From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 4 Mar 2019 16:55:41 +0000 (+0100)
Subject: openssl: Add support for ChaCha20-Poly1305
X-Git-Tag: 5.8.0dr1~2^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a21710d38028c71441eae25edd745fcc373b7537;p=thirdparty%2Fstrongswan.git

openssl: Add support for ChaCha20-Poly1305

It's available since OpenSSL 1.1.0.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_aead.c b/src/libstrongswan/plugins/openssl/openssl_aead.c
index 1d5b8fc6aa..52c5ac3f8c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_aead.c
+++ b/src/libstrongswan/plugins/openssl/openssl_aead.c
@@ -239,6 +239,9 @@ aead_t *openssl_aead_create(encryption_algorithm_t algo,
 		case ENCR_AES_GCM_ICV16:
 			this->icv_size = 16;
 			break;
+		case ENCR_CHACHA20_POLY1305:
+			this->icv_size = 16;
+			break;
 		default:
 			free(this);
 			return NULL;
@@ -275,6 +278,22 @@ aead_t *openssl_aead_create(encryption_algorithm_t algo,
 					return NULL;
 			}
 			break;
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)
+		case ENCR_CHACHA20_POLY1305:
+			switch (key_size)
+			{
+				case 0:
+					key_size = 32;
+					/* FALL */
+				case 32:
+					this->cipher = EVP_chacha20_poly1305();
+					break;
+				default:
+					free(this);
+					return NULL;
+			}
+			break;
+#endif /* OPENSSL_NO_CHACHA */
 		default:
 			free(this);
 			return NULL;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 0661fdbc5f..c2dbf53286 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -580,10 +580,11 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
 #endif
 #endif /* OPENSSL_NO_HMAC */
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
-#ifndef OPENSSL_NO_AES
-		/* AES GCM */
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_AES)) || \
+	(OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA))
+		/* AEAD (AES GCM since 1.0.1, ChaCha20-Poly1305 since 1.1.0) */
 		PLUGIN_REGISTER(AEAD, openssl_aead_create),
+#ifndef OPENSSL_NO_AES
 			PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
 			PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
 			PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
@@ -594,6 +595,9 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8,  24),
 			PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8,  32),
 #endif /* OPENSSL_NO_AES */
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)
+			PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
+#endif /* OPENSSL_NO_CHACHA */
 #endif /* OPENSSL_VERSION_NUMBER */
 #ifndef OPENSSL_NO_ECDH
 		/* EC DH groups */