2 * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 #include <utils/debug.h>
26 #include "wolfssl_common.h"
27 #include "wolfssl_plugin.h"
28 #include "wolfssl_aead.h"
29 #include "wolfssl_crypter.h"
30 #include "wolfssl_diffie_hellman.h"
31 #include "wolfssl_ec_diffie_hellman.h"
32 #include "wolfssl_ec_private_key.h"
33 #include "wolfssl_ec_public_key.h"
34 #include "wolfssl_ed_private_key.h"
35 #include "wolfssl_ed_public_key.h"
36 #include "wolfssl_hasher.h"
37 #include "wolfssl_hmac.h"
38 #include "wolfssl_rsa_private_key.h"
39 #include "wolfssl_rsa_public_key.h"
40 #include "wolfssl_rng.h"
41 #include "wolfssl_sha1_prf.h"
42 #include "wolfssl_x_diffie_hellman.h"
49 typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t
;
52 * private data of wolfssl_plugin
54 struct private_wolfssl_plugin_t
{
59 wolfssl_plugin_t
public;
63 METHOD(plugin_t
, get_name
, char*,
64 private_wolfssl_plugin_t
*this)
69 METHOD(plugin_t
, get_features
, int,
70 private_wolfssl_plugin_t
*this, plugin_feature_t
*features
[])
72 static plugin_feature_t f
[] = {
74 PLUGIN_REGISTER(CRYPTER
, wolfssl_crypter_create
),
75 #if !defined(NO_AES) && !defined(NO_AES_CTR)
76 PLUGIN_PROVIDE(CRYPTER
, ENCR_AES_CTR
, 16),
77 PLUGIN_PROVIDE(CRYPTER
, ENCR_AES_CTR
, 24),
78 PLUGIN_PROVIDE(CRYPTER
, ENCR_AES_CTR
, 32),
80 #if !defined(NO_AES) && !defined(NO_AES_CBC)
81 PLUGIN_PROVIDE(CRYPTER
, ENCR_AES_CBC
, 16),
82 PLUGIN_PROVIDE(CRYPTER
, ENCR_AES_CBC
, 24),
83 PLUGIN_PROVIDE(CRYPTER
, ENCR_AES_CBC
, 32),
86 PLUGIN_PROVIDE(CRYPTER
, ENCR_CAMELLIA_CBC
, 16),
87 PLUGIN_PROVIDE(CRYPTER
, ENCR_CAMELLIA_CBC
, 24),
88 PLUGIN_PROVIDE(CRYPTER
, ENCR_CAMELLIA_CBC
, 32),
91 PLUGIN_PROVIDE(CRYPTER
, ENCR_3DES
, 24),
92 PLUGIN_PROVIDE(CRYPTER
, ENCR_DES
, 8),
93 #ifdef WOLFSSL_DES_ECB
94 PLUGIN_PROVIDE(CRYPTER
, ENCR_DES_ECB
, 8),
97 PLUGIN_PROVIDE(CRYPTER
, ENCR_NULL
, 0),
99 PLUGIN_REGISTER(HASHER
, wolfssl_hasher_create
),
101 PLUGIN_PROVIDE(HASHER
, HASH_MD5
),
104 PLUGIN_PROVIDE(HASHER
, HASH_SHA1
),
106 #ifdef WOLFSSL_SHA224
107 PLUGIN_PROVIDE(HASHER
, HASH_SHA224
),
110 PLUGIN_PROVIDE(HASHER
, HASH_SHA256
),
112 #ifdef WOLFSSL_SHA384
113 PLUGIN_PROVIDE(HASHER
, HASH_SHA384
),
115 #ifdef WOLFSSL_SHA512
116 PLUGIN_PROVIDE(HASHER
, HASH_SHA512
),
119 /* keyed sha1 hasher (aka prf) */
120 PLUGIN_REGISTER(PRF
, wolfssl_sha1_prf_create
),
121 PLUGIN_PROVIDE(PRF
, PRF_KEYED_SHA1
),
124 PLUGIN_REGISTER(PRF
, wolfssl_hmac_prf_create
),
126 PLUGIN_PROVIDE(PRF
, PRF_HMAC_MD5
),
129 PLUGIN_PROVIDE(PRF
, PRF_HMAC_SHA1
),
132 PLUGIN_PROVIDE(PRF
, PRF_HMAC_SHA2_256
),
134 #ifdef WOLFSSL_SHA384
135 PLUGIN_PROVIDE(PRF
, PRF_HMAC_SHA2_384
),
137 #ifdef WOLFSSL_SHA512
138 PLUGIN_PROVIDE(PRF
, PRF_HMAC_SHA2_512
),
140 PLUGIN_REGISTER(SIGNER
, wolfssl_hmac_signer_create
),
142 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_MD5_96
),
143 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_MD5_128
),
146 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA1_96
),
147 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA1_128
),
148 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA1_160
),
151 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA2_256_128
),
152 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA2_256_256
),
154 #ifdef WOLFSSL_SHA384
155 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA2_384_192
),
156 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA2_384_384
),
158 #ifdef WOLFSSL_SHA512
159 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA2_512_256
),
160 PLUGIN_PROVIDE(SIGNER
, AUTH_HMAC_SHA2_512_512
),
163 #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \
164 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
165 PLUGIN_REGISTER(AEAD
, wolfssl_aead_create
),
166 #if !defined(NO_AES) && defined(HAVE_AESGCM)
167 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV16
, 16),
168 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV16
, 24),
169 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV16
, 32),
170 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12
171 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV12
, 16),
172 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV12
, 24),
173 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV12
, 32),
175 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8
176 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV8
, 16),
177 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV8
, 24),
178 PLUGIN_PROVIDE(AEAD
, ENCR_AES_GCM_ICV8
, 32),
180 #endif /* !NO_AES && HAVE_AESGCM */
181 #if !defined(NO_AES) && defined(HAVE_AESCCM)
182 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV16
, 16),
183 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV16
, 24),
184 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV16
, 32),
185 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV12
, 16),
186 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV12
, 24),
187 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV12
, 32),
188 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV8
, 16),
189 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV8
, 24),
190 PLUGIN_PROVIDE(AEAD
, ENCR_AES_CCM_ICV8
, 32),
191 #endif /* !NO_AES && HAVE_AESCCM */
192 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
193 PLUGIN_PROVIDE(AEAD
, ENCR_CHACHA20_POLY1305
, 32),
194 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
198 PLUGIN_REGISTER(DH
, wolfssl_ec_diffie_hellman_create
),
199 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
200 PLUGIN_PROVIDE(DH
, ECP_256_BIT
),
202 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
203 PLUGIN_PROVIDE(DH
, ECP_384_BIT
),
205 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
206 PLUGIN_PROVIDE(DH
, ECP_521_BIT
),
208 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
209 PLUGIN_PROVIDE(DH
, ECP_224_BIT
),
211 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
212 PLUGIN_PROVIDE(DH
, ECP_192_BIT
),
214 #ifdef HAVE_BRAINPOOL
215 #if !define(NO_ECC256) || defined(HAVE_ALL_CURVES)
216 PLUGIN_PROVIDE(DH
, ECP_256_BP
),
218 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
219 PLUGIN_PROVIDE(DH
, ECP_384_BP
),
221 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
222 PLUGIN_PROVIDE(DH
, ECP_512_BP
),
224 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
225 PLUGIN_PROVIDE(DH
, ECP_224_BP
),
228 #endif /* HAVE_ECC_DHE */
231 PLUGIN_REGISTER(DH
, wolfssl_diffie_hellman_create
),
232 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2)
233 PLUGIN_PROVIDE(DH
, MODP_3072_BIT
),
235 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2)
236 PLUGIN_PROVIDE(DH
, MODP_4096_BIT
),
238 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2)
239 PLUGIN_PROVIDE(DH
, MODP_6144_BIT
),
241 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2)
242 PLUGIN_PROVIDE(DH
, MODP_8192_BIT
),
244 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2)
245 PLUGIN_PROVIDE(DH
, MODP_2048_BIT
),
246 PLUGIN_PROVIDE(DH
, MODP_2048_224
),
247 PLUGIN_PROVIDE(DH
, MODP_2048_256
),
249 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2)
250 PLUGIN_PROVIDE(DH
, MODP_1536_BIT
),
252 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2)
253 PLUGIN_PROVIDE(DH
, MODP_1024_BIT
),
254 PLUGIN_PROVIDE(DH
, MODP_1024_160
),
256 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2)
257 PLUGIN_PROVIDE(DH
, MODP_768_BIT
),
259 PLUGIN_PROVIDE(DH
, MODP_CUSTOM
),
262 /* RSA private/public key loading */
263 PLUGIN_REGISTER(PRIVKEY
, wolfssl_rsa_private_key_load
, TRUE
),
264 PLUGIN_PROVIDE(PRIVKEY
, KEY_RSA
),
265 PLUGIN_PROVIDE(PRIVKEY
, KEY_ANY
),
266 PLUGIN_REGISTER(PUBKEY
, wolfssl_rsa_public_key_load
, TRUE
),
267 PLUGIN_PROVIDE(PUBKEY
, KEY_RSA
),
268 #ifdef WOLFSSL_KEY_GEN
269 PLUGIN_REGISTER(PRIVKEY_GEN
, wolfssl_rsa_private_key_gen
, FALSE
),
270 PLUGIN_PROVIDE(PRIVKEY_GEN
, KEY_RSA
),
272 /* signature/encryption schemes */
273 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PKCS1_NULL
),
274 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PKCS1_NULL
),
276 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PSS
),
277 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PSS
),
280 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PKCS1_SHA1
),
281 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PKCS1_SHA1
),
283 #ifdef WOLFSSL_SHA224
284 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PKCS1_SHA2_224
),
285 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PKCS1_SHA2_224
),
288 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PKCS1_SHA2_256
),
289 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PKCS1_SHA2_256
),
291 #ifdef WOLFSSL_SHA384
292 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PKCS1_SHA2_384
),
293 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PKCS1_SHA2_384
),
295 #ifdef WOLFSSL_SHA512
296 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PKCS1_SHA2_512
),
297 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PKCS1_SHA2_512
),
300 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_RSA_EMSA_PKCS1_MD5
),
301 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_RSA_EMSA_PKCS1_MD5
),
303 PLUGIN_PROVIDE(PRIVKEY_DECRYPT
, ENCRYPT_RSA_PKCS1
),
304 PLUGIN_PROVIDE(PUBKEY_ENCRYPT
, ENCRYPT_RSA_PKCS1
),
305 #ifndef WC_NO_RSA_OAEP
307 PLUGIN_PROVIDE(PUBKEY_ENCRYPT
, ENCRYPT_RSA_OAEP_SHA1
),
308 PLUGIN_PROVIDE(PRIVKEY_DECRYPT
, ENCRYPT_RSA_OAEP_SHA1
),
310 #ifdef WOLFSSL_SHA224
311 PLUGIN_PROVIDE(PUBKEY_ENCRYPT
, ENCRYPT_RSA_OAEP_SHA224
),
312 PLUGIN_PROVIDE(PRIVKEY_DECRYPT
, ENCRYPT_RSA_OAEP_SHA224
),
315 PLUGIN_PROVIDE(PUBKEY_ENCRYPT
, ENCRYPT_RSA_OAEP_SHA256
),
316 PLUGIN_PROVIDE(PRIVKEY_DECRYPT
, ENCRYPT_RSA_OAEP_SHA256
),
318 #ifdef WOLFSSL_SHA384
319 PLUGIN_PROVIDE(PUBKEY_ENCRYPT
, ENCRYPT_RSA_OAEP_SHA384
),
320 PLUGIN_PROVIDE(PRIVKEY_DECRYPT
, ENCRYPT_RSA_OAEP_SHA384
),
322 #ifdef WOLFSSL_SHA512
323 PLUGIN_PROVIDE(PUBKEY_ENCRYPT
, ENCRYPT_RSA_OAEP_SHA512
),
324 PLUGIN_PROVIDE(PRIVKEY_DECRYPT
, ENCRYPT_RSA_OAEP_SHA512
),
326 #endif /* !WC_NO_RSA_OAEP */
329 #ifdef HAVE_ECC_KEY_IMPORT
330 /* EC private/public key loading */
331 PLUGIN_REGISTER(PRIVKEY
, wolfssl_ec_private_key_load
, TRUE
),
332 PLUGIN_PROVIDE(PRIVKEY
, KEY_ECDSA
),
333 PLUGIN_PROVIDE(PRIVKEY
, KEY_ANY
),
336 PLUGIN_REGISTER(PRIVKEY_GEN
, wolfssl_ec_private_key_gen
, FALSE
),
337 PLUGIN_PROVIDE(PRIVKEY_GEN
, KEY_ECDSA
),
339 #ifdef HAVE_ECC_KEY_IMPORT
340 PLUGIN_REGISTER(PUBKEY
, wolfssl_ec_public_key_load
, TRUE
),
341 PLUGIN_PROVIDE(PUBKEY
, KEY_ECDSA
),
344 /* signature encryption schemes */
345 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_WITH_NULL
),
347 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_WITH_SHA1_DER
),
350 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_WITH_SHA256_DER
),
351 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_256
),
353 #ifdef WOLFSSL_SHA384
354 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_WITH_SHA384_DER
),
355 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_384
),
357 #ifdef WOLFSSL_SHA512
358 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_WITH_SHA512_DER
),
359 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ECDSA_521
),
361 #endif /* HAVE_ECC_SIGN */
362 #ifdef HAVE_ECC_VERIFY
363 /* signature encryption schemes */
364 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_WITH_NULL
),
366 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_WITH_SHA1_DER
),
369 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_WITH_SHA256_DER
),
370 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_256
),
372 #ifdef WOLFSSL_SHA384
373 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_WITH_SHA384_DER
),
374 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_384
),
376 #ifdef WOLFSSL_SHA512
377 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_WITH_SHA512_DER
),
378 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ECDSA_521
),
380 #endif /* HAVE_ECC_VERIFY */
381 #endif /* HAVE_ECC */
382 #ifdef HAVE_CURVE25519
383 PLUGIN_REGISTER(DH
, wolfssl_x_diffie_hellman_create
),
384 PLUGIN_PROVIDE(DH
, CURVE_25519
),
387 /* EdDSA private/public key loading */
388 PLUGIN_REGISTER(PUBKEY
, wolfssl_ed_public_key_load
, TRUE
),
389 PLUGIN_PROVIDE(PUBKEY
, KEY_ED25519
),
390 PLUGIN_REGISTER(PRIVKEY
, wolfssl_ed_private_key_load
, TRUE
),
391 PLUGIN_PROVIDE(PRIVKEY
, KEY_ED25519
),
392 PLUGIN_REGISTER(PRIVKEY_GEN
, wolfssl_ed_private_key_gen
, FALSE
),
393 PLUGIN_PROVIDE(PRIVKEY_GEN
, KEY_ED25519
),
394 #ifdef HAVE_ED25519_SIGN
395 PLUGIN_PROVIDE(PRIVKEY_SIGN
, SIGN_ED25519
),
397 #ifdef HAVE_ED25519_VERIFY
398 PLUGIN_PROVIDE(PUBKEY_VERIFY
, SIGN_ED25519
),
400 /* register a pro forma identity hasher, never instantiated */
401 PLUGIN_REGISTER(HASHER
, return_null
),
402 PLUGIN_PROVIDE(HASHER
, HASH_IDENTITY
),
403 #endif /* HAVE_ED25519 */
405 /* generic key loader */
406 PLUGIN_REGISTER(RNG
, wolfssl_rng_create
),
407 PLUGIN_PROVIDE(RNG
, RNG_STRONG
),
408 PLUGIN_PROVIDE(RNG
, RNG_WEAK
),
415 METHOD(plugin_t
, destroy
, void,
416 private_wolfssl_plugin_t
*this)
419 wolfssl_rng_global_final();
429 plugin_t
*wolfssl_plugin_create()
431 private_wolfssl_plugin_t
*this;
434 fips_mode
= lib
->settings
->get_int(lib
->settings
,
435 "%s.plugins.wolfssl.fips_mode", FIPS_MODE
, lib
->ns
);
439 int ret
= wolfCrypt_GetStatus_fips();
442 DBG1(DBG_LIB
, "wolfssl FIPS mode(%d) unavailable (%d)", fips_mode
,
450 DBG1(DBG_LIB
, "wolfssl FIPS mode(%d) unavailable", fips_mode
);
457 if (!wolfssl_rng_global_init())
466 .get_name
= _get_name
,
467 .get_features
= _get_features
,
473 return &this->public.plugin
;