Also document the rsa/pss prefix.
this is disabled in
.BR strongswan.conf (5).
+To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g.
+.BR ike:rsa/pss-sha256 .
+If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures
+will only be used/accepted if enabled in
+.BR strongswan.conf (5).
+
For
.BR eap ,
an optional EAP method can be appended. Currently defined methods are
}
}
+/**
+ * Create a constraint for RSA/PSS signatures
+ */
+static signature_params_t *create_rsa_pss_constraint(char *token)
+{
+ signature_params_t *params = NULL;
+ hash_algorithm_t hash;
+
+ if (enum_from_name(hash_algorithm_short_names, token, &hash))
+ {
+ rsa_pss_params_t pss = {
+ .hash = hash,
+ .mgf1_hash = hash,
+ .salt_len = RSA_PSS_SALT_LEN_DEFAULT,
+ };
+ signature_params_t pss_params = {
+ .scheme = SIGN_RSA_EMSA_PSS,
+ .params = &pss,
+ };
+ params = signature_params_clone(&pss_params);
+ }
+ return params;
+}
+
METHOD(auth_cfg_t, add_pubkey_constraints, void,
private_auth_cfg_t *this, char* constraints, bool ike)
{
enumerator_t *enumerator;
- bool ike_added = FALSE;
+ bool ike_added = FALSE, rsa_pss;
key_type_t expected_type = -1;
auth_rule_t expected_strength = AUTH_RULE_MAX;
signature_params_t *params;
auth_rule_t type;
void *value;
+ rsa_pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+ lib->ns);
+
enumerator = enumerator_create_token(constraints, "-", "");
while (enumerator->enumerate(enumerator, &token))
{
}
if (key_token && streq(key_token + strlen(key_token) - 3, "pss"))
- { /* these are not added automatically with 'pubkey' */
- hash_algorithm_t hash;
- if (enum_from_name(hash_algorithm_short_names, token, &hash))
+ {
+ params = create_rsa_pss_constraint(token);
+ if (params)
{
- rsa_pss_params_t pss = {
- .hash = hash,
- .mgf1_hash = hash,
- .salt_len = RSA_PSS_SALT_LEN_DEFAULT,
- };
- signature_params_t pss_params = {
- .scheme = SIGN_RSA_EMSA_PSS,
- .params = &pss,
- };
- params = signature_params_clone(&pss_params);
if (strpfx(key_token, "ike:"))
{
add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params);
}
else
{
+ if (rsa_pss)
+ {
+ if (expected_type == KEY_ANY ||
+ expected_type == KEY_RSA)
+ {
+ params = create_rsa_pss_constraint(token);
+ if (params)
+ {
+ if (strpfx(key_token, "ike:"))
+ {
+ add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params);
+ ike_added = TRUE;
+ }
+ else
+ {
+ add(this, AUTH_RULE_SIGNATURE_SCHEME, params);
+ }
+ found = TRUE;
+ }
+ }
+ }
for (i = 0; i < countof(schemes); i++)
{
if (streq(schemes[i].name, token))
}
END_TEST
+struct {
+ char *constraints;
+ signature_scheme_t sig[6];
+ signature_param_types_t p[6];
+} sig_constraints_rsa_pss_tests[] = {
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}},
+ { "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
+ { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}},
+};
+
+START_TEST(test_sig_contraints_rsa_pss)
+{
+ auth_cfg_t *cfg;
+
+ lib->settings->set_bool(lib->settings, "%s.rsa_pss", TRUE, lib->ns);
+
+ cfg = auth_cfg_create();
+ cfg->add_pubkey_constraints(cfg, sig_constraints_rsa_pss_tests[_i].constraints, TRUE);
+ check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+ sig_constraints_rsa_pss_tests[_i].sig,
+ sig_constraints_rsa_pss_tests[_i].p);
+ cfg->destroy(cfg);
+}
+END_TEST
+
Suite *auth_cfg_suite_create()
{
Suite *s;
tc = tcase_create("add_pubkey_constraints parameters");
tcase_add_loop_test(tc, test_sig_contraints_params, 0, countof(sig_constraints_params_tests));
+ tcase_add_loop_test(tc, test_sig_contraints_rsa_pss, 0, countof(sig_constraints_rsa_pss_tests));
suite_add_tcase(s, tc);
return s;
algorithm that matches or exceeds the strength of the signature key.
If no constraints with _ike:_ prefix are configured any signature scheme
constraint (without _ike:_ prefix) will also apply to IKEv2 authentication,
- unless this is disabled in **strongswan.conf**(5).
+ unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS
+ signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g.
+ _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured
+ RSASSA-PSS signatures will only be used if enabled in
+ **strongswan.conf**(5).
connections.<conn>.local<suffix>.id =
IKE identity to use for authentication round.
constraints are configured (refer to the description of the **local**
section's **auth** keyword for details), such key types and hash algorithms
are also applied as constraints against IKEv2 signature authentication
- schemes used by the remote side.
+ schemes used by the remote side. To require RSASSA-PSS signatures use
+ _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If
+ _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only
+ be accepted if enabled in **strongswan.conf**(5).
To specify trust chain constraints for EAP-(T)TLS, append a colon to the
EAP method, followed by the key type/size and hash algorithm as discussed
projects / people / ms / strongswan.git / commitdiff
