openssl: Add support for ChaCha20-Poly1305
authorTobias Brunner <tobias@strongswan.org>
Mon, 4 Mar 2019 16:55:41 +0000 (17:55 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 8 Mar 2019 14:55:52 +0000 (15:55 +0100)
It's available since OpenSSL 1.1.0.

src/libstrongswan/plugins/openssl/openssl_aead.c
src/libstrongswan/plugins/openssl/openssl_plugin.c

index 1d5b8fc..52c5ac3 100644 (file)
@@ -239,6 +239,9 @@ aead_t *openssl_aead_create(encryption_algorithm_t algo,
                case ENCR_AES_GCM_ICV16:
                        this->icv_size = 16;
                        break;
+               case ENCR_CHACHA20_POLY1305:
+                       this->icv_size = 16;
+                       break;
                default:
                        free(this);
                        return NULL;
@@ -275,6 +278,22 @@ aead_t *openssl_aead_create(encryption_algorithm_t algo,
                                        return NULL;
                        }
                        break;
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)
+               case ENCR_CHACHA20_POLY1305:
+                       switch (key_size)
+                       {
+                               case 0:
+                                       key_size = 32;
+                                       /* FALL */
+                               case 32:
+                                       this->cipher = EVP_chacha20_poly1305();
+                                       break;
+                               default:
+                                       free(this);
+                                       return NULL;
+                       }
+                       break;
+#endif /* OPENSSL_NO_CHACHA */
                default:
                        free(this);
                        return NULL;
index 0661fdb..c2dbf53 100644 (file)
@@ -580,10 +580,11 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
 #endif
 #endif /* OPENSSL_NO_HMAC */
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
-#ifndef OPENSSL_NO_AES
-               /* AES GCM */
+#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_AES)) || \
+       (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA))
+               /* AEAD (AES GCM since 1.0.1, ChaCha20-Poly1305 since 1.1.0) */
                PLUGIN_REGISTER(AEAD, openssl_aead_create),
+#ifndef OPENSSL_NO_AES
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
@@ -594,6 +595,9 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8,  24),
                        PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8,  32),
 #endif /* OPENSSL_NO_AES */
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)
+                       PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
+#endif /* OPENSSL_NO_CHACHA */
 #endif /* OPENSSL_VERSION_NUMBER */
 #ifndef OPENSSL_NO_ECDH
                /* EC DH groups */