Martin Willi
5ac0e66879
acert: Implement a plugin finding, validating and evaluating attribute certs
...
This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
2014-03-31 11:14:58 +02:00
Martin Willi
b06283f1e3
x509: Match acert has_subject() against entityName or holder serial
...
This allows us to find attribute certificates for a subject certificate in
credential sets.
2014-03-31 11:14:58 +02:00
Martin Willi
0226ca886d
pem: Support encoding of attribute certificates
...
While there is no widely used PEM header for attribute certificates, at least
IAIK-JCE uses BEGIN ATTRIBUTE CERTIFICATE:
http://javadoc.iaik.tugraz.at/iaik_jce/current/iaik/utils/Util.html#toPemString(iaik.x509.attr.AttributeCertificate)
2014-03-31 11:14:58 +02:00
Martin Willi
8f9e2dbcd5
x509: Replace the comma separated string AC group builder with a list based one
2014-03-31 11:14:58 +02:00
Martin Willi
a17598bc69
x509: Integrate IETF attribute handling, and obsolete ietf_attributes_t
...
The ietf_attributes_t class is used for attribute certificates only these days,
and integrating them to x509_ac_t simplifies things significantly.
2014-03-31 11:14:58 +02:00
Martin Willi
61b2d815b9
x509: Replace fixed acert group string getter by a more dynamic group enumerator
2014-03-31 11:14:58 +02:00
Martin Willi
a9bfd4b055
x509: Skip parsing of acert chargingIdentity, as we don't use it anyway
2014-03-31 11:14:58 +02:00
Martin Willi
3134379ac7
x509: Fix some whitespaces and do some minor style cleanups in acert
2014-03-31 11:14:57 +02:00
Tobias Brunner
01632eccf3
openssl: Add default fallback when calculating fingerprints of RSA keys
...
We still try to calculate these directly as it can avoid a dependency on
the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the
actual fingerprint calculation to the pgp plugin.
2014-03-22 09:55:03 +01:00
Andreas Steffen
22e1aa51f9
Completed integration of ntru_crypto library into ntru plugin
2014-03-22 09:51:00 +01:00
Tobias Brunner
27b3358fed
plugin-feature: Hash only the actually used feature argument
...
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.
Fixes #549 .
2014-03-20 13:42:57 +01:00
Tobias Brunner
0ab7d5f1f9
plugin-loader: Properly initialize modular plugin list if no plugins are enabled
2014-03-18 10:56:39 +01:00
Andreas Steffen
337f0c8a2f
Implemented ntru_private_key class
2014-03-18 10:03:16 +01:00
Andreas Steffen
3933798cb1
11 bits are needed to encode a maximum index of 1086
2014-03-15 19:22:16 +01:00
Andreas Steffen
ac17ca1ad7
Refactored NTRU parameter set selection
2014-03-07 21:56:34 +01:00
Andreas Steffen
7befce8c3f
Refactored ntru_param_sets
2014-03-07 21:56:33 +01:00
Andreas Steffen
d6ce8da6c0
Optimize ntru_poly constructors some more
2014-02-27 23:06:51 +01:00
Andreas Steffen
2bb793f131
Optimized initialisation of indices
2014-02-27 22:39:47 +01:00
Andreas Steffen
222b88a302
Added get_array() method to ntru_poly_t class
2014-02-27 22:08:22 +01:00
Andreas Steffen
d12a4a67bf
Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() constructors and built some unit tests for the latter)
2014-02-27 20:36:17 +01:00
Andreas Steffen
f87f28ec68
Optimized use of temporary arrays in polynomial multiplication
2014-02-27 15:22:59 +01:00
Andreas Steffen
bf24960cbe
Implement ring multiplication method
2014-02-27 15:22:58 +01:00
Andreas Steffen
e80014f1e8
index limit can be easily computed
2014-02-19 20:18:53 +01:00
Tobias Brunner
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
Tobias Brunner
09417da49c
sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is defined
...
Fixes #516 .
2014-02-19 15:55:20 +01:00
Andreas Steffen
6dd05e0d58
Created ntru_poly class for sparse trinary polynomials
2014-02-18 16:17:38 +01:00
Tobias Brunner
86865da388
plugin-loader: Escape <ns> in comment as Doxygen sees this as XML tag
2014-02-18 10:18:54 +01:00
Tobias Brunner
190a278854
plugin-loader: Optionally use load option in each plugin section to load plugins
...
This now works because all plugins use the same config namespace.
If <ns>.load_modular is true, the list of plugins to load is determined
via the value of the <ns>.plugins.<name>.load options.
Using includes the following is possible:
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
charon-cmd {
load_modular = yes
plugins {
include strongswan.d/charon-cmd/*.conf
}
}
Where each .conf file would contain something like:
<name> {
load = yes
<option> = <value>
}
To increase the priority of individual plugins load = <priority> can be
used (the default is 1). For instance, to use openssl instead of the
built-in crypto plugins set in strongswan.d/charon/openssl.conf:
openssl {
load = 10
}
If two plugins have the same priority their order in the default plugin
list is preserved. Plugins not found in that list are ordered
alphabetically before other plugins with the same priority.
2014-02-12 14:34:33 +01:00
Tobias Brunner
8dc6e71632
lib: All settings use configured namespace
2014-02-12 14:34:32 +01:00
Martin Willi
7707357227
rdrand: Provide get_features() regardless of RDRAND availability
...
As having no get_features() raises a deprecated warning, we return no features
instead.
2014-02-10 11:22:16 +01:00
Martin Willi
144f1d7041
rdrand: Move RDRAND detection log to level 2
...
When having RDRAND support, these log messages might be confusing when using
pki or other tools.
2014-02-10 11:07:50 +01:00
Martin Willi
88fa7f62be
pem: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
Tobias Brunner
72a92d4f7d
curl: Replace spaces in URIs with %20
...
cURL requires the URIs to be URL-encoded. Apparently, some CAs encode CRL
URIs with spaces in them.
Fixes #454 .
2014-01-23 10:19:30 +01:00
Tobias Brunner
54ca25800c
agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socket
...
This is also required if charon-cmd is used with capability dropping.
2014-01-23 10:08:23 +01:00
Andreas Steffen
84814a6b7c
min_MGF_hash_calls parameter is not needed anymore
2013-12-07 23:54:53 +01:00
Andreas Steffen
5da659523e
Optimized MGF1 implementation
2013-12-07 23:29:04 +01:00
Andreas Steffen
abd4797dc1
Implemented ntru_trits class
2013-12-07 23:27:59 +01:00
Andreas Steffen
a978a8194d
Streamlined DRBG and MGF1 debug output
2013-12-07 00:21:28 +01:00
Andreas Steffen
fdc6c682b2
Added own MGF1 mask generating function
2013-12-05 22:55:47 +01:00
Tobias Brunner
d5a0abfa92
unit-tests: Export ntru_drbg_create as testable function so no linking is required
...
This way the plugin does not have to be linked explicitly to the test
runner, which otherwise would require that the plugin is either always
enabled to build the tests or that ifdefs are added to the Makefile.
2013-12-04 20:32:59 +01:00
Tobias Brunner
a24eec4649
unit-tests: Move ntru_test_rng_t to a utility class in libtest
2013-12-04 20:32:59 +01:00
Tobias Brunner
3e8a44c2aa
ntru: Fix compiler warning caused by ++/-- on righthand side of an assignment
...
The behavior of stuff like x = --x; (or x++) is not defined.
2013-12-04 20:32:59 +01:00
Andreas Steffen
7d5b9e81a4
Added DRBG automatic reseeding tests
2013-11-27 20:21:41 +01:00
Andreas Steffen
5443762491
Use strongSwan hash plugins for SHA-1 and SHA-256
2013-11-27 20:21:41 +01:00
Andreas Steffen
a7047cda59
Cleaned up ntru-crypto library
2013-11-27 20:21:41 +01:00
Andreas Steffen
98c6421674
Implemented NIST SP 800-90A DRBG_HMAC with SHA-256
2013-11-27 20:21:41 +01:00
Andreas Steffen
9013973cc8
unit-tests: Added ntru wrong ciphertext test
2013-11-27 20:21:41 +01:00
Andreas Steffen
885e699b58
unit-tests: Added ntru entropy, retransmission and ciphertext tests
2013-11-27 20:21:41 +01:00
Andreas Steffen
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
Andreas Steffen
1f73969eb5
Make the NTRU parameter set configurable
2013-11-27 20:21:41 +01:00