wolfssl: Full support of SHA3 signatures

2021-06-01 20:13:20 +02:00 · 2021-06-01 20:13:20 +02:00 · 8bbd7bbd36
parent e0044e5f48
commit 8bbd7bbd36
3 changed files with 68 additions and 18 deletions
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
@ -302,37 +302,55 @@ METHOD(plugin_t, get_features, int,
 		/* signature/encryption schemes */
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
-#ifdef WC_RSA_PSS
+	#ifdef WC_RSA_PSS
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
-#endif
-#ifndef NO_SHA
+	#endif
+	#ifndef NO_SHA
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
-#endif
-#ifdef WOLFSSL_SHA224
+	#endif
+	#ifdef WOLFSSL_SHA224
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
-#endif
-#ifndef NO_SHA256
+	#endif
+	#ifndef NO_SHA256
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
-#endif
-#ifdef WOLFSSL_SHA384
+	#endif
+	#ifdef WOLFSSL_SHA384
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
-#endif
-#ifdef WOLFSSL_SHA512
+	#endif
+	#ifdef WOLFSSL_SHA512
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
-#endif
-#ifndef NO_MD5
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
-#endif
+	#endif
+	#if defined(WOLFSSL_SHA3) && LIBWOLFSSL_VERSION_HEX >= 0x04007001
+	#ifndef WOLFSSL_NOSHA3_224
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+	#endif
+	#ifndef WOLFSSL_NOSHA3_256
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+	#endif
+	#ifndef WOLFSSL_NOSHA3_384
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+	#endif
+	#ifndef WOLFSSL_NOSHA3_512
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+	#endif
+	#endif /* WOLFSSL_SHA3 */
 		PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
 		PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
-#ifndef WC_NO_RSA_OAEP
+	#ifndef NO_MD5
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
+	#endif
+	#ifndef WC_NO_RSA_OAEP
 	#ifndef NO_SHA
 		PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1),
 		PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1),
@ -353,7 +371,7 @@ METHOD(plugin_t, get_features, int,
 		PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
 		PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512),
 	#endif
-#endif /* !WC_NO_RSA_OAEP */
+	#endif /* !WC_NO_RSA_OAEP */
 #endif /* !NO_RSA */
 #ifdef HAVE_ECC
 	#ifdef HAVE_ECC_KEY_IMPORT
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c
@ -200,6 +200,26 @@ METHOD(private_key_t, sign, bool,
 			return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data,
 											  signature);
 #endif
+#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_224,
+											  data, signature);
+#endif
+#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_256,
+											  data, signature);
+#endif
+#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_384,
+											  data, signature);
+#endif
+#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_512,
+											 data, signature);
+#endif
 #ifndef NO_SHA
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data,
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c
@ -187,6 +187,18 @@ METHOD(public_key_t, verify, bool,
 		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data,
 											   signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_224, data,
+											   signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_256, data,
+											   signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_384, data,
+											   signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_512, data,
+											   signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data,
 											   signature);