From 3ce8b0556a33679f410073ef4577cc78f4282cbb Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 25 Sep 2017 14:50:20 +0200 Subject: gcrypt: Add support for RSA-PSS signatures For salt lengths other than 20 this requires 0bd8137e68c2 ("cipher: Add option to specify salt length for PSS verification."), which was included in libgcrypt 1.7.0 (for Ubuntu requires 17.04). As that makes it pretty much useless for us (SHA-1 is a MUST NOT), we require that version to even provide the feature. --- src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c') diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index fdc2cb519..8a3de1e01 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -119,6 +119,9 @@ METHOD(plugin_t, get_features, int, PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE), PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), /* signature schemes, private */ +#if GCRYPT_VERSION_NUMBER >= 0x010700 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), +#endif PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), @@ -127,6 +130,9 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), /* signature verification schemes */ +#if GCRYPT_VERSION_NUMBER >= 0x010700 + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), +#endif PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), -- cgit v1.2.3