Tobias Brunner
c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
Tobias Brunner
9a6b1cb412
Fixed GNU license header in hmac and xcbc plugins.
2012-04-03 10:33:59 +02:00
Tobias Brunner
817ab8a8d4
Don't cast second argument of mem_printf_hook (%b) to size_t.
...
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
2012-03-27 09:10:34 +02:00
Tobias Brunner
a190ec0ac5
Compiler warnings fixed.
2012-02-14 16:09:44 +01:00
Tobias Brunner
fd1ff46f61
Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files.
2012-02-01 18:27:46 +01:00
Tobias Brunner
cab127cba6
Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).
2012-02-01 18:27:46 +01:00
Tobias Brunner
db3334dc32
Added support to parse PKCS#8 encoded ECDSA private keys.
2012-02-01 18:27:45 +01:00
Tobias Brunner
27f8a61df3
OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.
...
This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
2012-02-01 18:27:45 +01:00
Tobias Brunner
9255aa87ec
Parse RSA private keys from PKCS#8 encoded blobs.
2012-02-01 18:27:45 +01:00
Tobias Brunner
5ec525c1d1
Added PKCS#8 stub plugin.
2012-02-01 18:27:45 +01:00
Tobias Brunner
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
Tobias Brunner
ad1aaf4be3
Function added to plugin_loader to get a list of the names of loaded plugins.
2012-01-19 11:51:51 +01:00
Adrian-Ken Rueegsegger
d887b8e134
Fix whitespaces
2012-01-12 11:25:18 +01:00
Tobias Brunner
e86b685da5
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
2011-12-23 18:07:39 +01:00
Tobias Brunner
1267127c11
Properly ASN.1 encode dates in certificates depending on the year.
2011-12-23 16:29:41 +01:00
Tobias Brunner
cc4b48e886
Also log PGP parsing in ASN log group.
2011-12-16 16:44:38 +01:00
Tobias Brunner
b6e0784385
Log messages for PKCS1 and PEM parsing in ASN log group.
2011-12-16 16:44:38 +01:00
Tobias Brunner
eb497205e3
Log most X.509 related messages in new ASN log group.
2011-12-16 16:44:38 +01:00
Martin Willi
8b8fcfd631
Be less verbose if plugin dependecy not satisfied
2011-12-07 13:42:10 +01:00
Sansar Choinyambuu
95e37555c3
Reverse the changes made to openssl plugin for signature verification
2011-11-28 21:18:05 +01:00
Sansar Choinyambuu
824ace105a
Changed the static function name in openssl_rsa_public_key object
...
Removed unused chunk variable from PTS verify_quote_signature function
2011-11-28 21:17:16 +01:00
Sansar Choinyambuu
5fbbfe0a48
use openssl rsa_verify function
2011-11-28 20:31:13 +01:00
Sansar Choinyambuu
19fa287f6e
Reverse the changes made to openssl plugin for signature verification
2011-11-28 14:39:53 +01:00
Sansar Choinyambuu
71741df078
Changed the static function name in openssl_rsa_public_key object
...
Removed unused chunk variable from PTS verify_quote_signature function
2011-11-28 14:39:53 +01:00
Sansar Choinyambuu
3cd6077b75
use openssl rsa_verify function
2011-11-28 14:39:53 +01:00
Tobias Brunner
4de8f280e1
pkcs11: Fixed a bug when creating public keys.
2011-11-09 17:39:24 +01:00
Andreas Steffen
99246a4fc2
gcrypt does not support MD2
2011-11-09 06:48:55 +01:00
Andreas Steffen
bc0a4f7663
assign get_features method
2011-11-07 19:15:41 +01:00
Thomas Egerer
93818392cd
Change order of ocsp uris when parsing a cert
2011-11-04 11:11:17 +01:00
Thomas Egerer
6e5e2762d3
Handle certificates being on hold in a CRL
...
Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.
2011-11-04 11:11:17 +01:00
Thomas Egerer
42e2da606c
Use chunk_clear to memwipe shared secret
2011-11-04 11:11:17 +01:00
Thomas Egerer
c230885a07
Fix resource leak in x509_ocsp_response
2011-11-04 11:11:17 +01:00
Tobias Brunner
f3eef176f4
Common spelling errors fixed.
2011-11-03 19:30:17 +01:00
Tobias Brunner
1bdd255ed3
pkcs11: Make public key operations on tokens optional.
2011-11-03 17:56:40 +01:00
Tobias Brunner
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
Tobias Brunner
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
Tobias Brunner
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
Tobias Brunner
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
Tobias Brunner
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
Tobias Brunner
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
Tobias Brunner
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
Tobias Brunner
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
Tobias Brunner
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
Tobias Brunner
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Tobias Brunner
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Tobias Brunner
50ad6eacb6
pkcs11: Changed how pkcs11-manager is initialized.
...
The manager is now created directly, but events and certificate loading
is deferred.
2011-11-02 20:27:54 +01:00