Extend RFC-7427 Signature Authentication support to IKEv2 with ECDSA
Introduction
As part of Google summer of Code work in 2017 described in , RFC-7427 Digital Signature Authentication was implemented with support for RSA. This work is an extension to support ECDSA. Implementation of ECDSA requires the modification of the existing Libreswan public key code to fix the RSA only parts so that it is able to accept different new types of keys in the future ( not just limited to ECDSA ). This will ensure compliance to RFC-7427 and RFC-8247.
Implementation
To make Libreswan RFC 7427 and RFC 8247 compliant, the following items have been implemented :
1. Fixing the RSA only public key code
2. Support for configuring authby=ecdsa
3. Signature generation and Verification through NSS APIs
4. Test Suite changes
The Test Suite was extended by adding test cases to verify feature functionality and perform interoperability tests with strongswan.
Issues encountered
Future work
Source code
This project work was sponsored by Google as part of the Google Summer of Code 2018 Program. The implementation for this project is done by Sahana Prasad (sahana.prasad07@gmail.com) under the tutelage of Paul Wouters.