ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

mgf1: Refactored MGF1 as an XOF

This commit is contained in:
Andreas Steffen 2016-09-20 22:01:07 +02:00
parent e9e643b240
commit 188b190a70
60 changed files with 966 additions and 644 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
configure.ac
View File

@ -149,6 +149,7 @@ ARG_DISBL_SET([sha1], [disable SHA1 software implementation plugin.])
ARG_DISBL_SET([sha2], [disable SHA256/SHA384/SHA512 software implementation plugin.])
ARG_ENABL_SET([sha3], [enable SHA3_224/SHA3_256/SHA3_384/SHA3_512 software implementation plugin.])
ARG_DISBL_SET([xcbc], [disable xcbc crypto implementation plugin.])
ARG_ENABL_SET([mgf1], [enables the MGF1 software implementation plugin.])
# encoding/decoding plugins
ARG_DISBL_SET([dnskey], [disable DNS RR key decoding plugin.])
ARG_DISBL_SET([pem], [disable PEM decoding plugin.])
@ -465,6 +466,10 @@ if test x$aikpub2 = xtrue; then
tss_tss2=true
fi
if test x$ntru = xtrue -o x$bliss = xtrue; then
mgf1=true
fi
# ===========================================
# check required libraries and header files
# ===========================================
@ -1327,6 +1332,7 @@ ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attes
ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
@ -1482,6 +1488,7 @@ AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
@ -1738,6 +1745,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/sha1/Makefile
src/libstrongswan/plugins/sha2/Makefile
src/libstrongswan/plugins/sha3/Makefile
src/libstrongswan/plugins/mgf1/Makefile
src/libstrongswan/plugins/fips_prf/Makefile
src/libstrongswan/plugins/gmp/Makefile
src/libstrongswan/plugins/rdrand/Makefile

13
src/libstrongswan/Makefile.am
View File

@ -14,8 +14,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
crypto/iv/iv_gen_null.c \
crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
crypto/xofs/xof.c \
crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
@ -76,8 +75,7 @@ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
crypto/xofs/xof.h \
crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
credentials/credential_factory.h credentials/builder.h \
credentials/cred_encoding.h credentials/keys/private_key.h \
credentials/keys/public_key.h credentials/keys/shared_key.h \
@ -588,6 +586,13 @@ if MONOLITHIC
endif
endif
if USE_MGF1
SUBDIRS += plugins/mgf1
if MONOLITHIC
libstrongswan_la_LIBADD += plugins/mgf1/libstrongswan-mgf1.la
endif
endif
if USE_NTRU
SUBDIRS += plugins/ntru
if MONOLITHIC

180
src/libstrongswan/crypto/mgf1/mgf1.c
View File

@ -1,180 +0,0 @@
/*
* Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "mgf1.h"
#include "crypto/hashers/hasher.h"
#include "utils/debug.h"
#include "utils/test.h"
typedef struct private_mgf1_t private_mgf1_t;
/**
* Private data of an mgf1_t object.
*/
struct private_mgf1_t {
/**
* Public mgf1_t interface.
*/
mgf1_t public;
/**
* Hasher the MGF1 Mask Generation Function is based on
*/
hasher_t *hasher;
/**
* Counter
*/
uint32_t counter;
/**
* Set if counter has reached 2^32
*/
bool overflow;
/**
* Current state to be hashed
*/
chunk_t state;
/**
* Position of the 4 octet counter string
*/
u_char *ctr_str;
};
METHOD(mgf1_t, get_hash_size, size_t,
private_mgf1_t *this)
{
return this->hasher->get_hash_size(this->hasher);
}
METHOD(mgf1_t, get_mask, bool,
private_mgf1_t *this, size_t mask_len, u_char *mask)
{
u_char buf[HASH_SIZE_SHA512];
size_t hash_len;
hash_len = this->hasher->get_hash_size(this->hasher);
while (mask_len > 0)
{
/* detect overflow, set counter string and increment counter */
if (this->overflow)
{
return FALSE;
}
htoun32(this->ctr_str, this->counter++);
if (this->counter == 0)
{
this->overflow = TRUE;
}
/* get the next or final mask block from the hash function */
if (!this->hasher->get_hash(this->hasher, this->state,
(mask_len < hash_len) ? buf : mask))
{
return FALSE;
}
if (mask_len < hash_len)
{
memcpy(mask, buf, mask_len);
return TRUE;
}
mask_len -= hash_len;
mask += hash_len;
}
return TRUE;
}
METHOD(mgf1_t, allocate_mask, bool,
private_mgf1_t *this, size_t mask_len, chunk_t *mask)
{
if (mask_len == 0)
{
*mask = chunk_empty;
return TRUE;
}
*mask = chunk_alloc(mask_len);
return get_mask(this, mask_len, mask->ptr);
}
METHOD(mgf1_t, destroy, void,
private_mgf1_t *this)
{
this->hasher->destroy(this->hasher);
chunk_clear(&this->state);
free(this);
}
/*
* Described in header.
*/
mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
bool hash_seed)
{
private_mgf1_t *this;
hasher_t *hasher;
size_t state_len;
if (seed.len == 0)
{
DBG1(DBG_LIB, "empty seed for MGF1");
return NULL;
}
hasher = lib->crypto->create_hasher(lib->crypto, alg);
if (!hasher)
{
DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
hash_algorithm_names, alg);
return NULL;
}
state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
INIT(this,
.public = {
.get_hash_size = _get_hash_size,
.allocate_mask = _allocate_mask,
.get_mask = _get_mask,
.destroy = _destroy,
},
.hasher = hasher,
.state = chunk_alloc(state_len),
);
/* determine position of the 4 octet counter string */
this->ctr_str = this->state.ptr + state_len - 4;
if (hash_seed)
{
if (!hasher->get_hash(hasher, seed, this->state.ptr))
{
DBG1(DBG_LIB, "failed to hash seed for MGF1");
destroy(this);
return NULL;
}
}
else
{
memcpy(this->state.ptr, seed.ptr, seed.len);
}
return &this->public;
}

77
src/libstrongswan/crypto/mgf1/mgf1.h
View File

@ -1,77 +0,0 @@
/*
* Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup mgf1 mgf1
* @{ @ingroup crypto
*/
#ifndef MGF1_H_
#define MGF1_H_
typedef struct mgf1_t mgf1_t;
#include <library.h>
/**
* Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
* defined in section 10.2.1 of RFC 2437
*/
struct mgf1_t {
/**
* Get the hash size of the underlying hash function
*
* @return hash size in bytes
*/
size_t (*get_hash_size)(mgf1_t *this);
/**
* Generate a mask pattern and copy it to an output buffer
* If the maximum number of requests has been reached, reseeding occurs
*
* @param mask_len number of mask bytes to generate
* @param mask output buffer of minimum size mask_len
* @return TRUE if successful
*/
bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask);
/**
* Generate a mask pattern and return it in an allocated chunk
*
* @param mask_len number of mask bytes to generate
* @param mask chunk containing generated mask
* @return TRUE if successful
*/
bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask);
/**
* Destroy the MGF1 object
*/
void (*destroy)(mgf1_t *this);
};
/**
* Create an MGF1 object
*
* @param alg hash algorithm to be used by MGF1
* @param seed seed used by MGF1 to generate mask from
* @param hash_seed hash seed before using it as a seed for MGF1
*/
mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
bool hash_seed);
#endif /** MGF1_H_ @}*/

208
src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
View File

@ -1,208 +0,0 @@
/*
* Copyright (C) 2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "mgf1_bitspender.h"
#include <crypto/mgf1/mgf1.h>
typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t;
/**
* Private data structure for mgf1_bitspender_t object
*/
struct private_mgf1_bitspender_t {
/**
* Public interface.
*/
mgf1_bitspender_t public;
/**
* MGF1 bit mask generator
*/
mgf1_t *mgf1;
/**
* Octet storage (accommodates up to 64 octets)
*/
uint8_t octets[HASH_SIZE_SHA512];
/**
* Length of the returned hash value in octets
*/
int hash_len;
/**
* Number of generated octets
*/
int octets_count;
/**
* Number of available octets
*/
int octets_left;
/**
* Bit storage (accommodates up to 32 bits)
*/
uint32_t bits;
/**
* Number of available bits
*/
int bits_left;
/**
* Byte storage (accommodates up to 4 bytes)
*/
uint8_t bytes[4];
/**
* Number of available bytes
*/
int bytes_left;
};
METHOD(mgf1_bitspender_t, get_bits, bool,
private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits)
{
int bits_now;
*bits = 0x00000000;
if (bits_needed == 0)
{
/* trivial */
return TRUE;
}
if (bits_needed > 32)
{
/* too many bits requested */
return FALSE;
}
while (bits_needed)
{
if (this->bits_left == 0)
{
if (this->octets_left == 0)
{
/* get another block from MGF1 */
if (!this->mgf1->get_mask(this->mgf1, this->hash_len,
this->octets))
{
/* no block available */
return FALSE;
}
this->octets_left = this->hash_len;
this->octets_count += this->hash_len;
}
this->bits = untoh32(this->octets + this->hash_len -
this->octets_left);
this->bits_left = 32;
this->octets_left -= 4;
}
if (bits_needed > this->bits_left)
{
bits_now = this->bits_left;
this->bits_left = 0;
bits_needed -= bits_now;
}
else
{
bits_now = bits_needed;
this->bits_left -= bits_needed;
bits_needed = 0;
}
if (bits_now == 32)
{
*bits = this->bits;
}
else
{
*bits <<= bits_now;
*bits |= this->bits >> this->bits_left;
if (this->bits_left)
{
this->bits &= 0xffffffff >> (32 - this->bits_left);
}
}
}
return TRUE;
}
METHOD(mgf1_bitspender_t, get_byte, bool,
private_mgf1_bitspender_t *this, uint8_t *byte)
{
if (this->bytes_left == 0)
{
if (this->octets_left == 0)
{
/* get another block from MGF1 */
if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets))
{
/* no block available */
return FALSE;
}
this->octets_left = this->hash_len;
this->octets_count += this->hash_len;
}
memcpy(this->bytes, this->octets + this->hash_len - this->octets_left, 4);
this->bytes_left = 4;
this->octets_left -= 4;
}
*byte = this->bytes[4 - this->bytes_left--];
return TRUE;
}
METHOD(mgf1_bitspender_t, destroy, void,
private_mgf1_bitspender_t *this)
{
DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count);
memwipe(this->octets, sizeof(this->octets));
this->mgf1->destroy(this->mgf1);
free(this);
}
/**
* See header.
*/
mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
bool hash_seed)
{
private_mgf1_bitspender_t *this;
mgf1_t *mgf1;
mgf1 = mgf1_create(alg, seed, hash_seed);
if (!mgf1)
{
return NULL;
}
DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets",
hash_algorithm_short_names, alg, seed.len);
INIT(this,
.public = {
.get_bits = _get_bits,
.get_byte = _get_byte,
.destroy = _destroy,
},
.mgf1 = mgf1,
.hash_len = mgf1->get_hash_size(mgf1),
);
return &this->public;
}

47
src/libstrongswan/crypto/xofs/mgf1.h Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup mgf1 mgf1
* @{ @ingroup crypto
*/
#ifndef MGF1_H_
#define MGF1_H_
typedef struct mgf1_t mgf1_t;
#include "xof.h"
/**
* Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
* defined in section 10.2.1 of RFC 2437
*/
struct mgf1_t {
/**
* Generic xof_t interface for this Extended Output Function (XOF).
*/
xof_t xof_interface;
/**
* Hash the seed before using it as a seed for MGF1
*
* @param yes TRUE if seed has to be hashed first
*/
void (*set_hash_seed)(mgf1_t *this, bool yes);
};
#endif /** MGF1_H_ @}*/

4
src/libstrongswan/crypto/xofs/xof.c
View File

@ -17,11 +17,11 @@
ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
"XOF_UNDEFINED",
"XOF_SHAKE128",
"XOF_SHAKE256",
"XOF_MGF1_SHA1",
"XOF_MGF1_SHA256",
"XOF_MGF1_SHA512",
"XOF_SHAKE128",
"XOF_SHAKE256",
"XOF_CHACHA20"
);

17
src/libstrongswan/crypto/xofs/xof.h
View File

@ -31,16 +31,16 @@ typedef struct xof_t xof_t;
*/
enum ext_out_function_t {
XOF_UNDEFINED,
/** FIPS 202 */
XOF_SHAKE_128,
/** FIPS 202 */
XOF_SHAKE_256,
/** RFC 2437 PKCS#1 */
XOF_MGF1_SHA1,
/** RFC 2437 PKCS#1 */
XOF_MGF1_SHA256,
/** RFC 2437 PKCS#1 */
XOF_MGF1_SHA512,
/** FIPS 202 */
XOF_SHAKE_128,
/** FIPS 202 */
XOF_SHAKE_256,
/** RFC 7539 ChaCha20 */
XOF_CHACHA20,
};
@ -51,10 +51,17 @@ enum ext_out_function_t {
extern enum_name_t *ext_out_function_names;
/**
* Generic interface for pseudo-random-functions.
* Generic interface for Extended Output Function (XOF)
*/
struct xof_t {
/**
* Return the type of the Extended Output Function
*
* @return XOF type
*/
ext_out_function_t (*get_type)(xof_t *this);
/**
* Generates pseudo random bytes and writes them in the buffer.
*

213
src/libstrongswan/crypto/xofs/xof_bitspender.c Normal file
View File

@ -0,0 +1,213 @@
/*
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "xof_bitspender.h"
#include "mgf1.h"
typedef struct private_xof_bitspender_t private_xof_bitspender_t;
/**
* Private data structure for xof_bitspender_t object
*/
struct private_xof_bitspender_t {
/**
* Public interface.
*/
xof_bitspender_t public;
/**
* Extended Output Function (XOF)
*/
xof_t *xof;
/**
* Length of the returned hash value in octets
*/
int hash_len;
/**
* Bit storage (accommodates up to 32 bits)
*/
uint32_t bits;
/**
* Number of available bits
*/
int bits_left;
/**
* Byte storage (accommodates up to 4 bytes)
*/
uint8_t bytes[4];
/**
* Number of available bytes
*/
int bytes_left;
/**
* Number of octets spent
*/
int octet_count;
};
static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer)
{
if (!this->xof->get_bytes(this->xof, 4, buffer))
{
/* no block available */
return FALSE;
}
this->octet_count += 4;
return TRUE;
}
METHOD(xof_bitspender_t, get_bits, bool,
private_xof_bitspender_t *this, int bits_needed, uint32_t *bits)
{
int bits_now;
*bits = 0x00000000;
if (bits_needed == 0)
{
/* trivial */
return TRUE;
}
if (bits_needed > 32)
{
/* too many bits requested */
return FALSE;
}
while (bits_needed)
{
if (this->bits_left == 0)
{
uint8_t buf[4];
if (!get_next_block(this, buf))
{
return FALSE;
}
this->bits = untoh32(buf);
this->bits_left = 32;
}
if (bits_needed > this->bits_left)
{
bits_now = this->bits_left;
this->bits_left = 0;
bits_needed -= bits_now;
}
else
{
bits_now = bits_needed;
this->bits_left -= bits_needed;
bits_needed = 0;
}
if (bits_now == 32)
{
*bits = this->bits;
}
else
{
*bits <<= bits_now;
*bits |= this->bits >> this->bits_left;
if (this->bits_left)
{
this->bits &= 0xffffffff >> (32 - this->bits_left);
}
}
}
return TRUE;
}
METHOD(xof_bitspender_t, get_byte, bool,
private_xof_bitspender_t *this, uint8_t *byte)
{
if (this->bytes_left == 0)
{
if (!get_next_block(this, this->bytes))
{
return FALSE;
}
this->bytes_left = 4;
}
*byte = this->bytes[4 - this->bytes_left--];
return TRUE;
}
METHOD(xof_bitspender_t, destroy, void,
private_xof_bitspender_t *this)
{
DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names,
this->xof->get_type(this->xof), this->octet_count);
memwipe(this->bytes, 4);
this->xof->destroy(this->xof);
free(this);
}
/**
* See header.
*/
xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
bool hash_seed)
{
private_xof_bitspender_t *this;
xof_t *xof;
xof = lib->crypto->create_xof(lib->crypto, alg);
if (!xof)
{
return NULL;
}
switch (alg)
{
case XOF_MGF1_SHA1:
case XOF_MGF1_SHA256:
case XOF_MGF1_SHA512:
{
mgf1_t *mgf1 = (mgf1_t*)xof;
mgf1->set_hash_seed(mgf1, hash_seed);
break;
}
default:
break;
}
if (!xof->set_seed(xof, seed))
{
xof->destroy(xof);
return NULL;
}
DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names,
alg, seed.len);
INIT(this,
.public = {
.get_bits = _get_bits,
.get_byte = _get_byte,
.destroy = _destroy,
},
.xof = xof,
);
return &this->public;
}

38
src/libstrongswan/crypto/mgf1/mgf1_bitspender.h → src/libstrongswan/crypto/xofs/xof_bitspender.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -14,22 +14,24 @@
*/
/**
* @defgroup mgf1_bitspender mgf1_bitspender
* @defgroup xof_bitspender xof_bitspender
* @{ @ingroup mgf1
*/
#ifndef MGF1_BITSPENDER_H_
#define MGF1_BITSPENDER_H_
#ifndef XOF_BITSPENDER_H_
#define XOF_BITSPENDER_H_
#include "xof.h"
#include <library.h>
#include <crypto/hashers/hasher.h>
typedef struct mgf1_bitspender_t mgf1_bitspender_t;
typedef struct xof_bitspender_t xof_bitspender_t;
/**
* Generates a given number of pseudo-random bits at a time using MGF1
* Generates a given number of pseudo-random bits at a time using an
* Extended Output Function (XOF)
*/
struct mgf1_bitspender_t {
struct xof_bitspender_t {
/**
* Get pseudo-random bits
@ -38,7 +40,7 @@ struct mgf1_bitspender_t {
* @param bits Pseudo-random bits
* @result FALSE if internal MGF1 error occurred
*/
bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits);
bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits);
/**
* Get a pseudo-random byte
@ -46,22 +48,22 @@ struct mgf1_bitspender_t {
* @param byte Pseudo-random byte
* @result FALSE if internal MGF1 error occurred
*/
bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte);
bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte);
/**
* Destroy mgf1_bitspender_t object
* Destroy xof_bitspender_t object
*/
void (*destroy)(mgf1_bitspender_t *this);
void (*destroy)(xof_bitspender_t *this);
};
/**
* Create a mgf1_bitspender_t object
* Create a xof_bitspender_t object
*
* @param alg Hash algorithm to be used with MGF1
* @param seed Seed used to initialize MGF1
* @param alg XOF to be used
* @param seed Seed used to initialize XOF
* @param hash_seed Hash seed before using it as a seed for MFG1
*/
mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
bool hash_seed);
xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
bool hash_seed);
#endif /** MGF1_BITSPENDER_H_ @}*/
#endif /** XOF_BITSPENDER_H_ @}*/

19
src/libstrongswan/plugins/bliss/bliss_private_key.c
View File

@ -23,7 +23,7 @@
#include "ntt_fft.h"
#include "ntt_fft_reduce.h"
#include <crypto/mgf1/mgf1_bitspender.h>
#include <crypto/xofs/xof_bitspender.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
#include <asn1/oid.h>
@ -174,7 +174,8 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
bliss_sampler_t *sampler = NULL;
rng_t *rng;
hasher_t *hasher;
hash_algorithm_t mgf1_alg, oracle_alg;
hash_algorithm_t mgf1_alg;
ext_out_function_t oracle_alg;
size_t mgf1_seed_len;
uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512];
chunk_t mgf1_seed, data_hash;
@ -226,7 +227,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
}
/* MGF1 hash algorithm to be used for random oracle */
oracle_alg = HASH_SHA512;
oracle_alg = XOF_MGF1_SHA512;
/* Initialize a couple of needed variables */
n = this->set->n;
@ -834,14 +835,14 @@ static uint32_t invert(private_bliss_private_key_t *this, uint32_t x)
* Create a vector with sparse and small coefficients from seed
*/
static int8_t* create_vector_from_seed(private_bliss_private_key_t *this,
hash_algorithm_t alg, chunk_t seed)
ext_out_function_t alg, chunk_t seed)
{
mgf1_bitspender_t *bitspender;
xof_bitspender_t *bitspender;
uint32_t index, sign;
int8_t *vector;
int non_zero;
bitspender = mgf1_bitspender_create(alg, seed, FALSE);
bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
@ -910,7 +911,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
int i, n;
chunk_t seed;
size_t seed_len;
hash_algorithm_t alg;
ext_out_function_t alg;
n = this->set->n;
*s1 = NULL;
@ -919,12 +920,12 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
/* Set MGF1 hash algorithm and seed length based on security strength */
if (this->set->strength > 160)
{
alg = HASH_SHA256;
alg = XOF_MGF1_SHA256;
seed_len = HASH_SIZE_SHA256;
}
else
{
alg = HASH_SHA1;
alg = XOF_MGF1_SHA1;
seed_len = HASH_SIZE_SHA1;
}
seed = chunk_create(seed_buf, seed_len);

4
src/libstrongswan/plugins/bliss/bliss_public_key.c
View File

@ -76,7 +76,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
uint8_t data_hash_buf[HASH_SIZE_SHA512];
chunk_t data_hash;
hasher_t *hasher;
hash_algorithm_t oracle_alg;
ext_out_function_t oracle_alg;
ntt_fft_t *fft;
bliss_signature_t *sig;
bool success = FALSE;
@ -110,7 +110,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
}
/* MGF1 hash algorithm to be used for random oracle */
oracle_alg = HASH_SHA512;
oracle_alg = XOF_MGF1_SHA512;
/* Initialize a couple of needed variables */
n = this->set->n;

10
src/libstrongswan/plugins/bliss/bliss_sampler.c
View File

@ -17,7 +17,7 @@
typedef struct private_bliss_sampler_t private_bliss_sampler_t;
#include <crypto/mgf1/mgf1_bitspender.h>
#include <crypto/xofs/xof_bitspender.h>
/**
* Private data of a bliss_sampler_t object.
@ -37,7 +37,7 @@ struct private_bliss_sampler_t {
/**
* Bitspender used for random rejection sampling
*/
mgf1_bitspender_t *bitspender;
xof_bitspender_t *bitspender;
};
@ -222,13 +222,13 @@ METHOD(bliss_sampler_t, destroy, void,
/**
* See header.
*/
bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
const bliss_param_set_t *set)
{
private_bliss_sampler_t *this;
mgf1_bitspender_t *bitspender;
xof_bitspender_t *bitspender;
bitspender = mgf1_bitspender_create(alg, seed, FALSE);
bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;

4
src/libstrongswan/plugins/bliss/bliss_sampler.h
View File

@ -84,11 +84,11 @@ struct bliss_sampler_t {
/**
* Create a bliss_sampler_t object.
*
* @param alg Hash algorithm to be used for the internal bitspender
* @param alg XOF to be used for the internal bitspender
* @param seed Seed used to initialize the internal bitspender
* @param set BLISS parameter set to be used
*/
bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
const bliss_param_set_t *set);
#endif /** BLISS_SAMPLER_H_ @}*/

10
src/libstrongswan/plugins/bliss/bliss_utils.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -17,7 +17,7 @@
#include <asn1/asn1.h>
#include <crypto/hashers/hasher.h>
#include <crypto/mgf1/mgf1_bitspender.h>
#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
/**
@ -56,7 +56,7 @@ void bliss_utils_round_and_drop(const bliss_param_set_t *set,
/**
* See header.
*/
bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
uint16_t *ud, const bliss_param_set_t *set,
uint16_t *c_indices)
{
@ -65,7 +65,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
uint32_t index;
uint8_t *seed_pos;
chunk_t seed;
mgf1_bitspender_t *bitspender;
xof_bitspender_t *bitspender;
seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
@ -80,7 +80,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
seed_pos += sizeof(uint16_t);
}
bitspender = mgf1_bitspender_create(alg, seed, FALSE);
bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;

20
src/libstrongswan/plugins/bliss/bliss_utils.h
View File

@ -48,23 +48,23 @@ void bliss_utils_round_and_drop(const bliss_param_set_t *set,
/**
* Generate the binary challenge vector c as an array of kappa indices
*
* @param alg hash algorithm to be used for the internal oracle
* @param data_hash hash of the data to be signed
* @param ud input vector ud of size n
* @param set BLISS parameter set to be used (n, n_bits, kappa)
* @param c_indices indexes of non-zero challenge coefficients
* @param alg XOF to be used for the internal oracle
* @param data_hash hash of the data to be signed
* @param ud input vector ud of size n
* @param set BLISS parameter set to be used (n, n_bits, kappa)
* @param c_indices indexes of non-zero challenge coefficients
*/
bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
uint16_t *ud, const bliss_param_set_t *set,
uint16_t *c_indices);
/**
* Check the infinity and l2 norms of the vectors z1 and z2d << d
*
* @param set BLISS parameter set
* @param z1 input vector
* @param z2d input vector
* @result TRUE if infinite and l2 norms do not exceed boundaries
* @param set BLISS parameter set
* @param z1 input vector
* @param z2d input vector
* @result TRUE if infinite and l2 norms do not exceed boundaries
*/
bool bliss_utils_check_norms(const bliss_param_set_t *set,
int32_t *z1, int16_t *z2d);

9
src/libstrongswan/plugins/chapoly/chapoly_xof.c
View File

@ -44,6 +44,12 @@ struct private_chapoly_xof_t {
chapoly_drv_t *drv;
};
METHOD(xof_t, get_type, ext_out_function_t,
private_chapoly_xof_t *this)
{
return XOF_CHACHA20;
}
METHOD(xof_t, get_bytes, bool,
private_chapoly_xof_t *this, size_t out_len, uint8_t *buffer)
{
@ -53,7 +59,7 @@ METHOD(xof_t, get_bytes, bool,
len = min(out_len, CHACHA_BLOCK_SIZE - this->stream_index);
if (len)
{
memcpy(buffer + index, this->stream + this->stream_index, len);
memcpy(buffer, this->stream + this->stream_index, len);
index += len;
this->stream_index += len;
}
@ -151,6 +157,7 @@ chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm)
INIT(this,
.public = {
.xof_interface = {
.get_type = _get_type,
.get_bytes = _get_bytes,
.allocate_bytes = _allocate_bytes,
.get_block_size = _get_block_size,

17
src/libstrongswan/plugins/mgf1/Makefile.am Normal file
View File

@ -0,0 +1,17 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = \
$(PLUGIN_CFLAGS)
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-mgf1.la
else
plugin_LTLIBRARIES = libstrongswan-mgf1.la
endif
libstrongswan_mgf1_la_SOURCES = \
mgf1_plugin.h mgf1_plugin.c \
mgf1_xof.h mgf1_xof.c
libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version

81
src/libstrongswan/plugins/mgf1/mgf1_plugin.c Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "mgf1_plugin.h"
#include "mgf1_xof.h"
#include <library.h>
typedef struct private_mgf1_plugin_t private_mgf1_plugin_t;
/**
* private data of mgf1_plugin
*/
struct private_mgf1_plugin_t {
/**
* public functions
*/
mgf1_plugin_t public;
};
METHOD(plugin_t, get_name, char*,
private_mgf1_plugin_t *this)
{
return "mgf1";
}
METHOD(plugin_t, get_features, int,
private_mgf1_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
PLUGIN_REGISTER(XOF, mgf1_xof_create),
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1),
PLUGIN_DEPENDS(HASHER, HASH_SHA1),
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
};
*features = f;
return countof(f);
}
METHOD(plugin_t, destroy, void,
private_mgf1_plugin_t *this)
{
free(this);
}
/*
* see header file
*/
plugin_t *mgf1_plugin_create()
{
private_mgf1_plugin_t *this;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
.get_features = _get_features,
.destroy = _destroy,
},
},
);
return &this->public.plugin;
}

42
src/libstrongswan/plugins/mgf1/mgf1_plugin.h Normal file
View File

@ -0,0 +1,42 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup mgf1_p mgf1
* @ingroup plugins
*
* @defgroup mgf1_plugin mgf1_plugin
* @{ @ingroup mgf1_p
*/
#ifndef MGF1_PLUGIN_H_
#define MGF1_PLUGIN_H_
#include <plugins/plugin.h>
typedef struct mgf1_plugin_t mgf1_plugin_t;
/**
* Plugin implementing the MGF1 Mask Generator Function in software.
*/
struct mgf1_plugin_t {
/**
* implements plugin interface
*/
plugin_t plugin;
};
#endif /** MGF1_PLUGIN_H_ @}*/

285
src/libstrongswan/plugins/mgf1/mgf1_xof.c Normal file
View File

@ -0,0 +1,285 @@
/*
* Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "mgf1_xof.h"
#include "crypto/hashers/hasher.h"
#include "utils/debug.h"
typedef struct private_mgf1_xof_t private_mgf1_xof_t;
/**
* Private data of an mgf1_xof_t object.
*/
struct private_mgf1_xof_t {
/**
* Public mgf1_xof_t interface.
*/
mgf1_xof_t public;
/**
* XOF type of the MGF1 Mask Generation Function
*/
ext_out_function_t type;
/**
* Hasher the MGF1 Mask Generation Function is based on
*/
hasher_t *hasher;
/**
* Is the seed hashed before using it as a seed for MGF1 ?
*/
bool hash_seed;
/**
* Counter
*/
uint32_t counter;
/**
* Set if counter has reached 2^32
*/
bool overflow;
/**
* Current state to be hashed
*/
chunk_t state;
/**
* Position of the 4 octet counter string
*/
uint8_t *ctr_str;
/**
* Latest hash block
*/
uint8_t buf[HASH_SIZE_SHA512];
/**
* Index pointing to the current position in the hash block
*/
size_t buf_index;
};
METHOD(xof_t, get_type, ext_out_function_t,
private_mgf1_xof_t *this)
{
return this->type;
}
static bool get_next_block(private_mgf1_xof_t *this, uint8_t *buffer)
{
/* detect overflow, set counter string and increment counter */
if (this->overflow)
{
DBG1(DBG_LIB, "MGF1 overflow occurred");
return FALSE;
}
htoun32(this->ctr_str, this->counter++);
if (this->counter == 0)
{
this->overflow = TRUE;
}
/* get the next block from the hash function */
if (!this->hasher->get_hash(this->hasher, this->state, buffer))
{
return FALSE;
}
return TRUE;
}
METHOD(xof_t, get_bytes, bool,
private_mgf1_xof_t *this, size_t out_len, uint8_t *buffer)
{
size_t index = 0, blocks, len, hash_size;
hash_size = this->hasher->get_hash_size(this->hasher);
/* empty the current hash block buffer first */
len = min(out_len, hash_size - this->buf_index);
if (len)
{
memcpy(buffer, this->buf + this->buf_index, len);
index += len;
this->buf_index += len;
}
/* copy whole hash blocks directly to output buffer */
blocks = (out_len - index) / hash_size;
while (blocks--)
{
if (!get_next_block(this, buffer + index))
{
return FALSE;
}
index += hash_size;
}
/* get another hash block if some more output bytes are needed */
len = out_len - index;
if (len)
{
if (!get_next_block(this, this->buf))
{
return FALSE;
}
memcpy(buffer + index, this->buf, len);
this->buf_index = len;
}
return TRUE;
}
METHOD(xof_t, allocate_bytes, bool,
private_mgf1_xof_t *this, size_t out_len, chunk_t *chunk)
{
*chunk = chunk_alloc(out_len);
if (!get_bytes(this, out_len, chunk->ptr))
{
chunk_free(chunk);
return FALSE;
}
return TRUE;
}
METHOD(xof_t, get_block_size, size_t,
private_mgf1_xof_t *this)
{
return this->hasher->get_hash_size(this->hasher);
}
METHOD(xof_t, get_seed_size, size_t,
private_mgf1_xof_t *this)
{
return this->hasher->get_hash_size(this->hasher);
}
METHOD(xof_t, set_seed, bool,
private_mgf1_xof_t *this, chunk_t seed)
{
size_t hash_size, state_len;
if (seed.len == 0)
{
DBG1(DBG_LIB, "empty seed for MGF1");
return FALSE;
}
/* determine state size and allocate space accordingly */
hash_size = this->hasher->get_hash_size(this->hasher);
state_len = (this->hash_seed ? hash_size : seed.len) + 4;
chunk_clear(&this->state);
this->state = chunk_alloc(state_len);
/* hash block buffer is empty */
this->buf_index = hash_size;
/* reset counter */
this->counter = 0;
/* determine position of the 4 octet counter string */
this->ctr_str = this->state.ptr + state_len - 4;
if (this->hash_seed)
{
if (!this->hasher->get_hash(this->hasher, seed, this->state.ptr))
{
DBG1(DBG_LIB, "failed to hash seed for MGF1");
return FALSE;
}
}
else
{
memcpy(this->state.ptr, seed.ptr, seed.len);
}
return TRUE;
}
METHOD(xof_t, destroy, void,
private_mgf1_xof_t *this)
{
this->hasher->destroy(this->hasher);
chunk_clear(&this->state);
free(this);
}
METHOD(mgf1_t, set_hash_seed, void,
private_mgf1_xof_t *this, bool yes)
{
this->hash_seed = yes;
}
/*
* Described in header.
*/
mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm)
{
private_mgf1_xof_t *this;
hash_algorithm_t hash_alg;
hasher_t *hasher;
switch (algorithm)
{
case XOF_MGF1_SHA1:
hash_alg = HASH_SHA1;
break;
case XOF_MGF1_SHA256:
hash_alg = HASH_SHA256;
break;
case XOF_MGF1_SHA512:
hash_alg = HASH_SHA512;
break;
default:
return NULL;
}
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
if (!hasher)
{
DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
hash_algorithm_names, hash_alg);
return NULL;
}
INIT(this,
.public = {
.mgf1_interface = {
.xof_interface = {
.get_type = _get_type,
.get_bytes = _get_bytes,
.allocate_bytes = _allocate_bytes,
.get_block_size = _get_block_size,
.get_seed_size = _get_seed_size,
.set_seed = _set_seed,
.destroy = _destroy,
},
.set_hash_seed = _set_hash_seed,
},
},
.type = algorithm,
.hasher = hasher,
);
return &this->public;
}

49
src/libstrongswan/plugins/mgf1/mgf1_xof.h Normal file
View File

@ -0,0 +1,49 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup mgf1_xof mgf1_xof
* @{ @ingroup crypto
*/
#ifndef MGF1_XOF_H_
#define MGF1_XOF_H_
typedef struct mgf1_xof_t mgf1_xof_t;
#include <crypto/xofs/mgf1.h>
/**
* Implements the PKCS#1 MGF1_XOF Mask Generation Function based on a hash
* function defined in section 10.2.1 of RFC 2437
*/
struct mgf1_xof_t {
/**
* mgf1_t interface for this Extended Output Function (XOF).
*/
mgf1_t mgf1_interface;
};
/**
* Create an mgf1_xof_t object
*
* @param algorithm XOF_MGF1_SHA1, XOF_MGF1_SHA256 or XOF_MGF1_SHA512
* @return mgf1_xof_t object, NULL if not supported
*/
mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm);
#endif /** MGF1_XOF_H_ @}*/

13
src/libstrongswan/plugins/ntru/ntru_poly.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
@ -17,7 +17,7 @@
#include "ntru_poly.h"
#include <crypto/mgf1/mgf1_bitspender.h>
#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
#include <utils/test.h>
@ -290,8 +290,9 @@ static private_ntru_poly_t* ntru_poly_create(uint16_t N, uint16_t q,
/*
* Described in header.
*/
ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
uint8_t c_bits, uint16_t N, uint16_t q,
ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t mgf1_type,
chunk_t seed, uint8_t c_bits,
uint16_t N, uint16_t q,
uint32_t indices_len_p,
uint32_t indices_len_m,
bool is_product_form)
@ -300,9 +301,9 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
int n, num_indices, index_i = 0;
uint32_t index, limit;
uint8_t *used;
mgf1_bitspender_t *bitspender;
xof_bitspender_t *bitspender;
bitspender = mgf1_bitspender_create(alg, seed, TRUE);
bitspender = xof_bitspender_create(mgf1_type, seed, TRUE);
if (!bitspender)
{
return NULL;

9
src/libstrongswan/plugins/ntru/ntru_poly.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -24,6 +24,7 @@
typedef struct ntru_poly_t ntru_poly_t;
#include <library.h>
#include <crypto/xofs/xof.h>
/**
* Implements a trinary polynomial storing the indices of non-zero coefficients
@ -63,9 +64,9 @@ struct ntru_poly_t {
};
/**
* Create a trits polynomial from a seed using MGF1 with a base hash function
* Create a trits polynomial from a seed using MGF1
*
* @param alg hash algorithm to be used by MGF1
* @param alg MGF1 algorithm used(XOF_MGF1_SHA1 or XOF_MGF_SHA256)
* @param seed seed used by MGF1 to generate trits from
* @param N ring dimension, number of polynomial coefficients
* @param q large modulus
@ -74,7 +75,7 @@ struct ntru_poly_t {
* @param indices_len_m number of indices for -1 coefficients
* @param is_product_form generate multiple polynomials
*/
ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t alg, chunk_t seed,
uint8_t c_bits, uint16_t N, uint16_t q,
uint32_t indices_len_p,
uint32_t indices_len_m,

33
src/libstrongswan/plugins/ntru/ntru_private_key.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
@ -178,7 +178,7 @@ bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt)
METHOD(ntru_private_key_t, decrypt, bool,
private_ntru_private_key_t *this, chunk_t ciphertext, chunk_t *plaintext)
{
hash_algorithm_t hash_algid;
ext_out_function_t alg;
size_t t_len, seed1_len, seed2_len;
uint16_t *t1, *t2, *t = NULL;
uint16_t mod_q_mask, q_mod_p, cmprime_len, cm_len = 0, num_zeros;
@ -206,9 +206,9 @@ METHOD(ntru_private_key_t, decrypt, bool,
Mtrin = (uint8_t *)t1;
M = Mtrin + this->params->N;
/* set hash algorithm based on security strength */
hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
HASH_SHA256;
/* set MGF1 algorithm type based on security strength */
alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
XOF_MGF1_SHA256;
/* set constants */
mod_q_mask = this->params->q - 1;
@ -307,7 +307,7 @@ METHOD(ntru_private_key_t, decrypt, bool,
ntru_coeffs_mod4_2_octets(this->params->N, t2, seed.ptr);
/* form mask */
mask = ntru_trits_create(this->params->N, hash_algid, seed);
mask = ntru_trits_create(this->params->N, alg, seed);
if (!mask)
{
DBG1(DBG_LIB, "mask creation failed");
@ -390,9 +390,8 @@ METHOD(ntru_private_key_t, decrypt, bool,
/* generate cr */
DBG2(DBG_LIB, "generate polynomial r");
r_poly = ntru_poly_create_from_seed(hash_algid, seed,
this->params->c_bits, this->params->N,
this->params->q, this->params->dF_r,
r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
this->params->N, this->params->q, this->params->dF_r,
this->params->dF_r, this->params->is_product_form);
if (!r_poly)
{
@ -648,7 +647,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
size_t t_len;
uint16_t *t1, *t2, *t = NULL;
uint16_t mod_q_mask;
hash_algorithm_t hash_algid;
ext_out_function_t alg;
ntru_poly_t *g_poly;
chunk_t seed;
int i;
@ -667,14 +666,8 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
);
/* set hash algorithm and seed length based on security strength */
if (params->sec_strength_len <= 20)
{
hash_algid = HASH_SHA1;
}
else
{
hash_algid = HASH_SHA256;
}
alg = (params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
XOF_MGF1_SHA256;
seed =chunk_alloc(params->sec_strength_len + 8);
/* get random seed for generating trinary F as a list of indices */
@ -685,7 +678,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
}
DBG2(DBG_LIB, "generate polynomial F");
this->privkey = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
this->privkey = ntru_poly_create_from_seed(alg, seed, params->c_bits,
params->N, params->q,
params->dF_r, params->dF_r,
params->is_product_form);
@ -729,7 +722,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
}
DBG2(DBG_LIB, "generate polynomial g");
g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
g_poly = ntru_poly_create_from_seed(alg, seed, params->c_bits,
params->N, params->q, params->dg + 1,
params->dg, FALSE);
if (!g_poly)

12
src/libstrongswan/plugins/ntru/ntru_public_key.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Andreas Steffen
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
@ -102,7 +102,7 @@ extern bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt);
METHOD(ntru_public_key_t, encrypt, bool,
private_ntru_public_key_t *this, chunk_t plaintext, chunk_t *ciphertext)
{
hash_algorithm_t hash_algid;
ext_out_function_t alg;
size_t t_len, seed1_len, seed2_len;
uint16_t *t1, *t = NULL;
uint8_t b[MAX_SEC_STRENGTH_LEN];
@ -139,8 +139,8 @@ METHOD(ntru_public_key_t, encrypt, bool,
M = Mtrin + this->params->N;
/* set hash algorithm based on security strength */
hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
HASH_SHA256;
alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
XOF_MGF1_SHA256;
/* set constants */
mod_q_mask = this->params->q - 1;
@ -173,7 +173,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
seed.len = seed2_len;
DBG2(DBG_LIB, "generate polynomial r");
r_poly = ntru_poly_create_from_seed(hash_algid, seed, this->params->c_bits,
r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
this->params->N, this->params->q,
this->params->dF_r, this->params->dF_r,
this->params->is_product_form);
@ -191,7 +191,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
seed.len = seed1_len;
/* form mask */
mask = ntru_trits_create(this->params->N, hash_algid, seed);
mask = ntru_trits_create(this->params->N, alg, seed);
if (!mask)
{
DBG1(DBG_LIB, "mask creation failed");

11
src/libstrongswan/plugins/ntru/ntru_trits.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2013-2014 Andreas Steffen
* Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -16,7 +16,7 @@
#include "ntru_trits.h"
#include "ntru_convert.h"
#include <crypto/mgf1/mgf1_bitspender.h>
#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
#include <utils/test.h>
@ -67,14 +67,15 @@ METHOD(ntru_trits_t, destroy, void,
/*
* Described in header.
*/
ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
ntru_trits_t *ntru_trits_create(size_t len, ext_out_function_t alg,
chunk_t seed)
{
private_ntru_trits_t *this;
uint8_t octet, buf[5], *trits;
size_t trits_needed;
mgf1_bitspender_t *bitspender;
xof_bitspender_t *bitspender;
bitspender = mgf1_bitspender_create(alg, seed, TRUE);
bitspender = xof_bitspender_create(alg, seed, TRUE);
if (!bitspender)
{
return NULL;

8
src/libstrongswan/plugins/ntru/ntru_trits.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2013 Andreas Steffen
* Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -24,6 +24,7 @@
typedef struct ntru_trits_t ntru_trits_t;
#include <library.h>
#include <crypto/xofs/xof.h>
/**
* Implements an array of trinary elements (trits)
@ -52,10 +53,11 @@ struct ntru_trits_t {
* Create a trits array from a seed using MGF1 with a base hash function
*
* @param size size of the trits array
* @param alg hash algorithm to be used by MGF1
* @param alg MGF1 algorithm used (XOF_MGF1_SHA1 or XOF_MGF_SHA256)
* @param seed seed used by MGF1 to generate trits from
*/
ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed);
ntru_trits_t *ntru_trits_create(size_t size, ext_out_function_t alg,
chunk_t seed);
#endif /** NTRU_TRITS_H_ @}*/

6
src/libstrongswan/plugins/sha3/sha3_shake.c
View File

@ -46,6 +46,11 @@ struct private_sha3_shake_t {
};
METHOD(xof_t, get_type, ext_out_function_t,
private_sha3_shake_t *this)
{
return this->algorithm;
}
METHOD(xof_t, get_bytes, bool,
private_sha3_shake_t *this, size_t out_len, uint8_t *buffer)
@ -114,6 +119,7 @@ sha3_shake_t* sha3_shake_create(ext_out_function_t algorithm)
INIT(this,
.public = {
.xof_interface = {
.get_type = _get_type,
.get_bytes = _get_bytes,
.allocate_bytes = _allocate_bytes,
.get_block_size = _get_block_size,

88
src/libstrongswan/tests/suites/test_mgf1.c
View File

@ -17,11 +17,12 @@
#include <tests/utils/test_rng.h>
#include <utils/test.h>
#include <crypto/mgf1/mgf1.h>
#include <crypto/mgf1/mgf1_bitspender.h>
#include <crypto/xofs/xof.h>
#include <crypto/xofs/xof_bitspender.h>
#include <crypto/xofs/mgf1.h>
typedef struct {
hash_algorithm_t alg;
ext_out_function_t alg;
size_t hash_size;
size_t ml1, ml2, ml3, seed_len;
chunk_t seed;
@ -34,7 +35,7 @@ typedef struct {
* MGF1 Mask Generation Function Test Vectors
*/
mgf1_test_t mgf1_tests[] = {
{ HASH_SHA1, 20, 60, 20, 15, 24,
{ XOF_MGF1_SHA1, 20, 60, 20, 15, 24,
chunk_from_chars(
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
@ -73,7 +74,7 @@ mgf1_test_t mgf1_tests[] = {
{ 0, 0, 0, 4, 1, 1, 46, 103, 38, 411, 848, 57, 3540, 4058, 12403,
0x63, 0x2B, 0xC9, 0x17, 0x56, 669409, 0xA407A43B },
},
{ HASH_SHA256, 32, 64, 32, 33, 40,
{ XOF_MGF1_SHA256, 32, 64, 32, 33, 40,
chunk_from_chars(
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
@ -127,6 +128,7 @@ mgf1_test_t mgf1_tests[] = {
START_TEST(mgf1_test_mgf1)
{
xof_t *xof;
mgf1_t *mgf1;
chunk_t mask, mask1, mask2, mask3;
@ -137,72 +139,88 @@ START_TEST(mgf1_test_mgf1)
mask2.len = mgf1_tests[_i].ml2;
mask3.len = mgf1_tests[_i].ml3;
mgf1 = mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
ck_assert(mgf1 == NULL);
/* unknown XOF */
xof = lib->crypto->create_xof(lib->crypto, XOF_UNDEFINED);
ck_assert(xof == NULL);
mgf1 = mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
ck_assert(mgf1 == NULL);
/* create MGF1 XOF */
xof = lib->crypto->create_xof(lib->crypto, mgf1_tests[_i].alg);
ck_assert(xof);
/* return mask in allocated chunk */
mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
ck_assert(mgf1);
/* hash the seed */
mgf1 = (mgf1_t*)xof;
mgf1->set_hash_seed(mgf1, TRUE);
/* check hash size */
ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
/* check MGF1 type */
ck_assert(xof->get_type(xof) == mgf1_tests[_i].alg);
/* get zero number of octets */
ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
/* check seed size */
ck_assert(xof->get_seed_size(xof) == mgf1_tests[_i].hash_size);
/* check block size */
ck_assert(xof->get_block_size(xof) == mgf1_tests[_i].hash_size);
/* empty seed */
ck_assert(!xof->set_seed(xof, chunk_empty));
/* initialize MGF1 with non-empty seed */
ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
/* allocate zero number of octets */
ck_assert(xof->allocate_bytes(xof, 0, &mask));
ck_assert(mask.len == 0 && mask.ptr == NULL);
/* get non-zero number of octets */
ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
/* allocate non-zero number of octets */
ck_assert(xof->allocate_bytes(xof, mgf1_tests[_i].mask.len, &mask));
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
mgf1->destroy(mgf1);
/* re-initialize MGF1 with non-empty seed */
ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
/* copy mask to pre-allocated buffer */
mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
ck_assert(mgf1);
ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
ck_assert(xof->get_bytes(xof, mgf1_tests[_i].mask.len, mask.ptr));
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
mgf1->destroy(mgf1);
/* get mask in batches without hashing the seed */
mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
ck_assert(mgf1);
/* do not hash the seed */
mgf1->set_hash_seed(mgf1, FALSE);
/* re-initialize MGF1 with non-empty seed */
ck_assert(xof->set_seed(xof, mgf1_tests[_i].hashed_seed));
/* first batch */
ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
ck_assert(xof->get_bytes(xof, mask1.len, mask.ptr));
mask.len = mask1.len;
ck_assert(chunk_equals(mask, mask1));
/* second batch */
ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
ck_assert(xof->get_bytes(xof, mask2.len, mask.ptr));
mask.len = mask2.len;
ck_assert(chunk_equals(mask, mask2));
/* third batch */
ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
ck_assert(xof->get_bytes(xof, mask3.len, mask.ptr));
mask.len = mask3.len;
ck_assert(chunk_equals(mask, mask3));
mgf1->destroy(mgf1);
/* clean up */
xof->destroy(xof);
chunk_free(&mask);
}
END_TEST
START_TEST(mgf1_test_bitspender)
{
mgf1_bitspender_t *bitspender;
xof_bitspender_t *bitspender;
uint32_t bits;
uint8_t byte;
int j;
bitspender = mgf1_bitspender_create(HASH_UNKNOWN,
mgf1_tests[_i].hashed_seed, FALSE);
bitspender = xof_bitspender_create(XOF_UNDEFINED,
mgf1_tests[_i].hashed_seed, FALSE);
ck_assert(bitspender == NULL);
bitspender = mgf1_bitspender_create(mgf1_tests[_i].alg,
mgf1_tests[_i].hashed_seed, FALSE);
bitspender = xof_bitspender_create(mgf1_tests[_i].alg,
mgf1_tests[_i].hashed_seed, FALSE);
ck_assert(bitspender);
for (j = 0; j < 15; j++)

16
src/libstrongswan/tests/suites/test_ntru.c
View File

@ -17,7 +17,7 @@
#include <tests/utils/test_rng.h>
#include <utils/test.h>
#include <crypto/mgf1/mgf1.h>
#include <crypto/xofs/xof.h>
#include <plugins/ntru/ntru_drbg.h>
#include <plugins/ntru/ntru_trits.h>
#include <plugins/ntru/ntru_poly.h>
@ -28,10 +28,10 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
uint32_t strength, chunk_t pers_str, rng_t *entropy)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
size_t len, hash_algorithm_t alg, chunk_t seed)
size_t len, ext_out_function_t alg, chunk_t seed)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
ext_out_function_t alg, chunk_t seed, uint8_t c_bits,
uint16_t N, uint16_t q, uint32_t indices_len_p,
uint32_t indices_len_m, bool is_product_form)
@ -329,7 +329,7 @@ typedef struct {
} poly_test_t;
typedef struct {
hash_algorithm_t alg;
ext_out_function_t alg;
size_t hash_size;
size_t seed_len;
chunk_t seed;
@ -384,7 +384,7 @@ uint16_t indices_ees1171ep1[] = {
* Trits and Polynomial Test Vectors
*/
static trits_test_t trits_tests[] = {
{ HASH_SHA1, 20, 24,
{ XOF_MGF1_SHA1, 20, 24,
chunk_from_chars(
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
@ -432,7 +432,7 @@ static trits_test_t trits_tests[] = {
}
}
},
{ HASH_SHA256, 32, 40,
{ XOF_MGF1_SHA256, 32, 40,
chunk_from_chars(
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
@ -501,7 +501,7 @@ START_TEST(test_ntru_trits)
chunk_t trits;
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
HASH_UNKNOWN, trits_tests[_i].seed);
XOF_UNDEFINED, trits_tests[_i].seed);
ck_assert(mask == NULL);
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
@ -539,7 +539,7 @@ START_TEST(test_ntru_poly)
seed.len = trits_tests[_i].seed_len;
p = &trits_tests[_i].poly_test[0];
poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed,
poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, XOF_UNDEFINED, seed,
p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
p->is_product_form);
ck_assert(poly == NULL);

2
testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes

3
testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
View File

@ -1,7 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
}

2
testing/tests/ikev1/rw-ntru-psk/hosts/carol/etc/strongswan.conf
View File

@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/ikev1/rw-ntru-psk/hosts/dave/etc/strongswan.conf
View File

@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/ikev1/rw-ntru-psk/hosts/moon/etc/strongswan.conf
View File

@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/ikev2/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
load = random nonce chapoly aes sha1 sha2 md5 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/ikev2/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
load = random nonce chapoly aes sha1 sha2 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes

2
testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes

2
testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes

2
testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
}

2
testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {

2
testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {

2
testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {

2
testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}

2
testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}

2
testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}

2
testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}

2
testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}

2
testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}

2
testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf
View File

@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf
View File

@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf
View File

@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}

2
testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
View File

@ -5,7 +5,7 @@ swanctl {
}
charon {
load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500

2
testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
View File

@ -5,7 +5,7 @@ swanctl {
}
charon {
load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500

2
testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
View File

@ -5,7 +5,7 @@ swanctl {
}
charon {
load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500

2
testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500

2
testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500

2
testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
View File

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500