plugins/android_log.opt \
plugins/attr.opt \
plugins/attr-sql.opt \
- plugins/bliss.opt \
plugins/botan.opt \
plugins/bypass-lan.opt \
plugins/certexpire.opt \
+++ /dev/null
-charon.plugins.bliss.use_bliss_b = yes
- Use the enhanced BLISS-B key generation and signature algorithm.
# crypto plugins
ARG_DISBL_SET([aes], [disable AES software implementation plugin.])
ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.])
-ARG_ENABL_SET([bliss], [enable BLISS software implementation plugin.])
ARG_ENABL_SET([blowfish], [enable Blowfish software implementation plugin.])
ARG_ENABL_SET([botan], [enables the Botan crypto plugin.])
ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.])
tss_tss2=true
fi
-if test x$gmp = xtrue -o x$ntru = xtrue -o x$bliss = xtrue; then
+if test x$gmp = xtrue -o x$ntru = xtrue; then
mgf1=true
fi
ADD_PLUGIN([oqs], [s charon scripts nm cmd])
ADD_PLUGIN([drbg], [s charon pki scripts nm cmd])
ADD_PLUGIN([newhope], [s charon scripts nm cmd])
-ADD_PLUGIN([bliss], [s charon pki scripts nm cmd])
ADD_PLUGIN([curl], [s charon pki scripts nm cmd])
ADD_PLUGIN([files], [s charon pki scripts nm cmd])
ADD_PLUGIN([winhttp], [s charon pki scripts])
AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue)
-AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
AM_CONDITIONAL(USE_OQS, test x$oqs = xtrue)
AM_CONDITIONAL(USE_FRODO, test x$frodo = xtrue)
AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue)
-AM_CONDITIONAL(USE_LIBNTTFFT, test x$bliss = xtrue -o x$newhope = xtrue)
+AM_CONDITIONAL(USE_LIBNTTFFT, test x$newhope = xtrue)
AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue)
src/libstrongswan/plugins/af_alg/Makefile
src/libstrongswan/plugins/drbg/Makefile
src/libstrongswan/plugins/ntru/Makefile
- src/libstrongswan/plugins/bliss/Makefile
- src/libstrongswan/plugins/bliss/tests/Makefile
src/libstrongswan/plugins/newhope/Makefile
src/libstrongswan/plugins/newhope/tests/Makefile
src/libstrongswan/plugins/frodo/Makefile
if (strpfx(auth, "ike:") ||
strpfx(auth, "pubkey") ||
strpfx(auth, "rsa") ||
- strpfx(auth, "ecdsa") ||
- strpfx(auth, "bliss"))
+ strpfx(auth, "ecdsa"))
{
cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
build_crl_policy(cfg, local, msg->add_conn.crl_policy);
break;
}
if (match("RSA", &token) || match("ECDSA", &token) ||
- match("BLISS", &token) || match("PKCS8", &token))
+ match("PKCS8", &token))
{
if (match("RSA", &token))
{
{
key_type = KEY_ECDSA;
}
- else if (match("BLISS", &token))
- {
- key_type = KEY_BLISS;
- }
else
{
key_type = KEY_ANY;
}
else
{
- DBG1(DBG_CFG, "line %d: token must be either RSA, ECDSA, BLISS, "
- "PKCS8 P12, PIN, PSK, EAP, XAUTH or NTLM", line_nr);
+ DBG1(DBG_CFG, "line %d: token must be either RSA, ECDSA, PKCS8, "
+ "P12, PIN, PSK, EAP, XAUTH or NTLM", line_nr);
break;
}
}
PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_DSA),
- PLUGIN_SDEPEND(PRIVKEY, KEY_BLISS),
PLUGIN_SDEPEND(PRIVKEY, KEY_ED25519),
PLUGIN_SDEPEND(PRIVKEY, KEY_ED448),
PLUGIN_SDEPEND(CERT_DECODE, CERT_ANY),
Load a private key into the daemon.
{
- type = <private key type, rsa|ecdsa|ed25519|ed448|bliss|any>
+ type = <private key type, rsa|ecdsa|ed25519|ed448|any>
data = <PEM or DER encoded key data>
} => {
success = <yes or no>
if (strpfx(buf, "ike:") ||
strpfx(buf, "pubkey") ||
strpfx(buf, "rsa") ||
- strpfx(buf, "ecdsa") ||
- strpfx(buf, "bliss"))
+ strpfx(buf, "ecdsa"))
{
cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
cfg->add_pubkey_constraints(cfg, buf, TRUE);
endif
endif
-if USE_BLISS
- SUBDIRS += plugins/bliss
-if MONOLITHIC
- libstrongswan_la_LIBADD += plugins/bliss/libstrongswan-bliss.la
-endif
-endif
-
if USE_NEWHOPE
SUBDIRS += plugins/newhope
if MONOLITHIC
SUBDIRS += math/libnttfft/tests
endif
-if USE_BLISS
- SUBDIRS += plugins/bliss/tests
-endif
-
if USE_NEWHOPE
SUBDIRS += plugins/newhope/tests
endif
0x2A "ITA"
0x01 "strongSwan" OID_STRONGSWAN
0x02 "cps"
- 0x03 "e-voting"
- 0x05 "BLISS"
- 0x01 "keyType"
- 0x01 "blissPublicKey" OID_BLISS_PUBLICKEY
- 0x02 "parameters"
- 0x01 "BLISS-I" OID_BLISS_I
- 0x02 "BLISS-II" OID_BLISS_II
- 0x03 "BLISS-III" OID_BLISS_III
- 0x04 "BLISS-IV" OID_BLISS_IV
- 0x05 "BLISS-B-I" OID_BLISS_B_I
- 0x06 "BLISS-B-II" OID_BLISS_B_II
- 0x07 "BLISS-B-III" OID_BLISS_B_III
- 0x08 "BLISS-B-IV" OID_BLISS_B_IV
- 0x03 "blissSigType"
- 0x01 "BLISS-with-SHA2-512" OID_BLISS_WITH_SHA2_512
- 0x02 "BLISS-with-SHA2-384" OID_BLISS_WITH_SHA2_384
- 0x03 "BLISS-with-SHA2-256" OID_BLISS_WITH_SHA2_256
- 0x04 "BLISS-with-SHA3-512" OID_BLISS_WITH_SHA3_512
- 0x05 "BLISS-with-SHA3-384" OID_BLISS_WITH_SHA3_384
- 0x06 "BLISS-with-SHA3-256" OID_BLISS_WITH_SHA3_256
- 0x89 ""
+ 0x89 ""
0x31 ""
0x01 ""
0x01 ""
"RULE_GROUP",
"RULE_RSA_STRENGTH",
"RULE_ECDSA_STRENGTH",
- "RULE_BLISS_STRENGTH",
"RULE_SIGNATURE_SCHEME",
"RULE_IKE_SIGNATURE_SCHEME",
"RULE_CERT_POLICY",
case AUTH_RULE_CERT_POLICY:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_HELPER_IM_CERT:
case AUTH_RULE_OCSP_VALIDATION:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
/* integer type */
this->value = (void*)(uintptr_t)va_arg(args, u_int);
case AUTH_RULE_OCSP_VALIDATION:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
{
return e1->value == e2->value;
case AUTH_RULE_OCSP_VALIDATION:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
case AUTH_RULE_MAX:
break;
case AUTH_RULE_OCSP_VALIDATION:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
/* integer type */
entry->value = (void*)(uintptr_t)va_arg(args, u_int);
case AUTH_RULE_EAP_VENDOR:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
return (void*)0;
case AUTH_RULE_CRL_VALIDATION:
case AUTH_RULE_OCSP_VALIDATION:
{ "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
{ "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
- { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
- { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
- { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
{ "identity", SIGN_ED25519, KEY_ED25519, },
{ "identity", SIGN_ED448, KEY_ED448, },
{ "identity", SIGN_DILITHIUM_2, KEY_DILITHIUM_2, },
expected_type = KEY_ED448;
continue;
}
- if (streq(token, "bliss") || streq(token, "ike:bliss"))
- {
- key_token = token;
- expected_type = KEY_BLISS;
- expected_strength = AUTH_RULE_BLISS_STRENGTH;
- continue;
- }
if (streq(token, "pubkey") || streq(token, "ike:pubkey"))
{
key_token = token;
}
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
{
strength = (uintptr_t)value;
break;
case AUTH_RULE_ECDSA_STRENGTH:
key_type = "ECDSA";
break;
- case AUTH_RULE_BLISS_STRENGTH:
- key_type = "BLISS";
- break;
}
success = FALSE;
e1 = constraints->create_enumerator(constraints);
case AUTH_RULE_EAP_VENDOR:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
{
add(this, type, (uintptr_t)value);
case AUTH_RULE_OCSP_VALIDATION:
case AUTH_RULE_RSA_STRENGTH:
case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_CERT_VALIDATION_SUSPENDED:
clone->add(clone, type, (uintptr_t)value);
break;
AUTH_RULE_RSA_STRENGTH,
/** required ECDSA public key strength, u_int in bits */
AUTH_RULE_ECDSA_STRENGTH,
- /** required BLISS public key strength, u_int in bits */
- AUTH_RULE_BLISS_STRENGTH,
/** required signature scheme, signature_params_t* */
AUTH_RULE_SIGNATURE_SCHEME,
/** required signature scheme for IKE authentication, signature_params_t* */
CRED_PART_EDDSA_PUB_ASN1_DER,
/** a DER encoded EdDSA private key */
CRED_PART_EDDSA_PRIV_ASN1_DER,
- /** a DER encoded BLISS public key */
- CRED_PART_BLISS_PUB_ASN1_DER,
- /** a DER encoded BLISS private key */
- CRED_PART_BLISS_PRIV_ASN1_DER,
-
CRED_PART_END,
};
case KEY_ECDSA:
auth->add(auth, AUTH_RULE_ECDSA_STRENGTH, strength);
break;
- case KEY_BLISS:
- auth->add(auth, AUTH_RULE_BLISS_STRENGTH, strength);
- break;
default:
break;
}
#include "public_key.h"
#include "signature_params.h"
-ENUM(key_type_names, KEY_ANY, KEY_BLISS,
+ENUM(key_type_names, KEY_ANY, KEY_DILITHIUM_5,
"ANY",
"RSA",
"ECDSA",
"Dilithium2",
"Dilithium3",
"Dilithium5",
- "BLISS"
);
-ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_DILITHIUM_5,
"UNKNOWN",
"RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"DILITHIUM_2",
"DILITHIUM_3",
"DILITHIUM_5",
- "BLISS_WITH_SHA2_256",
- "BLISS_WITH_SHA2_384",
- "BLISS_WITH_SHA2_512",
- "BLISS_WITH_SHA3_256",
- "BLISS_WITH_SHA3_384",
- "BLISS_WITH_SHA3_512",
);
ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
return SIGN_DILITHIUM_3;
case OID_DILITHIUM_5:
return SIGN_DILITHIUM_5;
- case OID_BLISS_PUBLICKEY:
- case OID_BLISS_WITH_SHA2_512:
- return SIGN_BLISS_WITH_SHA2_512;
- case OID_BLISS_WITH_SHA2_384:
- return SIGN_BLISS_WITH_SHA2_384;
- case OID_BLISS_WITH_SHA2_256:
- return SIGN_BLISS_WITH_SHA2_256;
- case OID_BLISS_WITH_SHA3_512:
- return SIGN_BLISS_WITH_SHA3_512;
- case OID_BLISS_WITH_SHA3_384:
- return SIGN_BLISS_WITH_SHA3_384;
- case OID_BLISS_WITH_SHA3_256:
- return SIGN_BLISS_WITH_SHA3_256;
}
return SIGN_UNKNOWN;
}
return OID_DILITHIUM_3;
case SIGN_DILITHIUM_5:
return OID_DILITHIUM_5;
- case SIGN_BLISS_WITH_SHA2_256:
- return OID_BLISS_WITH_SHA2_256;
- case SIGN_BLISS_WITH_SHA2_384:
- return OID_BLISS_WITH_SHA2_384;
- case SIGN_BLISS_WITH_SHA2_512:
- return OID_BLISS_WITH_SHA2_512;
- case SIGN_BLISS_WITH_SHA3_256:
- return OID_BLISS_WITH_SHA3_256;
- case SIGN_BLISS_WITH_SHA3_384:
- return OID_BLISS_WITH_SHA3_384;
- case SIGN_BLISS_WITH_SHA3_512:
- return OID_BLISS_WITH_SHA3_512;
}
return OID_UNKNOWN;
}
{ KEY_ED448, 0, { .scheme = SIGN_ED448 }},
{ KEY_DILITHIUM_2, 0, { .scheme = SIGN_DILITHIUM_2}},
{ KEY_DILITHIUM_3, 0, { .scheme = SIGN_DILITHIUM_3}},
- { KEY_DILITHIUM_5, 0, { .scheme = SIGN_DILITHIUM_5}},
- { KEY_BLISS, 128, { .scheme = SIGN_BLISS_WITH_SHA2_256 }},
- { KEY_BLISS, 192, { .scheme = SIGN_BLISS_WITH_SHA2_384 }},
- { KEY_BLISS, 0, { .scheme = SIGN_BLISS_WITH_SHA2_512 }},
+ { KEY_DILITHIUM_4, 0, { .scheme = SIGN_DILITHIUM_5}},
};
/**
return KEY_DILITHIUM_3;
case SIGN_DILITHIUM_5:
return KEY_DILITHIUM_5;
- case SIGN_BLISS_WITH_SHA2_256:
- case SIGN_BLISS_WITH_SHA2_384:
- case SIGN_BLISS_WITH_SHA2_512:
- case SIGN_BLISS_WITH_SHA3_256:
- case SIGN_BLISS_WITH_SHA3_384:
- case SIGN_BLISS_WITH_SHA3_512:
- return KEY_BLISS;
}
return KEY_ANY;
}
KEY_DILITHIUM_3 = 7,
/** Dilithium4 NIST Round 3 Submission candidate */
KEY_DILITHIUM_5 = 8,
- /** BLISS */
- KEY_BLISS = 9,
};
/**
SIGN_DILITHIUM_3,
/** Dilithium4 NIST Round 3 Submission signature */
SIGN_DILITHIUM_5,
- /** BLISS with SHA-2_256 */
- SIGN_BLISS_WITH_SHA2_256,
- /** BLISS with SHA-2_384 */
- SIGN_BLISS_WITH_SHA2_384,
- /** BLISS with SHA-2_512 */
- SIGN_BLISS_WITH_SHA2_512,
- /** BLISS with SHA-3_256 */
- SIGN_BLISS_WITH_SHA3_256,
- /** BLISS with SHA-3_384 */
- SIGN_BLISS_WITH_SHA3_384,
- /** BLISS with SHA-3_512 */
- SIGN_BLISS_WITH_SHA3_512,
};
/**
default:
return OID_UNKNOWN;
}
-
- case KEY_BLISS:
- switch (alg)
- {
- case HASH_SHA256:
- return OID_BLISS_WITH_SHA2_256;
- case HASH_SHA384:
- return OID_BLISS_WITH_SHA2_384;
- case HASH_SHA512:
- return OID_BLISS_WITH_SHA2_512;
- case HASH_SHA3_256:
- return OID_BLISS_WITH_SHA3_256;
- case HASH_SHA3_384:
- return OID_BLISS_WITH_SHA3_384;
- case HASH_SHA3_512:
- return OID_BLISS_WITH_SHA3_512;
- default:
- return OID_UNKNOWN;
- }
default:
return OID_UNKNOWN;
}
case SIGN_RSA_EMSA_PKCS1_SHA2_256:
case SIGN_ECDSA_WITH_SHA256_DER:
case SIGN_ECDSA_256:
- case SIGN_BLISS_WITH_SHA2_256:
return HASH_SHA256;
case SIGN_RSA_EMSA_PKCS1_SHA2_384:
case SIGN_ECDSA_WITH_SHA384_DER:
case SIGN_ECDSA_384:
- case SIGN_BLISS_WITH_SHA2_384:
return HASH_SHA384;
case SIGN_RSA_EMSA_PKCS1_SHA2_512:
case SIGN_ECDSA_WITH_SHA512_DER:
case SIGN_ECDSA_521:
- case SIGN_BLISS_WITH_SHA2_512:
return HASH_SHA512;
case SIGN_RSA_EMSA_PKCS1_SHA3_224:
return HASH_SHA3_224;
case SIGN_RSA_EMSA_PKCS1_SHA3_256:
- case SIGN_BLISS_WITH_SHA3_256:
return HASH_SHA3_256;
case SIGN_RSA_EMSA_PKCS1_SHA3_384:
- case SIGN_BLISS_WITH_SHA3_384:
return HASH_SHA3_384;
case SIGN_RSA_EMSA_PKCS1_SHA3_512:
- case SIGN_BLISS_WITH_SHA3_512:
return HASH_SHA3_512;
}
return HASH_UNKNOWN;
+++ /dev/null
-bliss_huffman
+++ /dev/null
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libstrongswan/math/libnttfft
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-# these file are also used by bliss_huffman
-noinst_LTLIBRARIES = libbliss-params.la
-
-libbliss_params_la_SOURCES = \
- bliss_param_set.h bliss_param_set.c
-
-libbliss_params_la_LIBADD = \
- $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
-
-# these files are also used by the tests, we can't directly refer to them
-# because of the subdirectory, which would cause distclean to fail
-noinst_LTLIBRARIES += libbliss.la
-libbliss_la_SOURCES = \
- bliss_private_key.h bliss_private_key.c \
- bliss_public_key.h bliss_public_key.c \
- bliss_signature.h bliss_signature.c \
- bliss_utils.h bliss_utils.c \
- bliss_bitpacker.h bliss_bitpacker.c \
- bliss_huffman_code.h bliss_huffman_code.c \
- bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \
- bliss_huffman_coder.h bliss_huffman_coder.c \
- bliss_sampler.h bliss_sampler.c
-
-libbliss_la_LIBADD = \
- $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
- libbliss-params.la
-
-if MONOLITHIC
-noinst_LTLIBRARIES += libstrongswan-bliss.la
-else
-plugin_LTLIBRARIES = libstrongswan-bliss.la
-endif
-
-libstrongswan_bliss_la_SOURCES = \
- bliss_plugin.h bliss_plugin.c
-
-libstrongswan_bliss_la_LDFLAGS = -module -avoid-version
-
-libstrongswan_bliss_la_LIBADD = libbliss.la
-
-noinst_PROGRAMS = bliss_huffman
-
-bliss_huffman_SOURCES = bliss_huffman.c
-
-bliss_huffman_LDADD = -lm \
- $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
- libbliss-params.la
-
-recreate-bliss-huffman : bliss_huffman bliss_huffman_code.h
- $(AM_V_GEN) \
- ./bliss_huffman 1 8 > $(srcdir)/bliss_huffman_code_1.c 2>/dev/null
- $(AM_V_GEN) \
- ./bliss_huffman 3 16 > $(srcdir)/bliss_huffman_code_3.c 2>/dev/null
- $(AM_V_GEN) \
- ./bliss_huffman 4 32 > $(srcdir)/bliss_huffman_code_4.c 2>/dev/null
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_bitpacker.h"
-
-typedef struct private_bliss_bitpacker_t private_bliss_bitpacker_t;
-
-/**
- * Private data structure for bliss_bitpacker_t object
- */
-struct private_bliss_bitpacker_t {
- /**
- * Public interface.
- */
- bliss_bitpacker_t public;
-
- /**
- * Current number of bits written to buffer
- */
- size_t bits;
-
- /**
- * Bit buffer for up to 32 bits
- */
- uint32_t bits_buf;
-
- /**
- * Bits left in the bit buffer
- */
- size_t bits_left;
-
- /**
- * Buffer
- */
- chunk_t buf;
-
- /**
- * Read/Write pointer into buffer
- */
- chunk_t pos;
-
-};
-
-METHOD(bliss_bitpacker_t, get_bits, size_t,
- private_bliss_bitpacker_t *this)
-{
- return this->bits;
-}
-
-METHOD(bliss_bitpacker_t, write_bits, bool,
- private_bliss_bitpacker_t *this, uint32_t value, size_t bits)
-{
- if (bits == 0)
- {
- return TRUE;
- }
- if (bits > 32)
- {
- return FALSE;
- }
- if (bits < 32)
- {
- value &= (1 << bits) - 1;
- }
- this->bits += bits;
-
- while (TRUE)
- {
- if (bits <= this->bits_left)
- {
- this->bits_buf |= value << (this->bits_left - bits);
- this->bits_left -= bits;
- return TRUE;
- }
-
- this->bits_buf |= value >> (bits - this->bits_left);
- value &= (1 << (bits - this->bits_left)) - 1;
- bits -= this->bits_left;
-
- if (this->pos.len < 8)
- {
- return FALSE;
- }
- htoun32(this->pos.ptr, this->bits_buf);
- this->pos = chunk_skip(this->pos, 4);
- this->bits_buf = 0;
- this->bits_left = 32;
- }
-}
-
-METHOD(bliss_bitpacker_t, read_bits, bool,
- private_bliss_bitpacker_t *this, uint32_t *value, size_t bits)
-{
- if (bits > 32)
- {
- return FALSE;
- }
- *value = 0;
-
- while (TRUE)
- {
- if (this->bits_left == 0)
- {
- if (this->pos.len < 4)
- {
- return FALSE;
- }
- this->bits_buf = untoh32(this->pos.ptr);
- this->pos = chunk_skip(this->pos, 4);
- this->bits_left = 32;
- }
- if (bits <= this->bits_left)
- {
- *value |= this->bits_buf >> (this->bits_left - bits);
- this->bits_buf &= (1 << (this->bits_left - bits)) - 1;
- this->bits_left -= bits;
-
- return TRUE;
- }
- *value |= this->bits_buf << (bits - this->bits_left);
- bits -= this->bits_left;
- this->bits_left = 0;
- }
-}
-
-METHOD(bliss_bitpacker_t, extract_buf, chunk_t,
- private_bliss_bitpacker_t *this)
-{
- chunk_t buf;
-
- htoun32(this->pos.ptr, this->bits_buf);
- this->pos.len -= 4;
- buf = this->buf;
- buf.len = this->buf.len - this->pos.len - this->bits_left/8;
- this->buf = this->pos = chunk_empty;
-
- return buf;
-}
-
-METHOD(bliss_bitpacker_t, destroy, void,
- private_bliss_bitpacker_t *this)
-{
- free(this->buf.ptr);
- free(this);
-}
-
-/**
- * See header.
- */
-bliss_bitpacker_t *bliss_bitpacker_create(uint16_t max_bits)
-{
- private_bliss_bitpacker_t *this;
-
- INIT(this,
- .public = {
- .get_bits = _get_bits,
- .write_bits = _write_bits,
- .read_bits = _read_bits,
- .extract_buf = _extract_buf,
- .destroy = _destroy,
- },
- .bits_left = 32,
- .buf = chunk_alloc(round_up(max_bits, 32)/8),
- );
-
- this->pos = this->buf;
-
- return &this->public;
-}
-
-/**
- * See header.
- */
-bliss_bitpacker_t *bliss_bitpacker_create_from_data(chunk_t data)
-{
- private_bliss_bitpacker_t *this;
-
- INIT(this,
- .public = {
- .get_bits = _get_bits,
- .write_bits = _write_bits,
- .read_bits = _read_bits,
- .extract_buf = _extract_buf,
- .destroy = _destroy,
- },
- .bits = 8 * data.len,
- .buf = chunk_alloc(round_up(data.len, 4)),
- );
-
- memset(this->buf.ptr + this->buf.len - 4, 0x00, 4);
- memcpy(this->buf.ptr, data.ptr, data.len);
- this->pos = this->buf;
-
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_bitpacker bliss_bitpacker
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_BITPACKER_H_
-#define BLISS_BITPACKER_H_
-
-#include <library.h>
-
-typedef struct bliss_bitpacker_t bliss_bitpacker_t;
-
-/**
- * Reads and writes a variable number of bits in packed format
- * from and to an octet buffer
- */
-struct bliss_bitpacker_t {
-
- /**
- * Get the number of bits written into buffer
- *
- * @result Number of bits written
- */
- size_t (*get_bits)(bliss_bitpacker_t *this);
-
- /**
- * Get the prime modulus of the Number Theoretic Transform
- *
- * @param value Value to be written
- * @param bits Number of bits to be written
- * @result TRUE if value could be written into buffer
- */
- bool (*write_bits)(bliss_bitpacker_t *this, uint32_t value, size_t bits);
-
-
- /**
- * Get the prime modulus of the Number Theoretic Transform
- *
- * @param value Value returned
- * @param bits Number of bits to be read
- * @result TRUE if value could be read from buffer
- */
- bool (*read_bits)(bliss_bitpacker_t *this, uint32_t *value, size_t bits);
-
- /**
- * Detach the internal octet buffer and return it
- */
- chunk_t (*extract_buf)(bliss_bitpacker_t *this);
-
- /**
- * Destroy bliss_bitpacker_t object
- */
- void (*destroy)(bliss_bitpacker_t *this);
-};
-
-/**
- * Create a bliss_bitpacker_t object for writing
- *
- * @param max_bits Total number of bits to be stored
- */
-bliss_bitpacker_t* bliss_bitpacker_create(uint16_t max_bits);
-
-/**
- * Create a bliss_bitpacker_t object for reading
- *
- * @param data Packed array of bits
- */
-bliss_bitpacker_t* bliss_bitpacker_create_from_data(chunk_t data);
-
-#endif /** BLISS_BITPACKER_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014 Tobias Brunner
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_param_set.h"
-
-#include <library.h>
-
-#include <stdio.h>
-#include <math.h>
-
-typedef struct tuple_t tuple_t;
-
-struct tuple_t {
- int8_t z1;
- int8_t z2;
- uint16_t index;
- uint16_t bits;
- uint32_t code;
-};
-
-typedef struct node_t node_t;
-
-struct node_t {
- node_t *next;
- node_t *l;
- node_t *r;
- tuple_t *tuple;
- double p;
- uint16_t depth;
- uint16_t index;
-};
-
-static void print_node(node_t *node)
-{
- if (node->tuple)
- {
- fprintf(stderr, "(%1d,%2d)", node->tuple->z1, node->tuple->z2);
- }
- else
- {
- fprintf(stderr, " ");
- }
- fprintf(stderr, " %18.16f\n", node->p);
-}
-
-static double code_node(node_t *node, int *index, uint8_t bits, uint32_t code)
-{
- double code_length = 0;
-
- node->index = (*index)++;
-
- if (node->tuple)
- {
- node->tuple->code = code;
- node->tuple->bits = bits;
- code_length += node->p * bits;
- }
- if (node->l)
- {
- code_length += code_node(node->l, index, bits + 1, (code << 1));
- }
- if (node->r)
- {
- code_length += code_node(node->r, index, bits + 1, (code << 1) + 1);
- }
-
- return code_length;
-
-}
-
-static void write_node(node_t *node)
-{
- int16_t node_0, node_1, tuple;
-
- node_0 = node->l ? node->l->index : BLISS_HUFFMAN_CODE_NO_NODE;
- node_1 = node->r ? node->r->index : BLISS_HUFFMAN_CODE_NO_NODE;
- tuple = node->tuple ? node->tuple->index : BLISS_HUFFMAN_CODE_NO_TUPLE;
-
- printf("\t{ %3d, %3d, %3d }, /* %3d: ", node_0, node_1, tuple, node->index);
-
- if (node->tuple)
- {
- printf("(%d,%2d) %2u bit%s ", node->tuple->z1, node->tuple->z2,
- node->tuple->bits, (node->tuple->bits == 1) ? " " : "s");
- }
- printf("*/\n");
-
- if (node->l)
- {
- write_node(node->l);
- }
- if (node->r)
- {
- write_node(node->r);
- }
-}
-
-static void write_header(void)
-{
- printf("/*\n");
- printf(" * Copyright (C) 2014 Andreas Steffen\n");
- printf(" *\n");
- printf(" * Optimum Huffman code for BLISS-X signatures\n");
- printf(" *\n");
- printf(" * This file has been automatically generated by the"
- " bliss_huffman utility\n");
- printf(" * Do not edit manually!\n");
- printf(" */\n\n");
-};
-
-static void write_code_tables(int bliss_type, int n_z1, int n_z2, node_t *nodes,
- tuple_t **tuples)
-{
- int index, i, k;
- uint32_t bit;
- double code_length;
-
- printf("#include \"bliss_huffman_code.h\"\n\n");
-
- printf("static bliss_huffman_code_node_t nodes[] = {\n");
- index = 0;
- code_length = code_node(nodes, &index, 0, 0);
- write_node(nodes);
- printf("};\n\n");
-
- printf("static bliss_huffman_code_tuple_t tuples[] = {\n");
- index = 0;
- for (i = 0; i < n_z1; i++)
- {
- if (i > 0)
- {
- printf("\n");
- }
- for (k = 1 - n_z2; k < n_z2; k++)
- {
- printf("\t{ %5u, %2u }, /* %3d: (%1d,%2d) ",
- tuples[index]->code, tuples[index]->bits, index, i, k);
- bit = 1 << (tuples[index]->bits - 1);
- while (bit)
- {
- printf("%s", (tuples[index]->code & bit) ? "1" : "0");
- bit >>= 1;
- }
- printf(" */\n");
- index++;
- }
- }
- printf("};\n\n");
- printf("/* code_length = %6.4f bits/tuple (%d bits) */\n\n",
- code_length, (int)(512 * code_length + 1));
-
- printf("bliss_huffman_code_t bliss_huffman_code_%d = {\n", bliss_type);
- printf("\t.n_z1 = %d,\n", n_z1);
- printf("\t.n_z2 = %d,\n", n_z2);
- printf("\t.tuples = tuples,\n");
- printf("\t.nodes = nodes\n");
- printf("};\n");
-}
-
-static void destroy_node(node_t *node)
-{
- if (node->l)
- {
- destroy_node(node->l);
- }
- if (node->r)
- {
- destroy_node(node->r);
- }
- free(node->tuple);
- free(node);
-}
-
-static void remove_node(node_t *list, node_t **last, node_t *node)
-{
- node_t *current, *prev;
-
- for (current = list->next, prev = list; current;
- prev = current, current = current->next)
- {
- if (current == node)
- {
- prev->next = current->next;
- if (*last == current)
- {
- *last = prev->next ?: prev;
- }
- break;
- }
- }
-}
-
-/**
- * Generate a Huffman code for the optimum encoding of BLISS signatures
- */
-int main(int argc, char *argv[])
-{
- const bliss_param_set_t *set;
- int dx, bliss_type, depth = 1, groups, groups_left, pairs = 1;
- int i_max = 9, k_max = 8, index_max = (2*k_max - 1) * i_max;
- int i, i_top, k, k_top;
- uint16_t index;
- double p, p_z1[i_max], p_z2[k_max], x_z1[i_max], x_z2[k_max];
- double t, x, x0, p_sum, entropy = 0, erf_i, erf_k, erf_0 = 0;
- tuple_t *tuple, *tuples[index_max];
- node_t *node, *node_l, *node_r, *nodes = NULL;
- node_t *node_list, *node_last;
-
- if (argc < 2)
- {
- fprintf(stderr, "usage: bliss_huffman <bliss type> [<pairs>]\n");
- exit(1);
- }
- if (argc > 2)
- {
- pairs = atoi(argv[2]);
- }
- fprintf(stderr, "%d code pairs with constant length\n\n", pairs);
- groups_left = groups = pairs >> 1;
-
- bliss_type = atoi(argv[1]);
- set = bliss_param_set_get_by_id(bliss_type);
- if (!set)
- {
- fprintf(stderr, "bliss type %d unsupported\n", bliss_type);
- exit(1);
- }
- write_header();
- printf("/*\n");
- printf(" * Design: sigma = %u\n", set->sigma);
- printf(" *\n");
-
- t = 1/(sqrt(2) * set->sigma);
-
- /* Probability distribution for z1 */
- i_top = (set->B_inf + 255) / 256;
- p_sum = 0;
- x = 0;
-
- for (i = 0; i < i_top; i++)
- {
- x = min(x + 256, set->B_inf);
- erf_i = erf(t*x);
- p_z1[i] = erf_i - erf_0;
- p_sum += p_z1[i];
- erf_0 = erf_i;
- x_z1[i] = x;
- }
-
- /* Normalize and print the probability distribution for z1 */
- printf(" * i p_z1[i]\n");
- x0 = 0;
-
- for (i = 0; i < i_top; i++)
- {
- p_z1[i] /= p_sum;
- printf(" * %2d %18.16f %4.0f .. %4.0f\n", i, p_z1[i], x0, x_z1[i]);
- x0 = x_z1[i];
- }
- printf(" *\n");
-
- /* Probability distribution for z2 */
- dx = 1 << set->d;
- k_top = 1 + set->B_inf / dx;
- x = (dx >> 1) - 0.5;
- p_sum = 0;
-
- for (k = 0; k < k_top; k++)
- {
-
- erf_k = erf(t*x) / 2;
- p_z2[k] = (k == 0) ? 2*erf_k : erf_k - erf_0;
- p_sum += (k == 0) ? p_z2[k] : 2*p_z2[k];
- erf_0 = erf_k;
- x_z2[k] = x;
- x += dx;
- }
-
- /* Normalize the probability distribution for z2 */
- for (k = 0; k < k_top; k++)
- {
- p_z2[k] /= p_sum;
- }
-
- /* Print the probability distribution for z2 */
- printf(" * k p_z2[k] dx = %d\n", dx);
-
- for (k = 1 - k_top; k < k_top; k++)
- {
-
- printf(" * %2d %18.16f ",k, p_z2[abs(k)]);
- if (k < 0)
- {
- printf(" %7.1f ..%7.1f\n", -x_z2[-k], -x_z2[-k-1]);
- }
- else if (k == 0)
- {
- printf(" %7.1f ..%7.1f\n", -x_z2[k], x_z2[k]);
- }
- else
- {
- printf(" %7.1f ..%7.1f\n", x_z2[k-1], x_z2[k]);
- }
- }
- printf(" *\n");
-
- /* Compute probabilities of tuples (z1, z2) */
- INIT(node_list);
- node_last = node_list;
- printf(" * (i, k) p\n");
- p_sum =0;
- index = 0;
-
- for (i = 0; i < i_top; i++)
- {
- for (k = 1 - k_top; k < k_top; k++)
- {
- p = p_z1[i] * p_z2[abs(k)];
- printf(" * (%1d,%2d) %18.16f\n", i, k, p);
- p_sum += p;
- entropy += -log(p) * p;
-
- INIT(tuple,
- .z1 = i,
- .z2 = k,
- .index = index,
- );
- tuples[index++] = tuple;
-
- INIT(node,
- .p = p,
- .tuple = tuple,
- );
- node_last->next = node;
- node_last = node;
- }
- printf(" *\n");
- }
- entropy /= log(2);
- printf(" * p_sum %18.16f\n", p_sum);
- printf(" *\n");
- printf(" * entropy = %6.4f bits/tuple (%d bits)\n",
- entropy, (int)(512 * entropy));
- printf(" */\n\n");
-
- /* Build Huffman tree */
- while (node_list->next != node_last)
- {
- node_r = node_l = NULL;
-
- for (node = node_list->next; node; node = node->next)
- {
- if (pairs > 0)
- {
- if (!node->tuple)
- {
- continue;
- }
- }
- else if (groups_left > 0)
- {
- if (node->tuple || node->depth != depth)
- {
- continue;
- }
- }
- if (node_r == NULL || node->p < node_r->p)
- {
- node_l = node_r;
- node_r = node;
- }
- else if (node_l == NULL || node->p < node_l->p)
- {
- node_l = node;
- }
- }
-
- INIT(node,
- .l = node_l,
- .r = node_r,
- .p = node_l->p + node_r->p,
- .depth = 1 + max(node_l->depth, node_r->depth),
- .tuple = NULL,
- );
- print_node(node_r);
- print_node(node_l);
- fprintf(stderr, " %18.16f", node->p);
-
- remove_node(node_list, &node_last, node_l);
- remove_node(node_list, &node_last, node_r);
- node_last->next = node;
- node_last = node;
-
- if (pairs > 0)
- {
- pairs--;
- }
- else if (groups > 0)
- {
- if (--groups_left == 0)
- {
- groups >>= 1;
- groups_left = groups;
- depth++;
- }
- }
- fprintf(stderr, "\n\n");
- }
-
-
- nodes = node_list->next;
-
- write_code_tables(bliss_type, i_top, k_top, nodes, tuples);
-
- destroy_node(nodes);
- destroy_node(node_list);
- exit(0);
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_huffman_code.h"
-
-extern bliss_huffman_code_t bliss_huffman_code_1;
-extern bliss_huffman_code_t bliss_huffman_code_3;
-extern bliss_huffman_code_t bliss_huffman_code_4;
-
-/**
- * See header.
- */
-bliss_huffman_code_t* bliss_huffman_code_get_by_id(bliss_param_set_id_t id)
-{
- switch (id)
- {
- case BLISS_I:
- case BLISS_B_I:
- return &bliss_huffman_code_1;
- case BLISS_III:
- case BLISS_B_III:
- return &bliss_huffman_code_3;
- case BLISS_IV:
- case BLISS_B_IV:
- return &bliss_huffman_code_4;
- default:
- return NULL;
- }
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_huffman_code bliss_huffman_code
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_HUFFMAN_CODE_H_
-#define BLISS_HUFFMAN_CODE_H_
-
-#include "bliss_param_set.h"
-
-#include <library.h>
-
-typedef struct bliss_huffman_code_t bliss_huffman_code_t;
-typedef struct bliss_huffman_code_tuple_t bliss_huffman_code_tuple_t;
-typedef struct bliss_huffman_code_node_t bliss_huffman_code_node_t;
-
-struct bliss_huffman_code_tuple_t {
- uint32_t code;
- uint16_t bits;
-};
-
-#define BLISS_HUFFMAN_CODE_NO_TUPLE -1
-#define BLISS_HUFFMAN_CODE_NO_NODE -1
-
-struct bliss_huffman_code_node_t {
- int16_t node_0;
- int16_t node_1;
- int16_t tuple;
-};
-
-/**
- * Defines the Huffman code for the optimum encoding of a BLISS signature
- */
-struct bliss_huffman_code_t {
-
- /**
- * Range of z1: 0..n_z1-1
- */
- uint16_t n_z1;
-
- /**
- * Range of z2: -n_z2..n_z2
- */
- uint16_t n_z2;
-
- /**
- * Table of tuple codewords
- */
- bliss_huffman_code_tuple_t *tuples;
-
- /**
- * Table of binary decision nodes
- */
- bliss_huffman_code_node_t *nodes;
-};
-
-/**
- * Get Optimum Huffman code for BLISS signature given by BLISS parameter set ID
- *
- * @param id BLISS parameter set ID
- * @return Optimum Huffman code for BLISS signature
-*/
-bliss_huffman_code_t* bliss_huffman_code_get_by_id(bliss_param_set_id_t id);
-
-#endif /** BLISS_HUFFMAN_CODE_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Optimum Huffman code for BLISS-X signatures
- *
- * This file has been automatically generated by the bliss_huffman utility
- * Do not edit manually!
- */
-
-/*
- * Design: sigma = 215
- *
- * i p_z1[i]
- * 0 0.7662277087816564 0 .. 256
- * 1 0.2165251006508514 256 .. 512
- * 2 0.0168930510015114 512 .. 768
- * 3 0.0003522302274478 768 .. 1024
- * 4 0.0000019067136680 1024 .. 1280
- * 5 0.0000000026239598 1280 .. 1536
- * 6 0.0000000000009052 1536 .. 1792
- * 7 0.0000000000000001 1792 .. 2047
- *
- * k p_z2[k] dx = 1024
- * -1 0.0086781953089156 -1535.5 .. -511.5
- * 0 0.9826436093821688 -511.5 .. 511.5
- * 1 0.0086781953089156 511.5 .. 1535.5
- *
- * (i, k) p
- * (0,-1) 0.0066494737079101
- * (0, 0) 0.7529287613658361
- * (0, 1) 0.0066494737079101
- *
- * (1,-1) 0.0018790471127307
- * (1, 0) 0.2127670064253900
- * (1, 1) 0.0018790471127307
- *
- * (2,-1) 0.0001466011959546
- * (2, 0) 0.0165998486096022
- * (2, 1) 0.0001466011959546
- *
- * (3,-1) 0.0000030567227075
- * (3, 0) 0.0003461167820328
- * (3, 1) 0.0000030567227075
- *
- * (4,-1) 0.0000000165468336
- * (4, 0) 0.0000018736200007
- * (4, 1) 0.0000000165468336
- *
- * (5,-1) 0.0000000000227712
- * (5, 0) 0.0000000025784174
- * (5, 1) 0.0000000000227712
- *
- * (6,-1) 0.0000000000000079
- * (6, 0) 0.0000000000008895
- * (6, 1) 0.0000000000000079
- *
- * (7,-1) 0.0000000000000000
- * (7, 0) 0.0000000000000001
- * (7, 1) 0.0000000000000000
- *
- * p_sum 0.9999999999999998
- *
- * entropy = 1.0195 bits/tuple (521 bits)
- */
-
-#include "bliss_huffman_code.h"
-
-static bliss_huffman_code_node_t nodes[] = {
- { 1, 2, -1 }, /* 0: */
- { -1, -1, 1 }, /* 1: (0, 0) 1 bit */
- { 3, 4, -1 }, /* 2: */
- { -1, -1, 4 }, /* 3: (1, 0) 2 bits */
- { 5, 46, -1 }, /* 4: */
- { 6, 45, -1 }, /* 5: */
- { 7, 8, -1 }, /* 6: */
- { -1, -1, 0 }, /* 7: (0,-1) 5 bits */
- { 9, 44, -1 }, /* 8: */
- { 10, 11, -1 }, /* 9: */
- { -1, -1, 3 }, /* 10: (1,-1) 7 bits */
- { 12, 13, -1 }, /* 11: */
- { -1, -1, 10 }, /* 12: (3, 0) 8 bits */
- { 14, 29, -1 }, /* 13: */
- { 15, 22, -1 }, /* 14: */
- { 16, 19, -1 }, /* 15: */
- { 17, 18, -1 }, /* 16: */
- { -1, -1, 8 }, /* 17: (2, 1) 12 bits */
- { -1, -1, 6 }, /* 18: (2,-1) 12 bits */
- { 20, 21, -1 }, /* 19: */
- { -1, -1, 11 }, /* 20: (3, 1) 12 bits */
- { -1, -1, 9 }, /* 21: (3,-1) 12 bits */
- { 23, 26, -1 }, /* 22: */
- { 24, 25, -1 }, /* 23: */
- { -1, -1, 13 }, /* 24: (4, 0) 12 bits */
- { -1, -1, 14 }, /* 25: (4, 1) 12 bits */
- { 27, 28, -1 }, /* 26: */
- { -1, -1, 12 }, /* 27: (4,-1) 12 bits */
- { -1, -1, 16 }, /* 28: (5, 0) 12 bits */
- { 30, 37, -1 }, /* 29: */
- { 31, 34, -1 }, /* 30: */
- { 32, 33, -1 }, /* 31: */
- { -1, -1, 17 }, /* 32: (5, 1) 12 bits */
- { -1, -1, 15 }, /* 33: (5,-1) 12 bits */
- { 35, 36, -1 }, /* 34: */
- { -1, -1, 19 }, /* 35: (6, 0) 12 bits */
- { -1, -1, 20 }, /* 36: (6, 1) 12 bits */
- { 38, 41, -1 }, /* 37: */
- { 39, 40, -1 }, /* 38: */
- { -1, -1, 18 }, /* 39: (6,-1) 12 bits */
- { -1, -1, 22 }, /* 40: (7, 0) 12 bits */
- { 42, 43, -1 }, /* 41: */
- { -1, -1, 23 }, /* 42: (7, 1) 12 bits */
- { -1, -1, 21 }, /* 43: (7,-1) 12 bits */
- { -1, -1, 5 }, /* 44: (1, 1) 6 bits */
- { -1, -1, 2 }, /* 45: (0, 1) 4 bits */
- { -1, -1, 7 }, /* 46: (2, 0) 3 bits */
-};
-
-static bliss_huffman_code_tuple_t tuples[] = {
- { 24, 5 }, /* 0: (0,-1) 11000 */
- { 0, 1 }, /* 1: (0, 0) 0 */
- { 13, 4 }, /* 2: (0, 1) 1101 */
-
- { 100, 7 }, /* 3: (1,-1) 1100100 */
- { 2, 2 }, /* 4: (1, 0) 10 */
- { 51, 6 }, /* 5: (1, 1) 110011 */
-
- { 3249, 12 }, /* 6: (2,-1) 110010110001 */
- { 7, 3 }, /* 7: (2, 0) 111 */
- { 3248, 12 }, /* 8: (2, 1) 110010110000 */
-
- { 3251, 12 }, /* 9: (3,-1) 110010110011 */
- { 202, 8 }, /* 10: (3, 0) 11001010 */
- { 3250, 12 }, /* 11: (3, 1) 110010110010 */
-
- { 3254, 12 }, /* 12: (4,-1) 110010110110 */
- { 3252, 12 }, /* 13: (4, 0) 110010110100 */
- { 3253, 12 }, /* 14: (4, 1) 110010110101 */
-
- { 3257, 12 }, /* 15: (5,-1) 110010111001 */
- { 3255, 12 }, /* 16: (5, 0) 110010110111 */
- { 3256, 12 }, /* 17: (5, 1) 110010111000 */
-
- { 3260, 12 }, /* 18: (6,-1) 110010111100 */
- { 3258, 12 }, /* 19: (6, 0) 110010111010 */
- { 3259, 12 }, /* 20: (6, 1) 110010111011 */
-
- { 3263, 12 }, /* 21: (7,-1) 110010111111 */
- { 3261, 12 }, /* 22: (7, 0) 110010111101 */
- { 3262, 12 }, /* 23: (7, 1) 110010111110 */
-};
-
-/* code_length = 1.3189 bits/tuple (676 bits) */
-
-bliss_huffman_code_t bliss_huffman_code_1 = {
- .n_z1 = 8,
- .n_z2 = 2,
- .tuples = tuples,
- .nodes = nodes
-};
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Optimum Huffman code for BLISS-X signatures
- *
- * This file has been automatically generated by the bliss_huffman utility
- * Do not edit manually!
- */
-
-/*
- * Design: sigma = 250
- *
- * i p_z1[i]
- * 0 0.6941647250930416 0 .. 256
- * 1 0.2652752755116807 256 .. 512
- * 2 0.0384337021454129 512 .. 768
- * 3 0.0020842622589255 768 .. 1024
- * 4 0.0000417294572050 1024 .. 1280
- * 5 0.0000003047309681 1280 .. 1536
- * 6 0.0000000008027661 1536 .. 1760
- *
- * k p_z2[k] dx = 512
- * -3 0.0000001543959154 -1791.5 ..-1279.5
- * -2 0.0010701394583782 -1279.5 .. -767.5
- * -1 0.1523201563502276 -767.5 .. -255.5
- * 0 0.6932190995909575 -255.5 .. 255.5
- * 1 0.1523201563502276 255.5 .. 767.5
- * 2 0.0010701394583782 767.5 .. 1279.5
- * 3 0.0000001543959154 1279.5 .. 1791.5
- *
- * (i, k) p
- * (0,-3) 0.0000001071761982
- * (0,-2) 0.0007428530629363
- * (0,-1) 0.1057352794589848
- * (0, 0) 0.4812082456968029
- * (0, 1) 0.1057352794589848
- * (0, 2) 0.0007428530629363
- * (0, 3) 0.0000001071761982
- *
- * (1,-3) 0.0000000409574190
- * (1,-2) 0.0002838815396572
- * (1,-1) 0.0404067714417889
- * (1, 0) 0.1838938876339505
- * (1, 1) 0.0404067714417889
- * (1, 2) 0.0002838815396572
- * (1, 3) 0.0000000409574190
- *
- * (2,-3) 0.0000000059340066
- * (2,-2) 0.0000411294211974
- * (2,-1) 0.0058542275199074
- * (2, 0) 0.0266429763951902
- * (2, 1) 0.0058542275199074
- * (2, 2) 0.0000411294211974
- * (2, 3) 0.0000000059340066
- *
- * (3,-3) 0.0000000003218016
- * (3,-2) 0.0000022304512849
- * (3,-1) 0.0003174751531544
- * (3, 0) 0.0014448504064437
- * (3, 1) 0.0003174751531544
- * (3, 2) 0.0000022304512849
- * (3, 3) 0.0000000003218016
- *
- * (4,-3) 0.0000000000064429
- * (4,-2) 0.0000000446563387
- * (4,-1) 0.0000063562374459
- * (4, 0) 0.0000289276567501
- * (4, 1) 0.0000063562374459
- * (4, 2) 0.0000000446563387
- * (4, 3) 0.0000000000064429
- *
- * (5,-3) 0.0000000000000470
- * (5,-2) 0.0000000003261046
- * (5,-1) 0.0000000464166687
- * (5, 0) 0.0000002112453273
- * (5, 1) 0.0000000464166687
- * (5, 2) 0.0000000003261046
- * (5, 3) 0.0000000000000470
- *
- * (6,-3) 0.0000000000000001
- * (6,-2) 0.0000000000008591
- * (6,-1) 0.0000000001222775
- * (6, 0) 0.0000000005564928
- * (6, 1) 0.0000000001222775
- * (6, 2) 0.0000000000008591
- * (6, 3) 0.0000000000000001
- *
- * p_sum 0.9999999999999999
- *
- * entropy = 2.2879 bits/tuple (1171 bits)
- */
-
-#include "bliss_huffman_code.h"
-
-static bliss_huffman_code_node_t nodes[] = {
- { 1, 96, -1 }, /* 0: */
- { 2, 93, -1 }, /* 1: */
- { 3, 4, -1 }, /* 2: */
- { -1, -1, 10 }, /* 3: (1, 0) 3 bits */
- { 5, 8, -1 }, /* 4: */
- { 6, 7, -1 }, /* 5: */
- { -1, -1, 11 }, /* 6: (1, 1) 5 bits */
- { -1, -1, 9 }, /* 7: (1,-1) 5 bits */
- { 9, 10, -1 }, /* 8: */
- { -1, -1, 17 }, /* 9: (2, 0) 5 bits */
- { 11, 92, -1 }, /* 10: */
- { 12, 13, -1 }, /* 11: */
- { -1, -1, 16 }, /* 12: (2,-1) 7 bits */
- { 14, 89, -1 }, /* 13: */
- { 15, 16, -1 }, /* 14: */
- { -1, -1, 24 }, /* 15: (3, 0) 9 bits */
- { 17, 86, -1 }, /* 16: */
- { 18, 85, -1 }, /* 17: */
- { 19, 20, -1 }, /* 18: */
- { -1, -1, 8 }, /* 19: (1,-2) 12 bits */
- { 21, 84, -1 }, /* 20: */
- { 22, 53, -1 }, /* 21: */
- { 23, 38, -1 }, /* 22: */
- { 24, 31, -1 }, /* 23: */
- { 25, 28, -1 }, /* 24: */
- { 26, 27, -1 }, /* 25: */
- { -1, -1, 15 }, /* 26: (2,-2) 18 bits */
- { -1, -1, 31 }, /* 27: (4, 0) 18 bits */
- { 29, 30, -1 }, /* 28: */
- { -1, -1, 32 }, /* 29: (4, 1) 18 bits */
- { -1, -1, 30 }, /* 30: (4,-1) 18 bits */
- { 32, 35, -1 }, /* 31: */
- { 33, 34, -1 }, /* 32: */
- { -1, -1, 26 }, /* 33: (3, 2) 18 bits */
- { -1, -1, 22 }, /* 34: (3,-2) 18 bits */
- { 36, 37, -1 }, /* 35: */
- { -1, -1, 38 }, /* 36: (5, 0) 18 bits */
- { -1, -1, 6 }, /* 37: (0, 3) 18 bits */
- { 39, 46, -1 }, /* 38: */
- { 40, 43, -1 }, /* 39: */
- { 41, 42, -1 }, /* 40: */
- { -1, -1, 0 }, /* 41: (0,-3) 18 bits */
- { -1, -1, 39 }, /* 42: (5, 1) 18 bits */
- { 44, 45, -1 }, /* 43: */
- { -1, -1, 37 }, /* 44: (5,-1) 18 bits */
- { -1, -1, 33 }, /* 45: (4, 2) 18 bits */
- { 47, 50, -1 }, /* 46: */
- { 48, 49, -1 }, /* 47: */
- { -1, -1, 29 }, /* 48: (4,-2) 18 bits */
- { -1, -1, 13 }, /* 49: (1, 3) 18 bits */
- { 51, 52, -1 }, /* 50: */
- { -1, -1, 7 }, /* 51: (1,-3) 18 bits */
- { -1, -1, 20 }, /* 52: (2, 3) 18 bits */
- { 54, 69, -1 }, /* 53: */
- { 55, 62, -1 }, /* 54: */
- { 56, 59, -1 }, /* 55: */
- { 57, 58, -1 }, /* 56: */
- { -1, -1, 14 }, /* 57: (2,-3) 18 bits */
- { -1, -1, 45 }, /* 58: (6, 0) 18 bits */
- { 60, 61, -1 }, /* 59: */
- { -1, -1, 40 }, /* 60: (5, 2) 18 bits */
- { -1, -1, 36 }, /* 61: (5,-2) 18 bits */
- { 63, 66, -1 }, /* 62: */
- { 64, 65, -1 }, /* 63: */
- { -1, -1, 27 }, /* 64: (3, 3) 18 bits */
- { -1, -1, 21 }, /* 65: (3,-3) 18 bits */
- { 67, 68, -1 }, /* 66: */
- { -1, -1, 46 }, /* 67: (6, 1) 18 bits */
- { -1, -1, 44 }, /* 68: (6,-1) 18 bits */
- { 70, 77, -1 }, /* 69: */
- { 71, 74, -1 }, /* 70: */
- { 72, 73, -1 }, /* 71: */
- { -1, -1, 34 }, /* 72: (4, 3) 18 bits */
- { -1, -1, 28 }, /* 73: (4,-3) 18 bits */
- { 75, 76, -1 }, /* 74: */
- { -1, -1, 47 }, /* 75: (6, 2) 18 bits */
- { -1, -1, 43 }, /* 76: (6,-2) 18 bits */
- { 78, 81, -1 }, /* 77: */
- { 79, 80, -1 }, /* 78: */
- { -1, -1, 41 }, /* 79: (5, 3) 18 bits */
- { -1, -1, 35 }, /* 80: (5,-3) 18 bits */
- { 82, 83, -1 }, /* 81: */
- { -1, -1, 48 }, /* 82: (6, 3) 18 bits */
- { -1, -1, 42 }, /* 83: (6,-3) 18 bits */
- { -1, -1, 19 }, /* 84: (2, 2) 13 bits */
- { -1, -1, 25 }, /* 85: (3, 1) 11 bits */
- { 87, 88, -1 }, /* 86: */
- { -1, -1, 23 }, /* 87: (3,-1) 11 bits */
- { -1, -1, 12 }, /* 88: (1, 2) 11 bits */
- { 90, 91, -1 }, /* 89: */
- { -1, -1, 5 }, /* 90: (0, 2) 9 bits */
- { -1, -1, 1 }, /* 91: (0,-2) 9 bits */
- { -1, -1, 18 }, /* 92: (2, 1) 6 bits */
- { 94, 95, -1 }, /* 93: */
- { -1, -1, 4 }, /* 94: (0, 1) 3 bits */
- { -1, -1, 2 }, /* 95: (0,-1) 3 bits */
- { -1, -1, 3 }, /* 96: (0, 0) 1 bit */
-};
-
-static bliss_huffman_code_tuple_t tuples[] = {
- { 59976, 18 }, /* 0: (0,-3) 001110101001001000 */
- { 119, 9 }, /* 1: (0,-2) 001110111 */
- { 3, 3 }, /* 2: (0,-1) 011 */
- { 1, 1 }, /* 3: (0, 0) 1 */
- { 2, 3 }, /* 4: (0, 1) 010 */
- { 118, 9 }, /* 5: (0, 2) 001110110 */
- { 59975, 18 }, /* 6: (0, 3) 001110101001000111 */
-
- { 59982, 18 }, /* 7: (1,-3) 001110101001001110 */
- { 936, 12 }, /* 8: (1,-2) 001110101000 */
- { 5, 5 }, /* 9: (1,-1) 00101 */
- { 0, 3 }, /* 10: (1, 0) 000 */
- { 4, 5 }, /* 11: (1, 1) 00100 */
- { 471, 11 }, /* 12: (1, 2) 00111010111 */
- { 59981, 18 }, /* 13: (1, 3) 001110101001001101 */
-
- { 59984, 18 }, /* 14: (2,-3) 001110101001010000 */
- { 59968, 18 }, /* 15: (2,-2) 001110101001000000 */
- { 28, 7 }, /* 16: (2,-1) 0011100 */
- { 6, 5 }, /* 17: (2, 0) 00110 */
- { 15, 6 }, /* 18: (2, 1) 001111 */
- { 1875, 13 }, /* 19: (2, 2) 0011101010011 */
- { 59983, 18 }, /* 20: (2, 3) 001110101001001111 */
-
- { 59989, 18 }, /* 21: (3,-3) 001110101001010101 */
- { 59973, 18 }, /* 22: (3,-2) 001110101001000101 */
- { 470, 11 }, /* 23: (3,-1) 00111010110 */
- { 116, 9 }, /* 24: (3, 0) 001110100 */
- { 469, 11 }, /* 25: (3, 1) 00111010101 */
- { 59972, 18 }, /* 26: (3, 2) 001110101001000100 */
- { 59988, 18 }, /* 27: (3, 3) 001110101001010100 */
-
- { 59993, 18 }, /* 28: (4,-3) 001110101001011001 */
- { 59980, 18 }, /* 29: (4,-2) 001110101001001100 */
- { 59971, 18 }, /* 30: (4,-1) 001110101001000011 */
- { 59969, 18 }, /* 31: (4, 0) 001110101001000001 */
- { 59970, 18 }, /* 32: (4, 1) 001110101001000010 */
- { 59979, 18 }, /* 33: (4, 2) 001110101001001011 */
- { 59992, 18 }, /* 34: (4, 3) 001110101001011000 */
-
- { 59997, 18 }, /* 35: (5,-3) 001110101001011101 */
- { 59987, 18 }, /* 36: (5,-2) 001110101001010011 */
- { 59978, 18 }, /* 37: (5,-1) 001110101001001010 */
- { 59974, 18 }, /* 38: (5, 0) 001110101001000110 */
- { 59977, 18 }, /* 39: (5, 1) 001110101001001001 */
- { 59986, 18 }, /* 40: (5, 2) 001110101001010010 */
- { 59996, 18 }, /* 41: (5, 3) 001110101001011100 */
-
- { 59999, 18 }, /* 42: (6,-3) 001110101001011111 */
- { 59995, 18 }, /* 43: (6,-2) 001110101001011011 */
- { 59991, 18 }, /* 44: (6,-1) 001110101001010111 */
- { 59985, 18 }, /* 45: (6, 0) 001110101001010001 */
- { 59990, 18 }, /* 46: (6, 1) 001110101001010110 */
- { 59994, 18 }, /* 47: (6, 2) 001110101001011010 */
- { 59998, 18 }, /* 48: (6, 3) 001110101001011110 */
-};
-
-/* code_length = 2.3227 bits/tuple (1190 bits) */
-
-bliss_huffman_code_t bliss_huffman_code_3 = {
- .n_z1 = 7,
- .n_z2 = 4,
- .tuples = tuples,
- .nodes = nodes
-};
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Optimum Huffman code for BLISS-X signatures
- *
- * This file has been automatically generated by the bliss_huffman utility
- * Do not edit manually!
- */
-
-/*
- * Design: sigma = 271
- *
- * i p_z1[i]
- * 0 0.6551621276225426 0 .. 256
- * 1 0.2859860850630749 256 .. 512
- * 2 0.0542541135599810 512 .. 768
- * 3 0.0044399624814222 768 .. 1024
- * 4 0.0001553928373912 1024 .. 1280
- * 5 0.0000023066278552 1280 .. 1536
- * 6 0.0000000118077330 1536 .. 1613
- *
- * k p_z2[k] dx = 256
- * -6 0.0000001026458579 -1663.5 ..-1407.5
- * -5 0.0000106295703648 -1407.5 ..-1151.5
- * -4 0.0004651193817805 -1151.5 .. -895.5
- * -3 0.0086670703658387 -895.5 .. -639.5
- * -2 0.0693723939195647 -639.5 .. -383.5
- * -1 0.2404908493690626 -383.5 .. -127.5
- * 0 0.3619876694950614 -127.5 .. 127.5
- * 1 0.2404908493690626 127.5 .. 383.5
- * 2 0.0693723939195647 383.5 .. 639.5
- * 3 0.0086670703658387 639.5 .. 895.5
- * 4 0.0004651193817805 895.5 .. 1151.5
- * 5 0.0000106295703648 1151.5 .. 1407.5
- * 6 0.0000001026458579 1407.5 .. 1663.5
- *
- * (i, k) p
- * (0,-6) 0.0000000672496787
- * (0,-5) 0.0000069640919359
- * (0,-4) 0.0003047286037658
- * (0,-3) 0.0056783362611372
- * (0,-2) 0.0454501651986111
- * (0,-1) 0.1575604965463875
- * (0, 0) 0.2371606117195102
- * (0, 1) 0.1575604965463875
- * (0, 2) 0.0454501651986111
- * (0, 3) 0.0056783362611372
- * (0, 4) 0.0003047286037658
- * (0, 5) 0.0000069640919359
- * (0, 6) 0.0000000672496787
- *
- * (1,-6) 0.0000000293552870
- * (1,-5) 0.0000030399092145
- * (1,-4) 0.0001330176710824
- * (1,-3) 0.0024786615228924
- * (1,-2) 0.0198395393485098
- * (1,-1) 0.0687770365045519
- * (1, 0) 0.1035234364399989
- * (1, 1) 0.0687770365045519
- * (1, 2) 0.0198395393485098
- * (1, 3) 0.0024786615228924
- * (1, 4) 0.0001330176710824
- * (1, 5) 0.0000030399092145
- * (1, 6) 0.0000000293552870
- *
- * (2,-6) 0.0000000055689600
- * (2,-5) 0.0000005766979177
- * (2,-4) 0.0000252346397581
- * (2,-3) 0.0004702242198606
- * (2,-2) 0.0037637377376398
- * (2,-1) 0.0130476178518054
- * (2, 0) 0.0196393201280979
- * (2, 1) 0.0130476178518054
- * (2, 2) 0.0037637377376398
- * (2, 3) 0.0004702242198606
- * (2, 4) 0.0000252346397581
- * (2, 5) 0.0000005766979177
- * (2, 6) 0.0000000055689600
- *
- * (3,-6) 0.0000000004557438
- * (3,-5) 0.0000000471948936
- * (3,-4) 0.0000020651126045
- * (3,-3) 0.0000384814672482
- * (3,-2) 0.0003080108262493
- * (3,-1) 0.0010677703483240
- * (3, 0) 0.0016072116712955
- * (3, 1) 0.0010677703483240
- * (3, 2) 0.0003080108262493
- * (3, 3) 0.0000384814672482
- * (3, 4) 0.0000020651126045
- * (3, 5) 0.0000000471948936
- * (3, 6) 0.0000000004557438
- *
- * (4,-6) 0.0000000000159504
- * (4,-5) 0.0000000016517591
- * (4,-4) 0.0000000722762205
- * (4,-3) 0.0000013468006560
- * (4,-2) 0.0000107799731278
- * (4,-1) 0.0000373705554501
- * (4, 0) 0.0000562502910635
- * (4, 1) 0.0000373705554501
- * (4, 2) 0.0000107799731278
- * (4, 3) 0.0000013468006560
- * (4, 4) 0.0000000722762205
- * (4, 5) 0.0000000016517591
- * (4, 6) 0.0000000000159504
- *
- * (5,-6) 0.0000000000002368
- * (5,-5) 0.0000000000245185
- * (5,-4) 0.0000000010728573
- * (5,-3) 0.0000000199917059
- * (5,-2) 0.0000001600162962
- * (5,-1) 0.0000005547228921
- * (5, 0) 0.0000008349708417
- * (5, 1) 0.0000005547228921
- * (5, 2) 0.0000001600162962
- * (5, 3) 0.0000000199917059
- * (5, 4) 0.0000000010728573
- * (5, 5) 0.0000000000245185
- * (5, 6) 0.0000000000002368
- *
- * (6,-6) 0.0000000000000012
- * (6,-5) 0.0000000000001255
- * (6,-4) 0.0000000000054920
- * (6,-3) 0.0000000001023385
- * (6,-2) 0.0000000008191307
- * (6,-1) 0.0000000028396517
- * (6, 0) 0.0000000042742538
- * (6, 1) 0.0000000028396517
- * (6, 2) 0.0000000008191307
- * (6, 3) 0.0000000001023385
- * (6, 4) 0.0000000000054920
- * (6, 5) 0.0000000000001255
- * (6, 6) 0.0000000000000012
- *
- * p_sum 1.0000000000000011
- *
- * entropy = 3.3640 bits/tuple (1722 bits)
- */
-
-#include "bliss_huffman_code.h"
-
-static bliss_huffman_code_node_t nodes[] = {
- { 1, 160, -1 }, /* 0: */
- { 2, 5, -1 }, /* 1: */
- { 3, 4, -1 }, /* 2: */
- { -1, -1, 7 }, /* 3: (0, 1) 3 bits */
- { -1, -1, 5 }, /* 4: (0,-1) 3 bits */
- { 6, 157, -1 }, /* 5: */
- { 7, 156, -1 }, /* 6: */
- { 8, 11, -1 }, /* 7: */
- { 9, 10, -1 }, /* 8: */
- { -1, -1, 17 }, /* 9: (1,-2) 6 bits */
- { -1, -1, 32 }, /* 10: (2, 0) 6 bits */
- { 12, 155, -1 }, /* 11: */
- { 13, 18, -1 }, /* 12: */
- { 14, 15, -1 }, /* 13: */
- { -1, -1, 3 }, /* 14: (0,-3) 8 bits */
- { 16, 17, -1 }, /* 15: */
- { -1, -1, 22 }, /* 16: (1, 3) 9 bits */
- { -1, -1, 16 }, /* 17: (1,-3) 9 bits */
- { 19, 154, -1 }, /* 18: */
- { 20, 23, -1 }, /* 19: */
- { 21, 22, -1 }, /* 20: */
- { -1, -1, 46 }, /* 21: (3, 1) 10 bits */
- { -1, -1, 44 }, /* 22: (3,-1) 10 bits */
- { 24, 151, -1 }, /* 23: */
- { 25, 88, -1 }, /* 24: */
- { 26, 57, -1 }, /* 25: */
- { 27, 42, -1 }, /* 26: */
- { 28, 35, -1 }, /* 27: */
- { 29, 32, -1 }, /* 28: */
- { 30, 31, -1 }, /* 29: */
- { -1, -1, 2 }, /* 30: (0,-4) 16 bits */
- { -1, -1, 23 }, /* 31: (1, 4) 16 bits */
- { 33, 34, -1 }, /* 32: */
- { -1, -1, 15 }, /* 33: (1,-4) 16 bits */
- { -1, -1, 58 }, /* 34: (4, 0) 16 bits */
- { 36, 39, -1 }, /* 35: */
- { 37, 38, -1 }, /* 36: */
- { -1, -1, 48 }, /* 37: (3, 3) 16 bits */
- { -1, -1, 42 }, /* 38: (3,-3) 16 bits */
- { 40, 41, -1 }, /* 39: */
- { -1, -1, 59 }, /* 40: (4, 1) 16 bits */
- { -1, -1, 57 }, /* 41: (4,-1) 16 bits */
- { 43, 50, -1 }, /* 42: */
- { 44, 47, -1 }, /* 43: */
- { 45, 46, -1 }, /* 44: */
- { -1, -1, 36 }, /* 45: (2, 4) 16 bits */
- { -1, -1, 28 }, /* 46: (2,-4) 16 bits */
- { 48, 49, -1 }, /* 47: */
- { -1, -1, 60 }, /* 48: (4, 2) 16 bits */
- { -1, -1, 56 }, /* 49: (4,-2) 16 bits */
- { 51, 54, -1 }, /* 50: */
- { 52, 53, -1 }, /* 51: */
- { -1, -1, 11 }, /* 52: (0, 5) 16 bits */
- { -1, -1, 1 }, /* 53: (0,-5) 16 bits */
- { 55, 56, -1 }, /* 54: */
- { -1, -1, 24 }, /* 55: (1, 5) 16 bits */
- { -1, -1, 14 }, /* 56: (1,-5) 16 bits */
- { 58, 73, -1 }, /* 57: */
- { 59, 66, -1 }, /* 58: */
- { 60, 63, -1 }, /* 59: */
- { 61, 62, -1 }, /* 60: */
- { -1, -1, 49 }, /* 61: (3, 4) 16 bits */
- { -1, -1, 41 }, /* 62: (3,-4) 16 bits */
- { 64, 65, -1 }, /* 63: */
- { -1, -1, 61 }, /* 64: (4, 3) 16 bits */
- { -1, -1, 55 }, /* 65: (4,-3) 16 bits */
- { 67, 70, -1 }, /* 66: */
- { 68, 69, -1 }, /* 67: */
- { -1, -1, 71 }, /* 68: (5, 0) 16 bits */
- { -1, -1, 37 }, /* 69: (2, 5) 16 bits */
- { 71, 72, -1 }, /* 70: */
- { -1, -1, 27 }, /* 71: (2,-5) 16 bits */
- { -1, -1, 72 }, /* 72: (5, 1) 16 bits */
- { 74, 81, -1 }, /* 73: */
- { 75, 78, -1 }, /* 74: */
- { 76, 77, -1 }, /* 75: */
- { -1, -1, 70 }, /* 76: (5,-1) 16 bits */
- { -1, -1, 73 }, /* 77: (5, 2) 16 bits */
- { 79, 80, -1 }, /* 78: */
- { -1, -1, 69 }, /* 79: (5,-2) 16 bits */
- { -1, -1, 62 }, /* 80: (4, 4) 16 bits */
- { 82, 85, -1 }, /* 81: */
- { 83, 84, -1 }, /* 82: */
- { -1, -1, 54 }, /* 83: (4,-4) 16 bits */
- { -1, -1, 12 }, /* 84: (0, 6) 16 bits */
- { 86, 87, -1 }, /* 85: */
- { -1, -1, 0 }, /* 86: (0,-6) 16 bits */
- { -1, -1, 50 }, /* 87: (3, 5) 16 bits */
- { 89, 120, -1 }, /* 88: */
- { 90, 105, -1 }, /* 89: */
- { 91, 98, -1 }, /* 90: */
- { 92, 95, -1 }, /* 91: */
- { 93, 94, -1 }, /* 92: */
- { -1, -1, 40 }, /* 93: (3,-5) 16 bits */
- { -1, -1, 25 }, /* 94: (1, 6) 16 bits */
- { 96, 97, -1 }, /* 95: */
- { -1, -1, 13 }, /* 96: (1,-6) 16 bits */
- { -1, -1, 74 }, /* 97: (5, 3) 16 bits */
- { 99, 102, -1 }, /* 98: */
- { 100, 101, -1 }, /* 99: */
- { -1, -1, 68 }, /* 100: (5,-3) 16 bits */
- { -1, -1, 38 }, /* 101: (2, 6) 16 bits */
- { 103, 104, -1 }, /* 102: */
- { -1, -1, 26 }, /* 103: (2,-6) 16 bits */
- { -1, -1, 84 }, /* 104: (6, 0) 16 bits */
- { 106, 113, -1 }, /* 105: */
- { 107, 110, -1 }, /* 106: */
- { 108, 109, -1 }, /* 107: */
- { -1, -1, 85 }, /* 108: (6, 1) 16 bits */
- { -1, -1, 83 }, /* 109: (6,-1) 16 bits */
- { 111, 112, -1 }, /* 110: */
- { -1, -1, 63 }, /* 111: (4, 5) 16 bits */
- { -1, -1, 53 }, /* 112: (4,-5) 16 bits */
- { 114, 117, -1 }, /* 113: */
- { 115, 116, -1 }, /* 114: */
- { -1, -1, 75 }, /* 115: (5, 4) 16 bits */
- { -1, -1, 67 }, /* 116: (5,-4) 16 bits */
- { 118, 119, -1 }, /* 117: */
- { -1, -1, 86 }, /* 118: (6, 2) 16 bits */
- { -1, -1, 82 }, /* 119: (6,-2) 16 bits */
- { 121, 136, -1 }, /* 120: */
- { 122, 129, -1 }, /* 121: */
- { 123, 126, -1 }, /* 122: */
- { 124, 125, -1 }, /* 123: */
- { -1, -1, 51 }, /* 124: (3, 6) 16 bits */
- { -1, -1, 39 }, /* 125: (3,-6) 16 bits */
- { 127, 128, -1 }, /* 126: */
- { -1, -1, 87 }, /* 127: (6, 3) 16 bits */
- { -1, -1, 81 }, /* 128: (6,-3) 16 bits */
- { 130, 133, -1 }, /* 129: */
- { 131, 132, -1 }, /* 130: */
- { -1, -1, 76 }, /* 131: (5, 5) 16 bits */
- { -1, -1, 66 }, /* 132: (5,-5) 16 bits */
- { 134, 135, -1 }, /* 133: */
- { -1, -1, 64 }, /* 134: (4, 6) 16 bits */
- { -1, -1, 52 }, /* 135: (4,-6) 16 bits */
- { 137, 144, -1 }, /* 136: */
- { 138, 141, -1 }, /* 137: */
- { 139, 140, -1 }, /* 138: */
- { -1, -1, 88 }, /* 139: (6, 4) 16 bits */
- { -1, -1, 80 }, /* 140: (6,-4) 16 bits */
- { 142, 143, -1 }, /* 141: */
- { -1, -1, 77 }, /* 142: (5, 6) 16 bits */
- { -1, -1, 65 }, /* 143: (5,-6) 16 bits */
- { 145, 148, -1 }, /* 144: */
- { 146, 147, -1 }, /* 145: */
- { -1, -1, 89 }, /* 146: (6, 5) 16 bits */
- { -1, -1, 79 }, /* 147: (6,-5) 16 bits */
- { 149, 150, -1 }, /* 148: */
- { -1, -1, 90 }, /* 149: (6, 6) 16 bits */
- { -1, -1, 78 }, /* 150: (6,-6) 16 bits */
- { 152, 153, -1 }, /* 151: */
- { -1, -1, 29 }, /* 152: (2,-3) 11 bits */
- { -1, -1, 47 }, /* 153: (3, 2) 11 bits */
- { -1, -1, 34 }, /* 154: (2, 2) 8 bits */
- { -1, -1, 33 }, /* 155: (2, 1) 6 bits */
- { -1, -1, 20 }, /* 156: (1, 1) 4 bits */
- { 158, 159, -1 }, /* 157: */
- { -1, -1, 18 }, /* 158: (1,-1) 4 bits */
- { -1, -1, 8 }, /* 159: (0, 2) 4 bits */
- { 161, 162, -1 }, /* 160: */
- { -1, -1, 6 }, /* 161: (0, 0) 2 bits */
- { 163, 164, -1 }, /* 162: */
- { -1, -1, 19 }, /* 163: (1, 0) 3 bits */
- { 165, 166, -1 }, /* 164: */
- { -1, -1, 4 }, /* 165: (0,-2) 4 bits */
- { 167, 180, -1 }, /* 166: */
- { 168, 169, -1 }, /* 167: */
- { -1, -1, 31 }, /* 168: (2,-1) 6 bits */
- { 170, 179, -1 }, /* 169: */
- { 171, 172, -1 }, /* 170: */
- { -1, -1, 30 }, /* 171: (2,-2) 8 bits */
- { 173, 174, -1 }, /* 172: */
- { -1, -1, 45 }, /* 173: (3, 0) 9 bits */
- { 175, 178, -1 }, /* 174: */
- { 176, 177, -1 }, /* 175: */
- { -1, -1, 43 }, /* 176: (3,-2) 11 bits */
- { -1, -1, 10 }, /* 177: (0, 4) 11 bits */
- { -1, -1, 35 }, /* 178: (2, 3) 10 bits */
- { -1, -1, 9 }, /* 179: (0, 3) 7 bits */
- { -1, -1, 21 }, /* 180: (1, 2) 5 bits */
-};
-
-static bliss_huffman_code_tuple_t tuples[] = {
- { 19102, 16 }, /* 0: (0,-6) 0100101010011110 */
- { 19085, 16 }, /* 1: (0,-5) 0100101010001101 */
- { 19072, 16 }, /* 2: (0,-4) 0100101010000000 */
- { 72, 8 }, /* 3: (0,-3) 01001000 */
- { 14, 4 }, /* 4: (0,-2) 1110 */
- { 1, 3 }, /* 5: (0,-1) 001 */
- { 2, 2 }, /* 6: (0, 0) 10 */
- { 0, 3 }, /* 7: (0, 1) 000 */
- { 7, 4 }, /* 8: (0, 2) 0111 */
- { 123, 7 }, /* 9: (0, 3) 1111011 */
- { 1965, 11 }, /* 10: (0, 4) 11110101101 */
- { 19084, 16 }, /* 11: (0, 5) 0100101010001100 */
- { 19101, 16 }, /* 12: (0, 6) 0100101010011101 */
-
- { 19106, 16 }, /* 13: (1,-6) 0100101010100010 */
- { 19087, 16 }, /* 14: (1,-5) 0100101010001111 */
- { 19074, 16 }, /* 15: (1,-4) 0100101010000010 */
- { 147, 9 }, /* 16: (1,-3) 010010011 */
- { 16, 6 }, /* 17: (1,-2) 010000 */
- { 6, 4 }, /* 18: (1,-1) 0110 */
- { 6, 3 }, /* 19: (1, 0) 110 */
- { 5, 4 }, /* 20: (1, 1) 0101 */
- { 31, 5 }, /* 21: (1, 2) 11111 */
- { 146, 9 }, /* 22: (1, 3) 010010010 */
- { 19073, 16 }, /* 23: (1, 4) 0100101010000001 */
- { 19086, 16 }, /* 24: (1, 5) 0100101010001110 */
- { 19105, 16 }, /* 25: (1, 6) 0100101010100001 */
-
- { 19110, 16 }, /* 26: (2,-6) 0100101010100110 */
- { 19094, 16 }, /* 27: (2,-5) 0100101010010110 */
- { 19081, 16 }, /* 28: (2,-4) 0100101010001001 */
- { 598, 11 }, /* 29: (2,-3) 01001010110 */
- { 244, 8 }, /* 30: (2,-2) 11110100 */
- { 60, 6 }, /* 31: (2,-1) 111100 */
- { 17, 6 }, /* 32: (2, 0) 010001 */
- { 19, 6 }, /* 33: (2, 1) 010011 */
- { 75, 8 }, /* 34: (2, 2) 01001011 */
- { 983, 10 }, /* 35: (2, 3) 1111010111 */
- { 19080, 16 }, /* 36: (2, 4) 0100101010001000 */
- { 19093, 16 }, /* 37: (2, 5) 0100101010010101 */
- { 19109, 16 }, /* 38: (2, 6) 0100101010100101 */
-
- { 19121, 16 }, /* 39: (3,-6) 0100101010110001 */
- { 19104, 16 }, /* 40: (3,-5) 0100101010100000 */
- { 19089, 16 }, /* 41: (3,-4) 0100101010010001 */
- { 19077, 16 }, /* 42: (3,-3) 0100101010000101 */
- { 1964, 11 }, /* 43: (3,-2) 11110101100 */
- { 297, 10 }, /* 44: (3,-1) 0100101001 */
- { 490, 9 }, /* 45: (3, 0) 111101010 */
- { 296, 10 }, /* 46: (3, 1) 0100101000 */
- { 599, 11 }, /* 47: (3, 2) 01001010111 */
- { 19076, 16 }, /* 48: (3, 3) 0100101010000100 */
- { 19088, 16 }, /* 49: (3, 4) 0100101010010000 */
- { 19103, 16 }, /* 50: (3, 5) 0100101010011111 */
- { 19120, 16 }, /* 51: (3, 6) 0100101010110000 */
-
- { 19127, 16 }, /* 52: (4,-6) 0100101010110111 */
- { 19115, 16 }, /* 53: (4,-5) 0100101010101011 */
- { 19100, 16 }, /* 54: (4,-4) 0100101010011100 */
- { 19091, 16 }, /* 55: (4,-3) 0100101010010011 */
- { 19083, 16 }, /* 56: (4,-2) 0100101010001011 */
- { 19079, 16 }, /* 57: (4,-1) 0100101010000111 */
- { 19075, 16 }, /* 58: (4, 0) 0100101010000011 */
- { 19078, 16 }, /* 59: (4, 1) 0100101010000110 */
- { 19082, 16 }, /* 60: (4, 2) 0100101010001010 */
- { 19090, 16 }, /* 61: (4, 3) 0100101010010010 */
- { 19099, 16 }, /* 62: (4, 4) 0100101010011011 */
- { 19114, 16 }, /* 63: (4, 5) 0100101010101010 */
- { 19126, 16 }, /* 64: (4, 6) 0100101010110110 */
-
- { 19131, 16 }, /* 65: (5,-6) 0100101010111011 */
- { 19125, 16 }, /* 66: (5,-5) 0100101010110101 */
- { 19117, 16 }, /* 67: (5,-4) 0100101010101101 */
- { 19108, 16 }, /* 68: (5,-3) 0100101010100100 */
- { 19098, 16 }, /* 69: (5,-2) 0100101010011010 */
- { 19096, 16 }, /* 70: (5,-1) 0100101010011000 */
- { 19092, 16 }, /* 71: (5, 0) 0100101010010100 */
- { 19095, 16 }, /* 72: (5, 1) 0100101010010111 */
- { 19097, 16 }, /* 73: (5, 2) 0100101010011001 */
- { 19107, 16 }, /* 74: (5, 3) 0100101010100011 */
- { 19116, 16 }, /* 75: (5, 4) 0100101010101100 */
- { 19124, 16 }, /* 76: (5, 5) 0100101010110100 */
- { 19130, 16 }, /* 77: (5, 6) 0100101010111010 */
-
- { 19135, 16 }, /* 78: (6,-6) 0100101010111111 */
- { 19133, 16 }, /* 79: (6,-5) 0100101010111101 */
- { 19129, 16 }, /* 80: (6,-4) 0100101010111001 */
- { 19123, 16 }, /* 81: (6,-3) 0100101010110011 */
- { 19119, 16 }, /* 82: (6,-2) 0100101010101111 */
- { 19113, 16 }, /* 83: (6,-1) 0100101010101001 */
- { 19111, 16 }, /* 84: (6, 0) 0100101010100111 */
- { 19112, 16 }, /* 85: (6, 1) 0100101010101000 */
- { 19118, 16 }, /* 86: (6, 2) 0100101010101110 */
- { 19122, 16 }, /* 87: (6, 3) 0100101010110010 */
- { 19128, 16 }, /* 88: (6, 4) 0100101010111000 */
- { 19132, 16 }, /* 89: (6, 5) 0100101010111100 */
- { 19134, 16 }, /* 90: (6, 6) 0100101010111110 */
-};
-
-/* code_length = 3.3967 bits/tuple (1740 bits) */
-
-bliss_huffman_code_t bliss_huffman_code_4 = {
- .n_z1 = 7,
- .n_z2 = 7,
- .tuples = tuples,
- .nodes = nodes
-};
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_huffman_coder.h"
-
-typedef struct private_bliss_huffman_coder_t private_bliss_huffman_coder_t;
-
-/**
- * Private data structure for bliss_huffman_coder_t object
- */
-struct private_bliss_huffman_coder_t {
- /**
- * Public interface.
- */
- bliss_huffman_coder_t public;
-
- /**
- * Bitpacker to write to or read from
- */
- bliss_bitpacker_t *packer;
-
- /**
- * Huffman code table to be used
- */
- bliss_huffman_code_t *code;
-
- /**
- * Maximum index into tuples table
- */
- int index_max;
-
- /**
- * Number of encoded or decoded bits
- */
- size_t bits;
-
-};
-
-METHOD(bliss_huffman_coder_t, get_bits, size_t,
- private_bliss_huffman_coder_t *this)
-{
- return this->bits;
-}
-
-METHOD(bliss_huffman_coder_t, encode, bool,
- private_bliss_huffman_coder_t *this, int32_t z1, int16_t z2)
-{
- uint32_t code;
- uint16_t bits;
- int index;
-
- index = z1 * (2*this->code->n_z2 - 1) + z2 + this->code->n_z2 - 1;
- if (index >= this->index_max)
- {
- DBG1(DBG_LIB, "index exceeded in Huffman encoding table");
- return FALSE;
- }
- code = this->code->tuples[index].code;
- bits = this->code->tuples[index].bits;
- if (!this->packer->write_bits(this->packer, code, bits))
- {
- DBG1(DBG_LIB, "bitpacker exceeded its buffer");
- return FALSE;
- }
- this->bits += bits;
-
- return TRUE;
-}
-
-METHOD(bliss_huffman_coder_t, decode, bool,
- private_bliss_huffman_coder_t *this, int32_t *z1, int16_t *z2)
-{
- bliss_huffman_code_node_t *node;
- uint32_t bit;
-
- node = this->code->nodes;
- while (node->tuple == BLISS_HUFFMAN_CODE_NO_TUPLE)
- {
- if (node->node_0 == BLISS_HUFFMAN_CODE_NO_NODE ||
- node->node_1 == BLISS_HUFFMAN_CODE_NO_NODE)
- {
- DBG1(DBG_LIB, "error in Huffman decoding table");
- return FALSE;
- }
- if (!this->packer->read_bits(this->packer, &bit, 1))
- {
- DBG1(DBG_LIB, "bitpacker depleted its buffer");
- return FALSE;
- }
- node = &this->code->nodes[bit ? node->node_1 : node->node_0];
- this->bits++;
- }
- *z1 = node->tuple / (2*this->code->n_z2 - 1);
- *z2 = node->tuple - (2*this->code->n_z2 - 1) * (*z1) - this->code->n_z2 + 1;
-
- return TRUE;
-}
-
-METHOD(bliss_huffman_coder_t, destroy, void,
- private_bliss_huffman_coder_t *this)
-{
- free(this);
-}
-
-/**
- * See header.
- */
-bliss_huffman_coder_t *bliss_huffman_coder_create(bliss_huffman_code_t *code,
- bliss_bitpacker_t *packer)
-{
- private_bliss_huffman_coder_t *this;
-
- INIT(this,
- .public = {
- .get_bits = _get_bits,
- .encode = _encode,
- .decode = _decode,
- .destroy = _destroy,
- },
- .packer = packer,
- .code = code,
- .index_max = (2*code->n_z2 - 1) * code->n_z1,
- );
-
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_huffman_coder bliss_huffman_coder
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_HUFFMAN_CODER_H_
-#define BLISS_HUFFMAN_CODER_H_
-
-#include "bliss_huffman_code.h"
-#include "bliss_bitpacker.h"
-
-#include <library.h>
-
-typedef struct bliss_huffman_coder_t bliss_huffman_coder_t;
-
-/**
- * Encodes and decodes binary Huffman codes
- */
-struct bliss_huffman_coder_t {
-
- /**
- * Get number of encoded or decoded bits
- *
- * @result Number of bits
- */
- size_t (*get_bits)(bliss_huffman_coder_t *this);
-
- /**
- * Encode a (z1, z2) tuple using a Huffman code
- *
- * @param z1 z1 value to be encoded
- * @param z2 z2 value to be encoded
- * @result TRUE if value could be encoded
- */
- bool (*encode)(bliss_huffman_coder_t *this, int32_t z1, int16_t z2);
-
-
- /**
- * Decode a (z1, z2) tuple using a Huffman code
- *
- * @param z1 Decoded z1 value returned
- * @param z2 Decoded z2 value returned
- * @result TRUE if value could be decoded from bitpacker
- */
- bool (*decode)(bliss_huffman_coder_t *this, int32_t *z1, int16_t *z2);
-
- /**
- * Destroy bliss_huffman_coder_t object
- */
- void (*destroy)(bliss_huffman_coder_t *this);
-};
-
-/**
- * Create a bliss_huffman_coder_t object
- *
- * @param code Huffman code table
- * @param packer Bitpacker to write to or read from
- */
-bliss_huffman_coder_t* bliss_huffman_coder_create(bliss_huffman_code_t *code,
- bliss_bitpacker_t *packer);
-
-#endif /** BLISS_HUFFMAN_CODER_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_param_set.h"
-
-#include <asn1/oid.h>
-
-ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV,
- "BLISS-I",
- "BLISS-II",
- "BLISS-III",
- "BLISS-IV",
- "BLISS-B-I",
- "BLISS-B-II",
- "BLISS-B-III",
- "BLISS-B-IV"
-);
-
-/**
- * sigma = 215, k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] = 254
- *
- * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 93'076.9
- */
-static const uint8_t c_bliss_i[] = {
- 255, 255, 75, 191, 247, 94, 30, 51, 147, 246, 89, 59, 99, 248, 26, 128,
- 255, 254, 151, 128, 109, 166, 88, 143, 30, 175, 149, 20, 240, 81, 138, 111,
- 255, 253, 47, 2, 214, 243, 188, 76, 236, 235, 40, 62, 54, 35, 33, 205,
- 255, 250, 94, 13, 156, 120, 121, 216, 255, 120, 90, 11, 39, 232, 120, 111,
- 255, 244, 188, 58, 242, 219, 157, 174, 6, 31, 131, 75, 88, 109, 112, 107,
- 255, 233, 120, 244, 202, 151, 25, 10, 197, 109, 113, 255, 157, 89, 182, 141,
- 255, 210, 243, 229, 18, 88, 50, 239, 130, 192, 12, 167, 62, 254, 211, 202,
- 255, 165, 239, 183, 102, 186, 123, 249, 251, 59, 116, 143, 50, 174, 125, 198,
- 255, 75, 255, 30, 65, 137, 228, 148, 14, 17, 113, 251, 81, 177, 151, 168,
- 254, 152, 124, 205, 192, 136, 102, 79, 5, 62, 214, 95, 36, 223, 7, 20,
- 253, 50, 242, 124, 187, 59, 68, 224, 90, 156, 53, 202, 9, 44, 191, 226,
- 250, 109, 189, 110, 40, 124, 88, 12, 83, 78, 176, 86, 12, 102, 13, 41,
- 244, 250, 133, 6, 3, 13, 45, 9, 120, 121, 150, 237, 69, 190, 62, 16,
- 234, 110, 130, 187, 138, 174, 82, 229, 217, 154, 88, 138, 228, 153, 230, 13,
- 214, 174, 54, 179, 117, 116, 223, 152, 97, 84, 31, 99, 68, 150, 122, 244,
- 180, 7, 186, 2, 112, 3, 68, 13, 123, 133, 244, 184, 232, 216, 133, 18,
- 126, 154, 221, 207, 32, 206, 66, 171, 94, 100, 164, 194, 117, 191, 1, 209,
- 62, 156, 208, 7, 129, 173, 200, 3, 23, 248, 140, 60, 69, 217, 195, 235,
- 15, 80, 84, 209, 213, 2, 107, 160, 1, 152, 43, 130, 93, 95, 241, 218,
- 0, 234, 131, 37, 182, 53, 201, 231, 26, 2, 151, 161, 13, 214, 150, 145,
- 0, 0, 214, 212, 4, 32, 184, 94, 84, 90, 244, 139, 48, 69, 33, 38
-};
-
-/**
- * sigma = 250, k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] = 295
- *
- * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 125'550.5
- */
-static const uint8_t c_bliss_iii[] = {
- 255, 255, 122, 95, 16, 128, 14, 195, 60, 90, 166, 191, 205, 26, 144, 204,
- 255, 254, 244, 190, 102, 192, 187, 141, 169, 92, 33, 30, 170, 141, 184, 56,
- 255, 253, 233, 125, 228, 131, 93, 148, 121, 92, 52, 122, 149, 96, 29, 66,
- 255, 251, 211, 0, 37, 9, 199, 244, 213, 217, 122, 205, 171, 200, 198, 5,
- 255, 247, 166, 17, 185, 251, 90, 150, 1, 28, 7, 205, 125, 46, 84, 201,
- 255, 239, 76, 105, 50, 114, 159, 235, 215, 165, 204, 182, 125, 143, 228, 222,
- 255, 222, 153, 233, 85, 187, 45, 204, 236, 229, 38, 180, 20, 161, 7, 167,
- 255, 189, 56, 46, 38, 4, 83, 8, 151, 137, 136, 1, 9, 180, 58, 204,
- 255, 122, 129, 199, 240, 52, 248, 193, 76, 26, 160, 32, 195, 250, 217, 25,
- 254, 245, 73, 44, 68, 229, 150, 74, 228, 74, 124, 249, 123, 94, 108, 127,
- 253, 235, 168, 56, 252, 93, 188, 160, 249, 137, 236, 65, 62, 182, 153, 63,
- 251, 219, 163, 110, 233, 251, 114, 216, 230, 35, 59, 210, 107, 100, 184, 16,
- 247, 200, 110, 236, 134, 237, 213, 111, 240, 149, 109, 22, 216, 213, 237, 145,
- 239, 212, 98, 249, 238, 1, 227, 248, 242, 51, 211, 134, 154, 115, 189, 83,
- 224, 174, 65, 2, 190, 158, 9, 6, 184, 13, 130, 104, 247, 102, 38, 160,
- 197, 49, 104, 97, 61, 210, 19, 115, 208, 54, 91, 27, 209, 227, 33, 26,
- 151, 229, 20, 46, 200, 238, 35, 134, 72, 183, 253, 160, 193, 155, 117, 103,
- 90, 32, 10, 204, 78, 83, 191, 230, 0, 221, 219, 6, 43, 252, 185, 95,
- 31, 186, 139, 154, 90, 155, 17, 9, 42, 139, 40, 111, 246, 175, 4, 15,
- 3, 238, 181, 190, 138, 94, 50, 234, 128, 193, 95, 36, 65, 236, 170, 208,
- 0, 15, 118, 216, 230, 142, 121, 211, 13, 168, 207, 126, 145, 176, 24, 201
-};
-
-/**
- * sigma = 271, k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] = 320
- *
- * c[i] = exp(-2^i/f), i = 0..21, with f = k_sigma^2 / ln 2 = 147'732.0
- */
-static const uint8_t c_bliss_iv[] = {
- 255, 255, 142, 111, 102, 2, 141, 87, 150, 42, 18, 70, 6, 224, 18, 70,
- 255, 255, 28, 222, 254, 102, 20, 78, 133, 78, 189, 107, 29, 7, 23, 193,
- 255, 254, 57, 190, 198, 79, 181, 181, 108, 75, 142, 145, 45, 238, 193, 29,
- 255, 252, 115, 128, 178, 170, 212, 166, 120, 157, 85, 96, 209, 180, 211, 83,
- 255, 248, 231, 13, 253, 108, 245, 46, 238, 155, 30, 99, 141, 228, 149, 239,
- 255, 241, 206, 78, 90, 132, 83, 172, 228, 179, 119, 115, 240, 51, 216, 6,
- 255, 227, 157, 102, 46, 28, 61, 128, 58, 114, 174, 136, 8, 224, 133, 84,
- 255, 199, 61, 242, 19, 216, 133, 241, 240, 22, 146, 43, 92, 57, 82, 248,
- 255, 142, 136, 121, 160, 225, 119, 214, 241, 44, 159, 34, 133, 118, 96, 60,
- 255, 29, 67, 61, 254, 49, 27, 152, 48, 124, 184, 87, 66, 214, 63, 133,
- 254, 59, 79, 77, 206, 26, 238, 42, 69, 81, 191, 149, 146, 76, 255, 232,
- 252, 121, 191, 28, 11, 107, 141, 223, 234, 42, 226, 50, 138, 102, 16, 97,
- 248, 255, 234, 37, 109, 169, 103, 25, 240, 109, 93, 165, 177, 22, 133, 100,
- 242, 48, 213, 124, 209, 49, 33, 48, 57, 237, 202, 62, 102, 132, 219, 48,
- 229, 32, 92, 240, 188, 88, 70, 34, 179, 94, 244, 70, 25, 123, 76, 140,
- 205, 18, 234, 94, 14, 226, 237, 76, 192, 18, 240, 50, 79, 63, 34, 96,
- 164, 71, 76, 192, 111, 161, 157, 188, 19, 189, 133, 246, 67, 127, 6, 28,
- 105, 107, 110, 50, 56, 199, 208, 174, 16, 95, 153, 106, 217, 198, 194, 179,
- 43, 105, 77, 122, 127, 254, 146, 221, 44, 235, 61, 22, 179, 9, 113, 118,
- 7, 92, 139, 87, 204, 239, 111, 200, 41, 129, 122, 49, 69, 113, 122, 239,
- 0, 54, 49, 19, 64, 40, 218, 222, 60, 82, 186, 246, 64, 155, 184, 47,
- 0, 0, 11, 120, 189, 135, 113, 62, 143, 175, 118, 239, 190, 120, 189, 250
-};
-
-/**
- * BLISS signature parameter set definitions
- */
-static const bliss_param_set_t bliss_param_sets[] = {
-
- /* BLISS-I scheme */
- {
- .id = BLISS_I,
- .oid = OID_BLISS_I,
- .strength = 128,
- .q = 12289,
- .q_bits = 14,
- .q2_inv = 6145,
- .n = 512,
- .n_bits = 9,
- .fft_params = &ntt_fft_12289_512,
- .non_zero1 = 154,
- .non_zero2 = 0,
- .kappa = 23,
- .nks_max = 46479,
- .p_max = 0, /* not needed */
- .sigma = 215,
- .k_sigma = 254,
- .k_sigma_bits = 8,
- .c = c_bliss_i,
- .c_cols = 16,
- .c_rows = 21,
- .z1_bits = 12,
- .d = 10,
- .p = 24,
- .M = 46539, /* with alpha = 1.000 */
- .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
- .B_l2 = 12872 * 12872
- },
-
- /* BLISS-III scheme */
- {
- .id = BLISS_III,
- .oid = OID_BLISS_III,
- .strength = 160,
- .q = 12289,
- .q_bits = 14,
- .q2_inv = 6145,
- .n = 512,
- .n_bits = 9,
- .fft_params = &ntt_fft_12289_512,
- .non_zero1 = 216,
- .non_zero2 = 16,
- .kappa = 30,
- .nks_max = 128626,
- .p_max = 0, /* not needed */
- .sigma = 250,
- .k_sigma = 295,
- .k_sigma_bits = 9,
- .c = c_bliss_iii,
- .c_cols = 16,
- .c_rows = 21,
- .z1_bits = 12,
- .d = 9,
- .p = 48,
- .M = 128113, /* with alpha = 0.700 */
- .B_inf = 1760,
- .B_l2 = 10206 * 10206
- },
-
- /* BLISS-IV scheme */
- {
- .id = BLISS_IV,
- .oid = OID_BLISS_IV,
- .strength = 192,
- .q = 12289,
- .q_bits = 14,
- .q2_inv = 6145,
- .n = 512,
- .n_bits = 9,
- .fft_params = &ntt_fft_12289_512,
- .non_zero1 = 231,
- .non_zero2 = 31,
- .kappa = 39,
- .nks_max = 244669,
- .p_max = 0, /* not needed */
- .sigma = 271,
- .k_sigma = 320,
- .k_sigma_bits = 9,
- .c = c_bliss_iv,
- .c_cols = 16,
- .c_rows = 22,
- .z1_bits = 12,
- .d = 8,
- .p = 96,
- .M = 244186, /* with alpha = 0.550 */
- .B_inf = 1613,
- .B_l2 = 9901 * 9901
- },
-
- /* BLISS-B-I scheme */
- {
- .id = BLISS_B_I,
- .oid = OID_BLISS_B_I,
- .strength = 128,
- .q = 12289,
- .q_bits = 14,
- .q2_inv = 6145,
- .n = 512,
- .n_bits = 9,
- .fft_params = &ntt_fft_12289_512,
- .non_zero1 = 154,
- .non_zero2 = 0,
- .kappa = 23,
- .nks_max = 0, /* not needed */
- .p_max = 17825,
- .sigma = 215,
- .k_sigma = 254,
- .k_sigma_bits = 8,
- .c = c_bliss_i,
- .c_cols = 16,
- .c_rows = 21,
- .z1_bits = 12,
- .d = 10,
- .p = 24,
- .M = 17954, /* with alpha = 1.610 */
- .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
- .B_l2 = 12872 * 12872
- },
-
- /* BLISS-B-III scheme */
- {
- .id = BLISS_B_III,
- .oid = OID_BLISS_B_III,
- .strength = 160,
- .q = 12289,
- .q_bits = 14,
- .q2_inv = 6145,
- .n = 512,
- .n_bits = 9,
- .fft_params = &ntt_fft_12289_512,
- .non_zero1 = 216,
- .non_zero2 = 16,
- .kappa = 30,
- .nks_max = 0, /* not needed */
- .p_max = 42270,
- .sigma = 250,
- .k_sigma = 295,
- .k_sigma_bits = 9,
- .c = c_bliss_iii,
- .c_cols = 16,
- .c_rows = 21,
- .z1_bits = 12,
- .d = 9,
- .p = 48,
- .M = 42455, /* with alpha = 1.216 */
- .B_inf = 1760,
- .B_l2 = 10206 * 10206
- },
-
- /* BLISS-B-IV scheme */
- {
- .id = BLISS_B_IV,
- .oid = OID_BLISS_B_IV,
- .strength = 192,
- .q = 12289,
- .q_bits = 14,
- .q2_inv = 6145,
- .n = 512,
- .n_bits = 9,
- .fft_params = &ntt_fft_12289_512,
- .non_zero1 = 231,
- .non_zero2 = 31,
- .kappa = 39,
- .nks_max = 0, /* not needed */
- .p_max = 69576,
- .sigma = 271,
- .k_sigma = 320,
- .k_sigma_bits = 9,
- .c = c_bliss_iv,
- .c_cols = 16,
- .c_rows = 22,
- .z1_bits = 12,
- .d = 8,
- .p = 96,
- .M = 70034, /* with alpha = 1.027 */
- .B_inf = 1613,
- .B_l2 = 9901 * 9901
- }
-
-};
-
-/**
- * See header.
- */
-const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
-{
- int i;
-
- for (i = 0; i < countof(bliss_param_sets); i++)
- {
- if (bliss_param_sets[i].id == id)
- {
- return &bliss_param_sets[i];
- }
- }
- return NULL;
-}
-
-
-/**
- * See header.
- */
-const bliss_param_set_t* bliss_param_set_get_by_oid(int oid)
-{
- int i;
-
- for (i = 0; i < countof(bliss_param_sets); i++)
- {
- if (bliss_param_sets[i].oid == oid)
- {
- return &bliss_param_sets[i];
- }
- }
- return NULL;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_param_set bliss_param_set
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_PARAM_SET_H_
-#define BLISS_PARAM_SET_H_
-
-typedef enum bliss_param_set_id_t bliss_param_set_id_t;
-typedef struct bliss_param_set_t bliss_param_set_t;
-
-#include "ntt_fft_params.h"
-#include "bliss_huffman_code.h"
-
-#include <library.h>
-
-/**
- * BLISS signature parameter set ID list
- */
-enum bliss_param_set_id_t {
- BLISS_I = 1,
- BLISS_II = 2,
- BLISS_III = 3,
- BLISS_IV = 4,
- BLISS_B_I = 5,
- BLISS_B_II = 6,
- BLISS_B_III = 7,
- BLISS_B_IV = 8
-};
-
-extern enum_name_t *bliss_param_set_id_names;
-
-/**
- * BLISS
- */
-struct bliss_param_set_t {
-
- /**
- * BLISS parameter set ID
- */
- const bliss_param_set_id_t id;
-
- /**
- * BLISS parameter set OID
- */
- const int oid;
-
- /**
- * Security strength in bits
- */
- const uint16_t strength;
-
- /**
- * Prime modulus
- */
- const uint16_t q;
-
- /**
- * Number of bits in q
- */
- const uint16_t q_bits;
-
- /**
- * Inverse of (q + 2) mod 2q
- */
- const uint16_t q2_inv;
-
- /**
- * Ring dimension equal to the number of polynomial coefficients
- */
- const uint16_t n;
-
- /**
- * Number of bits in n
- */
- const uint16_t n_bits;
-
- /**
- * FFT parameters
- */
- const ntt_fft_params_t *fft_params;
-
- /**
- * Number of [-1, +1] secret key coefficients
- */
- const uint16_t non_zero1;
-
- /**
- * Number of [-2, +2] secret key coefficients
- */
- const uint16_t non_zero2;
-
- /**
- * Number of secret key terms that go into Nk(S) norm
- */
- const uint16_t kappa;
-
- /**
- * Maximum Nk(S) tolerable NK(S) norm (BLISS only)
- */
- const uint32_t nks_max;
-
- /**
- * Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only)
- */
- const uint32_t p_max;
-
- /**
- * Standard deviation sigma
- */
- const uint16_t sigma;
-
- /**
- * k_sigma = ceiling[ sqrt(2*ln 2) * sigma ]
- */
- const uint16_t k_sigma;
-
- /**
- * Number of bits in k_sigma
- */
- const uint16_t k_sigma_bits;
-
- /**
- * Coefficients for Bernoulli sampling with exponential biases
- */
- const uint8_t *c;
-
- /**
- * Number of columns in Bernoulli coefficient table
- */
- const size_t c_cols;
-
- /**
- * Number of rows in Bernoulli coefficient table
- */
- const size_t c_rows;
-
- /**
- * Number of bits in z1
- */
- const uint16_t z1_bits;
-
- /**
- * Number of z2 bits to be dropped after rounding
- */
- const uint16_t d;
-
- /**
- * Modulus p = floor(2q / 2^d) applied after bit dropping
- */
- const uint16_t p;
-
- /**
- * M = sigma^2 / alpha_rejection^2
- */
- const uint32_t M;
-
- /**
- * B_infinity bound
- */
- const uint16_t B_inf;
-
- /**
- * B_verify bound
- */
- const uint32_t B_l2;
-
-};
-
-/**
- * Get BLISS signature parameter set by BLISS parameter set ID
- *
- * @param id BLISS parameter set ID
- * @return BLISS parameter set
-*/
-const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
-
-/**
- * Get BLISS signature parameter set by BLISS parameter set OID
- *
- * @param oid BLISS parameter set OID
- * @return BLISS parameter set
-*/
-const bliss_param_set_t* bliss_param_set_get_by_oid(int oid);
-
-#endif /** BLISS_PARAM_SET_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_plugin.h"
-#include "bliss_private_key.h"
-#include "bliss_public_key.h"
-
-#include <library.h>
-
-typedef struct private_bliss_plugin_t private_bliss_plugin_t;
-
-/**
- * private data of bliss_plugin
- */
-struct private_bliss_plugin_t {
-
- /**
- * public functions
- */
- bliss_plugin_t public;
-};
-
-METHOD(plugin_t, get_name, char*,
- private_bliss_plugin_t *this)
-{
- return "bliss";
-}
-
-METHOD(plugin_t, get_features, int,
- private_bliss_plugin_t *this, plugin_feature_t *features[])
-{
- static plugin_feature_t f[] = {
- /* private/public keys */
- PLUGIN_REGISTER(PRIVKEY, bliss_private_key_load, TRUE),
- PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS),
- PLUGIN_REGISTER(PRIVKEY, bliss_private_key_load, TRUE),
- PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
- PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE),
- PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS),
- PLUGIN_DEPENDS(RNG, RNG_TRUE),
- PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1),
- PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256),
- PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
- PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
- PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
- PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
- /* signature schemes, private */
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
- PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
- PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
- PLUGIN_DEPENDS(HASHER, HASH_SHA512),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
- PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
- PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
- PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- /* signature verification schemes */
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
- PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
- PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
- PLUGIN_DEPENDS(HASHER, HASH_SHA512),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
- PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
- PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
- PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
- PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
- };
- *features = f;
-
- return countof(f);
-}
-
-METHOD(plugin_t, destroy, void,
- private_bliss_plugin_t *this)
-{
- free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *bliss_plugin_create()
-{
- private_bliss_plugin_t *this;
-
- INIT(this,
- .public = {
- .plugin = {
- .get_name = _get_name,
- .get_features = _get_features,
- .destroy = _destroy,
- },
- },
- );
-
- return &this->public.plugin;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_p bliss
- * @ingroup plugins
- *
- * @defgroup bliss_plugin bliss_plugin
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_PLUGIN_H_
-#define BLISS_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct bliss_plugin_t bliss_plugin_t;
-
-/**
- * Plugin implementing the BLISS post-quantum authentication algorithm
- */
-struct bliss_plugin_t {
-
- /**
- * implements plugin interface
- */
- plugin_t plugin;
-};
-
-#endif /** BLISS_PLUGIN_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_private_key.h"
-#include "bliss_public_key.h"
-#include "bliss_param_set.h"
-#include "bliss_utils.h"
-#include "bliss_sampler.h"
-#include "bliss_signature.h"
-#include "bliss_bitpacker.h"
-#include "ntt_fft.h"
-#include "ntt_fft_reduce.h"
-
-#include <crypto/xofs/xof_bitspender.h>
-#include <asn1/asn1.h>
-#include <asn1/asn1_parser.h>
-#include <asn1/oid.h>
-
-#define _GNU_SOURCE
-#include <stdlib.h>
-
-typedef struct private_bliss_private_key_t private_bliss_private_key_t;
-
-#define SECRET_KEY_TRIALS_MAX 50
-
-/**
- * Private data of a bliss_private_key_t object.
- */
-struct private_bliss_private_key_t {
- /**
- * Public interface for this signer.
- */
- bliss_private_key_t public;
-
- /**
- * BLISS signature parameter set
- */
- const bliss_param_set_t *set;
-
- /**
- * BLISS secret key S1 (coefficients of polynomial f)
- */
- int8_t *s1;
-
- /**
- * BLISS secret key S2 (coefficients of polynomial 2g + 1)
- */
- int8_t *s2;
-
- /**
- * NTT of BLISS public key a (coefficients of polynomial (2g + 1)/f)
- */
- uint32_t *A;
-
- /**
- * NTT of BLISS public key in Montgomery representation Ar = rA mod
- */
- uint32_t *Ar;
-
- /**
- * reference count
- */
- refcount_t ref;
-};
-
-METHOD(private_key_t, get_type, key_type_t,
- private_bliss_private_key_t *this)
-{
- return KEY_BLISS;
-}
-
-/**
- * Multiply secret vector s with binary challenge vector c
- */
-static void multiply_by_c(int8_t *s, int n, uint16_t *c_indices,
- uint16_t kappa, int32_t *product)
-{
- int i, j, index;
-
- for (i = 0; i < n; i++)
- {
- product[i] = 0;
-
- for (j = 0; j < kappa; j++)
- {
- index = c_indices[j];
- if (i - index < 0)
- {
- product[i] -= s[i - index + n];
- }
- else
- {
- product[i] += s[i - index];
- }
- }
- }
-}
-
-/**
- * BLISS-B GreedySC algorithm
- */
-static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices,
- uint16_t kappa, int32_t *v1, int32_t *v2)
-{
- int i, j, index;
- int32_t sign;
-
- for (i = 0; i < n; i++)
- {
- v1[i] = v2[i] = 0;
- }
- for (j = 0; j < kappa; j++)
- {
- index = c_indices[j];
- sign = 0;
-
- for (i = 0; i < index; i++)
- {
- sign -= (v1[i] * s1[i - index + n] + v2[i] * s2[i - index + n]);
- }
- for (i = index; i < n; i++)
- {
- sign += (v1[i] * s1[i - index] + v2[i] * s2[i - index]);
- }
- for (i = 0; i < index; i++)
- {
- if (sign > 0)
- {
- v1[i] += s1[i - index + n];
- v2[i] += s2[i - index + n];
- }
- else
- {
- v1[i] -= s1[i - index + n];
- v2[i] -= s2[i - index + n];
- }
- }
- for (i = index; i < n; i++)
- {
- if (sign > 0)
- {
- v1[i] -= s1[i - index];
- v2[i] -= s2[i - index];
- }
- else
- {
- v1[i] += s1[i - index];
- v2[i] += s2[i - index];
- }
- }
- }
-}
-
-/**
- * Compute a BLISS signature
- */
-static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
- chunk_t data, chunk_t *signature)
-{
- ntt_fft_t *fft;
- bliss_signature_t *sig;
- bliss_sampler_t *sampler = NULL;
- rng_t *rng;
- hasher_t *hasher;
- ext_out_function_t mgf1_alg, oracle_alg;
- size_t mgf1_seed_len;
- uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512];
- chunk_t mgf1_seed, data_hash;
- uint16_t q, q2, p, p2, *c_indices, tests = 0;
- uint32_t *ay;
- int32_t *y1, *y2, *z1, *z2, *u, *s1c, *s2c;
- int32_t y1_min = 0, y1i, y1_max = 0, y2_min = 0, y2i, y2_max = 0;
- int32_t scalar, norm, ui;
- int16_t *ud, *uz2d, *z2d, value;
- int i, n;
- double mean1 = 0, mean2 = 0, sigma1 DBG_UNUSED = 0, sigma2 DBG_UNUSED = 0;
- bool accepted, positive, success = FALSE, use_bliss_b;
-
- /* Initialize signature */
- *signature = chunk_empty;
-
- /* Create data hash using configurable hash algorithm */
- hasher = lib->crypto->create_hasher(lib->crypto, alg);
- if (!hasher)
- {
- return FALSE;
- }
- data_hash = chunk_create(data_hash_buf, hasher->get_hash_size(hasher));
-
- if (!hasher->get_hash(hasher, data, data_hash_buf))
- {
- hasher->destroy(hasher);
- return FALSE;
- }
- hasher->destroy(hasher);
-
- /* Set MGF1 hash algorithm and seed length based on security strength */
- if (this->set->strength > 160)
- {
- mgf1_alg = XOF_MGF1_SHA256;
- mgf1_seed_len = HASH_SIZE_SHA256;
- }
- else
- {
- mgf1_alg = XOF_MGF1_SHA1;
- mgf1_seed_len = HASH_SIZE_SHA1;
- }
- mgf1_seed = chunk_create(mgf1_seed_buf, mgf1_seed_len);
-
- rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
- if (!rng)
- {
- return FALSE;
- }
-
- /* MGF1 hash algorithm to be used for random oracle */
- oracle_alg = XOF_MGF1_SHA512;
-
- /* Initialize a couple of needed variables */
- n = this->set->n;
- q = this->set->q;
- p = this->set->p;
- q2 = 2 * q;
- p2 = p / 2;
- ay = malloc(n * sizeof(uint32_t));
- z2 = malloc(n * sizeof(int32_t));
- s1c = malloc(n * sizeof(int32_t));
- s2c = malloc(n * sizeof(int32_t));
- u = malloc(n * sizeof(int32_t));
- uz2d = malloc(n * sizeof(int16_t));
-
- sig = bliss_signature_create(this->set);
- sig->get_parameters(sig, &z1, &z2d, &c_indices);
- y1 = z1;
- y2 = z2;
- ud = z2d;
-
- fft = ntt_fft_create(this->set->fft_params);
-
- /* Use of the enhanced BLISS-B signature algorithm? */
- switch (this->set->id)
- {
- default:
- case BLISS_I:
- case BLISS_II:
- case BLISS_III:
- case BLISS_IV:
- use_bliss_b = FALSE;
- break;
- case BLISS_B_I:
- case BLISS_B_II:
- case BLISS_B_III:
- case BLISS_B_IV:
- use_bliss_b = TRUE;
- break;
- }
-
- while (true)
- {
- tests++;
-
- if (!rng->get_bytes(rng, mgf1_seed_len, mgf1_seed_buf))
- {
- goto end;
- }
- DESTROY_IF(sampler);
-
- sampler = bliss_sampler_create(mgf1_alg, mgf1_seed, this->set);
- if (!sampler)
- {
- goto end;
- }
-
- /* Gaussian sampling for vectors y1 and y2 */
- for (i = 0; i < n; i++)
- {
- if (!sampler->gaussian(sampler, &y1i) ||
- !sampler->gaussian(sampler, &y2i))
- {
- goto end;
- }
- y1[i] = y1i;
- y2[i] = y2i;
-
- /* Collect statistical data on rejection sampling */
- if (i == 0)
- {
- y1_min = y1_max = y1i;
- y2_min = y2_max = y2i;
- }
- else
- {
- if (y1i < y1_min)
- {
- y1_min = y1i;
- }
- else if (y1i > y1_max)
- {
- y1_max = y1i;
- }
- if (y2i < y2_min)
- {
- y2_min = y2i;
- }
- else if (y2i > y2_max)
- {
- y2_max = y2i;
- }
- }
- mean1 += y1i;
- mean2 += y2i;
- sigma1 += y1i * y1i;
- sigma2 += y2i * y2i;
-
- ay[i] = y1i < 0 ? q + y1i : y1i;
- }
-
- /* Compute statistics on vectors y1 and y2 */
- mean1 /= n;
- mean2 /= n;
- sigma1 /= n;
- sigma2 /= n;
- sigma2 -= mean1 * mean1;
- sigma2 -= mean2 * mean2;
- DBG2(DBG_LIB, "y1 = %d..%d (sigma2 = %5.0f, mean = %4.1f)",
- y1_min, y1_max, sigma1, mean1);
- DBG2(DBG_LIB, "y2 = %d..%d (sigma2 = %5.0f, mean = %4.1f)",
- y2_min, y2_max, sigma2, mean2);
-
- fft->transform(fft, ay, ay, FALSE);
-
- for (i = 0; i < n; i++)
- {
- ay[i] = ntt_fft_mreduce(this->Ar[i] * ay[i], this->set->fft_params);
- }
- fft->transform(fft, ay, ay, TRUE);
-
- for (i = 0; i < n; i++)
- {
- ui = 2 * this->set->q2_inv * (int32_t)ay[i] + y2[i];
- u[i] = ((ui < 0) ? q2 + ui : ui) % q2;
- }
- bliss_utils_round_and_drop(this->set, u, ud);
-
- /* Detailed debugging information */
- DBG3(DBG_LIB, " i u[i] ud[i]");
- for (i = 0; i < n; i++)
- {
- DBG3(DBG_LIB, "%3d %6d %4d", i, u[i], ud[i]);
- }
-
- if (!bliss_utils_generate_c(oracle_alg, data_hash, ud, this->set,
- c_indices))
- {
- goto end;
- }
-
- if (use_bliss_b)
- {
- /* Compute v = (s1c, s2c) with the GreedySC algorithm */
- greedy_sc(this->s1, this->s2, n, c_indices, this->set->kappa,
- s1c, s2c);
-
- /* Compute norm = ||v||^2 = ||Sc'||^2 */
- norm = bliss_utils_scalar_product(s1c, s1c, n) +
- bliss_utils_scalar_product(s2c, s2c, n);
-
- /* Just in case. ||v||^2 <= P_max should always be fulfilled */
- if (norm > this->set->p_max)
- {
- goto end;
- }
- }
- else
- {
- /* Compute s*c */
- multiply_by_c(this->s1, n, c_indices, this->set->kappa, s1c);
- multiply_by_c(this->s2, n, c_indices, this->set->kappa, s2c);
-
- /* Compute norm = |Sc||^2 */
- norm = bliss_utils_scalar_product(s1c, s1c, n) +
- bliss_utils_scalar_product(s2c, s2c, n);
- }
-
- if (!sampler->bernoulli_exp(sampler, this->set->M - norm, &accepted))
- {
- goto end;
- }
- if (use_bliss_b)
- {
- DBG2(DBG_LIB, "norm2(s1*c') + norm2(s2*c') = %u (%u max), %s",
- norm, this->set->p_max, accepted ? "accepted" : "rejected");
-
- }
- else
- {
- DBG2(DBG_LIB, "norm2(s1*c) + norm2(s2*c) = %u, %s",
- norm, accepted ? "accepted" : "rejected");
- }
- if (!accepted)
- {
- continue;
- }
-
- /* Compute z */
- if (!sampler->sign(sampler, &positive))
- {
- goto end;
- }
- for (i = 0; i < n; i++)
- {
- if (positive)
- {
- z1[i] = y1[i] + s1c[i];
- z2[i] = y2[i] + s2c[i];
- }
- else
- {
- z1[i] = y1[i] - s1c[i];
- z2[i] = y2[i] - s2c[i];
- }
- }
- /* Reject with probability 1/cosh(scalar/sigma^2) */
- scalar = bliss_utils_scalar_product(z1, s1c, n) +
- bliss_utils_scalar_product(z2, s2c, n);
-
- if (!sampler->bernoulli_cosh(sampler, scalar, &accepted))
- {
- goto end;
- }
- DBG2(DBG_LIB, "scalar(z1,s1*c) + scalar(z2,s2*c) = %d, %s",
- scalar, accepted ? "accepted" : "rejected");
- if (!accepted)
- {
- continue;
- }
-
- /* Compute z2 with dropped bits */
- for (i = 0; i < n; i++)
- {
- u[i] -= z2[i];
- if (u[i] < 0)
- {
- u[i] += q2;
- }
- else if (u[i] >= q2)
- {
- u[i] -= q2;
- }
- }
- bliss_utils_round_and_drop(this->set, u, uz2d);
-
- for (i = 0; i < n; i++)
- {
- value = ud[i] - uz2d[i];
- if (value <= -p2)
- {
- value += p;
- }
- else if (value > p2)
- {
- value -= p;
- }
- z2d[i] = value;
- }
-
- if (!bliss_utils_check_norms(this->set, z1, z2d))
- {
- continue;
- }
-
- *signature = sig->get_encoding(sig);
- if (signature->len == 0)
- {
- DBG1(DBG_LIB, "inefficient Huffman coding of signature");
- continue;
- }
- DBG2(DBG_LIB, "signature generation needed %u round%s", tests,
- (tests == 1) ? "" : "s");
- break;
- }
- success = TRUE;
-
-end:
- /* cleanup */
- DESTROY_IF(sampler);
- sig->destroy(sig);
- fft->destroy(fft);
- rng->destroy(rng);
- memwipe(s1c, n * sizeof(int32_t));
- memwipe(s2c, n * sizeof(int32_t));
- free(s1c);
- free(s2c);
- free(ay);
- free(z2);
- free(u);
- free(uz2d);
-
- return success;
-}
-
-METHOD(private_key_t, sign, bool,
- private_bliss_private_key_t *this, signature_scheme_t scheme, void *params,
- chunk_t data, chunk_t *signature)
-{
- switch (scheme)
- {
- case SIGN_BLISS_WITH_SHA2_256:
- return sign_bliss(this, HASH_SHA256, data, signature);
- case SIGN_BLISS_WITH_SHA2_384:
- return sign_bliss(this, HASH_SHA384, data, signature);
- case SIGN_BLISS_WITH_SHA2_512:
- return sign_bliss(this, HASH_SHA512, data, signature);
- case SIGN_BLISS_WITH_SHA3_256:
- return sign_bliss(this, HASH_SHA3_256, data, signature);
- case SIGN_BLISS_WITH_SHA3_384:
- return sign_bliss(this, HASH_SHA3_384, data, signature);
- case SIGN_BLISS_WITH_SHA3_512:
- return sign_bliss(this, HASH_SHA3_512, data, signature);
- default:
- DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
- signature_scheme_names, scheme);
- return FALSE;
- }
-}
-
-METHOD(private_key_t, decrypt, bool,
- private_bliss_private_key_t *this, encryption_scheme_t scheme,
- void *params, chunk_t crypto, chunk_t *plain)
-{
- DBG1(DBG_LIB, "encryption scheme %N not supported",
- encryption_scheme_names, scheme);
- return FALSE;
-}
-
-METHOD(private_key_t, get_keysize, int,
- private_bliss_private_key_t *this)
-{
- return this->set->strength;
-}
-
-METHOD(private_key_t, get_public_key, public_key_t*,
- private_bliss_private_key_t *this)
-{
- public_key_t *public;
- chunk_t pubkey;
-
- pubkey = bliss_public_key_info_encode(this->set->oid, this->A, this->set);
- public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_BLISS,
- BUILD_BLOB_ASN1_DER, pubkey, BUILD_END);
- free(pubkey.ptr);
-
- return public;
-}
-
-METHOD(private_key_t, get_encoding, bool,
- private_bliss_private_key_t *this, cred_encoding_type_t type,
- chunk_t *encoding)
-{
- switch (type)
- {
- case PRIVKEY_ASN1_DER:
- case PRIVKEY_PEM:
- {
- chunk_t s1, s2, pubkey;
- bliss_bitpacker_t *packer;
- size_t s_bits;
- int8_t value;
- bool success = TRUE;
- int i;
-
- pubkey = bliss_public_key_encode(this->A, this->set);
-
- /* Use either 2 or 3 bits per array element */
- s_bits = 2 + (this->set->non_zero2 > 0);
-
- /* Encode secret s1 */
- packer = bliss_bitpacker_create(s_bits * this->set->n);
- for (i = 0; i < this->set->n; i++)
- {
- packer->write_bits(packer, this->s1[i], s_bits);
- }
- s1 = packer->extract_buf(packer);
- packer->destroy(packer);
-
- /* Encode secret s2 */
- packer = bliss_bitpacker_create(s_bits * this->set->n);
- for (i = 0; i < this->set->n; i++)
- {
- value = this->s2[i];
- if (i == 0)
- {
- value -= 1;
- }
- value /= 2;
- packer->write_bits(packer, value, s_bits);
- }
- s2 = packer->extract_buf(packer);
- packer->destroy(packer);
-
- *encoding = asn1_wrap(ASN1_SEQUENCE, "mmss",
- asn1_build_known_oid(this->set->oid),
- asn1_bitstring("m", pubkey),
- asn1_bitstring("m", s1),
- asn1_bitstring("m", s2)
- );
- if (type == PRIVKEY_PEM)
- {
- chunk_t asn1_encoding = *encoding;
-
- success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM,
- NULL, encoding, CRED_PART_BLISS_PRIV_ASN1_DER,
- asn1_encoding, CRED_PART_END);
- chunk_clear(&asn1_encoding);
- }
- return success;
- }
- default:
- return FALSE;
- }
-}
-
-METHOD(private_key_t, get_fingerprint, bool,
- private_bliss_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
-{
- bool success;
-
- if (lib->encoding->get_cache(lib->encoding, type, this, fp))
- {
- return TRUE;
- }
- success = bliss_public_key_fingerprint(this->set->oid, this->A,
- this->set, type, fp);
- if (success)
- {
- lib->encoding->cache(lib->encoding, type, this, fp);
- }
- return success;
-}
-
-METHOD(private_key_t, get_ref, private_key_t*,
- private_bliss_private_key_t *this)
-{
- ref_get(&this->ref);
- return &this->public.key;
-}
-
-METHOD(private_key_t, destroy, void,
- private_bliss_private_key_t *this)
-{
- if (ref_put(&this->ref))
- {
- lib->encoding->clear_cache(lib->encoding, this);
- if (this->s1)
- {
- memwipe(this->s1, this->set->n * sizeof(int8_t));
- free(this->s1);
- }
- if (this->s2)
- {
- memwipe(this->s2, this->set->n * sizeof(int8_t));
- free(this->s2);
- }
- free(this->A);
- free(this->Ar);
- free(this);
- }
-}
-
-/**
- * Internal generic constructor
- */
-static private_bliss_private_key_t *bliss_private_key_create_empty(void)
-{
- private_bliss_private_key_t *this;
-
- INIT(this,
- .public = {
- .key = {
- .get_type = _get_type,
- .sign = _sign,
- .decrypt = _decrypt,
- .get_keysize = _get_keysize,
- .get_public_key = _get_public_key,
- .equals = private_key_equals,
- .belongs_to = private_key_belongs_to,
- .get_fingerprint = _get_fingerprint,
- .has_fingerprint = private_key_has_fingerprint,
- .get_encoding = _get_encoding,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .ref = 1,
- );
- return this;
-}
-
-/**
- * Compute the scalar product of a vector x with a negative wrapped vector y
- */
-static int16_t wrapped_product(int8_t *x, int8_t *y, int n, int shift)
-{
- int16_t product = 0;
- int i;
-
- for (i = 0; i < n - shift; i++)
- {
- product += x[i] * y[i + shift];
- }
- for (i = n - shift; i < n; i++)
- {
- product -= x[i] * y[i + shift - n];
- }
- return product;
-}
-
-/**
- * Apply a negative wrapped rotation to a vector x
- */
-static void wrap(int16_t *x, int n, int shift, int16_t *x_wrapped)
-{
- int i;
-
- for (i = 0; i < n - shift; i++)
- {
- x_wrapped[i + shift] = x[i];
- }
- for (i = n - shift; i < n; i++)
- {
- x_wrapped[i + shift - n] = -x[i];
- }
-}
-
-/**
- * int16_t compare function needed for qsort()
- */
-static int compare(const int16_t *a, const int16_t *b)
-{
- int16_t temp = *a - *b;
-
- if (temp > 0)
- {
- return 1;
- }
- else if (temp < 0)
- {
- return -1;
- }
- else
- {
- return 0;
- }
-}
-
-/**
- * Compute the Nk(S) norm of S = (s1, s2)
- */
-static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa)
-{
- int16_t t[n], t_wrapped[n], max_kappa[n];
- uint32_t nks = 0;
- int i, j;
-
- for (i = 0; i < n; i++)
- {
- t[i] = wrapped_product(s1, s1, n, i) + wrapped_product(s2, s2, n, i);
- }
-
- for (i = 0; i < n; i++)
- {
- wrap(t, n, i, t_wrapped);
- qsort(t_wrapped, n, sizeof(int16_t), (void*)compare);
- max_kappa[i] = 0;
-
- for (j = 1; j <= kappa; j++)
- {
- max_kappa[i] += t_wrapped[n - j];
- }
- }
- qsort(max_kappa, n, sizeof(int16_t), (void*)compare);
-
- for (i = 1; i <= kappa; i++)
- {
- nks += max_kappa[n - i];
- }
- return nks;
-}
-
-/**
- * Compute the inverse x1 of x modulo q as x^(-1) = x^(q-2) mod q
- */
-static uint32_t invert(private_bliss_private_key_t *this, uint32_t x)
-{
- uint32_t x1, x2;
- uint16_t q2;
- int i, i_max;
-
- q2 = this->set->q - 2;
- x1 = (q2 & 1) ? x : 1;
- x2 = x;
- i_max = 15;
-
- while ((q2 & (1 << i_max)) == 0)
- {
- i_max--;
- }
- for (i = 1; i <= i_max; i++)
- {
- x2 = ntt_fft_mreduce(x2 * x2, this->set->fft_params);
-
- if (q2 & (1 << i))
- {
- x1 = ntt_fft_mreduce(x1 * x2, this->set->fft_params);
- }
- }
-
- return x1;
-}
-
-/**
- * Create a vector with sparse and small coefficients from seed
- */
-static int8_t* create_vector_from_seed(private_bliss_private_key_t *this,
- ext_out_function_t alg, chunk_t seed)
-{
- xof_bitspender_t *bitspender;
- uint32_t index, sign;
- int8_t *vector;
- int non_zero;
-
- bitspender = xof_bitspender_create(alg, seed, FALSE);
- if (!bitspender)
- {
- return NULL;
- }
-
- vector = malloc(sizeof(int8_t) * this->set->n);
- memset(vector, 0x00, this->set->n);
-
- non_zero = this->set->non_zero1;
- while (non_zero)
- {
- if (!bitspender->get_bits(bitspender, this->set->n_bits, &index))
- {
- free(vector);
- return NULL;
- }
- if (vector[index] != 0)
- {
- continue;
- }
-
- if (!bitspender->get_bits(bitspender, 1, &sign))
- {
- free(vector);
- return NULL;
- }
- vector[index] = sign ? 1 : -1;
- non_zero--;
- }
-
- non_zero = this->set->non_zero2;
- while (non_zero)
- {
- if (!bitspender->get_bits(bitspender, this->set->n_bits, &index))
- {
- free(vector);
- return NULL;
- }
- if (vector[index] != 0)
- {
- continue;
- }
-
- if (!bitspender->get_bits(bitspender, 1, &sign))
- {
- free(vector);
- return NULL;
- }
- vector[index] = sign ? 2 : -2;
- non_zero--;
- }
- bitspender->destroy(bitspender);
-
- return vector;
-}
-
-/**
- * Generate the secret key S = (s1, s2) fulfilling the Nk(S) norm
- */
-static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
- int8_t **s1, int8_t **s2, int *trials)
-{
- uint8_t seed_buf[32];
- uint8_t *f, *g;
- uint32_t l2_norm DBG_UNUSED, nks;
- int i, n;
- chunk_t seed;
- size_t seed_len;
- ext_out_function_t alg;
-
- n = this->set->n;
- *s1 = NULL;
- *s2 = NULL;
-
- /* Set MGF1 hash algorithm and seed length based on security strength */
- if (this->set->strength > 160)
- {
- alg = XOF_MGF1_SHA256;
- seed_len = HASH_SIZE_SHA256;
- }
- else
- {
- alg = XOF_MGF1_SHA1;
- seed_len = HASH_SIZE_SHA1;
- }
- seed = chunk_create(seed_buf, seed_len);
-
- while (*trials < SECRET_KEY_TRIALS_MAX)
- {
- (*trials)++;
-
- if (!rng->get_bytes(rng, seed_len, seed_buf))
- {
- return FALSE;
- }
- f = create_vector_from_seed(this, alg, seed);
- if (f == NULL)
- {
- return FALSE;
- }
- if (!rng->get_bytes(rng, seed_len, seed_buf))
- {
- free(f);
- return FALSE;
- }
- g = create_vector_from_seed(this, alg, seed);
- if (g == NULL)
- {
- free(f);
- return FALSE;
- }
-
- /* Compute 2g + 1 */
- for (i = 0; i < n; i++)
- {
- g[i] *= 2;
- }
- g[0] += 1;
-
- l2_norm = wrapped_product(f, f, n, 0) + wrapped_product(g, g, n, 0);
- nks = nks_norm(f, g, n, this->set->kappa);
-
- switch (this->set->id)
- {
- case BLISS_I:
- case BLISS_II:
- case BLISS_III:
- case BLISS_IV:
- DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u (%u max)",
- l2_norm, nks, this->set->nks_max);
- if (nks < this->set->nks_max)
- {
- *s1 = f;
- *s2 = g;
- return TRUE;
- }
- free(f);
- free(g);
- break;
- case BLISS_B_I:
- case BLISS_B_II:
- case BLISS_B_III:
- case BLISS_B_IV:
- DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u",
- l2_norm, nks);
- *s1 = f;
- *s2 = g;
- return TRUE;
- }
- }
-
- return FALSE;
-}
-
-/**
- * See header.
- */
-bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
-{
- private_bliss_private_key_t *this;
- u_int key_size = BLISS_B_I;
- int i, n, trials = 0;
- uint32_t *S1, *S2, *a;
- uint16_t q;
- bool success = FALSE;
- const bliss_param_set_t *set;
- ntt_fft_t *fft;
- rng_t *rng;
-
- while (TRUE)
- {
- switch (va_arg(args, builder_part_t))
- {
- case BUILD_KEY_SIZE:
- key_size = va_arg(args, u_int);
- continue;
- case BUILD_END:
- break;
- default:
- return NULL;
- }
- break;
- }
-
- if (lib->settings->get_bool(lib->settings, "%s.plugins.bliss.use_bliss_b",
- TRUE, lib->ns))
- {
- switch (key_size)
- {
- case BLISS_I:
- key_size = BLISS_B_I;
- break;
- case BLISS_II:
- key_size = BLISS_B_II;
- break;
- case BLISS_III:
- key_size = BLISS_B_III;
- break;
- case BLISS_IV:
- key_size = BLISS_B_IV;
- break;
- default:
- break;
- }
- }
-
- /* Only BLISS or BLISS-B types I, III, or IV are currently supported */
- set = bliss_param_set_get_by_id(key_size);
- if (!set)
- {
- DBG1(DBG_LIB, "BLISS parameter set %u not supported", key_size);
- return NULL;
- }
-
- /* Some shortcuts for often used variables */
- n = set->n;
- q = set->q;
-
- if (set->fft_params->n != n || set->fft_params->q != q)
- {
- DBG1(DBG_LIB, "FFT parameters do not match BLISS parameters");
- return NULL;
- }
- this = bliss_private_key_create_empty();
- this->set = set;
-
- /* We derive the public key from the private key using the FFT */
- fft = ntt_fft_create(set->fft_params);
-
- /* Some vectors needed to derive the public key */
- S1 = malloc(n * sizeof(uint32_t));
- S2 = malloc(n * sizeof(uint32_t));
- a = malloc(n * sizeof(uint32_t));
- this->A = malloc(n * sizeof(uint32_t));
- this->Ar = malloc(n * sizeof(uint32_t));
-
- /* Instantiate a true random generator */
- rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
-
- /* Loop until we have an invertible polynomial s1 */
- do
- {
- if (!create_secret(this, rng, &this->s1, &this->s2, &trials))
- {
- break;
- }
-
- /* Convert signed arrays to unsigned arrays before FFT */
- for (i = 0; i < n; i++)
- {
- S1[i] = (this->s1[i] < 0) ? this->s1[i] + q : this->s1[i];
- S2[i] = (this->s2[i] > 0) ? q - this->s2[i] : -this->s2[i];
- }
- fft->transform(fft, S1, S1, FALSE);
- fft->transform(fft, S2, S2, FALSE);
-
- success = TRUE;
-
- for (i = 0; i < n; i++)
- {
- if (S1[i] == 0)
- {
- DBG1(DBG_LIB, "S1[%d] is zero - s1 is not invertible", i);
- free(this->s1);
- free(this->s2);
- this->s1 = NULL;
- this->s2 = NULL;
- success = FALSE;
- break;
- }
- this->Ar[i] = invert(this, S1[i]);
- this->Ar[i] = ntt_fft_mreduce(S2[i] * this->Ar[i], set->fft_params);
- this->A[i] = ntt_fft_mreduce(this->Ar[i], set->fft_params);
- }
- }
- while (!success && trials < SECRET_KEY_TRIALS_MAX);
-
- DBG1(DBG_LIB, "secret key generation %s after %d trial%s",
- success ? "succeeded" : "failed", trials, (trials == 1) ? "" : "s");
-
- if (success)
- {
- fft->transform(fft, this->Ar, a, TRUE);
-
- DBG4(DBG_LIB, " i f g a F G A");
- for (i = 0; i < n; i++)
- {
- DBG4(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u",
- i, this->s1[i], this->s2[i],
- ntt_fft_mreduce(a[i], set->fft_params),
- S1[i], S2[i], this->A[i]);
- }
- }
- else
- {
- destroy(this);
- }
-
- /* Cleanup */
- fft->destroy(fft);
- rng->destroy(rng);
- memwipe(S1, n * sizeof(uint32_t));
- memwipe(S2, n * sizeof(uint32_t));
- free(S1);
- free(S2);
- free(a);
-
- return success ? &this->public : NULL;
-}
-
-/**
- * ASN.1 definition of a BLISS private key
- */
-static const asn1Object_t privkeyObjects[] = {
- { 0, "BLISSPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "keyType", ASN1_OID, ASN1_BODY }, /* 1 */
- { 1, "public", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */
- { 1, "secret1", ASN1_BIT_STRING, ASN1_BODY }, /* 3 */
- { 1, "secret2", ASN1_BIT_STRING, ASN1_BODY }, /* 4 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
-};
-#define PRIV_KEY_TYPE 1
-#define PRIV_KEY_PUBLIC 2
-#define PRIV_KEY_SECRET1 3
-#define PRIV_KEY_SECRET2 4
-
-/**
- * See header.
- */
-bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
-{
- private_bliss_private_key_t *this;
- chunk_t key = chunk_empty, object;
- bliss_bitpacker_t *packer;
- asn1_parser_t *parser;
- size_t s_bits = 0;
- int8_t s, s_min = 0, s_max = 0;
- uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value, r2;
- bool success = FALSE;
- int objectID, oid, i;
-
- while (TRUE)
- {
- switch (va_arg(args, builder_part_t))
- {
- case BUILD_BLOB_ASN1_DER:
- key = va_arg(args, chunk_t);
- continue;
- case BUILD_END:
- break;
- default:
- return NULL;
- }
- break;
- }
-
- if (key.len == 0)
- {
- return NULL;
- }
- this = bliss_private_key_create_empty();
-
- parser = asn1_parser_create(privkeyObjects, key);
- parser->set_flags(parser, FALSE, TRUE);
-
- while (parser->iterate(parser, &objectID, &object))
- {
- switch (objectID)
- {
- case PRIV_KEY_TYPE:
- oid = asn1_known_oid(object);
- if (oid == OID_UNKNOWN)
- {
- goto end;
- }
- this->set = bliss_param_set_get_by_oid(oid);
- if (this->set == NULL)
- {
- goto end;
- }
- if (lib->settings->get_bool(lib->settings,
- "%s.plugins.bliss.use_bliss_b",TRUE, lib->ns))
- {
- switch (this->set->id)
- {
- case BLISS_I:
- this->set = bliss_param_set_get_by_id(BLISS_B_I);
- break;
- case BLISS_III:
- this->set = bliss_param_set_get_by_id(BLISS_B_III);
- break;
- case BLISS_IV:
- this->set = bliss_param_set_get_by_id(BLISS_B_IV);
- break;
- default:
- break;
- }
- }
- if (this->set->non_zero2)
- {
- s_min = -2;
- s_max = 2;
- s_bits = 3;
- }
- else
- {
- s_min = -1;
- s_max = 1;
- s_bits = 2;
- }
- s_sign = 1 << (s_bits - 1);
- s_mask = ((1 << (32 - s_bits)) - 1) << s_bits;
- break;
- case PRIV_KEY_PUBLIC:
- if (!bliss_public_key_from_asn1(object, this->set, &this->A))
- {
- goto end;
- }
- this->Ar = malloc(this->set->n * sizeof(uint32_t));
- r2 = this->set->fft_params->r2;
-
- for (i = 0; i < this->set->n; i++)
- {
- this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2,
- this->set->fft_params);
- }
- break;
- case PRIV_KEY_SECRET1:
- if (object.len != 1 + (s_bits * this->set->n + 7)/8)
- {
- goto end;
- }
- this->s1 = malloc(this->set->n);
-
- /* Skip unused bits octet */
- object = chunk_skip(object, 1);
- packer = bliss_bitpacker_create_from_data(object);
- for (i = 0; i < this->set->n; i++)
- {
- packer->read_bits(packer, &value, s_bits);
- s = (value & s_sign) ? value | s_mask : value;
- if (s < s_min || s > s_max)
- {
- packer->destroy(packer);
- goto end;
- }
- this->s1[i] = s;
- }
- packer->destroy(packer);
- break;
- case PRIV_KEY_SECRET2:
- if (object.len != 1 + (s_bits * this->set->n + 7)/8)
- {
- goto end;
- }
- this->s2 = malloc(this->set->n);
-
- /* Skip unused bits octet */
- object = chunk_skip(object, 1);
- packer = bliss_bitpacker_create_from_data(object);
- for (i = 0; i < this->set->n; i++)
- {
- packer->read_bits(packer, &value, s_bits);
- s = (value & s_sign) ? value | s_mask : value;
- if (s < s_min || s > s_max)
- {
- packer->destroy(packer);
- goto end;
- }
- this->s2[i] = 2 * s;
- if (i == 0)
- {
- this->s2[0] += 1;
- }
- }
- packer->destroy(packer);
- break;
- }
- }
- success = parser->success(parser);
-
-end:
- parser->destroy(parser);
- if (!success)
- {
- destroy(this);
- return NULL;
- }
-
- return &this->public;
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_private_key bliss_private_key
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_PRIVATE_KEY_H_
-#define BLISS_PRIVATE_KEY_H_
-
-#include <credentials/builder.h>
-#include <credentials/keys/private_key.h>
-
-typedef struct bliss_private_key_t bliss_private_key_t;
-
-/**
- * Private_key_t implementation of BLISS signature algorithm.
- */
-struct bliss_private_key_t {
-
- /**
- * Implements private_key_t interface
- */
- private_key_t key;
-};
-
-/**
- * Generate a BLISS private key.
- *
- * Accepts the BUILD_KEY_SIZE argument.
- *
- * @param type type of the key, must be KEY_BLISS
- * @param args builder_part_t argument list
- * @return generated key, NULL on failure
- */
-bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args);
-
-/**
- * Load a BLISS private key.
- *
- * Accepts BUILD_BLISS_* components.
- *
- * @param type type of the key, must be KEY_BLISS
- * @param args builder_part_t argument list
- * @return loaded key, NULL on failure
- */
-bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args);
-
-#endif /** BLISS_PRIVATE_KEY_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_public_key.h"
-#include "bliss_signature.h"
-#include "bliss_bitpacker.h"
-#include "ntt_fft.h"
-#include "ntt_fft_reduce.h"
-#include "bliss_utils.h"
-
-#include <asn1/asn1.h>
-#include <asn1/asn1_parser.h>
-#include <asn1/oid.h>
-
-typedef struct private_bliss_public_key_t private_bliss_public_key_t;
-
-/**
- * Private data structure with signing context.
- */
-struct private_bliss_public_key_t {
- /**
- * Public interface for this signer.
- */
- bliss_public_key_t public;
-
- /**
- * BLISS signature parameter set
- */
- const bliss_param_set_t *set;
-
- /**
- * NTT of BLISS public key a (coefficients of polynomial (2g + 1)/f)
- */
- uint32_t *A;
-
- /**
- * NTT of BLISS public key in Montgomery representation Ar = rA mod
- */
- uint32_t *Ar;
-
- /**
- * reference counter
- */
- refcount_t ref;
-};
-
-METHOD(public_key_t, get_type, key_type_t,
- private_bliss_public_key_t *this)
-{
- return KEY_BLISS;
-}
-
-/**
- * Verify a BLISS signature based on a SHA-512 hash
- */
-static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
- chunk_t data, chunk_t signature)
-{
- int i, n;
- int32_t *z1, *u;
- int16_t *ud, *z2d;
- uint16_t q, q2, p, *c_indices, *indices;
- uint32_t *az;
- uint8_t data_hash_buf[HASH_SIZE_SHA512];
- chunk_t data_hash;
- hasher_t *hasher;
- ext_out_function_t oracle_alg;
- ntt_fft_t *fft;
- bliss_signature_t *sig;
- bool success = FALSE;
-
- /* Create data hash using configurable hash algorithm */
- hasher = lib->crypto->create_hasher(lib->crypto, alg);
- if (!hasher )
- {
- return FALSE;
- }
- data_hash = chunk_create(data_hash_buf, hasher->get_hash_size(hasher));
-
- if (!hasher->get_hash(hasher, data, data_hash_buf))
- {
- hasher->destroy(hasher);
- return FALSE;
- }
- hasher->destroy(hasher);
-
- sig = bliss_signature_create_from_data(this->set, signature);
- if (!sig)
- {
- return FALSE;
- }
- sig->get_parameters(sig, &z1, &z2d, &c_indices);
-
- if (!bliss_utils_check_norms(this->set, z1, z2d))
- {
- sig->destroy(sig);
- return FALSE;
- }
-
- /* MGF1 hash algorithm to be used for random oracle */
- oracle_alg = XOF_MGF1_SHA512;
-
- /* Initialize a couple of needed variables */
- n = this->set->n;
- q = this->set->q;
- p = this->set->p;
- q2 = 2 * q;
- az = malloc(n * sizeof(uint32_t));
- u = malloc(n * sizeof(int32_t));
- ud = malloc(n * sizeof(int16_t));
- indices = malloc(this->set->kappa * sizeof(uint16_t));
-
- for (i = 0; i < n; i++)
- {
- az[i] = z1[i] < 0 ? q + z1[i] : z1[i];
- }
- fft = ntt_fft_create(this->set->fft_params);
- fft->transform(fft, az, az, FALSE);
-
- for (i = 0; i < n; i++)
- {
- az[i] = ntt_fft_mreduce(this->Ar[i] * az[i], this->set->fft_params);
- }
- fft->transform(fft, az, az, TRUE);
-
- for (i = 0; i < n; i++)
- {
- u[i] = (2 * this->set->q2_inv * az[i]) % q2;
- }
-
- for (i = 0; i < this->set->kappa; i++)
- {
- u[c_indices[i]] = (u[c_indices[i]] + q * this->set->q2_inv) % q2;
- }
- bliss_utils_round_and_drop(this->set, u, ud);
-
- for (i = 0; i < n; i++)
- {
- ud[i] += z2d[i];
- if (ud[i] < 0)
- {
- ud[i] += p;
- }
- else if (ud[i] >= p)
- {
- ud[i] -= p;
- }
- }
-
- /* Detailed debugging information */
- DBG3(DBG_LIB, " i u[i] ud[i] z2d[i]");
- for (i = 0; i < n; i++)
- {
- DBG3(DBG_LIB, "%3d %6d %4d %4d", i, u[i], ud[i], z2d[i]);
- }
-
- if (!bliss_utils_generate_c(oracle_alg, data_hash, ud, this->set, indices))
- {
- goto end;
- }
-
- for (i = 0; i < this->set->kappa; i++)
- {
- if (indices[i] != c_indices[i])
- {
- DBG1(DBG_LIB, "signature verification failed");
- goto end;
- }
- }
- success = TRUE;
-
-end:
- /* cleanup */
- sig->destroy(sig);
- fft->destroy(fft);
- free(az);
- free(u);
- free(ud);
- free(indices);
-
- return success;
-}
-
-METHOD(public_key_t, verify, bool,
- private_bliss_public_key_t *this, signature_scheme_t scheme, void *params,
- chunk_t data, chunk_t signature)
-{
- switch (scheme)
- {
- case SIGN_BLISS_WITH_SHA2_256:
- return verify_bliss(this, HASH_SHA256, data, signature);
- case SIGN_BLISS_WITH_SHA2_384:
- return verify_bliss(this, HASH_SHA384, data, signature);
- case SIGN_BLISS_WITH_SHA2_512:
- return verify_bliss(this, HASH_SHA512, data, signature);
- case SIGN_BLISS_WITH_SHA3_256:
- return verify_bliss(this, HASH_SHA3_256, data, signature);
- case SIGN_BLISS_WITH_SHA3_384:
- return verify_bliss(this, HASH_SHA3_384, data, signature);
- case SIGN_BLISS_WITH_SHA3_512:
- return verify_bliss(this, HASH_SHA3_512, data, signature);
- default:
- DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
- signature_scheme_names, scheme);
- return FALSE;
- }
-}
-
-METHOD(public_key_t, encrypt_, bool,
- private_bliss_public_key_t *this, encryption_scheme_t scheme,
- void *params, chunk_t plain, chunk_t *crypto)
-{
- DBG1(DBG_LIB, "encryption scheme %N not supported",
- encryption_scheme_names, scheme);
- return FALSE;
-}
-
-METHOD(public_key_t, get_keysize, int,
- private_bliss_public_key_t *this)
-{
- return this->set->strength;
-}
-
-METHOD(public_key_t, get_encoding, bool,
- private_bliss_public_key_t *this, cred_encoding_type_t type,
- chunk_t *encoding)
-{
- bool success = TRUE;
-
- *encoding = bliss_public_key_info_encode(this->set->oid, this->A, this->set);
-
- if (type != PUBKEY_SPKI_ASN1_DER)
- {
- chunk_t asn1_encoding = *encoding;
-
- success = lib->encoding->encode(lib->encoding, type,
- NULL, encoding, CRED_PART_BLISS_PUB_ASN1_DER,
- asn1_encoding, CRED_PART_END);
- chunk_clear(&asn1_encoding);
- }
- return success;
-}
-
-METHOD(public_key_t, get_fingerprint, bool,
- private_bliss_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
-{
- bool success;
-
- if (lib->encoding->get_cache(lib->encoding, type, this, fp))
- {
- return TRUE;
- }
- success = bliss_public_key_fingerprint(this->set->oid, this->A,
- this->set, type, fp);
- if (success)
- {
- lib->encoding->cache(lib->encoding, type, this, fp);
- }
- return success;
-}
-
-METHOD(public_key_t, get_ref, public_key_t*,
- private_bliss_public_key_t *this)
-{
- ref_get(&this->ref);
- return &this->public.key;
-}
-
-METHOD(public_key_t, destroy, void,
- private_bliss_public_key_t *this)
-{
- if (ref_put(&this->ref))
- {
- lib->encoding->clear_cache(lib->encoding, this);
- free(this->A);
- free(this->Ar);
- free(this);
- }
-}
-
-/**
- * ASN.1 definition of a BLISS public key
- */
-static const asn1Object_t pubkeyObjects[] = {
- { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
- { 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
- { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
-};
-#define BLISS_SUBJECT_PUBLIC_KEY_ALGORITHM 1
-#define BLISS_SUBJECT_PUBLIC_KEY 2
-
-/**
- * See header.
- */
-bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
-{
- private_bliss_public_key_t *this;
- chunk_t blob = chunk_empty, object, param;
- asn1_parser_t *parser;
- bool success = FALSE;
- int objectID, oid, i;
- uint32_t r2;
-
- while (TRUE)
- {
- switch (va_arg(args, builder_part_t))
- {
- case BUILD_BLOB_ASN1_DER:
- blob = va_arg(args, chunk_t);
- continue;
- case BUILD_END:
- break;
- default:
- return NULL;
- }
- break;
- }
-
- if (blob.len == 0)
- {
- return NULL;
- }
-
- INIT(this,
- .public = {
- .key = {
- .get_type = _get_type,
- .verify = _verify,
- .encrypt = _encrypt_,
- .equals = public_key_equals,
- .get_keysize = _get_keysize,
- .get_fingerprint = _get_fingerprint,
- .has_fingerprint = public_key_has_fingerprint,
- .get_encoding = _get_encoding,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- },
- .ref = 1,
- );
-
- parser = asn1_parser_create(pubkeyObjects, blob);
-
- while (parser->iterate(parser, &objectID, &object))
- {
- switch (objectID)
- {
- case BLISS_SUBJECT_PUBLIC_KEY_ALGORITHM:
- {
- oid = asn1_parse_algorithmIdentifier(object,
- parser->get_level(parser)+1, ¶m);
- if (oid != OID_BLISS_PUBLICKEY)
- {
- goto end;
- }
- if (!asn1_parse_simple_object(¶m, ASN1_OID,
- parser->get_level(parser)+3, "blissKeyType"))
- {
- goto end;
- }
- oid = asn1_known_oid(param);
- if (oid == OID_UNKNOWN)
- {
- goto end;
- }
- this->set = bliss_param_set_get_by_oid(oid);
- if (this->set == NULL)
- {
- goto end;
- }
- break;
- }
- case BLISS_SUBJECT_PUBLIC_KEY:
- if (!bliss_public_key_from_asn1(object, this->set, &this->A))
- {
- goto end;
- }
- this->Ar = malloc(this->set->n * sizeof(uint32_t));
- r2 = this->set->fft_params->r2;
-
- for (i = 0; i < this->set->n; i++)
- {
- this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2,
- this->set->fft_params);
- }
- break;
- }
- }
- success = parser->success(parser);
-
-end:
- parser->destroy(parser);
- if (!success)
- {
- destroy(this);
- return NULL;
- }
-
- return &this->public;
-}
-
-/**
- * See header.
- */
-bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set,
- uint32_t **pubkey)
-{
- bliss_bitpacker_t *packer;
- uint32_t coefficient;
- uint16_t needed_bits;
- int i;
-
- /* skip initial bit string octet defining unused bits */
- object = chunk_skip(object, 1);
-
- needed_bits = set->n * set->q_bits;
-
- if (8 * object.len < needed_bits)
- {
- return FALSE;
- }
- *pubkey = malloc(set->n * sizeof(uint32_t));
-
- packer = bliss_bitpacker_create_from_data(object);
-
- for (i = 0; i < set->n; i++)
- {
- packer->read_bits(packer, &coefficient, set->q_bits);
- if (coefficient >= set->q)
- {
- packer->destroy(packer);
- return FALSE;
- }
- (*pubkey)[i] = coefficient;
- }
- packer->destroy(packer);
-
- return TRUE;
-}
-
-/**
- * See header.
- */
-chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set)
-{
- bliss_bitpacker_t *packer;
- chunk_t encoding;
- int i;
-
- packer = bliss_bitpacker_create(set->n * set->q_bits);
-
- for (i = 0; i < set->n; i++)
- {
- packer->write_bits(packer, pubkey[i], set->q_bits);
- }
- encoding = packer->extract_buf(packer);
- packer->destroy(packer);
-
- return encoding;
-}
-
-/**
- * See header.
- */
-chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
- const bliss_param_set_t *set)
-{
- chunk_t encoding, pubkey_encoding;
-
- pubkey_encoding = bliss_public_key_encode(pubkey, set);
-
- encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_build_known_oid(OID_BLISS_PUBLICKEY),
- asn1_build_known_oid(oid)),
- asn1_bitstring("m", pubkey_encoding));
-
- return encoding;
-}
-
-/**
- * See header.
- */
-bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey,
- const bliss_param_set_t *set,
- cred_encoding_type_t type, chunk_t *fp)
-{
- hasher_t *hasher;
- chunk_t key;
-
- switch (type)
- {
- case KEYID_PUBKEY_SHA1:
- key = bliss_public_key_encode(pubkey, set);
- break;
- case KEYID_PUBKEY_INFO_SHA1:
- key = bliss_public_key_info_encode(oid, pubkey, set);
- break;
- default:
- return FALSE;
- }
-
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher || !hasher->allocate_hash(hasher, key, fp))
- {
- DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
- DESTROY_IF(hasher);
- free(key.ptr);
-
- return FALSE;
- }
- hasher->destroy(hasher);
- free(key.ptr);
-
- return TRUE;
-}
-
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_public_key bliss_public_key
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_PUBLIC_KEY_H_
-#define BLISS_PUBLIC_KEY_H_
-
-#include "bliss_param_set.h"
-
-#include <credentials/builder.h>
-#include <credentials/cred_encoding.h>
-#include <credentials/keys/public_key.h>
-
-typedef struct bliss_public_key_t bliss_public_key_t;
-
-/**
- * public_key_t implementation of BLISS signature algorithm
- */
-struct bliss_public_key_t {
-
- /**
- * Implements the public_key_t interface
- */
- public_key_t key;
-};
-
-/**
- * Load a BLISS public key.
- *
- * Accepts BUILD_BLISS_* components.
- *
- * @param type type of the key, must be KEY_BLISS
- * @param args builder_part_t argument list
- * @return loaded key, NULL on failure
- */
-bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args);
-
-/* The following functions are shared with the bliss_private_key class */
-
-/**
- * Parse an ASN.1 BIT STRING into an array of public key coefficients
- *
- * @param object packed subjectPublicKey
- * @param set BLISS parameter set for public key vector
- * @param pubkey coefficients of public key vector
- * @return TRUE if parsing successful
- */
-bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set,
- uint32_t **pubkey);
-
-/**
- * Encode a raw BLISS subjectPublicKey in ASN.1 DER format
- *
- * @param pubkey coefficients of public key vector
- * @param set BLISS parameter set for the public key vector
- * @result ASN.1 encoded subjectPublicKey
- */
-chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set);
-
-/**
- * Encode a BLISS subjectPublicKeyInfo record in ASN.1 DER format
- *
- * @param oid BLISS public key type OID
- * @param pubkey coefficients of public key vector
- * @param set BLISS parameter set for the public key vector
- * @result ASN.1 encoded subjectPublicKeyInfo record
- */
-chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
- const bliss_param_set_t *set);
-
-/**
- * Generate a BLISS public key fingerprint
- *
- * @param oid BLISS public key type OID
- * @param pubkey coefficients of public key vector
- * @param set BLISS parameter set for the public key vector
- * @param type type of fingerprint to be generated
- * @param fp generated fingerprint (must be freed by caller)
- * @result TRUE if generation was successful
- */
-bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey,
- const bliss_param_set_t *set,
- cred_encoding_type_t type, chunk_t *fp);
-
-#endif /** BLISS_PUBLIC_KEY_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_sampler.h"
-
-typedef struct private_bliss_sampler_t private_bliss_sampler_t;
-
-#include <crypto/xofs/xof_bitspender.h>
-
-/**
- * Private data of a bliss_sampler_t object.
- */
-struct private_bliss_sampler_t {
-
- /**
- * Public interface.
- */
- bliss_sampler_t public;
-
- /**
- * BLISS parameter the rejection sampling is to be based on
- */
- const bliss_param_set_t *set;
-
- /**
- * Bitspender used for random rejection sampling
- */
- xof_bitspender_t *bitspender;
-
-};
-
-METHOD(bliss_sampler_t, bernoulli_exp, bool,
- private_bliss_sampler_t *this, uint32_t x, bool *accepted)
-{
- uint32_t x_mask;
- uint8_t u;
- const uint8_t *c;
- int i;
-
- x_mask = 1 << (this->set->c_rows - 1);
- c = this->set->c;
- c += (this->set->c_rows - 1) * this->set->c_cols;
-
- while (x_mask > 0)
- {
- if (x & x_mask)
- {
- for (i = 0; i < this->set->c_cols; i++)
- {
- if (!this->bitspender->get_byte(this->bitspender, &u))
- {
- return FALSE;
- }
- if (u < c[i])
- {
- break;
- }
- else if (u > c[i])
- {
- *accepted = FALSE;
- return TRUE;
- }
- }
- }
- x_mask >>= 1;
- c -= this->set->c_cols;
- }
-
- *accepted = TRUE;
- return TRUE;
-}
-
-METHOD(bliss_sampler_t, bernoulli_cosh, bool,
- private_bliss_sampler_t *this, int32_t x, bool *accepted)
-{
- uint32_t u;
-
- x = 2 * (x < 0 ? -x : x);
-
- while (TRUE)
- {
- if (!bernoulli_exp(this, x, accepted))
- {
- return FALSE;
- }
- if (*accepted)
- {
- return TRUE;
- }
- if (!this->bitspender->get_bits(this->bitspender, 1, &u))
- {
- return FALSE;
- }
- if (u)
- {
- continue;
- }
- if (!bernoulli_exp(this, x, accepted))
- {
- return FALSE;
- }
- if (!(*accepted))
- {
- return TRUE;
- }
- }
-}
-
-#define MAX_SAMPLE_INDEX 16
-
-METHOD(bliss_sampler_t, pos_binary, bool,
- private_bliss_sampler_t *this, uint32_t *x)
-{
- uint32_t u, i;
-
- while (TRUE)
- {
- for (i = 0; i <= MAX_SAMPLE_INDEX; i++)
- {
- if (!this->bitspender->get_bits(this->bitspender,
- i ? (2*i - 1) : 1, &u))
- {
- return FALSE;
- }
- if (u == 0)
- {
- *x = i;
- return TRUE;
- }
- if ((u >> 1) != 0)
- {
- break;
- }
- }
- if (i > MAX_SAMPLE_INDEX)
- {
- return FALSE;
- }
- }
-}
-
-METHOD(bliss_sampler_t, gaussian, bool,
- private_bliss_sampler_t *this, int32_t *z)
-{
- uint32_t u, x, y, z_pos;
- bool accepted;
-
- while (TRUE)
- {
- if (!pos_binary(this, &x))
- {
- return FALSE;
- }
-
- do
- {
- if (!this->bitspender->get_bits(this->bitspender,
- this->set->k_sigma_bits, &y))
- {
- return FALSE;
- }
- }
- while (y >= this->set->k_sigma);
-
- if (!bernoulli_exp(this, y * (y + 2*this->set->k_sigma * x), &accepted))
- {
- return FALSE;
- }
- if (accepted)
- {
- if (!this->bitspender->get_bits(this->bitspender, 1, &u))
- {
- return FALSE;
- }
- if (x || y || u)
- {
- break;
- }
- }
- }
-
- z_pos = this->set->k_sigma * x + y;
- *z = u ? z_pos : -z_pos;
-
- return TRUE;
-}
-
-METHOD(bliss_sampler_t, sign, bool,
- private_bliss_sampler_t *this, bool *positive)
-{
- uint32_t u;
-
- if (!this->bitspender->get_bits(this->bitspender, 1, &u))
- {
- return FALSE;
- }
- *positive = u;
-
- return TRUE;
-}
-
-METHOD(bliss_sampler_t, destroy, void,
- private_bliss_sampler_t *this)
-{
- this->bitspender->destroy(this->bitspender);
- free(this);
-}
-
-
-/**
- * See header.
- */
-bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
- const bliss_param_set_t *set)
-{
- private_bliss_sampler_t *this;
- xof_bitspender_t *bitspender;
-
- bitspender = xof_bitspender_create(alg, seed, FALSE);
- if (!bitspender)
- {
- return NULL;
- }
-
- INIT(this,
- .public = {
- .bernoulli_exp = _bernoulli_exp,
- .bernoulli_cosh = _bernoulli_cosh,
- .pos_binary = _pos_binary,
- .gaussian = _gaussian,
- .sign = _sign,
- .destroy = _destroy,
- },
- .set = set,
- .bitspender = bitspender,
- );
-
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_sampler bliss_sampler
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_SAMPLER_H_
-#define BLISS_SAMPLER_H_
-
-typedef struct bliss_sampler_t bliss_sampler_t;
-
-#include "bliss_param_set.h"
-
-#include <library.h>
-#include <crypto/hashers/hasher.h>
-
-/**
- * Implementation various rejection sampling algorithms.
- */
-struct bliss_sampler_t {
-
- /**
- * Sample according to exp(-x/(2*sigma^2))
- *
- * @param x Value to be sampled
- * @param accepted TRUE if value is accepted, FALSE if rejected
- * @result TRUE if sampling was successful
- */
- bool (*bernoulli_exp)(bliss_sampler_t *this, uint32_t x, bool *accepted);
-
- /**
- * Sample according to 1/cosh(x/sigma^2)
- *
- * @param x Value to be sampled
- * @param accepted TRUE if value is accepted, FALSE if rejected
- * @result TRUE if sampling was successful
- */
- bool (*bernoulli_cosh)(bliss_sampler_t *this, int32_t x, bool *accepted);
-
- /**
- * Sample according to 2^(-x^2) for positive x
- *
- * @param x Generated value
- * @result TRUE if sampling was successful
- */
- bool (*pos_binary)(bliss_sampler_t *this, uint32_t *x);
-
- /**
- * Sample according to the Gaussian distribution exp(-x^2/(2*sigma^2))
- *
- * @param z Generated value with Gaussian distribution
- * @result TRUE if sampling was successful
- */
- bool (*gaussian)(bliss_sampler_t *this, int32_t *z);
-
- /**
- * Sample the sign according to the binary distribution
- *
- * @param positive TRUE if positive
- * @result TRUE if sampling was successful
- */
- bool (*sign)(bliss_sampler_t *this, bool *positive);
-
- /**
- * Destroy bliss_sampler_t object
- */
- void (*destroy)(bliss_sampler_t *this);
-};
-
-/**
- * Create a bliss_sampler_t object.
- *
- * @param alg XOF to be used for the internal bitspender
- * @param seed Seed used to initialize the internal bitspender
- * @param set BLISS parameter set to be used
- */
-bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
- const bliss_param_set_t *set);
-
-#endif /** BLISS_SAMPLER_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_signature.h"
-#include "bliss_bitpacker.h"
-#include "bliss_huffman_coder.h"
-
-
-typedef struct private_bliss_signature_t private_bliss_signature_t;
-
-/**
- * Private data of a bliss_signature_t object.
- */
-struct private_bliss_signature_t {
- /**
- * Public interface for this signer.
- */
- bliss_signature_t public;
-
- /**
- * BLISS signature parameter set
- */
- const bliss_param_set_t *set;
-
- /**
- * BLISS signature vector z1 of size n
- */
- int32_t *z1;
-
- /**
- * BLISS signature vector z2d of size n
- */
- int16_t *z2d;
-
- /**
- * Indices of sparse BLISS challenge vector c of size kappa
- */
- uint16_t *c_indices;
-
-};
-
-METHOD(bliss_signature_t, get_encoding, chunk_t,
- private_bliss_signature_t *this)
-{
- bliss_bitpacker_t *packer;
- bliss_huffman_coder_t *coder;
- bliss_huffman_code_t *code;
- int32_t z1;
- uint32_t z1_sign;
- uint16_t z2d_bits;
- chunk_t encoding = chunk_empty;
- int i;
-
- z2d_bits = this->set->z1_bits - this->set->d;
-
- /* Get Huffman code for this BLISS parameter set */
- code = bliss_huffman_code_get_by_id(this->set->id);
- if (!code)
- {
- DBG1(DBG_LIB, "no Huffman code found for parameter set %N",
- bliss_param_set_id_names, this->set->id);
- return chunk_empty;
- }
-
- packer = bliss_bitpacker_create(this->set->n * this->set->z1_bits +
- this->set->n * z2d_bits +
- this->set->kappa * this->set->n_bits);
- coder = bliss_huffman_coder_create(code, packer);
-
- for (i = 0; i < this->set->n; i++)
- {
- /* determine and remove the sign of z1[i]*/
- z1_sign = this->z1[i] < 0;
- z1 = z1_sign ? -this->z1[i] : this->z1[i];
-
- if (!packer->write_bits(packer, z1_sign, 1) ||
- !packer->write_bits(packer, z1 & 0xff, 8) ||
- !coder->encode(coder, z1 >> 8, this->z2d[i]))
- {
- goto end;
- }
- }
- for (i = 0; i < this->set->kappa; i++)
- {
- if (!packer->write_bits(packer, this->c_indices[i], this->set->n_bits))
- {
- goto end;
- }
- }
- encoding = packer->extract_buf(packer);
-
- DBG2(DBG_LIB, "efficiency of Huffman coder is %6.4f bits/tuple (%u bits)",
- coder->get_bits(coder)/(double)(this->set->n),
- coder->get_bits(coder));
- DBG2(DBG_LIB, "generated BLISS signature (%u bits encoded in %u bytes)",
- packer->get_bits(packer), encoding.len);
-
- end:
- coder->destroy(coder);
- packer->destroy(packer);
- return encoding;
-}
-
-METHOD(bliss_signature_t, get_parameters, void,
- private_bliss_signature_t *this, int32_t **z1, int16_t **z2d,
- uint16_t **c_indices)
-{
- *z1 = this->z1;
- *z2d = this->z2d;
- *c_indices = this->c_indices;
-}
-
-METHOD(bliss_signature_t, destroy, void,
- private_bliss_signature_t *this)
-{
- free(this->z1);
- free(this->z2d);
- free(this->c_indices);
- free(this);
-}
-
-/**
- * See header.
- */
-bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set)
-{
- private_bliss_signature_t *this;
-
- INIT(this,
- .public = {
- .get_encoding = _get_encoding,
- .get_parameters = _get_parameters,
- .destroy = _destroy,
- },
- .set = set,
- .z1 = malloc(set->n * sizeof(int32_t)),
- .z2d = malloc(set->n * sizeof(int16_t)),
- .c_indices = malloc(set->n * sizeof(uint16_t)),
- );
-
- return &this->public;
-}
-
-/**
- * See header.
- */
-bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set,
- chunk_t encoding)
-{
- private_bliss_signature_t *this;
- bliss_bitpacker_t *packer;
- bliss_huffman_coder_t *coder;
- bliss_huffman_code_t *code;
- uint32_t z1_sign, z1_low, value;
- int32_t z1;
- int16_t z2;
- int i;
-
- /* Get Huffman code for this BLISS parameter set */
- code = bliss_huffman_code_get_by_id(set->id);
- if (!code)
- {
- DBG1(DBG_LIB, "no Huffman code found for parameter set %N",
- bliss_param_set_id_names, set->id);
- return NULL;
- }
-
- if (encoding.len == 0)
- {
- DBG1(DBG_LIB, "zero length BLISS signature");
- return NULL;
- }
-
- INIT(this,
- .public = {
- .get_encoding = _get_encoding,
- .get_parameters = _get_parameters,
- .destroy = _destroy,
- },
- .set = set,
- .z1 = malloc(set->n * sizeof(int32_t)),
- .z2d = malloc(set->n * sizeof(int16_t)),
- .c_indices = malloc(set->n * sizeof(uint16_t)),
- );
-
- packer = bliss_bitpacker_create_from_data(encoding);
- coder = bliss_huffman_coder_create(code, packer);
-
- for (i = 0; i < set->n; i++)
- {
- if (!packer->read_bits(packer, &z1_sign, 1) ||
- !packer->read_bits(packer, &z1_low, 8) ||
- !coder->decode(coder, &z1, &z2))
- {
- DBG1(DBG_LIB, "truncated BLISS signature encoding of z1/z2");
- coder->destroy(coder);
- packer->destroy(packer);
- destroy(this);
- return NULL;
- }
- z1 = (z1 << 8) + z1_low;
- this->z1[i] = z1_sign ? -z1 : z1;
- this->z2d[i] = z2;
- }
- coder->destroy(coder);
-
- for (i = 0; i < set->kappa; i++)
- {
- if (!packer->read_bits(packer, &value, set->n_bits))
- {
- DBG1(DBG_LIB, "truncated BLISS signature encoding of c_indices");
- packer->destroy(packer);
- destroy(this);
- return NULL;
- }
- this->c_indices[i] = value;
- }
- packer->destroy(packer);
-
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_signature bliss_signature
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_SIGNATURE_H_
-#define BLISS_SIGNATURE_H_
-
-typedef struct bliss_signature_t bliss_signature_t;
-
-#include "bliss_param_set.h"
-
-#include <library.h>
-
-/**
- * Public interface of BLISS signature object
- */
-struct bliss_signature_t {
-
- /**
- * Get compressed binary encoding of BLISS signature
- *
- * @result binary encoding of BLISS signature
- */
- chunk_t (*get_encoding)(bliss_signature_t *this);
-
- /**
- * Get signature parameters extracted from compressed binary encoding
- *
- * @param z1 signature vector z1 of size n
- * @param z2d signature vector z2d of size n
- * @param c_indices indices of sparse binary challenge vector of size kappa
- */
- void (*get_parameters)(bliss_signature_t *this, int32_t **z1, int16_t **z2d,
- uint16_t **c_indices);
-
- /**
- * Destroy bliss_signature_t object
- */
- void (*destroy)(bliss_signature_t *this);
-
-};
-
-/**
- * Create a BLISS signature object.
- *
- * @param set BLISS parameter set
- */
-bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set);
-
-/**
- * Create a BLISS signature object from encoding.
- *
- * @param set BLISS parameter set
- * @param encoding binary signature encoding
- */
-bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set,
- chunk_t encoding);
-
-#endif /** BLISS_SIGNATURE_H_ @}*/
+++ /dev/null
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_utils.h"
-
-#include <asn1/asn1.h>
-#include <crypto/hashers/hasher.h>
-#include <crypto/xofs/xof_bitspender.h>
-#include <utils/debug.h>
-
-/**
- * See header.
- */
-int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n)
-{
- int32_t product = 0;
- int i;
-
- for (i = 0; i < n; i++)
- {
- product += x[i] * y[i];
- }
-
- return product;
-}
-
-/**
- * See header.
- */
-void bliss_utils_round_and_drop(const bliss_param_set_t *set,
- int32_t *x, int16_t *xd)
-{
- int32_t factor;
- int i;
-
- factor = 1 << set->d;
-
- for (i = 0; i < set->n; i++)
- {
- xd[i] = ((x[i] + (factor >> 1)) / factor) % set->p;
- }
-}
-
-/**
- * See header.
- */
-bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
- uint16_t *ud, const bliss_param_set_t *set,
- uint16_t *c_indices)
-{
- int i, index_trials = 0, index_found = 0;
- bool index_taken[set->n];
- uint32_t index;
- uint8_t *seed_pos;
- chunk_t seed;
- xof_bitspender_t *bitspender;
-
- seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
-
- /* the data hash makes up the first part of the oracle seed */
- memcpy(seed.ptr, data_hash.ptr, data_hash.len);
- seed_pos = seed.ptr + data_hash.len;
-
- /* followed by the n elements of the ud vector in network order */
- for (i = 0; i < set->n; i++)
- {
- htoun16(seed_pos, ud[i]);
- seed_pos += sizeof(uint16_t);
- }
-
- bitspender = xof_bitspender_create(alg, seed, FALSE);
- if (!bitspender)
- {
- return NULL;
- }
-
- for (i = 0; i < set->n; i++)
- {
- index_taken[i] = FALSE;
- }
-
- DBG3(DBG_LIB, " i c_index[i]");
- while (bitspender->get_bits(bitspender, set->n_bits, &index))
- {
- index_trials++;
-
- if (!index_taken[index])
- {
- DBG3(DBG_LIB, "%2u %8u", index_found, index);
- c_indices[index_found++] = index;
- index_taken[index] = TRUE;
-
- if (index_found == set->kappa)
- {
- DBG3(DBG_LIB, "%2d index trials", index_trials);
- bitspender->destroy(bitspender);
- return TRUE;
- }
- }
- }
-
- bitspender->destroy(bitspender);
- return FALSE;
-}
-
-/**
- * See header.
- */
-bool bliss_utils_check_norms(const bliss_param_set_t *set,
- int32_t *z1, int16_t *z2d)
-{
- int32_t z2ds[set->n];
- int32_t z1_min, z1_max, norm;
- int16_t z2d_min, z2d_max;
- int i;
-
- /* some statistics on the values of z1 and z2d */
- z1_min = z1_max = z1[0];
- z2d_min = z2d_max = z2d[0];
-
- for (i = 1; i < set->n; i++)
- {
- if (z1[i] < z1_min)
- {
- z1_min = z1[i];
- }
- else if (z1[i] > z1_max)
- {
- z1_max = z1[i];
- }
- if (z2d[i] < z2d_min)
- {
- z2d_min = z2d[i];
- }
- else if (z2d[i] > z2d_max)
- {
- z2d_max = z2d[i];
- }
- }
- DBG2(DBG_LIB, "z1 = %d..%d, z2d = %d..%d", z1_min, z1_max, z2d_min, z2d_max);
-
- /* Restriction on infinite norm */
- for (i = 0; i < set->n; i++)
- {
- z2ds[i] = (1 << set->d) * z2d[i];
-
- if (z1[i] >= set->B_inf || z2ds[i] >= set->B_inf ||
- z1[i] <= -set->B_inf || z2ds[i] <= -set->B_inf)
- {
- DBG2(DBG_LIB, "signature rejected due to excessive infinite norm");
- return FALSE;
- }
- }
-
- /* Restriction on l2-norm */
- norm = bliss_utils_scalar_product(z1, z1, set->n) +
- bliss_utils_scalar_product(z2ds, z2ds, set->n);
-
- if (norm >= set->B_l2)
- {
- DBG2(DBG_LIB, "signature rejected due to excessive l2-norm");
- return FALSE;
- }
-
- return TRUE;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_utils bliss_utils
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_UTILS_H_
-#define BLISS_UTILS_H_
-
-#include "bliss_param_set.h"
-
-#include <library.h>
-
-/**
- * Compute the scalar product of two vectors of size n
- *
- * @param x input vector of size n
- * @param y input vector of size n
- * @param n size of input vectors x and y
- * @result scalar product of x and y
- */
-int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n);
-
-/**
- * Drop d bits but round first
- *
- * @param set BLISS parameter set
- * @param x input vector x of size n
- * @param xd rounded vector x with d bits dropped
- */
-void bliss_utils_round_and_drop(const bliss_param_set_t *set,
- int32_t *x, int16_t *xd);
-
-/**
- * Generate the binary challenge vector c as an array of kappa indices
- *
- * @param alg XOF to be used for the internal oracle
- * @param data_hash hash of the data to be signed
- * @param ud input vector ud of size n
- * @param set BLISS parameter set to be used (n, n_bits, kappa)
- * @param c_indices indexes of non-zero challenge coefficients
- */
-bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
- uint16_t *ud, const bliss_param_set_t *set,
- uint16_t *c_indices);
-
-/**
- * Check the infinity and l2 norms of the vectors z1 and z2d << d
- *
- * @param set BLISS parameter set
- * @param z1 input vector
- * @param z2d input vector
- * @result TRUE if infinite and l2 norms do not exceed boundaries
- */
-bool bliss_utils_check_norms(const bliss_param_set_t *set,
- int32_t *z1, int16_t *z2d);
-
-#endif /** BLISS_UTILS_H_ @}*/
+++ /dev/null
-bliss_tests
+++ /dev/null
-TESTS = bliss_tests
-
-check_PROGRAMS = $(TESTS)
-
-bliss_tests_SOURCES = \
- suites/test_bliss_bitpacker.c \
- suites/test_bliss_huffman.c \
- suites/test_bliss_keys.c \
- suites/test_bliss_sampler.c \
- suites/test_bliss_signature.c \
- suites/test_bliss_sign.c \
- bliss_tests.h bliss_tests.c
-
-bliss_tests_CFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libstrongswan/tests \
- -I$(top_srcdir)/src/libstrongswan/math/libnttfft \
- -I$(top_srcdir)/src/libstrongswan/plugins/bliss \
- -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
- -DPLUGINS=\""${s_plugins}\"" \
- @COVERAGE_CFLAGS@
-
-bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@
-bliss_tests_LDADD = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(top_builddir)/src/libstrongswan/tests/libtest.la \
- $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
- ../libbliss.la
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <test_runner.h>
-
-#include <library.h>
-
-/* declare test suite constructors */
-#define TEST_SUITE(x) test_suite_t* x();
-#include "bliss_tests.h"
-#undef TEST_SUITE
-
-static test_configuration_t tests[] = {
-#define TEST_SUITE(x) \
- { .suite = x, },
-#include "bliss_tests.h"
- { .suite = NULL, }
-};
-
-static bool test_runner_init(bool init)
-{
- if (init)
- {
- char *plugins, *plugindir;
-
- plugins = lib->settings->get_str(lib->settings,
- "tests.load", PLUGINS);
- plugindir = lib->settings->get_str(lib->settings,
- "tests.plugindir", PLUGINDIR);
- plugin_loader_add_plugindirs(plugindir, plugins);
- if (!lib->plugins->load(lib->plugins, plugins))
- {
- return FALSE;
- }
- }
- else
- {
- lib->processor->set_threads(lib->processor, 0);
- lib->processor->cancel(lib->processor);
- lib->plugins->unload(lib->plugins);
- }
- return TRUE;
-}
-
-int main(int argc, char *argv[])
-{
- return test_runner_run("bliss", tests, test_runner_init);
-}
+++ /dev/null
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-TEST_SUITE(bliss_bitpacker_suite_create)
-TEST_SUITE(bliss_huffman_suite_create)
-TEST_SUITE(bliss_keys_suite_create)
-TEST_SUITE(bliss_sampler_suite_create)
-TEST_SUITE(bliss_signature_suite_create)
-TEST_SUITE(bliss_sign_suite_create)
-
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bliss_bitpacker.h>
-
-static uint32_t bits[] = { 0, 1, 2, 3, 4, 7, 1, 14, 2, 29, 3, 28, 67, 0x2fe3a9c1};
-
-static chunk_t packed_bits = chunk_from_chars(0x6e, 0x71, 0xe1, 0x74,
- 0x37, 0x21, 0x97, 0xf1,
- 0xd4, 0xe0, 0x80);
-
-START_TEST(test_bliss_sign_bitpacker_write)
-{
- chunk_t buf;
- bliss_bitpacker_t *packer;
- int i;
-
- packer = bliss_bitpacker_create(81);
-
- for (i = 0; i < 13; i++)
- {
- ck_assert(packer->write_bits(packer, bits[i], 1 + i/2));
- }
- ck_assert(packer->write_bits(packer, bits[13], 32));
-
- buf = packer->extract_buf(packer);
- ck_assert_int_eq(packer->get_bits(packer), 81);
- ck_assert_chunk_eq(buf, packed_bits);
-
- packer->destroy(packer);
- free(buf.ptr);
-}
-END_TEST
-
-START_TEST(test_bliss_sign_bitpacker_read)
-{
- uint32_t value;
- bliss_bitpacker_t *packer;
- int i;
-
- packer = bliss_bitpacker_create_from_data(packed_bits);
-
- ck_assert(!packer->read_bits(packer, &value, 33));
-
- for (i = 0; i < 13; i++)
- {
- ck_assert(packer->read_bits(packer, &value, 1 + i/2));
- ck_assert_int_eq(value, bits[i]);
- }
- ck_assert(packer->read_bits(packer, &value, 32));
- ck_assert_int_eq(value, bits[13]);
-
- packer->destroy(packer);
-}
-END_TEST
-
-START_TEST(test_bliss_sign_bitpacker_fail)
-{
- bliss_bitpacker_t *packer;
- uint32_t value;
-
- packer = bliss_bitpacker_create(32);
- ck_assert( packer->write_bits(packer, 0xff, 0));
- ck_assert(!packer->write_bits(packer, 0, 33));
- ck_assert( packer->write_bits(packer, 0x7f2a3b01, 31));
- ck_assert(!packer->write_bits(packer, 3, 2));
- packer->destroy(packer);
-
- packer = bliss_bitpacker_create_from_data(
- chunk_from_chars(0x7f, 0x2a, 0x3b, 0x01));
- ck_assert(!packer->read_bits(packer, &value, 33));
- ck_assert( packer->read_bits(packer, &value, 31));
- ck_assert(!packer->read_bits(packer, &value, 2));
- packer->destroy(packer);
-}
-END_TEST
-
-Suite *bliss_bitpacker_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bliss_bitpacker");
-
- tc = tcase_create("bitpacker_write");
- tcase_add_test(tc, test_bliss_sign_bitpacker_write);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("bitpacker_read");
- tcase_add_test(tc, test_bliss_sign_bitpacker_read);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("bitpacker_fail");
- tcase_add_test(tc, test_bliss_sign_bitpacker_fail);
- suite_add_tcase(s, tc);
-
- return s;
-}
+++ /dev/null
-/*
- * Copyright (C) 2015 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bliss_huffman_coder.h>
-
-static chunk_t data = chunk_from_chars(0x5f, 0x71, 0x9e, 0x4c);
-
-START_TEST(test_bliss_huffman_encode)
-{
- bliss_bitpacker_t *packer;
- bliss_huffman_code_t *code;
- bliss_huffman_coder_t *coder;
- chunk_t encoding;
-
- packer = bliss_bitpacker_create(32);
- ck_assert(packer);
-
- code = bliss_huffman_code_get_by_id(BLISS_B_I);
- ck_assert(code);
-
- coder = bliss_huffman_coder_create(code, packer);
- ck_assert(coder);
-
- ck_assert( coder->encode(coder, 0, 0)); /* 0 */
- ck_assert( coder->encode(coder, 1, 0)); /* 10 */
- ck_assert( coder->encode(coder, 2, 0)); /* 111 */
- ck_assert( coder->encode(coder, 0, 1)); /* 1101 */
- ck_assert( coder->encode(coder, 0, -1)); /* 11000 */
- ck_assert( coder->encode(coder, 1, 1)); /* 110011 */
- ck_assert( coder->encode(coder, 1, -1)); /* 1100100 */
- ck_assert(!coder->encode(coder, 3, 0)); /* 11001010 */
- ck_assert(!coder->encode(coder, 8, 0)); /* - */
-
- encoding = packer->extract_buf(packer);
- ck_assert(chunk_equals(encoding, data));
-
- chunk_free(&encoding);
- coder->destroy(coder);
- packer->destroy(packer);
-}
-END_TEST
-
-START_TEST(test_bliss_huffman_decode)
-{
- bliss_bitpacker_t *packer;
- bliss_huffman_code_t *code;
- bliss_huffman_coder_t *coder;
- int32_t z1;
- int16_t z2;
-
- packer = bliss_bitpacker_create_from_data(data);
- ck_assert(packer);
-
- code = bliss_huffman_code_get_by_id(BLISS_II);
- ck_assert(!code);
- code = bliss_huffman_code_get_by_id(BLISS_B_II);
- ck_assert(!code);
- code = bliss_huffman_code_get_by_id(BLISS_B_I);
- ck_assert(code);
-
- coder = bliss_huffman_coder_create(code, packer);
- ck_assert(coder);
-
- ck_assert(coder->decode(coder, &z1, &z2)); /* 0 */
- ck_assert(z1 == 0 && z2 == 0);
-
- ck_assert(coder->decode(coder, &z1, &z2)); /* 10 */
- ck_assert(z1 == 1 && z2 == 0);
-
- ck_assert(coder->decode(coder, &z1, &z2)); /* 111 */
- ck_assert(z1 == 2 && z2 == 0);
-
- ck_assert(coder->decode(coder, &z1, &z2)); /* 1101 */
- ck_assert(z1 == 0 && z2 == 1);
-
- ck_assert(coder->decode(coder, &z1, &z2)); /* 11000 */
- ck_assert(z1 == 0 && z2 == -1);
-
- ck_assert(coder->decode(coder, &z1, &z2)); /* 110011 */
- ck_assert(z1 == 1 && z2 == 1);
-
- ck_assert(coder->decode(coder, &z1, &z2)); /* 1100100 */
- ck_assert(z1 == 1 && z2 == -1);
-
- ck_assert(!coder->decode(coder, &z1, &z2)); /* 11001010 */
-
- coder->destroy(coder);
- packer->destroy(packer);
-}
-END_TEST
-
-Suite *bliss_huffman_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bliss_huffman");
-
- tc = tcase_create("huffman_encode");
- tcase_add_test(tc, test_bliss_huffman_encode);
- suite_add_tcase(s, tc);
-
- tc = tcase_create("huffman_decode");
- tcase_add_test(tc, test_bliss_huffman_decode);
- suite_add_tcase(s, tc);
-
- return s;
-}
+++ /dev/null
-/*
- * Copyright (C) 2015 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bliss_private_key.h>
-#include <bliss_public_key.h>
-
-static chunk_t privkey_chunk[] = {
- {NULL, 0},
- chunk_from_chars(0x30, 0x00),
- chunk_from_chars(0x30, 0x01),
- chunk_from_chars(0x30, 0x03, 0x06, 0x01, 0x01),
- chunk_from_chars(0x30, 0x0d, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
- 0xa0, 0x2a, 0x05, 0x02, 0x06),
- chunk_from_chars(0x30, 0x0f, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
- 0xa0, 0x2a, 0x05, 0x02, 0x05, 0x03, 0x00),
- chunk_from_chars(0x30, 0x82, 0x04, 0x9a, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04,
- 0x01, 0x82, 0xa0, 0x2a, 0x05, 0x02, 0x05, 0x03, 0x82, 0x03,
- 0x81, 0x00, 0x81, 0xe5, 0xd2, 0x71, 0xeb, 0x98, 0xe5, 0x24,
- 0x34, 0xe4, 0x8a, 0x27, 0x23, 0x7d, 0x7d, 0x2c, 0xa3, 0xa7,
- 0x3f, 0x87, 0xad, 0xae, 0xfa, 0xe4, 0x66, 0x1c, 0xef, 0x69,
- 0x63, 0x5e, 0x91, 0xda, 0x41, 0x45, 0xd5, 0x8a, 0xb5, 0x26,
- 0x33, 0x32, 0xe0, 0xa2, 0x9b, 0x52, 0x5e, 0x49, 0x5d, 0x0d,
- 0x62, 0x72, 0x68, 0xa5, 0x94, 0x24, 0x03, 0x98, 0x48, 0x60,
- 0x4a, 0x98, 0x97, 0x0d, 0x60, 0x7d, 0x00, 0x4f, 0xb9, 0xaf,
- 0xcb, 0x6b, 0x41, 0x3d, 0x5b, 0xe4, 0x3e, 0x9a, 0xee, 0x06,
- /* 100 */ 0xa1, 0xd0, 0x93, 0x53, 0x88, 0x58, 0x83, 0xb2, 0x44, 0xa1,
- 0x16, 0x58, 0x3d, 0x32, 0xa1, 0x29, 0x85, 0x1a, 0x24, 0xc8,
- 0xb8, 0x8c, 0x1f, 0x43, 0xbb, 0x4b, 0xdd, 0x8e, 0x72, 0xd3,
- 0xf4, 0xfc, 0x02, 0x69, 0x47, 0xa5, 0x9d, 0xd0, 0xfc, 0xa6,
- 0x94, 0x2e, 0x02, 0x6d, 0x85, 0x2c, 0x6d, 0xe3, 0x91, 0xd5,
- 0xf1, 0x54, 0xbd, 0x1e, 0x63, 0x6b, 0xee, 0x28, 0xf9, 0xc6,
- 0xec, 0x05, 0x99, 0xd5, 0xdd, 0xe5, 0x72, 0x9b, 0xbc, 0xa7,
- 0x5a, 0x4a, 0x46, 0x3e, 0xec, 0xd7, 0x0b, 0xc5, 0x23, 0x00,
- 0xdc, 0x08, 0x09, 0x57, 0x44, 0x2e, 0x43, 0x0f, 0xea, 0xca,
- 0x2a, 0x31, 0xbe, 0xf3, 0x04, 0x8f, 0x8b, 0xa6, 0x3c, 0x35,
- /* 200 */ 0x80, 0x2b, 0xe2, 0x18, 0x22, 0xfd, 0xe9, 0x39, 0x57, 0xed,
- 0x77, 0x1d, 0x32, 0x02, 0x48, 0x2c, 0x85, 0x53, 0x9f, 0x4a,
- 0xd8, 0x86, 0x4d, 0xd2, 0x26, 0x19, 0x12, 0x19, 0xa2, 0xb5,
- 0xdf, 0x02, 0x50, 0xe4, 0x32, 0x9a, 0x27, 0xd0, 0x9e, 0x49,
- 0x4a, 0x13, 0x9a, 0xfc, 0x07, 0x98, 0x60, 0x65, 0xf4, 0xc1,
- 0x6c, 0x9a, 0x15, 0x28, 0x74, 0x5c, 0xd0, 0xa8, 0xe6, 0x2e,
- 0x1f, 0xe9, 0xe6, 0x2b, 0xc8, 0x46, 0xe9, 0x26, 0xb0, 0xf0,
- 0x8a, 0xe6, 0x8c, 0x9b, 0xbf, 0x64, 0xa0, 0x59, 0x33, 0x4f,
- 0xc0, 0x0c, 0x16, 0x72, 0x89, 0x79, 0x2a, 0x3a, 0x5e, 0x3d,
- 0x40, 0xbb, 0x73, 0xa9, 0xc0, 0x52, 0x70, 0x57, 0x06, 0xc1,
- /* 300 */ 0xe7, 0x70, 0xb8, 0x6d, 0x1b, 0x50, 0x61, 0x85, 0xee, 0x3e,
- 0xe5, 0x5a, 0x8a, 0x75, 0x9f, 0x1e, 0xb7, 0xea, 0x54, 0x5a,
- 0x8f, 0x52, 0xc2, 0xae, 0x2c, 0x7a, 0x58, 0xe6, 0xcb, 0xa6,
- 0x9b, 0x68, 0x84, 0x79, 0xf2, 0x82, 0x05, 0x57, 0xaa, 0xd5,
- 0x51, 0x82, 0xec, 0x84, 0x63, 0xce, 0xf4, 0xa7, 0xdf, 0x4e,
- 0xac, 0x7d, 0xdd, 0xc3, 0x02, 0x68, 0xe0, 0x35, 0xa1, 0x92,
- 0x29, 0x02, 0x2c, 0xa0, 0xe4, 0x29, 0x66, 0xd3, 0xe8, 0xd9,
- 0x52, 0x0f, 0x3b, 0xec, 0x53, 0x63, 0x57, 0xc3, 0xd2, 0x59,
- 0x38, 0xe7, 0x74, 0xf4, 0x1d, 0x03, 0x88, 0x3c, 0xe9, 0x97,
- 0x37, 0xd7, 0x12, 0x66, 0x2a, 0xb5, 0xf8, 0xcd, 0x10, 0x87,
- /* 400 */ 0x5d, 0x6a, 0x69, 0xbb, 0x9b, 0xc5, 0x55, 0x3c, 0x09, 0x46,
- 0x04, 0x57, 0xc0, 0x2f, 0x77, 0x89, 0xe2, 0x88, 0x15, 0x6b,
- 0x71, 0x56, 0xe1, 0xa2, 0x30, 0x71, 0x5f, 0x1d, 0x27, 0x12,
- 0xbf, 0xc3, 0x55, 0xde, 0xe5, 0x9c, 0x4e, 0xb8, 0xc6, 0xec,
- 0x96, 0x3a, 0x5d, 0x6d, 0xe9, 0xd3, 0xf8, 0x28, 0xda, 0x3f,
- 0x75, 0x24, 0xd0, 0x34, 0x50, 0xa6, 0x28, 0x65, 0x6a, 0xe9,
- 0xa6, 0x89, 0xe5, 0x5d, 0x45, 0xaf, 0x63, 0x34, 0xaf, 0x31,
- 0x29, 0x82, 0xe6, 0x03, 0x80, 0x5c, 0x34, 0x28, 0xd1, 0x9f,
- 0xca, 0xd3, 0x96, 0xcb, 0x31, 0xde, 0xdb, 0xf0, 0x07, 0x2b,
- 0xc5, 0xbc, 0x29, 0xd1, 0x11, 0xf4, 0x23, 0x3b, 0x14, 0xb5,
- /* 500 */ 0xa6, 0xf1, 0x02, 0x9e, 0x66, 0xbe, 0xdc, 0xc4, 0xca, 0xf7,
- 0xc0, 0x81, 0x92, 0x7c, 0xea, 0xe3, 0x42, 0x54, 0x8a, 0x6f,
- 0x0a, 0x2a, 0xa7, 0x2a, 0x92, 0xab, 0x09, 0xb1, 0x61, 0x91,
- 0xaa, 0x90, 0x54, 0xa3, 0x76, 0x64, 0xe2, 0xfd, 0x81, 0x9a,
- 0x4c, 0x35, 0x11, 0x28, 0xf3, 0x14, 0x97, 0x1b, 0x61, 0xa4,
- 0x67, 0x43, 0xae, 0x90, 0x6b, 0xe4, 0x29, 0x34, 0xec, 0x08,
- 0xbc, 0x6a, 0x82, 0x45, 0xc7, 0x7d, 0xdc, 0xd0, 0x03, 0x98,
- 0x29, 0x63, 0x05, 0x94, 0xb2, 0xb9, 0x04, 0xce, 0x34, 0x9a,
- 0x64, 0xae, 0x9a, 0xa9, 0x11, 0xa5, 0x13, 0x07, 0xcc, 0x92,
- 0xe9, 0xe5, 0x98, 0x13, 0x13, 0x8f, 0x8b, 0xb2, 0x77, 0x75,
- /* 600 */ 0x2a, 0x6f, 0xb1, 0xa6, 0x98, 0xbf, 0x50, 0xaf, 0xa7, 0x15,
- 0x2a, 0xe6, 0xdf, 0x41, 0xb6, 0x5e, 0x72, 0xb2, 0x74, 0xf2,
- 0x38, 0x88, 0x41, 0x56, 0x53, 0xea, 0x83, 0x23, 0x8a, 0x6d,
- 0x6c, 0x64, 0x6c, 0xa6, 0x04, 0x79, 0x51, 0x92, 0x89, 0xbe,
- 0x2a, 0x54, 0xd8, 0x5a, 0x8d, 0x5b, 0x9c, 0xfc, 0x62, 0x05,
- 0x0f, 0xbd, 0x85, 0x12, 0x57, 0x45, 0x96, 0x2e, 0x8f, 0x76,
- 0xd4, 0x33, 0xfb, 0x4a, 0xc2, 0x9f, 0x57, 0x96, 0xb3, 0xa2,
- 0xc6, 0xa6, 0x95, 0x3c, 0x9e, 0x7e, 0x15, 0x12, 0xd7, 0xe4,
- 0x65, 0x05, 0x5d, 0x72, 0xc2, 0x28, 0x10, 0xa9, 0x68, 0xa9,
- 0x01, 0xfe, 0x9e, 0x36, 0x07, 0x80, 0x41, 0xc8, 0xa3, 0x5f,
- /* 700 */ 0x18, 0x3b, 0x38, 0x09, 0x95, 0xe2, 0x87, 0xad, 0x03, 0xfd,
- 0xdd, 0xa6, 0xe9, 0x8e, 0xa8, 0x3a, 0xc9, 0x45, 0x7b, 0xdc,
- 0xc2, 0x6a, 0x30, 0x78, 0xaa, 0xba, 0x32, 0xe9, 0x8a, 0x65,
- 0x48, 0x13, 0x5b, 0x29, 0x18, 0x2e, 0x5c, 0x68, 0x8d, 0x71,
- 0x01, 0x09, 0xab, 0x7d, 0x1a, 0xe9, 0x09, 0x74, 0x1b, 0xe1,
- 0x90, 0x00, 0xb9, 0xda, 0xa3, 0x03, 0xb7, 0x6c, 0xdd, 0x40,
- 0xb6, 0xe3, 0xde, 0xa6, 0x7b, 0xe9, 0x3d, 0x41, 0x4d, 0xc7,
- 0xad, 0xa5, 0xf9, 0x8b, 0x88, 0xd4, 0x1a, 0x75, 0xb5, 0xb6,
- 0x9f, 0x51, 0x9b, 0x8b, 0xd7, 0xa4, 0x02, 0xb0, 0x62, 0x45,
- 0xdd, 0x6c, 0x11, 0x35, 0x03, 0x77, 0x1c, 0xdb, 0xc5, 0xac,
- /* 800 */ 0x60, 0x37, 0x20, 0x15, 0xaf, 0xbd, 0xae, 0x76, 0x51, 0xd2,
- 0xfb, 0x63, 0x23, 0x19, 0x81, 0xa6, 0x59, 0x7b, 0x68, 0x00,
- 0x3d, 0x68, 0x89, 0x6b, 0x5a, 0x29, 0xbd, 0x4f, 0xc1, 0x50,
- 0xe4, 0x98, 0x85, 0xe6, 0x1a, 0xdd, 0xc8, 0xe4, 0xa1, 0x2b,
- 0x99, 0x42, 0x81, 0x4d, 0x07, 0xf4, 0x24, 0x93, 0x88, 0xfe,
- 0x40, 0x90, 0x5a, 0x56, 0x0b, 0x7f, 0x8d, 0x14, 0x82, 0x6d,
- 0xaf, 0xf6, 0x0a, 0x3d, 0xe6, 0x64, 0xb5, 0x48, 0x01, 0x37,
- 0xfe, 0xf3, 0xba, 0x67, 0xcc, 0xd2, 0xba, 0x32, 0x76, 0xe8,
- 0xa7, 0x41, 0x1f, 0x2a, 0xfc, 0xa9, 0x72, 0x66, 0xc7, 0xd5,
- 0x76, 0x02, 0x6b, 0x77, 0xba, 0x6c, 0xd4, 0x84, 0x68, 0x0e,
- /* 900 */ 0x62, 0xc8, 0x43, 0xb0, 0x81, 0xd5, 0x8f, 0xdb, 0x42, 0xc9,
- 0xf4, 0xaf, 0x71, 0xbd, 0xb9, 0x6c, 0xd6, 0xdc, 0x03, 0x81,
- 0x81, 0x00, 0xc5, 0x10, 0x40, 0x33, 0x0f, 0xc0, 0x14, 0x01,
- 0x00, 0x03, 0x0c, 0x0c, 0x00, 0x00, 0x00, 0x4c, 0x0f, 0x10,
- 0x03, 0x10, 0x00, 0x00, 0x01, 0xc0, 0x43, 0x40, 0x03, 0x5c,
- 0x00, 0x07, 0xc0, 0x51, 0x34, 0x01, 0x30, 0x0c, 0x00, 0x00,
- 0x04, 0xc0, 0x3d, 0x40, 0x03, 0x07, 0x40, 0xd3, 0x50, 0x0c,
- 0x04, 0x03, 0x00, 0x11, 0x41, 0x30, 0x00, 0xc1, 0xc0, 0xc3,
- 0x03, 0x5f, 0x04, 0x30, 0x01, 0x40, 0x40, 0x00, 0x40, 0x40,
- 0x10, 0x40, 0x05, 0x05, 0x00, 0x53, 0x00, 0x04, 0x50, 0x00,
- /* 1000 */ 0x00, 0x00, 0x0c, 0x00, 0x51, 0x00, 0x00, 0x00, 0x04, 0xc7,
- 0x01, 0x50, 0xc0, 0x11, 0x00, 0x04, 0x03, 0xc0, 0x04, 0x00,
- 0x70, 0x4c, 0x31, 0x03, 0xc0, 0x40, 0xc4, 0x40, 0x40, 0xc0,
- 0x0c, 0x0c, 0xf1, 0x40, 0xc1, 0x31, 0x70, 0x17, 0xc0, 0x30,
- 0xc1, 0x04, 0x0c, 0x04, 0x00, 0xc4, 0x01, 0x00, 0x34, 0x00,
- 0x03, 0x81, 0x81, 0x00, 0xcc, 0x00, 0x50, 0x30, 0xc4, 0x13,
- 0x0f, 0xf0, 0x43, 0x01, 0x33, 0x40, 0x30, 0x01, 0x40, 0x10,
- 0x57, 0x04, 0x03, 0x04, 0x10, 0x00, 0xf0, 0x03, 0x04, 0x01,
- 0x00, 0x10, 0x34, 0x03, 0xf0, 0x1c, 0x01, 0x40, 0x30, 0xf4,
- 0x00, 0x40, 0x34, 0xc3, 0x00, 0x00, 0x01, 0x00, 0x01, 0x10,
- /* 1100 */ 0x3f, 0x03, 0x40, 0x00, 0x10, 0x10, 0x00, 0x40, 0x03, 0x00,
- 0x03, 0x04, 0x40, 0x03, 0x00, 0x13, 0x03, 0x00, 0xc0, 0x01,
- 0x34, 0x01, 0x00, 0x00, 0x10, 0xf4, 0x00, 0xf0, 0x30, 0x00,
- 0x00, 0xc3, 0x1c, 0x41, 0x00, 0x40, 0x30, 0x04, 0x10, 0xc4,
- 0x11, 0x03, 0x00, 0x10, 0x04, 0x4f, 0x17, 0xc0, 0x00, 0x30,
- 0xcd, 0x3c, 0x40, 0xc4, 0x00, 0xf0, 0x00, 0x00, 0x04, 0x30,
- 0x0f, 0x31, 0x34, 0xf0, 0x00, 0x07, 0x0c, 0x34, 0x00, 0x50,
- 0x05, 0x03, 0x10, 0x70, 0x00, 0x33, 0x0c, 0x00, 0xc4, 0x54,
- 0x07, 0x00)
-};
-
-START_TEST(test_bliss_keys_priv)
-{
- private_key_t *privkey;
-
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
- BUILD_BLOB, privkey_chunk[_i], BUILD_END);
- if (_i == countof(privkey_chunk) - 1)
- {
- ck_assert(privkey);
- privkey->destroy(privkey);
- }
- else
- {
- ck_assert(!privkey);
- }
-}
-END_TEST
-
-typedef struct privkey_mod_t privkey_mod_t;
-
-struct privkey_mod_t {
- int offset;
- char byte;
-};
-
-static privkey_mod_t privkey_mod[] = {
- { 20, 0x80 },
- { 22, 0xc1 },
- { 920, 0x80 },
- { 922, 0x85 },
- { 1052, 0x80 },
- { 1054, 0x8c }
-};
-
-START_TEST(test_bliss_keys_priv_mod)
-{
- private_key_t *privkey;
- chunk_t data;
-
- data = chunk_clone(privkey_chunk[countof(privkey_chunk) - 1]);
- data.ptr[privkey_mod[_i].offset] = privkey_mod[_i].byte;
-
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
- BUILD_BLOB, data, BUILD_END);
- ck_assert(!privkey);
- chunk_free(&data);
-}
-END_TEST
-
-static chunk_t pubkey_chunk[] = {
- {NULL, 0},
- chunk_from_chars(0x30, 0x00),
- chunk_from_chars(0x30, 0x01),
- chunk_from_chars(0x30, 0x02, 0x30, 0x00),
- chunk_from_chars(0x30, 0x05, 0x30, 0x03, 0x06, 0x01, 0x01),
- chunk_from_chars(0x30, 0x11, 0x30, 0x0F, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04,
- 0x01, 0x82, 0xa0, 0x2a, 0x05, 0x01, 0x01, 0x04, 0x00),
- chunk_from_chars(0x30, 0x12, 0x30, 0x10, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04,
- 0x01, 0x82, 0xa0, 0x2a, 0x05, 0x01, 0x01, 0x06, 0x01, 0x01),
- chunk_from_chars(0x30, 0x1c, 0x30, 0x1a, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04,
- 0x01, 0x82, 0xa0, 0x2a, 0x05, 0x01, 0x01, 0x06, 0x0b, 0x2b,
- 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x05, 0x02, 0x06),
- chunk_from_chars(0x30, 0x1e, 0x30, 0x1a, 0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04,
- 0x01, 0x82, 0xa0, 0x2a, 0x05, 0x01, 0x01, 0x06, 0x0b, 0x2b,
- 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x05, 0x02, 0x05,
- 0x03, 0x00)
-};
-
-START_TEST(test_bliss_keys_pub)
-{
- public_key_t *pubkey;
-
- pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_BLOB, pubkey_chunk[_i], BUILD_END);
- ck_assert(!pubkey);
-}
-END_TEST
-
-Suite *bliss_keys_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bliss_keys");
-
- tc = tcase_create("keys_priv");
- tcase_add_loop_test(tc, test_bliss_keys_priv, 0, countof(privkey_chunk));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("keys_priv_mod");
- tcase_add_loop_test(tc, test_bliss_keys_priv_mod, 0, countof(privkey_mod));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("keys_pub");
- tcase_add_loop_test(tc, test_bliss_keys_pub, 0, countof(pubkey_chunk));
- suite_add_tcase(s, tc);
-
- return s;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bliss_sampler.h>
-
-static u_int key_size[] = { 1, 3, 4};
-
-START_TEST(test_bliss_sampler_gaussian)
-{
- bliss_sampler_t *sampler;
- const bliss_param_set_t *set;
- int i, k, count;
- uint32_t hist[8], sign[3];
- int32_t z;
- ext_out_function_t alg;
- size_t seed_len;
- chunk_t seed;
-
- set = bliss_param_set_get_by_id(key_size[_i]);
- alg = XOF_MGF1_SHA256;
- seed_len = 32;
- count = 10000000;
-
- seed = chunk_alloc(seed_len);
- memset(seed.ptr, 0xcc, seed_len);
-
- for (k = 0; k < 3; k++)
- {
- sign[k] = 0;
- }
- for (k = 0; k < 8; k++)
- {
- hist[k] = 0;
- }
-
- sampler = bliss_sampler_create(alg, seed, set);
- for (i = 0; i < count; i++)
- {
- ck_assert(sampler->gaussian(sampler, &z));
- if (z == 0)
- {
- sign[1]++;
- hist[0]++;
- }
- else if (z > 0)
- {
- sign[2]++;
- hist[z/256]++;
- }
- else
- {
- sign[0]++;
- hist[(-z)/256]++;
- }
- }
- sampler->destroy(sampler);
- free(seed.ptr);
-
- DBG1(DBG_LIB, "histogram");
- for (k = 0; k < 8; k++)
- {
- DBG1(DBG_LIB, "%d %7d", k, hist[k]);
- }
- DBG1(DBG_LIB, "- %7d", sign[0]);
- DBG1(DBG_LIB, "0 %7d", sign[1]);
- DBG1(DBG_LIB, "+ %7d", sign[2]);
-}
-END_TEST
-
-Suite *bliss_sampler_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bliss_sampler");
-
- tc = tcase_create("sampler_gaussian");
- tcase_set_timeout(tc, 30);
- tcase_add_loop_test(tc, test_bliss_sampler_gaussian, 0, countof(key_size));
- suite_add_tcase(s, tc);
-
- return s;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014-2015 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bliss_private_key.h>
-#include <bliss_public_key.h>
-
-static u_int key_type[] = { 1, 3, 4 };
-static u_int key_strength[] = { 128, 160, 192 };
-
-START_TEST(test_bliss_sign_all)
-{
- signature_scheme_t signature_scheme;
- private_key_t *privkey, *privkey1;
- public_key_t *pubkey, *pubkey1;
- chunk_t msg, signature, privkey_blob, pubkey_blob, pubkey_fp, privkey_fp;
- int k;
-
- for (k = 0; k < 4; k++)
- {
- int verify_count = 1000;
-
- switch (k)
- {
- case 1:
- signature_scheme = SIGN_BLISS_WITH_SHA2_256;
- break;
- case 2:
- signature_scheme = SIGN_BLISS_WITH_SHA2_384;
- break;
- default:
- signature_scheme = SIGN_BLISS_WITH_SHA2_512;
- }
-
- /* enforce BLISS-B key for k = 2, 3 */
- lib->settings->set_bool(lib->settings,
- "%s.plugins.bliss.use_bliss_b", k >= 2, lib->ns);
-
- msg = chunk_from_str("Hello Dolly!");
-
- /* generate private key */
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
- BUILD_KEY_SIZE, key_type[_i], BUILD_END);
- ck_assert(privkey);
-
- /* generate ASN.1 DER and PEM encoding of private key */
- ck_assert(privkey->get_encoding(privkey, (k % 2) ?
- PRIVKEY_ASN1_DER : PRIVKEY_PEM, &privkey_blob));
-
- /* extract public key from private key */
- pubkey = privkey->get_public_key(privkey);
- ck_assert(pubkey);
-
- /* generate ASN.1 DER and PEM encodings of public key */
- ck_assert(pubkey->get_encoding(pubkey, (k % 2) ?
- PUBKEY_SPKI_ASN1_DER : PUBKEY_PEM, &pubkey_blob));
-
- /* compare fingerprints of public and private key */
- ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
- KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
- ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
- KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
- ck_assert(chunk_equals(pubkey_fp, privkey_fp));
-
- /* retrieve fingerprints of public and private key from cache */
- ck_assert(pubkey->get_fingerprint(pubkey, (k % 2) ?
- KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &pubkey_fp));
- ck_assert(privkey->get_fingerprint(privkey, (k % 2) ?
- KEYID_PUBKEY_INFO_SHA1 : KEYID_PUBKEY_SHA1, &privkey_fp));
-
- /* get a reference of the private key and destroy both instances */
- privkey1 = privkey->get_ref(privkey);
- ck_assert(privkey1);
- ck_assert(privkey1 == privkey);
- privkey->destroy(privkey);
- privkey1->destroy(privkey1);
-
- /* get a reference of the public key and destroy both instances */
- pubkey1 = pubkey->get_ref(pubkey);
- ck_assert(pubkey1);
- ck_assert(pubkey1 == pubkey);
- pubkey->destroy(pubkey);
- pubkey1->destroy(pubkey1);
-
- /* enforce BLISS-B key for k = 1, 3 */
- lib->settings->set_bool(lib->settings,
- "%s.plugins.bliss.use_bliss_b", k % 2, lib->ns);
-
- /* load private key from ASN.1 blob */
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
- BUILD_BLOB, privkey_blob, BUILD_END);
- ck_assert(privkey);
- ck_assert(privkey->get_type(privkey) == KEY_BLISS);
- ck_assert(privkey->get_keysize(privkey) == key_strength[_i]);
- chunk_free(&privkey_blob);
-
- /* load public key from ASN.1 blob */
- pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_BLOB, pubkey_blob, BUILD_END);
- ck_assert(pubkey);
- ck_assert(pubkey->get_type(pubkey) == KEY_BLISS);
- ck_assert(pubkey->get_keysize(pubkey) == key_strength[_i]);
- chunk_free(&pubkey_blob);
-
- /* generate and verify 1000 BLISS signatures */
- while (verify_count--)
- {
- ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg,
- &signature));
- ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
- signature));
- free(signature.ptr);
- }
- privkey->destroy(privkey);
- pubkey->destroy(pubkey);
- }
-}
-END_TEST
-
-START_TEST(test_bliss_sign_fail)
-{
- private_key_t *privkey;
- public_key_t *pubkey;
- chunk_t msg = chunk_empty, signature, encoding, fp;
-
- /* generate non-supported BLISS-II private key */
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
- BUILD_KEY_SIZE, BLISS_II, BUILD_END);
- ck_assert(!privkey);
-
- /* generate non-supported BLISS-B-II private key */
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
- BUILD_KEY_SIZE, BLISS_B_II, BUILD_END);
- ck_assert(!privkey);
-
- /* generate supported BLISS-B-I private key */
- privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_BLISS,
- BUILD_KEY_SIZE, BLISS_B_I, BUILD_END);
- ck_assert(privkey);
-
- /* wrong private key encoding format */
- ck_assert(!privkey->get_encoding(privkey, PUBKEY_PEM, &encoding));
-
- /* wrong fingerprint encoding format */
- ck_assert(!privkey->get_fingerprint(privkey, KEYID_PGPV4, &fp));
-
- /* extract public key */
- pubkey = privkey->get_public_key(privkey);
- ck_assert(pubkey);
-
- /* wrong private key encoding format */
- ck_assert(!pubkey->get_encoding(pubkey, PRIVKEY_PEM, &encoding));
-
- /* wrong fingerprint encoding format */
- ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp));
-
- /* encryption / decryption operation is not defined for BLISS */
- ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
- ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, NULL, chunk_empty, NULL));
-
- /* sign with invalid signature scheme */
- ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));
-
- /* generate valid signature */
- msg = chunk_from_str("Hello Dolly!");
- ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature));
-
- /* verify with invalid signature scheme */
- ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));
-
- /* corrupt signature */
- signature.ptr[signature.len - 1] ^= 0x80;
- ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature));
-
- free(signature.ptr);
- privkey->destroy(privkey);
- pubkey->destroy(pubkey);
-}
-END_TEST
-
-Suite *bliss_sign_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bliss_sign");
-
- tc = tcase_create("sign_all");
- test_case_set_timeout(tc, 30);
- tcase_add_loop_test(tc, test_bliss_sign_all, 0, countof(key_type));
- suite_add_tcase(s, tc);
-
- tc = tcase_create("sign_fail");
- tcase_add_test(tc, test_bliss_sign_fail);
- suite_add_tcase(s, tc);
-
- return s;
-}
+++ /dev/null
-/*
- * Copyright (C) 2015 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <bliss_signature.h>
-
-static chunk_t data = chunk_from_chars(
- 0xC1, 0xA1, 0x96, 0x98, 0x4F, 0x60, 0xF5, 0xCA, 0x89, 0x9E,
- 0x78, 0xAF, 0x64, 0xDD, 0x01, 0x76, 0x04, 0x29, 0x11, 0xD0,
- 0x21, 0x9E, 0xE4, 0x2D, 0xC5, 0x82, 0x69, 0x19, 0x82, 0x75,
- 0x30, 0xAC, 0xB0, 0x64, 0xCB, 0x65, 0x19, 0x22, 0x4A, 0x03,
- 0x03, 0x61, 0x4A, 0x37, 0x8E, 0xA3, 0xB6, 0xB3, 0x58, 0x44,
- 0xFD, 0x68, 0x38, 0xF1, 0x4B, 0xCF, 0xE8, 0xA2, 0x05, 0x39,
- 0x87, 0xE0, 0x5E, 0x7C, 0x45, 0x33, 0x4A, 0xEB, 0x2E, 0xCF,
- 0x98, 0x01, 0x3D, 0x28, 0x60, 0xCE, 0x90, 0x45, 0xF0, 0x8E,
- 0x36, 0x25, 0x50, 0x8B, 0xA2, 0xC0, 0x6E, 0xDF, 0xC2, 0xA1,
- 0x35, 0xC1, 0x16, 0x14, 0xE8, 0x6A, 0xE3, 0x9C, 0x0B, 0x32,
- 0x53, 0x55, 0x60, 0x52, 0x43, 0x93, 0xBB, 0x9F, 0x1D, 0x17,
- 0xDC, 0x6E, 0x26, 0x99, 0x60, 0x83, 0x12, 0x53, 0xB0, 0x2B,
- 0x36, 0xE2, 0x95, 0xA7, 0xBF, 0x9B, 0xC0, 0x0A, 0x63, 0xD6,
- 0x32, 0xA9, 0xE2, 0xAD, 0x02, 0x53, 0x10, 0x81, 0x00, 0xD4,
- 0x9A, 0xC2, 0x04, 0x1B, 0x48, 0x53, 0x37, 0xF0, 0x95, 0x39,
- 0x4B, 0x2E, 0x37, 0x28, 0xE2, 0x70, 0xAD, 0xB5, 0xF1, 0x63,
- 0x48, 0x17, 0xEF, 0x45, 0xC0, 0x30, 0xA6, 0xAA, 0x37, 0x9A,
- 0x00, 0x8F, 0x8D, 0xAC, 0x66, 0x2C, 0x96, 0x8C, 0xC2, 0x74,
- 0x9D, 0x66, 0x16, 0x5D, 0x70, 0x70, 0x1D, 0x2F, 0x11, 0xBD,
- 0x11, 0x62, 0x58, 0xC6, 0xB2, 0xA6, 0xFA, 0xB7, 0x8C, 0x10,
- 0x6A, 0x13, 0x34, 0x25, 0xB8, 0xF2, 0x46, 0xE3, 0x08, 0xAD,
- 0x8D, 0x49, 0x33, 0x24, 0x37, 0xA5, 0x0A, 0xF9, 0x5E, 0x95,
- 0xF9, 0x50, 0xDA, 0x2B, 0x80, 0x4F, 0x10, 0x4F, 0xAB, 0xE4,
- 0x96, 0xB1, 0xA1, 0x28, 0xCE, 0x6D, 0xB6, 0x17, 0x33, 0x2A,
- 0xE0, 0xC3, 0x80, 0xAA, 0x3D, 0x1A, 0x5C, 0x48, 0xA0, 0x48,
- 0x60, 0xCC, 0xC7, 0x29, 0x4F, 0xB8, 0x96, 0xDF, 0xC6, 0x6A,
- 0xC2, 0x83, 0x5E, 0xFC, 0xD7, 0x4E, 0xCA, 0x14, 0xB4, 0xC6,
- 0x30, 0x29, 0xC7, 0xCE, 0x79, 0x42, 0x2D, 0x22, 0x28, 0x99,
- 0x59, 0x14, 0xFB, 0x04, 0xAD, 0x79, 0x3C, 0x74, 0x34, 0xC6,
- 0x7A, 0x1C, 0x13, 0x07, 0x17, 0xB1, 0x8A, 0x02, 0xA7, 0x70,
- 0x3C, 0x5B, 0xBA, 0x88, 0xA2, 0xE6, 0x4B, 0x2A, 0xC1, 0x1E,
- 0x42, 0xDD, 0x83, 0x2B, 0x00, 0xCC, 0xF8, 0x80, 0x03, 0x7E,
- 0x97, 0xA4, 0x04, 0xE1, 0xB2, 0x0B, 0xE2, 0xF3, 0x91, 0x91,
- 0x80, 0xA0, 0xC5, 0x44, 0x67, 0xB1, 0x56, 0xD0, 0x13, 0x58,
- 0x7B, 0x6E, 0x12, 0xE7, 0x3A, 0x90, 0xE4, 0x2C, 0x44, 0x17,
- 0xA3, 0xBD, 0x21, 0x68, 0x45, 0x61, 0x20, 0x57, 0x8D, 0x4A,
- 0xF1, 0xE6, 0xD3, 0x17, 0xC9, 0xB0, 0xF8, 0x3A, 0x87, 0x6A,
- 0x7E, 0x25, 0x45, 0xDC, 0x9A, 0x1D, 0xAC, 0x10, 0xB6, 0xF6,
- 0x07, 0x4C, 0x50, 0x92, 0xF9, 0xE1, 0x3E, 0xAD, 0x3B, 0x80,
- 0x20, 0xA8, 0x34, 0x04, 0xD6, 0x0D, 0x2D, 0x46, 0x69, 0x5E,
- 0x8C, 0x4B, 0xB0, 0x1C, 0x37, 0xD8, 0x0D, 0x72, 0x7B, 0xE6,
- 0xEE, 0x04, 0x81, 0x98, 0x78, 0x69, 0x88, 0xD8, 0xDF, 0x04,
- 0xF0, 0x80, 0xE2, 0x0A, 0xD3, 0x60, 0x94, 0xDF, 0x49, 0xF7,
- 0x52, 0x95, 0xA6, 0xAF, 0x8C, 0x13, 0x10, 0x09, 0xAA, 0x03,
- 0xAC, 0x2C, 0x89, 0x2D, 0x2C, 0x61, 0x0F, 0xBE, 0x5C, 0x29,
- 0x01, 0x7C, 0x9E, 0xD2, 0xFF, 0x34, 0xA1, 0x9E, 0xEE, 0xBF,
- 0x28, 0x18, 0x3A, 0x17, 0xA6, 0x40, 0x94, 0xD5, 0xC4, 0xEC,
- 0x27, 0x0A, 0x40, 0x1C, 0xC4, 0x16, 0x80, 0x4E, 0x6F, 0xDD,
- 0xA5, 0x6A, 0x03, 0xE8, 0xBA, 0xB2, 0xAA, 0x7A, 0x7F, 0x4B,
- 0x30, 0x11, 0x11, 0x12, 0x4A, 0xFE, 0xB2, 0x99, 0xC6, 0x12,
- 0x1A, 0x98, 0xC0, 0x15, 0x41, 0xE1, 0x55, 0x35, 0x54, 0xF2,
- 0x1C, 0xE2, 0x78, 0x85, 0x66, 0xD3, 0x9C, 0x8A, 0x88, 0x7C,
- 0x86, 0x7F, 0x48, 0xBE, 0xB7, 0x1C, 0xE4, 0xCF, 0x35, 0xEE,
- 0x24, 0xA6, 0x62, 0xD6, 0x36, 0x1F, 0x66, 0x10, 0x5D, 0xEF,
- 0x07, 0x64, 0xA8, 0xD0, 0xAD, 0x2F, 0x47, 0x02, 0xA2, 0x0F,
- 0x73, 0x96, 0x2A, 0x21, 0x20, 0x36, 0x01, 0xA3, 0x2F, 0x5E,
- 0xC8, 0x80, 0x3A, 0x54, 0xA6, 0xB5, 0xD0, 0x19, 0xBF, 0xC4,
- 0x35, 0x01, 0x0B, 0x2A, 0x8E, 0x61, 0x4A, 0xDD, 0xB2, 0x4A,
- 0xE1, 0x0C, 0x15, 0x94, 0x9C, 0xD2, 0x54, 0x93, 0x85, 0x16,
- 0x49, 0x69, 0xA0, 0x41, 0x34, 0x16, 0x69, 0x28, 0x74, 0x11,
- 0x88, 0x44, 0xC8, 0x46, 0x5E, 0x62, 0xFF, 0x6E, 0xC5, 0xA8,
- 0xE8, 0x8A, 0x8A, 0xFA, 0x2D, 0x94, 0x14, 0xD4, 0x51, 0x16,
- 0xB0, 0x40, 0xDC, 0xF3, 0xAA, 0x97, 0x39, 0x1A, 0xDA, 0x7F,
- 0x41, 0x61, 0x25, 0x1E, 0xDF, 0x46, 0x29, 0x44, 0x80, 0xEA,
- 0x10, 0xE4, 0x0F, 0x94, 0xA6, 0x52, 0x20, 0x06, 0x9C, 0x69,
- 0x48, 0x1F, 0x45, 0x30, 0x4B, 0x21, 0x02, 0xE6, 0xF3, 0x44,
- 0x35, 0xC1, 0xC8, 0xC9, 0x68, 0x6C, 0x43, 0xA4, 0x56, 0x07,
- 0x36, 0x11, 0xFB, 0x6D, 0x8E, 0xF0, 0x62, 0x5A, 0x3C, 0x8B,
- 0x23, 0xF1, 0x46, 0xE2, 0x76, 0x2A, 0x6F, 0xBB, 0x09, 0x24,
- 0x18, 0x64, 0xE6, 0x5C, 0xD0, 0x85, 0x69, 0xF0, 0x4F, 0x66,
- 0x97, 0x40, 0x01, 0x27, 0xD1, 0x41, 0xCC, 0xEB, 0x4D, 0xB7,
- 0x04, 0xC4, 0x91, 0xE0, 0x95, 0x8A, 0x43, 0x26, 0x2D, 0x1F,
- 0x88, 0xA0, 0xD8
-);
-
-START_TEST(test_bliss_signature_fail)
-{
- const bliss_param_set_t set2 = { .id = BLISS_B_II };
- const bliss_param_set_t *set;
- bliss_signature_t *signature;
- chunk_t encoding;
- int k;
-
- signature = bliss_signature_create(&set2);
- ck_assert(signature);
- encoding = signature->get_encoding(signature);
- ck_assert(encoding.len == 0);
- signature->destroy(signature);
-
- signature = bliss_signature_create_from_data(&set2, data);
- ck_assert(!signature);
-
- set = bliss_param_set_get_by_id(BLISS_B_I);
- ck_assert(set);
-
- for (k = 0; k < data.len - 2; k++)
- {
- chunk_t fragment = { data.ptr, k };
-
- signature = bliss_signature_create_from_data(set, fragment);
- ck_assert(!signature);
- }
- signature = bliss_signature_create_from_data(set, data);
- ck_assert(signature);
- signature->destroy(signature);
-}
-END_TEST
-
-Suite *bliss_signature_suite_create()
-{
- Suite *s;
- TCase *tc;
-
- s = suite_create("bliss_signature");
-
- tc = tcase_create("signature_fail");
- tcase_add_test(tc, test_bliss_signature_fail);
- suite_add_tcase(s, tc);
-
- return s;
-}
cred_encoding_args(args, CRED_PART_PUB_ASN1_DER,
&asn1, CRED_PART_END) ||
cred_encoding_args(args, CRED_PART_EDDSA_PUB_ASN1_DER,
- &asn1, CRED_PART_END) ||
- cred_encoding_args(args, CRED_PART_BLISS_PUB_ASN1_DER,
- &asn1, CRED_PART_END))
+ &asn1, CRED_PART_END))
{
break;
}
label ="EC PRIVATE KEY";
break;
}
- if (cred_encoding_args(args, CRED_PART_BLISS_PRIV_ASN1_DER,
- &asn1, CRED_PART_END))
- {
- label ="BLISS PRIVATE KEY";
- break;
- }
if (cred_encoding_args(args, CRED_PART_PRIV_ASN1_DER,
&asn1, CRED_PART_END) ||
cred_encoding_args(args, CRED_PART_EDDSA_PRIV_ASN1_DER,
PLUGIN_PROVIDE(PRIVKEY, KEY_DSA),
PLUGIN_DEPENDS(PRIVKEY, KEY_DSA),
PLUGIN_SDEPEND(HASHER, HASH_MD5),
- PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
- PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS),
- PLUGIN_DEPENDS(PRIVKEY, KEY_BLISS),
PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
PLUGIN_DEPENDS(PRIVKEY, KEY_ED25519),
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
PLUGIN_PROVIDE(PUBKEY, KEY_DSA),
PLUGIN_DEPENDS(PUBKEY, KEY_DSA),
- PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
- PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
- PLUGIN_DEPENDS(PUBKEY, KEY_BLISS),
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
PLUGIN_DEPENDS(PUBKEY, KEY_ED25519),
KEY_ECDSA, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
goto end;
}
- else if (oid == OID_BLISS_PUBLICKEY)
- {
- /* Need the whole subjectPublicKeyInfo for BLISS public keys */
- key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
- KEY_BLISS, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
- goto end;
- }
else if (oid == OID_ED25519)
{
/* Need the whole subjectPublicKeyInfo for Ed25519 public keys */
(!blob.len || (asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1));
}
-/**
- * Check if the ASN.1 structure looks like a BLISS private key.
- */
-static bool is_bliss_private_key(chunk_t blob)
-{
- chunk_t data;
- return asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE &&
- asn1_unwrap(&blob, &data) == ASN1_OID &&
- asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
- asn1_unwrap(&blob, &data) == ASN1_BIT_STRING &&
- asn1_unwrap(&blob, &data) == ASN1_BIT_STRING;
-}
-
/**
* Load a private key from an ASN.1 encoded blob trying to detect the type
* automatically.
return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
BUILD_BLOB_ASN1_DER, blob, BUILD_END);
}
- else if (is_bliss_private_key(blob))
- {
- return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
- BUILD_BLOB_ASN1_DER, blob, BUILD_END);
- }
return parse_rsa_private_key(blob);
}
PLUGIN_SDEPEND(PUBKEY, KEY_ECDSA),
PLUGIN_SDEPEND(PUBKEY, KEY_ED25519),
PLUGIN_SDEPEND(PUBKEY, KEY_ED448),
- PLUGIN_SDEPEND(PUBKEY, KEY_BLISS),
PLUGIN_SDEPEND(PUBKEY, KEY_DSA),
PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
oid = OID_ECDSA_WITH_SHA1;
scheme = SIGN_ECDSA_WITH_SHA1_DER;
break;
- case KEY_BLISS:
- oid = OID_BLISS_WITH_SHA2_512;
- scheme = SIGN_BLISS_WITH_SHA2_512;
- break;
default:
DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not "
"supported", key_type_names, this->key->get_type(this->key));
{ "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
{ "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
- { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
{ "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
{ "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
- { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+ { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }},
{ "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
signature_scheme_t sig[6];
signature_param_types_t p[6];
} sig_constraints_rsa_pss_tests[] = {
- { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {
{ .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}},
{ "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
{ .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}},
{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 30 */
{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 31 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 32 */
- { OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 33 */
- { OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 34 */
- { OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 35 */
- { OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 36 */
- { OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 37 */
- { OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 38 */
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS }, /* 39 */
- { OID_DILITHIUM_2, HASH_IDENTITY, KEY_DILITHIUM_2}, /* 40 */
- { OID_DILITHIUM_3, HASH_IDENTITY, KEY_DILITHIUM_3}, /* 41 */
- { OID_DILITHIUM_5, HASH_IDENTITY, KEY_DILITHIUM_5}, /* 42 */
+ { OID_DILITHIUM_2, HASH_IDENTITY, KEY_DILITHIUM_2}, /* 33 */
+ { OID_DILITHIUM_3, HASH_IDENTITY, KEY_DILITHIUM_3}, /* 34 */
+ { OID_DILITHIUM_5, HASH_IDENTITY, KEY_DILITHIUM_5}, /* 35 */
};
START_TEST(test_hasher_from_oid)
{ SIGN_ECDSA_256, HASH_SHA256 },
{ SIGN_ECDSA_384, HASH_SHA384 },
{ SIGN_ECDSA_521, HASH_SHA512 },
- { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 },
- { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 },
- { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 },
- { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
- { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
- { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
{ SIGN_ED25519, HASH_IDENTITY },
{ SIGN_ED448, HASH_IDENTITY },
{ SIGN_DILITHIUM_2, HASH_IDENTITY },
{KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER,
SIGN_UNKNOWN }},
{KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
- {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384,
- SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
- {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512,
- SIGN_UNKNOWN }},
- {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
};
START_TEST(test_signature_schemes_for_key)
{
type = KEY_DILITHIUM_5;
}
- else if (streq(arg, "bliss"))
- {
- type = KEY_BLISS;
- }
else
{
return command_usage("invalid key type");
case KEY_ED448:
size = 456;
break;
- case KEY_BLISS:
- size = 1;
- break;
default:
break;
}
{
command_register((command_t) {
gen, 'g', "gen", "generate a new private key",
- {"[--type rsa|ecdsa|ed25519|ed448|dilithium2|dilithium3|dilithium5|bliss]",
+ {"[--type rsa|ecdsa|ed25519|ed448|dilithium2|dilithium3|dilithium5]",
"[--size bits] [--safe-primes] [--shares n] [--threshold l]",
"[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"type", 't', 1, "type of key, default: rsa"},
- {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384, bliss 1"},
+ {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"},
{"safe-primes", 'p', 0, "generate rsa safe primes"},
{"shares", 'n', 1, "number of private rsa key shares"},
{"threshold", 'l', 1, "minimum number of participating rsa key shares"},
type = CRED_PRIVATE_KEY;
subtype = KEY_ED448;
}
- else if (streq(arg, "bliss"))
- {
- type = CRED_PRIVATE_KEY;
- subtype = KEY_BLISS;
- }
else if (streq(arg, "priv"))
{
type = CRED_PRIVATE_KEY;
command_register((command_t) {
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
- {"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|ed25519|ed448|bliss]",
+ {"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|ed25519|ed448]",
"--cakey file|--cakeyid hex --cacert file [--dn subject-dn]",
"[--san subjectAltName]+ [--lifetime days] [--serial hex]",
"[--ca] [--pathlen len]",
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
- else if (streq(arg, "bliss") ||
- streq(arg, "bliss-priv"))
- {
- type = CRED_PRIVATE_KEY;
- subtype = KEY_BLISS;
- }
else if (streq(arg, "priv"))
{
type = CRED_PRIVATE_KEY;
command_register((command_t)
{ keyid, 'k', "keyid",
"calculate key identifiers of a key/certificate",
- {"[--in file|--keyid hex] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]",
+ {"[--in file|--keyid hex] [--type priv|rsa|ecdsa|pub|pkcs10|x509]",
"[--id all|spk|spki] [--format pretty|hex|base64|bin]"},
{
{"help", 'h', 0, "show usage information"},
type = CRED_PRIVATE_KEY;
subtype = KEY_ED448;
}
- else if (streq(arg, "bliss") ||
- streq(arg, "bliss-priv"))
- {
- type = CRED_PRIVATE_KEY;
- subtype = KEY_BLISS;
- }
else
{
return command_usage( "invalid input type");
{ print, 'a', "print",
"print a credential in a human readable form",
{"[--in file|--keyid hex]",
- "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448|bliss]"},
+ "[--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|ed448]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
- else if (streq(arg, "bliss"))
- {
- type = CRED_PRIVATE_KEY;
- subtype = KEY_BLISS;
- }
else if (streq(arg, "priv"))
{
type = CRED_PRIVATE_KEY;
command_register((command_t) {
pub, 'p', "pub",
"extract the public key from a private key/certificate",
- {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]",
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|priv|pub|pkcs10|x509]",
"[--outform der|pem|dnskey|sshkey]"},
{
{"help", 'h', 0, "show usage information"},
{
type = KEY_ECDSA;
}
- else if (streq(arg, "bliss"))
- {
- type = KEY_BLISS;
- }
else if (streq(arg, "priv"))
{
type = KEY_ANY;
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|priv]",
" --oldreq file|--dn distinguished-name [--san subjectAltName]+",
"[--flag serverAuth|clientAuth|ocspSigning|msSmartcardLogon]+",
"[--profile server|client|dual|ocsp] [--password challengePassword]",
{
type = KEY_ED448;
}
- else if (streq(arg, "bliss"))
- {
- type = KEY_BLISS;
- }
else if (streq(arg, "priv"))
{
type = KEY_ANY;
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
- {"[--in file|--keyid hex] [--type rsa|ecdsa|ed25519|ed448|bliss|priv]",
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|ed25519|ed448|priv]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
.TP
.BI "\-t, \-\-type " type
Type of key to generate. Either \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR,
-\fIed448\fR, \fIbliss\fR, \fIdilithium2\fR, \fIdilithium3\fR or \fIdilitium4\fR,
+\fIed448\fR, \fIdilithium2\fR, \fIdilithium3\fR or \fIdilitium4\fR,
defaults to \fIrsa\fR.
.TP
.BI "\-s, \-\-size " bits
.BI "\-t, \-\-type " type
Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key),
-\fIed25519\fR (Ed25519 private key), \fIed448\fR (Ed448 private key),
-\fIbliss\fR (BLISS private key) or \fIpkcs10\fR (PKCS#10 certificate request),
+\fIed25519\fR (Ed25519 private key), \fIed448\fR (Ed448 private key) or
+\fIpkcs10\fR (PKCS#10 certificate request),
defaults to \fIpub\fR.
.TP
.BI "\-k, \-\-cakey " file
.TP
.BI "\-t, \-\-type " type
Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
-\fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key),
-\fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate request),
+\fIecdsa\fR (ECDSA private key), \fIpub\fR (public key),
+\fIpkcs10\fR (PKCS#10 certificate request),
\fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
.TP
.BI "\-I, \-\-id " id-type
Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
\fIpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
private key), \fIed25519\fR (Ed25519 private key), \fIed448\fR (Ed448 private
-key), \fIbliss\fR (BLISS private key), defaults to \fIx509\fR.
+key), defaults to \fIx509\fR.
.
.SH "SEE ALSO"
.
0x prefix.
.TP
.BI "\-t, \-\-type " type
-Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR or \fIecdsa\fR,
defaults to \fIpriv\fR.
.TP
.BI "\-d, \-\-dn " distinguished-name
0x prefix.
.TP
.BI "\-t, \-\-type " type
-Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR,
-\fIed448\fR or \fIbliss\fR, defaults to \fIpriv\fR.
+Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR
+or \fIed448\fR, defaults to \fIpriv\fR.
.TP
.BI "\-d, \-\-dn " distinguished-name
Subject and issuer distinguished name (DN). Required.
test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true
test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true
test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true
- test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true
test -e "$(DESTDIR)$(swanctldir)/pkcs8" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/pkcs8" || true
test -e "$(DESTDIR)$(swanctldir)/pkcs12" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/pkcs12" || true
test -e "$(DESTDIR)$(swanctldir)/swanctl.conf" || $(INSTALL) -m 640 $(srcdir)/swanctl.conf $(DESTDIR)$(swanctldir)/swanctl.conf || true
{ "pkcs8", CRED_PRIVATE_KEY, KEY_ANY, },
{ "rsa", CRED_PRIVATE_KEY, KEY_RSA, },
{ "ecdsa", CRED_PRIVATE_KEY, KEY_ECDSA, },
- { "bliss", CRED_PRIVATE_KEY, KEY_BLISS, },
{ "pkcs12", CRED_CONTAINER, CONTAINER_PKCS12, },
};
int i;
"private",
"rsa",
"ecdsa",
- "bliss",
"pkcs8",
"pkcs12",
"token",
load_keys(&ctx, "private", SWANCTL_PRIVATEDIR);
load_keys(&ctx, "rsa", SWANCTL_RSADIR);
load_keys(&ctx, "ecdsa", SWANCTL_ECDSADIR);
- load_keys(&ctx, "bliss", SWANCTL_BLISSDIR);
load_keys(&ctx, "pkcs8", SWANCTL_PKCS8DIR);
load_containers(&ctx, "pkcs12", SWANCTL_PKCS12DIR);
*/
#define SWANCTL_ECDSADIR "ecdsa"
-/**
- * Directory for BLISS private keys
- */
-#define SWANCTL_BLISSDIR "bliss"
-
/**
* Directory for PKCS#8 encoded private keys
*/
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA bobKey.pem
-
-
-
-
-
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA daveKey.pem
-
-
-
-
# generate CRL for strongSwan Monster Root CA
pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
> ${ROOT}/strongswan_monster.crl
-
-##
-# strongSwan BlISS Root CA
-cd /etc/ca/bliss
-
-# generate CRL for strongSwan BLISS Root CA
-pki --signcrl --cakey strongswan_blissKey.der --cacert strongswan_blissCert.der \
- --lifetime 30 --digest sha3_512 > ${ROOT}/strongswan_bliss.crl
# strongswan.conf - strongSwan configuration file
pki {
- load = random drbg pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 bliss curve25519 x509 openssl
+ load = random drbg pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 curve25519 x509 openssl
}
MONSTER_CA_RSA_SIZE="8192"
MONSTER_EE_RSA_SIZE="4096"
#
-BLISS_DIR="${CA_DIR}/bliss"
-BLISS_KEY="${BLISS_DIR}/strongswan_blissKey.der"
-BLISS_CERT="${BLISS_DIR}/strongswan_blissCert.der"
-BLISS_CDP="http://crl.strongswan.org/strongswan_bliss.crl"
-#
RSA_SIZE="3072"
IPSEC_DIR="etc/ipsec.d"
SWANCTL_DIR="etc/swanctl"
mkdir -p ${SHA3_RSA_DIR}/certs
mkdir -p ${ED25519_DIR}/certs
mkdir -p ${MONSTER_DIR}/certs
-mkdir -p ${BLISS_DIR}/certs
################################################################################
# strongSwan Root CA #
--crl ${MONSTER_CDP} --outform pem > ${TEST_CERT}
cp ${TEST_CERT} ${MONSTER_DIR}/certs/${SERIAL}.pem
-################################################################################
-# Bliss CA #
-################################################################################
-
-# Generate BLISS Root CA with 192 bit security strength
-pki --gen --type bliss --size 4 > ${BLISS_KEY}
-pki --self --type bliss --in ${BLISS_KEY} --digest sha3_512 \
- --not-before "${START}" --not-after "${CA_END}" --ca \
- --dn "C=CH, O=${PROJECT}, CN=strongSwan BLISS Root CA" > ${BLISS_CERT}
-
-# Put a copy in the following scenarios
-for t in rw-newhope-bliss rw-ntru-bliss
-do
- TEST="${TEST_DIR}/ikev2/${t}"
- for h in moon carol dave
- do
- mkdir -p ${TEST}/hosts/${h}/${SWANCTL_DIR}/x509ca
- cp ${BLISS_CERT} ${TEST}/hosts/${h}/${SWANCTL_DIR}/x509ca
- done
-done
-
-# Generate a carol BLISS certificate with 128 bit security strength
-TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
-TEST_KEY="${TEST}/hosts/carol/${SWANCTL_DIR}/bliss/carolKey.der"
-TEST_CERT="${TEST}/hosts/carol/${SWANCTL_DIR}/x509/carolCert.der"
-CN="carol@strongswan.org"
-SERIAL="01"
-mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
-pki --gen --type bliss --size 1 > ${TEST_KEY}
-pki --issue --cakey ${BLISS_KEY} --cacert ${BLISS_CERT} --type bliss \
- --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
- --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=BLISS I, CN=${CN}" \
- --crl ${BLISS_CDP} --digest sha3_512 > ${TEST_CERT}
-cp ${TEST_CERT} ${BLISS_DIR}/certs/${SERIAL}.der
-
-# Put a copy in the ikev2/rw-ntru-bliss scenario
-TEST="${TEST_DIR}/ikev2/rw-ntru-bliss"
-mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
-cp ${TEST_KEY} ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss
-cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
-
-# Generate a dave BLISS certificate with 160 bit security strength
-TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
-TEST_KEY="${TEST}/hosts/dave/${SWANCTL_DIR}/bliss/daveKey.der"
-TEST_CERT="${TEST}/hosts/dave/${SWANCTL_DIR}/x509/daveCert.der"
-CN="dave@strongswan.org"
-SERIAL="02"
-mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
-pki --gen --type bliss --size 3 > ${TEST_KEY}
-pki --issue --cakey ${BLISS_KEY} --cacert ${BLISS_CERT} --type bliss \
- --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
- --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=BLISS III, CN=${CN}" \
- --crl ${BLISS_CDP} --digest sha3_512 > ${TEST_CERT}
-cp ${TEST_CERT} ${BLISS_DIR}/certs/${SERIAL}.der
-
-# Put a copy in the ikev2/rw-ntru-bliss scenario
-TEST="${TEST_DIR}/ikev2/rw-ntru-bliss"
-mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
-cp ${TEST_KEY} ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss
-cp ${TEST_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
-
-# Generate a moon BLISS certificate with 192 bit security strength
-TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
-TEST_KEY="${TEST}/hosts/moon/${SWANCTL_DIR}/bliss/moonKey.der"
-TEST_CERT="${TEST}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.der"
-CN="moon.strongswan.org"
-SERIAL="03"
-mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
-pki --gen --type bliss --size 4 > ${TEST_KEY}
-pki --issue --cakey ${BLISS_KEY} --cacert ${BLISS_CERT} --type bliss \
- --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
- --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=BLISS IV, CN=${CN}" \
- --crl ${BLISS_CDP} --digest sha3_512 > ${TEST_CERT}
-cp ${TEST_CERT} ${BLISS_DIR}/certs/${SERIAL}.der
-
-# Put a copy in the ikev2/rw-ntru-bliss scenario
-TEST="${TEST_DIR}/ikev2/rw-ntru-bliss"
-mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
-cp ${TEST_KEY} ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss
-cp ${TEST_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
-
################################################################################
# SQL Data #
################################################################################
--enable-tkm \
--enable-ntru \
--enable-lookip \
- --enable-bliss \
--enable-sha3 \
--enable-newhope \
--enable-frodo \
+++ /dev/null
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-The IKEv2 key exchange is based on the NewHope lattice-based post-quantum algorithm
-with a cryptographical strength of 128 bits. Authentication is based on the BLISS
-algorithm with strengths 128 bits (BLISS I), 160 bits (BLISS III) and 192 bits (BLISS IV) for
-<b>carol</b>, <b>dave</b> and <b>moon</b>, respectively.
-<p>
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload.
-The gateway <b>moon</b> assigns virtual IP addresses from the pool 10.3.0.0/28 in a monotonously
-increasing order.
-<p>
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
-the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
-pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
+++ /dev/null
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*remote-vips=\[10.3.0.1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NEWHOPE_128.*remote-vips=\[10.3.0.2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
-alice::ping -c 1 10.3.0.1::64 bytes from 10.3.0.1: icmp_.eq=1::YES
-alice::ping -c 1 10.3.0.2::64 bytes from 10.3.0.2: icmp_.eq=1::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
-}
-
-charon-systemd {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
-
- send_vendor_id = yes
- fragment_size = 1500
-}
+++ /dev/null
-connections {
-
- home {
- local_addrs = 192.168.0.100
- remote_addrs = 192.168.0.1
- vips = 0.0.0.0
-
- local {
- auth = pubkey
- certs = carolCert.der
- id = carol@strongswan.org
- }
- remote {
- auth = pubkey
- id = moon.strongswan.org
- }
- children {
- home {
- remote_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes256gcm128-newhope128
- }
- }
- version = 2
- proposals = aes256-sha256-newhope128
- fragmentation = yes
- }
-}
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
-}
-
-charon-systemd {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
-
- send_vendor_id = yes
- fragment_size = 1500
-}
+++ /dev/null
-connections {
-
- home {
- local_addrs = 192.168.0.200
- remote_addrs = 192.168.0.1
- vips = 0.0.0.0
-
- local {
- auth = pubkey
- certs = daveCert.der
- id = dave@strongswan.org
- }
- remote {
- auth = pubkey
- id = moon.strongswan.org
- }
- children {
- home {
- remote_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes256gcm128-newhope128
- }
- }
- version = 2
- proposals = aes256-sha256-newhope128
- fragmentation = yes
- }
-}
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
-}
-
-charon-systemd {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
-
- send_vendor_id = yes
- fragment_size = 1500
-}
+++ /dev/null
-connections {
-
- rw {
- local_addrs = 192.168.0.1
- pools = rw_pool
-
- local {
- auth = pubkey
- certs = moonCert.der
- id = moon.strongswan.org
- }
- remote {
- auth = pubkey
- }
- children {
- net {
- local_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes256gcm128-newhope128
- }
- }
- version = 2
- proposals = aes256-sha256-newhope128
- fragmentation = yes
- }
-}
-
-pools {
- rw_pool {
- addrs = 10.3.0.0/28
- }
-}
+++ /dev/null
-carol::swanctl --terminate --ike home
-dave::swanctl --terminate --ike home
-carol::systemctl stop strongswan
-dave::systemctl stop strongswan
-moon::systemctl stop strongswan
-moon::iptables-restore < /etc/iptables.flush
-carol::iptables-restore < /etc/iptables.flush
-dave::iptables-restore < /etc/iptables.flush
+++ /dev/null
-moon::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
-carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
-dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::systemctl start strongswan
-carol::systemctl start strongswan
-dave::systemctl start strongswan
-moon::expect-connection rw
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
-dave::expect-connection home
-dave::swanctl --initiate --child home 2> /dev/null
+++ /dev/null
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# charon controlled by swanctl
-#
-SWANCTL=1
+++ /dev/null
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-The key exchange is based on NTRU encryption with a cryptographical strength of 128 bit and
-192 bit for <b>carol</b> and <b>dave</b>, respectively. Authentication is based on the BLISS
-algorithm with strengths 128 bits (BLISS I), 160 bits (BLISS III) and 192 bits (BLISS IV) for
-<b>carol</b>, <b>dave</b> and <b>moon</b>, respectively.
-<p>
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload.
-The gateway <b>moon</b> assigns virtual IP addresses from the pool 10.3.0.0/28 in a monotonously
-increasing order.
-<p>
-The updown script automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
-the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
-pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
+++ /dev/null
-carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES
-moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=NTRU_192.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*remote-vips=\[10.3.0.1] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=NTRU_192.*remote-vips=\[10.3.0.2] child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
- load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
-
- send_vendor_id = yes
- fragment_size = 1500
-}
+++ /dev/null
-connections {
-
- home {
- local_addrs = 192.168.0.100
- remote_addrs = 192.168.0.1
- vips = 0.0.0.0
-
- local {
- auth = pubkey
- certs = carolCert.der
- id = carol@strongswan.org
- }
- remote {
- auth = pubkey
- id = moon.strongswan.org
- revocation = strict
- }
- children {
- home {
- remote_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128-sha256-ntru128
- }
- }
- version = 2
- proposals = aes128-sha256-ntru128
- fragmentation = yes
- }
-}
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
- load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
-
- send_vendor_id = yes
- fragment_size = 1500
-}
+++ /dev/null
-connections {
-
- home {
- local_addrs = 192.168.0.200
- remote_addrs = 192.168.0.1
- vips = 0.0.0.0
-
- local {
- auth = pubkey
- certs = daveCert.der
- id = dave@strongswan.org
- }
- remote {
- auth = pubkey
- id = moon.strongswan.org
- revocation = strict
- }
- children {
- home {
- remote_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes192-sha384-ntru192
- }
- }
- version = 2
- proposals = aes192-sha384-ntru192
- fragmentation = yes
- }
-}
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
- load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
-
- send_vendor_id = yes
- fragment_size = 1500
-}
+++ /dev/null
-connections {
-
- rw {
- local_addrs = 192.168.0.1
- pools = rw_pool
-
- local {
- auth = bliss-sha512
- certs = moonCert.der
- id = moon.strongswan.org
- }
- remote {
- auth = pubkey
- revocation = strict
- }
- children {
- net {
- local_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128-sha256-ntru128,aes192-sha384-ntru192
- }
- }
- version = 2
- proposals = aes128-sha256-ntru128,aes192-sha384-ntru192
- fragmentation = yes
- }
-}
-
-pools {
- rw_pool {
- addrs = 10.3.0.0/28
- }
-}
+++ /dev/null
-carol::systemctl stop strongswan
-dave::systemctl stop strongswan
-moon::systemctl stop strongswan
-moon::iptables-restore < /etc/iptables.flush
-carol::iptables-restore < /etc/iptables.flush
-dave::iptables-restore < /etc/iptables.flush
-moon::cd /etc/swanctl; rm bliss/* x509/moonCert.der x509ca/strongswan_blissCert.der
-carol::cd /etc/swanctl; rm bliss/* x509/carolCert.der x509ca/strongswan_blissCert.der
-dave::cd /etc/swanctl; rm bliss/* x509/daveCert.der x509ca/strongswan_blissCert.der
+++ /dev/null
-moon::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
-carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
-dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::systemctl start strongswan
-carol::systemctl start strongswan
-dave::systemctl start strongswan
-moon::expect-connection rw
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
-dave::expect-connection home
-dave::swanctl --initiate --child home 2> /dev/null
+++ /dev/null
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# charon controlled by swanctl
-#
-SWANCTL=1
+++ /dev/null
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-The key exchange is based on NTRU encryption with a cryptographical strength of 128 bit and
-192 bit for <b>carol</b> and <b>dave</b>, respectively. Authentication is based on strong
-preshared keys (PSKs).
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
-by using the <b>vips = 0.0.0.0</b> parameter. The gateway <b>moon</b> assigns virtual
-IP addresses from a simple pool in a monotonously increasing order.
-<p/>
-Upon the successful establishment of the IPsec tunnels, the updown-script automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both
-<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
+++ /dev/null
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*local-vips=\[10.3.0.1] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.3.0.1/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=NTRU_192.*local-vips=\[10.3.0.2] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.3.0.2/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*remote-vips=\[10.3.0.1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=NTRU_192.*remote-vips=\[10.3.0.2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=192.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = random openssl
-}
-
-charon-systemd {
- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown
- send_vendor_id = yes
-}
+++ /dev/null
-connections {
-
- home {
- local_addrs = 192.168.0.100
- remote_addrs = 192.168.0.1
- vips = 0.0.0.0
-
- local {
- auth = psk
- id = carol@strongswan.org
- }
- remote {
- auth = psk
- id = moon.strongswan.org
- }
- children {
- home {
- remote_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-ntru128
- }
- }
- version = 2
- proposals = aes128-sha256-ntru128
- }
-}
-
-secrets {
-
- ike-moon {
- id = moon.strongswan.org
- secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
- }
-}
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = random openssl
-}
-
-charon-systemd {
- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown
- send_vendor_id = yes
-}
+++ /dev/null
-connections {
-
- home {
- local_addrs = 192.168.0.200
- remote_addrs = 192.168.0.1
- vips = 0.0.0.0
-
- local {
- auth = psk
- id = dave@strongswan.org
- }
- remote {
- auth = psk
- id = moon.strongswan.org
- }
- children {
- home {
- remote_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes192gcm128-ntru192
- }
- }
- version = 2
- proposals = aes192-sha384-ntru192
- }
-}
-
-secrets {
-
- ike-moon {
- id = moon.strongswan.org
- secret = 0sjVzONCF02ncsgiSlmIXeqhGN
- }
-}
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = random openssl
-}
-
-charon-systemd {
- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown
- send_vendor_id = yes
-}
+++ /dev/null
-connections {
-
- rw {
- local_addrs = 192.168.0.1
- pools = rw_pool
-
- local {
- auth = psk
- id = moon.strongswan.org
- }
- remote {
- auth = psk
- }
- children {
- net {
- local_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-ntru128,aes192gcm128-ntru192
- }
- }
- version = 2
- proposals = aes128-sha256-ntru128,aes192-sha384-ntru192
- }
-}
-
-secrets {
-
- ike-carol {
- id = carol@strongswan.org
- secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
- }
- ike-dave {
- id = dave@strongswan.org
- secret = 0sjVzONCF02ncsgiSlmIXeqhGN
- }
-}
-
-pools {
- rw_pool {
- addrs = 10.3.0.0/28
- }
-}
+++ /dev/null
-carol::systemctl stop strongswan
-dave::systemctl stop strongswan
-moon::systemctl stop strongswan
-moon::iptables-restore < /etc/iptables.flush
-carol::iptables-restore < /etc/iptables.flush
-dave::iptables-restore < /etc/iptables.flush
+++ /dev/null
-moon::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::systemctl start strongswan
-carol::systemctl start strongswan
-dave::systemctl start strongswan
-moon::expect-connection rw
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
-dave::expect-connection home
-dave::swanctl --initiate --child home 2> /dev/null
+++ /dev/null
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# charon controlled by swanctl
-#
-SWANCTL=1