aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/pkcs11
Commit message (Collapse)AuthorAgeFilesLines
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-221-4/+4
|
* pkcs11: Skip zero-padding of r and s when preparing EC signatureTobias Brunner2016-04-051-3/+9
| | | | | | They are zero padded to fill the buffer. Fixes #1377.
* Use standard unsigned integer typesAndreas Steffen2016-03-242-2/+2
|
* pkcs11: Fix encoding of RSA keys if unnecessarily zero prefixedTobias Brunner2015-08-061-3/+8
| | | | | | | | | | | | | | Some tokens/libraries seem to prefix all numbers with zero bytes even if not necessary (e.g. the default exponent 0x010001). If we don't fix that, the fingerprints calculated based on the retrieved values will be incorrect. Even if the pkcs1 plugin can properly handle numbers that are not in two's complement since a81bd670b086 ("Added PUBKEY_RSA_MODULUS encoding type") we prefix them with zero if necessary as other encoders might expect them in two's complement. Fixes #1012.
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-231-0/+5
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-7/+7
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-1/+2
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-231-3/+3
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* pkcs11: Convert RFC 3279 ECDSA signatures when verifyingTobias Brunner2015-03-091-4/+33
| | | | References #873.
* pkcs11: Properly encode RFC 3279 ECDSA signaturesTobias Brunner2015-03-091-2/+19
| | | | Fixes #873.
* pkcs11: Properly encode EC_POINTs created on a tokenTobias Brunner2015-03-091-5/+8
| | | | | | | Some tokens might not fail when creating EC public keys in the incorrect format, but they will later not be able to use them to verify signatures. References #872.
* pkcs11: Properly handle EC_POINTs returned as ASN.1 octet stringTobias Brunner2015-03-091-1/+43
| | | | | | | This is the correct encoding but we internally only use unwrapped keys and some tokens return them unwrapped. Fixes #872.
* crypto: Define MODP_CUSTOM outside of IKE DH rangeTobias Brunner2014-12-231-1/+1
| | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* enum: Don't directly include enum.hMartin Willi2014-05-161-1/+1
| | | | | To allow enum.h to depend on utils.h definitions, avoid its direct inclusion. Instead include utils.h, which includes enum.h as well.
* lib: All settings use configured namespaceTobias Brunner2014-02-123-14/+14
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-3/+4
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* pkcs11: Use plugin_features_add() in get_features()Tobias Brunner2013-06-111-21/+8
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-249-9/+9
|
* Moved enum_name_t to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved chunk_t to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-245-5/+5
|
* PKCS#11 library search using keyid uses a fallback to look for certificatesMartin Willi2012-10-241-4/+8
|
* Add a strongswan.conf option to disable loading of all certificates from a ↵Martin Willi2012-10-241-6/+11
| | | | pkcs11 module
* Explicit pkcs11 certificate loading can enforce a module and a slotMartin Willi2012-10-242-4/+21
|
* Be less verbose if loading PKCS#11 certificate failsMartin Willi2012-10-241-6/+1
|
* Add a builder to load specific pkcs11 certificates by keyidMartin Willi2012-10-243-0/+115
|
* If no pkcs11 public key for a private key found, search for a certificateMartin Willi2012-10-241-4/+53
|
* Move pkcs11 public key lookup function declaration to header fileMartin Willi2012-10-243-20/+18
|
* Added an option to reload certificates from PKCS#11 tokens on SIGHUPTobias Brunner2012-10-181-0/+16
|
* Copy the name of pkcs11_library_t objectsTobias Brunner2012-10-182-2/+3
| | | | | Strings returned by settings_t.create_section_enumerator will be freed when the config is reloaded.
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-2/+3
|
* Add a return value to hasher_t.reset()Martin Willi2012-07-161-1/+2
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-163-14/+15
|
* Add a return value to hasher_t.get_hash()Martin Willi2012-07-161-11/+24
|
* RNGs' get_bytes and allocate_bytes return booleanTobias Brunner2012-07-161-4/+10
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-251-17/+3
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Compiler warnings fixed.Tobias Brunner2012-02-141-1/+1
|
* pkcs11: Fixed a bug when creating public keys.Tobias Brunner2011-11-091-1/+1
|
* Common spelling errors fixed.Tobias Brunner2011-11-031-1/+1
|
* pkcs11: Make public key operations on tokens optional.Tobias Brunner2011-11-031-20/+21
|
* pkcs11: Make sure a key can be used for a given signature scheme.Tobias Brunner2011-11-023-16/+31
|
* pkcs11: Register ECDSA feature.Tobias Brunner2011-11-021-1/+10
|
* pkcs11: We have to create our own hashes for some signature schemes.Tobias Brunner2011-11-024-12/+81
|
* pkcs11: Lookup the public key of a private key by CKA_ID.Tobias Brunner2011-11-022-0/+125
| | | | | | Currently this only works if a public key object with the same ID is available, if there isn't one we could search for a certificate with the same ID and extract the key from there.
* pkcs11: Search for private keys in a more generic way.Tobias Brunner2011-11-021-20/+19
| | | | | | Also, don't extract the public key directly from the private key. Some tokens actually do not return the public exponent (it's not required). We have to find a different way to get the public key.
* pkcs11: Added support to encode ECDSA public keys.Tobias Brunner2011-11-021-0/+89
|
* pkcs11: Parse ECDSA public keys and find/create them on tokens.Tobias Brunner2011-11-021-2/+177
|
* pkcs11: Added generic functions to find/create public keys on tokens.Tobias Brunner2011-11-021-40/+75
|
* pkcs11: Store public key length in bits.Tobias Brunner2011-11-021-3/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 18:16:45 +0000