[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Wed Aug 10 18:03:28 EEST 2022 

New commits:
commit efb6e945828257c402d37cf5e912d04ef0e028c0
Merge: a7174f54c4 4afd78426e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Aug 10 10:53:38 2022 -0400

    crypto: "WHO authenticated peer 'METHOD' [digital] signature using FROM-WHERE certificate 'ID'
    
    Breaking it down:
    
    WHO: {initiator,responder} established IKE SA
    which end generated the message
    
    "authenticated peer"
    the other end's proof-of-identity checked out
    (IKEv2, at least, isn't clear on what this end uses to prove identity, oops)
    
    'METHOD': P-256 ECDSA with SHA-1 (for instance)
    spell out the size of the pubkey et.al.
    
    [digital] signature
    secret code to differentiate between an AUTH payload using
    a generic "Digital Signature Method", and a specific method
    such as "RSA Signature"
    
    FROM-WHERE: preloaded (peer?)
    was the certificate supplied or in the local DB
    
    'ID'
    of the cert
    
    (optional, root cert that authenticated the cert)
    
    Merge commit '5af0e97ae83b93f09bde730a5ec3c97146875945^'

commit 4afd78426ebf4c680f2f2963900153e094e5778d
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Aug 8 14:28:04 2022 -0400

    crypto: use "P-<bit> ECDSA" to describe an ECDSA signature method

commit c1face1be47d8723fc378600b871f1da660c5b1a
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Aug 10 08:45:44 2022 -0400

    testing: expect "P-NNN ECDSA"

commit 63a8a03b95ccafad34fedebc856b7f7736acc452
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Aug 8 14:28:42 2022 -0400

    crypto: use "<bit>-bits RSA..." to describe an RSA signature method

commit a219820c6ed25d263434890b54461f8845fcc976
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Aug 9 10:44:35 2022 -0400

    testing: expect RSA authenticatin to include BIT-bits

commit 2c4e26c2990ae82fc360aa515ac97cdf122a7cb7
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Aug 6 07:52:28 2022 -0400

    crypto: add pubkey_signer .jam_auth_method()

commit 2a8dfd029cf870901684c49a7d28a305a92e96c7
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sat Aug 6 08:36:58 2022 -0400

    crypto: log "authenticated peer '...' digital signature using ..."
    
    ... when the IKEv2 AUTH payload contains a Digital Signature

commit fdd05c161f0aa56bdd3e2efe400ab283352e41e3
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sun Aug 7 16:54:00 2022 -0400

    testing: expect  authenticated peer '...' digital signature using ...
    
    when Digital Signature AUTH Payload

commit f003d3ea6cd5a44501365f28d212af8c8baac5b3
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sun Aug 7 16:56:10 2022 -0400

    crypto: "authenticated peer 'METHOD' signature using FROM-WHERE certificate 'WHAT'"
    
    Similar for shared secret
    
    For instance:
      authenticated peer 'RSA and SHA-1' signature using preloaded certificate 'CN...'
      authenticated peer using authby=null and ID_NULL 'NULL'
    (yea latter still needs thought)
    
    Also affects IKEv1 messages using public keys.

commit 6cf19a74d42577e3a20396f5bb7a62be2620ac91
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sun Aug 7 16:56:25 2022 -0400

    testing: expect "authenticated peer 'METHOD' signature using FROM-WHERE certificate '...'

More information about the Swan-commit mailing list