aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
* hashers: Change names of SHA2 hash algorithmsTobias Brunner2017-11-171-8/+8
| | | | | Keep the lower case names as they are as we use them internally (parsing and e.g. in OpenSSL as identifier).
* hasher: Add uppercase short names for hash algorithmsTobias Brunner2017-11-172-0/+23
|
* x509: Initialize signature params when parsing attribute certificatesTobias Brunner2017-11-151-1/+1
|
* pkcs8: Add explicit comment for RSASSA-PSS fall-throughTobias Brunner2017-11-151-0/+1
|
* unit-tests: Rename targets for libstrongswan and kernel-netlinkThomas Egerer2017-11-091-5/+5
| | | | | | | | | libstrongswan and kernel-netlink are the only two components which do not adhere to the naming scheme used for all other tests. If the tests are run by an external application this imposes problems due to clashing names. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* auth-cfg: Add RSA/PSS schemes for pubkey and rsa if enabled in strongswan.confTobias Brunner2017-11-082-14/+79
| | | | Also document the rsa/pss prefix.
* Treat RSASSA-PSS keys like rsaEncryption RSA keysTobias Brunner2017-11-083-1/+20
| | | | | | | | | | In theory we should treat any parameters and the identifier itself as restriction to only use the key to create signatures accordingly (e.g. only use RSA with PSS padding or even use specific hash algorithms). But that's currently tricky as we'd have to store and pass this information along with our private keys (i.e. use PKCS#8 to store them and change the builder calls to pass along the identifier and parameters). That would require quite some work.
* openssl: Add support for signature schemes with parametersTobias Brunner2017-11-082-47/+34
|
* x509: Add support for signature schemes with parametersTobias Brunner2017-11-085-143/+220
| | | | | Also adds support for specifying the hash algorithm for attribute certificate signatures.
* builder: Add builder option to pass signature scheme and paramsTobias Brunner2017-11-082-1/+4
|
* signature-params: Add helpers to parse/build ASN.1 algorithmIdentifier for ↵Tobias Brunner2017-11-083-0/+196
| | | | signature schemes
* ikev2: Enumerate RSA/PSS schemes and use them if enabledTobias Brunner2017-11-083-28/+50
|
* signature-params: Use helper to build MGF1 algorithmIdentifierTobias Brunner2017-11-081-2/+2
|
* asn1: Add helper function to create algorithmIdentifier with parametersTobias Brunner2017-11-082-6/+23
|
* auth-cfg: Parse rsa/pss auth tokensTobias Brunner2017-11-082-25/+136
|
* auth-cfg: Store signature schemes as signature_params_t objectsTobias Brunner2017-11-087-48/+92
| | | | | Due to circular references the hasher_from_signature_scheme() helper does not take a signature_params_t object.
* certificate: Return signature scheme and parameters from issued_by() methodTobias Brunner2017-11-0825-72/+119
| | | | | This also required some include restructuring (avoid including library.h in headers) to avoid unresolvable circular dependencies.
* signature-params: Add helper struct for signature scheme and parametersTobias Brunner2017-11-083-18/+319
|
* unit-tests: Add RSA-PSS signature tests with specific saltsTobias Brunner2017-11-081-92/+818
|
* gcrypt: Add support for static salts when signing with RSA-PSSTobias Brunner2017-11-081-6/+17
|
* gmp: Add support for static salts when signing with RSA-PSSTobias Brunner2017-11-081-2/+6
|
* signature-params: Optionally pass a specific salt value when signingTobias Brunner2017-11-081-0/+2
|
* unit-tests: Warn if we skip RSA tests due to dependenciesTobias Brunner2017-11-081-0/+11
|
* unit-tests: Add ability to issue a warning message for a test caseTobias Brunner2017-11-083-6/+116
| | | | | This way we can warn if we e.g. skipped actually doing something due to dependencies (otherwise the test case would just appear to have succeeded).
* mgf1: Add support for SHA-224/384 based MGF1Tobias Brunner2017-11-082-1/+11
|
* xof: Add identifiers for MGF1 XOFs based on SHA-224/384Tobias Brunner2017-11-082-5/+13
|
* gmp: Use helper to determine XOF typeTobias Brunner2017-11-082-28/+10
|
* xof: Add helper to determine MGF1 XOF type from hash algorithmTobias Brunner2017-11-082-0/+38
|
* gcrypt: Add support for RSA-PSS signaturesTobias Brunner2017-11-083-31/+127
| | | | | | | | For salt lengths other than 20 this requires 0bd8137e68c2 ("cipher: Add option to specify salt length for PSS verification."), which was included in libgcrypt 1.7.0 (for Ubuntu requires 17.04). As that makes it pretty much useless for us (SHA-1 is a MUST NOT), we require that version to even provide the feature.
* gcrypt: Register supported RSA signature/verification schemesTobias Brunner2017-11-081-0/+16
|
* gmp: Add support for RSASSA-PSS signature verificationTobias Brunner2017-11-082-2/+140
|
* gmp: Add support for RSASSA-PSS signature creationTobias Brunner2017-11-082-0/+130
|
* unit-tests: Add FIPS 186-4 RSASSA-PSS test vectorsTobias Brunner2017-11-081-0/+1629
| | | | | | | | Since not all implementations allow setting a specific salt value when generating signatures (e.g. OpenSSL doesn't), we are often limited to only using the test vectors with salt length of 0. We also exclude test vectors with SHA-1, SHA-224 and SHA-384.
* unit-tests: Create and verify some RSA PSS signaturesTobias Brunner2017-11-081-3/+25
|
* openssl: Add support for verifying RSASSA-PSS signaturesTobias Brunner2017-11-082-3/+142
|
* openssl: Add support for creating RSASSA-PSS signaturesTobias Brunner2017-11-082-5/+132
|
* openssl: Add helper to determine EVP_MD from hash_algorithm_tTobias Brunner2017-11-082-9/+27
|
* unit-tests: Add FIPS 186-4 RSA test vectorsTobias Brunner2017-11-081-5/+2428
| | | | Excluding SHA-224 and the stuff from FIPS 186-2 (SHA-1, 1024 bit keys).
* gcrypt: Determine missing RSA private key parametersTobias Brunner2017-11-081-4/+133
| | | | | We only need n, e, and d. The primes p and q and the coefficient for the Chinese remainder algorithm can be determined from these.
* gmp: Determine missing RSA private key parametersTobias Brunner2017-11-081-4/+109
| | | | | We only need n, e, and d. The parameters for the Chinese remainder algorithm and even p and q can be determined from these.
* openssl: Add functions to determine missing RSA private key parametersTobias Brunner2017-11-081-9/+223
| | | | | We only need n, e, and d. The parameters for the Chinese remainder algorithm and even p and q can be determined from these.
* signature-params: Add functions to parse/build ASN.1 RSASSA-PSS paramsTobias Brunner2017-11-087-1/+421
|
* hasher: Add function to determine length of hashesTobias Brunner2017-11-082-0/+46
|
* asn1: Add function to generate an ASN.1 integer from an uint64_tTobias Brunner2017-11-083-6/+63
|
* asn1: Add OID for MGF1Tobias Brunner2017-11-081-1/+1
|
* signature-params: Add struct for RSASSA-PSS parametersTobias Brunner2017-11-082-0/+42
|
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-0820-37/+36
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-0822-38/+50
|
* public-key: Add RSASSA-PSS signature scheme identifierTobias Brunner2017-11-083-0/+9
|
* asn1: Add OID for RSASSA-PSSTobias Brunner2017-11-081-0/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 16:52:59 +0000