From 8bbd7bbd3667bc301217845951dc3016b548154a Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Tue, 1 Jun 2021 20:13:20 +0200 Subject: [PATCH] wolfssl: Full support of SHA3 signatures --- .../plugins/wolfssl/wolfssl_plugin.c | 54 ++++++++++++------- .../plugins/wolfssl/wolfssl_rsa_private_key.c | 20 +++++++ .../plugins/wolfssl/wolfssl_rsa_public_key.c | 12 +++++ 3 files changed, 68 insertions(+), 18 deletions(-) diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c index 83ba4f380..6b35aa3d9 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c @@ -302,37 +302,55 @@ METHOD(plugin_t, get_features, int, /* signature/encryption schemes */ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), -#ifdef WC_RSA_PSS + #ifdef WC_RSA_PSS PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), -#endif -#ifndef NO_SHA + #endif + #ifndef NO_SHA PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), -#endif -#ifdef WOLFSSL_SHA224 + #endif + #ifdef WOLFSSL_SHA224 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), -#endif -#ifndef NO_SHA256 + #endif + #ifndef NO_SHA256 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), -#endif -#ifdef WOLFSSL_SHA384 + #endif + #ifdef WOLFSSL_SHA384 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), -#endif -#ifdef WOLFSSL_SHA512 + #endif + #ifdef WOLFSSL_SHA512 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), -#endif -#ifndef NO_MD5 - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), -#endif + #endif + #if defined(WOLFSSL_SHA3) && LIBWOLFSSL_VERSION_HEX >= 0x04007001 + #ifndef WOLFSSL_NOSHA3_224 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224), + #endif + #ifndef WOLFSSL_NOSHA3_256 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256), + #endif + #ifndef WOLFSSL_NOSHA3_384 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384), + #endif + #ifndef WOLFSSL_NOSHA3_512 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512), + #endif + #endif /* WOLFSSL_SHA3 */ PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), -#ifndef WC_NO_RSA_OAEP + #ifndef NO_MD5 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), + #endif + #ifndef WC_NO_RSA_OAEP #ifndef NO_SHA PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA1), PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA1), @@ -353,7 +371,7 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512), PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_OAEP_SHA512), #endif -#endif /* !WC_NO_RSA_OAEP */ + #endif /* !WC_NO_RSA_OAEP */ #endif /* !NO_RSA */ #ifdef HAVE_ECC #ifdef HAVE_ECC_KEY_IMPORT diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c index 2270b4620..028d50c1a 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c @@ -200,6 +200,26 @@ METHOD(private_key_t, sign, bool, return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data, signature); #endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_224, + data, signature); +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_256, + data, signature); +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_384, + data, signature); +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_512, + data, signature); +#endif #ifndef NO_SHA case SIGN_RSA_EMSA_PKCS1_SHA1: return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data, diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c index 2824e9a17..4a03d4014 100644 --- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c @@ -187,6 +187,18 @@ METHOD(public_key_t, verify, bool, case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_224, data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_256, data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_384, data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_512, data, + signature); case SIGN_RSA_EMSA_PKCS1_SHA1: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data, signature);