# crypto plugins
ARG_DISBL_SET([aes], [disable AES software implementation plugin.])
ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.])
+ARG_ENABL_SET([bliss], [enable BLISS software implementation plugin.])
ARG_ENABL_SET([blowfish], [enable Blowfish software implementation plugin.])
ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.])
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
ADD_PLUGIN([ntru], [s charon scripts nm cmd])
+ADD_PLUGIN([bliss], [s charon pki scripts nm cmd])
ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([winhttp], [s charon pki scripts])
ADD_PLUGIN([soup], [s charon pki scripts nm cmd])
AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue)
AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
+AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
# charon plugins
# ----------------
src/libstrongswan/plugins/gcm/Makefile
src/libstrongswan/plugins/af_alg/Makefile
src/libstrongswan/plugins/ntru/Makefile
+ src/libstrongswan/plugins/bliss/Makefile
src/libstrongswan/plugins/test_vectors/Makefile
src/libstrongswan/tests/Makefile
src/libhydra/Makefile
endif
endif
+if USE_BLISS
+ SUBDIRS += plugins/bliss
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/bliss/libstrongswan-bliss.la
+endif
+endif
+
if USE_TEST_VECTORS
SUBDIRS += plugins/test_vectors
if MONOLITHIC
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
#include "public_key.h"
-ENUM(key_type_names, KEY_ANY, KEY_DSA,
+ENUM(key_type_names, KEY_ANY, KEY_BLISS,
"ANY",
"RSA",
"ECDSA",
- "DSA"
+ "DSA",
+ "BLISS"
);
-ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_IV_SHA384,
"UNKNOWN",
"RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
+ "BLISS-I_SHA256",
+ "BLISS-IV_SHA384",
);
ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
KEY_ECDSA = 2,
/** DSA */
KEY_DSA = 3,
+ /** BLISS */
+ KEY_BLISS = 4,
/** ElGamal, ... */
};
SIGN_ECDSA_384,
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
+ /** BLISS-I with SHA-256 */
+ SIGN_BLISS_I_SHA256,
+ /** BLISS-IV with SHA-384 */
+ SIGN_BLISS_IV_SHA384,
};
/**
--- /dev/null
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS) \
+ @COVERAGE_CFLAGS@
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-bliss.la
+else
+plugin_LTLIBRARIES = libstrongswan-bliss.la
+endif
+
+libstrongswan_bliss_la_SOURCES = \
+ bliss_plugin.h bliss_plugin.c \
+ bliss_private_key.h bliss_private_key.c \
+ bliss_public_key.h bliss_public_key.c
+
+libstrongswan_bliss_la_LDFLAGS = -module -avoid-version
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "bliss_plugin.h"
+#include "bliss_private_key.h"
+#include "bliss_public_key.h"
+
+#include <library.h>
+
+typedef struct private_bliss_plugin_t private_bliss_plugin_t;
+
+/**
+ * private data of bliss_plugin
+ */
+struct private_bliss_plugin_t {
+
+ /**
+ * public functions
+ */
+ bliss_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_bliss_plugin_t *this)
+{
+ return "bliss";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_bliss_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ /* private/public keys */
+ PLUGIN_REGISTER(PRIVKEY, bliss_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS),
+ PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS),
+ PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
+ /* signature schemes, private */
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_I_SHA256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_IV_SHA384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ /* signature verification schemes */
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_I_SHA256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_IV_SHA384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ };
+ *features = f;
+
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_bliss_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *bliss_plugin_create()
+{
+ private_bliss_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup bliss_p bliss
+ * @ingroup plugins
+ *
+ * @defgroup bliss_plugin bliss_plugin
+ * @{ @ingroup bliss_p
+ */
+
+#ifndef BLISS_PLUGIN_H_
+#define BLISS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct bliss_plugin_t bliss_plugin_t;
+
+/**
+ * Plugin implementing the BLISS post-quantu authentication algorithm
+ */
+struct bliss_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** BLISS_PLUGIN_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "bliss_private_key.h"
+
+typedef struct private_bliss_private_key_t private_bliss_private_key_t;
+
+/**
+ * Private data of a bliss_private_key_t object.
+ */
+struct private_bliss_private_key_t {
+ /**
+ * Public interface for this signer.
+ */
+ bliss_private_key_t public;
+
+
+ /**
+ * BLISS type
+ */
+ u_int key_size;
+
+ /**
+ * reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_bliss_private_key_t *this)
+{
+ return KEY_BLISS;
+}
+
+METHOD(private_key_t, sign, bool,
+ private_bliss_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
+{
+ switch (scheme)
+ {
+ case SIGN_BLISS_I_SHA256:
+ return FALSE;
+ case SIGN_BLISS_IV_SHA384:
+ return FALSE;
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(private_key_t, decrypt, bool,
+ private_bliss_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
+{
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+}
+
+METHOD(private_key_t, get_keysize, int,
+ private_bliss_private_key_t *this)
+{
+ return this->key_size;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_bliss_private_key_t *this)
+{
+ public_key_t *public = NULL;
+
+ return public;
+}
+
+METHOD(private_key_t, get_encoding, bool,
+ private_bliss_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ bool success = TRUE;
+
+ *encoding = chunk_empty;
+
+ return success;
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+ private_bliss_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
+{
+ bool success = FALSE;
+
+ return success;
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_bliss_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+ private_bliss_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_bliss_private_key_t *bliss_private_key_create_empty(void)
+{
+ private_bliss_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+ return this;
+}
+
+/**
+ * See header.
+ */
+bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
+{
+ private_bliss_private_key_t *this;
+ u_int key_size = 1;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_KEY_SIZE:
+ key_size = va_arg(args, u_int);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ /* Only BLISS-I and BLISS-IV are supported */
+ if (key_size != 1 && key_size != 4)
+ {
+ return NULL;
+ }
+
+ this = bliss_private_key_create_empty();
+ this->key_size = key_size;
+
+ return &this->public;
+}
+
+/**
+ * See header.
+ */
+bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
+{
+ private_bliss_private_key_t *this;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ this = bliss_private_key_create_empty();
+
+ return &this->public;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup bliss_private_key bliss_private_key
+ * @{ @ingroup gmp_p
+ */
+
+#ifndef BLISS_PRIVATE_KEY_H_
+#define BLISS_PRIVATE_KEY_H_
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+typedef struct bliss_private_key_t bliss_private_key_t;
+
+/**
+ * Private_key_t implementation of BLISS signature algorithm.
+ */
+struct bliss_private_key_t {
+
+ /**
+ * Implements private_key_t interface
+ */
+ private_key_t key;
+};
+
+/**
+ * Generate a BLISS private key.
+ *
+ * Accepts the BUILD_KEY_SIZE argument.
+ *
+ * @param type type of the key, must be KEY_BLISS
+ * @param args builder_part_t argument list
+ * @return generated key, NULL on failure
+ */
+bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args);
+
+/**
+ * Load a BLISS private key.
+ *
+ * Accepts BUILD_BLISS_* components.
+ *
+ * @param type type of the key, must be KEY_BLISS
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args);
+
+#endif /** BLISS_PRIVATE_KEY_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "bliss_public_key.h"
+
+typedef struct private_bliss_public_key_t private_bliss_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_bliss_public_key_t {
+ /**
+ * Public interface for this signer.
+ */
+ bliss_public_key_t public;
+
+ /**
+ * BLISS type
+ */
+ u_int key_size;
+
+ /**
+ * reference counter
+ */
+ refcount_t ref;
+};
+
+METHOD(public_key_t, get_type, key_type_t,
+ private_bliss_public_key_t *this)
+{
+ return KEY_BLISS;
+}
+
+METHOD(public_key_t, verify, bool,
+ private_bliss_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
+{
+ switch (scheme)
+ {
+ case SIGN_BLISS_I_SHA256:
+ return FALSE;
+ case SIGN_BLISS_IV_SHA384:
+ return FALSE;
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(public_key_t, encrypt_, bool,
+ private_bliss_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
+{
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+}
+
+METHOD(public_key_t, get_keysize, int,
+ private_bliss_public_key_t *this)
+{
+ return this->key_size;
+}
+
+METHOD(public_key_t, get_encoding, bool,
+ private_bliss_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ bool success = TRUE;
+
+ *encoding = chunk_empty;
+
+ return success;
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+ private_bliss_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
+{
+ bool success = FALSE;
+
+ return success;
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_bliss_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+ private_bliss_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this);
+ }
+}
+
+/**
+ * See header.
+ */
+bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
+{
+ private_bliss_public_key_t *this;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt_,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+
+ return &this->public;
+}
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup bliss_public_key bliss_public_key
+ * @{ @ingroup gmp_p
+ */
+
+#ifndef BLISS_PUBLIC_KEY_H_
+#define BLISS_PUBLIC_KEY_H_
+
+#include <credentials/builder.h>
+#include <credentials/keys/public_key.h>
+
+typedef struct bliss_public_key_t bliss_public_key_t;
+
+/**
+ * public_key_t implementation of BLISS signature algorithm
+ */
+struct bliss_public_key_t {
+
+ /**
+ * Implements the public_key_t interface
+ */
+ public_key_t key;
+};
+
+/**
+ * Load a BLISS public key.
+ *
+ * Accepts BUILD_BLISS_* components.
+ *
+ * @param type type of the key, must be KEY_BLISS
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args);
+
+#endif /** BLISS_PUBLIC_KEY_H_ @}*/
/*
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
{
type = KEY_ECDSA;
}
+ else if (streq(arg, "bliss"))
+ {
+ type = KEY_BLISS;
+ }
else
{
return command_usage("invalid key type");
case KEY_ECDSA:
size = 384;
break;
+ case KEY_BLISS:
+ size = 1;
+ break;
default:
break;
}
{
command_register((command_t) {
gen, 'g', "gen", "generate a new private key",
- {" [--type rsa|ecdsa] [--size bits] [--safe-primes]",
+ {" [--type rsa|ecdsa|bliss] [--size bits] [--safe-primes]",
"[--shares n] [--threshold l] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"type", 't', 1, "type of key, default: rsa"},
- {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"},
+ {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384, bliss 1"},
{"safe-primes", 'p', 0, "generate rsa safe primes"},
{"shares", 'n', 1, "number of private rsa key shares"},
{"threshold", 'l', 1, "minimum number of participating rsa key shares"},
projects / thirdparty / strongswan.git / commitdiff
