mgf1: Refactored MGF1 as an XOF
This commit is contained in:
parent
e9e643b240
commit
188b190a70
|
@ -149,6 +149,7 @@ ARG_DISBL_SET([sha1], [disable SHA1 software implementation plugin.])
|
|||
ARG_DISBL_SET([sha2], [disable SHA256/SHA384/SHA512 software implementation plugin.])
|
||||
ARG_ENABL_SET([sha3], [enable SHA3_224/SHA3_256/SHA3_384/SHA3_512 software implementation plugin.])
|
||||
ARG_DISBL_SET([xcbc], [disable xcbc crypto implementation plugin.])
|
||||
ARG_ENABL_SET([mgf1], [enables the MGF1 software implementation plugin.])
|
||||
# encoding/decoding plugins
|
||||
ARG_DISBL_SET([dnskey], [disable DNS RR key decoding plugin.])
|
||||
ARG_DISBL_SET([pem], [disable PEM decoding plugin.])
|
||||
|
@ -465,6 +466,10 @@ if test x$aikpub2 = xtrue; then
|
|||
tss_tss2=true
|
||||
fi
|
||||
|
||||
if test x$ntru = xtrue -o x$bliss = xtrue; then
|
||||
mgf1=true
|
||||
fi
|
||||
|
||||
# ===========================================
|
||||
# check required libraries and header files
|
||||
# ===========================================
|
||||
|
@ -1327,6 +1332,7 @@ ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attes
|
|||
ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
||||
ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
|
||||
ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
|
||||
ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
||||
ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
||||
ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
||||
ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
|
||||
|
@ -1482,6 +1488,7 @@ AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
|
|||
AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
|
||||
AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
|
||||
AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
|
||||
AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
|
||||
AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
|
||||
AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
|
||||
AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
|
||||
|
@ -1738,6 +1745,7 @@ AC_CONFIG_FILES([
|
|||
src/libstrongswan/plugins/sha1/Makefile
|
||||
src/libstrongswan/plugins/sha2/Makefile
|
||||
src/libstrongswan/plugins/sha3/Makefile
|
||||
src/libstrongswan/plugins/mgf1/Makefile
|
||||
src/libstrongswan/plugins/fips_prf/Makefile
|
||||
src/libstrongswan/plugins/gmp/Makefile
|
||||
src/libstrongswan/plugins/rdrand/Makefile
|
||||
|
|
|
@ -14,8 +14,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
|
|||
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
|
||||
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
|
||||
crypto/iv/iv_gen_null.c \
|
||||
crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
|
||||
crypto/xofs/xof.c \
|
||||
crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
|
||||
credentials/credential_factory.c credentials/builder.c \
|
||||
credentials/cred_encoding.c credentials/keys/private_key.c \
|
||||
credentials/keys/public_key.c credentials/keys/shared_key.c \
|
||||
|
@ -76,8 +75,7 @@ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
|
|||
crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
|
||||
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
|
||||
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
|
||||
crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
|
||||
crypto/xofs/xof.h \
|
||||
crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
|
||||
credentials/credential_factory.h credentials/builder.h \
|
||||
credentials/cred_encoding.h credentials/keys/private_key.h \
|
||||
credentials/keys/public_key.h credentials/keys/shared_key.h \
|
||||
|
@ -588,6 +586,13 @@ if MONOLITHIC
|
|||
endif
|
||||
endif
|
||||
|
||||
if USE_MGF1
|
||||
SUBDIRS += plugins/mgf1
|
||||
if MONOLITHIC
|
||||
libstrongswan_la_LIBADD += plugins/mgf1/libstrongswan-mgf1.la
|
||||
endif
|
||||
endif
|
||||
|
||||
if USE_NTRU
|
||||
SUBDIRS += plugins/ntru
|
||||
if MONOLITHIC
|
||||
|
|
|
@ -1,180 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2013-2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "mgf1.h"
|
||||
|
||||
#include "crypto/hashers/hasher.h"
|
||||
#include "utils/debug.h"
|
||||
#include "utils/test.h"
|
||||
|
||||
typedef struct private_mgf1_t private_mgf1_t;
|
||||
|
||||
/**
|
||||
* Private data of an mgf1_t object.
|
||||
*/
|
||||
struct private_mgf1_t {
|
||||
|
||||
/**
|
||||
* Public mgf1_t interface.
|
||||
*/
|
||||
mgf1_t public;
|
||||
|
||||
/**
|
||||
* Hasher the MGF1 Mask Generation Function is based on
|
||||
*/
|
||||
hasher_t *hasher;
|
||||
|
||||
/**
|
||||
* Counter
|
||||
*/
|
||||
uint32_t counter;
|
||||
|
||||
/**
|
||||
* Set if counter has reached 2^32
|
||||
*/
|
||||
bool overflow;
|
||||
|
||||
/**
|
||||
* Current state to be hashed
|
||||
*/
|
||||
chunk_t state;
|
||||
|
||||
/**
|
||||
* Position of the 4 octet counter string
|
||||
*/
|
||||
u_char *ctr_str;
|
||||
|
||||
};
|
||||
|
||||
METHOD(mgf1_t, get_hash_size, size_t,
|
||||
private_mgf1_t *this)
|
||||
{
|
||||
return this->hasher->get_hash_size(this->hasher);
|
||||
}
|
||||
|
||||
METHOD(mgf1_t, get_mask, bool,
|
||||
private_mgf1_t *this, size_t mask_len, u_char *mask)
|
||||
{
|
||||
u_char buf[HASH_SIZE_SHA512];
|
||||
size_t hash_len;
|
||||
|
||||
hash_len = this->hasher->get_hash_size(this->hasher);
|
||||
|
||||
while (mask_len > 0)
|
||||
{
|
||||
/* detect overflow, set counter string and increment counter */
|
||||
if (this->overflow)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
htoun32(this->ctr_str, this->counter++);
|
||||
if (this->counter == 0)
|
||||
{
|
||||
this->overflow = TRUE;
|
||||
}
|
||||
|
||||
/* get the next or final mask block from the hash function */
|
||||
if (!this->hasher->get_hash(this->hasher, this->state,
|
||||
(mask_len < hash_len) ? buf : mask))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (mask_len < hash_len)
|
||||
{
|
||||
memcpy(mask, buf, mask_len);
|
||||
return TRUE;
|
||||
}
|
||||
mask_len -= hash_len;
|
||||
mask += hash_len;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(mgf1_t, allocate_mask, bool,
|
||||
private_mgf1_t *this, size_t mask_len, chunk_t *mask)
|
||||
{
|
||||
if (mask_len == 0)
|
||||
{
|
||||
*mask = chunk_empty;
|
||||
return TRUE;
|
||||
}
|
||||
*mask = chunk_alloc(mask_len);
|
||||
|
||||
return get_mask(this, mask_len, mask->ptr);
|
||||
}
|
||||
|
||||
METHOD(mgf1_t, destroy, void,
|
||||
private_mgf1_t *this)
|
||||
{
|
||||
this->hasher->destroy(this->hasher);
|
||||
chunk_clear(&this->state);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
|
||||
bool hash_seed)
|
||||
{
|
||||
private_mgf1_t *this;
|
||||
hasher_t *hasher;
|
||||
size_t state_len;
|
||||
|
||||
if (seed.len == 0)
|
||||
{
|
||||
DBG1(DBG_LIB, "empty seed for MGF1");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
hasher = lib->crypto->create_hasher(lib->crypto, alg);
|
||||
if (!hasher)
|
||||
{
|
||||
DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
|
||||
hash_algorithm_names, alg);
|
||||
return NULL;
|
||||
}
|
||||
state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.get_hash_size = _get_hash_size,
|
||||
.allocate_mask = _allocate_mask,
|
||||
.get_mask = _get_mask,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.hasher = hasher,
|
||||
.state = chunk_alloc(state_len),
|
||||
);
|
||||
|
||||
/* determine position of the 4 octet counter string */
|
||||
this->ctr_str = this->state.ptr + state_len - 4;
|
||||
|
||||
if (hash_seed)
|
||||
{
|
||||
if (!hasher->get_hash(hasher, seed, this->state.ptr))
|
||||
{
|
||||
DBG1(DBG_LIB, "failed to hash seed for MGF1");
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy(this->state.ptr, seed.ptr, seed.len);
|
||||
}
|
||||
|
||||
return &this->public;
|
||||
}
|
|
@ -1,77 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2013-2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup mgf1 mgf1
|
||||
* @{ @ingroup crypto
|
||||
*/
|
||||
|
||||
#ifndef MGF1_H_
|
||||
#define MGF1_H_
|
||||
|
||||
typedef struct mgf1_t mgf1_t;
|
||||
|
||||
#include <library.h>
|
||||
|
||||
/**
|
||||
* Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
|
||||
* defined in section 10.2.1 of RFC 2437
|
||||
*/
|
||||
struct mgf1_t {
|
||||
|
||||
/**
|
||||
* Get the hash size of the underlying hash function
|
||||
*
|
||||
* @return hash size in bytes
|
||||
*/
|
||||
size_t (*get_hash_size)(mgf1_t *this);
|
||||
|
||||
/**
|
||||
* Generate a mask pattern and copy it to an output buffer
|
||||
* If the maximum number of requests has been reached, reseeding occurs
|
||||
*
|
||||
* @param mask_len number of mask bytes to generate
|
||||
* @param mask output buffer of minimum size mask_len
|
||||
* @return TRUE if successful
|
||||
*/
|
||||
bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask);
|
||||
|
||||
/**
|
||||
* Generate a mask pattern and return it in an allocated chunk
|
||||
*
|
||||
* @param mask_len number of mask bytes to generate
|
||||
* @param mask chunk containing generated mask
|
||||
* @return TRUE if successful
|
||||
*/
|
||||
bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask);
|
||||
|
||||
/**
|
||||
* Destroy the MGF1 object
|
||||
*/
|
||||
void (*destroy)(mgf1_t *this);
|
||||
};
|
||||
|
||||
/**
|
||||
* Create an MGF1 object
|
||||
*
|
||||
* @param alg hash algorithm to be used by MGF1
|
||||
* @param seed seed used by MGF1 to generate mask from
|
||||
* @param hash_seed hash seed before using it as a seed for MGF1
|
||||
*/
|
||||
mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
|
||||
bool hash_seed);
|
||||
|
||||
#endif /** MGF1_H_ @}*/
|
||||
|
|
@ -1,208 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "mgf1_bitspender.h"
|
||||
|
||||
#include <crypto/mgf1/mgf1.h>
|
||||
|
||||
typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t;
|
||||
|
||||
/**
|
||||
* Private data structure for mgf1_bitspender_t object
|
||||
*/
|
||||
struct private_mgf1_bitspender_t {
|
||||
/**
|
||||
* Public interface.
|
||||
*/
|
||||
mgf1_bitspender_t public;
|
||||
|
||||
/**
|
||||
* MGF1 bit mask generator
|
||||
*/
|
||||
mgf1_t *mgf1;
|
||||
|
||||
/**
|
||||
* Octet storage (accommodates up to 64 octets)
|
||||
*/
|
||||
uint8_t octets[HASH_SIZE_SHA512];
|
||||
|
||||
/**
|
||||
* Length of the returned hash value in octets
|
||||
*/
|
||||
int hash_len;
|
||||
|
||||
/**
|
||||
* Number of generated octets
|
||||
*/
|
||||
int octets_count;
|
||||
|
||||
/**
|
||||
* Number of available octets
|
||||
*/
|
||||
int octets_left;
|
||||
|
||||
/**
|
||||
* Bit storage (accommodates up to 32 bits)
|
||||
*/
|
||||
uint32_t bits;
|
||||
|
||||
/**
|
||||
* Number of available bits
|
||||
*/
|
||||
int bits_left;
|
||||
|
||||
/**
|
||||
* Byte storage (accommodates up to 4 bytes)
|
||||
*/
|
||||
uint8_t bytes[4];
|
||||
|
||||
/**
|
||||
* Number of available bytes
|
||||
*/
|
||||
int bytes_left;
|
||||
|
||||
};
|
||||
|
||||
METHOD(mgf1_bitspender_t, get_bits, bool,
|
||||
private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits)
|
||||
{
|
||||
int bits_now;
|
||||
|
||||
*bits = 0x00000000;
|
||||
|
||||
if (bits_needed == 0)
|
||||
{
|
||||
/* trivial */
|
||||
return TRUE;
|
||||
}
|
||||
if (bits_needed > 32)
|
||||
{
|
||||
/* too many bits requested */
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
while (bits_needed)
|
||||
{
|
||||
if (this->bits_left == 0)
|
||||
{
|
||||
if (this->octets_left == 0)
|
||||
{
|
||||
/* get another block from MGF1 */
|
||||
if (!this->mgf1->get_mask(this->mgf1, this->hash_len,
|
||||
this->octets))
|
||||
{
|
||||
/* no block available */
|
||||
return FALSE;
|
||||
}
|
||||
this->octets_left = this->hash_len;
|
||||
this->octets_count += this->hash_len;
|
||||
}
|
||||
this->bits = untoh32(this->octets + this->hash_len -
|
||||
this->octets_left);
|
||||
this->bits_left = 32;
|
||||
this->octets_left -= 4;
|
||||
}
|
||||
if (bits_needed > this->bits_left)
|
||||
{
|
||||
bits_now = this->bits_left;
|
||||
this->bits_left = 0;
|
||||
bits_needed -= bits_now;
|
||||
}
|
||||
else
|
||||
{
|
||||
bits_now = bits_needed;
|
||||
this->bits_left -= bits_needed;
|
||||
bits_needed = 0;
|
||||
}
|
||||
if (bits_now == 32)
|
||||
{
|
||||
*bits = this->bits;
|
||||
}
|
||||
else
|
||||
{
|
||||
*bits <<= bits_now;
|
||||
*bits |= this->bits >> this->bits_left;
|
||||
if (this->bits_left)
|
||||
{
|
||||
this->bits &= 0xffffffff >> (32 - this->bits_left);
|
||||
}
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(mgf1_bitspender_t, get_byte, bool,
|
||||
private_mgf1_bitspender_t *this, uint8_t *byte)
|
||||
{
|
||||
if (this->bytes_left == 0)
|
||||
{
|
||||
if (this->octets_left == 0)
|
||||
{
|
||||
/* get another block from MGF1 */
|
||||
if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets))
|
||||
{
|
||||
/* no block available */
|
||||
return FALSE;
|
||||
}
|
||||
this->octets_left = this->hash_len;
|
||||
this->octets_count += this->hash_len;
|
||||
}
|
||||
memcpy(this->bytes, this->octets + this->hash_len - this->octets_left, 4);
|
||||
this->bytes_left = 4;
|
||||
this->octets_left -= 4;
|
||||
}
|
||||
*byte = this->bytes[4 - this->bytes_left--];
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(mgf1_bitspender_t, destroy, void,
|
||||
private_mgf1_bitspender_t *this)
|
||||
{
|
||||
DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count);
|
||||
memwipe(this->octets, sizeof(this->octets));
|
||||
this->mgf1->destroy(this->mgf1);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
|
||||
bool hash_seed)
|
||||
{
|
||||
private_mgf1_bitspender_t *this;
|
||||
mgf1_t *mgf1;
|
||||
|
||||
mgf1 = mgf1_create(alg, seed, hash_seed);
|
||||
if (!mgf1)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets",
|
||||
hash_algorithm_short_names, alg, seed.len);
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.get_bits = _get_bits,
|
||||
.get_byte = _get_byte,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.mgf1 = mgf1,
|
||||
.hash_len = mgf1->get_hash_size(mgf1),
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup mgf1 mgf1
|
||||
* @{ @ingroup crypto
|
||||
*/
|
||||
|
||||
#ifndef MGF1_H_
|
||||
#define MGF1_H_
|
||||
|
||||
typedef struct mgf1_t mgf1_t;
|
||||
|
||||
#include "xof.h"
|
||||
|
||||
/**
|
||||
* Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
|
||||
* defined in section 10.2.1 of RFC 2437
|
||||
*/
|
||||
struct mgf1_t {
|
||||
|
||||
/**
|
||||
* Generic xof_t interface for this Extended Output Function (XOF).
|
||||
*/
|
||||
xof_t xof_interface;
|
||||
|
||||
/**
|
||||
* Hash the seed before using it as a seed for MGF1
|
||||
*
|
||||
* @param yes TRUE if seed has to be hashed first
|
||||
*/
|
||||
void (*set_hash_seed)(mgf1_t *this, bool yes);
|
||||
};
|
||||
|
||||
#endif /** MGF1_H_ @}*/
|
|
@ -17,11 +17,11 @@
|
|||
|
||||
ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
|
||||
"XOF_UNDEFINED",
|
||||
"XOF_SHAKE128",
|
||||
"XOF_SHAKE256",
|
||||
"XOF_MGF1_SHA1",
|
||||
"XOF_MGF1_SHA256",
|
||||
"XOF_MGF1_SHA512",
|
||||
"XOF_SHAKE128",
|
||||
"XOF_SHAKE256",
|
||||
"XOF_CHACHA20"
|
||||
);
|
||||
|
||||
|
|
|
@ -31,16 +31,16 @@ typedef struct xof_t xof_t;
|
|||
*/
|
||||
enum ext_out_function_t {
|
||||
XOF_UNDEFINED,
|
||||
/** FIPS 202 */
|
||||
XOF_SHAKE_128,
|
||||
/** FIPS 202 */
|
||||
XOF_SHAKE_256,
|
||||
/** RFC 2437 PKCS#1 */
|
||||
XOF_MGF1_SHA1,
|
||||
/** RFC 2437 PKCS#1 */
|
||||
XOF_MGF1_SHA256,
|
||||
/** RFC 2437 PKCS#1 */
|
||||
XOF_MGF1_SHA512,
|
||||
/** FIPS 202 */
|
||||
XOF_SHAKE_128,
|
||||
/** FIPS 202 */
|
||||
XOF_SHAKE_256,
|
||||
/** RFC 7539 ChaCha20 */
|
||||
XOF_CHACHA20,
|
||||
};
|
||||
|
@ -51,10 +51,17 @@ enum ext_out_function_t {
|
|||
extern enum_name_t *ext_out_function_names;
|
||||
|
||||
/**
|
||||
* Generic interface for pseudo-random-functions.
|
||||
* Generic interface for Extended Output Function (XOF)
|
||||
*/
|
||||
struct xof_t {
|
||||
|
||||
/**
|
||||
* Return the type of the Extended Output Function
|
||||
*
|
||||
* @return XOF type
|
||||
*/
|
||||
ext_out_function_t (*get_type)(xof_t *this);
|
||||
|
||||
/**
|
||||
* Generates pseudo random bytes and writes them in the buffer.
|
||||
*
|
||||
|
|
|
@ -0,0 +1,213 @@
|
|||
/*
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "xof_bitspender.h"
|
||||
#include "mgf1.h"
|
||||
|
||||
typedef struct private_xof_bitspender_t private_xof_bitspender_t;
|
||||
|
||||
/**
|
||||
* Private data structure for xof_bitspender_t object
|
||||
*/
|
||||
struct private_xof_bitspender_t {
|
||||
/**
|
||||
* Public interface.
|
||||
*/
|
||||
xof_bitspender_t public;
|
||||
|
||||
/**
|
||||
* Extended Output Function (XOF)
|
||||
*/
|
||||
xof_t *xof;
|
||||
|
||||
/**
|
||||
* Length of the returned hash value in octets
|
||||
*/
|
||||
int hash_len;
|
||||
|
||||
/**
|
||||
* Bit storage (accommodates up to 32 bits)
|
||||
*/
|
||||
uint32_t bits;
|
||||
|
||||
/**
|
||||
* Number of available bits
|
||||
*/
|
||||
int bits_left;
|
||||
|
||||
/**
|
||||
* Byte storage (accommodates up to 4 bytes)
|
||||
*/
|
||||
uint8_t bytes[4];
|
||||
|
||||
/**
|
||||
* Number of available bytes
|
||||
*/
|
||||
int bytes_left;
|
||||
|
||||
/**
|
||||
* Number of octets spent
|
||||
*/
|
||||
int octet_count;
|
||||
|
||||
};
|
||||
|
||||
static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer)
|
||||
{
|
||||
if (!this->xof->get_bytes(this->xof, 4, buffer))
|
||||
{
|
||||
/* no block available */
|
||||
return FALSE;
|
||||
}
|
||||
this->octet_count += 4;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(xof_bitspender_t, get_bits, bool,
|
||||
private_xof_bitspender_t *this, int bits_needed, uint32_t *bits)
|
||||
{
|
||||
int bits_now;
|
||||
|
||||
*bits = 0x00000000;
|
||||
|
||||
if (bits_needed == 0)
|
||||
{
|
||||
/* trivial */
|
||||
return TRUE;
|
||||
}
|
||||
if (bits_needed > 32)
|
||||
{
|
||||
/* too many bits requested */
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
while (bits_needed)
|
||||
{
|
||||
if (this->bits_left == 0)
|
||||
{
|
||||
uint8_t buf[4];
|
||||
|
||||
if (!get_next_block(this, buf))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
this->bits = untoh32(buf);
|
||||
this->bits_left = 32;
|
||||
}
|
||||
if (bits_needed > this->bits_left)
|
||||
{
|
||||
bits_now = this->bits_left;
|
||||
this->bits_left = 0;
|
||||
bits_needed -= bits_now;
|
||||
}
|
||||
else
|
||||
{
|
||||
bits_now = bits_needed;
|
||||
this->bits_left -= bits_needed;
|
||||
bits_needed = 0;
|
||||
}
|
||||
if (bits_now == 32)
|
||||
{
|
||||
*bits = this->bits;
|
||||
}
|
||||
else
|
||||
{
|
||||
*bits <<= bits_now;
|
||||
*bits |= this->bits >> this->bits_left;
|
||||
if (this->bits_left)
|
||||
{
|
||||
this->bits &= 0xffffffff >> (32 - this->bits_left);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(xof_bitspender_t, get_byte, bool,
|
||||
private_xof_bitspender_t *this, uint8_t *byte)
|
||||
{
|
||||
if (this->bytes_left == 0)
|
||||
{
|
||||
if (!get_next_block(this, this->bytes))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
this->bytes_left = 4;
|
||||
}
|
||||
*byte = this->bytes[4 - this->bytes_left--];
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(xof_bitspender_t, destroy, void,
|
||||
private_xof_bitspender_t *this)
|
||||
{
|
||||
DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names,
|
||||
this->xof->get_type(this->xof), this->octet_count);
|
||||
memwipe(this->bytes, 4);
|
||||
this->xof->destroy(this->xof);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
|
||||
bool hash_seed)
|
||||
{
|
||||
private_xof_bitspender_t *this;
|
||||
xof_t *xof;
|
||||
|
||||
xof = lib->crypto->create_xof(lib->crypto, alg);
|
||||
if (!xof)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
switch (alg)
|
||||
{
|
||||
case XOF_MGF1_SHA1:
|
||||
case XOF_MGF1_SHA256:
|
||||
case XOF_MGF1_SHA512:
|
||||
{
|
||||
mgf1_t *mgf1 = (mgf1_t*)xof;
|
||||
|
||||
mgf1->set_hash_seed(mgf1, hash_seed);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
if (!xof->set_seed(xof, seed))
|
||||
{
|
||||
xof->destroy(xof);
|
||||
return NULL;
|
||||
}
|
||||
DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names,
|
||||
alg, seed.len);
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.get_bits = _get_bits,
|
||||
.get_byte = _get_byte,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.xof = xof,
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -14,22 +14,24 @@
|
|||
*/
|
||||
|
||||
/**
|
||||
* @defgroup mgf1_bitspender mgf1_bitspender
|
||||
* @defgroup xof_bitspender xof_bitspender
|
||||
* @{ @ingroup mgf1
|
||||
*/
|
||||
|
||||
#ifndef MGF1_BITSPENDER_H_
|
||||
#define MGF1_BITSPENDER_H_
|
||||
#ifndef XOF_BITSPENDER_H_
|
||||
#define XOF_BITSPENDER_H_
|
||||
|
||||
#include "xof.h"
|
||||
|
||||
#include <library.h>
|
||||
#include <crypto/hashers/hasher.h>
|
||||
|
||||
typedef struct mgf1_bitspender_t mgf1_bitspender_t;
|
||||
typedef struct xof_bitspender_t xof_bitspender_t;
|
||||
|
||||
/**
|
||||
* Generates a given number of pseudo-random bits at a time using MGF1
|
||||
* Generates a given number of pseudo-random bits at a time using an
|
||||
* Extended Output Function (XOF)
|
||||
*/
|
||||
struct mgf1_bitspender_t {
|
||||
struct xof_bitspender_t {
|
||||
|
||||
/**
|
||||
* Get pseudo-random bits
|
||||
|
@ -38,7 +40,7 @@ struct mgf1_bitspender_t {
|
|||
* @param bits Pseudo-random bits
|
||||
* @result FALSE if internal MGF1 error occurred
|
||||
*/
|
||||
bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits);
|
||||
bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits);
|
||||
|
||||
/**
|
||||
* Get a pseudo-random byte
|
||||
|
@ -46,22 +48,22 @@ struct mgf1_bitspender_t {
|
|||
* @param byte Pseudo-random byte
|
||||
* @result FALSE if internal MGF1 error occurred
|
||||
*/
|
||||
bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte);
|
||||
bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte);
|
||||
|
||||
/**
|
||||
* Destroy mgf1_bitspender_t object
|
||||
* Destroy xof_bitspender_t object
|
||||
*/
|
||||
void (*destroy)(mgf1_bitspender_t *this);
|
||||
void (*destroy)(xof_bitspender_t *this);
|
||||
};
|
||||
|
||||
/**
|
||||
* Create a mgf1_bitspender_t object
|
||||
* Create a xof_bitspender_t object
|
||||
*
|
||||
* @param alg Hash algorithm to be used with MGF1
|
||||
* @param seed Seed used to initialize MGF1
|
||||
* @param alg XOF to be used
|
||||
* @param seed Seed used to initialize XOF
|
||||
* @param hash_seed Hash seed before using it as a seed for MFG1
|
||||
*/
|
||||
mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
|
||||
bool hash_seed);
|
||||
xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
|
||||
bool hash_seed);
|
||||
|
||||
#endif /** MGF1_BITSPENDER_H_ @}*/
|
||||
#endif /** XOF_BITSPENDER_H_ @}*/
|
|
@ -23,7 +23,7 @@
|
|||
#include "ntt_fft.h"
|
||||
#include "ntt_fft_reduce.h"
|
||||
|
||||
#include <crypto/mgf1/mgf1_bitspender.h>
|
||||
#include <crypto/xofs/xof_bitspender.h>
|
||||
#include <asn1/asn1.h>
|
||||
#include <asn1/asn1_parser.h>
|
||||
#include <asn1/oid.h>
|
||||
|
@ -174,7 +174,8 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
|
|||
bliss_sampler_t *sampler = NULL;
|
||||
rng_t *rng;
|
||||
hasher_t *hasher;
|
||||
hash_algorithm_t mgf1_alg, oracle_alg;
|
||||
hash_algorithm_t mgf1_alg;
|
||||
ext_out_function_t oracle_alg;
|
||||
size_t mgf1_seed_len;
|
||||
uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512];
|
||||
chunk_t mgf1_seed, data_hash;
|
||||
|
@ -226,7 +227,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
|
|||
}
|
||||
|
||||
/* MGF1 hash algorithm to be used for random oracle */
|
||||
oracle_alg = HASH_SHA512;
|
||||
oracle_alg = XOF_MGF1_SHA512;
|
||||
|
||||
/* Initialize a couple of needed variables */
|
||||
n = this->set->n;
|
||||
|
@ -834,14 +835,14 @@ static uint32_t invert(private_bliss_private_key_t *this, uint32_t x)
|
|||
* Create a vector with sparse and small coefficients from seed
|
||||
*/
|
||||
static int8_t* create_vector_from_seed(private_bliss_private_key_t *this,
|
||||
hash_algorithm_t alg, chunk_t seed)
|
||||
ext_out_function_t alg, chunk_t seed)
|
||||
{
|
||||
mgf1_bitspender_t *bitspender;
|
||||
xof_bitspender_t *bitspender;
|
||||
uint32_t index, sign;
|
||||
int8_t *vector;
|
||||
int non_zero;
|
||||
|
||||
bitspender = mgf1_bitspender_create(alg, seed, FALSE);
|
||||
bitspender = xof_bitspender_create(alg, seed, FALSE);
|
||||
if (!bitspender)
|
||||
{
|
||||
return NULL;
|
||||
|
@ -910,7 +911,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
|
|||
int i, n;
|
||||
chunk_t seed;
|
||||
size_t seed_len;
|
||||
hash_algorithm_t alg;
|
||||
ext_out_function_t alg;
|
||||
|
||||
n = this->set->n;
|
||||
*s1 = NULL;
|
||||
|
@ -919,12 +920,12 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
|
|||
/* Set MGF1 hash algorithm and seed length based on security strength */
|
||||
if (this->set->strength > 160)
|
||||
{
|
||||
alg = HASH_SHA256;
|
||||
alg = XOF_MGF1_SHA256;
|
||||
seed_len = HASH_SIZE_SHA256;
|
||||
}
|
||||
else
|
||||
{
|
||||
alg = HASH_SHA1;
|
||||
alg = XOF_MGF1_SHA1;
|
||||
seed_len = HASH_SIZE_SHA1;
|
||||
}
|
||||
seed = chunk_create(seed_buf, seed_len);
|
||||
|
|
|
@ -76,7 +76,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
|
|||
uint8_t data_hash_buf[HASH_SIZE_SHA512];
|
||||
chunk_t data_hash;
|
||||
hasher_t *hasher;
|
||||
hash_algorithm_t oracle_alg;
|
||||
ext_out_function_t oracle_alg;
|
||||
ntt_fft_t *fft;
|
||||
bliss_signature_t *sig;
|
||||
bool success = FALSE;
|
||||
|
@ -110,7 +110,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
|
|||
}
|
||||
|
||||
/* MGF1 hash algorithm to be used for random oracle */
|
||||
oracle_alg = HASH_SHA512;
|
||||
oracle_alg = XOF_MGF1_SHA512;
|
||||
|
||||
/* Initialize a couple of needed variables */
|
||||
n = this->set->n;
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
typedef struct private_bliss_sampler_t private_bliss_sampler_t;
|
||||
|
||||
#include <crypto/mgf1/mgf1_bitspender.h>
|
||||
#include <crypto/xofs/xof_bitspender.h>
|
||||
|
||||
/**
|
||||
* Private data of a bliss_sampler_t object.
|
||||
|
@ -37,7 +37,7 @@ struct private_bliss_sampler_t {
|
|||
/**
|
||||
* Bitspender used for random rejection sampling
|
||||
*/
|
||||
mgf1_bitspender_t *bitspender;
|
||||
xof_bitspender_t *bitspender;
|
||||
|
||||
};
|
||||
|
||||
|
@ -222,13 +222,13 @@ METHOD(bliss_sampler_t, destroy, void,
|
|||
/**
|
||||
* See header.
|
||||
*/
|
||||
bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
|
||||
bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
|
||||
const bliss_param_set_t *set)
|
||||
{
|
||||
private_bliss_sampler_t *this;
|
||||
mgf1_bitspender_t *bitspender;
|
||||
xof_bitspender_t *bitspender;
|
||||
|
||||
bitspender = mgf1_bitspender_create(alg, seed, FALSE);
|
||||
bitspender = xof_bitspender_create(alg, seed, FALSE);
|
||||
if (!bitspender)
|
||||
{
|
||||
return NULL;
|
||||
|
|
|
@ -84,11 +84,11 @@ struct bliss_sampler_t {
|
|||
/**
|
||||
* Create a bliss_sampler_t object.
|
||||
*
|
||||
* @param alg Hash algorithm to be used for the internal bitspender
|
||||
* @param alg XOF to be used for the internal bitspender
|
||||
* @param seed Seed used to initialize the internal bitspender
|
||||
* @param set BLISS parameter set to be used
|
||||
*/
|
||||
bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
|
||||
bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
|
||||
const bliss_param_set_t *set);
|
||||
|
||||
#endif /** BLISS_SAMPLER_H_ @}*/
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -17,7 +17,7 @@
|
|||
|
||||
#include <asn1/asn1.h>
|
||||
#include <crypto/hashers/hasher.h>
|
||||
#include <crypto/mgf1/mgf1_bitspender.h>
|
||||
#include <crypto/xofs/xof_bitspender.h>
|
||||
#include <utils/debug.h>
|
||||
|
||||
/**
|
||||
|
@ -56,7 +56,7 @@ void bliss_utils_round_and_drop(const bliss_param_set_t *set,
|
|||
/**
|
||||
* See header.
|
||||
*/
|
||||
bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
|
||||
bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
|
||||
uint16_t *ud, const bliss_param_set_t *set,
|
||||
uint16_t *c_indices)
|
||||
{
|
||||
|
@ -65,7 +65,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
|
|||
uint32_t index;
|
||||
uint8_t *seed_pos;
|
||||
chunk_t seed;
|
||||
mgf1_bitspender_t *bitspender;
|
||||
xof_bitspender_t *bitspender;
|
||||
|
||||
seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
|
||||
|
||||
|
@ -80,7 +80,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
|
|||
seed_pos += sizeof(uint16_t);
|
||||
}
|
||||
|
||||
bitspender = mgf1_bitspender_create(alg, seed, FALSE);
|
||||
bitspender = xof_bitspender_create(alg, seed, FALSE);
|
||||
if (!bitspender)
|
||||
{
|
||||
return NULL;
|
||||
|
|
|
@ -48,23 +48,23 @@ void bliss_utils_round_and_drop(const bliss_param_set_t *set,
|
|||
/**
|
||||
* Generate the binary challenge vector c as an array of kappa indices
|
||||
*
|
||||
* @param alg hash algorithm to be used for the internal oracle
|
||||
* @param data_hash hash of the data to be signed
|
||||
* @param ud input vector ud of size n
|
||||
* @param set BLISS parameter set to be used (n, n_bits, kappa)
|
||||
* @param c_indices indexes of non-zero challenge coefficients
|
||||
* @param alg XOF to be used for the internal oracle
|
||||
* @param data_hash hash of the data to be signed
|
||||
* @param ud input vector ud of size n
|
||||
* @param set BLISS parameter set to be used (n, n_bits, kappa)
|
||||
* @param c_indices indexes of non-zero challenge coefficients
|
||||
*/
|
||||
bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
|
||||
bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
|
||||
uint16_t *ud, const bliss_param_set_t *set,
|
||||
uint16_t *c_indices);
|
||||
|
||||
/**
|
||||
* Check the infinity and l2 norms of the vectors z1 and z2d << d
|
||||
*
|
||||
* @param set BLISS parameter set
|
||||
* @param z1 input vector
|
||||
* @param z2d input vector
|
||||
* @result TRUE if infinite and l2 norms do not exceed boundaries
|
||||
* @param set BLISS parameter set
|
||||
* @param z1 input vector
|
||||
* @param z2d input vector
|
||||
* @result TRUE if infinite and l2 norms do not exceed boundaries
|
||||
*/
|
||||
bool bliss_utils_check_norms(const bliss_param_set_t *set,
|
||||
int32_t *z1, int16_t *z2d);
|
||||
|
|
|
@ -44,6 +44,12 @@ struct private_chapoly_xof_t {
|
|||
chapoly_drv_t *drv;
|
||||
};
|
||||
|
||||
METHOD(xof_t, get_type, ext_out_function_t,
|
||||
private_chapoly_xof_t *this)
|
||||
{
|
||||
return XOF_CHACHA20;
|
||||
}
|
||||
|
||||
METHOD(xof_t, get_bytes, bool,
|
||||
private_chapoly_xof_t *this, size_t out_len, uint8_t *buffer)
|
||||
{
|
||||
|
@ -53,7 +59,7 @@ METHOD(xof_t, get_bytes, bool,
|
|||
len = min(out_len, CHACHA_BLOCK_SIZE - this->stream_index);
|
||||
if (len)
|
||||
{
|
||||
memcpy(buffer + index, this->stream + this->stream_index, len);
|
||||
memcpy(buffer, this->stream + this->stream_index, len);
|
||||
index += len;
|
||||
this->stream_index += len;
|
||||
}
|
||||
|
@ -151,6 +157,7 @@ chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm)
|
|||
INIT(this,
|
||||
.public = {
|
||||
.xof_interface = {
|
||||
.get_type = _get_type,
|
||||
.get_bytes = _get_bytes,
|
||||
.allocate_bytes = _allocate_bytes,
|
||||
.get_block_size = _get_block_size,
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/libstrongswan
|
||||
|
||||
AM_CFLAGS = \
|
||||
$(PLUGIN_CFLAGS)
|
||||
|
||||
if MONOLITHIC
|
||||
noinst_LTLIBRARIES = libstrongswan-mgf1.la
|
||||
else
|
||||
plugin_LTLIBRARIES = libstrongswan-mgf1.la
|
||||
endif
|
||||
|
||||
libstrongswan_mgf1_la_SOURCES = \
|
||||
mgf1_plugin.h mgf1_plugin.c \
|
||||
mgf1_xof.h mgf1_xof.c
|
||||
|
||||
libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version
|
|
@ -0,0 +1,81 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "mgf1_plugin.h"
|
||||
#include "mgf1_xof.h"
|
||||
|
||||
#include <library.h>
|
||||
|
||||
typedef struct private_mgf1_plugin_t private_mgf1_plugin_t;
|
||||
|
||||
/**
|
||||
* private data of mgf1_plugin
|
||||
*/
|
||||
struct private_mgf1_plugin_t {
|
||||
|
||||
/**
|
||||
* public functions
|
||||
*/
|
||||
mgf1_plugin_t public;
|
||||
};
|
||||
|
||||
METHOD(plugin_t, get_name, char*,
|
||||
private_mgf1_plugin_t *this)
|
||||
{
|
||||
return "mgf1";
|
||||
}
|
||||
|
||||
METHOD(plugin_t, get_features, int,
|
||||
private_mgf1_plugin_t *this, plugin_feature_t *features[])
|
||||
{
|
||||
static plugin_feature_t f[] = {
|
||||
PLUGIN_REGISTER(XOF, mgf1_xof_create),
|
||||
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA1),
|
||||
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
|
||||
PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
}
|
||||
|
||||
METHOD(plugin_t, destroy, void,
|
||||
private_mgf1_plugin_t *this)
|
||||
{
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* see header file
|
||||
*/
|
||||
plugin_t *mgf1_plugin_create()
|
||||
{
|
||||
private_mgf1_plugin_t *this;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.plugin = {
|
||||
.get_name = _get_name,
|
||||
.get_features = _get_features,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
return &this->public.plugin;
|
||||
}
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup mgf1_p mgf1
|
||||
* @ingroup plugins
|
||||
*
|
||||
* @defgroup mgf1_plugin mgf1_plugin
|
||||
* @{ @ingroup mgf1_p
|
||||
*/
|
||||
|
||||
#ifndef MGF1_PLUGIN_H_
|
||||
#define MGF1_PLUGIN_H_
|
||||
|
||||
#include <plugins/plugin.h>
|
||||
|
||||
typedef struct mgf1_plugin_t mgf1_plugin_t;
|
||||
|
||||
/**
|
||||
* Plugin implementing the MGF1 Mask Generator Function in software.
|
||||
*/
|
||||
struct mgf1_plugin_t {
|
||||
|
||||
/**
|
||||
* implements plugin interface
|
||||
*/
|
||||
plugin_t plugin;
|
||||
};
|
||||
|
||||
#endif /** MGF1_PLUGIN_H_ @}*/
|
|
@ -0,0 +1,285 @@
|
|||
/*
|
||||
* Copyright (C) 2013-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "mgf1_xof.h"
|
||||
|
||||
#include "crypto/hashers/hasher.h"
|
||||
#include "utils/debug.h"
|
||||
|
||||
typedef struct private_mgf1_xof_t private_mgf1_xof_t;
|
||||
|
||||
/**
|
||||
* Private data of an mgf1_xof_t object.
|
||||
*/
|
||||
struct private_mgf1_xof_t {
|
||||
|
||||
/**
|
||||
* Public mgf1_xof_t interface.
|
||||
*/
|
||||
mgf1_xof_t public;
|
||||
|
||||
/**
|
||||
* XOF type of the MGF1 Mask Generation Function
|
||||
*/
|
||||
ext_out_function_t type;
|
||||
|
||||
/**
|
||||
* Hasher the MGF1 Mask Generation Function is based on
|
||||
*/
|
||||
hasher_t *hasher;
|
||||
|
||||
/**
|
||||
* Is the seed hashed before using it as a seed for MGF1 ?
|
||||
*/
|
||||
bool hash_seed;
|
||||
|
||||
/**
|
||||
* Counter
|
||||
*/
|
||||
uint32_t counter;
|
||||
|
||||
/**
|
||||
* Set if counter has reached 2^32
|
||||
*/
|
||||
bool overflow;
|
||||
|
||||
/**
|
||||
* Current state to be hashed
|
||||
*/
|
||||
chunk_t state;
|
||||
|
||||
/**
|
||||
* Position of the 4 octet counter string
|
||||
*/
|
||||
uint8_t *ctr_str;
|
||||
|
||||
/**
|
||||
* Latest hash block
|
||||
*/
|
||||
uint8_t buf[HASH_SIZE_SHA512];
|
||||
|
||||
/**
|
||||
* Index pointing to the current position in the hash block
|
||||
*/
|
||||
size_t buf_index;
|
||||
|
||||
};
|
||||
|
||||
METHOD(xof_t, get_type, ext_out_function_t,
|
||||
private_mgf1_xof_t *this)
|
||||
{
|
||||
return this->type;
|
||||
}
|
||||
|
||||
static bool get_next_block(private_mgf1_xof_t *this, uint8_t *buffer)
|
||||
{
|
||||
/* detect overflow, set counter string and increment counter */
|
||||
if (this->overflow)
|
||||
{
|
||||
DBG1(DBG_LIB, "MGF1 overflow occurred");
|
||||
return FALSE;
|
||||
}
|
||||
htoun32(this->ctr_str, this->counter++);
|
||||
if (this->counter == 0)
|
||||
{
|
||||
this->overflow = TRUE;
|
||||
}
|
||||
|
||||
/* get the next block from the hash function */
|
||||
if (!this->hasher->get_hash(this->hasher, this->state, buffer))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(xof_t, get_bytes, bool,
|
||||
private_mgf1_xof_t *this, size_t out_len, uint8_t *buffer)
|
||||
{
|
||||
size_t index = 0, blocks, len, hash_size;
|
||||
|
||||
hash_size = this->hasher->get_hash_size(this->hasher);
|
||||
|
||||
/* empty the current hash block buffer first */
|
||||
len = min(out_len, hash_size - this->buf_index);
|
||||
if (len)
|
||||
{
|
||||
memcpy(buffer, this->buf + this->buf_index, len);
|
||||
index += len;
|
||||
this->buf_index += len;
|
||||
}
|
||||
|
||||
/* copy whole hash blocks directly to output buffer */
|
||||
blocks = (out_len - index) / hash_size;
|
||||
while (blocks--)
|
||||
{
|
||||
if (!get_next_block(this, buffer + index))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
index += hash_size;
|
||||
}
|
||||
|
||||
/* get another hash block if some more output bytes are needed */
|
||||
len = out_len - index;
|
||||
if (len)
|
||||
{
|
||||
if (!get_next_block(this, this->buf))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
memcpy(buffer + index, this->buf, len);
|
||||
this->buf_index = len;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(xof_t, allocate_bytes, bool,
|
||||
private_mgf1_xof_t *this, size_t out_len, chunk_t *chunk)
|
||||
{
|
||||
*chunk = chunk_alloc(out_len);
|
||||
|
||||
if (!get_bytes(this, out_len, chunk->ptr))
|
||||
{
|
||||
chunk_free(chunk);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(xof_t, get_block_size, size_t,
|
||||
private_mgf1_xof_t *this)
|
||||
{
|
||||
return this->hasher->get_hash_size(this->hasher);
|
||||
}
|
||||
|
||||
METHOD(xof_t, get_seed_size, size_t,
|
||||
private_mgf1_xof_t *this)
|
||||
{
|
||||
return this->hasher->get_hash_size(this->hasher);
|
||||
}
|
||||
|
||||
METHOD(xof_t, set_seed, bool,
|
||||
private_mgf1_xof_t *this, chunk_t seed)
|
||||
{
|
||||
size_t hash_size, state_len;
|
||||
|
||||
if (seed.len == 0)
|
||||
{
|
||||
DBG1(DBG_LIB, "empty seed for MGF1");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* determine state size and allocate space accordingly */
|
||||
hash_size = this->hasher->get_hash_size(this->hasher);
|
||||
state_len = (this->hash_seed ? hash_size : seed.len) + 4;
|
||||
chunk_clear(&this->state);
|
||||
this->state = chunk_alloc(state_len);
|
||||
|
||||
/* hash block buffer is empty */
|
||||
this->buf_index = hash_size;
|
||||
|
||||
/* reset counter */
|
||||
this->counter = 0;
|
||||
|
||||
/* determine position of the 4 octet counter string */
|
||||
this->ctr_str = this->state.ptr + state_len - 4;
|
||||
|
||||
if (this->hash_seed)
|
||||
{
|
||||
if (!this->hasher->get_hash(this->hasher, seed, this->state.ptr))
|
||||
{
|
||||
DBG1(DBG_LIB, "failed to hash seed for MGF1");
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy(this->state.ptr, seed.ptr, seed.len);
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(xof_t, destroy, void,
|
||||
private_mgf1_xof_t *this)
|
||||
{
|
||||
this->hasher->destroy(this->hasher);
|
||||
chunk_clear(&this->state);
|
||||
free(this);
|
||||
}
|
||||
|
||||
METHOD(mgf1_t, set_hash_seed, void,
|
||||
private_mgf1_xof_t *this, bool yes)
|
||||
{
|
||||
this->hash_seed = yes;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm)
|
||||
{
|
||||
private_mgf1_xof_t *this;
|
||||
hash_algorithm_t hash_alg;
|
||||
hasher_t *hasher;
|
||||
|
||||
switch (algorithm)
|
||||
{
|
||||
case XOF_MGF1_SHA1:
|
||||
hash_alg = HASH_SHA1;
|
||||
break;
|
||||
case XOF_MGF1_SHA256:
|
||||
hash_alg = HASH_SHA256;
|
||||
break;
|
||||
case XOF_MGF1_SHA512:
|
||||
hash_alg = HASH_SHA512;
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
|
||||
if (!hasher)
|
||||
{
|
||||
DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
|
||||
hash_algorithm_names, hash_alg);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.mgf1_interface = {
|
||||
.xof_interface = {
|
||||
.get_type = _get_type,
|
||||
.get_bytes = _get_bytes,
|
||||
.allocate_bytes = _allocate_bytes,
|
||||
.get_block_size = _get_block_size,
|
||||
.get_seed_size = _get_seed_size,
|
||||
.set_seed = _set_seed,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.set_hash_seed = _set_hash_seed,
|
||||
},
|
||||
},
|
||||
.type = algorithm,
|
||||
.hasher = hasher,
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup mgf1_xof mgf1_xof
|
||||
* @{ @ingroup crypto
|
||||
*/
|
||||
|
||||
#ifndef MGF1_XOF_H_
|
||||
#define MGF1_XOF_H_
|
||||
|
||||
typedef struct mgf1_xof_t mgf1_xof_t;
|
||||
|
||||
#include <crypto/xofs/mgf1.h>
|
||||
|
||||
/**
|
||||
* Implements the PKCS#1 MGF1_XOF Mask Generation Function based on a hash
|
||||
* function defined in section 10.2.1 of RFC 2437
|
||||
*/
|
||||
struct mgf1_xof_t {
|
||||
|
||||
/**
|
||||
* mgf1_t interface for this Extended Output Function (XOF).
|
||||
*/
|
||||
mgf1_t mgf1_interface;
|
||||
};
|
||||
|
||||
/**
|
||||
* Create an mgf1_xof_t object
|
||||
*
|
||||
* @param algorithm XOF_MGF1_SHA1, XOF_MGF1_SHA256 or XOF_MGF1_SHA512
|
||||
* @return mgf1_xof_t object, NULL if not supported
|
||||
*/
|
||||
mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm);
|
||||
|
||||
#endif /** MGF1_XOF_H_ @}*/
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* Copyright (C) 2009-2013 Security Innovation
|
||||
|
@ -17,7 +17,7 @@
|
|||
|
||||
#include "ntru_poly.h"
|
||||
|
||||
#include <crypto/mgf1/mgf1_bitspender.h>
|
||||
#include <crypto/xofs/xof_bitspender.h>
|
||||
#include <utils/debug.h>
|
||||
#include <utils/test.h>
|
||||
|
||||
|
@ -290,8 +290,9 @@ static private_ntru_poly_t* ntru_poly_create(uint16_t N, uint16_t q,
|
|||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
|
||||
uint8_t c_bits, uint16_t N, uint16_t q,
|
||||
ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t mgf1_type,
|
||||
chunk_t seed, uint8_t c_bits,
|
||||
uint16_t N, uint16_t q,
|
||||
uint32_t indices_len_p,
|
||||
uint32_t indices_len_m,
|
||||
bool is_product_form)
|
||||
|
@ -300,9 +301,9 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
|
|||
int n, num_indices, index_i = 0;
|
||||
uint32_t index, limit;
|
||||
uint8_t *used;
|
||||
mgf1_bitspender_t *bitspender;
|
||||
xof_bitspender_t *bitspender;
|
||||
|
||||
bitspender = mgf1_bitspender_create(alg, seed, TRUE);
|
||||
bitspender = xof_bitspender_create(mgf1_type, seed, TRUE);
|
||||
if (!bitspender)
|
||||
{
|
||||
return NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -24,6 +24,7 @@
|
|||
typedef struct ntru_poly_t ntru_poly_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <crypto/xofs/xof.h>
|
||||
|
||||
/**
|
||||
* Implements a trinary polynomial storing the indices of non-zero coefficients
|
||||
|
@ -63,9 +64,9 @@ struct ntru_poly_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* Create a trits polynomial from a seed using MGF1 with a base hash function
|
||||
* Create a trits polynomial from a seed using MGF1
|
||||
*
|
||||
* @param alg hash algorithm to be used by MGF1
|
||||
* @param alg MGF1 algorithm used(XOF_MGF1_SHA1 or XOF_MGF_SHA256)
|
||||
* @param seed seed used by MGF1 to generate trits from
|
||||
* @param N ring dimension, number of polynomial coefficients
|
||||
* @param q large modulus
|
||||
|
@ -74,7 +75,7 @@ struct ntru_poly_t {
|
|||
* @param indices_len_m number of indices for -1 coefficients
|
||||
* @param is_product_form generate multiple polynomials
|
||||
*/
|
||||
ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
|
||||
ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t alg, chunk_t seed,
|
||||
uint8_t c_bits, uint16_t N, uint16_t q,
|
||||
uint32_t indices_len_p,
|
||||
uint32_t indices_len_m,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* Copyright (C) 2009-2013 Security Innovation
|
||||
|
@ -178,7 +178,7 @@ bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt)
|
|||
METHOD(ntru_private_key_t, decrypt, bool,
|
||||
private_ntru_private_key_t *this, chunk_t ciphertext, chunk_t *plaintext)
|
||||
{
|
||||
hash_algorithm_t hash_algid;
|
||||
ext_out_function_t alg;
|
||||
size_t t_len, seed1_len, seed2_len;
|
||||
uint16_t *t1, *t2, *t = NULL;
|
||||
uint16_t mod_q_mask, q_mod_p, cmprime_len, cm_len = 0, num_zeros;
|
||||
|
@ -206,9 +206,9 @@ METHOD(ntru_private_key_t, decrypt, bool,
|
|||
Mtrin = (uint8_t *)t1;
|
||||
M = Mtrin + this->params->N;
|
||||
|
||||
/* set hash algorithm based on security strength */
|
||||
hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
|
||||
HASH_SHA256;
|
||||
/* set MGF1 algorithm type based on security strength */
|
||||
alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
|
||||
XOF_MGF1_SHA256;
|
||||
|
||||
/* set constants */
|
||||
mod_q_mask = this->params->q - 1;
|
||||
|
@ -307,7 +307,7 @@ METHOD(ntru_private_key_t, decrypt, bool,
|
|||
ntru_coeffs_mod4_2_octets(this->params->N, t2, seed.ptr);
|
||||
|
||||
/* form mask */
|
||||
mask = ntru_trits_create(this->params->N, hash_algid, seed);
|
||||
mask = ntru_trits_create(this->params->N, alg, seed);
|
||||
if (!mask)
|
||||
{
|
||||
DBG1(DBG_LIB, "mask creation failed");
|
||||
|
@ -390,9 +390,8 @@ METHOD(ntru_private_key_t, decrypt, bool,
|
|||
|
||||
/* generate cr */
|
||||
DBG2(DBG_LIB, "generate polynomial r");
|
||||
r_poly = ntru_poly_create_from_seed(hash_algid, seed,
|
||||
this->params->c_bits, this->params->N,
|
||||
this->params->q, this->params->dF_r,
|
||||
r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
|
||||
this->params->N, this->params->q, this->params->dF_r,
|
||||
this->params->dF_r, this->params->is_product_form);
|
||||
if (!r_poly)
|
||||
{
|
||||
|
@ -648,7 +647,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
|
|||
size_t t_len;
|
||||
uint16_t *t1, *t2, *t = NULL;
|
||||
uint16_t mod_q_mask;
|
||||
hash_algorithm_t hash_algid;
|
||||
ext_out_function_t alg;
|
||||
ntru_poly_t *g_poly;
|
||||
chunk_t seed;
|
||||
int i;
|
||||
|
@ -667,14 +666,8 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
|
|||
);
|
||||
|
||||
/* set hash algorithm and seed length based on security strength */
|
||||
if (params->sec_strength_len <= 20)
|
||||
{
|
||||
hash_algid = HASH_SHA1;
|
||||
}
|
||||
else
|
||||
{
|
||||
hash_algid = HASH_SHA256;
|
||||
}
|
||||
alg = (params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
|
||||
XOF_MGF1_SHA256;
|
||||
seed =chunk_alloc(params->sec_strength_len + 8);
|
||||
|
||||
/* get random seed for generating trinary F as a list of indices */
|
||||
|
@ -685,7 +678,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
|
|||
}
|
||||
|
||||
DBG2(DBG_LIB, "generate polynomial F");
|
||||
this->privkey = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
|
||||
this->privkey = ntru_poly_create_from_seed(alg, seed, params->c_bits,
|
||||
params->N, params->q,
|
||||
params->dF_r, params->dF_r,
|
||||
params->is_product_form);
|
||||
|
@ -729,7 +722,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
|
|||
}
|
||||
|
||||
DBG2(DBG_LIB, "generate polynomial g");
|
||||
g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
|
||||
g_poly = ntru_poly_create_from_seed(alg, seed, params->c_bits,
|
||||
params->N, params->q, params->dg + 1,
|
||||
params->dg, FALSE);
|
||||
if (!g_poly)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* Copyright (C) 2009-2013 Security Innovation
|
||||
|
@ -102,7 +102,7 @@ extern bool ntru_check_min_weight(uint16_t N, uint8_t *t, uint16_t min_wt);
|
|||
METHOD(ntru_public_key_t, encrypt, bool,
|
||||
private_ntru_public_key_t *this, chunk_t plaintext, chunk_t *ciphertext)
|
||||
{
|
||||
hash_algorithm_t hash_algid;
|
||||
ext_out_function_t alg;
|
||||
size_t t_len, seed1_len, seed2_len;
|
||||
uint16_t *t1, *t = NULL;
|
||||
uint8_t b[MAX_SEC_STRENGTH_LEN];
|
||||
|
@ -139,8 +139,8 @@ METHOD(ntru_public_key_t, encrypt, bool,
|
|||
M = Mtrin + this->params->N;
|
||||
|
||||
/* set hash algorithm based on security strength */
|
||||
hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
|
||||
HASH_SHA256;
|
||||
alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
|
||||
XOF_MGF1_SHA256;
|
||||
/* set constants */
|
||||
mod_q_mask = this->params->q - 1;
|
||||
|
||||
|
@ -173,7 +173,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
|
|||
seed.len = seed2_len;
|
||||
|
||||
DBG2(DBG_LIB, "generate polynomial r");
|
||||
r_poly = ntru_poly_create_from_seed(hash_algid, seed, this->params->c_bits,
|
||||
r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
|
||||
this->params->N, this->params->q,
|
||||
this->params->dF_r, this->params->dF_r,
|
||||
this->params->is_product_form);
|
||||
|
@ -191,7 +191,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
|
|||
seed.len = seed1_len;
|
||||
|
||||
/* form mask */
|
||||
mask = ntru_trits_create(this->params->N, hash_algid, seed);
|
||||
mask = ntru_trits_create(this->params->N, alg, seed);
|
||||
if (!mask)
|
||||
{
|
||||
DBG1(DBG_LIB, "mask creation failed");
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2013-2014 Andreas Steffen
|
||||
* Copyright (C) 2013-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -16,7 +16,7 @@
|
|||
#include "ntru_trits.h"
|
||||
#include "ntru_convert.h"
|
||||
|
||||
#include <crypto/mgf1/mgf1_bitspender.h>
|
||||
#include <crypto/xofs/xof_bitspender.h>
|
||||
#include <utils/debug.h>
|
||||
#include <utils/test.h>
|
||||
|
||||
|
@ -67,14 +67,15 @@ METHOD(ntru_trits_t, destroy, void,
|
|||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
|
||||
ntru_trits_t *ntru_trits_create(size_t len, ext_out_function_t alg,
|
||||
chunk_t seed)
|
||||
{
|
||||
private_ntru_trits_t *this;
|
||||
uint8_t octet, buf[5], *trits;
|
||||
size_t trits_needed;
|
||||
mgf1_bitspender_t *bitspender;
|
||||
xof_bitspender_t *bitspender;
|
||||
|
||||
bitspender = mgf1_bitspender_create(alg, seed, TRUE);
|
||||
bitspender = xof_bitspender_create(alg, seed, TRUE);
|
||||
if (!bitspender)
|
||||
{
|
||||
return NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2013 Andreas Steffen
|
||||
* Copyright (C) 2013-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -24,6 +24,7 @@
|
|||
typedef struct ntru_trits_t ntru_trits_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <crypto/xofs/xof.h>
|
||||
|
||||
/**
|
||||
* Implements an array of trinary elements (trits)
|
||||
|
@ -52,10 +53,11 @@ struct ntru_trits_t {
|
|||
* Create a trits array from a seed using MGF1 with a base hash function
|
||||
*
|
||||
* @param size size of the trits array
|
||||
* @param alg hash algorithm to be used by MGF1
|
||||
* @param alg MGF1 algorithm used (XOF_MGF1_SHA1 or XOF_MGF_SHA256)
|
||||
* @param seed seed used by MGF1 to generate trits from
|
||||
*/
|
||||
ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed);
|
||||
ntru_trits_t *ntru_trits_create(size_t size, ext_out_function_t alg,
|
||||
chunk_t seed);
|
||||
|
||||
#endif /** NTRU_TRITS_H_ @}*/
|
||||
|
||||
|
|
|
@ -46,6 +46,11 @@ struct private_sha3_shake_t {
|
|||
|
||||
};
|
||||
|
||||
METHOD(xof_t, get_type, ext_out_function_t,
|
||||
private_sha3_shake_t *this)
|
||||
{
|
||||
return this->algorithm;
|
||||
}
|
||||
|
||||
METHOD(xof_t, get_bytes, bool,
|
||||
private_sha3_shake_t *this, size_t out_len, uint8_t *buffer)
|
||||
|
@ -114,6 +119,7 @@ sha3_shake_t* sha3_shake_create(ext_out_function_t algorithm)
|
|||
INIT(this,
|
||||
.public = {
|
||||
.xof_interface = {
|
||||
.get_type = _get_type,
|
||||
.get_bytes = _get_bytes,
|
||||
.allocate_bytes = _allocate_bytes,
|
||||
.get_block_size = _get_block_size,
|
||||
|
|
|
@ -17,11 +17,12 @@
|
|||
|
||||
#include <tests/utils/test_rng.h>
|
||||
#include <utils/test.h>
|
||||
#include <crypto/mgf1/mgf1.h>
|
||||
#include <crypto/mgf1/mgf1_bitspender.h>
|
||||
#include <crypto/xofs/xof.h>
|
||||
#include <crypto/xofs/xof_bitspender.h>
|
||||
#include <crypto/xofs/mgf1.h>
|
||||
|
||||
typedef struct {
|
||||
hash_algorithm_t alg;
|
||||
ext_out_function_t alg;
|
||||
size_t hash_size;
|
||||
size_t ml1, ml2, ml3, seed_len;
|
||||
chunk_t seed;
|
||||
|
@ -34,7 +35,7 @@ typedef struct {
|
|||
* MGF1 Mask Generation Function Test Vectors
|
||||
*/
|
||||
mgf1_test_t mgf1_tests[] = {
|
||||
{ HASH_SHA1, 20, 60, 20, 15, 24,
|
||||
{ XOF_MGF1_SHA1, 20, 60, 20, 15, 24,
|
||||
chunk_from_chars(
|
||||
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
|
||||
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
|
||||
|
@ -73,7 +74,7 @@ mgf1_test_t mgf1_tests[] = {
|
|||
{ 0, 0, 0, 4, 1, 1, 46, 103, 38, 411, 848, 57, 3540, 4058, 12403,
|
||||
0x63, 0x2B, 0xC9, 0x17, 0x56, 669409, 0xA407A43B },
|
||||
},
|
||||
{ HASH_SHA256, 32, 64, 32, 33, 40,
|
||||
{ XOF_MGF1_SHA256, 32, 64, 32, 33, 40,
|
||||
chunk_from_chars(
|
||||
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
|
||||
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
|
||||
|
@ -127,6 +128,7 @@ mgf1_test_t mgf1_tests[] = {
|
|||
|
||||
START_TEST(mgf1_test_mgf1)
|
||||
{
|
||||
xof_t *xof;
|
||||
mgf1_t *mgf1;
|
||||
chunk_t mask, mask1, mask2, mask3;
|
||||
|
||||
|
@ -137,72 +139,88 @@ START_TEST(mgf1_test_mgf1)
|
|||
mask2.len = mgf1_tests[_i].ml2;
|
||||
mask3.len = mgf1_tests[_i].ml3;
|
||||
|
||||
mgf1 = mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
|
||||
ck_assert(mgf1 == NULL);
|
||||
/* unknown XOF */
|
||||
xof = lib->crypto->create_xof(lib->crypto, XOF_UNDEFINED);
|
||||
ck_assert(xof == NULL);
|
||||
|
||||
mgf1 = mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
|
||||
ck_assert(mgf1 == NULL);
|
||||
/* create MGF1 XOF */
|
||||
xof = lib->crypto->create_xof(lib->crypto, mgf1_tests[_i].alg);
|
||||
ck_assert(xof);
|
||||
|
||||
/* return mask in allocated chunk */
|
||||
mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
|
||||
ck_assert(mgf1);
|
||||
/* hash the seed */
|
||||
mgf1 = (mgf1_t*)xof;
|
||||
mgf1->set_hash_seed(mgf1, TRUE);
|
||||
|
||||
/* check hash size */
|
||||
ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
|
||||
/* check MGF1 type */
|
||||
ck_assert(xof->get_type(xof) == mgf1_tests[_i].alg);
|
||||
|
||||
/* get zero number of octets */
|
||||
ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
|
||||
/* check seed size */
|
||||
ck_assert(xof->get_seed_size(xof) == mgf1_tests[_i].hash_size);
|
||||
|
||||
/* check block size */
|
||||
ck_assert(xof->get_block_size(xof) == mgf1_tests[_i].hash_size);
|
||||
|
||||
/* empty seed */
|
||||
ck_assert(!xof->set_seed(xof, chunk_empty));
|
||||
|
||||
/* initialize MGF1 with non-empty seed */
|
||||
ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
|
||||
|
||||
/* allocate zero number of octets */
|
||||
ck_assert(xof->allocate_bytes(xof, 0, &mask));
|
||||
ck_assert(mask.len == 0 && mask.ptr == NULL);
|
||||
|
||||
/* get non-zero number of octets */
|
||||
ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
|
||||
/* allocate non-zero number of octets */
|
||||
ck_assert(xof->allocate_bytes(xof, mgf1_tests[_i].mask.len, &mask));
|
||||
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
|
||||
mgf1->destroy(mgf1);
|
||||
|
||||
/* re-initialize MGF1 with non-empty seed */
|
||||
ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
|
||||
|
||||
/* copy mask to pre-allocated buffer */
|
||||
mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
|
||||
ck_assert(mgf1);
|
||||
ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
|
||||
ck_assert(xof->get_bytes(xof, mgf1_tests[_i].mask.len, mask.ptr));
|
||||
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
|
||||
mgf1->destroy(mgf1);
|
||||
|
||||
/* get mask in batches without hashing the seed */
|
||||
mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
|
||||
ck_assert(mgf1);
|
||||
/* do not hash the seed */
|
||||
mgf1->set_hash_seed(mgf1, FALSE);
|
||||
|
||||
/* re-initialize MGF1 with non-empty seed */
|
||||
ck_assert(xof->set_seed(xof, mgf1_tests[_i].hashed_seed));
|
||||
|
||||
/* first batch */
|
||||
ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
|
||||
ck_assert(xof->get_bytes(xof, mask1.len, mask.ptr));
|
||||
mask.len = mask1.len;
|
||||
ck_assert(chunk_equals(mask, mask1));
|
||||
|
||||
/* second batch */
|
||||
ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
|
||||
ck_assert(xof->get_bytes(xof, mask2.len, mask.ptr));
|
||||
mask.len = mask2.len;
|
||||
ck_assert(chunk_equals(mask, mask2));
|
||||
|
||||
/* third batch */
|
||||
ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
|
||||
ck_assert(xof->get_bytes(xof, mask3.len, mask.ptr));
|
||||
mask.len = mask3.len;
|
||||
ck_assert(chunk_equals(mask, mask3));
|
||||
|
||||
mgf1->destroy(mgf1);
|
||||
/* clean up */
|
||||
xof->destroy(xof);
|
||||
chunk_free(&mask);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(mgf1_test_bitspender)
|
||||
{
|
||||
mgf1_bitspender_t *bitspender;
|
||||
xof_bitspender_t *bitspender;
|
||||
uint32_t bits;
|
||||
uint8_t byte;
|
||||
int j;
|
||||
|
||||
bitspender = mgf1_bitspender_create(HASH_UNKNOWN,
|
||||
mgf1_tests[_i].hashed_seed, FALSE);
|
||||
bitspender = xof_bitspender_create(XOF_UNDEFINED,
|
||||
mgf1_tests[_i].hashed_seed, FALSE);
|
||||
ck_assert(bitspender == NULL);
|
||||
|
||||
bitspender = mgf1_bitspender_create(mgf1_tests[_i].alg,
|
||||
mgf1_tests[_i].hashed_seed, FALSE);
|
||||
bitspender = xof_bitspender_create(mgf1_tests[_i].alg,
|
||||
mgf1_tests[_i].hashed_seed, FALSE);
|
||||
ck_assert(bitspender);
|
||||
|
||||
for (j = 0; j < 15; j++)
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
#include <tests/utils/test_rng.h>
|
||||
#include <utils/test.h>
|
||||
#include <crypto/mgf1/mgf1.h>
|
||||
#include <crypto/xofs/xof.h>
|
||||
#include <plugins/ntru/ntru_drbg.h>
|
||||
#include <plugins/ntru/ntru_trits.h>
|
||||
#include <plugins/ntru/ntru_poly.h>
|
||||
|
@ -28,10 +28,10 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
|
|||
uint32_t strength, chunk_t pers_str, rng_t *entropy)
|
||||
|
||||
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
|
||||
size_t len, hash_algorithm_t alg, chunk_t seed)
|
||||
size_t len, ext_out_function_t alg, chunk_t seed)
|
||||
|
||||
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
|
||||
hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
|
||||
ext_out_function_t alg, chunk_t seed, uint8_t c_bits,
|
||||
uint16_t N, uint16_t q, uint32_t indices_len_p,
|
||||
uint32_t indices_len_m, bool is_product_form)
|
||||
|
||||
|
@ -329,7 +329,7 @@ typedef struct {
|
|||
} poly_test_t;
|
||||
|
||||
typedef struct {
|
||||
hash_algorithm_t alg;
|
||||
ext_out_function_t alg;
|
||||
size_t hash_size;
|
||||
size_t seed_len;
|
||||
chunk_t seed;
|
||||
|
@ -384,7 +384,7 @@ uint16_t indices_ees1171ep1[] = {
|
|||
* Trits and Polynomial Test Vectors
|
||||
*/
|
||||
static trits_test_t trits_tests[] = {
|
||||
{ HASH_SHA1, 20, 24,
|
||||
{ XOF_MGF1_SHA1, 20, 24,
|
||||
chunk_from_chars(
|
||||
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
|
||||
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
|
||||
|
@ -432,7 +432,7 @@ static trits_test_t trits_tests[] = {
|
|||
}
|
||||
}
|
||||
},
|
||||
{ HASH_SHA256, 32, 40,
|
||||
{ XOF_MGF1_SHA256, 32, 40,
|
||||
chunk_from_chars(
|
||||
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
|
||||
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
|
||||
|
@ -501,7 +501,7 @@ START_TEST(test_ntru_trits)
|
|||
chunk_t trits;
|
||||
|
||||
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
|
||||
HASH_UNKNOWN, trits_tests[_i].seed);
|
||||
XOF_UNDEFINED, trits_tests[_i].seed);
|
||||
ck_assert(mask == NULL);
|
||||
|
||||
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
|
||||
|
@ -539,7 +539,7 @@ START_TEST(test_ntru_poly)
|
|||
seed.len = trits_tests[_i].seed_len;
|
||||
|
||||
p = &trits_tests[_i].poly_test[0];
|
||||
poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed,
|
||||
poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, XOF_UNDEFINED, seed,
|
||||
p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
|
||||
p->is_product_form);
|
||||
ck_assert(poly == NULL);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
|
||||
multiple_authentication = no
|
||||
send_vendor_id = yes
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
|
||||
multiple_authentication = no
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce chapoly aes sha1 sha2 md5 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown
|
||||
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce chapoly aes sha1 sha2 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown
|
||||
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
|
||||
multiple_authentication = no
|
||||
send_vendor_id = yes
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
|
||||
multiple_authentication = no
|
||||
send_vendor_id = yes
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
|
||||
multiple_authentication = no
|
||||
send_vendor_id = yes
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
|
||||
multiple_authentication = no
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
|
||||
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
|
||||
|
||||
integrity_test = yes
|
||||
crypto_test {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
|
||||
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
|
||||
|
||||
integrity_test = yes
|
||||
crypto_test {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
|
||||
load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
|
||||
|
||||
integrity_test = yes
|
||||
crypto_test {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
|
||||
send_vendor_id = yes
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ swanctl {
|
|||
}
|
||||
|
||||
charon {
|
||||
load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
|
||||
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
|
|
|
@ -5,7 +5,7 @@ swanctl {
|
|||
}
|
||||
|
||||
charon {
|
||||
load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
|
||||
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
|
||||
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
|
|
|
@ -5,7 +5,7 @@ swanctl {
|
|||
}
|
||||
|
||||
charon {
|
||||
load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
|
||||
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
|
||||
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
|
||||
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
|
||||
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
|
||||
|
||||
send_vendor_id = yes
|
||||
fragment_size = 1500
|
||||
|
|
Loading…
Reference in New Issue