Created framework for BLISS post-quantum signature algorithm
This commit is contained in:
parent
4ef819a379
commit
9d5b91d198
|
@ -123,6 +123,7 @@ m4_include(m4/macros/enable-disable.m4)
|
|||
# crypto plugins
|
||||
ARG_DISBL_SET([aes], [disable AES software implementation plugin.])
|
||||
ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.])
|
||||
ARG_ENABL_SET([bliss], [enable BLISS software implementation plugin.])
|
||||
ARG_ENABL_SET([blowfish], [enable Blowfish software implementation plugin.])
|
||||
ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.])
|
||||
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
|
||||
|
@ -1251,6 +1252,7 @@ ADD_PLUGIN([ctr], [s charon scripts nm cmd])
|
|||
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
|
||||
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
|
||||
ADD_PLUGIN([ntru], [s charon scripts nm cmd])
|
||||
ADD_PLUGIN([bliss], [s charon pki scripts nm cmd])
|
||||
ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
|
||||
ADD_PLUGIN([winhttp], [s charon pki scripts])
|
||||
ADD_PLUGIN([soup], [s charon pki scripts nm cmd])
|
||||
|
@ -1398,6 +1400,7 @@ AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue)
|
|||
AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue)
|
||||
AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
|
||||
AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
|
||||
AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
|
||||
|
||||
# charon plugins
|
||||
# ----------------
|
||||
|
@ -1641,6 +1644,7 @@ AC_CONFIG_FILES([
|
|||
src/libstrongswan/plugins/gcm/Makefile
|
||||
src/libstrongswan/plugins/af_alg/Makefile
|
||||
src/libstrongswan/plugins/ntru/Makefile
|
||||
src/libstrongswan/plugins/bliss/Makefile
|
||||
src/libstrongswan/plugins/test_vectors/Makefile
|
||||
src/libstrongswan/tests/Makefile
|
||||
src/libhydra/Makefile
|
||||
|
|
|
@ -544,6 +544,13 @@ if MONOLITHIC
|
|||
endif
|
||||
endif
|
||||
|
||||
if USE_BLISS
|
||||
SUBDIRS += plugins/bliss
|
||||
if MONOLITHIC
|
||||
libstrongswan_la_LIBADD += plugins/bliss/libstrongswan-bliss.la
|
||||
endif
|
||||
endif
|
||||
|
||||
if USE_TEST_VECTORS
|
||||
SUBDIRS += plugins/test_vectors
|
||||
if MONOLITHIC
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2007 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -17,14 +18,15 @@
|
|||
|
||||
#include "public_key.h"
|
||||
|
||||
ENUM(key_type_names, KEY_ANY, KEY_DSA,
|
||||
ENUM(key_type_names, KEY_ANY, KEY_BLISS,
|
||||
"ANY",
|
||||
"RSA",
|
||||
"ECDSA",
|
||||
"DSA"
|
||||
"DSA",
|
||||
"BLISS"
|
||||
);
|
||||
|
||||
ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
|
||||
ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_IV_SHA384,
|
||||
"UNKNOWN",
|
||||
"RSA_EMSA_PKCS1_NULL",
|
||||
"RSA_EMSA_PKCS1_MD5",
|
||||
|
@ -41,6 +43,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
|
|||
"ECDSA-256",
|
||||
"ECDSA-384",
|
||||
"ECDSA-521",
|
||||
"BLISS-I_SHA256",
|
||||
"BLISS-IV_SHA384",
|
||||
);
|
||||
|
||||
ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2007 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -42,6 +43,8 @@ enum key_type_t {
|
|||
KEY_ECDSA = 2,
|
||||
/** DSA */
|
||||
KEY_DSA = 3,
|
||||
/** BLISS */
|
||||
KEY_BLISS = 4,
|
||||
/** ElGamal, ... */
|
||||
};
|
||||
|
||||
|
@ -90,6 +93,10 @@ enum signature_scheme_t {
|
|||
SIGN_ECDSA_384,
|
||||
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
|
||||
SIGN_ECDSA_521,
|
||||
/** BLISS-I with SHA-256 */
|
||||
SIGN_BLISS_I_SHA256,
|
||||
/** BLISS-IV with SHA-384 */
|
||||
SIGN_BLISS_IV_SHA384,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/libstrongswan
|
||||
|
||||
AM_CFLAGS = \
|
||||
$(PLUGIN_CFLAGS) \
|
||||
@COVERAGE_CFLAGS@
|
||||
|
||||
if MONOLITHIC
|
||||
noinst_LTLIBRARIES = libstrongswan-bliss.la
|
||||
else
|
||||
plugin_LTLIBRARIES = libstrongswan-bliss.la
|
||||
endif
|
||||
|
||||
libstrongswan_bliss_la_SOURCES = \
|
||||
bliss_plugin.h bliss_plugin.c \
|
||||
bliss_private_key.h bliss_private_key.c \
|
||||
bliss_public_key.h bliss_public_key.c
|
||||
|
||||
libstrongswan_bliss_la_LDFLAGS = -module -avoid-version
|
|
@ -0,0 +1,93 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "bliss_plugin.h"
|
||||
#include "bliss_private_key.h"
|
||||
#include "bliss_public_key.h"
|
||||
|
||||
#include <library.h>
|
||||
|
||||
typedef struct private_bliss_plugin_t private_bliss_plugin_t;
|
||||
|
||||
/**
|
||||
* private data of bliss_plugin
|
||||
*/
|
||||
struct private_bliss_plugin_t {
|
||||
|
||||
/**
|
||||
* public functions
|
||||
*/
|
||||
bliss_plugin_t public;
|
||||
};
|
||||
|
||||
METHOD(plugin_t, get_name, char*,
|
||||
private_bliss_plugin_t *this)
|
||||
{
|
||||
return "bliss";
|
||||
}
|
||||
|
||||
METHOD(plugin_t, get_features, int,
|
||||
private_bliss_plugin_t *this, plugin_feature_t *features[])
|
||||
{
|
||||
static plugin_feature_t f[] = {
|
||||
/* private/public keys */
|
||||
PLUGIN_REGISTER(PRIVKEY, bliss_private_key_load, TRUE),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS),
|
||||
PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE),
|
||||
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS),
|
||||
PLUGIN_DEPENDS(RNG, RNG_TRUE),
|
||||
PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
|
||||
/* signature schemes, private */
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_I_SHA256),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_IV_SHA384),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
|
||||
/* signature verification schemes */
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_I_SHA256),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_IV_SHA384),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
|
||||
};
|
||||
*features = f;
|
||||
|
||||
return countof(f);
|
||||
}
|
||||
|
||||
METHOD(plugin_t, destroy, void,
|
||||
private_bliss_plugin_t *this)
|
||||
{
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* see header file
|
||||
*/
|
||||
plugin_t *bliss_plugin_create()
|
||||
{
|
||||
private_bliss_plugin_t *this;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.plugin = {
|
||||
.get_name = _get_name,
|
||||
.get_features = _get_features,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
return &this->public.plugin;
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup bliss_p bliss
|
||||
* @ingroup plugins
|
||||
*
|
||||
* @defgroup bliss_plugin bliss_plugin
|
||||
* @{ @ingroup bliss_p
|
||||
*/
|
||||
|
||||
#ifndef BLISS_PLUGIN_H_
|
||||
#define BLISS_PLUGIN_H_
|
||||
|
||||
#include <plugins/plugin.h>
|
||||
|
||||
typedef struct bliss_plugin_t bliss_plugin_t;
|
||||
|
||||
/**
|
||||
* Plugin implementing the BLISS post-quantu authentication algorithm
|
||||
*/
|
||||
struct bliss_plugin_t {
|
||||
|
||||
/**
|
||||
* implements plugin interface
|
||||
*/
|
||||
plugin_t plugin;
|
||||
};
|
||||
|
||||
#endif /** BLISS_PLUGIN_H_ @}*/
|
|
@ -0,0 +1,207 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "bliss_private_key.h"
|
||||
|
||||
typedef struct private_bliss_private_key_t private_bliss_private_key_t;
|
||||
|
||||
/**
|
||||
* Private data of a bliss_private_key_t object.
|
||||
*/
|
||||
struct private_bliss_private_key_t {
|
||||
/**
|
||||
* Public interface for this signer.
|
||||
*/
|
||||
bliss_private_key_t public;
|
||||
|
||||
|
||||
/**
|
||||
* BLISS type
|
||||
*/
|
||||
u_int key_size;
|
||||
|
||||
/**
|
||||
* reference count
|
||||
*/
|
||||
refcount_t ref;
|
||||
};
|
||||
|
||||
METHOD(private_key_t, get_type, key_type_t,
|
||||
private_bliss_private_key_t *this)
|
||||
{
|
||||
return KEY_BLISS;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, sign, bool,
|
||||
private_bliss_private_key_t *this, signature_scheme_t scheme,
|
||||
chunk_t data, chunk_t *signature)
|
||||
{
|
||||
switch (scheme)
|
||||
{
|
||||
case SIGN_BLISS_I_SHA256:
|
||||
return FALSE;
|
||||
case SIGN_BLISS_IV_SHA384:
|
||||
return FALSE;
|
||||
default:
|
||||
DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
|
||||
signature_scheme_names, scheme);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(private_key_t, decrypt, bool,
|
||||
private_bliss_private_key_t *this, encryption_scheme_t scheme,
|
||||
chunk_t crypto, chunk_t *plain)
|
||||
{
|
||||
DBG1(DBG_LIB, "encryption scheme %N not supported",
|
||||
encryption_scheme_names, scheme);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_bliss_private_key_t *this)
|
||||
{
|
||||
return this->key_size;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_public_key, public_key_t*,
|
||||
private_bliss_private_key_t *this)
|
||||
{
|
||||
public_key_t *public = NULL;
|
||||
|
||||
return public;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_encoding, bool,
|
||||
private_bliss_private_key_t *this, cred_encoding_type_t type,
|
||||
chunk_t *encoding)
|
||||
{
|
||||
bool success = TRUE;
|
||||
|
||||
*encoding = chunk_empty;
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_fingerprint, bool,
|
||||
private_bliss_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
|
||||
{
|
||||
bool success = FALSE;
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_ref, private_key_t*,
|
||||
private_bliss_private_key_t *this)
|
||||
{
|
||||
ref_get(&this->ref);
|
||||
return &this->public.key;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, destroy, void,
|
||||
private_bliss_private_key_t *this)
|
||||
{
|
||||
if (ref_put(&this->ref))
|
||||
{
|
||||
free(this);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal generic constructor
|
||||
*/
|
||||
static private_bliss_private_key_t *bliss_private_key_create_empty(void)
|
||||
{
|
||||
private_bliss_private_key_t *this;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.key = {
|
||||
.get_type = _get_type,
|
||||
.sign = _sign,
|
||||
.decrypt = _decrypt,
|
||||
.get_keysize = _get_keysize,
|
||||
.get_public_key = _get_public_key,
|
||||
.equals = private_key_equals,
|
||||
.belongs_to = private_key_belongs_to,
|
||||
.get_fingerprint = _get_fingerprint,
|
||||
.has_fingerprint = private_key_has_fingerprint,
|
||||
.get_encoding = _get_encoding,
|
||||
.get_ref = _get_ref,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.ref = 1,
|
||||
);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
|
||||
{
|
||||
private_bliss_private_key_t *this;
|
||||
u_int key_size = 1;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (va_arg(args, builder_part_t))
|
||||
{
|
||||
case BUILD_KEY_SIZE:
|
||||
key_size = va_arg(args, u_int);
|
||||
continue;
|
||||
case BUILD_END:
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
/* Only BLISS-I and BLISS-IV are supported */
|
||||
if (key_size != 1 && key_size != 4)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
this = bliss_private_key_create_empty();
|
||||
this->key_size = key_size;
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
|
||||
{
|
||||
private_bliss_private_key_t *this;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (va_arg(args, builder_part_t))
|
||||
{
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
this = bliss_private_key_create_empty();
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup bliss_private_key bliss_private_key
|
||||
* @{ @ingroup gmp_p
|
||||
*/
|
||||
|
||||
#ifndef BLISS_PRIVATE_KEY_H_
|
||||
#define BLISS_PRIVATE_KEY_H_
|
||||
|
||||
#include <credentials/builder.h>
|
||||
#include <credentials/keys/private_key.h>
|
||||
|
||||
typedef struct bliss_private_key_t bliss_private_key_t;
|
||||
|
||||
/**
|
||||
* Private_key_t implementation of BLISS signature algorithm.
|
||||
*/
|
||||
struct bliss_private_key_t {
|
||||
|
||||
/**
|
||||
* Implements private_key_t interface
|
||||
*/
|
||||
private_key_t key;
|
||||
};
|
||||
|
||||
/**
|
||||
* Generate a BLISS private key.
|
||||
*
|
||||
* Accepts the BUILD_KEY_SIZE argument.
|
||||
*
|
||||
* @param type type of the key, must be KEY_BLISS
|
||||
* @param args builder_part_t argument list
|
||||
* @return generated key, NULL on failure
|
||||
*/
|
||||
bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args);
|
||||
|
||||
/**
|
||||
* Load a BLISS private key.
|
||||
*
|
||||
* Accepts BUILD_BLISS_* components.
|
||||
*
|
||||
* @param type type of the key, must be KEY_BLISS
|
||||
* @param args builder_part_t argument list
|
||||
* @return loaded key, NULL on failure
|
||||
*/
|
||||
bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args);
|
||||
|
||||
#endif /** BLISS_PRIVATE_KEY_H_ @}*/
|
|
@ -0,0 +1,151 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "bliss_public_key.h"
|
||||
|
||||
typedef struct private_bliss_public_key_t private_bliss_public_key_t;
|
||||
|
||||
/**
|
||||
* Private data structure with signing context.
|
||||
*/
|
||||
struct private_bliss_public_key_t {
|
||||
/**
|
||||
* Public interface for this signer.
|
||||
*/
|
||||
bliss_public_key_t public;
|
||||
|
||||
/**
|
||||
* BLISS type
|
||||
*/
|
||||
u_int key_size;
|
||||
|
||||
/**
|
||||
* reference counter
|
||||
*/
|
||||
refcount_t ref;
|
||||
};
|
||||
|
||||
METHOD(public_key_t, get_type, key_type_t,
|
||||
private_bliss_public_key_t *this)
|
||||
{
|
||||
return KEY_BLISS;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, verify, bool,
|
||||
private_bliss_public_key_t *this, signature_scheme_t scheme,
|
||||
chunk_t data, chunk_t signature)
|
||||
{
|
||||
switch (scheme)
|
||||
{
|
||||
case SIGN_BLISS_I_SHA256:
|
||||
return FALSE;
|
||||
case SIGN_BLISS_IV_SHA384:
|
||||
return FALSE;
|
||||
default:
|
||||
DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
|
||||
signature_scheme_names, scheme);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(public_key_t, encrypt_, bool,
|
||||
private_bliss_public_key_t *this, encryption_scheme_t scheme,
|
||||
chunk_t plain, chunk_t *crypto)
|
||||
{
|
||||
DBG1(DBG_LIB, "encryption scheme %N not supported",
|
||||
encryption_scheme_names, scheme);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_keysize, int,
|
||||
private_bliss_public_key_t *this)
|
||||
{
|
||||
return this->key_size;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_encoding, bool,
|
||||
private_bliss_public_key_t *this, cred_encoding_type_t type,
|
||||
chunk_t *encoding)
|
||||
{
|
||||
bool success = TRUE;
|
||||
|
||||
*encoding = chunk_empty;
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_fingerprint, bool,
|
||||
private_bliss_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
|
||||
{
|
||||
bool success = FALSE;
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_ref, public_key_t*,
|
||||
private_bliss_public_key_t *this)
|
||||
{
|
||||
ref_get(&this->ref);
|
||||
return &this->public.key;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, destroy, void,
|
||||
private_bliss_public_key_t *this)
|
||||
{
|
||||
if (ref_put(&this->ref))
|
||||
{
|
||||
free(this);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
|
||||
{
|
||||
private_bliss_public_key_t *this;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (va_arg(args, builder_part_t))
|
||||
{
|
||||
case BUILD_END:
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.key = {
|
||||
.get_type = _get_type,
|
||||
.verify = _verify,
|
||||
.encrypt = _encrypt_,
|
||||
.equals = public_key_equals,
|
||||
.get_keysize = _get_keysize,
|
||||
.get_fingerprint = _get_fingerprint,
|
||||
.has_fingerprint = public_key_has_fingerprint,
|
||||
.get_encoding = _get_encoding,
|
||||
.get_ref = _get_ref,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.ref = 1,
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
/*
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup bliss_public_key bliss_public_key
|
||||
* @{ @ingroup gmp_p
|
||||
*/
|
||||
|
||||
#ifndef BLISS_PUBLIC_KEY_H_
|
||||
#define BLISS_PUBLIC_KEY_H_
|
||||
|
||||
#include <credentials/builder.h>
|
||||
#include <credentials/keys/public_key.h>
|
||||
|
||||
typedef struct bliss_public_key_t bliss_public_key_t;
|
||||
|
||||
/**
|
||||
* public_key_t implementation of BLISS signature algorithm
|
||||
*/
|
||||
struct bliss_public_key_t {
|
||||
|
||||
/**
|
||||
* Implements the public_key_t interface
|
||||
*/
|
||||
public_key_t key;
|
||||
};
|
||||
|
||||
/**
|
||||
* Load a BLISS public key.
|
||||
*
|
||||
* Accepts BUILD_BLISS_* components.
|
||||
*
|
||||
* @param type type of the key, must be KEY_BLISS
|
||||
* @param args builder_part_t argument list
|
||||
* @return loaded key, NULL on failure
|
||||
*/
|
||||
bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args);
|
||||
|
||||
#endif /** BLISS_PUBLIC_KEY_H_ @}*/
|
|
@ -1,6 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2009 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -43,6 +44,10 @@ static int gen()
|
|||
{
|
||||
type = KEY_ECDSA;
|
||||
}
|
||||
else if (streq(arg, "bliss"))
|
||||
{
|
||||
type = KEY_BLISS;
|
||||
}
|
||||
else
|
||||
{
|
||||
return command_usage("invalid key type");
|
||||
|
@ -96,6 +101,9 @@ static int gen()
|
|||
case KEY_ECDSA:
|
||||
size = 384;
|
||||
break;
|
||||
case KEY_BLISS:
|
||||
size = 1;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -151,12 +159,12 @@ static void __attribute__ ((constructor))reg()
|
|||
{
|
||||
command_register((command_t) {
|
||||
gen, 'g', "gen", "generate a new private key",
|
||||
{" [--type rsa|ecdsa] [--size bits] [--safe-primes]",
|
||||
{" [--type rsa|ecdsa|bliss] [--size bits] [--safe-primes]",
|
||||
"[--shares n] [--threshold l] [--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"type", 't', 1, "type of key, default: rsa"},
|
||||
{"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"},
|
||||
{"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384, bliss 1"},
|
||||
{"safe-primes", 'p', 0, "generate rsa safe primes"},
|
||||
{"shares", 'n', 1, "number of private rsa key shares"},
|
||||
{"threshold", 'l', 1, "minimum number of participating rsa key shares"},
|
||||
|
|
Loading…
Reference in New Issue