ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
14,825 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

185 Commits

Author SHA1 Message Date
Tobias Brunner 50e190e8ad pki: Increase MAX_LINES 
The --issue and --self commands both define 10 lines of usage summary
text.
 2015-12-16 12:09:18 +01:00
Tobias Brunner 8ea64a78d6 pki: Never print more than MAX_LINES of usage summary 
Print a warning if a registered command exceeds that limit.
 2015-12-16 12:07:13 +01:00
Andreas Steffen 3317d0e77b Standardized printing of certificate information 
The certificate_printer class allows the printing of certificate
information to a text file (usually stdout). This class is used
by the pki --print and swanctl --list-certs commands as well as
by the stroke plugin.
 2015-12-11 18:26:53 +01:00
Martin Willi 41106e7993 pki: Explicitly link against -lpthread and -ldl if required 
We already do this for charon, as some toolchains require an explicit
link even if libstrongswan already depends on it.
 2015-12-04 08:02:03 +01:00
Andreas Steffen f6fede934b Support BLISS signatures with SHA-3 hash 2015-11-03 21:35:09 +01:00
Tobias Brunner 592f31f5af pki: Add new type options to --issue command usage output 2015-08-27 17:55:15 +02:00
Tobias Brunner 6ef4668626 pki: Add --dn command to extract the subject DN of a certificate 2015-08-17 11:34:01 +02:00
Tobias Brunner 1bc2549914 pki: Optionally extract public key from given private key in --issue 
Fixes #618.
 2015-08-10 12:33:02 +02:00
Tobias Brunner 2872f77829 pki: Choose default digest based on the signature key 2015-03-23 17:22:31 +01:00
Tobias Brunner ae0604f583 pki: Use SHA-256 as default for signatures 
Since the BLISS private key supports this we don't do any special
handling anymore (if the user choses a digest that is not supported,
signing will simply fail later because no signature scheme will be found).
 2015-03-23 17:22:31 +01:00
Andreas Steffen 27bd0fed93 Allow SHA256 and SHA384 data hash for BLISS signatures. 
The default is SHA512 since this hash function is also
used for the c_indices random oracle.
 2015-02-26 08:56:12 +01:00
Tobias Brunner 6683cf6a5a pki: Document correct output formats for --pkcs12 --export 2014-12-19 16:31:36 +01:00
Tobias Brunner a6c0dec0e5 pki: Properly clean up if output format for --pkcs12 is wrong 2014-12-19 16:30:10 +01:00
Tobias Brunner 3a26566fa9 pki: Add command to export certificates and keys from PKCS#12 containers 2014-12-12 13:11:29 +01:00
Tobias Brunner c20f962732 pki: Reformat PKCS#12 output and add an index for each certificate/key 2014-12-12 13:11:29 +01:00
Tobias Brunner 374b569ed0 pki: Add simple PKCS#12 display command 2014-12-12 13:11:29 +01:00
Tobias Brunner ec846f9e52 pki: Cache entered secrets in case they are needed more than once 2014-12-12 13:11:29 +01:00
Andreas Steffen b6bb32e658 Implemented full BLISS support for IKEv2 public key authentication and the pki tool 2014-11-29 14:51:18 +01:00
Andreas Steffen f673966b9f Started implementing BLISS signature generation 2014-11-29 14:51:16 +01:00
Andreas Steffen 56009f2001 Store and parse BLISS private and public keys in DER and PEM format 
Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey
and subjectPublicKeyInfo objects.

Some basic functions used by the bliss_public_key class are shared
with the bliss_private_key class.
 2014-11-29 14:51:16 +01:00
Andreas Steffen 9d5b91d198 Created framework for BLISS post-quantum signature algorithm 2014-11-29 14:51:14 +01:00
Martin Willi b9d38c9fa2 pki: Print and document the name constraint type for DNS or email constraints 
As email constraints may be for a specific host, it is not clear from the
name itself if it is a DNS or email constraint.
 2014-10-30 11:40:48 +01:00
Tobias Brunner ba2805c106 pki: Document --online option for pki --verify and all exit codes 2014-06-30 13:25:13 +02:00
Tobias Brunner bb91109af8 pki: Also check for MAX_COMMANDS when building getopt_long arguments 
Completes 87e53819a6 and 0a8c399a21.
 2014-06-24 15:11:27 +02:00
Martin Willi f48c26bce3 pki: Support complex trustchain and revocation checking in --verify 2014-06-04 16:34:16 +02:00
Martin Willi 5cd28cd25a pki: Provide a fallback if strptime() not supported 
For simplicity, we support the default pki datetime format only, but optionally
accept four digit years for longer lifetimes.
 2014-06-04 15:53:11 +02:00
Martin Willi 13298719e3 pki: Switch to binary mode on Windows when reading/writing DER to FDs 2014-06-04 15:53:11 +02:00
Martin Willi f1e7b9b0d7 pki: Stop prompting for password when entering empty string 2014-06-04 15:53:11 +02:00
Tobias Brunner b2b54bd71d Make sure getpass() is available 
It's not on Android for example.
 2014-05-29 12:28:53 +02:00
Martin Willi 064fe9c963 enum: Return boolean result for enum_from_name() lookup 
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.

Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.

This also fixes several clang warnings where enums are unsigned.
 2014-05-16 15:42:07 +02:00
Tobias Brunner 297bc06ca9 pki: Fix memory leak when printing unknown AC group OIDs 2014-04-09 15:56:11 +02:00
Tobias Brunner ce845838ea pki: Removed extra continue statement 2014-04-09 15:12:27 +02:00
Andreas Steffen 98ae0492b6 Added support for msSmartcardLogon EKU 2014-04-08 13:09:03 +02:00
Martin Willi 3941d55f01 pki: Document --not-before/after and --dateform options in manpages 2014-03-31 11:39:25 +02:00
Martin Willi 2769a22e1f pki: Support absolute --this/next-update CRL lifetimes 2014-03-31 11:14:59 +02:00
Martin Willi d6e921181a pki: Support absolute --not-before/after issued certificate lifetimes 2014-03-31 11:14:59 +02:00
Martin Willi aa8732eb68 pki: Support absolute --not-before/after self-signed certificate lifetimes 2014-03-31 11:14:59 +02:00
Martin Willi 6f90e8e664 pki: Support absolute --not-before/after acert lifetimes 2014-03-31 11:14:59 +02:00
Martin Willi 06d3b6e9c9 pki: Add a certificate lifetime calculation helper function 2014-03-31 11:14:59 +02:00
Martin Willi 6e8c665a51 pki: Add acert and extend pki/print manpages 2014-03-31 11:14:58 +02:00
Martin Willi 35a783cff7 pki: Implement an acert command to issue attribute certificates 2014-03-31 11:14:58 +02:00
Martin Willi 20ea84daec pki: Support printing attribute certificates 2014-03-31 11:14:58 +02:00
Martin Willi e49197f15e pki: Don't generate negative random serial numbers in X.509 certificates 
According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
 2014-03-31 11:14:58 +02:00
Martin Willi 0a8c399a21 pki: When dispatching commands, don't look beyond non-null-terminated array 2014-03-19 09:37:46 +01:00
Martin Willi 87e53819a6 pki: Check length of commands array before accessing command in --help 
As --help is counted as command as well, the array is not null-terminated
and we have to check for MAX_COMMANDS.

Fixes #550.
 2014-03-19 09:25:29 +01:00
Martin Willi 1c667bce3f pki: Make cmds array static, ensuring that it is zero-initialized 
As pki --help relies on a zero-terminated array, make the actually non-public
cmds array static to ensure initialization.
 2014-02-20 11:45:51 +01:00
Tobias Brunner 435aed8287 pki: Fix minor resource leak on failure to read the private key in --req 2014-02-18 16:46:25 +01:00
Tobias Brunner 34d3bfcf14 lib: Add global config namespace 2014-02-12 14:34:31 +01:00
Tobias Brunner 3114cecdbe pki: Declare correct section in pki --issue man page 2014-01-24 16:17:46 +01:00
Martin Willi 1c4a3459f7 chunk: Use dynamically allocated buffer in chunk_from_fd() 
When acting on files, we can use fstat() to estimate the buffer size. On
non-file FDs, we dynamically increase an allocated buffer.

Additionally we slightly change the function signature to properly handle
zero-length files and add appropriate unit tests.
 2014-01-23 15:55:32 +01:00