Hi Kunal, yes, both our IKEv1 and IKEv2 daemons support RFC4754.
In the IKEv1 code the hash for the ECDSA signature is constructed in pluto/ipsec_doi.c:main_mode_hash() http://wiki.strongswan.org/repositories/entry/strongswan/src/pluto/ipsec_doi.c#L1355 which is then signed in pluto/ipsec_doi.c:sign_hash() http://wiki.strongswan.org/repositories/entry/strongswan/src/pluto/ipsec_doi.c#L1419 The actual signature is done in by private->sign(private, scheme, hash, &sig) which maps to libstrongswan/plugins/openssl/openssl_ec_private_key.c:sign() http://wiki.strongswan.org/repositories/entry/strongswan/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c#L133 In the IKEv2 code private->sign() is called in charon/sa/authenticatiors/pubkey_authenticator.c:build() http://wiki.strongswan.org/repositories/entry/strongswan/src/charon/sa/authenticators/pubkey_authenticator.c#L61 Regards Andreas kunal patel wrote: > Hi, > > Can someone please let me know whether strongSwan supports RFC 4754. If yes > then can someone please point me to file location which implements auth > payload construction for ECDSA authentication > > Thanks, > Kunal ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
