From: D. Hugh Redelmeier (hugh_at_mimosa.com)
Date: Tue Jan 07 2003 - 02:58:22 CET
| From: Daniel Djamaludin <danield_at_snapgear.com>
| I was wondering if freeswan used RSAES-OAEP and/or RSAES-PKCS1-V1.5.
| I've had a look at the old postings by D. Hugh Redelmeier a few years
| ago, but I couldn't ascertain which was used in the end
| (http://www.sandelman.ottawa.on.ca/linux-ipsec/html/1999/11/msg00389.html).
| Does anybody know please? And is RSA-PSS used as well?
Why are you wondering? Are you planning on writing a different IKE?
You can tell by reading the code. Look in
freeswan/programs/pluto/ipsec_doi.c:RSA_sign_hash()
/* Create an RSA signature of a hash.
* Poorly specified in draft-ietf-ipsec-ike-01.txt 6.1.1.2.
* Use PKCS#1 version 1.5 encryption of hash (called
* RSAES-PKCS1-V1_5) in PKCS#2.
*/
static size_t
RSA_sign_hash(struct connection *c
, u_char sig_val[RSA_MAX_OCTETS]
, const u_char *hash_val, size_t hash_len)
RSA-PSS isn't used.
Hugh Redelmeier
hugh_at_mimosa.com voice: +1 416 482-8253
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Jan 08 2003 - 05:21:17 CET