ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
16,516 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

214 Commits

Author SHA1 Message Date
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner 943f3929f4 pki: --verify command optionally takes directories for CAs and CRLs 2018-05-18 17:29:00 +02:00
Andreas Steffen 3e7a19bfa9 pki: Extend pki --print with --keyid parameter 2017-12-10 19:31:10 +01:00
Tobias Brunner 27a79326c7 pki: Enable PSS padding if enabled in strongswan.conf 2017-11-08 16:48:10 +01:00
Tobias Brunner d57af8dde0 pki: Optionally generate RSA/PSS signatures 2017-11-08 16:48:10 +01:00
Tobias Brunner 9b828ee85f pki: Indent usage lines properly automatically 2017-11-08 16:48:10 +01:00
Tobias Brunner dc83bc147e pki: Properly forward digest to attribute certificate builder 2017-11-08 16:48:10 +01:00
Tobias Brunner 6f97c0d50b ikev2: Enumerate RSA/PSS schemes and use them if enabled 2017-11-08 16:48:10 +01:00
Tobias Brunner 54f8d09261 auth-cfg: Store signature schemes as signature_params_t objects 
Due to circular references the hasher_from_signature_scheme() helper
does not take a signature_params_t object.
 2017-11-08 16:48:10 +01:00
Tobias Brunner 4e7b7db62f certificates: Use shared destructor for x509_cdp_t 2017-09-18 10:54:19 +02:00
Tobias Brunner 609457e4c8 pki: Fix typo in --print man page 2017-07-05 10:15:45 +02:00
Tobias Brunner 525cc46cab Change interface for enumerator_create_filter() callback 
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
 2017-05-26 13:56:44 +02:00
Tobias Brunner 069bf10d3f pki: Reset variable so error handling works properly 
If we jump to `end` without this we crash (not necessarily visibly) due
to a double free and the actual error message is not printed.
 2017-04-19 18:56:43 +02:00
Tobias Brunner 3207193cbf pki: Actually make the default key type KEY_ANY for --self 
Fixes: 05ccde0a8b ("pki: Add generic 'priv' key type that loads any
type of private key")
 2017-03-24 10:45:58 +01:00
Tobias Brunner 4c9418ac4d pki: Cast length derived from pointer arithmetic to int 2017-03-23 18:29:18 +01:00
Andreas Steffen ab94f76df6 pki: Add key object handle of smartcard or TPM private key as an argument to pki --keyid 2017-03-06 18:54:09 +01:00
Andreas Steffen 2d41e1c51c pki: Edited keyid parameter use in various pki man pages and usage outputs 2017-03-06 18:54:09 +01:00
Andreas Steffen 2da6a5f541 Add keyid of smartcard or TPM private key as an argument to pki --req 2017-03-02 20:30:24 +01:00
Martin Willi 2d7f940f11 pki: Add a note about constructing RFC 3779 compliant certificates to manpage 2017-02-27 09:36:48 +01:00
Martin Willi ead1dd3bcb pki: Support an --addrblock option for issued certificates 2017-02-27 09:36:48 +01:00
Martin Willi b6c371fbf1 pki: Support an --addrblock option for self-signed certificates 2017-02-27 09:36:48 +01:00
Martin Willi 48a5b29fd3 pki: Add a helper function parse traffic selectors from CIDR subnets or ranges 2017-02-27 09:36:48 +01:00
Andreas Steffen 35bc60cc68 Added support of EdDSA signatures 2016-12-14 11:15:47 +01:00
Tobias Brunner 790847d17c pki: Don't remove zero bytes in CRL serials anymore 
This was added a few years ago because pki --signcrl once encoded serials
incorrectly as eight byte blobs.  But still ensure we have can handle
overflows in case the serial is encoded incorrectly without zero-prefix.
 2016-10-11 17:18:22 +02:00
Tobias Brunner 49d9266c31 pki: Use serial of base CRL for delta CRLs 
According to RFC 5280 delta CRLs and complete CRLs MUST share one
numbering sequence.
 2016-10-11 17:18:22 +02:00
Tobias Brunner 05ccde0a8b pki: Add generic 'priv' key type that loads any type of private key 2016-10-05 11:32:52 +02:00
Tobias Brunner 1798e490da pki: Drop -priv suffix to specify private key types 2016-10-05 11:32:52 +02:00
Tobias Brunner 09d8215d3f pki: Allow to load CRLs from files in --verify 2016-08-25 11:07:35 +02:00
Martin Willi 518a5b2ece configure: Check for and explicitly link against -latomic 
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
 2016-06-14 14:27:20 +02:00
Tobias Brunner 50e190e8ad pki: Increase MAX_LINES 
The --issue and --self commands both define 10 lines of usage summary
text.
 2015-12-16 12:09:18 +01:00
Tobias Brunner 8ea64a78d6 pki: Never print more than MAX_LINES of usage summary 
Print a warning if a registered command exceeds that limit.
 2015-12-16 12:07:13 +01:00
Andreas Steffen 3317d0e77b Standardized printing of certificate information 
The certificate_printer class allows the printing of certificate
information to a text file (usually stdout). This class is used
by the pki --print and swanctl --list-certs commands as well as
by the stroke plugin.
 2015-12-11 18:26:53 +01:00
Martin Willi 41106e7993 pki: Explicitly link against -lpthread and -ldl if required 
We already do this for charon, as some toolchains require an explicit
link even if libstrongswan already depends on it.
 2015-12-04 08:02:03 +01:00
Andreas Steffen f6fede934b Support BLISS signatures with SHA-3 hash 2015-11-03 21:35:09 +01:00
Tobias Brunner 592f31f5af pki: Add new type options to --issue command usage output 2015-08-27 17:55:15 +02:00
Tobias Brunner 6ef4668626 pki: Add --dn command to extract the subject DN of a certificate 2015-08-17 11:34:01 +02:00
Tobias Brunner 1bc2549914 pki: Optionally extract public key from given private key in --issue 
Fixes #618.
 2015-08-10 12:33:02 +02:00
Tobias Brunner 2872f77829 pki: Choose default digest based on the signature key 2015-03-23 17:22:31 +01:00
Tobias Brunner ae0604f583 pki: Use SHA-256 as default for signatures 
Since the BLISS private key supports this we don't do any special
handling anymore (if the user choses a digest that is not supported,
signing will simply fail later because no signature scheme will be found).
 2015-03-23 17:22:31 +01:00
Andreas Steffen 27bd0fed93 Allow SHA256 and SHA384 data hash for BLISS signatures. 
The default is SHA512 since this hash function is also
used for the c_indices random oracle.
 2015-02-26 08:56:12 +01:00
Tobias Brunner 6683cf6a5a pki: Document correct output formats for --pkcs12 --export 2014-12-19 16:31:36 +01:00
Tobias Brunner a6c0dec0e5 pki: Properly clean up if output format for --pkcs12 is wrong 2014-12-19 16:30:10 +01:00
Tobias Brunner 3a26566fa9 pki: Add command to export certificates and keys from PKCS#12 containers 2014-12-12 13:11:29 +01:00
Tobias Brunner c20f962732 pki: Reformat PKCS#12 output and add an index for each certificate/key 2014-12-12 13:11:29 +01:00
Tobias Brunner 374b569ed0 pki: Add simple PKCS#12 display command 2014-12-12 13:11:29 +01:00
Tobias Brunner ec846f9e52 pki: Cache entered secrets in case they are needed more than once 2014-12-12 13:11:29 +01:00
Andreas Steffen b6bb32e658 Implemented full BLISS support for IKEv2 public key authentication and the pki tool 2014-11-29 14:51:18 +01:00
Andreas Steffen f673966b9f Started implementing BLISS signature generation 2014-11-29 14:51:16 +01:00
Andreas Steffen 56009f2001 Store and parse BLISS private and public keys in DER and PEM format 
Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey
and subjectPublicKeyInfo objects.

Some basic functions used by the bliss_public_key class are shared
with the bliss_private_key class.
 2014-11-29 14:51:16 +01:00
Andreas Steffen 9d5b91d198 Created framework for BLISS post-quantum signature algorithm 2014-11-29 14:51:14 +01:00