ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,426 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

34 Commits

Author SHA1 Message Date
Tobias Brunner b6fcdc71a6 pkcs11: Optionally hash data for PKCS#1 v1.5 RSA signatures in software 
If cards/libraries don't support signature mechanisms with hashing, we fall
back to do it ourselves in software and pass the PKCS#1 digestInfo ASN.1
structure to sign via CKM_RSA_PKCS mechanism.

Closes strongswan/strongswan#168.
 2020-05-07 09:11:19 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner de280c2e03 private-key: Add optional parameters argument to sign() method 2017-11-08 16:48:10 +01:00
Raphael Geissert 9a7049635e pkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyId 
charon-nm fails to find the private key when its CKA_ID doesn't match the
subjectKeyIdentifier of the X.509 certificate.  In such cases, the private
key builder now falls back to enumerating all the certificates, looking for
one that matches the supplied subjectKeyIdentifier.  It then uses the CKA_ID
of that certificate to find the corresponding private key.

It effectively means that PKCS#11 tokens where the only identifier to relate
the certificate, the public key, and the private key is the CKA_ID are now
supported by charon-nm.

Fixes #490.
 2016-10-04 12:09:04 +02:00
Andreas Steffen 40f2589abf gmp: Support of SHA-3 RSA signatures 2016-09-22 17:34:31 +02:00
Tobias Brunner 7316a13bd1 pkcs11: Skip zero-padding of r and s when preparing EC signature 
They are zero padded to fill the buffer.

Fixes #1377.
 2016-04-05 16:17:10 +02:00
Tobias Brunner b258ed0192 pkcs11: Properly encode RFC 3279 ECDSA signatures 
Fixes #873.
 2015-03-09 15:37:07 +01:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Martin Willi 712e81306f PKCS#11 library search using keyid uses a fallback to look for certificates 2012-10-24 13:07:54 +02:00
Martin Willi ffe42fa405 If no pkcs11 public key for a private key found, search for a certificate 2012-10-24 13:07:52 +02:00
Martin Willi 44fdc62f82 Move pkcs11 public key lookup function declaration to header file 2012-10-24 13:07:52 +02:00
Martin Willi 87dd205b61 Add a return value to hasher_t.allocate_hash() 2012-07-16 14:55:06 +02:00
Tobias Brunner 5b85b94e27 pkcs11: Make sure a key can be used for a given signature scheme. 2011-11-02 20:27:55 +01:00
Tobias Brunner fd48b220ed pkcs11: We have to create our own hashes for some signature schemes. 2011-11-02 20:27:55 +01:00
Tobias Brunner 30a3ede8ce pkcs11: Lookup the public key of a private key by CKA_ID. 
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
 2011-11-02 20:27:55 +01:00
Tobias Brunner 5d2fccf439 pkcs11: Search for private keys in a more generic way. 
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
 2011-11-02 20:27:55 +01:00
Tobias Brunner b0319fe860 pkcs11: Instead of a mutex use a new session to do multipart operations. 2011-11-02 20:27:54 +01:00
Martin Willi 071903235a Register manager of pkcs11 plugin as library object 2011-08-24 15:45:59 +02:00
Martin Willi 33bfdf6f37 Fixed public key construction from PKCS#11 private key 2010-12-23 10:29:01 +01:00
Martin Willi b78ca4b04c Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20 2010-11-18 08:56:12 +01:00
Martin Willi ba31fe1fd6 Use a seperate section for each nested struct member in INIT macro 2010-08-18 12:15:03 +02:00
Martin Willi 01e4f5f32f Implemented public key encryption/private key decryption in PKCS#11 2010-08-11 12:12:37 +02:00
Martin Willi a944d2092b Use bits instead of bytes for a private/public key 2010-08-10 18:46:30 +02:00
Martin Willi 33ddaaabec Added support for different encryption schemes to private/public keys 2010-08-10 18:46:30 +02:00
Martin Willi babed73257 Export scheme_to_mechanism conversion function 2010-08-06 17:02:01 +02:00
Martin Willi af007ed68a Support PKCS#11 keys requiring reauthentication for each operation 2010-08-04 09:26:21 +02:00
Martin Willi 199b17122d Do not try to log in if we already have a user session 2010-08-04 09:26:21 +02:00
Martin Willi 0556667dca Use credential sets to load smartcard keys 2010-08-04 09:26:21 +02:00
Martin Willi 62be923683 Implemented a callback based credential set, currently for shared keys only 2010-08-04 09:26:21 +02:00
Martin Willi a0bdd5d63e Implemented callback PIN invocation for PKCS#11 login 2010-08-04 09:26:20 +02:00
Martin Willi 7afc00d03c Implemented keyid discovery on all modules/slots 2010-08-04 09:26:20 +02:00
Martin Willi 0b8b664056 Pass the PKCS11 keyid as chunk, not as string 2010-08-04 09:26:20 +02:00
Martin Willi 353d10d590 Reuse generic passphrase build part, not a dedicated PIN part 2010-08-04 09:26:20 +02:00
Martin Willi 5f1e4438cb Implemented private key on top of a PKCS#11 token 2010-08-04 09:26:20 +02:00