]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
wolfssl: Add wolfSSL plugin for cryptographic implementations
[thirdparty/strongswan.git] / src / libstrongswan / plugins / wolfssl / wolfssl_plugin.c
1 /*
2 * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20 * THE SOFTWARE.
21 */
22
23 #include <library.h>
24 #include <utils/debug.h>
25
26 #include "wolfssl_common.h"
27 #include "wolfssl_plugin.h"
28 #include "wolfssl_aead.h"
29 #include "wolfssl_crypter.h"
30 #include "wolfssl_diffie_hellman.h"
31 #include "wolfssl_ec_diffie_hellman.h"
32 #include "wolfssl_ec_private_key.h"
33 #include "wolfssl_ec_public_key.h"
34 #include "wolfssl_ed_private_key.h"
35 #include "wolfssl_ed_public_key.h"
36 #include "wolfssl_hasher.h"
37 #include "wolfssl_hmac.h"
38 #include "wolfssl_rsa_private_key.h"
39 #include "wolfssl_rsa_public_key.h"
40 #include "wolfssl_rng.h"
41 #include "wolfssl_sha1_prf.h"
42 #include "wolfssl_x_diffie_hellman.h"
43
44 #ifndef FIPS_MODE
45 #define FIPS_MODE 0
46 #endif
47
48
49 typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t;
50
51 /**
52 * private data of wolfssl_plugin
53 */
54 struct private_wolfssl_plugin_t {
55
56 /**
57 * public functions
58 */
59 wolfssl_plugin_t public;
60 };
61
62
63 METHOD(plugin_t, get_name, char*,
64 private_wolfssl_plugin_t *this)
65 {
66 return "wolfssl";
67 }
68
69 METHOD(plugin_t, get_features, int,
70 private_wolfssl_plugin_t *this, plugin_feature_t *features[])
71 {
72 static plugin_feature_t f[] = {
73 /* crypters */
74 PLUGIN_REGISTER(CRYPTER, wolfssl_crypter_create),
75 #if !defined(NO_AES) && !defined(NO_AES_CTR)
76 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
77 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
78 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
79 #endif
80 #if !defined(NO_AES) && !defined(NO_AES_CBC)
81 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
82 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
83 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
84 #endif
85 #ifdef HAVE_CAMELLIA
86 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
87 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
88 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
89 #endif
90 #ifndef NO_DES3
91 PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
92 PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
93 #ifdef WOLFSSL_DES_ECB
94 PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
95 #endif
96 #endif
97 PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
98 /* hashers */
99 PLUGIN_REGISTER(HASHER, wolfssl_hasher_create),
100 #ifndef NO_MD5
101 PLUGIN_PROVIDE(HASHER, HASH_MD5),
102 #endif
103 #ifndef NO_SHA
104 PLUGIN_PROVIDE(HASHER, HASH_SHA1),
105 #endif
106 #ifdef WOLFSSL_SHA224
107 PLUGIN_PROVIDE(HASHER, HASH_SHA224),
108 #endif
109 #ifndef NO_SHA256
110 PLUGIN_PROVIDE(HASHER, HASH_SHA256),
111 #endif
112 #ifdef WOLFSSL_SHA384
113 PLUGIN_PROVIDE(HASHER, HASH_SHA384),
114 #endif
115 #ifdef WOLFSSL_SHA512
116 PLUGIN_PROVIDE(HASHER, HASH_SHA512),
117 #endif
118 #ifndef NO_SHA
119 /* keyed sha1 hasher (aka prf) */
120 PLUGIN_REGISTER(PRF, wolfssl_sha1_prf_create),
121 PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
122 #endif
123 #ifndef NO_HMAC
124 PLUGIN_REGISTER(PRF, wolfssl_hmac_prf_create),
125 #ifndef NO_MD5
126 PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5),
127 #endif
128 #ifndef NO_SHA
129 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
130 #endif
131 #ifndef NO_SHA256
132 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
133 #endif
134 #ifdef WOLFSSL_SHA384
135 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
136 #endif
137 #ifdef WOLFSSL_SHA512
138 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
139 #endif
140 PLUGIN_REGISTER(SIGNER, wolfssl_hmac_signer_create),
141 #ifndef NO_MD5
142 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96),
143 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128),
144 #endif
145 #ifndef NO_SHA
146 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
147 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
148 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
149 #endif
150 #ifndef NO_SHA256
151 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
152 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
153 #endif
154 #ifdef WOLFSSL_SHA384
155 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
156 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
157 #endif
158 #ifdef WOLFSSL_SHA512
159 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
160 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
161 #endif
162 #endif /* NO_HMAC */
163 #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \
164 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
165 PLUGIN_REGISTER(AEAD, wolfssl_aead_create),
166 #if !defined(NO_AES) && defined(HAVE_AESGCM)
167 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
168 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
169 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
170 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12
171 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
172 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
173 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
174 #endif
175 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8
176 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
177 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
178 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
179 #endif
180 #endif /* !NO_AES && HAVE_AESGCM */
181 #if !defined(NO_AES) && defined(HAVE_AESCCM)
182 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16),
183 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24),
184 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32),
185 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16),
186 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24),
187 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32),
188 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16),
189 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24),
190 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32),
191 #endif /* !NO_AES && HAVE_AESCCM */
192 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
193 PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
194 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
195 #endif
196 #ifdef HAVE_ECC_DHE
197 /* EC DH groups */
198 PLUGIN_REGISTER(DH, wolfssl_ec_diffie_hellman_create),
199 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
200 PLUGIN_PROVIDE(DH, ECP_256_BIT),
201 #endif
202 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
203 PLUGIN_PROVIDE(DH, ECP_384_BIT),
204 #endif
205 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
206 PLUGIN_PROVIDE(DH, ECP_521_BIT),
207 #endif
208 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
209 PLUGIN_PROVIDE(DH, ECP_224_BIT),
210 #endif
211 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
212 PLUGIN_PROVIDE(DH, ECP_192_BIT),
213 #endif
214 #ifdef HAVE_BRAINPOOL
215 #if !define(NO_ECC256) || defined(HAVE_ALL_CURVES)
216 PLUGIN_PROVIDE(DH, ECP_256_BP),
217 #endif
218 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
219 PLUGIN_PROVIDE(DH, ECP_384_BP),
220 #endif
221 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
222 PLUGIN_PROVIDE(DH, ECP_512_BP),
223 #endif
224 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
225 PLUGIN_PROVIDE(DH, ECP_224_BP),
226 #endif
227 #endif
228 #endif /* HAVE_ECC_DHE */
229 #ifndef NO_DH
230 /* MODP DH groups */
231 PLUGIN_REGISTER(DH, wolfssl_diffie_hellman_create),
232 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2)
233 PLUGIN_PROVIDE(DH, MODP_3072_BIT),
234 #endif
235 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2)
236 PLUGIN_PROVIDE(DH, MODP_4096_BIT),
237 #endif
238 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2)
239 PLUGIN_PROVIDE(DH, MODP_6144_BIT),
240 #endif
241 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2)
242 PLUGIN_PROVIDE(DH, MODP_8192_BIT),
243 #endif
244 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2)
245 PLUGIN_PROVIDE(DH, MODP_2048_BIT),
246 PLUGIN_PROVIDE(DH, MODP_2048_224),
247 PLUGIN_PROVIDE(DH, MODP_2048_256),
248 #endif
249 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2)
250 PLUGIN_PROVIDE(DH, MODP_1536_BIT),
251 #endif
252 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2)
253 PLUGIN_PROVIDE(DH, MODP_1024_BIT),
254 PLUGIN_PROVIDE(DH, MODP_1024_160),
255 #endif
256 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2)
257 PLUGIN_PROVIDE(DH, MODP_768_BIT),
258 #endif
259 PLUGIN_PROVIDE(DH, MODP_CUSTOM),
260 #endif /* NO_DH */
261 #ifndef NO_RSA
262 /* RSA private/public key loading */
263 PLUGIN_REGISTER(PRIVKEY, wolfssl_rsa_private_key_load, TRUE),
264 PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
265 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
266 PLUGIN_REGISTER(PUBKEY, wolfssl_rsa_public_key_load, TRUE),
267 PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
268 #ifdef WOLFSSL_KEY_GEN
269 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_rsa_private_key_gen, FALSE),
270 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
271 #endif
272 /* signature/encryption schemes */
273 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
274 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
275 #ifdef WC_RSA_PSS
276 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
277 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
278 #endif
279 #ifndef NO_SHA
280 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
281 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
282 #endif
283 #ifdef WOLFSSL_SHA224
284 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
285 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
286 #endif
287 #ifndef NO_SHA256
288 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
289 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
290 #endif
291 #ifdef WOLFSSL_SHA384
292 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
293 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
294 #endif
295 #ifdef WOLFSSL_SHA512
296 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
297 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
298 #endif
299 #ifndef NO_MD5
300 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
301 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
302 #endif
303 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
304 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
305 #ifndef WC_NO_RSA_OAEP
306 #ifndef NO_SHA
307 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1),
308 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1),
309 #endif
310 #ifdef WOLFSSL_SHA224
311 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224),
312 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224),
313 #endif
314 #ifndef NO_SHA256
315 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256),
316 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256),
317 #endif
318 #ifdef WOLFSSL_SHA384
319 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384),
320 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384),
321 #endif
322 #ifdef WOLFSSL_SHA512
323 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
324 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512),
325 #endif
326 #endif /* !WC_NO_RSA_OAEP */
327 #endif /* !NO_RSA */
328 #ifdef HAVE_ECC
329 #ifdef HAVE_ECC_KEY_IMPORT
330 /* EC private/public key loading */
331 PLUGIN_REGISTER(PRIVKEY, wolfssl_ec_private_key_load, TRUE),
332 PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
333 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
334 #endif
335 #ifdef HAVE_ECC_DHE
336 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ec_private_key_gen, FALSE),
337 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
338 #endif
339 #ifdef HAVE_ECC_KEY_IMPORT
340 PLUGIN_REGISTER(PUBKEY, wolfssl_ec_public_key_load, TRUE),
341 PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
342 #endif
343 #ifdef HAVE_ECC_SIGN
344 /* signature encryption schemes */
345 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
346 #ifndef NO_SHA
347 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
348 #endif
349 #ifndef NO_SHA256
350 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
351 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
352 #endif
353 #ifdef WOLFSSL_SHA384
354 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
355 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
356 #endif
357 #ifdef WOLFSSL_SHA512
358 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
359 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
360 #endif
361 #endif /* HAVE_ECC_SIGN */
362 #ifdef HAVE_ECC_VERIFY
363 /* signature encryption schemes */
364 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
365 #ifndef NO_SHA
366 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
367 #endif
368 #ifndef NO_SHA256
369 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
370 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
371 #endif
372 #ifdef WOLFSSL_SHA384
373 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
374 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
375 #endif
376 #ifdef WOLFSSL_SHA512
377 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
378 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
379 #endif
380 #endif /* HAVE_ECC_VERIFY */
381 #endif /* HAVE_ECC */
382 #ifdef HAVE_CURVE25519
383 PLUGIN_REGISTER(DH, wolfssl_x_diffie_hellman_create),
384 PLUGIN_PROVIDE(DH, CURVE_25519),
385 #endif
386 #ifdef HAVE_ED25519
387 /* EdDSA private/public key loading */
388 PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE),
389 PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
390 PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE),
391 PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
392 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE),
393 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
394 #ifdef HAVE_ED25519_SIGN
395 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
396 #endif
397 #ifdef HAVE_ED25519_VERIFY
398 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
399 #endif
400 /* register a pro forma identity hasher, never instantiated */
401 PLUGIN_REGISTER(HASHER, return_null),
402 PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
403 #endif /* HAVE_ED25519 */
404 #ifndef WC_NO_RNG
405 /* generic key loader */
406 PLUGIN_REGISTER(RNG, wolfssl_rng_create),
407 PLUGIN_PROVIDE(RNG, RNG_STRONG),
408 PLUGIN_PROVIDE(RNG, RNG_WEAK),
409 #endif
410 };
411 *features = f;
412 return countof(f);
413 }
414
415 METHOD(plugin_t, destroy, void,
416 private_wolfssl_plugin_t *this)
417 {
418 #ifndef WC_NO_RNG
419 wolfssl_rng_global_final();
420 #endif
421 wolfSSL_Cleanup();
422
423 free(this);
424 }
425
426 /*
427 * see header file
428 */
429 plugin_t *wolfssl_plugin_create()
430 {
431 private_wolfssl_plugin_t *this;
432 int fips_mode;
433
434 fips_mode = lib->settings->get_int(lib->settings,
435 "%s.plugins.wolfssl.fips_mode", FIPS_MODE, lib->ns);
436 #ifdef HAVE_FIPS
437 if (fips_mode)
438 {
439 int ret = wolfCrypt_GetStatus_fips();
440 if (ret != 0)
441 {
442 DBG1(DBG_LIB, "wolfssl FIPS mode(%d) unavailable (%d)", fips_mode,
443 ret);
444 return NULL;
445 }
446 }
447 #else
448 if (fips_mode)
449 {
450 DBG1(DBG_LIB, "wolfssl FIPS mode(%d) unavailable", fips_mode);
451 return NULL;
452 }
453 #endif
454
455 wolfSSL_Init();
456 #ifndef WC_NO_RNG
457 if (!wolfssl_rng_global_init())
458 {
459 return NULL;
460 }
461 #endif
462
463 INIT(this,
464 .public = {
465 .plugin = {
466 .get_name = _get_name,
467 .get_features = _get_features,
468 .destroy = _destroy,
469 },
470 },
471 );
472
473 return &this->public.plugin;
474 }
Unnamed repository; edit this file 'description' to name the repository.