aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials
Commit message (Collapse)AuthorAgeFilesLines
* auth-cfg: Add RSA/PSS schemes for pubkey and rsa if enabled in strongswan.confTobias Brunner2017-11-081-14/+52
| | | | Also document the rsa/pss prefix.
* builder: Add builder option to pass signature scheme and paramsTobias Brunner2017-11-082-1/+4
|
* signature-params: Add helpers to parse/build ASN.1 algorithmIdentifier for ↵Tobias Brunner2017-11-082-0/+85
| | | | signature schemes
* ikev2: Enumerate RSA/PSS schemes and use them if enabledTobias Brunner2017-11-082-17/+34
|
* signature-params: Use helper to build MGF1 algorithmIdentifierTobias Brunner2017-11-081-2/+2
|
* auth-cfg: Parse rsa/pss auth tokensTobias Brunner2017-11-081-25/+62
|
* auth-cfg: Store signature schemes as signature_params_t objectsTobias Brunner2017-11-083-38/+53
| | | | | Due to circular references the hasher_from_signature_scheme() helper does not take a signature_params_t object.
* certificate: Return signature scheme and parameters from issued_by() methodTobias Brunner2017-11-088-23/+38
| | | | | This also required some include restructuring (avoid including library.h in headers) to avoid unresolvable circular dependencies.
* signature-params: Add helper struct for signature scheme and parametersTobias Brunner2017-11-082-14/+195
|
* signature-params: Optionally pass a specific salt value when signingTobias Brunner2017-11-081-0/+2
|
* signature-params: Add functions to parse/build ASN.1 RSASSA-PSS paramsTobias Brunner2017-11-082-0/+186
|
* signature-params: Add struct for RSASSA-PSS parametersTobias Brunner2017-11-081-0/+41
|
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-081-2/+4
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-082-6/+7
|
* public-key: Add RSASSA-PSS signature scheme identifierTobias Brunner2017-11-082-0/+8
|
* certificates: Use shared destructor for x509_cdp_tTobias Brunner2017-09-182-2/+14
|
* credential-manager: Log issuer identity if not foundTobias Brunner2017-07-271-0/+2
|
* auth-cfg: Don't limit subjectAltName check to received certificatesTobias Brunner2017-07-271-1/+1
| | | | Otherwise this won't work if the certificate is only locally available.
* Fixed some typos, courtesy of codespellTobias Brunner2017-05-261-1/+1
|
* linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-262-13/+15
| | | | This avoids the unportable five pointer hack.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-262-111/+129
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-267-73/+104
|
* credential-manager: Prefer local over global setsAdrian-Ken Rueegsegger2017-05-231-7/+7
| | | | | Invert set enumeration order to first enumerate local and then global credential sets.
* Reference Edwards-curve signature RFCsAndreas Steffen2017-03-201-5/+5
|
* builder: Define a builder part for X.509 RFC 3779 address blocksMartin Willi2017-02-272-0/+3
|
* mem-cred: Add methods to add/remove shared keys with unique identifiersTobias Brunner2017-02-162-6/+107
| | | | Also added is a method to enumerate the unique identifiers.
* mem-cred: Add method to remove a private key with a specific fingerprintTobias Brunner2017-02-162-2/+38
|
* Implemented EdDSA for IKEv2 using a pro forma Identity hash functionAndreas Steffen2016-12-141-17/+31
|
* Added support of EdDSA signaturesAndreas Steffen2016-12-145-17/+51
|
* Fixed in-place update of cached base and delta CRLsAndreas Steffen2016-10-301-4/+4
|
* Newer CRLs replace older versions of the CRL in the cacheAndreas Steffen2016-10-261-0/+39
|
* mem-cred: Support storing a delta CRL together with its baseTobias Brunner2016-10-111-8/+30
| | | | | | | | | | | | So far every "newer" CRL (higher serial or by date) replaced an existing "older" CRL. This meant that delta CRLs replaced an existing base CRL and that base CRLs weren't added if a delta CRL was already stored. So the base had to be re-fetched every time after a delta CRL was added. With this change one delta CRL to the latest base may be stored. A newer delta CRL will replace an existing delta CRL (but not its base, older base CRLs are removed, though). And a newer base will replace the existing base and optional delta CRL.
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-223-34/+67
|
* auth-cfg-wrapper: Fix memory leak with hash-and-URL certificatesTobias Brunner2016-09-121-1/+1
| | | | | | | We wrap the auth-cfg object and its contents, so there is no need to get an additional reference for the enumerated certificate. Fixes a44bb9345f04 ("merged multi-auth branch back into trunk")
* mem-cred: Fix memory leak when replacing existing CRLsTobias Brunner2016-05-111-0/+1
| | | | Fixes #1442.
* Use standard unsigned integer typesAndreas Steffen2016-03-243-7/+7
|
* Fix some Doxygen issuesTobias Brunner2016-03-111-5/+5
|
* auth-cfg: Add a rule to suspend certificate validation constraintsTobias Brunner2016-03-102-0/+18
|
* credential-manager: Check cache queue when destroying trusted certificate ↵Tobias Brunner2016-03-101-1/+2
| | | | | | | | | | enumerator We already do this in the trusted public key enumerator (which internally uses the trusted certificate enumerator) but should do so also when this enumerator is used directly (since the public key enumerator has the read lock the additional call will just be skipped there).
* credential-manager: Make online revocation checks optional for public key ↵Tobias Brunner2016-03-102-3/+9
| | | | enumerator
* auth-cfg: Make IKE signature schemes configurableTobias Brunner2016-03-042-37/+63
| | | | | | This also restores the charon.signature_authentication_constraints functionality, that is, if no explicit IKE signature schemes are configured we apply all regular signature constraints as IKE constraints.
* ikev2: Diversify signature scheme ruleThomas Egerer2016-03-042-30/+68
| | | | | | | This allows for different signature schemes for IKE authentication and trustchain verification. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Apply pubkey and signature constraints in vici pluginAndreas Steffen2015-12-172-0/+117
|
* Refactored certificate management for the vici and stroke interfaces5.4.0dr1Andreas Steffen2015-12-122-30/+130
|
* Changed some certificate_type_names and added x509_flag_namesAndreas Steffen2015-12-113-4/+36
|
* Print OCSP single responsesAndreas Steffen2015-12-112-3/+82
|
* Standardized printing of certificate informationAndreas Steffen2015-12-112-0/+651
| | | | | | | The certificate_printer class allows the printing of certificate information to a text file (usually stdout). This class is used by the pki --print and swanctl --list-certs commands as well as by the stroke plugin.
* auth-cfg: Prefer merged rules over existing ones when moving themTobias Brunner2015-11-121-3/+3
| | | | | | This is particularly important for single valued rules (e.g. identities). When copying values this is already handled correctly by the enumerator and add().
* Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemesAndreas Steffen2015-11-062-28/+28
|
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-032-4/+28
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 19:50:07 +0000