock,
	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};

METHOD(plugin_t, get_name, char*,
	private_gcrypt_plugin_t *this)
{
	return "gcrypt";
}

METHOD(plugin_t, get_features, int,
	private_gcrypt_plugin_t *this, plugin_feature_t *features[])
{
	static plugin_feature_t f[] = {
		/* crypters */
		PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
			/* gcrypt only supports 128 bit blowfish */
			PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 16),
#ifdef HAVE_GCRY_CIPHER_CAMELLIA
			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 16),
			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 24),
			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 32),
			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
#endif
			PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0),
			PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
			PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
			PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
			PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 16),
			PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 24),
			PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 32),
			PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 16),
			PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 32),
		/* hashers */
		PLUGIN_REGISTER(HASHER, gcrypt_hasher_create),
			PLUGIN_PROVIDE(HASHER, HASH_SHA1),
			PLUGIN_PROVIDE(HASHER, HASH_MD4),
			PLUGIN_PROVIDE(HASHER, HASH_MD5),
			PLUGIN_PROVIDE(HASHER, HASH_SHA224),
			PLUGIN_PROVIDE(HASHER, HASH_SHA256),
			PLUGIN_PROVIDE(HASHER, HASH_SHA384),
			PLUGIN_PROVIDE(HASHER, HASH_SHA512),
		/* MODP DH groups */
		PLUGIN_REGISTER(DH, gcrypt_dh_create),
			PLUGIN_PROVIDE(DH, MODP_2048_BIT),
			PLUGIN_PROVIDE(DH, MODP_2048_224),
			PLUGIN_PROVIDE(DH, MODP_2048_256),
			PLUGIN_PROVIDE(DH, MODP_1536_BIT),
			PLUGIN_PROVIDE(DH, MODP_3072_BIT),
			PLUGIN_PROVIDE(DH, MODP_4096_BIT),
			PLUGIN_PROVIDE(DH, MODP_6144_BIT),
			PLUGIN_PROVIDE(DH, MODP_8192_BIT),
			PLUGIN_PROVIDE(DH, MODP_1024_BIT),
			PLUGIN_PROVIDE(DH, MODP_1024_160),
			PLUGIN_PROVIDE(DH, MODP_768_BIT),
		PLUGIN_REGISTER(DH, gcrypt_dh_create_custom),
			PLUGIN_PROVIDE(DH, MODP_CUSTOM),
		/* RSA private/public key loading */
		PLUGIN_REGISTER(PUBKEY, gcrypt_rsa_public_key_load, TRUE),
			PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
		PLUGIN_REGISTER(PRIVKEY, gcrypt_rsa_private_key_load, TRUE),
			PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
		PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE),
			PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
		/* random numbers */
		PLUGIN_REGISTER(RNG, gcrypt_rng_create),
			PLUGIN_PROVIDE(RNG, RNG_WEAK),
			PLUGIN_PROVIDE(RNG, RNG_STRONG),
			PLUGIN_PROVIDE(RNG, RNG_TRUE),
	};
	*features = f;
	return countof(f);
}

METHOD(plugin_t, destroy, void,
	private_gcrypt_plugin_t *this)
{
	free(this);
}

/*
 * see header file
 */
plugin_t *gcrypt_plugin_create()
{
	private_gcrypt_plugin_t *this;

	gcry_control(GCRYCTL_SET_THREAD_CBS, &thread_functions);

	if (!gcry_check_version(GCRYPT_VERSION))
	{
		DBG1(DBG_LIB, "libgcrypt version mismatch");
		return NULL;
	}

	/* we currently do not use secure memory */
	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
	if (lib->settings->get_bool(lib->settings,
							"libstrongswan.plugins.gcrypt.quick_random", FALSE))
	{
		gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
	}
	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);

	INIT(this,
		.public = {
			.plugin = {
				.get_name = _get_name,
				.get_features = _get_features,
				.destroy = _destroy,
			},
		},
	);

	return &this->public.plugin;
}
Commit	Line	Data
4977018c MW	1	/*
	2	* Copyright (C) 2009 Martin Willi
	3	* Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
	14	*/
	15
	16	#include "gcrypt_plugin.h"
	17
f908ff9f	18	#include "gcrypt_hasher.h"
80862c46	19	#include "gcrypt_crypter.h"
a41d0932	20	#include "gcrypt_rng.h"
1111088a	21	#include "gcrypt_dh.h"
ff8d3ba3	22	#include "gcrypt_rsa_private_key.h"
3240cab9	23	#include "gcrypt_rsa_public_key.h"
f908ff9f	24
4977018c	25	#include <library.h>
f05b4272	26	#include <utils/debug.h>
eba64cef	27	#include <threading/mutex.h>
513a1a28 MW	28
	29	#include <errno.h>
	30	#include <gcrypt.h>
4977018c MW	31
	32	typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t;
	33
	34	/**
	35	* private data of gcrypt_plugin
	36	*/
	37	struct private_gcrypt_plugin_t {
	38
	39	/**
	40	* public functions
	41	*/
	42	gcrypt_plugin_t public;
	43	};
	44
513a1a28	45	/**
8e97e327	46	* gcrypt mutex initialization wrapper
513a1a28	47	*/
8e97e327 MW	48	static int mutex_init(void **lock)
8e97e327 MW	49	{
3901937d	50	*lock = mutex_create(MUTEX_TYPE_DEFAULT);
8e97e327 MW	51	return 0;
	52	}
	53
	54	/**
	55	* gcrypt mutex cleanup wrapper
	56	*/
	57	static int mutex_destroy(void **lock)
	58	{
	59	mutex_t mutex = lock;
7daf5226	60
8e97e327 MW	61	mutex->destroy(mutex);
	62	return 0;
	63	}
	64
	65	/**
	66	* gcrypt mutex lock wrapper
	67	*/
	68	static int mutex_lock(void **lock)
	69	{
	70	mutex_t mutex = lock;
7daf5226	71
8e97e327 MW	72	mutex->lock(mutex);
	73	return 0;
	74	}
	75
	76	/**
	77	* gcrypt mutex unlock wrapper
	78	*/
	79	static int mutex_unlock(void **lock)
	80	{
	81	mutex_t mutex = lock;
7daf5226	82
8e97e327 MW	83	mutex->unlock(mutex);
	84	return 0;
	85	}
	86
	87	/**
	88	* gcrypt locking functions using our mutex_t
	89	*/
	90	static struct gcry_thread_cbs thread_functions = {
	91	GCRY_THREAD_OPTION_USER, NULL,
	92	mutex_init, mutex_destroy, mutex_lock, mutex_unlock,
	93	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
	94	};
513a1a28	95
787b5884 MW	96	METHOD(plugin_t, get_name, char*,
	97	private_gcrypt_plugin_t *this)
	98	{
	99	return "gcrypt";
	100	}
	101
7bc24c59 TB	102	METHOD(plugin_t, get_features, int,
	103	private_gcrypt_plugin_t this, plugin_feature_t features[])
	104	{
	105	static plugin_feature_t f[] = {
	106	/* crypters */
	107	PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
	108	PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
	109	PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
	110	PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
	111	PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
	112	PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
	113	PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
	114	/* gcrypt only supports 128 bit blowfish */
	115	PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 16),
	116	#ifdef HAVE_GCRY_CIPHER_CAMELLIA
	117	PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 16),
	118	PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 24),
	119	PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 32),
	120	PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
	121	PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
	122	PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
	123	#endif
	124	PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0),
	125	PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
	126	PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
	127	PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
	128	PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 16),
	129	PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 24),
	130	PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 32),
	131	PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 16),
	132	PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 32),
	133	/* hashers */
	134	PLUGIN_REGISTER(HASHER, gcrypt_hasher_create),
8122ae8c	135	PLUGIN_PROVIDE(HASHER, HASH_SHA1),
7bc24c59 TB	136	PLUGIN_PROVIDE(HASHER, HASH_MD4),
7bc24c59 TB	137	PLUGIN_PROVIDE(HASHER, HASH_MD5),
7bc24c59 TB	138	PLUGIN_PROVIDE(HASHER, HASH_SHA224),
	139	PLUGIN_PROVIDE(HASHER, HASH_SHA256),
	140	PLUGIN_PROVIDE(HASHER, HASH_SHA384),
	141	PLUGIN_PROVIDE(HASHER, HASH_SHA512),
	142	/* MODP DH groups */
	143	PLUGIN_REGISTER(DH, gcrypt_dh_create),
	144	PLUGIN_PROVIDE(DH, MODP_2048_BIT),
	145	PLUGIN_PROVIDE(DH, MODP_2048_224),
	146	PLUGIN_PROVIDE(DH, MODP_2048_256),
	147	PLUGIN_PROVIDE(DH, MODP_1536_BIT),
	148	PLUGIN_PROVIDE(DH, MODP_3072_BIT),
	149	PLUGIN_PROVIDE(DH, MODP_4096_BIT),
	150	PLUGIN_PROVIDE(DH, MODP_6144_BIT),
	151	PLUGIN_PROVIDE(DH, MODP_8192_BIT),
	152	PLUGIN_PROVIDE(DH, MODP_1024_BIT),
	153	PLUGIN_PROVIDE(DH, MODP_1024_160),
	154	PLUGIN_PROVIDE(DH, MODP_768_BIT),
	155	PLUGIN_REGISTER(DH, gcrypt_dh_create_custom),
	156	PLUGIN_PROVIDE(DH, MODP_CUSTOM),
	157	/* RSA private/public key loading */
	158	PLUGIN_REGISTER(PUBKEY, gcrypt_rsa_public_key_load, TRUE),
	159	PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
	160	PLUGIN_REGISTER(PRIVKEY, gcrypt_rsa_private_key_load, TRUE),
	161	PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
	162	PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE),
	163	PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
	164	/* random numbers */
	165	PLUGIN_REGISTER(RNG, gcrypt_rng_create),
	166	PLUGIN_PROVIDE(RNG, RNG_WEAK),
	167	PLUGIN_PROVIDE(RNG, RNG_STRONG),
	168	PLUGIN_PROVIDE(RNG, RNG_TRUE),
	169	};
	170	*features = f;
	171	return countof(f);
	172	}
	173
646babd3 MW	174	METHOD(plugin_t, destroy, void,
646babd3 MW	175	private_gcrypt_plugin_t *this)
4977018c MW	176	{
	177	free(this);
	178	}
	179
	180	/*
	181	* see header file
	182	*/
9ce567f8	183	plugin_t *gcrypt_plugin_create()
4977018c	184	{
513a1a28	185	private_gcrypt_plugin_t *this;
7daf5226	186
8e97e327	187	gcry_control(GCRYCTL_SET_THREAD_CBS, &thread_functions);
7daf5226	188
513a1a28 MW	189	if (!gcry_check_version(GCRYPT_VERSION))
513a1a28 MW	190	{
8b0e0910	191	DBG1(DBG_LIB, "libgcrypt version mismatch");
513a1a28 MW	192	return NULL;
513a1a28 MW	193	}
7daf5226	194
513a1a28 MW	195	/* we currently do not use secure memory */
513a1a28 MW	196	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
810ce1f3 MW	197	if (lib->settings->get_bool(lib->settings,
	198	"libstrongswan.plugins.gcrypt.quick_random", FALSE))
	199	{
	200	gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
	201	}
513a1a28	202	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
7daf5226	203
646babd3	204	INIT(this,
ba31fe1f MW	205	.public = {
ba31fe1f MW	206	.plugin = {
787b5884	207	.get_name = _get_name,
7bc24c59	208	.get_features = _get_features,
ba31fe1f MW	209	.destroy = _destroy,
	210	},
	211	},
646babd3	212	);
7daf5226	213
4977018c MW	214	return &this->public.plugin;
	215	}
	216