31697dcb893d5e668a9b1df552cf44321edd2cd1
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_plugin.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Copyright (C) 2008 Martin Willi
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <openssl/evp.h>
18 #include <openssl/conf.h>
19 #include <openssl/crypto.h>
20 #ifndef OPENSSL_NO_ENGINE
21 #include <openssl/engine.h>
22 #endif
23
24 #include "openssl_plugin.h"
25
26 #include <library.h>
27 #include <threading/thread.h>
28 #include <threading/mutex.h>
29 #include "openssl_util.h"
30 #include "openssl_crypter.h"
31 #include "openssl_hasher.h"
32 #include "openssl_sha1_prf.h"
33 #include "openssl_diffie_hellman.h"
34 #include "openssl_ec_diffie_hellman.h"
35 #include "openssl_rsa_private_key.h"
36 #include "openssl_rsa_public_key.h"
37 #include "openssl_ec_private_key.h"
38 #include "openssl_ec_public_key.h"
39 #include "openssl_x509.h"
40 #include "openssl_crl.h"
41
42 typedef struct private_openssl_plugin_t private_openssl_plugin_t;
43
44 /**
45 * private data of openssl_plugin
46 */
47 struct private_openssl_plugin_t {
48
49 /**
50 * public functions
51 */
52 openssl_plugin_t public;
53 };
54
55 /**
56 * Array of static mutexs, with CRYPTO_num_locks() mutex
57 */
58 static mutex_t **mutex = NULL;
59
60 /**
61 * Locking callback for static locks
62 */
63 static void locking_function(int mode, int type, const char *file, int line)
64 {
65 if (mutex)
66 {
67 if (mode & CRYPTO_LOCK)
68 {
69 mutex[type]->lock(mutex[type]);
70 }
71 else
72 {
73 mutex[type]->unlock(mutex[type]);
74 }
75 }
76 }
77
78 /**
79 * Implementation of dynlock
80 */
81 struct CRYPTO_dynlock_value {
82 mutex_t *mutex;
83 };
84
85 /**
86 * Callback to create a dynamic lock
87 */
88 static struct CRYPTO_dynlock_value *create_function(const char *file, int line)
89 {
90 struct CRYPTO_dynlock_value *lock;
91
92 lock = malloc_thing(struct CRYPTO_dynlock_value);
93 lock->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
94 return lock;
95 }
96
97 /**
98 * Callback to (un-)lock a dynamic lock
99 */
100 static void lock_function(int mode, struct CRYPTO_dynlock_value *lock,
101 const char *file, int line)
102 {
103 if (mode & CRYPTO_LOCK)
104 {
105 lock->mutex->lock(lock->mutex);
106 }
107 else
108 {
109 lock->mutex->unlock(lock->mutex);
110 }
111 }
112
113 /**
114 * Callback to destroy a dynamic lock
115 */
116 static void destroy_function(struct CRYPTO_dynlock_value *lock,
117 const char *file, int line)
118 {
119 lock->mutex->destroy(lock->mutex);
120 free(lock);
121 }
122
123 /**
124 * Thread-ID callback function
125 */
126 static unsigned long id_function(void)
127 {
128 return (unsigned long)thread_current_id();
129 }
130
131 /**
132 * initialize OpenSSL for multi-threaded use
133 */
134 static void threading_init()
135 {
136 int i, num_locks;
137
138 CRYPTO_set_id_callback(id_function);
139 CRYPTO_set_locking_callback(locking_function);
140
141 CRYPTO_set_dynlock_create_callback(create_function);
142 CRYPTO_set_dynlock_lock_callback(lock_function);
143 CRYPTO_set_dynlock_destroy_callback(destroy_function);
144
145 num_locks = CRYPTO_num_locks();
146 mutex = malloc(sizeof(mutex_t*) * num_locks);
147 for (i = 0; i < num_locks; i++)
148 {
149 mutex[i] = mutex_create(MUTEX_TYPE_DEFAULT);
150 }
151 }
152
153 /**
154 * cleanup OpenSSL threading locks
155 */
156 static void threading_cleanup()
157 {
158 int i, num_locks;
159
160 num_locks = CRYPTO_num_locks();
161 for (i = 0; i < num_locks; i++)
162 {
163 mutex[i]->destroy(mutex[i]);
164 }
165 free(mutex);
166 mutex = NULL;
167 }
168
169 /**
170 * Implementation of openssl_plugin_t.destroy
171 */
172 static void destroy(private_openssl_plugin_t *this)
173 {
174 lib->crypto->remove_crypter(lib->crypto,
175 (crypter_constructor_t)openssl_crypter_create);
176 lib->crypto->remove_hasher(lib->crypto,
177 (hasher_constructor_t)openssl_hasher_create);
178 lib->crypto->remove_prf(lib->crypto,
179 (prf_constructor_t)openssl_sha1_prf_create);
180 lib->crypto->remove_dh(lib->crypto,
181 (dh_constructor_t)openssl_diffie_hellman_create);
182 lib->creds->remove_builder(lib->creds,
183 (builder_function_t)openssl_rsa_private_key_load);
184 lib->creds->remove_builder(lib->creds,
185 (builder_function_t)openssl_rsa_private_key_gen);
186 lib->creds->remove_builder(lib->creds,
187 (builder_function_t)openssl_rsa_private_key_connect);
188 lib->creds->remove_builder(lib->creds,
189 (builder_function_t)openssl_rsa_public_key_load);
190 #ifndef OPENSSL_NO_EC
191 lib->crypto->remove_dh(lib->crypto,
192 (dh_constructor_t)openssl_ec_diffie_hellman_create);
193 lib->creds->remove_builder(lib->creds,
194 (builder_function_t)openssl_ec_private_key_load);
195 lib->creds->remove_builder(lib->creds,
196 (builder_function_t)openssl_ec_private_key_gen);
197 lib->creds->remove_builder(lib->creds,
198 (builder_function_t)openssl_ec_public_key_load);
199 #endif /* OPENSSL_NO_EC */
200 lib->creds->remove_builder(lib->creds,
201 (builder_function_t)openssl_x509_load);
202 lib->creds->remove_builder(lib->creds,
203 (builder_function_t)openssl_crl_load);
204
205 #ifndef OPENSSL_NO_ENGINE
206 ENGINE_cleanup();
207 #endif /* OPENSSL_NO_ENGINE */
208 EVP_cleanup();
209 CONF_modules_free();
210
211 threading_cleanup();
212
213 free(this);
214 }
215
216 /*
217 * see header file
218 */
219 plugin_t *openssl_plugin_create()
220 {
221 private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t);
222
223 this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
224
225 threading_init();
226
227 OPENSSL_config(NULL);
228 OpenSSL_add_all_algorithms();
229
230 #ifndef OPENSSL_NO_ENGINE
231 /* activate support for hardware accelerators */
232 ENGINE_load_builtin_engines();
233 ENGINE_register_all_complete();
234 #endif /* OPENSSL_NO_ENGINE */
235
236 /* crypter */
237 lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
238 (crypter_constructor_t)openssl_crypter_create);
239 lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC,
240 (crypter_constructor_t)openssl_crypter_create);
241 lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
242 (crypter_constructor_t)openssl_crypter_create);
243 lib->crypto->add_crypter(lib->crypto, ENCR_RC5,
244 (crypter_constructor_t)openssl_crypter_create);
245 lib->crypto->add_crypter(lib->crypto, ENCR_IDEA,
246 (crypter_constructor_t)openssl_crypter_create);
247 lib->crypto->add_crypter(lib->crypto, ENCR_CAST,
248 (crypter_constructor_t)openssl_crypter_create);
249 lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH,
250 (crypter_constructor_t)openssl_crypter_create);
251 lib->crypto->add_crypter(lib->crypto, ENCR_DES,
252 (crypter_constructor_t)openssl_crypter_create);
253 lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB,
254 (crypter_constructor_t)openssl_crypter_create);
255 lib->crypto->add_crypter(lib->crypto, ENCR_NULL,
256 (crypter_constructor_t)openssl_crypter_create);
257
258 /* hasher */
259 lib->crypto->add_hasher(lib->crypto, HASH_SHA1,
260 (hasher_constructor_t)openssl_hasher_create);
261 lib->crypto->add_hasher(lib->crypto, HASH_MD2,
262 (hasher_constructor_t)openssl_hasher_create);
263 lib->crypto->add_hasher(lib->crypto, HASH_MD4,
264 (hasher_constructor_t)openssl_hasher_create);
265 lib->crypto->add_hasher(lib->crypto, HASH_MD5,
266 (hasher_constructor_t)openssl_hasher_create);
267 lib->crypto->add_hasher(lib->crypto, HASH_SHA224,
268 (hasher_constructor_t)openssl_hasher_create);
269 lib->crypto->add_hasher(lib->crypto, HASH_SHA256,
270 (hasher_constructor_t)openssl_hasher_create);
271 lib->crypto->add_hasher(lib->crypto, HASH_SHA384,
272 (hasher_constructor_t)openssl_hasher_create);
273 lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
274 (hasher_constructor_t)openssl_hasher_create);
275
276 /* prf */
277 lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1,
278 (prf_constructor_t)openssl_sha1_prf_create);
279
280 /* (ec) diffie hellman */
281 lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
282 (dh_constructor_t)openssl_diffie_hellman_create);
283 lib->crypto->add_dh(lib->crypto, MODP_2048_224,
284 (dh_constructor_t)openssl_diffie_hellman_create);
285 lib->crypto->add_dh(lib->crypto, MODP_2048_256,
286 (dh_constructor_t)openssl_diffie_hellman_create);
287 lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
288 (dh_constructor_t)openssl_diffie_hellman_create);
289 #ifndef OPENSSL_NO_EC
290 lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
291 (dh_constructor_t)openssl_ec_diffie_hellman_create);
292 lib->crypto->add_dh(lib->crypto, ECP_384_BIT,
293 (dh_constructor_t)openssl_ec_diffie_hellman_create);
294 lib->crypto->add_dh(lib->crypto, ECP_521_BIT,
295 (dh_constructor_t)openssl_ec_diffie_hellman_create);
296 lib->crypto->add_dh(lib->crypto, ECP_224_BIT,
297 (dh_constructor_t)openssl_ec_diffie_hellman_create);
298 lib->crypto->add_dh(lib->crypto, ECP_192_BIT,
299 (dh_constructor_t)openssl_ec_diffie_hellman_create);
300 #endif /* OPENSSL_NO_EC */
301 lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
302 (dh_constructor_t)openssl_diffie_hellman_create);
303 lib->crypto->add_dh(lib->crypto, MODP_4096_BIT,
304 (dh_constructor_t)openssl_diffie_hellman_create);
305 lib->crypto->add_dh(lib->crypto, MODP_6144_BIT,
306 (dh_constructor_t)openssl_diffie_hellman_create);
307 lib->crypto->add_dh(lib->crypto, MODP_8192_BIT,
308 (dh_constructor_t)openssl_diffie_hellman_create);
309 lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
310 (dh_constructor_t)openssl_diffie_hellman_create);
311 lib->crypto->add_dh(lib->crypto, MODP_1024_160,
312 (dh_constructor_t)openssl_diffie_hellman_create);
313 lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
314 (dh_constructor_t)openssl_diffie_hellman_create);
315
316 /* rsa */
317 lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
318 (builder_function_t)openssl_rsa_private_key_load);
319 lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
320 (builder_function_t)openssl_rsa_private_key_gen);
321 lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
322 (builder_function_t)openssl_rsa_private_key_connect);
323 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
324 (builder_function_t)openssl_rsa_public_key_load);
325 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
326 (builder_function_t)openssl_rsa_public_key_load);
327
328 #ifndef OPENSSL_NO_EC
329 /* ecdsa */
330 lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
331 (builder_function_t)openssl_ec_private_key_load);
332 lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
333 (builder_function_t)openssl_ec_private_key_gen);
334 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
335 (builder_function_t)openssl_ec_public_key_load);
336 #endif /* OPENSSL_NO_EC */
337
338 /* X509 certificates */
339 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
340 (builder_function_t)openssl_x509_load);
341 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
342 (builder_function_t)openssl_crl_load);
343
344 return &this->public.plugin;
345 }
346