From: Andreas Steffen Date: Tue, 21 Oct 2014 22:19:49 +0000 (+0200) Subject: Created framework for BLISS post-quantum signature algorithm X-Git-Tag: 5.2.2dr1~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9d5b91d1987188dce499fb5f5c9c0c3026d40d60;p=thirdparty%2Fstrongswan.git Created framework for BLISS post-quantum signature algorithm --- diff --git a/configure.ac b/configure.ac index 7e561edf92..ff8fefeb48 100644 --- a/configure.ac +++ b/configure.ac @@ -123,6 +123,7 @@ m4_include(m4/macros/enable-disable.m4) # crypto plugins ARG_DISBL_SET([aes], [disable AES software implementation plugin.]) ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.]) +ARG_ENABL_SET([bliss], [enable BLISS software implementation plugin.]) ARG_ENABL_SET([blowfish], [enable Blowfish software implementation plugin.]) ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.]) ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.]) @@ -1251,6 +1252,7 @@ ADD_PLUGIN([ctr], [s charon scripts nm cmd]) ADD_PLUGIN([ccm], [s charon scripts nm cmd]) ADD_PLUGIN([gcm], [s charon scripts nm cmd]) ADD_PLUGIN([ntru], [s charon scripts nm cmd]) +ADD_PLUGIN([bliss], [s charon pki scripts nm cmd]) ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([winhttp], [s charon pki scripts]) ADD_PLUGIN([soup], [s charon pki scripts nm cmd]) @@ -1398,6 +1400,7 @@ AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue) AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue) AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue) AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue) +AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue) # charon plugins # ---------------- @@ -1641,6 +1644,7 @@ AC_CONFIG_FILES([ src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile + src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libhydra/Makefile diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 1b72d6f262..9460a9e390 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -544,6 +544,13 @@ if MONOLITHIC endif endif +if USE_BLISS + SUBDIRS += plugins/bliss +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/bliss/libstrongswan-bliss.la +endif +endif + if USE_TEST_VECTORS SUBDIRS += plugins/test_vectors if MONOLITHIC diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 37bba77d19..5ec6f562a4 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,14 +18,15 @@ #include "public_key.h" -ENUM(key_type_names, KEY_ANY, KEY_DSA, +ENUM(key_type_names, KEY_ANY, KEY_BLISS, "ANY", "RSA", "ECDSA", - "DSA" + "DSA", + "BLISS" ); -ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521, +ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_IV_SHA384, "UNKNOWN", "RSA_EMSA_PKCS1_NULL", "RSA_EMSA_PKCS1_MD5", @@ -41,6 +43,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521, "ECDSA-256", "ECDSA-384", "ECDSA-521", + "BLISS-I_SHA256", + "BLISS-IV_SHA384", ); ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512, diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 2afcf83250..728c08e256 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -1,6 +1,7 @@ /* * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -42,6 +43,8 @@ enum key_type_t { KEY_ECDSA = 2, /** DSA */ KEY_DSA = 3, + /** BLISS */ + KEY_BLISS = 4, /** ElGamal, ... */ }; @@ -90,6 +93,10 @@ enum signature_scheme_t { SIGN_ECDSA_384, /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ SIGN_ECDSA_521, + /** BLISS-I with SHA-256 */ + SIGN_BLISS_I_SHA256, + /** BLISS-IV with SHA-384 */ + SIGN_BLISS_IV_SHA384, }; /** diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am new file mode 100644 index 0000000000..307568828f --- /dev/null +++ b/src/libstrongswan/plugins/bliss/Makefile.am @@ -0,0 +1,19 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) \ + @COVERAGE_CFLAGS@ + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-bliss.la +else +plugin_LTLIBRARIES = libstrongswan-bliss.la +endif + +libstrongswan_bliss_la_SOURCES = \ + bliss_plugin.h bliss_plugin.c \ + bliss_private_key.h bliss_private_key.c \ + bliss_public_key.h bliss_public_key.c + +libstrongswan_bliss_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c new file mode 100644 index 0000000000..7958940851 --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c @@ -0,0 +1,93 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "bliss_plugin.h" +#include "bliss_private_key.h" +#include "bliss_public_key.h" + +#include + +typedef struct private_bliss_plugin_t private_bliss_plugin_t; + +/** + * private data of bliss_plugin + */ +struct private_bliss_plugin_t { + + /** + * public functions + */ + bliss_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_bliss_plugin_t *this) +{ + return "bliss"; +} + +METHOD(plugin_t, get_features, int, + private_bliss_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + /* private/public keys */ + PLUGIN_REGISTER(PRIVKEY, bliss_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS), + PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS), + PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_BLISS), + /* signature schemes, private */ + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_I_SHA256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_IV_SHA384), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), + /* signature verification schemes */ + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_I_SHA256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_IV_SHA384), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), + }; + *features = f; + + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_bliss_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *bliss_plugin_create() +{ + private_bliss_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.h b/src/libstrongswan/plugins/bliss/bliss_plugin.h new file mode 100644 index 0000000000..d3d80ac5d4 --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup bliss_p bliss + * @ingroup plugins + * + * @defgroup bliss_plugin bliss_plugin + * @{ @ingroup bliss_p + */ + +#ifndef BLISS_PLUGIN_H_ +#define BLISS_PLUGIN_H_ + +#include + +typedef struct bliss_plugin_t bliss_plugin_t; + +/** + * Plugin implementing the BLISS post-quantu authentication algorithm + */ +struct bliss_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** BLISS_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c new file mode 100644 index 0000000000..7d3cee9966 --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -0,0 +1,207 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "bliss_private_key.h" + +typedef struct private_bliss_private_key_t private_bliss_private_key_t; + +/** + * Private data of a bliss_private_key_t object. + */ +struct private_bliss_private_key_t { + /** + * Public interface for this signer. + */ + bliss_private_key_t public; + + + /** + * BLISS type + */ + u_int key_size; + + /** + * reference count + */ + refcount_t ref; +}; + +METHOD(private_key_t, get_type, key_type_t, + private_bliss_private_key_t *this) +{ + return KEY_BLISS; +} + +METHOD(private_key_t, sign, bool, + private_bliss_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) +{ + switch (scheme) + { + case SIGN_BLISS_I_SHA256: + return FALSE; + case SIGN_BLISS_IV_SHA384: + return FALSE; + default: + DBG1(DBG_LIB, "signature scheme %N not supported with BLISS", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(private_key_t, decrypt, bool, + private_bliss_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) +{ + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; +} + +METHOD(private_key_t, get_keysize, int, + private_bliss_private_key_t *this) +{ + return this->key_size; +} + +METHOD(private_key_t, get_public_key, public_key_t*, + private_bliss_private_key_t *this) +{ + public_key_t *public = NULL; + + return public; +} + +METHOD(private_key_t, get_encoding, bool, + private_bliss_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + bool success = TRUE; + + *encoding = chunk_empty; + + return success; +} + +METHOD(private_key_t, get_fingerprint, bool, + private_bliss_private_key_t *this, cred_encoding_type_t type, chunk_t *fp) +{ + bool success = FALSE; + + return success; +} + +METHOD(private_key_t, get_ref, private_key_t*, + private_bliss_private_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(private_key_t, destroy, void, + private_bliss_private_key_t *this) +{ + if (ref_put(&this->ref)) + { + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_bliss_private_key_t *bliss_private_key_create_empty(void) +{ + private_bliss_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); + return this; +} + +/** + * See header. + */ +bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) +{ + private_bliss_private_key_t *this; + u_int key_size = 1; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + /* Only BLISS-I and BLISS-IV are supported */ + if (key_size != 1 && key_size != 4) + { + return NULL; + } + + this = bliss_private_key_create_empty(); + this->key_size = key_size; + + return &this->public; +} + +/** + * See header. + */ +bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) +{ + private_bliss_private_key_t *this; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + default: + return NULL; + } + break; + } + + this = bliss_private_key_create_empty(); + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.h b/src/libstrongswan/plugins/bliss/bliss_private_key.h new file mode 100644 index 0000000000..c9b93a6226 --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup bliss_private_key bliss_private_key + * @{ @ingroup gmp_p + */ + +#ifndef BLISS_PRIVATE_KEY_H_ +#define BLISS_PRIVATE_KEY_H_ + +#include +#include + +typedef struct bliss_private_key_t bliss_private_key_t; + +/** + * Private_key_t implementation of BLISS signature algorithm. + */ +struct bliss_private_key_t { + + /** + * Implements private_key_t interface + */ + private_key_t key; +}; + +/** + * Generate a BLISS private key. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_BLISS + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args); + +/** + * Load a BLISS private key. + * + * Accepts BUILD_BLISS_* components. + * + * @param type type of the key, must be KEY_BLISS + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args); + +#endif /** BLISS_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c new file mode 100644 index 0000000000..002bf349ae --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "bliss_public_key.h" + +typedef struct private_bliss_public_key_t private_bliss_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_bliss_public_key_t { + /** + * Public interface for this signer. + */ + bliss_public_key_t public; + + /** + * BLISS type + */ + u_int key_size; + + /** + * reference counter + */ + refcount_t ref; +}; + +METHOD(public_key_t, get_type, key_type_t, + private_bliss_public_key_t *this) +{ + return KEY_BLISS; +} + +METHOD(public_key_t, verify, bool, + private_bliss_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) +{ + switch (scheme) + { + case SIGN_BLISS_I_SHA256: + return FALSE; + case SIGN_BLISS_IV_SHA384: + return FALSE; + default: + DBG1(DBG_LIB, "signature scheme %N not supported by BLISS", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(public_key_t, encrypt_, bool, + private_bliss_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) +{ + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; +} + +METHOD(public_key_t, get_keysize, int, + private_bliss_public_key_t *this) +{ + return this->key_size; +} + +METHOD(public_key_t, get_encoding, bool, + private_bliss_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + bool success = TRUE; + + *encoding = chunk_empty; + + return success; +} + +METHOD(public_key_t, get_fingerprint, bool, + private_bliss_public_key_t *this, cred_encoding_type_t type, chunk_t *fp) +{ + bool success = FALSE; + + return success; +} + +METHOD(public_key_t, get_ref, public_key_t*, + private_bliss_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(public_key_t, destroy, void, + private_bliss_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + free(this); + } +} + +/** + * See header. + */ +bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args) +{ + private_bliss_public_key_t *this; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt_, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.h b/src/libstrongswan/plugins/bliss/bliss_public_key.h new file mode 100644 index 0000000000..71e0e4ebf3 --- /dev/null +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup bliss_public_key bliss_public_key + * @{ @ingroup gmp_p + */ + +#ifndef BLISS_PUBLIC_KEY_H_ +#define BLISS_PUBLIC_KEY_H_ + +#include +#include + +typedef struct bliss_public_key_t bliss_public_key_t; + +/** + * public_key_t implementation of BLISS signature algorithm + */ +struct bliss_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t key; +}; + +/** + * Load a BLISS public key. + * + * Accepts BUILD_BLISS_* components. + * + * @param type type of the key, must be KEY_BLISS + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args); + +#endif /** BLISS_PUBLIC_KEY_H_ @}*/ diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index ce28a09711..c39644e309 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -43,6 +44,10 @@ static int gen() { type = KEY_ECDSA; } + else if (streq(arg, "bliss")) + { + type = KEY_BLISS; + } else { return command_usage("invalid key type"); @@ -96,6 +101,9 @@ static int gen() case KEY_ECDSA: size = 384; break; + case KEY_BLISS: + size = 1; + break; default: break; } @@ -151,12 +159,12 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { gen, 'g', "gen", "generate a new private key", - {" [--type rsa|ecdsa] [--size bits] [--safe-primes]", + {" [--type rsa|ecdsa|bliss] [--size bits] [--safe-primes]", "[--shares n] [--threshold l] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"type", 't', 1, "type of key, default: rsa"}, - {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"}, + {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384, bliss 1"}, {"safe-primes", 'p', 0, "generate rsa safe primes"}, {"shares", 'n', 1, "number of private rsa key shares"}, {"threshold", 'l', 1, "minimum number of participating rsa key shares"},