]>
Commit | Line | Data |
---|---|---|
c92eade8 SP |
1 | /* |
2 | * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc. | |
a91eb3eb | 3 | * Copyright (C) 2021 Andreas Steffen, strongSec GmbH |
c92eade8 SP |
4 | * |
5 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
6 | * of this software and associated documentation files (the "Software"), to deal | |
7 | * in the Software without restriction, including without limitation the rights | |
8 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
9 | * copies of the Software, and to permit persons to whom the Software is | |
10 | * furnished to do so, subject to the following conditions: | |
11 | * | |
12 | * The above copyright notice and this permission notice shall be included in | |
13 | * all copies or substantial portions of the Software. | |
14 | * | |
15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
16 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
20 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
21 | * THE SOFTWARE. | |
22 | */ | |
23 | ||
af71f14b TW |
24 | #include "wolfssl_common.h" |
25 | ||
c92eade8 SP |
26 | #include <library.h> |
27 | #include <utils/debug.h> | |
28 | ||
c92eade8 SP |
29 | #include "wolfssl_plugin.h" |
30 | #include "wolfssl_aead.h" | |
31 | #include "wolfssl_crypter.h" | |
32 | #include "wolfssl_diffie_hellman.h" | |
33 | #include "wolfssl_ec_diffie_hellman.h" | |
34 | #include "wolfssl_ec_private_key.h" | |
35 | #include "wolfssl_ec_public_key.h" | |
36 | #include "wolfssl_ed_private_key.h" | |
37 | #include "wolfssl_ed_public_key.h" | |
38 | #include "wolfssl_hasher.h" | |
39 | #include "wolfssl_hmac.h" | |
96c76926 | 40 | #include "wolfssl_kdf.h" |
c92eade8 SP |
41 | #include "wolfssl_rsa_private_key.h" |
42 | #include "wolfssl_rsa_public_key.h" | |
43 | #include "wolfssl_rng.h" | |
44 | #include "wolfssl_sha1_prf.h" | |
45 | #include "wolfssl_x_diffie_hellman.h" | |
f412c976 | 46 | #include "wolfssl_xof.h" |
c92eade8 | 47 | |
af71f14b TW |
48 | #include <wolfssl/ssl.h> |
49 | ||
e5bc3a50 PP |
50 | #undef RNG |
51 | ||
c92eade8 SP |
52 | #ifndef FIPS_MODE |
53 | #define FIPS_MODE 0 | |
54 | #endif | |
55 | ||
c92eade8 SP |
56 | typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t; |
57 | ||
58 | /** | |
d3329ee5 | 59 | * Private data of wolfssl_plugin |
c92eade8 SP |
60 | */ |
61 | struct private_wolfssl_plugin_t { | |
62 | ||
63 | /** | |
d3329ee5 | 64 | * Public interface |
c92eade8 SP |
65 | */ |
66 | wolfssl_plugin_t public; | |
67 | }; | |
68 | ||
c92eade8 SP |
69 | METHOD(plugin_t, get_name, char*, |
70 | private_wolfssl_plugin_t *this) | |
71 | { | |
72 | return "wolfssl"; | |
73 | } | |
74 | ||
75 | METHOD(plugin_t, get_features, int, | |
76 | private_wolfssl_plugin_t *this, plugin_feature_t *features[]) | |
77 | { | |
78 | static plugin_feature_t f[] = { | |
79 | /* crypters */ | |
80 | PLUGIN_REGISTER(CRYPTER, wolfssl_crypter_create), | |
81 | #if !defined(NO_AES) && !defined(NO_AES_CTR) | |
82 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16), | |
83 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24), | |
84 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32), | |
85 | #endif | |
86 | #if !defined(NO_AES) && !defined(NO_AES_CBC) | |
87 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), | |
88 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), | |
89 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), | |
90 | #endif | |
b57215ba AS |
91 | #if !defined(NO_AES) && defined(HAVE_AES_ECB) |
92 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 16), | |
93 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 24), | |
94 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 32), | |
95 | #endif | |
54d7e39d AS |
96 | #if !defined(NO_AES) && defined(WOLFSSL_AES_CFB) |
97 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 16), | |
98 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 24), | |
99 | PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 32), | |
100 | #endif | |
c92eade8 SP |
101 | #ifdef HAVE_CAMELLIA |
102 | PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16), | |
103 | PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24), | |
104 | PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32), | |
105 | #endif | |
106 | #ifndef NO_DES3 | |
107 | PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24), | |
108 | PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8), | |
109 | #ifdef WOLFSSL_DES_ECB | |
110 | PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8), | |
111 | #endif | |
112 | #endif | |
113 | PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0), | |
114 | /* hashers */ | |
115 | PLUGIN_REGISTER(HASHER, wolfssl_hasher_create), | |
116 | #ifndef NO_MD5 | |
117 | PLUGIN_PROVIDE(HASHER, HASH_MD5), | |
118 | #endif | |
119 | #ifndef NO_SHA | |
120 | PLUGIN_PROVIDE(HASHER, HASH_SHA1), | |
121 | #endif | |
122 | #ifdef WOLFSSL_SHA224 | |
123 | PLUGIN_PROVIDE(HASHER, HASH_SHA224), | |
124 | #endif | |
125 | #ifndef NO_SHA256 | |
126 | PLUGIN_PROVIDE(HASHER, HASH_SHA256), | |
127 | #endif | |
128 | #ifdef WOLFSSL_SHA384 | |
129 | PLUGIN_PROVIDE(HASHER, HASH_SHA384), | |
130 | #endif | |
131 | #ifdef WOLFSSL_SHA512 | |
132 | PLUGIN_PROVIDE(HASHER, HASH_SHA512), | |
133 | #endif | |
a91eb3eb AS |
134 | #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) |
135 | PLUGIN_PROVIDE(HASHER, HASH_SHA3_224), | |
136 | #endif | |
137 | #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) | |
138 | PLUGIN_PROVIDE(HASHER, HASH_SHA3_256), | |
139 | #endif | |
140 | #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) | |
141 | PLUGIN_PROVIDE(HASHER, HASH_SHA3_384), | |
142 | #endif | |
143 | #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) | |
144 | PLUGIN_PROVIDE(HASHER, HASH_SHA3_512), | |
145 | #endif | |
f412c976 AS |
146 | #if defined(WOLFSSL_SHAKE256) && LIBWOLFSSL_VERSION_HEX >= 0x04007001 |
147 | PLUGIN_REGISTER(XOF, wolfssl_xof_create), | |
148 | PLUGIN_PROVIDE(XOF, XOF_SHAKE_256), | |
149 | #endif | |
c92eade8 SP |
150 | #ifndef NO_SHA |
151 | /* keyed sha1 hasher (aka prf) */ | |
152 | PLUGIN_REGISTER(PRF, wolfssl_sha1_prf_create), | |
153 | PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1), | |
154 | #endif | |
155 | #ifndef NO_HMAC | |
156 | PLUGIN_REGISTER(PRF, wolfssl_hmac_prf_create), | |
157 | #ifndef NO_MD5 | |
158 | PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5), | |
159 | #endif | |
160 | #ifndef NO_SHA | |
161 | PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1), | |
162 | #endif | |
163 | #ifndef NO_SHA256 | |
164 | PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256), | |
165 | #endif | |
166 | #ifdef WOLFSSL_SHA384 | |
167 | PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384), | |
168 | #endif | |
169 | #ifdef WOLFSSL_SHA512 | |
170 | PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512), | |
171 | #endif | |
172 | PLUGIN_REGISTER(SIGNER, wolfssl_hmac_signer_create), | |
173 | #ifndef NO_MD5 | |
174 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96), | |
175 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128), | |
176 | #endif | |
177 | #ifndef NO_SHA | |
178 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96), | |
179 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128), | |
180 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160), | |
181 | #endif | |
182 | #ifndef NO_SHA256 | |
183 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128), | |
184 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256), | |
185 | #endif | |
186 | #ifdef WOLFSSL_SHA384 | |
187 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192), | |
188 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384), | |
189 | #endif | |
190 | #ifdef WOLFSSL_SHA512 | |
191 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), | |
192 | PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), | |
193 | #endif | |
96c76926 TB |
194 | #ifdef HAVE_HKDF |
195 | PLUGIN_REGISTER(KDF, wolfssl_kdf_create), | |
56afc6e2 | 196 | PLUGIN_PROVIDE(KDF, KDF_PRF), |
96c76926 TB |
197 | PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), |
198 | #endif | |
c92eade8 SP |
199 | #endif /* NO_HMAC */ |
200 | #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \ | |
201 | (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) | |
202 | PLUGIN_REGISTER(AEAD, wolfssl_aead_create), | |
203 | #if !defined(NO_AES) && defined(HAVE_AESGCM) | |
204 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16), | |
205 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24), | |
206 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32), | |
207 | #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12 | |
208 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16), | |
209 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24), | |
210 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32), | |
211 | #endif | |
212 | #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8 | |
213 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16), | |
214 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24), | |
215 | PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32), | |
216 | #endif | |
217 | #endif /* !NO_AES && HAVE_AESGCM */ | |
218 | #if !defined(NO_AES) && defined(HAVE_AESCCM) | |
219 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16), | |
220 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24), | |
221 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32), | |
222 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16), | |
223 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24), | |
224 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32), | |
225 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16), | |
226 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24), | |
227 | PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32), | |
228 | #endif /* !NO_AES && HAVE_AESCCM */ | |
229 | #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) | |
230 | PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32), | |
231 | #endif /* HAVE_CHACHA && HAVE_POLY1305 */ | |
232 | #endif | |
233 | #ifdef HAVE_ECC_DHE | |
234 | /* EC DH groups */ | |
3af7c6db | 235 | PLUGIN_REGISTER(KE, wolfssl_ec_diffie_hellman_create), |
ea7945a4 TB |
236 | #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ |
237 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256) | |
3af7c6db | 238 | PLUGIN_PROVIDE(KE, ECP_256_BIT), |
c92eade8 | 239 | #endif |
ea7945a4 TB |
240 | #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ |
241 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384) | |
3af7c6db | 242 | PLUGIN_PROVIDE(KE, ECP_384_BIT), |
c92eade8 | 243 | #endif |
ea7945a4 TB |
244 | #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ |
245 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 521) | |
3af7c6db | 246 | PLUGIN_PROVIDE(KE, ECP_521_BIT), |
c92eade8 | 247 | #endif |
ea7945a4 TB |
248 | #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \ |
249 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224) | |
3af7c6db | 250 | PLUGIN_PROVIDE(KE, ECP_224_BIT), |
c92eade8 | 251 | #endif |
ea7945a4 TB |
252 | #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \ |
253 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 192) | |
3af7c6db | 254 | PLUGIN_PROVIDE(KE, ECP_192_BIT), |
c92eade8 | 255 | #endif |
6e2e359f | 256 | #ifdef HAVE_ECC_BRAINPOOL |
ea7945a4 TB |
257 | #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ |
258 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 256) | |
3af7c6db | 259 | PLUGIN_PROVIDE(KE, ECP_256_BP), |
c92eade8 | 260 | #endif |
ea7945a4 TB |
261 | #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ |
262 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 384) | |
3af7c6db | 263 | PLUGIN_PROVIDE(KE, ECP_384_BP), |
c92eade8 | 264 | #endif |
ea7945a4 TB |
265 | #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && \ |
266 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 512) | |
3af7c6db | 267 | PLUGIN_PROVIDE(KE, ECP_512_BP), |
c92eade8 | 268 | #endif |
ea7945a4 TB |
269 | #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \ |
270 | (!defined(ECC_MIN_KEY_SZ) || ECC_MIN_KEY_SZ <= 224) | |
3af7c6db | 271 | PLUGIN_PROVIDE(KE, ECP_224_BP), |
c92eade8 SP |
272 | #endif |
273 | #endif | |
274 | #endif /* HAVE_ECC_DHE */ | |
275 | #ifndef NO_DH | |
276 | /* MODP DH groups */ | |
3af7c6db | 277 | PLUGIN_REGISTER(KE, wolfssl_diffie_hellman_create), |
eae30af0 TB |
278 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (3072 * 2)) || \ |
279 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 3072) || \ | |
280 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db | 281 | PLUGIN_PROVIDE(KE, MODP_3072_BIT), |
c92eade8 | 282 | #endif |
eae30af0 TB |
283 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (4096 * 2)) || \ |
284 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 4096) || \ | |
285 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db | 286 | PLUGIN_PROVIDE(KE, MODP_4096_BIT), |
c92eade8 | 287 | #endif |
eae30af0 TB |
288 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (6144 * 2)) || \ |
289 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 6144) || \ | |
290 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db | 291 | PLUGIN_PROVIDE(KE, MODP_6144_BIT), |
c92eade8 | 292 | #endif |
eae30af0 TB |
293 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (8192 * 2)) || \ |
294 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 8192) || \ | |
295 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db | 296 | PLUGIN_PROVIDE(KE, MODP_8192_BIT), |
c92eade8 | 297 | #endif |
eae30af0 TB |
298 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (2048 * 2)) || \ |
299 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 2048) || \ | |
300 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db TB |
301 | PLUGIN_PROVIDE(KE, MODP_2048_BIT), |
302 | PLUGIN_PROVIDE(KE, MODP_2048_224), | |
303 | PLUGIN_PROVIDE(KE, MODP_2048_256), | |
c92eade8 | 304 | #endif |
eae30af0 TB |
305 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (1536 * 2)) || \ |
306 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 1536) || \ | |
307 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db | 308 | PLUGIN_PROVIDE(KE, MODP_1536_BIT), |
c92eade8 | 309 | #endif |
eae30af0 TB |
310 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (1024 * 2)) || \ |
311 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 1024) || \ | |
312 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db TB |
313 | PLUGIN_PROVIDE(KE, MODP_1024_BIT), |
314 | PLUGIN_PROVIDE(KE, MODP_1024_160), | |
c92eade8 | 315 | #endif |
eae30af0 TB |
316 | #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (768 * 2)) || \ |
317 | (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 768) || \ | |
318 | defined(USE_INTEGER_HEAP_MATH) | |
3af7c6db | 319 | PLUGIN_PROVIDE(KE, MODP_768_BIT), |
c92eade8 | 320 | #endif |
3af7c6db | 321 | PLUGIN_PROVIDE(KE, MODP_CUSTOM), |
c92eade8 SP |
322 | #endif /* NO_DH */ |
323 | #ifndef NO_RSA | |
324 | /* RSA private/public key loading */ | |
325 | PLUGIN_REGISTER(PRIVKEY, wolfssl_rsa_private_key_load, TRUE), | |
326 | PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), | |
327 | PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), | |
328 | PLUGIN_REGISTER(PUBKEY, wolfssl_rsa_public_key_load, TRUE), | |
329 | PLUGIN_PROVIDE(PUBKEY, KEY_RSA), | |
330 | #ifdef WOLFSSL_KEY_GEN | |
331 | PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_rsa_private_key_gen, FALSE), | |
332 | PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), | |
333 | #endif | |
334 | /* signature/encryption schemes */ | |
335 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), | |
336 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), | |
8bbd7bbd | 337 | #ifdef WC_RSA_PSS |
c92eade8 SP |
338 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), |
339 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), | |
8bbd7bbd AS |
340 | #endif |
341 | #ifndef NO_SHA | |
c92eade8 SP |
342 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), |
343 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), | |
8bbd7bbd AS |
344 | #endif |
345 | #ifdef WOLFSSL_SHA224 | |
c92eade8 SP |
346 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), |
347 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), | |
8bbd7bbd AS |
348 | #endif |
349 | #ifndef NO_SHA256 | |
c92eade8 SP |
350 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), |
351 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), | |
8bbd7bbd AS |
352 | #endif |
353 | #ifdef WOLFSSL_SHA384 | |
c92eade8 SP |
354 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), |
355 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), | |
8bbd7bbd AS |
356 | #endif |
357 | #ifdef WOLFSSL_SHA512 | |
c92eade8 SP |
358 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), |
359 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), | |
8bbd7bbd AS |
360 | #endif |
361 | #if defined(WOLFSSL_SHA3) && LIBWOLFSSL_VERSION_HEX >= 0x04007001 | |
362 | #ifndef WOLFSSL_NOSHA3_224 | |
363 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224), | |
364 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224), | |
365 | #endif | |
366 | #ifndef WOLFSSL_NOSHA3_256 | |
367 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256), | |
368 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256), | |
369 | #endif | |
370 | #ifndef WOLFSSL_NOSHA3_384 | |
371 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384), | |
372 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384), | |
373 | #endif | |
374 | #ifndef WOLFSSL_NOSHA3_512 | |
375 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512), | |
376 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512), | |
377 | #endif | |
378 | #endif /* WOLFSSL_SHA3 */ | |
c92eade8 SP |
379 | PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), |
380 | PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), | |
8bbd7bbd AS |
381 | #ifndef NO_MD5 |
382 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), | |
383 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), | |
384 | #endif | |
385 | #ifndef WC_NO_RSA_OAEP | |
c92eade8 SP |
386 | #ifndef NO_SHA |
387 | PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1), | |
388 | PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1), | |
389 | #endif | |
390 | #ifdef WOLFSSL_SHA224 | |
391 | PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224), | |
392 | PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224), | |
393 | #endif | |
394 | #ifndef NO_SHA256 | |
395 | PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256), | |
396 | PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256), | |
397 | #endif | |
398 | #ifdef WOLFSSL_SHA384 | |
399 | PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384), | |
400 | PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384), | |
401 | #endif | |
402 | #ifdef WOLFSSL_SHA512 | |
403 | PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512), | |
404 | PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512), | |
405 | #endif | |
8bbd7bbd | 406 | #endif /* !WC_NO_RSA_OAEP */ |
c92eade8 SP |
407 | #endif /* !NO_RSA */ |
408 | #ifdef HAVE_ECC | |
409 | #ifdef HAVE_ECC_KEY_IMPORT | |
410 | /* EC private/public key loading */ | |
411 | PLUGIN_REGISTER(PRIVKEY, wolfssl_ec_private_key_load, TRUE), | |
412 | PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), | |
413 | PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), | |
414 | #endif | |
415 | #ifdef HAVE_ECC_DHE | |
416 | PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ec_private_key_gen, FALSE), | |
417 | PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA), | |
418 | #endif | |
419 | #ifdef HAVE_ECC_KEY_IMPORT | |
420 | PLUGIN_REGISTER(PUBKEY, wolfssl_ec_public_key_load, TRUE), | |
421 | PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), | |
422 | #endif | |
423 | #ifdef HAVE_ECC_SIGN | |
424 | /* signature encryption schemes */ | |
425 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL), | |
426 | #ifndef NO_SHA | |
427 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER), | |
428 | #endif | |
429 | #ifndef NO_SHA256 | |
430 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER), | |
431 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256), | |
432 | #endif | |
433 | #ifdef WOLFSSL_SHA384 | |
434 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER), | |
435 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384), | |
436 | #endif | |
437 | #ifdef WOLFSSL_SHA512 | |
438 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER), | |
439 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521), | |
440 | #endif | |
441 | #endif /* HAVE_ECC_SIGN */ | |
442 | #ifdef HAVE_ECC_VERIFY | |
443 | /* signature encryption schemes */ | |
444 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL), | |
445 | #ifndef NO_SHA | |
446 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER), | |
447 | #endif | |
448 | #ifndef NO_SHA256 | |
449 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER), | |
450 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256), | |
451 | #endif | |
452 | #ifdef WOLFSSL_SHA384 | |
453 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER), | |
454 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384), | |
455 | #endif | |
456 | #ifdef WOLFSSL_SHA512 | |
457 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER), | |
458 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), | |
459 | #endif | |
460 | #endif /* HAVE_ECC_VERIFY */ | |
461 | #endif /* HAVE_ECC */ | |
59a987b8 | 462 | #if defined (HAVE_CURVE25519) || defined(HAVE_CURVE448) |
3af7c6db | 463 | PLUGIN_REGISTER(KE, wolfssl_x_diffie_hellman_create), |
59a987b8 | 464 | #ifdef HAVE_CURVE25519 |
3af7c6db | 465 | PLUGIN_PROVIDE(KE, CURVE_25519), |
59a987b8 TB |
466 | #endif |
467 | #ifdef HAVE_CURVE448 | |
3af7c6db | 468 | PLUGIN_PROVIDE(KE, CURVE_448), |
59a987b8 TB |
469 | #endif |
470 | #endif /* HAVE_CURVE25519 || HAVE_CURVE448 */ | |
142b5e79 | 471 | #if defined(HAVE_ED25519) || defined(HAVE_ED448) |
c92eade8 SP |
472 | /* EdDSA private/public key loading */ |
473 | PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE), | |
142b5e79 | 474 | #ifdef HAVE_ED25519 |
c92eade8 | 475 | PLUGIN_PROVIDE(PUBKEY, KEY_ED25519), |
142b5e79 TB |
476 | #endif |
477 | #ifdef HAVE_ED448 | |
478 | PLUGIN_PROVIDE(PUBKEY, KEY_ED448), | |
479 | #endif | |
c92eade8 | 480 | PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE), |
142b5e79 | 481 | #ifdef HAVE_ED25519 |
c92eade8 | 482 | PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519), |
142b5e79 TB |
483 | #endif |
484 | #ifdef HAVE_ED448 | |
485 | PLUGIN_PROVIDE(PRIVKEY, KEY_ED448), | |
486 | #endif | |
c92eade8 | 487 | PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE), |
142b5e79 | 488 | #ifdef HAVE_ED25519 |
c92eade8 | 489 | PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519), |
142b5e79 TB |
490 | #endif |
491 | #ifdef HAVE_ED448 | |
492 | PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED448), | |
493 | #endif | |
c92eade8 SP |
494 | #ifdef HAVE_ED25519_SIGN |
495 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519), | |
496 | #endif | |
497 | #ifdef HAVE_ED25519_VERIFY | |
498 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519), | |
142b5e79 TB |
499 | #endif |
500 | #ifdef HAVE_ED448_SIGN | |
501 | PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED448), | |
502 | #endif | |
503 | #ifdef HAVE_ED448_VERIFY | |
504 | PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED448), | |
c92eade8 SP |
505 | #endif |
506 | /* register a pro forma identity hasher, never instantiated */ | |
507 | PLUGIN_REGISTER(HASHER, return_null), | |
508 | PLUGIN_PROVIDE(HASHER, HASH_IDENTITY), | |
142b5e79 | 509 | #endif /* HAVE_ED25519 || HAVE_ED448 */ |
c92eade8 SP |
510 | #ifndef WC_NO_RNG |
511 | /* generic key loader */ | |
512 | PLUGIN_REGISTER(RNG, wolfssl_rng_create), | |
513 | PLUGIN_PROVIDE(RNG, RNG_STRONG), | |
514 | PLUGIN_PROVIDE(RNG, RNG_WEAK), | |
515 | #endif | |
516 | }; | |
517 | *features = f; | |
518 | return countof(f); | |
519 | } | |
520 | ||
521 | METHOD(plugin_t, destroy, void, | |
522 | private_wolfssl_plugin_t *this) | |
523 | { | |
524 | #ifndef WC_NO_RNG | |
525 | wolfssl_rng_global_final(); | |
526 | #endif | |
527 | wolfSSL_Cleanup(); | |
528 | ||
529 | free(this); | |
530 | } | |
531 | ||
532 | /* | |
d3329ee5 | 533 | * Described in header |
c92eade8 SP |
534 | */ |
535 | plugin_t *wolfssl_plugin_create() | |
536 | { | |
537 | private_wolfssl_plugin_t *this; | |
d3329ee5 | 538 | bool fips_mode; |
c92eade8 | 539 | |
d3329ee5 TB |
540 | fips_mode = lib->settings->get_bool(lib->settings, |
541 | "%s.plugins.wolfssl.fips_mode", FALSE, lib->ns); | |
c92eade8 SP |
542 | #ifdef HAVE_FIPS |
543 | if (fips_mode) | |
544 | { | |
d3329ee5 | 545 | int ret = wolfCrypt_GetStatus_fips(); |
c92eade8 SP |
546 | if (ret != 0) |
547 | { | |
d3329ee5 | 548 | DBG1(DBG_LIB, "wolfssl FIPS mode unavailable (%d)", ret); |
c92eade8 SP |
549 | return NULL; |
550 | } | |
551 | } | |
552 | #else | |
553 | if (fips_mode) | |
554 | { | |
d3329ee5 | 555 | DBG1(DBG_LIB, "wolfssl FIPS mode unavailable"); |
c92eade8 SP |
556 | return NULL; |
557 | } | |
558 | #endif | |
559 | ||
560 | wolfSSL_Init(); | |
561 | #ifndef WC_NO_RNG | |
562 | if (!wolfssl_rng_global_init()) | |
563 | { | |
564 | return NULL; | |
565 | } | |
566 | #endif | |
567 | ||
568 | INIT(this, | |
569 | .public = { | |
570 | .plugin = { | |
571 | .get_name = _get_name, | |
572 | .get_features = _get_features, | |
573 | .destroy = _destroy, | |
574 | }, | |
575 | }, | |
576 | ); | |
577 | ||
578 | return &this->public.plugin; | |
579 | } |