wolfssl: Support AES_ECB

diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c b/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c
index a39c25b955b0796905234c08df99663193575966..0ad7c739f7303cd346aa228e084fb7631c979ccb 100644 (file)
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
+ * Copyright (C) 2021 Andreas Steffen, strongSec GmbH
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -47,7 +48,7 @@ struct private_wolfssl_crypter_t {
         * wolfSSL cipher
         */
        union {
-#if !defined(NO_AES) && (!defined(NO_AES_CBC) || defined(WOLFSSL_AES_COUNTER))
+#if !defined(NO_AES) && (!defined(NO_AES_CBC) || defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_COUNTER))
                Aes aes;
 #endif
 #ifdef HAVE_CAMELLIA
@@ -128,6 +129,18 @@ METHOD(crypter_t, decrypt, bool,
                        success = (ret == 0);
                        break;
 #endif
+#if !defined(NO_AES) && defined(HAVE_AES_ECB)
+               case ENCR_AES_ECB:
+                       ret = wc_AesSetKey(&this->cipher.aes, this->key.ptr, this->key.len,
+                                                          iv.ptr, AES_DECRYPTION);
+                       if (ret == 0)
+                       {
+                               ret = wc_AesEcbDecrypt(&this->cipher.aes, out, data.ptr,
+                                                                          data.len);
+                       }
+                       success = (ret == 0);
+                       break;
+       #endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
                case ENCR_AES_CTR:
                        if (out == data.ptr)
@@ -248,6 +261,18 @@ METHOD(crypter_t, encrypt, bool,
                        success = (ret == 0);
                        break;
 #endif
+#if !defined(NO_AES) && defined(HAVE_AES_ECB)
+               case ENCR_AES_ECB:
+                       ret = wc_AesSetKey(&this->cipher.aes, this->key.ptr, this->key.len,
+                                                          iv.ptr, AES_ENCRYPTION);
+                       if (ret == 0)
+                       {
+                               ret = wc_AesEcbEncrypt(&this->cipher.aes, out, data.ptr,
+                                                                          data.len);
+                       }
+                       success = (ret == 0);
+                       break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
                case ENCR_AES_CTR:
                        if (out == data.ptr)
@@ -365,6 +390,11 @@ METHOD(crypter_t, destroy, void,
                        wc_AesFree(&this->cipher.aes);
                        break;
 #endif
+#if !defined(NO_AES) && defined(HAVE_AES_ECB)
+               case ENCR_AES_ECB:
+                       wc_AesFree(&this->cipher.aes);
+                       break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
                case ENCR_AES_CTR:
                        wc_AesFree(&this->cipher.aes);
@@ -418,6 +448,24 @@ wolfssl_crypter_t *wolfssl_crypter_create(encryption_algorithm_t algo,
                        }
                        break;
 #endif
+#if !defined(NO_AES) && defined(HAVE_AES_ECB)
+               case ENCR_AES_ECB:
+                       switch (key_size)
+                       {
+                               case 0:
+                                       key_size = 16;
+                                       /* fall-through */
+                               case 16:
+                               case 24:
+                               case 32:
+                                       block_size = AES_BLOCK_SIZE;
+                                       iv_size = AES_IV_SIZE;
+                                       break;
+                               default:
+                                       return NULL;
+                       }
+                       break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
                case ENCR_AES_CTR:
                        switch (key_size)
@@ -504,6 +552,11 @@ wolfssl_crypter_t *wolfssl_crypter_create(encryption_algorithm_t algo,
                        ret = wc_AesInit(&this->cipher.aes, NULL, INVALID_DEVID);
                        break;
 #endif
+#if !defined(NO_AES) && defined(HAVE_AES_ECB)
+               case ENCR_AES_ECB:
+                       ret = wc_AesInit(&this->cipher.aes, NULL, INVALID_DEVID);
+                       break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
                case ENCR_AES_CTR:
                        ret = wc_AesInit(&this->cipher.aes, NULL, INVALID_DEVID);

diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
index 6602730613021ce5440131a22c3f0bd12d2d70fa..d64be69de54d2ea6a93d83e02737c426ed76cefd 100644 (file)
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
@@ -80,6 +80,11 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
                        PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
 #endif
+#if !defined(NO_AES) && defined(HAVE_AES_ECB)
+                       PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 16),
+                       PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 24),
+                       PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 32),
+#endif
 #ifdef HAVE_CAMELLIA
                        PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
                        PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),