1c4b392a5b
Merge branch 'rsassa-pss'
...
This adds support for RSASSA-PSS signatures in IKEv2 digital signature
authentication (RFC 7427), certificates and CRLs etc., and when signing
credentials via pki tool. For interoperability with older versions, the
default is to use classic PKCS#1 signatures. To use PSS padding either enable
rsa_pss via strongswan.conf or explicitly use it either via ike:rsa/pss...
auth token or the --rsa-padding option of the pki tool.
References #2427 .
2017-11-08 16:53:35 +01:00
fde0c763b6
auth-cfg: Add RSA/PSS schemes for pubkey and rsa if enabled in strongswan.conf
...
Also document the rsa/pss prefix.
2017-11-08 16:48:10 +01:00
27a79326c7
pki: Enable PSS padding if enabled in strongswan.conf
2017-11-08 16:48:10 +01:00
d57af8dde0
pki: Optionally generate RSA/PSS signatures
2017-11-08 16:48:10 +01:00
9b828ee85f
pki: Indent usage lines properly automatically
2017-11-08 16:48:10 +01:00
364395d2de
Treat RSASSA-PSS keys like rsaEncryption RSA keys
...
In theory we should treat any parameters and the identifier itself as
restriction to only use the key to create signatures accordingly (e.g.
only use RSA with PSS padding or even use specific hash algorithms).
But that's currently tricky as we'd have to store and pass this information
along with our private keys (i.e. use PKCS#8 to store them and change the
builder calls to pass along the identifier and parameters). That would
require quite some work.
2017-11-08 16:48:10 +01:00
fb63012e0c
openssl: Add support for signature schemes with parameters
2017-11-08 16:48:10 +01:00
dc83bc147e
pki: Properly forward digest to attribute certificate builder
2017-11-08 16:48:10 +01:00
bbfe39f597
x509: Add support for signature schemes with parameters
...
Also adds support for specifying the hash algorithm for attribute
certificate signatures.
2017-11-08 16:48:10 +01:00
0c23a5693c
builder: Add builder option to pass signature scheme and params
2017-11-08 16:48:10 +01:00
3fc66e5743
ikev2: Use helpers to build signature auth data
2017-11-08 16:48:10 +01:00
eae80fdedc
signature-params: Add helpers to parse/build ASN.1 algorithmIdentifier for signature schemes
2017-11-08 16:48:10 +01:00
6f97c0d50b
ikev2: Enumerate RSA/PSS schemes and use them if enabled
2017-11-08 16:48:10 +01:00
24b2ede283
ikev2: Support signing with RSASSA-PSS via RFC 7427 signature auth
2017-11-08 16:48:10 +01:00
a4aaef7477
signature-params: Use helper to build MGF1 algorithmIdentifier
2017-11-08 16:48:10 +01:00
f89348d035
asn1: Add helper function to create algorithmIdentifier with parameters
2017-11-08 16:48:10 +01:00
5f7be58177
ikev2: Verify RSASSA-PSS signatures via RFC 7427 signature auth
2017-11-08 16:48:10 +01:00
84b1c06d0e
keymat_v2: Pass/receive signature schemes as signature_param_t objects
2017-11-08 16:48:10 +01:00
634c6ba8ce
auth-cfg: Parse rsa/pss auth tokens
2017-11-08 16:48:10 +01:00
54f8d09261
auth-cfg: Store signature schemes as signature_params_t objects
...
Due to circular references the hasher_from_signature_scheme() helper
does not take a signature_params_t object.
2017-11-08 16:48:10 +01:00
024b979522
certificate: Return signature scheme and parameters from issued_by() method
...
This also required some include restructuring (avoid including library.h
in headers) to avoid unresolvable circular dependencies.
2017-11-08 16:48:10 +01:00
c2935b03c4
signature-params: Add helper struct for signature scheme and parameters
2017-11-08 16:48:10 +01:00
72b7c0ffd8
android: Add support for creating RSASSA-PSS signatures via JNI
2017-11-08 16:48:10 +01:00
414f255561
unit-tests: Add RSA-PSS signature tests with specific salts
2017-11-08 16:48:10 +01:00
37efb9787b
gcrypt: Add support for static salts when signing with RSA-PSS
2017-11-08 16:48:10 +01:00
f241a981aa
gmp: Add support for static salts when signing with RSA-PSS
2017-11-08 16:48:10 +01:00
c380608a89
signature-params: Optionally pass a specific salt value when signing
2017-11-08 16:48:10 +01:00
fa7f5e2d0c
unit-tests: Warn if we skip RSA tests due to dependencies
2017-11-08 16:48:10 +01:00
4c5dd39aa3
unit-tests: Add ability to issue a warning message for a test case
...
This way we can warn if we e.g. skipped actually doing something due to
dependencies (otherwise the test case would just appear to have succeeded).
2017-11-08 16:48:10 +01:00
90a3bc5075
mgf1: Add support for SHA-224/384 based MGF1
2017-11-08 16:48:10 +01:00
720a76c229
xof: Add identifiers for MGF1 XOFs based on SHA-224/384
2017-11-08 16:48:10 +01:00
126fd8af09
gmp: Use helper to determine XOF type
2017-11-08 16:48:10 +01:00
883e7fcd65
xof: Add helper to determine MGF1 XOF type from hash algorithm
2017-11-08 16:48:10 +01:00
3ce8b0556a
gcrypt: Add support for RSA-PSS signatures
...
For salt lengths other than 20 this requires 0bd8137e68c2 ("cipher:
Add option to specify salt length for PSS verification."), which was
included in libgcrypt 1.7.0 (for Ubuntu requires 17.04). As that makes
it pretty much useless for us (SHA-1 is a MUST NOT), we require that version
to even provide the feature.
2017-11-08 16:48:10 +01:00
89c3987baf
gcrypt: Register supported RSA signature/verification schemes
2017-11-08 16:48:10 +01:00
c9a2b3b784
configure: Enable mgf1 plugin if gmp plugin is enabled
2017-11-08 16:48:10 +01:00
7d6b81648b
gmp: Add support for RSASSA-PSS signature verification
2017-11-08 16:48:10 +01:00
154ee7f66a
gmp: Add support for RSASSA-PSS signature creation
2017-11-08 16:48:10 +01:00
00d161f2db
unit-tests: Add FIPS 186-4 RSASSA-PSS test vectors
...
Since not all implementations allow setting a specific salt value when
generating signatures (e.g. OpenSSL doesn't), we are often limited to
only using the test vectors with salt length of 0.
We also exclude test vectors with SHA-1, SHA-224 and SHA-384.
2017-11-08 16:48:10 +01:00
89015dff9e
unit-tests: Create and verify some RSA PSS signatures
2017-11-08 16:48:10 +01:00
2f95d7195d
openssl: Add support for verifying RSASSA-PSS signatures
2017-11-08 16:48:10 +01:00
51dd2fd2db
openssl: Add support for creating RSASSA-PSS signatures
2017-11-08 16:48:10 +01:00
5ae3f5cea8
openssl: Add helper to determine EVP_MD from hash_algorithm_t
2017-11-08 16:48:10 +01:00
a994407d50
unit-tests: Add FIPS 186-4 RSA test vectors
...
Excluding SHA-224 and the stuff from FIPS 186-2 (SHA-1, 1024 bit keys).
2017-11-08 16:48:10 +01:00
183a9108fb
gcrypt: Determine missing RSA private key parameters
...
We only need n, e, and d. The primes p and q and the coefficient
for the Chinese remainder algorithm can be determined from these.
2017-11-08 16:48:10 +01:00
bd4df68a7b
gmp: Determine missing RSA private key parameters
...
We only need n, e, and d. The parameters for the Chinese remainder
algorithm and even p and q can be determined from these.
2017-11-08 16:48:10 +01:00
03eda5a822
openssl: Add functions to determine missing RSA private key parameters
...
We only need n, e, and d. The parameters for the Chinese remainder
algorithm and even p and q can be determined from these.
2017-11-08 16:48:10 +01:00
a22316520b
signature-params: Add functions to parse/build ASN.1 RSASSA-PSS params
2017-11-08 16:48:10 +01:00
c2b878cd61
hasher: Add function to determine length of hashes
2017-11-08 16:48:10 +01:00
ffd0eeecf0
asn1: Add function to generate an ASN.1 integer from an uint64_t
2017-11-08 16:48:10 +01:00
Tobias Brunner