Merge branch 'ikev2-signature-authentication'

This adds support for RFC 7427 signature authentication in IKEv2, enabling the use of stronger signature schemes (e.g. RSA with SHA-2) for IKE authentication. Public key constraints defined in `rightauth` are now also checked against IKEv2 signature schemes (may be disabled via strongswan.conf). Fixes #863.
author: Tobias Brunner <tobias@strongswan.org> 2015-03-04 13:56:50 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2015-03-04 13:56:50 +0100
commit: 0a8268d0f173bbddf20dc69a077d2abf3ce0d3e4 (patch)
tree: df0c6d792ad540ef1a340bcc3ad5fbf4875f0df0 /src/libcharon/encoding/payloads/notify_payload.h
parent: dd0ebb54837298c869389d36a0b42eefdb893dd6 (diff)
parent: 3f1ef3a678159e1523f38a3e50ccb55afc4461a4 (diff)
download: strongswan-0a8268d0f173bbddf20dc69a077d2abf3ce0d3e4.tar.bz2
strongswan-0a8268d0f173bbddf20dc69a077d2abf3ce0d3e4.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 25521c2bb..690757383 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -151,6 +151,8 @@ enum notify_type_t {
 	SENDER_REQUEST_ID = 16429,
 	/* IKEv2 fragmentation supported, RFC 7383 */
 	FRAGMENTATION_SUPPORTED = 16430,
+	/* Signature Hash Algorithms, RFC 7427 */
+	SIGNATURE_HASH_ALGORITHMS = 16431,
 	/* IKEv1 initial contact */
 	INITIAL_CONTACT_IKEV1 = 24578,
 	/* IKEv1 DPD */
author	Tobias Brunner <tobias@strongswan.org>	2015-03-04 13:56:50 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2015-03-04 13:56:50 +0100
commit	0a8268d0f173bbddf20dc69a077d2abf3ce0d3e4 (patch)
tree	df0c6d792ad540ef1a340bcc3ad5fbf4875f0df0 /src/libcharon/encoding/payloads/notify_payload.h
parent	dd0ebb54837298c869389d36a0b42eefdb893dd6 (diff)
parent	3f1ef3a678159e1523f38a3e50ccb55afc4461a4 (diff)
download	strongswan-0a8268d0f173bbddf20dc69a077d2abf3ce0d3e4.tar.bz2 strongswan-0a8268d0f173bbddf20dc69a077d2abf3ce0d3e4.tar.xz