[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Aug 10 18:03:28 EEST 2022
New commits:
commit efb6e945828257c402d37cf5e912d04ef0e028c0
Merge: a7174f54c4 4afd78426e
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Aug 10 10:53:38 2022 -0400
crypto: "WHO authenticated peer 'METHOD' [digital] signature using FROM-WHERE certificate 'ID'
Breaking it down:
WHO: {initiator,responder} established IKE SA
which end generated the message
"authenticated peer"
the other end's proof-of-identity checked out
(IKEv2, at least, isn't clear on what this end uses to prove identity, oops)
'METHOD': P-256 ECDSA with SHA-1 (for instance)
spell out the size of the pubkey et.al.
[digital] signature
secret code to differentiate between an AUTH payload using
a generic "Digital Signature Method", and a specific method
such as "RSA Signature"
FROM-WHERE: preloaded (peer?)
was the certificate supplied or in the local DB
'ID'
of the cert
(optional, root cert that authenticated the cert)
Merge commit '5af0e97ae83b93f09bde730a5ec3c97146875945^'
commit 4afd78426ebf4c680f2f2963900153e094e5778d
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Aug 8 14:28:04 2022 -0400
crypto: use "P-<bit> ECDSA" to describe an ECDSA signature method
commit c1face1be47d8723fc378600b871f1da660c5b1a
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Aug 10 08:45:44 2022 -0400
testing: expect "P-NNN ECDSA"
commit 63a8a03b95ccafad34fedebc856b7f7736acc452
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Aug 8 14:28:42 2022 -0400
crypto: use "<bit>-bits RSA..." to describe an RSA signature method
commit a219820c6ed25d263434890b54461f8845fcc976
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Aug 9 10:44:35 2022 -0400
testing: expect RSA authenticatin to include BIT-bits
commit 2c4e26c2990ae82fc360aa515ac97cdf122a7cb7
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Aug 6 07:52:28 2022 -0400
crypto: add pubkey_signer .jam_auth_method()
commit 2a8dfd029cf870901684c49a7d28a305a92e96c7
Author: Andrew Cagney <cagney at gnu.org>
Date: Sat Aug 6 08:36:58 2022 -0400
crypto: log "authenticated peer '...' digital signature using ..."
... when the IKEv2 AUTH payload contains a Digital Signature
commit fdd05c161f0aa56bdd3e2efe400ab283352e41e3
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Aug 7 16:54:00 2022 -0400
testing: expect authenticated peer '...' digital signature using ...
when Digital Signature AUTH Payload
commit f003d3ea6cd5a44501365f28d212af8c8baac5b3
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Aug 7 16:56:10 2022 -0400
crypto: "authenticated peer 'METHOD' signature using FROM-WHERE certificate 'WHAT'"
Similar for shared secret
For instance:
authenticated peer 'RSA and SHA-1' signature using preloaded certificate 'CN...'
authenticated peer using authby=null and ID_NULL 'NULL'
(yea latter still needs thought)
Also affects IKEv1 messages using public keys.
commit 6cf19a74d42577e3a20396f5bb7a62be2620ac91
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Aug 7 16:56:25 2022 -0400
testing: expect "authenticated peer 'METHOD' signature using FROM-WHERE certificate '...'
More information about the Swan-commit
mailing list