wolfssl: Fixes, code style changes and some refactorings
[strongswan.git] / src / libstrongswan / plugins / wolfssl / wolfssl_plugin.c
1 /*
2 * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20 * THE SOFTWARE.
21 */
22
23 #include <library.h>
24 #include <utils/debug.h>
25
26 #include "wolfssl_common.h"
27 #include "wolfssl_plugin.h"
28 #include "wolfssl_aead.h"
29 #include "wolfssl_crypter.h"
30 #include "wolfssl_diffie_hellman.h"
31 #include "wolfssl_ec_diffie_hellman.h"
32 #include "wolfssl_ec_private_key.h"
33 #include "wolfssl_ec_public_key.h"
34 #include "wolfssl_ed_private_key.h"
35 #include "wolfssl_ed_public_key.h"
36 #include "wolfssl_hasher.h"
37 #include "wolfssl_hmac.h"
38 #include "wolfssl_rsa_private_key.h"
39 #include "wolfssl_rsa_public_key.h"
40 #include "wolfssl_rng.h"
41 #include "wolfssl_sha1_prf.h"
42 #include "wolfssl_x_diffie_hellman.h"
43
44 #ifndef FIPS_MODE
45 #define FIPS_MODE 0
46 #endif
47
48 typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t;
49
50 /**
51 * Private data of wolfssl_plugin
52 */
53 struct private_wolfssl_plugin_t {
54
55 /**
56 * Public interface
57 */
58 wolfssl_plugin_t public;
59 };
60
61 METHOD(plugin_t, get_name, char*,
62 private_wolfssl_plugin_t *this)
63 {
64 return "wolfssl";
65 }
66
67 METHOD(plugin_t, get_features, int,
68 private_wolfssl_plugin_t *this, plugin_feature_t *features[])
69 {
70 static plugin_feature_t f[] = {
71 /* crypters */
72 PLUGIN_REGISTER(CRYPTER, wolfssl_crypter_create),
73 #if !defined(NO_AES) && !defined(NO_AES_CTR)
74 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
75 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
76 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
77 #endif
78 #if !defined(NO_AES) && !defined(NO_AES_CBC)
79 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
80 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
81 PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
82 #endif
83 #ifdef HAVE_CAMELLIA
84 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
85 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
86 PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
87 #endif
88 #ifndef NO_DES3
89 PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
90 PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
91 #ifdef WOLFSSL_DES_ECB
92 PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
93 #endif
94 #endif
95 PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
96 /* hashers */
97 PLUGIN_REGISTER(HASHER, wolfssl_hasher_create),
98 #ifndef NO_MD5
99 PLUGIN_PROVIDE(HASHER, HASH_MD5),
100 #endif
101 #ifndef NO_SHA
102 PLUGIN_PROVIDE(HASHER, HASH_SHA1),
103 #endif
104 #ifdef WOLFSSL_SHA224
105 PLUGIN_PROVIDE(HASHER, HASH_SHA224),
106 #endif
107 #ifndef NO_SHA256
108 PLUGIN_PROVIDE(HASHER, HASH_SHA256),
109 #endif
110 #ifdef WOLFSSL_SHA384
111 PLUGIN_PROVIDE(HASHER, HASH_SHA384),
112 #endif
113 #ifdef WOLFSSL_SHA512
114 PLUGIN_PROVIDE(HASHER, HASH_SHA512),
115 #endif
116 #ifndef NO_SHA
117 /* keyed sha1 hasher (aka prf) */
118 PLUGIN_REGISTER(PRF, wolfssl_sha1_prf_create),
119 PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
120 #endif
121 #ifndef NO_HMAC
122 PLUGIN_REGISTER(PRF, wolfssl_hmac_prf_create),
123 #ifndef NO_MD5
124 PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5),
125 #endif
126 #ifndef NO_SHA
127 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
128 #endif
129 #ifndef NO_SHA256
130 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
131 #endif
132 #ifdef WOLFSSL_SHA384
133 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
134 #endif
135 #ifdef WOLFSSL_SHA512
136 PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
137 #endif
138 PLUGIN_REGISTER(SIGNER, wolfssl_hmac_signer_create),
139 #ifndef NO_MD5
140 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96),
141 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128),
142 #endif
143 #ifndef NO_SHA
144 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
145 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
146 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
147 #endif
148 #ifndef NO_SHA256
149 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
150 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
151 #endif
152 #ifdef WOLFSSL_SHA384
153 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
154 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
155 #endif
156 #ifdef WOLFSSL_SHA512
157 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
158 PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
159 #endif
160 #endif /* NO_HMAC */
161 #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \
162 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
163 PLUGIN_REGISTER(AEAD, wolfssl_aead_create),
164 #if !defined(NO_AES) && defined(HAVE_AESGCM)
165 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
166 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
167 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
168 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 12
169 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
170 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
171 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
172 #endif
173 #if WOLFSSL_MIN_AUTH_TAG_SZ <= 8
174 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
175 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
176 PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
177 #endif
178 #endif /* !NO_AES && HAVE_AESGCM */
179 #if !defined(NO_AES) && defined(HAVE_AESCCM)
180 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16),
181 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24),
182 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32),
183 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16),
184 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24),
185 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32),
186 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16),
187 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24),
188 PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32),
189 #endif /* !NO_AES && HAVE_AESCCM */
190 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
191 PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
192 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
193 #endif
194 #ifdef HAVE_ECC_DHE
195 /* EC DH groups */
196 PLUGIN_REGISTER(DH, wolfssl_ec_diffie_hellman_create),
197 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
198 PLUGIN_PROVIDE(DH, ECP_256_BIT),
199 #endif
200 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
201 PLUGIN_PROVIDE(DH, ECP_384_BIT),
202 #endif
203 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
204 PLUGIN_PROVIDE(DH, ECP_521_BIT),
205 #endif
206 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
207 PLUGIN_PROVIDE(DH, ECP_224_BIT),
208 #endif
209 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
210 PLUGIN_PROVIDE(DH, ECP_192_BIT),
211 #endif
212 #ifdef HAVE_BRAINPOOL
213 #if !define(NO_ECC256) || defined(HAVE_ALL_CURVES)
214 PLUGIN_PROVIDE(DH, ECP_256_BP),
215 #endif
216 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
217 PLUGIN_PROVIDE(DH, ECP_384_BP),
218 #endif
219 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
220 PLUGIN_PROVIDE(DH, ECP_512_BP),
221 #endif
222 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
223 PLUGIN_PROVIDE(DH, ECP_224_BP),
224 #endif
225 #endif
226 #endif /* HAVE_ECC_DHE */
227 #ifndef NO_DH
228 /* MODP DH groups */
229 PLUGIN_REGISTER(DH, wolfssl_diffie_hellman_create),
230 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2)
231 PLUGIN_PROVIDE(DH, MODP_3072_BIT),
232 #endif
233 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2)
234 PLUGIN_PROVIDE(DH, MODP_4096_BIT),
235 #endif
236 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2)
237 PLUGIN_PROVIDE(DH, MODP_6144_BIT),
238 #endif
239 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2)
240 PLUGIN_PROVIDE(DH, MODP_8192_BIT),
241 #endif
242 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2)
243 PLUGIN_PROVIDE(DH, MODP_2048_BIT),
244 PLUGIN_PROVIDE(DH, MODP_2048_224),
245 PLUGIN_PROVIDE(DH, MODP_2048_256),
246 #endif
247 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2)
248 PLUGIN_PROVIDE(DH, MODP_1536_BIT),
249 #endif
250 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2)
251 PLUGIN_PROVIDE(DH, MODP_1024_BIT),
252 PLUGIN_PROVIDE(DH, MODP_1024_160),
253 #endif
254 #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2)
255 PLUGIN_PROVIDE(DH, MODP_768_BIT),
256 #endif
257 PLUGIN_PROVIDE(DH, MODP_CUSTOM),
258 #endif /* NO_DH */
259 #ifndef NO_RSA
260 /* RSA private/public key loading */
261 PLUGIN_REGISTER(PRIVKEY, wolfssl_rsa_private_key_load, TRUE),
262 PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
263 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
264 PLUGIN_REGISTER(PUBKEY, wolfssl_rsa_public_key_load, TRUE),
265 PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
266 #ifdef WOLFSSL_KEY_GEN
267 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_rsa_private_key_gen, FALSE),
268 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
269 #endif
270 /* signature/encryption schemes */
271 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
272 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
273 #ifdef WC_RSA_PSS
274 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
275 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
276 #endif
277 #ifndef NO_SHA
278 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
279 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
280 #endif
281 #ifdef WOLFSSL_SHA224
282 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
283 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
284 #endif
285 #ifndef NO_SHA256
286 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
287 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
288 #endif
289 #ifdef WOLFSSL_SHA384
290 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
291 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
292 #endif
293 #ifdef WOLFSSL_SHA512
294 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
295 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
296 #endif
297 #ifndef NO_MD5
298 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
299 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
300 #endif
301 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
302 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
303 #ifndef WC_NO_RSA_OAEP
304 #ifndef NO_SHA
305 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1),
306 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1),
307 #endif
308 #ifdef WOLFSSL_SHA224
309 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224),
310 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA224),
311 #endif
312 #ifndef NO_SHA256
313 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256),
314 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA256),
315 #endif
316 #ifdef WOLFSSL_SHA384
317 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384),
318 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA384),
319 #endif
320 #ifdef WOLFSSL_SHA512
321 PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
322 PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512),
323 #endif
324 #endif /* !WC_NO_RSA_OAEP */
325 #endif /* !NO_RSA */
326 #ifdef HAVE_ECC
327 #ifdef HAVE_ECC_KEY_IMPORT
328 /* EC private/public key loading */
329 PLUGIN_REGISTER(PRIVKEY, wolfssl_ec_private_key_load, TRUE),
330 PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
331 PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
332 #endif
333 #ifdef HAVE_ECC_DHE
334 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ec_private_key_gen, FALSE),
335 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
336 #endif
337 #ifdef HAVE_ECC_KEY_IMPORT
338 PLUGIN_REGISTER(PUBKEY, wolfssl_ec_public_key_load, TRUE),
339 PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
340 #endif
341 #ifdef HAVE_ECC_SIGN
342 /* signature encryption schemes */
343 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
344 #ifndef NO_SHA
345 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
346 #endif
347 #ifndef NO_SHA256
348 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
349 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
350 #endif
351 #ifdef WOLFSSL_SHA384
352 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
353 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
354 #endif
355 #ifdef WOLFSSL_SHA512
356 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
357 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
358 #endif
359 #endif /* HAVE_ECC_SIGN */
360 #ifdef HAVE_ECC_VERIFY
361 /* signature encryption schemes */
362 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
363 #ifndef NO_SHA
364 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
365 #endif
366 #ifndef NO_SHA256
367 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
368 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
369 #endif
370 #ifdef WOLFSSL_SHA384
371 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
372 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
373 #endif
374 #ifdef WOLFSSL_SHA512
375 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
376 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
377 #endif
378 #endif /* HAVE_ECC_VERIFY */
379 #endif /* HAVE_ECC */
380 #ifdef HAVE_CURVE25519
381 PLUGIN_REGISTER(DH, wolfssl_x_diffie_hellman_create),
382 PLUGIN_PROVIDE(DH, CURVE_25519),
383 #endif
384 #ifdef HAVE_ED25519
385 /* EdDSA private/public key loading */
386 PLUGIN_REGISTER(PUBKEY, wolfssl_ed_public_key_load, TRUE),
387 PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
388 PLUGIN_REGISTER(PRIVKEY, wolfssl_ed_private_key_load, TRUE),
389 PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
390 PLUGIN_REGISTER(PRIVKEY_GEN, wolfssl_ed_private_key_gen, FALSE),
391 PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
392 #ifdef HAVE_ED25519_SIGN
393 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
394 #endif
395 #ifdef HAVE_ED25519_VERIFY
396 PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
397 #endif
398 /* register a pro forma identity hasher, never instantiated */
399 PLUGIN_REGISTER(HASHER, return_null),
400 PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
401 #endif /* HAVE_ED25519 */
402 #ifndef WC_NO_RNG
403 /* generic key loader */
404 PLUGIN_REGISTER(RNG, wolfssl_rng_create),
405 PLUGIN_PROVIDE(RNG, RNG_STRONG),
406 PLUGIN_PROVIDE(RNG, RNG_WEAK),
407 #endif
408 };
409 *features = f;
410 return countof(f);
411 }
412
413 METHOD(plugin_t, destroy, void,
414 private_wolfssl_plugin_t *this)
415 {
416 #ifndef WC_NO_RNG
417 wolfssl_rng_global_final();
418 #endif
419 wolfSSL_Cleanup();
420
421 free(this);
422 }
423
424 /*
425 * Described in header
426 */
427 plugin_t *wolfssl_plugin_create()
428 {
429 private_wolfssl_plugin_t *this;
430 bool fips_mode;
431
432 fips_mode = lib->settings->get_bool(lib->settings,
433 "%s.plugins.wolfssl.fips_mode", FALSE, lib->ns);
434 #ifdef HAVE_FIPS
435 if (fips_mode)
436 {
437 int ret = wolfCrypt_GetStatus_fips();
438 if (ret != 0)
439 {
440 DBG1(DBG_LIB, "wolfssl FIPS mode unavailable (%d)", ret);
441 return NULL;
442 }
443 }
444 #else
445 if (fips_mode)
446 {
447 DBG1(DBG_LIB, "wolfssl FIPS mode unavailable");
448 return NULL;
449 }
450 #endif
451
452 wolfSSL_Init();
453 #ifndef WC_NO_RNG
454 if (!wolfssl_rng_global_init())
455 {
456 return NULL;
457 }
458 #endif
459
460 INIT(this,
461 .public = {
462 .plugin = {
463 .get_name = _get_name,
464 .get_features = _get_features,
465 .destroy = _destroy,
466 },
467 },
468 );
469
470 return &this->public.plugin;
471 }