From 54d7e39d408c97f22ce477f89200d172fed7a8a7 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 6 Dec 2021 12:24:09 +0100
Subject: [PATCH] wolfssl: Support of AES-CFB encryption

---
 .../plugins/wolfssl/wolfssl_crypter.c         | 54 ++++++++++++++++++-
 .../plugins/wolfssl/wolfssl_plugin.c          |  5 ++
 testing/scripts/recipes/012_wolfssl.mk        |  1 +
 3 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c b/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c
index 0ad7c739f..cffe7ba23 100644
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_crypter.c
@@ -48,7 +48,7 @@ struct private_wolfssl_crypter_t {
 	 * wolfSSL cipher
 	 */
 	union {
-#if !defined(NO_AES) && (!defined(NO_AES_CBC) || defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_COUNTER))
+#if !defined(NO_AES) && (!defined(NO_AES_CBC) || defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER))
 		Aes aes;
 #endif
 #ifdef HAVE_CAMELLIA
@@ -141,6 +141,18 @@ METHOD(crypter_t, decrypt, bool,
 			success = (ret == 0);
 			break;
 	#endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB)
+		case ENCR_AES_CFB:
+			ret = wc_AesSetKey(&this->cipher.aes, this->key.ptr, this->key.len,
+							   iv.ptr, AES_ENCRYPTION);
+			if (ret == 0)
+			{
+				ret = wc_AesCfbDecrypt(&this->cipher.aes, out, data.ptr,
+									   data.len);
+			}
+			success = (ret == 0);
+			break;
+	#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
 		case ENCR_AES_CTR:
 			if (out == data.ptr)
@@ -273,6 +285,18 @@ METHOD(crypter_t, encrypt, bool,
 			success = (ret == 0);
 			break;
 #endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB)
+		case ENCR_AES_CFB:
+			ret = wc_AesSetKey(&this->cipher.aes, this->key.ptr, this->key.len,
+							   iv.ptr, AES_ENCRYPTION);
+			if (ret == 0)
+			{
+				ret = wc_AesCfbEncrypt(&this->cipher.aes, out, data.ptr,
+									   data.len);
+			}
+			success = (ret == 0);
+			break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
 		case ENCR_AES_CTR:
 			if (out == data.ptr)
@@ -395,6 +419,11 @@ METHOD(crypter_t, destroy, void,
 			wc_AesFree(&this->cipher.aes);
 			break;
 #endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB)
+		case ENCR_AES_CFB:
+			wc_AesFree(&this->cipher.aes);
+			break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
 		case ENCR_AES_CTR:
 			wc_AesFree(&this->cipher.aes);
@@ -466,6 +495,24 @@ wolfssl_crypter_t *wolfssl_crypter_create(encryption_algorithm_t algo,
 			}
 			break;
 #endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB)
+		case ENCR_AES_CFB:
+			switch (key_size)
+			{
+				case 0:
+					key_size = 16;
+					/* fall-through */
+				case 16:
+				case 24:
+				case 32:
+					block_size = AES_BLOCK_SIZE;
+					iv_size = AES_IV_SIZE;
+					break;
+				default:
+					return NULL;
+			}
+			break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
 		case ENCR_AES_CTR:
 			switch (key_size)
@@ -557,6 +604,11 @@ wolfssl_crypter_t *wolfssl_crypter_create(encryption_algorithm_t algo,
 			ret = wc_AesInit(&this->cipher.aes, NULL, INVALID_DEVID);
 			break;
 #endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB)
+		case ENCR_AES_CFB:
+			ret = wc_AesInit(&this->cipher.aes, NULL, INVALID_DEVID);
+			break;
+#endif
 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
 		case ENCR_AES_CTR:
 			ret = wc_AesInit(&this->cipher.aes, NULL, INVALID_DEVID);
diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
index 6b35aa3d9..cea577709 100644
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
@@ -87,6 +87,11 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 24),
 			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 32),
 #endif
+#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB)
+			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 16),
+			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 24),
+			PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CFB, 32),
+#endif
 #ifdef HAVE_CAMELLIA
 			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
 			PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
diff --git a/testing/scripts/recipes/012_wolfssl.mk b/testing/scripts/recipes/012_wolfssl.mk
index 926858e86..552329f90 100644
--- a/testing/scripts/recipes/012_wolfssl.mk
+++ b/testing/scripts/recipes/012_wolfssl.mk
@@ -19,6 +19,7 @@ CONFIG_OPTS = \
 	--enable-silent-rules \
 	--enable-aesccm \
 	--enable-aesctr \
+	--enable-aescfb \
 	--enable-camellia \
 	--enable-curve25519 \
 	--enable-curve448 \
-- 
2.47.3