aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/pkcs11
Commit message (Collapse)AuthorAgeFilesLines
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-081-1/+1
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-081-1/+1
|
* pkcs11: Call C_Finalize() to cancel jobs waiting in C_WaitForSlotEvent()Tobias Brunner2017-11-021-9/+14
| | | | | | | | | | | | | | | | This is not ideal as the call to C_Finalize() should be the last one via the PKCS#11 API. Since the order in which jobs are canceled is undefined we can't be sure there is no other thread still using the library (it could even be the canceled job that still handles a previous slot event). According to PKCS#11 the behavior of C_Finalize() is undefined while other threads still make calls over the API. However, canceling the thread, as done previously, could also be problematic as PKCS#11 libraries could hold locks while in the C_WaitForSlotEvent() call, which might not get released properly when the thread is just canceled, and which then might cause later calls to other API functions to block. Fixes #2437.
* Define MODP_CUSTOM constructors as variadic functionsTobias Brunner2017-09-182-6/+6
| | | | | | They now match the dh_constructor_t signature. This is a follow up for the changes merged with b668bf3f9ec1 and should fix use of MODP_CUSTOM on Apple's ARM64 platform.
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-18/+20
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-262-9/+23
|
* pkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyIdRaphael Geissert2016-10-041-4/+152
| | | | | | | | | | | | | | charon-nm fails to find the private key when its CKA_ID doesn't match the subjectKeyIdentifier of the X.509 certificate. In such cases, the private key builder now falls back to enumerating all the certificates, looking for one that matches the supplied subjectKeyIdentifier. It then uses the CKA_ID of that certificate to find the corresponding private key. It effectively means that PKCS#11 tokens where the only identifier to relate the certificate, the public key, and the private key is the CKA_ID are now supported by charon-nm. Fixes #490.
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-221-4/+4
|
* pkcs11: Skip zero-padding of r and s when preparing EC signatureTobias Brunner2016-04-051-3/+9
| | | | | | They are zero padded to fill the buffer. Fixes #1377.
* Use standard unsigned integer typesAndreas Steffen2016-03-242-2/+2
|
* pkcs11: Fix encoding of RSA keys if unnecessarily zero prefixedTobias Brunner2015-08-061-3/+8
| | | | | | | | | | | | | | Some tokens/libraries seem to prefix all numbers with zero bytes even if not necessary (e.g. the default exponent 0x010001). If we don't fix that, the fingerprints calculated based on the retrieved values will be incorrect. Even if the pkcs1 plugin can properly handle numbers that are not in two's complement since a81bd670b086 ("Added PUBKEY_RSA_MODULUS encoding type") we prefix them with zero if necessary as other encoders might expect them in two's complement. Fixes #1012.
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-231-0/+5
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-7/+7
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-1/+2
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-231-3/+3
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* pkcs11: Convert RFC 3279 ECDSA signatures when verifyingTobias Brunner2015-03-091-4/+33
| | | | References #873.
* pkcs11: Properly encode RFC 3279 ECDSA signaturesTobias Brunner2015-03-091-2/+19
| | | | Fixes #873.
* pkcs11: Properly encode EC_POINTs created on a tokenTobias Brunner2015-03-091-5/+8
| | | | | | | Some tokens might not fail when creating EC public keys in the incorrect format, but they will later not be able to use them to verify signatures. References #872.
* pkcs11: Properly handle EC_POINTs returned as ASN.1 octet stringTobias Brunner2015-03-091-1/+43
| | | | | | | This is the correct encoding but we internally only use unwrapped keys and some tokens return them unwrapped. Fixes #872.
* crypto: Define MODP_CUSTOM outside of IKE DH rangeTobias Brunner2014-12-231-1/+1
| | | | | | | | | Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221.
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* enum: Don't directly include enum.hMartin Willi2014-05-161-1/+1
| | | | | To allow enum.h to depend on utils.h definitions, avoid its direct inclusion. Instead include utils.h, which includes enum.h as well.
* lib: All settings use configured namespaceTobias Brunner2014-02-123-14/+14
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-3/+4
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* pkcs11: Use plugin_features_add() in get_features()Tobias Brunner2013-06-111-21/+8
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-249-9/+9
|
* Moved enum_name_t to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved chunk_t to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-245-5/+5
|
* PKCS#11 library search using keyid uses a fallback to look for certificatesMartin Willi2012-10-241-4/+8
|
* Add a strongswan.conf option to disable loading of all certificates from a ↵Martin Willi2012-10-241-6/+11
| | | | pkcs11 module
* Explicit pkcs11 certificate loading can enforce a module and a slotMartin Willi2012-10-242-4/+21
|
* Be less verbose if loading PKCS#11 certificate failsMartin Willi2012-10-241-6/+1
|
* Add a builder to load specific pkcs11 certificates by keyidMartin Willi2012-10-243-0/+115
|
* If no pkcs11 public key for a private key found, search for a certificateMartin Willi2012-10-241-4/+53
|
* Move pkcs11 public key lookup function declaration to header fileMartin Willi2012-10-243-20/+18
|
* Added an option to reload certificates from PKCS#11 tokens on SIGHUPTobias Brunner2012-10-181-0/+16
|
* Copy the name of pkcs11_library_t objectsTobias Brunner2012-10-182-2/+3
| | | | | Strings returned by settings_t.create_section_enumerator will be freed when the config is reloaded.
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-2/+3
|
* Add a return value to hasher_t.reset()Martin Willi2012-07-161-1/+2
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-163-14/+15
|
* Add a return value to hasher_t.get_hash()Martin Willi2012-07-161-11/+24
|
* RNGs' get_bytes and allocate_bytes return booleanTobias Brunner2012-07-161-4/+10
|
* Centralized thread cancellation in processor_tTobias Brunner2012-06-251-17/+3
| | | | | | | | | | This ensures that no threads are active when plugins and the rest of the daemon are unloaded. callback_job_t was simplified a lot in the process as its main functionality is now contained in processor_t. The parent-child relationships were abandoned as these were only needed to simplify job cancellation.
* Compiler warnings fixed.Tobias Brunner2012-02-141-1/+1
|
* pkcs11: Fixed a bug when creating public keys.Tobias Brunner2011-11-091-1/+1
|
* Common spelling errors fixed.Tobias Brunner2011-11-031-1/+1
|
* pkcs11: Make public key operations on tokens optional.Tobias Brunner2011-11-031-20/+21
|
* pkcs11: Make sure a key can be used for a given signature scheme.Tobias Brunner2011-11-023-16/+31
|
* pkcs11: Register ECDSA feature.Tobias Brunner2011-11-021-1/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 11:55:40 +0000