<div dir="ltr"><font face="arial, helvetica, sans-serif" color="#000000">Hello,</font><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">I am trying to interop rsa-pss-sha256 with stronswan as per RFC 7427.</font></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">Question 1 : Difference in OID bytes :</font></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">The 67 bytes ASN.1 OID that should be sent as per the errata from 7427 (<a href="https://www.rfc-editor.org/errata_search.php?rfc=7427">https://www.rfc-editor.org/errata_search.php?rfc=7427</a>) and the 67 bytes that I receive from strongswan are different.</font></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">errata specifies :</font></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><pre class="gmail-rfctext" style="overflow-x:scroll;overflow-y:hidden;background-color:rgb(227,227,227)"><font face="arial, helvetica, sans-serif" color="#000000">Length = 67
0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0
0010: 0f30 0d06 0960 8648 0165 0304 0201 0500
0020: a11c 301a 0609 2a86 4886 f70d 0101 0830
0030: 0d06 0960 8648 0165 0304 0201 0500 a203
| 0040: 0201 20</font></pre></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font color="#000000" face="arial, helvetica, sans-serif">However, strongswan sends : </font></div><div><font color="#000000" face="arial, helvetica, sans-serif"><br></font></div><div><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 a0 </font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 </font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 30 </font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">0d 06 09 60 86 48 01 65 03 04 02 01 05 00 a2 03 </font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000"><span style="font-variant-ligatures:no-common-ligatures"></span></font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">02 01 20</font></p></div><div><font color="#000000" face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">Is there a reason for this behaviour/difference?<br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">2nd byte and 15th byte are different.</font></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">Although both decode to the same parameters when converted from ASN.1 to text.<br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">To enable rsa-pss-sha256, I have added the charon option in strongswan.conf : </font></div><div><font color="#000000" face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif" color="#000000">rsa_pss = yes<br></font></div><div><p style="margin:0px;font-stretch:normal;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></span></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000"><span style="font-variant-ligatures:no-common-ligatures">and </span>leftauth=rsa/pss-sha256 in ipsec.conf</font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">Question 2 : Calculation of RSA signature</font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">To calculate the 128 byte signature, the 67 bytes OID plus the 32 bytes hash (sha256) is considered right?</font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">Is there a way to see the hash that is generated? I have all logs enabled, but do not see the hash value. I can only see the 128 byte rss-signature that gets added to the 204 byte long auth payload</font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">Thank you.</font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">Regards,</font></p><p style="margin:0px;font-stretch:normal;line-height:normal"><font face="arial, helvetica, sans-serif" color="#000000">Sahana Prasad</font></p></div></div>