]> git.ipfire.org Git - thirdparty/strongswan.git/blame - src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
projects / thirdparty / strongswan.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
wolfssl: Avoid conflict with RNG when built without EdDSA or FIPS enabled
[thirdparty/strongswan.git] / src / libstrongswan / plugins / wolfssl / wolfssl_plugin.c
CommitLineData
c92eade8
SP		 1/*
2 * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
a91eb3eb 3 * Copyright (C) 2021 Andreas Steffen, strongSec GmbH
c92eade8
SP		 4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a copy
6 * of this software and associated documentation files (the "Software"), to deal
7 * in the Software without restriction, including without limitation the rights
8 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 * THE SOFTWARE.
22 */
23
af71f14b
TW		 24#include "wolfssl_common.h"
25
c92eade8
SP		 26#include <library.h>
27#include <utils/debug.h>
28
c92eade8
SP		 29#include "wolfssl_plugin.h"
30#include "wolfssl_aead.h"
31#include "wolfssl_crypter.h"
32#include "wolfssl_diffie_hellman.h"
33#include "wolfssl_ec_diffie_hellman.h"
34#include "wolfssl_ec_private_key.h"
35#include "wolfssl_ec_public_key.h"
36#include "wolfssl_ed_private_key.h"
37#include "wolfssl_ed_public_key.h"
38#include "wolfssl_hasher.h"
39#include "wolfssl_hmac.h"
96c76926 40#include "wolfssl_kdf.h"
c92eade8
SP		 41#include "wolfssl_rsa_private_key.h"
42#include "wolfssl_rsa_public_key.h"
43#include "wolfssl_rng.h"
44#include "wolfssl_sha1_prf.h"
45#include "wolfssl_x_diffie_hellman.h"
f412c976 46#include "wolfssl_xof.h"
c92eade8 47
af71f14b
TW		 48#include <wolfssl/ssl.h>
49
e5bc3a50
PP		 50#undef RNG
51
c92eade8
SP		 52#ifndef FIPS_MODE
53#define FIPS_MODE 0
54#endif
55
c92eade8
SP		 56typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t;
57
58/**
d3329ee5 59 * Private data of wolfssl_plugin
c92eade8
SP		 60 */
61struct private_wolfssl_plugin_t {
62
63 /**
d3329ee5 64 * Public interface
c92eade8
SP		 65 */
66 wolfssl_plugin_t public;
67};
68
c92eade8
SP		 69METHOD(plugin_t, get_name, char*,
70 private_wolfssl_plugin_t *this)
71{
72 return "wolfssl";
73}
74
75METHOD(plugin_t, get_features, int,
76 private_wolfssl_plugin_t *this, plugin_feature_t *features[])
77{
78 static plugin_feature_t f[] = {
79 /* crypters */
80 PLUGIN_REGISTER(CRYPTER, wolfssl_crypter_create),
81#if !defined(NO_AES) && !defined(NO_AES_CTR)
82 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
83 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
84 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
85#endif
86#if !defined(NO_AES) && !defined(NO_AES_CBC)
87 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
88 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
89 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
90#endif
b57215ba
AS		 91#if !defined(NO_AES) && defined(HAVE_AES_ECB)
92 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 16),
93 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 24),
94 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 32),
95#endif
54d7e39d
AS		 96#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB)
97 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 16),
98 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 24),
99 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 32),
100#endif
c92eade8
SP		 101#ifdef HAVE_CAMELLIA
102 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
103 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
104 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
105#endif
106#ifndef NO_DES3
107 PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
108 PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
109 #ifdef WOLFSSL_DES_ECB
110 PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
111 #endif
112#endif
113 PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
114 /* hashers */
115 PLUGIN_REGISTER(HASHER, wolfssl_hasher_create),
116#ifndef NO_MD5
117 PLUGIN_PROVIDE(HASHER, HASH_MD5),
118#endif
119#ifndef NO_SHA
120 PLUGIN_PROVIDE(HASHER, HASH_SHA1),
121#endif
122#ifdef WOLFSSL_SHA224
123 PLUGIN_PROVIDE(HASHER, HASH_SHA224),
124#endif
125#ifndef NO_SHA256
126 PLUGIN_PROVIDE(HASHER, HASH_SHA256),
127#endif
128#ifdef WOLFSSL_SHA384
129 PLUGIN_PROVIDE(HASHER, HASH_SHA384),
130#endif
131#ifdef WOLFSSL_SHA512
132 PLUGIN_PROVIDE(HASHER, HASH_SHA512),
133#endif
a91eb3eb
AS		 134#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
135 PLUGIN_PROVIDE(HASHER, HASH_SHA3_224),
136#endif
137#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
138 PLUGIN_PROVIDE(HASHER, HASH_SHA3_256),
139#endif
140#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
141 PLUGIN_PROVIDE(HASHER, HASH_SHA3_384),
142#endif
143#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
144 PLUGIN_PROVIDE(HASHER, HASH_SHA3_512),
145#endif
f412c976
AS		 146#if defined(WOLFSSL_SHAKE256) && LIBWOLFSSL_VERSION_HEX >= 0x04007001
147 PLUGIN_REGISTER(XOF, wolfssl_xof_create),
148 PLUGIN_PROVIDE(XOF, XOF_SHAKE_256),
149#endif
c92eade8
SP		 150#ifndef NO_SHA
151 /* keyed sha1 hasher (aka prf) */
152 PLUGIN_REGISTER(PRF, wolfssl_sha1_prf_create),
153 PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
154#endif
155#ifndef NO_HMAC
156 PLUGIN_REGISTER(PRF, wolfssl_hmac_prf_create),
157#ifndef NO_MD5
158 PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5),
159#endif
160#ifndef NO_SHA
161 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
162#endif
163#ifndef NO_SHA256
164 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
165#endif
166#ifdef WOLFSSL_SHA384
167 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
168#endif
169#ifdef WOLFSSL_SHA512
170 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
171#endif
172 PLUGIN_REGISTER(SIGNER, wolfssl_hmac_signer_create),
173#ifndef NO_MD5
174 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96),
175 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128),
176#endif
177#ifndef NO_SHA
178 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
179 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
180 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
181#endif
182#ifndef NO_SHA256
183 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
184 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
185#endif
186#ifdef WOLFSSL_SHA384
187 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
188 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
189#endif
190#ifdef WOLFSSL_SHA512
191 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
192 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
193#endif
96c76926
TB		 194#ifdef HAVE_HKDF
195 PLUGIN_REGISTER(KDF, wolfssl_kdf_create),
56afc6e2 196 PLUGIN_PROVIDE(KDF, KDF_PRF),
96c76926
TB		 197 PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS),
198#endif
c92eade8
SP		 199#endif /* NO_HMAC */
200#if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \
201 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
202 PLUGIN_REGISTER(AEAD, wolfssl_aead_create),
203#if !defined(NO_AES) && defined(HAVE_AESGCM)
204 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
205 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
206 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
207 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12
208 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
209 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
210 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
211 #endif
212 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8
213 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
214 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
215 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
216 #endif
217#endif /* !NO_AES && HAVE_AESGCM */
218#if !defined(NO_AES) && defined(HAVE_AESCCM)
219 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16),
220 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24),
221 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32),
222 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16),
223 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24),
224 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32),
225 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16),
226 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24),
227 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32),
228#endif /* !NO_AES && HAVE_AESCCM */
229#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
230 PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
231#endif /* HAVE_CHACHA && HAVE_POLY1305 */
232#endif
233#ifdef HAVE_ECC_DHE
234 /* EC DH groups */
3af7c6db 235 PLUGIN_REGISTER(KE, wolfssl_ec_diffie_hellman_create),
ea7945a4
TB		 236 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
237 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256)
3af7c6db 238 PLUGIN_PROVIDE(KE, ECP_256_BIT),
c92eade8 239 #endif
ea7945a4
TB		 240 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
241 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384)
3af7c6db 242 PLUGIN_PROVIDE(KE, ECP_384_BIT),
c92eade8 243 #endif
ea7945a4
TB		 244 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
245 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 521)
3af7c6db 246 PLUGIN_PROVIDE(KE, ECP_521_BIT),
c92eade8 247 #endif
ea7945a4
TB		 248 #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
249 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224)
3af7c6db 250 PLUGIN_PROVIDE(KE, ECP_224_BIT),
c92eade8 251 #endif
ea7945a4
TB		 252 #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
253 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 192)
3af7c6db 254 PLUGIN_PROVIDE(KE, ECP_192_BIT),
c92eade8 255 #endif
6e2e359f 256 #ifdef HAVE_ECC_BRAINPOOL
ea7945a4
TB		 257 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
258 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256)
3af7c6db 259 PLUGIN_PROVIDE(KE, ECP_256_BP),
c92eade8 260 #endif
ea7945a4
TB		 261 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
262 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384)
3af7c6db 263 PLUGIN_PROVIDE(KE, ECP_384_BP),
c92eade8 264 #endif
ea7945a4
TB		 265 #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && \
266 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 512)
3af7c6db 267 PLUGIN_PROVIDE(KE, ECP_512_BP),
c92eade8 268 #endif
ea7945a4
TB		 269 #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
270 (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224)
3af7c6db 271 PLUGIN_PROVIDE(KE, ECP_224_BP),
c92eade8
SP		 272 #endif
273 #endif
274#endif /* HAVE_ECC_DHE */
275#ifndef NO_DH
276 /* MODP DH groups */
3af7c6db 277 PLUGIN_REGISTER(KE, wolfssl_diffie_hellman_create),
eae30af0
TB		 278 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (3072 * 2)) || \
279 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 3072) || \
280 defined(USE_INTEGER_HEAP_MATH)
3af7c6db 281 PLUGIN_PROVIDE(KE, MODP_3072_BIT),
c92eade8 282 #endif
eae30af0
TB		 283 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (4096 * 2)) || \
284 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 4096) || \
285 defined(USE_INTEGER_HEAP_MATH)
3af7c6db 286 PLUGIN_PROVIDE(KE, MODP_4096_BIT),
c92eade8 287 #endif
eae30af0
TB		 288 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (6144 * 2)) || \
289 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 6144) || \
290 defined(USE_INTEGER_HEAP_MATH)
3af7c6db 291 PLUGIN_PROVIDE(KE, MODP_6144_BIT),
c92eade8 292 #endif
eae30af0
TB		 293 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (8192 * 2)) || \
294 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 8192) || \
295 defined(USE_INTEGER_HEAP_MATH)
3af7c6db 296 PLUGIN_PROVIDE(KE, MODP_8192_BIT),
c92eade8 297 #endif
eae30af0
TB		 298 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (2048 * 2)) || \
299 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 2048) || \
300 defined(USE_INTEGER_HEAP_MATH)
3af7c6db
TB		 301 PLUGIN_PROVIDE(KE, MODP_2048_BIT),
302 PLUGIN_PROVIDE(KE, MODP_2048_224),
303 PLUGIN_PROVIDE(KE, MODP_2048_256),
c92eade8 304 #endif
eae30af0
TB		 305 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (1536 * 2)) || \
306 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 1536) || \
307 defined(USE_INTEGER_HEAP_MATH)
3af7c6db 308 PLUGIN_PROVIDE(KE, MODP_1536_BIT),
c92eade8 309 #endif
eae30af0
TB		 310 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (1024 * 2)) || \
311 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 1024) || \
312 defined(USE_INTEGER_HEAP_MATH)
3af7c6db
TB		 313 PLUGIN_PROVIDE(KE, MODP_1024_BIT),
314 PLUGIN_PROVIDE(KE, MODP_1024_160),
c92eade8 315 #endif
eae30af0
TB		 316 #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (768 * 2)) || \
317 (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 768) || \
318 defined(USE_INTEGER_HEAP_MATH)
3af7c6db 319 PLUGIN_PROVIDE(KE, MODP_768_BIT),
c92eade8 320 #endif
3af7c6db 321 PLUGIN_PROVIDE(KE, MODP_CUSTOM),
c92eade8
SP		 322#endif /* NO_DH */
323#ifndef NO_RSA
324 /* RSA private/public key loading */
325 PLUGIN_REGISTER(PRIVKEY, wolfssl_rsa_private_key_load, TRUE),
326 PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
327 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
328 PLUGIN_REGISTER(PUBKEY, wolfssl_rsa_public_key_load, TRUE),
329 PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
330 #ifdef WOLFSSL_KEY_GEN
331 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_rsa_private_key_gen, FALSE),
332 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
333 #endif
334 /* signature/encryption schemes */
335 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
336 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
8bbd7bbd 337 #ifdef WC_RSA_PSS
c92eade8
SP		 338 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
339 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
8bbd7bbd
AS		 340 #endif
341 #ifndef NO_SHA
c92eade8
SP		 342 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
343 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
8bbd7bbd
AS		 344 #endif
345 #ifdef WOLFSSL_SHA224
c92eade8
SP		 346 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
347 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
8bbd7bbd
AS		 348 #endif
349 #ifndef NO_SHA256
c92eade8
SP		 350 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
351 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
8bbd7bbd
AS		 352 #endif
353 #ifdef WOLFSSL_SHA384
c92eade8
SP		 354 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
355 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
8bbd7bbd
AS		 356 #endif
357 #ifdef WOLFSSL_SHA512
c92eade8
SP		 358 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
359 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
8bbd7bbd
AS		 360 #endif
361 #if defined(WOLFSSL_SHA3) && LIBWOLFSSL_VERSION_HEX >= 0x04007001
362 #ifndef WOLFSSL_NOSHA3_224
363 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
364 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
365 #endif
366 #ifndef WOLFSSL_NOSHA3_256
367 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
368 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
369 #endif
370 #ifndef WOLFSSL_NOSHA3_384
371 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
372 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
373 #endif
374 #ifndef WOLFSSL_NOSHA3_512
375 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
376 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
377 #endif
378 #endif /* WOLFSSL_SHA3 */
c92eade8
SP		 379 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
380 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
8bbd7bbd
AS		 381 #ifndef NO_MD5
382 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
383 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
384 #endif
385 #ifndef WC_NO_RSA_OAEP
c92eade8
SP		 386 #ifndef NO_SHA
387 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1),
388 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1),
389 #endif
390 #ifdef WOLFSSL_SHA224
391 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224),
392 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224),
393 #endif
394 #ifndef NO_SHA256
395 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256),
396 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256),
397 #endif
398 #ifdef WOLFSSL_SHA384
399 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384),
400 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384),
401 #endif
402 #ifdef WOLFSSL_SHA512
403 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
404 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512),
405 #endif
8bbd7bbd 406 #endif /* !WC_NO_RSA_OAEP */
c92eade8
SP		 407#endif /* !NO_RSA */
408#ifdef HAVE_ECC
409 #ifdef HAVE_ECC_KEY_IMPORT
410 /* EC private/public key loading */
411 PLUGIN_REGISTER(PRIVKEY, wolfssl_ec_private_key_load, TRUE),
412 PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
413 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
414 #endif
415 #ifdef HAVE_ECC_DHE
416 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ec_private_key_gen, FALSE),
417 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
418 #endif
419 #ifdef HAVE_ECC_KEY_IMPORT
420 PLUGIN_REGISTER(PUBKEY, wolfssl_ec_public_key_load, TRUE),
421 PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
422 #endif
423 #ifdef HAVE_ECC_SIGN
424 /* signature encryption schemes */
425 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
426 #ifndef NO_SHA
427 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
428 #endif
429 #ifndef NO_SHA256
430 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
431 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
432 #endif
433 #ifdef WOLFSSL_SHA384
434 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
435 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
436 #endif
437 #ifdef WOLFSSL_SHA512
438 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
439 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
440 #endif
441 #endif /* HAVE_ECC_SIGN */
442 #ifdef HAVE_ECC_VERIFY
443 /* signature encryption schemes */
444 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
445 #ifndef NO_SHA
446 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
447 #endif
448 #ifndef NO_SHA256
449 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
450 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
451 #endif
452 #ifdef WOLFSSL_SHA384
453 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
454 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
455 #endif
456 #ifdef WOLFSSL_SHA512
457 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
458 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
459 #endif
460 #endif /* HAVE_ECC_VERIFY */
461#endif /* HAVE_ECC */
59a987b8 462#if defined (HAVE_CURVE25519) || defined(HAVE_CURVE448)
3af7c6db 463 PLUGIN_REGISTER(KE, wolfssl_x_diffie_hellman_create),
59a987b8 464 #ifdef HAVE_CURVE25519
3af7c6db 465 PLUGIN_PROVIDE(KE, CURVE_25519),
59a987b8
TB		 466 #endif
467 #ifdef HAVE_CURVE448
3af7c6db 468 PLUGIN_PROVIDE(KE, CURVE_448),
59a987b8
TB		 469 #endif
470#endif /* HAVE_CURVE25519 || HAVE_CURVE448 */
142b5e79 471#if defined(HAVE_ED25519) || defined(HAVE_ED448)
c92eade8
SP		 472 /* EdDSA private/public key loading */
473 PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE),
142b5e79 474 #ifdef HAVE_ED25519
c92eade8 475 PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
142b5e79
TB		 476 #endif
477 #ifdef HAVE_ED448
478 PLUGIN_PROVIDE(PUBKEY, KEY_ED448),
479 #endif
c92eade8 480 PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE),
142b5e79 481 #ifdef HAVE_ED25519
c92eade8 482 PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
142b5e79
TB		 483 #endif
484 #ifdef HAVE_ED448
485 PLUGIN_PROVIDE(PRIVKEY, KEY_ED448),
486 #endif
c92eade8 487 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE),
142b5e79 488 #ifdef HAVE_ED25519
c92eade8 489 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
142b5e79
TB		 490 #endif
491 #ifdef HAVE_ED448
492 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED448),
493 #endif
c92eade8
SP		 494 #ifdef HAVE_ED25519_SIGN
495 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
496 #endif
497 #ifdef HAVE_ED25519_VERIFY
498 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
142b5e79
TB		 499 #endif
500 #ifdef HAVE_ED448_SIGN
501 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED448),
502 #endif
503 #ifdef HAVE_ED448_VERIFY
504 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED448),
c92eade8
SP		 505 #endif
506 /* register a pro forma identity hasher, never instantiated */
507 PLUGIN_REGISTER(HASHER, return_null),
508 PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
142b5e79 509#endif /* HAVE_ED25519 || HAVE_ED448 */
c92eade8
SP		 510#ifndef WC_NO_RNG
511 /* generic key loader */
512 PLUGIN_REGISTER(RNG, wolfssl_rng_create),
513 PLUGIN_PROVIDE(RNG, RNG_STRONG),
514 PLUGIN_PROVIDE(RNG, RNG_WEAK),
515#endif
516 };
517 *features = f;
518 return countof(f);
519}
520
521METHOD(plugin_t, destroy, void,
522 private_wolfssl_plugin_t *this)
523{
524#ifndef WC_NO_RNG
525 wolfssl_rng_global_final();
526#endif
527 wolfSSL_Cleanup();
528
529 free(this);
530}
531
532/*
d3329ee5 533 * Described in header
c92eade8
SP		 534 */
535plugin_t *wolfssl_plugin_create()
536{
537 private_wolfssl_plugin_t *this;
d3329ee5 538 bool fips_mode;
c92eade8 539
d3329ee5
TB		 540 fips_mode = lib->settings->get_bool(lib->settings,
541 "%s.plugins.wolfssl.fips_mode", FALSE, lib->ns);
c92eade8
SP		 542#ifdef HAVE_FIPS
543 if (fips_mode)
544 {
d3329ee5 545 int ret = wolfCrypt_GetStatus_fips();
c92eade8
SP		 546 if (ret != 0)
547 {
d3329ee5 548 DBG1(DBG_LIB, "wolfssl FIPS mode unavailable (%d)", ret);
c92eade8
SP		 549 return NULL;
550 }
551 }
552#else
553 if (fips_mode)
554 {
d3329ee5 555 DBG1(DBG_LIB, "wolfssl FIPS mode unavailable");
c92eade8
SP		 556 return NULL;
557 }
558#endif
559
560 wolfSSL_Init();
561#ifndef WC_NO_RNG
562 if (!wolfssl_rng_global_init())
563 {
564 return NULL;
565 }
566#endif
567
568 INIT(this,
569 .public = {
570 .plugin = {
571 .get_name = _get_name,
572 .get_features = _get_features,
573 .destroy = _destroy,
574 },
575 },
576 );
577
578 return &this->public.plugin;
579}
Unnamed repository; edit this file 'description' to name the repository.