openssl: Add support for ChaCha20-Poly1305

It's available since OpenSSL 1.1.0.

diff --git a/src/libstrongswan/plugins/openssl/openssl_aead.c b/src/libstrongswan/plugins/openssl/openssl_aead.c
index 1d5b8fc6aa48e26a207fbc847aef253237027ffb..52c5ac3f8cd22e2db5f540b45fc7cf73b2727d9f 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_aead.c
+++ b/src/libstrongswan/plugins/openssl/openssl_aead.c
@@ -239,6 +239,9 @@ aead_t *openssl_aead_create(encryption_algorithm_t algo,
                case ENCR_AES_GCM_ICV16:
                        this->icv_size = 16;
                        break;
+               case ENCR_CHACHA20_POLY1305:
+                       this->icv_size = 16;
+                       break;
                default:
                        free(this);
                        return NULL;
@@ -275,6 +278,22 @@ aead_t *openssl_aead_create(encryption_algorithm_t algo,
                                        return NULL;
                        }
                        break;
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)
+               case ENCR_CHACHA20_POLY1305:
+                       switch (key_size)
+                       {
+                               case 0:
+                                       key_size = 32;
+                                       /* FALL */
+                               case 32:
+                                       this->cipher = EVP_chacha20_poly1305();
+                                       break;
+                               default:
+                                       free(this);
+                                       return NULL;
+                       }
+                       break;
+#endif /* OPENSSL_NO_CHACHA */
                default:
                        free(this);
                        return NULL;

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 0661fdbc5fb5a48340fe51c75aa70fb91f346473..c2dbf53286a123c246b35eb3a0a74c4c9cd52553 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -580,10 +580,11 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
 #endif
 #endif /* OPENSSL_NO_HMAC */
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
-#ifndef OPENSSL_NO_AES
-               /* AES GCM */
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_AES)) || \
+       (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA))
+               /* AEAD (AES GCM since 1.0.1, ChaCha20-Poly1305 since 1.1.0) */
                PLUGIN_REGISTER(AEAD, openssl_aead_create),
+#ifndef OPENSSL_NO_AES
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
@@ -594,6 +595,9 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8,  24),
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8,  32),
 #endif /* OPENSSL_NO_AES */
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)
+                       PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
+#endif /* OPENSSL_NO_CHACHA */
 #endif /* OPENSSL_VERSION_NUMBER */
 #ifndef OPENSSL_NO_ECDH
                /* EC DH groups */