Difference between revisions of "RSA-PSS Support in compliance with RFC 7427 and RFC 8247"

From Libreswan
Jump to navigation Jump to search
(Created page with " == Introduction == As part of Google summer of Code work in 2017 described in , RFC-7427 Digital Signature Authentication was implemented with support for RSA v1.5. But RFC-...")
 
Line 30: Line 30:
 
== Source code ==
 
== Source code ==
  
 
This project work was sponsored by Google as part of the Google Summer of Code 2018 Program.
 
 
The implementation for this project is done by Sahana Prasad (sahana.prasad07@gmail.com) under the tutelage of Paul Wouters.
 
The implementation for this project is done by Sahana Prasad (sahana.prasad07@gmail.com) under the tutelage of Paul Wouters.

Revision as of 02:04, 11 August 2018

Introduction

As part of Google summer of Code work in 2017 described in , RFC-7427 Digital Signature Authentication was implemented with support for RSA v1.5. But RFC-8247, in section 3.2 Digital Signature Recommendations, mandates the support for RSASSA-PSS with SHA-256.

Implementation

To make Libreswan RFC 7427 and RFC 8247 compliant, the following items have been implemented :

1. Removing support of RSA v1.5 with SHA1 as Digital Signature Authentication method

2. Support for SHA2 and its variants. authby =rsa-sha2, rsa-sha2_256, rsa-sha2_384,rsa-sha2_512 authby = rsasig (old style RSA with SHA1 and without Digital Signature Authentication)

3. Signature generation and Verification for RSA-PSS through NSS APIs

4. Test Suite changes

The Test Suite was extended by adding test cases to verify feature functionality and perform interoperability tests with strongswan.

Issues encountered

Future work

Source code

The implementation for this project is done by Sahana Prasad (sahana.prasad07@gmail.com) under the tutelage of Paul Wouters.