Hi, > Can anyone point me out, where in code the actual signature verification > against CA is done for RSA/DSA/ECDSA?
While the trustchain validation is handled in the credential manager [1], the raw signature verification is done in the available crypto backend. For RSA, there are several backends available, namely gmp [2] (the default), gcrypt [3] and openssl [4]. DSA is currently not supported by any backend. > And is ECDSA verification done in OpenSSL lib always? Yes, ECDSA is currently supported by the openssl backend [5] only. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_manager.c [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c#l286 [3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c#l168 [4]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c#l133 [5]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_ec_public_key.c#l139 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
