[strongSwan-dev] Subject certificate signature verification
Martin Willi
martin at strongswan.org
Mon Nov 10 10:42:35 CET 2014
Hi,
> Can anyone point me out, where in code the actual signature verification
> against CA is done for RSA/DSA/ECDSA?
While the trustchain validation is handled in the credential manager
[1], the raw signature verification is done in the available crypto
backend.
For RSA, there are several backends available, namely gmp [2] (the
default), gcrypt [3] and openssl [4]. DSA is currently not supported by
any backend.
> And is ECDSA verification done in OpenSSL lib always?
Yes, ECDSA is currently supported by the openssl backend [5] only.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_manager.c
[2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c#l286
[3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c#l168
[4]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c#l133
[5]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_ec_public_key.c#l139
More information about the Dev
mailing list