Tobias Brunner
b6fcdc71a6
pkcs11: Optionally hash data for PKCS#1 v1.5 RSA signatures in software
...
If cards/libraries don't support signature mechanisms with hashing, we fall
back to do it ourselves in software and pass the PKCS#1 digestInfo ASN.1
structure to sign via CKM_RSA_PKCS mechanism.
Closes strongswan/strongswan#168 .
2020-05-07 09:11:19 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
Raphael Geissert
9a7049635e
pkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyId
...
charon-nm fails to find the private key when its CKA_ID doesn't match the
subjectKeyIdentifier of the X.509 certificate. In such cases, the private
key builder now falls back to enumerating all the certificates, looking for
one that matches the supplied subjectKeyIdentifier. It then uses the CKA_ID
of that certificate to find the corresponding private key.
It effectively means that PKCS#11 tokens where the only identifier to relate
the certificate, the public key, and the private key is the CKA_ID are now
supported by charon-nm.
Fixes #490 .
2016-10-04 12:09:04 +02:00
Andreas Steffen
40f2589abf
gmp: Support of SHA-3 RSA signatures
2016-09-22 17:34:31 +02:00
Tobias Brunner
7316a13bd1
pkcs11: Skip zero-padding of r and s when preparing EC signature
...
They are zero padded to fill the buffer.
Fixes #1377 .
2016-04-05 16:17:10 +02:00
Tobias Brunner
b258ed0192
pkcs11: Properly encode RFC 3279 ECDSA signatures
...
Fixes #873 .
2015-03-09 15:37:07 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Martin Willi
712e81306f
PKCS#11 library search using keyid uses a fallback to look for certificates
2012-10-24 13:07:54 +02:00
Martin Willi
ffe42fa405
If no pkcs11 public key for a private key found, search for a certificate
2012-10-24 13:07:52 +02:00
Martin Willi
44fdc62f82
Move pkcs11 public key lookup function declaration to header file
2012-10-24 13:07:52 +02:00
Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Tobias Brunner
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
Tobias Brunner
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
Tobias Brunner
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
Tobias Brunner
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
Tobias Brunner
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
Martin Willi
071903235a
Register manager of pkcs11 plugin as library object
2011-08-24 15:45:59 +02:00
Martin Willi
33bfdf6f37
Fixed public key construction from PKCS#11 private key
2010-12-23 10:29:01 +01:00
Martin Willi
b78ca4b04c
Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
2010-11-18 08:56:12 +01:00
Martin Willi
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
Martin Willi
01e4f5f32f
Implemented public key encryption/private key decryption in PKCS#11
2010-08-11 12:12:37 +02:00
Martin Willi
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
Martin Willi
33ddaaabec
Added support for different encryption schemes to private/public keys
2010-08-10 18:46:30 +02:00
Martin Willi
babed73257
Export scheme_to_mechanism conversion function
2010-08-06 17:02:01 +02:00
Martin Willi
af007ed68a
Support PKCS#11 keys requiring reauthentication for each operation
2010-08-04 09:26:21 +02:00
Martin Willi
199b17122d
Do not try to log in if we already have a user session
2010-08-04 09:26:21 +02:00
Martin Willi
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
Martin Willi
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
Martin Willi
a0bdd5d63e
Implemented callback PIN invocation for PKCS#11 login
2010-08-04 09:26:20 +02:00
Martin Willi
7afc00d03c
Implemented keyid discovery on all modules/slots
2010-08-04 09:26:20 +02:00
Martin Willi
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00
Martin Willi
353d10d590
Reuse generic passphrase build part, not a dedicated PIN part
2010-08-04 09:26:20 +02:00
Martin Willi
5f1e4438cb
Implemented private key on top of a PKCS#11 token
2010-08-04 09:26:20 +02:00