From: Andreas Steffen Date: Wed, 29 Oct 2014 21:35:13 +0000 (+0100) Subject: Defined BLISS I and IV parameter sets X-Git-Tag: 5.2.2dr1~23 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=73a327404dce83df6f8cac43733ae4a83f7044a9;p=thirdparty%2Fstrongswan.git Defined BLISS I and IV parameter sets --- diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am index 94eb6da8d8..e73ffb02a4 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.am +++ b/src/libstrongswan/plugins/bliss/Makefile.am @@ -13,6 +13,7 @@ endif libstrongswan_bliss_la_SOURCES = \ bliss_plugin.h bliss_plugin.c \ + bliss_param_set.h bliss_param_set.c \ bliss_private_key.h bliss_private_key.c \ bliss_public_key.h bliss_public_key.c \ bliss_fft.h bliss_fft.c \ diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.c b/src/libstrongswan/plugins/bliss/bliss_param_set.c new file mode 100644 index 0000000000..f2c2718fd3 --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.c @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "bliss_param_set.h" + +#include + +ENUM(bliss_param_set_id_names, BLISS_I, BLISS_IV, + "BLISS-I", + "BLISS-II", + "BLISS-III", + "BLISS-IV" +); + +/** + * BLISS signature parameter set definitions + */ +static bliss_param_set_t bliss_param_sets[] = { + + /* BLISS-I scheme */ + { + .id = BLISS_I, + .oid = OID_BLISS_I, + .strength = 128, + .q = 12289, + .n = 512, + .n_bits = 9, + .fft_params = &bliss_fft_12289_512, + .non_zero1 = 154, + .non_zero2 = 0, + .kappa = 23, + .nks_max = 46479, + }, + + /* BLISS-IV scheme */ + { + .id = BLISS_IV, + .oid = OID_BLISS_IV, + .strength = 192, + .q = 12289, + .n = 512, + .n_bits = 9, + .fft_params = &bliss_fft_12289_512, + .non_zero1 = 231, + .non_zero2 = 31, + .kappa = 39, + .nks_max = 244669, + } +}; + +/** + * See header. + */ +bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id) +{ + int i; + + for (i = 0; i < countof(bliss_param_sets); i++) + { + if (bliss_param_sets[i].id == id) + { + return &bliss_param_sets[i]; + } + } + return NULL; +} + + +/** + * See header. + */ +bliss_param_set_t* bliss_param_set_get_by_oid(int oid) +{ + int i; + + for (i = 0; i < countof(bliss_param_sets); i++) + { + if (bliss_param_sets[i].oid == oid) + { + return &bliss_param_sets[i]; + } + } + return NULL; +} diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.h b/src/libstrongswan/plugins/bliss/bliss_param_set.h new file mode 100644 index 0000000000..acc053bbc4 --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.h @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup bliss_param_set bliss_param_set + * @{ @ingroup bliss_p + */ + +#ifndef BLISS_PARAM_SET_H_ +#define BLISS_PARAM_SET_H_ + +typedef enum bliss_param_set_id_t bliss_param_set_id_t; +typedef struct bliss_param_set_t bliss_param_set_t; + +#include "bliss_fft_params.h" + +#include + +/** + * BLISS signature parameter set ID list + */ +enum bliss_param_set_id_t { + BLISS_I = 1, + BLISS_II = 2, + BLISS_III = 3, + BLISS_IV = 4 +}; + +extern enum_name_t *bliss_param_set_id_names; + +/** + * BLISS + */ +struct bliss_param_set_t { + + /** + * BLISS parameter set ID + */ + bliss_param_set_id_t id; + + /** + * BLISS parameter set OID + */ + int oid; + + /** + * Security strength in bits + */ + uint16_t strength; + + /** + * Prime modulus + */ + uint16_t q; + + /** + * Ring dimension equal to the number of polynomial coefficients + */ + uint16_t n; + + /** + * Number of bits in n + */ + uint16_t n_bits; + + /** + * FFT parameters + */ + bliss_fft_params_t *fft_params; + + /** + * Number of [-1, +1] secret key coefficients + */ + uint16_t non_zero1; + + /** + * Number of [-2, +2] secret key coefficients + */ + uint16_t non_zero2; + + /** + * Number of secret key terms that go into Nk(S) norm + */ + uint16_t kappa; + + /** + * Maximum Nk(S) tolerable NK(S) norm + */ + uint32_t nks_max; + +}; + +/** + * Get BLISS signature parameter set by BLISS parameter set ID + * + * @param id BLISS parameter set ID + * @return BLISS parameter set +*/ +bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id); + +/** + * Get BLISS signature parameter set by BLISS parameter set OID + * + * @param oid BLISS parameter set OID + * @return BLISS parameter set +*/ +bliss_param_set_t* bliss_param_set_get_by_oid(int oid); + +#endif /** BLISS_PARAM_SET_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index dcf1b7d73d..38676d6a46 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -14,6 +14,7 @@ */ #include "bliss_private_key.h" +#include "bliss_param_set.h" #include "bliss_fft.h" #define _GNU_SOURCE @@ -30,11 +31,10 @@ struct private_bliss_private_key_t { */ bliss_private_key_t public; - /** - * BLISS type + * BLISS signature parameter set */ - u_int key_size; + bliss_param_set_t *set; /** * reference count @@ -77,7 +77,7 @@ METHOD(private_key_t, decrypt, bool, METHOD(private_key_t, get_keysize, int, private_bliss_private_key_t *this) { - return this->key_size; + return this->set->strength; } METHOD(private_key_t, get_public_key, public_key_t*, @@ -209,16 +209,15 @@ static int compare(const int16_t *a, const int16_t *b) /** * Compute the Nk(S) norm of S = (s1, s2) */ -static uint32_t nks_norm(int16_t *s1, int16_t *s2, int n) +static uint32_t nks_norm(int16_t *s1, int16_t *s2, int n, uint16_t kappa) { int16_t t[n], t_wrapped[n], max_kappa[n]; uint32_t nks = 0; - int i, j, kappa = 23; + int i, j; for (i = 0; i < n; i++) { t[i] = wrapped_product(s1, s1, n, i) + wrapped_product(s2, s2, n, i); - DBG1(DBG_LIB, "t[%d] = %5d", i, t[i]); } for (i = 0; i < n; i++) @@ -231,7 +230,6 @@ static uint32_t nks_norm(int16_t *s1, int16_t *s2, int n) { max_kappa[i] += t_wrapped[n - j]; } - DBG1(DBG_LIB, "max_kappa[%d] = %5d", i, max_kappa[i]); } qsort(max_kappa, n, sizeof(int16_t), (__compar_fn_t)compare); @@ -283,9 +281,10 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) int i; uint32_t *a, *A, *F, *G, nks; uint16_t q, n, l2_norm; + bliss_param_set_t *set; bliss_fft_t *fft; - int16_t f[] = { + int16_t f_bliss1[] = { 0, 0, 0, 0, 1, 1, 0, -1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, -1, 1, 0, 0, @@ -345,7 +344,7 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) 0, -1 }; -int16_t g[] = { +int16_t g_bliss1[] = { -1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, -1, 0, 0, 0, @@ -405,6 +404,125 @@ int16_t g[] = { 0, -1 }; + int16_t f[] = { + 0, -1, -1, 0, 0, 1, -1, -1, 0, 0, + 0, 0, 1, 1, 0, 0, 0, 1, -1, 1, + -2, 1, 0, 0, -1, 0, 0, 0, -1, 0, + 0, -1, 0, 1, 1, -1, 0, 1, -2, -1, + 1, 0, 0, 0, 0, -1, -1, 0, 1, 2, + 0, 0, 1, 0, -1, 0, 1, 1, 1, 0, + 2, -1, 0, 0, 1, 0, 0, -1, 0, 0, + 0, 0, 1, 0, 0, -1, 0, -1, -1, 0, + 0, 0, 0, -1, -2, -1, -1, -1, 1, 0, + 0, 1, 0, 1, -1, -1, 0, 0, 0, 1, + + 0, -1, 1, 1, 1, 0, -1, 0, 0, -1, + 0, 1, -1, 1, -2, 0, 1, 1, -1, 0, + 1, -1, -2, 0, 0, -1, 0, 0, 1, 0, + 0, 0, 1, -1, 1, -2, 0, 0, -1, 1, + 0, 0, -1, -1, 0, -1, 0, 0, 0, 0, + -1, 0, 1, -1, 1, 0, -1, 1, 0, 1, + 1, 0, 0, -1, 0, 1, 1, 0, -1, 1, + 1, 1, 2, 0, 0, 1, 0, 1, 0, 0, + -1, -1, 0, -2, 0, -1, 0, 0, -1, 1, + -1, -2, 0, 2, 0, -1, 2, 1, 0, 1, + + 1, 1, 1, 0, -1, 1, -1, 1, 1, -1, + 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, + -2, 0, 1, 1, 0, -1, -1, 1, 0, 1, + -2, 1, 1, -1, 1, 0, 0, 1, -1, -1, + 1, 0, 1, 1, 1, -1, 0, -1, 0, 0, + 0, 0, 1, 0, 0, -1, 0, 0, 0, 0, + 1, -1, 2, -1, 1, 0, 0, 1, 0, 0, + 0, -1, -1, 2, 1, 1, 0, -1, 0, -1, + 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, + 0, 0, 0, -1, 0, 1, 1, 1, -1, 0, + + -1, 1, 0, 1, 0, 0, 0, 1, 0, -1, + 0, 0, 1, -2, 0, 0, 0, 0, -1, 1, + 0, 1, 0, 0, 0, -1, 0, 1, 0, -1, + 0, 1, -1, 0, 0, 1, 0, 0, 0, 0, + 1, -1, 0, -2, 0, 0, 2, 0, -1, -1, + -1, 1, 1, 0, 1, -1, 1, 2, -1, 1, + -1, 0, 1, -2, 0, 0, -1, 2, -1, 0, + -1, 0, -1, 0, 1, -2, 0, 2, 0, 0, + 1, -1, 1, -1, 1, 0, 1, 1, -1, 0, + 0, 0, -1, -1, 0, 0, 0, -1, -2, 0, + + 0, 0, 1, -2, 0, 0, 1, 1, 0, -1, + 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, + 0, 0, -1, 0, 0, 0, 1, 0, 0, 0, + 1, 2, 0, -1, 0, 0, 1, 0, 0, 0, + -1, 0, 0, 1, -1, 0, -1, 0, 0, -1, + -1, -1, 2, 0, 0, 0, -1, 0, 2, 0, + -1, 0, -1, 0, -1, 1, 0, 0, 0, 0, + -1, 2, 0, 1, 0, 0, -1, 0, 0, 0, + 1, -1, -1, 0, 0, -1, 0, -1, 1, -1, + 1, 0, -1, -1, 1, 1, 0, 0, 0, 0, + + 0, 0, 0, 1, -1, 0, 0, 0, 0, 0, + 0, 0 + }; +int16_t g[] = { + 0, 2, 1, 0, -1, 1, 1, 1, -1, -1, + 1, 2, 0, 0, 0, -1, 0, -1, 1, 0, + 1, -1, 1, 0, 0, 0, -1, -1, 1, 0, + -1, 1, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, -1, -1, -1, -1, 0, 0, 0, 0, + 0, -1, 0, -1, -2, 0, 0, 1, 0, -1, + -1, -1, -1, -1, 2, 1, -1, 0, -1, 0, + 0, 1, 1, 0, 1, 0, 0, 0, -1, 1, + 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, + 0, -1, 0, 0, 0, -1, 0, 0, 0, 0, + + 0, 1, -2, 1, 1, -1, 1, 1, 0, 1, + 0, 0, 1, 0, 0, 0, -1, 0, 0, 0, + 0, 0, 1, 0, 1, -1, 0, 0, 0, 1, + 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, + 0, 0, 0, -1, 0, -1, -2, 1, 0, 1, + 0, -1, -2, 1, 0, 0, -1, 0, 0, 0, + 0, 0, 1, 0, 1, -1, 1, 1, -1, 0, + 0, 0, 1, -1, 1, 1, -2, -1, 1, 0, + -2, 0, 0, 0, 1, 1, 2, 0, 2, 1, + 1, 0, 1, 0, -1, 1, 0, 0, 0, -1, + + -1, -1, 0, 0, -1, 1, 0, 1, 0, -1, + 0, 0, 2, 1, 0, 0, 1, -2, -1, 0, + 1, 0, -1, 1, -1, 0, 1, -1, -1, 1, + 0, 0, -1, -1, -1, 0, 0, 1, -2, -1, + 0, -1, 1, -1, 1, -1, 0, -1, -1, 1, + 0, 1, -1, 0, 2, 1, -1, 0, -2, 0, + -1, 0, 0, 1, 0, -1, 1, 1, 0, 0, + 0, -1, -2, 1, 0, 0, 2, 0, -1, 0, + 1, 1, 0, -1, 0, 0, -1, -1, -1, 0, + 0, -1, 0, 0, 0, 0, 1, 0, -1, -1, + + 1, -1, 0, 0, 1, 0, -1, 1, 0, 1, + 0, 1, 1, 1, -1, 0, 0, 1, 0, -1, + 0, -1, 0, 0, 0, -1, -1, 0, 0, 0, + -1, -1, 0, 1, 0, 0, 0, 1, 0, 0, + 1, 1, -1, 0, 0, 0, -1, 0, 1, 1, + 0, 1, 0, 1, 0, -1, -1, 0, 0, 0, + 2, -1, 0, 0, -1, 1, -1, -2, -1, 0, + 0, 1, 0, 1, 1, 0, 0, 0, -1, 2, + 0, -1, 0, 0, 0, -1, -1, -1, 0, 1, + -2, 0, 0, 1, -1, 0, 0, 0, 1, 1, + + 1, 1, 0, -1, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, -2, 0, 0, 0, + 2, 1, 0, 0, 0, 0, 1, 0, 0, -1, + 1, -2, 0, 0, 1, 1, 1, 0, -2, 0, + -1, 0, 1, 2, 1, 0, 0, -2, 0, -1, + -1, 0, 1, 0, 1, 0, 1, 0, -1, -1, + 2, 0, 1, -1, 0, 1, 0, 0, 0, -1, + 1, 0, 1, -1, 0, 0, 0, 0, 0, -1, + 0, 0, 1, -1, 0, 0, 1, 1, 0, 0, + 0, 1, -1, 0, -1, -2, -1, 0, 0, -2, + + 0, -1, 0, 0, 0, -1, 1, 0, 1, 1, + -1, 0 + }; + while (TRUE) { switch (va_arg(args, builder_part_t)) @@ -421,18 +539,27 @@ int16_t g[] = { } /* Only BLISS-I and BLISS-IV are supported */ - if (key_size != 1 && key_size != 4) + set = bliss_param_set_get_by_id(key_size); + if (!set) { + DBG1(DBG_LIB, "BLISS parameter set %u not supported"); return NULL; } + /* Some shortcuts for often used variables */ + n = set->n; + q = set->q; + + if (set->fft_params->n != n || set->fft_params->q != q) + { + DBG1(DBG_LIB, "FFT parameters do not match BLISS parameters"); + return NULL; + } this = bliss_private_key_create_empty(); - this->key_size = key_size; + this->set = set; /* We derive the public key from the private key using the FFT */ - fft = bliss_fft_create(&bliss_fft_12289_512); - n = fft->get_size(fft); - q = fft->get_modulus(fft); + fft = bliss_fft_create(set->fft_params); /* Compute 2g + 1 */ for (i = 0; i < n; i++) @@ -442,8 +569,9 @@ int16_t g[] = { g[0] += 1; l2_norm = wrapped_product(f, f, n, 0) + wrapped_product(g, g, n, 0); - nks = nks_norm(f, g, n); - DBG1(DBG_LIB, "L2 norm of s1||s2: %d, Nk(S) = %u", l2_norm, nks); + nks = nks_norm(f, g, n, set->kappa); + DBG2(DBG_LIB, "L2 norm of s1||s2: %d, Nk(S): %u (%u max)", + l2_norm, nks, set->nks_max); F = malloc(n * sizeof(uint32_t)); G = malloc(n * sizeof(uint32_t)); @@ -470,10 +598,10 @@ int16_t g[] = { } fft->transform(fft, A, a, TRUE); - DBG1(DBG_LIB, " i f g a F G A"); + DBG4(DBG_LIB, " i f g a F G A"); for (i = 0; i < n; i++) { - DBG1(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u", + DBG4(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u", i, f[i], g[i], a[i], F[i], G[i], A[i]); }