Merge branch 'Ed25519'
This commit is contained in:
commit
9da89eeb4f
|
@ -159,6 +159,10 @@ static void send_supported_hash_algorithms(private_ike_init_t *this,
|
|||
auth_cfg_t *auth;
|
||||
auth_rule_t rule;
|
||||
uintptr_t config;
|
||||
int written;
|
||||
size_t len = BUF_LEN;
|
||||
char buf[len];
|
||||
char *pos = buf;
|
||||
char *plugin_name;
|
||||
|
||||
algos = hash_algorithm_set_create();
|
||||
|
@ -205,11 +209,23 @@ static void send_supported_hash_algorithms(private_ike_init_t *this,
|
|||
while (enumerator->enumerate(enumerator, &hash))
|
||||
{
|
||||
writer->write_uint16(writer, hash);
|
||||
|
||||
/* generate debug output */
|
||||
written = snprintf(pos, len, " %N", hash_algorithm_short_names,
|
||||
hash);
|
||||
if (written > 0 && written < len)
|
||||
{
|
||||
pos += written;
|
||||
len -= written;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
message->add_notify(message, FALSE, SIGNATURE_HASH_ALGORITHMS,
|
||||
writer->get_buf(writer));
|
||||
writer->destroy(writer);
|
||||
|
||||
*pos = '\0';
|
||||
DBG2(DBG_CFG, "sending supported signature hash algorithms:%s", buf);
|
||||
}
|
||||
algos->destroy(algos);
|
||||
}
|
||||
|
@ -222,6 +238,10 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
|
|||
{
|
||||
bio_reader_t *reader;
|
||||
uint16_t algo;
|
||||
int written;
|
||||
size_t len = BUF_LEN;
|
||||
char buf[len];
|
||||
char *pos = buf;
|
||||
bool added = FALSE;
|
||||
|
||||
reader = bio_reader_create(notify->get_notification_data(notify));
|
||||
|
@ -231,10 +251,22 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
|
|||
{
|
||||
this->keymat->add_hash_algorithm(this->keymat, algo);
|
||||
added = TRUE;
|
||||
|
||||
/* generate debug output */
|
||||
written = snprintf(pos, len, " %N", hash_algorithm_short_names,
|
||||
algo);
|
||||
if (written > 0 && written < len)
|
||||
{
|
||||
pos += written;
|
||||
len -= written;
|
||||
}
|
||||
}
|
||||
}
|
||||
reader->destroy(reader);
|
||||
|
||||
*pos = '\0';
|
||||
DBG2(DBG_CFG, "received supported signature hash algorithms:%s", buf);
|
||||
|
||||
if (added)
|
||||
{
|
||||
this->ike_sa->enable_extension(this->ike_sa, EXT_SIGNATURE_AUTH);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2006 Martin Will
|
||||
* Copyright (C) 2000-2008 Andreas Steffen
|
||||
* Copyright (C) 2000-2016 Andreas Steffen
|
||||
*
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
|
@ -47,6 +47,8 @@ chunk_t asn1_algorithmIdentifier(int oid)
|
|||
case OID_ECDSA_WITH_SHA256:
|
||||
case OID_ECDSA_WITH_SHA384:
|
||||
case OID_ECDSA_WITH_SHA512:
|
||||
case OID_ED25519:
|
||||
case OID_ED448:
|
||||
parameters = chunk_empty;
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -382,6 +382,9 @@
|
|||
0x0C "brainpoolP384t1"
|
||||
0x0D "brainpoolP512r1"
|
||||
0x0E "brainpoolP512t1"
|
||||
0x65 "Thawte"
|
||||
0x70 "id-Ed25519" OID_ED25519
|
||||
0x71 "id-Ed448" OID_ED448
|
||||
0x81 ""
|
||||
0x04 "Certicom"
|
||||
0x00 "curve"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2008-2016 Tobias Brunner
|
||||
* Copyright (C) 2007-2009 Martin Willi
|
||||
* Copyright (C) 2016 Andreas Steffeb
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -547,22 +547,24 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
|
|||
signature_scheme_t scheme;
|
||||
key_type_t key;
|
||||
} schemes[] = {
|
||||
{ "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
|
||||
{ "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
|
||||
{ "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
|
||||
{ "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
|
||||
{ "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
|
||||
{ "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
|
||||
{ "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
|
||||
{ "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
|
||||
{ "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
|
||||
{ "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, },
|
||||
{ "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
|
||||
{ "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
|
||||
{ "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
|
||||
{ "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
|
||||
{ "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
|
||||
{ "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
|
||||
{ "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
|
||||
{ "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
|
||||
{ "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
|
||||
{ "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
|
||||
{ "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
|
||||
{ "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
|
||||
{ "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
|
||||
{ "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
|
||||
{ "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
|
||||
{ "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, },
|
||||
{ "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
|
||||
{ "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
|
||||
{ "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
|
||||
{ "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
|
||||
{ "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
|
||||
{ "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
|
||||
{ "identity", SIGN_ED25519, KEY_ED25519, },
|
||||
{ "identity", SIGN_ED448, KEY_ED448, },
|
||||
};
|
||||
|
||||
if (expected_strength != AUTH_RULE_MAX)
|
||||
|
@ -592,6 +594,18 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
|
|||
is_ike = strpfx(token, "ike:");
|
||||
continue;
|
||||
}
|
||||
if (streq(token, "ed25519") || streq(token, "ike:ed25519"))
|
||||
{
|
||||
expected_type = KEY_ED25519;
|
||||
is_ike = strpfx(token, "ike:");
|
||||
continue;
|
||||
}
|
||||
if (streq(token, "ed448") || streq(token, "ike:ed448"))
|
||||
{
|
||||
expected_type = KEY_ED448;
|
||||
is_ike = strpfx(token, "ike:");
|
||||
continue;
|
||||
}
|
||||
if (streq(token, "bliss") || streq(token, "ike:bliss"))
|
||||
{
|
||||
expected_type = KEY_BLISS;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2008 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -70,5 +71,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
|
|||
"BUILD_SAFE_PRIMES",
|
||||
"BUILD_SHARES",
|
||||
"BUILD_THRESHOLD",
|
||||
"BUILD_EDDSA_PRIV_ASN1_DER",
|
||||
"BUILD_END",
|
||||
);
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2008 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -151,6 +152,8 @@ enum builder_part_t {
|
|||
BUILD_SHARES,
|
||||
/** minimum number of participating private key shares */
|
||||
BUILD_THRESHOLD,
|
||||
/** DER encoded ASN.1 EdDSA private key */
|
||||
BUILD_EDDSA_PRIV_ASN1_DER,
|
||||
/** end of variable argument builder list */
|
||||
BUILD_END,
|
||||
};
|
||||
|
|
|
@ -144,6 +144,10 @@ enum cred_encoding_part_t {
|
|||
CRED_PART_PKCS10_ASN1_DER,
|
||||
/** a PGP encoded certificate */
|
||||
CRED_PART_PGP_CERT,
|
||||
/** a DER encoded EdDSA public key */
|
||||
CRED_PART_EDDSA_PUB_ASN1_DER,
|
||||
/** a DER encoded EdDSA private key */
|
||||
CRED_PART_EDDSA_PRIV_ASN1_DER,
|
||||
/** a DER encoded BLISS public key */
|
||||
CRED_PART_BLISS_PUB_ASN1_DER,
|
||||
/** a DER encoded BLISS private key */
|
||||
|
|
|
@ -24,6 +24,8 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS,
|
|||
"RSA",
|
||||
"ECDSA",
|
||||
"DSA",
|
||||
"ED25519",
|
||||
"ED448",
|
||||
"BLISS"
|
||||
);
|
||||
|
||||
|
@ -48,6 +50,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
|
|||
"ECDSA-256",
|
||||
"ECDSA-384",
|
||||
"ECDSA-521",
|
||||
"ED25519",
|
||||
"ED448",
|
||||
"BLISS_WITH_SHA2_256",
|
||||
"BLISS_WITH_SHA2_384",
|
||||
"BLISS_WITH_SHA2_512",
|
||||
|
@ -151,6 +155,10 @@ signature_scheme_t signature_scheme_from_oid(int oid)
|
|||
return SIGN_ECDSA_WITH_SHA384_DER;
|
||||
case OID_ECDSA_WITH_SHA512:
|
||||
return SIGN_ECDSA_WITH_SHA512_DER;
|
||||
case OID_ED25519:
|
||||
return SIGN_ED25519;
|
||||
case OID_ED448:
|
||||
return SIGN_ED448;
|
||||
case OID_BLISS_PUBLICKEY:
|
||||
case OID_BLISS_WITH_SHA2_512:
|
||||
return SIGN_BLISS_WITH_SHA2_512;
|
||||
|
@ -210,6 +218,10 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
|
|||
return OID_ECDSA_WITH_SHA384;
|
||||
case SIGN_ECDSA_WITH_SHA512_DER:
|
||||
return OID_ECDSA_WITH_SHA512;
|
||||
case SIGN_ED25519:
|
||||
return OID_ED25519;
|
||||
case SIGN_ED448:
|
||||
return OID_ED448;
|
||||
case SIGN_BLISS_WITH_SHA2_256:
|
||||
return OID_BLISS_WITH_SHA2_256;
|
||||
case SIGN_BLISS_WITH_SHA2_384:
|
||||
|
@ -236,15 +248,17 @@ static struct {
|
|||
key_type_t type;
|
||||
int max_keysize;
|
||||
} scheme_map[] = {
|
||||
{ SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
|
||||
{ SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
|
||||
{ SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
|
||||
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
|
||||
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
|
||||
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
|
||||
{ SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
|
||||
{ SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
|
||||
{ SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
|
||||
{ SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
|
||||
{ SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
|
||||
{ SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
|
||||
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
|
||||
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
|
||||
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
|
||||
{ SIGN_ED25519, KEY_ED25519, 0 },
|
||||
{ SIGN_ED448, KEY_ED448, 0 },
|
||||
{ SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
|
||||
{ SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
|
||||
{ SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -323,6 +337,10 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
|
|||
case SIGN_ECDSA_384:
|
||||
case SIGN_ECDSA_521:
|
||||
return KEY_ECDSA;
|
||||
case SIGN_ED25519:
|
||||
return KEY_ED25519;
|
||||
case SIGN_ED448:
|
||||
return KEY_ED448;
|
||||
case SIGN_BLISS_WITH_SHA2_256:
|
||||
case SIGN_BLISS_WITH_SHA2_384:
|
||||
case SIGN_BLISS_WITH_SHA2_512:
|
||||
|
|
|
@ -37,16 +37,19 @@ typedef enum encryption_scheme_t encryption_scheme_t;
|
|||
*/
|
||||
enum key_type_t {
|
||||
/** key type wildcard */
|
||||
KEY_ANY = 0,
|
||||
KEY_ANY = 0,
|
||||
/** RSA crypto system as in PKCS#1 */
|
||||
KEY_RSA = 1,
|
||||
KEY_RSA = 1,
|
||||
/** ECDSA as in ANSI X9.62 */
|
||||
KEY_ECDSA = 2,
|
||||
KEY_ECDSA = 2,
|
||||
/** DSA */
|
||||
KEY_DSA = 3,
|
||||
KEY_DSA = 3,
|
||||
/** Ed25519 PureEdDSA instance as in draft-irtf-cfrg-eddsa */
|
||||
KEY_ED25519 = 4,
|
||||
/** Ed448 PureEdDSA instance as in draft-irtf-cfrg-eddsa */
|
||||
KEY_ED448 = 5,
|
||||
/** BLISS */
|
||||
KEY_BLISS = 4,
|
||||
/** ElGamal, ... */
|
||||
KEY_BLISS = 6,
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -102,6 +105,10 @@ enum signature_scheme_t {
|
|||
SIGN_ECDSA_384,
|
||||
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
|
||||
SIGN_ECDSA_521,
|
||||
/** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix */
|
||||
SIGN_ED25519,
|
||||
/** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix */
|
||||
SIGN_ED448,
|
||||
/** BLISS with SHA-2_256 */
|
||||
SIGN_BLISS_WITH_SHA2_256,
|
||||
/** BLISS with SHA-2_384 */
|
||||
|
|
|
@ -20,7 +20,8 @@
|
|||
|
||||
#include <asn1/oid.h>
|
||||
|
||||
ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_SHA512,
|
||||
ENUM_BEGIN(hash_algorithm_names, HASH_IDENTITY, HASH_SHA512,
|
||||
"HASH_IDENTITY",
|
||||
"HASH_SHA1",
|
||||
"HASH_SHA256",
|
||||
"HASH_SHA384",
|
||||
|
@ -37,7 +38,8 @@ ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512,
|
|||
"HASH_SHA3_512");
|
||||
ENUM_END(hash_algorithm_names, HASH_SHA3_512);
|
||||
|
||||
ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_SHA512,
|
||||
ENUM_BEGIN(hash_algorithm_short_names, HASH_IDENTITY, HASH_SHA512,
|
||||
"identity",
|
||||
"sha1",
|
||||
"sha256",
|
||||
"sha384",
|
||||
|
@ -94,6 +96,9 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
|
|||
case OID_SHA3_512:
|
||||
case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
|
||||
return HASH_SHA3_512;
|
||||
case OID_ED25519:
|
||||
case OID_ED448:
|
||||
return HASH_IDENTITY;
|
||||
default:
|
||||
return HASH_UNKNOWN;
|
||||
}
|
||||
|
@ -267,6 +272,7 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
|
|||
case HASH_SHA3_256:
|
||||
case HASH_SHA3_384:
|
||||
case HASH_SHA3_512:
|
||||
case HASH_IDENTITY:
|
||||
case HASH_UNKNOWN:
|
||||
break;
|
||||
}
|
||||
|
@ -280,6 +286,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
|
|||
{
|
||||
switch (alg)
|
||||
{
|
||||
case HASH_IDENTITY:
|
||||
case HASH_SHA1:
|
||||
case HASH_SHA256:
|
||||
case HASH_SHA384:
|
||||
|
@ -396,6 +403,22 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
|
|||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
case KEY_ED25519:
|
||||
switch (alg)
|
||||
{
|
||||
case HASH_IDENTITY:
|
||||
return OID_ED25519;
|
||||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
case KEY_ED448:
|
||||
switch (alg)
|
||||
{
|
||||
case HASH_IDENTITY:
|
||||
return OID_ED448;
|
||||
default:
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
case KEY_BLISS:
|
||||
switch (alg)
|
||||
{
|
||||
|
@ -430,6 +453,9 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
|
|||
case SIGN_RSA_EMSA_PKCS1_NULL:
|
||||
case SIGN_ECDSA_WITH_NULL:
|
||||
break;
|
||||
case SIGN_ED25519:
|
||||
case SIGN_ED448:
|
||||
return HASH_IDENTITY;
|
||||
case SIGN_RSA_EMSA_PKCS1_MD5:
|
||||
return HASH_MD5;
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA1:
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* Copyright (C) 2012-2015 Tobias Brunner
|
||||
* Copyright (C) 2005-2006 Martin Willi
|
||||
* Copyright (C) 2005 Jan Hutter
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -35,6 +36,7 @@ typedef struct hasher_t hasher_t;
|
|||
* Hash algorithms as defined for IKEv2 by RFC 7427
|
||||
*/
|
||||
enum hash_algorithm_t {
|
||||
HASH_IDENTITY = 0,
|
||||
HASH_SHA1 = 1,
|
||||
HASH_SHA256 = 2,
|
||||
HASH_SHA384 = 3,
|
||||
|
|
|
@ -130,6 +130,12 @@ START_TEST(test_ntt_fft_speed)
|
|||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(test_ntt_fft_init)
|
||||
{
|
||||
libnttfft_init();
|
||||
}
|
||||
END_TEST
|
||||
|
||||
Suite *ntt_fft_suite_create()
|
||||
{
|
||||
Suite *s;
|
||||
|
@ -137,6 +143,10 @@ Suite *ntt_fft_suite_create()
|
|||
|
||||
s = suite_create("ntt_fft");
|
||||
|
||||
tc = tcase_create("init");
|
||||
tcase_add_test(tc, test_ntt_fft_init);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
tc = tcase_create("impulse");
|
||||
tcase_add_loop_test(tc, test_ntt_fft_impulse, 0, countof(fft_params));
|
||||
suite_add_tcase(s, tc);
|
||||
|
|
|
@ -14,6 +14,10 @@ libstrongswan_curve25519_la_SOURCES = \
|
|||
curve25519_dh.h curve25519_dh.c \
|
||||
curve25519_drv.h curve25519_drv.c \
|
||||
curve25519_drv_portable.h curve25519_drv_portable.c \
|
||||
curve25519_plugin.h curve25519_plugin.c
|
||||
curve25519_identity_hasher.h curve25519_identity_hasher.c \
|
||||
curve25519_plugin.h curve25519_plugin.c \
|
||||
curve25519_private_key.h curve25519_private_key.c \
|
||||
curve25519_public_key.h curve25519_public_key.c \
|
||||
ref10/ref10.h ref10/ref10.c ref10/base.h ref10/base2.h
|
||||
|
||||
libstrongswan_curve25519_la_LDFLAGS = -module -avoid-version
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
/**
|
||||
* @defgroup curve25519_drv curve25519_drv
|
||||
* @{ @ingroup curve25519
|
||||
* @{ @ingroup curve25519_p
|
||||
*/
|
||||
|
||||
#ifndef CURVE25519_DRV_H_
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
/**
|
||||
* @defgroup curve25519_drv_portable curve25519_drv_portable
|
||||
* @{ @ingroup curve25519
|
||||
* @{ @ingroup curve25519_p
|
||||
*/
|
||||
|
||||
#include "curve25519_drv.h"
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "curve25519_identity_hasher.h"
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
curve25519_identity_hasher_t *curve25519_identity_hasher_create(hash_algorithm_t algo)
|
||||
{
|
||||
/* since the identity hasher is never actually used, always return NULL */
|
||||
return NULL;
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup curve25519_identity_hasher curve25519_identity_hasher
|
||||
* @{ @ingroup curve25519_p
|
||||
*/
|
||||
|
||||
#ifndef CURVE25519_IDENTITY_HASHER_H_
|
||||
#define CURVE25519_IDENTITY_HASHER_H_
|
||||
|
||||
typedef struct curve25519_identity_hasher_t curve25519_identity_hasher_t;
|
||||
|
||||
#include <crypto/hashers/hasher.h>
|
||||
|
||||
/**
|
||||
* Implementation of hasher_t interface using the Identity algorithm.
|
||||
*/
|
||||
struct curve25519_identity_hasher_t {
|
||||
|
||||
/**
|
||||
* Implements hasher_t interface.
|
||||
*/
|
||||
hasher_t hasher_interface;
|
||||
};
|
||||
|
||||
/**
|
||||
* Creates a new curve25519_identity_hasher_t.
|
||||
*
|
||||
* @param algo algorithm, must be HASH_IDENTITY
|
||||
* @return curve25519_identity_hasher_t object
|
||||
*/
|
||||
curve25519_identity_hasher_t *curve25519_identity_hasher_create(hash_algorithm_t algo);
|
||||
|
||||
#endif /** CURVE25519_IDENTITY_HASHER_H_ @}*/
|
|
@ -2,6 +2,9 @@
|
|||
* Copyright (C) 2014 Martin Willi
|
||||
* Copyright (C) 2014 revosec AG
|
||||
*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
|
@ -15,6 +18,9 @@
|
|||
|
||||
#include "curve25519_plugin.h"
|
||||
#include "curve25519_dh.h"
|
||||
#include "curve25519_private_key.h"
|
||||
#include "curve25519_public_key.h"
|
||||
#include "curve25519_identity_hasher.h"
|
||||
|
||||
#include <library.h>
|
||||
|
||||
|
@ -41,9 +47,28 @@ METHOD(plugin_t, get_features, int,
|
|||
private_curve25519_plugin_t *this, plugin_feature_t *features[])
|
||||
{
|
||||
static plugin_feature_t f[] = {
|
||||
/* X25519 DH group */
|
||||
PLUGIN_REGISTER(DH, curve25519_dh_create),
|
||||
PLUGIN_PROVIDE(DH, CURVE_25519),
|
||||
PLUGIN_DEPENDS(RNG, RNG_STRONG),
|
||||
/* Ed25519 private/public keys */
|
||||
PLUGIN_REGISTER(PRIVKEY, curve25519_private_key_load, TRUE),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
|
||||
PLUGIN_REGISTER(PRIVKEY_GEN, curve25519_private_key_gen, FALSE),
|
||||
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
|
||||
PLUGIN_DEPENDS(RNG, RNG_TRUE),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
|
||||
PLUGIN_REGISTER(PUBKEY, curve25519_public_key_load, TRUE),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
|
||||
/* Ed25519 signature scheme, private */
|
||||
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
|
||||
/* Ed25519 signature verification scheme, public */
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
|
||||
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
|
||||
/* register a pro forma identity hasher */
|
||||
PLUGIN_REGISTER(HASHER, curve25519_identity_hasher_create),
|
||||
PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
|
|
|
@ -0,0 +1,346 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "curve25519_private_key.h"
|
||||
#include "curve25519_public_key.h"
|
||||
#include "ref10/ref10.h"
|
||||
|
||||
#include <asn1/asn1.h>
|
||||
#include <asn1/oid.h>
|
||||
|
||||
#define _GNU_SOURCE
|
||||
#include <stdlib.h>
|
||||
|
||||
typedef struct private_curve25519_private_key_t private_curve25519_private_key_t;
|
||||
|
||||
/**
|
||||
* Private data of a curve25519_private_key_t object.
|
||||
*/
|
||||
struct private_curve25519_private_key_t {
|
||||
/**
|
||||
* Public interface for this signer.
|
||||
*/
|
||||
curve25519_private_key_t public;
|
||||
|
||||
/**
|
||||
* Secret scalar s derived from private key.
|
||||
*/
|
||||
uint8_t s[HASH_SIZE_SHA512];
|
||||
|
||||
/**
|
||||
* Ed25519 private key
|
||||
*/
|
||||
chunk_t key;
|
||||
|
||||
/**
|
||||
* Ed25519 public key
|
||||
*/
|
||||
chunk_t pubkey;
|
||||
|
||||
/**
|
||||
* Reference count
|
||||
*/
|
||||
refcount_t ref;
|
||||
};
|
||||
|
||||
METHOD(private_key_t, get_type, key_type_t,
|
||||
private_curve25519_private_key_t *this)
|
||||
{
|
||||
return KEY_ED25519;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, sign, bool,
|
||||
private_curve25519_private_key_t *this, signature_scheme_t scheme,
|
||||
chunk_t data, chunk_t *signature)
|
||||
{
|
||||
uint8_t r[HASH_SIZE_SHA512], k[HASH_SIZE_SHA512], sig[HASH_SIZE_SHA512];
|
||||
hasher_t *hasher;
|
||||
chunk_t prefix;
|
||||
ge_p3 R;
|
||||
bool success = FALSE;
|
||||
|
||||
if (scheme != SIGN_ED25519)
|
||||
{
|
||||
DBG1(DBG_LIB, "signature scheme %N not supported by Ed25519",
|
||||
signature_scheme_names, scheme);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
|
||||
if (!hasher)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
prefix = chunk_create(this->s + 32, 32);
|
||||
|
||||
if (!hasher->get_hash(hasher, prefix, NULL) ||
|
||||
!hasher->get_hash(hasher, data, r))
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
sc_reduce(r);
|
||||
ge_scalarmult_base(&R, r);
|
||||
ge_p3_tobytes(sig, &R);
|
||||
|
||||
if (!hasher->get_hash(hasher, chunk_create(sig, 32), NULL) ||
|
||||
!hasher->get_hash(hasher, this->pubkey, NULL) ||
|
||||
!hasher->get_hash(hasher, data, k))
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
sc_reduce(k);
|
||||
sc_muladd(sig + 32, k, this->s, r);
|
||||
|
||||
*signature = chunk_clone(chunk_create(sig, sizeof(sig)));
|
||||
success = TRUE;
|
||||
|
||||
end:
|
||||
hasher->destroy(hasher);
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, decrypt, bool,
|
||||
private_curve25519_private_key_t *this, encryption_scheme_t scheme,
|
||||
chunk_t crypto, chunk_t *plain)
|
||||
{
|
||||
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
|
||||
scheme);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_curve25519_private_key_t *this)
|
||||
{
|
||||
return 8 * ED25519_KEY_LEN;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_public_key, public_key_t*,
|
||||
private_curve25519_private_key_t *this)
|
||||
{
|
||||
public_key_t *public;
|
||||
chunk_t pubkey;
|
||||
|
||||
pubkey = curve25519_public_key_info_encode(this->pubkey);
|
||||
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, pubkey, BUILD_END);
|
||||
free(pubkey.ptr);
|
||||
|
||||
return public;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_encoding, bool,
|
||||
private_curve25519_private_key_t *this, cred_encoding_type_t type,
|
||||
chunk_t *encoding)
|
||||
{
|
||||
switch (type)
|
||||
{
|
||||
case PRIVKEY_ASN1_DER:
|
||||
case PRIVKEY_PEM:
|
||||
{
|
||||
bool success = TRUE;
|
||||
|
||||
*encoding = asn1_wrap(ASN1_SEQUENCE, "cms",
|
||||
ASN1_INTEGER_0,
|
||||
asn1_algorithmIdentifier(OID_ED25519),
|
||||
asn1_wrap(ASN1_OCTET_STRING, "s",
|
||||
asn1_simple_object(ASN1_OCTET_STRING, this->key)
|
||||
)
|
||||
);
|
||||
if (type == PRIVKEY_PEM)
|
||||
{
|
||||
chunk_t asn1_encoding = *encoding;
|
||||
|
||||
success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM,
|
||||
NULL, encoding, CRED_PART_EDDSA_PRIV_ASN1_DER,
|
||||
asn1_encoding, CRED_PART_END);
|
||||
chunk_clear(&asn1_encoding);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_fingerprint, bool,
|
||||
private_curve25519_private_key_t *this, cred_encoding_type_t type,
|
||||
chunk_t *fp)
|
||||
{
|
||||
bool success;
|
||||
|
||||
if (lib->encoding->get_cache(lib->encoding, type, this, fp))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
success = curve25519_public_key_fingerprint(this->pubkey, type, fp);
|
||||
if (success)
|
||||
{
|
||||
lib->encoding->cache(lib->encoding, type, this, *fp);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_ref, private_key_t*,
|
||||
private_curve25519_private_key_t *this)
|
||||
{
|
||||
ref_get(&this->ref);
|
||||
return &this->public.key;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, destroy, void,
|
||||
private_curve25519_private_key_t *this)
|
||||
{
|
||||
if (ref_put(&this->ref))
|
||||
{
|
||||
lib->encoding->clear_cache(lib->encoding, this);
|
||||
memwipe(this->s, HASH_SIZE_SHA512);
|
||||
chunk_clear(&this->key);
|
||||
chunk_free(&this->pubkey);
|
||||
free(this);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal generic constructor
|
||||
*/
|
||||
static private_curve25519_private_key_t *curve25519_private_key_create(chunk_t key)
|
||||
{
|
||||
private_curve25519_private_key_t *this;
|
||||
hasher_t *hasher;
|
||||
ge_p3 A;
|
||||
|
||||
/* derive public key from private key */
|
||||
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
|
||||
if (!hasher)
|
||||
{
|
||||
chunk_clear(&key);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.key = {
|
||||
.get_type = _get_type,
|
||||
.sign = _sign,
|
||||
.decrypt = _decrypt,
|
||||
.get_keysize = _get_keysize,
|
||||
.get_public_key = _get_public_key,
|
||||
.equals = private_key_equals,
|
||||
.belongs_to = private_key_belongs_to,
|
||||
.get_fingerprint = _get_fingerprint,
|
||||
.has_fingerprint = private_key_has_fingerprint,
|
||||
.get_encoding = _get_encoding,
|
||||
.get_ref = _get_ref,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.key = key,
|
||||
.pubkey = chunk_alloc(ED25519_KEY_LEN),
|
||||
.ref = 1,
|
||||
);
|
||||
|
||||
/* derive secret scalar s from private key */
|
||||
if (!hasher->get_hash(hasher, key, this->s))
|
||||
{
|
||||
destroy(this);
|
||||
hasher->destroy(hasher);
|
||||
return NULL;
|
||||
}
|
||||
hasher->destroy(hasher);
|
||||
|
||||
this->s[0] &= 0xf8;
|
||||
this->s[31] &= 0x3f;
|
||||
this->s[31] |= 0x40;
|
||||
|
||||
/* derive public key */
|
||||
ge_scalarmult_base(&A, this->s);
|
||||
ge_p3_tobytes(this->pubkey.ptr, &A);
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
curve25519_private_key_t *curve25519_private_key_gen(key_type_t type,
|
||||
va_list args)
|
||||
{
|
||||
private_curve25519_private_key_t *this;
|
||||
chunk_t key;
|
||||
rng_t *rng;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (va_arg(args, builder_part_t))
|
||||
{
|
||||
case BUILD_KEY_SIZE:
|
||||
/* key_size argument is not needed */
|
||||
va_arg(args, u_int);
|
||||
continue;
|
||||
case BUILD_END:
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
/* generate 256 bit true random private key */
|
||||
rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
|
||||
if (!rng || !rng->allocate_bytes(rng, ED25519_KEY_LEN, &key))
|
||||
{
|
||||
DESTROY_IF(rng);
|
||||
return NULL;
|
||||
}
|
||||
rng->destroy(rng);
|
||||
|
||||
this = curve25519_private_key_create(key);
|
||||
|
||||
return this ? &this->public : NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
curve25519_private_key_t *curve25519_private_key_load(key_type_t type,
|
||||
va_list args)
|
||||
{
|
||||
private_curve25519_private_key_t *this;
|
||||
chunk_t key = chunk_empty;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (va_arg(args, builder_part_t))
|
||||
{
|
||||
case BUILD_EDDSA_PRIV_ASN1_DER:
|
||||
key = va_arg(args, chunk_t);
|
||||
continue;
|
||||
case BUILD_END:
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (!asn1_parse_simple_object(&key, ASN1_OCTET_STRING, 0, "EdPrivateKey") ||
|
||||
key.len != ED25519_KEY_LEN)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
this = curve25519_private_key_create(chunk_clone(key));
|
||||
|
||||
return this ? &this->public : NULL;
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup curve25519_private_key curve25519_private_key
|
||||
* @{ @ingroup curve25519_p
|
||||
*/
|
||||
|
||||
#ifndef CURVE25519_PRIVATE_KEY_H_
|
||||
#define CURVE25519_PRIVATE_KEY_H_
|
||||
|
||||
#include <credentials/builder.h>
|
||||
#include <credentials/keys/private_key.h>
|
||||
|
||||
typedef struct curve25519_private_key_t curve25519_private_key_t;
|
||||
|
||||
/**
|
||||
* Private_key_t implementation of Ed25519 signature algorithm.
|
||||
*/
|
||||
struct curve25519_private_key_t {
|
||||
|
||||
/**
|
||||
* Implements private_key_t interface
|
||||
*/
|
||||
private_key_t key;
|
||||
};
|
||||
|
||||
/**
|
||||
* Generate an Ed25519 private key.
|
||||
*
|
||||
* @param type type of the key, must be KEY_ED25519
|
||||
* @param args builder_part_t argument list
|
||||
* @return generated key, NULL on failure
|
||||
*/
|
||||
curve25519_private_key_t *curve25519_private_key_gen(key_type_t type,
|
||||
va_list args);
|
||||
|
||||
/**
|
||||
* Load an Ed25519 private key.
|
||||
*
|
||||
* @param type type of the key, must be KEY_ED25519
|
||||
* @param args builder_part_t argument list
|
||||
* @return loaded key, NULL on failure
|
||||
*/
|
||||
curve25519_private_key_t *curve25519_private_key_load(key_type_t type,
|
||||
va_list args);
|
||||
|
||||
#endif /** CURVE25519_PRIVATE_KEY_H_ @}*/
|
|
@ -0,0 +1,331 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "curve25519_public_key.h"
|
||||
#include "ref10/ref10.h"
|
||||
|
||||
#include <asn1/asn1.h>
|
||||
#include <asn1/asn1_parser.h>
|
||||
#include <asn1/oid.h>
|
||||
|
||||
typedef struct private_curve25519_public_key_t private_curve25519_public_key_t;
|
||||
|
||||
/**
|
||||
* Private data structure with signing context.
|
||||
*/
|
||||
struct private_curve25519_public_key_t {
|
||||
/**
|
||||
* Public interface for this signer.
|
||||
*/
|
||||
curve25519_public_key_t public;
|
||||
|
||||
/**
|
||||
* Ed25519 public key
|
||||
*/
|
||||
chunk_t pubkey;
|
||||
|
||||
/**
|
||||
* Reference counter
|
||||
*/
|
||||
refcount_t ref;
|
||||
};
|
||||
|
||||
METHOD(public_key_t, get_type, key_type_t,
|
||||
private_curve25519_public_key_t *this)
|
||||
{
|
||||
return KEY_ED25519;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, verify, bool,
|
||||
private_curve25519_public_key_t *this, signature_scheme_t scheme,
|
||||
chunk_t data, chunk_t signature)
|
||||
{
|
||||
hasher_t *hasher;
|
||||
uint8_t d = 0, k[HASH_SIZE_SHA512], r[32], *sig;
|
||||
int i;
|
||||
ge_p3 A;
|
||||
ge_p2 R;
|
||||
|
||||
if (scheme != SIGN_ED25519)
|
||||
{
|
||||
DBG1(DBG_LIB, "signature scheme %N not supported by Ed25519",
|
||||
signature_scheme_names, scheme);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (signature.len != 64)
|
||||
{
|
||||
DBG1(DBG_LIB, "size of Ed25519 signature is not 64 bytes");
|
||||
return FALSE;
|
||||
}
|
||||
sig = signature.ptr;
|
||||
|
||||
if (sig[63] & 0xe0)
|
||||
{
|
||||
DBG1(DBG_LIB, "the three most significant bits of Ed25519 signature "
|
||||
"are not zero");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (ge_frombytes_negate_vartime(&A, this->pubkey.ptr) != 0)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* check for all-zeroes public key */
|
||||
for (i = 0; i < 32; i++)
|
||||
{
|
||||
d |= this->pubkey.ptr[i];
|
||||
}
|
||||
if (!d)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
|
||||
if (!hasher)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (!hasher->get_hash(hasher, chunk_create(sig, 32), NULL) ||
|
||||
!hasher->get_hash(hasher, this->pubkey, NULL) ||
|
||||
!hasher->get_hash(hasher, data, k))
|
||||
{
|
||||
hasher->destroy(hasher);
|
||||
return FALSE;
|
||||
}
|
||||
hasher->destroy(hasher);
|
||||
|
||||
sc_reduce(k);
|
||||
ge_double_scalarmult_vartime(&R, k, &A, sig + 32);
|
||||
ge_tobytes(r, &R);
|
||||
|
||||
return memeq_const(sig, r, 32);
|
||||
}
|
||||
|
||||
METHOD(public_key_t, encrypt_, bool,
|
||||
private_curve25519_public_key_t *this, encryption_scheme_t scheme,
|
||||
chunk_t plain, chunk_t *crypto)
|
||||
{
|
||||
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
|
||||
scheme);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_keysize, int,
|
||||
private_curve25519_public_key_t *this)
|
||||
{
|
||||
return 8 * ED25519_KEY_LEN;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_encoding, bool,
|
||||
private_curve25519_public_key_t *this, cred_encoding_type_t type,
|
||||
chunk_t *encoding)
|
||||
{
|
||||
bool success = TRUE;
|
||||
|
||||
*encoding = curve25519_public_key_info_encode(this->pubkey);
|
||||
|
||||
if (type != PUBKEY_SPKI_ASN1_DER)
|
||||
{
|
||||
chunk_t asn1_encoding = *encoding;
|
||||
|
||||
success = lib->encoding->encode(lib->encoding, type,
|
||||
NULL, encoding, CRED_PART_EDDSA_PUB_ASN1_DER,
|
||||
asn1_encoding, CRED_PART_END);
|
||||
chunk_clear(&asn1_encoding);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_fingerprint, bool,
|
||||
private_curve25519_public_key_t *this, cred_encoding_type_t type,
|
||||
chunk_t *fp)
|
||||
{
|
||||
bool success;
|
||||
|
||||
if (lib->encoding->get_cache(lib->encoding, type, this, fp))
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
success = curve25519_public_key_fingerprint(this->pubkey, type, fp);
|
||||
if (success)
|
||||
{
|
||||
lib->encoding->cache(lib->encoding, type, this, *fp);
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_ref, public_key_t*,
|
||||
private_curve25519_public_key_t *this)
|
||||
{
|
||||
ref_get(&this->ref);
|
||||
return &this->public.key;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, destroy, void,
|
||||
private_curve25519_public_key_t *this)
|
||||
{
|
||||
if (ref_put(&this->ref))
|
||||
{
|
||||
lib->encoding->clear_cache(lib->encoding, this);
|
||||
free(this->pubkey.ptr);
|
||||
free(this);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* ASN.1 definition of an Ed25519 public key
|
||||
*/
|
||||
static const asn1Object_t pubkeyObjects[] = {
|
||||
{ 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
|
||||
{ 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
|
||||
{ 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */
|
||||
{ 0, "exit", ASN1_EOC, ASN1_EXIT }
|
||||
};
|
||||
|
||||
#define ED25519_SUBJECT_PUBLIC_KEY_ALGORITHM 1
|
||||
#define ED25519_SUBJECT_PUBLIC_KEY 2
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
curve25519_public_key_t *curve25519_public_key_load(key_type_t type,
|
||||
va_list args)
|
||||
{
|
||||
private_curve25519_public_key_t *this;
|
||||
chunk_t blob = chunk_empty, object;
|
||||
asn1_parser_t *parser;
|
||||
bool success = FALSE;
|
||||
int objectID, oid;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (va_arg(args, builder_part_t))
|
||||
{
|
||||
case BUILD_BLOB_ASN1_DER:
|
||||
blob = va_arg(args, chunk_t);
|
||||
continue;
|
||||
case BUILD_END:
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.key = {
|
||||
.get_type = _get_type,
|
||||
.verify = _verify,
|
||||
.encrypt = _encrypt_,
|
||||
.equals = public_key_equals,
|
||||
.get_keysize = _get_keysize,
|
||||
.get_fingerprint = _get_fingerprint,
|
||||
.has_fingerprint = public_key_has_fingerprint,
|
||||
.get_encoding = _get_encoding,
|
||||
.get_ref = _get_ref,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.ref = 1,
|
||||
);
|
||||
|
||||
parser = asn1_parser_create(pubkeyObjects, blob);
|
||||
|
||||
while (parser->iterate(parser, &objectID, &object))
|
||||
{
|
||||
switch (objectID)
|
||||
{
|
||||
case ED25519_SUBJECT_PUBLIC_KEY_ALGORITHM:
|
||||
{
|
||||
oid = asn1_parse_algorithmIdentifier(object,
|
||||
parser->get_level(parser) + 1, NULL);
|
||||
if (oid != OID_ED25519)
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case ED25519_SUBJECT_PUBLIC_KEY:
|
||||
{
|
||||
/* encoded as an ASN1 BIT STRING */
|
||||
if (object.len != 1 + ED25519_KEY_LEN)
|
||||
{
|
||||
goto end;
|
||||
}
|
||||
this->pubkey = chunk_clone(chunk_skip(object, 1));
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
success = parser->success(parser);
|
||||
|
||||
end:
|
||||
parser->destroy(parser);
|
||||
if (!success)
|
||||
{
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
chunk_t curve25519_public_key_info_encode(chunk_t pubkey)
|
||||
{
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mm",
|
||||
asn1_wrap(ASN1_SEQUENCE, "m",
|
||||
asn1_build_known_oid(OID_ED25519)),
|
||||
asn1_bitstring("c", pubkey));
|
||||
}
|
||||
|
||||
/**
|
||||
* See header.
|
||||
*/
|
||||
bool curve25519_public_key_fingerprint(chunk_t pubkey,
|
||||
cred_encoding_type_t type, chunk_t *fp)
|
||||
{
|
||||
hasher_t *hasher;
|
||||
chunk_t key;
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case KEYID_PUBKEY_SHA1:
|
||||
key = chunk_clone(pubkey);
|
||||
break;
|
||||
case KEYID_PUBKEY_INFO_SHA1:
|
||||
key = curve25519_public_key_info_encode(pubkey);
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
|
||||
if (!hasher || !hasher->allocate_hash(hasher, key, fp))
|
||||
{
|
||||
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
|
||||
"fingerprinting failed");
|
||||
DESTROY_IF(hasher);
|
||||
free(key.ptr);
|
||||
return FALSE;
|
||||
}
|
||||
hasher->destroy(hasher);
|
||||
free(key.ptr);
|
||||
return TRUE;
|
||||
}
|
|
@ -0,0 +1,74 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup curve25519_public_key curve25519_public_key
|
||||
* @{ @ingroup curve25519_p
|
||||
*/
|
||||
|
||||
#ifndef CURVE25519_PUBLIC_KEY_H_
|
||||
#define CURVE25519_PUBLIC_KEY_H_
|
||||
|
||||
#include <credentials/builder.h>
|
||||
#include <credentials/cred_encoding.h>
|
||||
#include <credentials/keys/public_key.h>
|
||||
|
||||
typedef struct curve25519_public_key_t curve25519_public_key_t;
|
||||
|
||||
#define ED25519_KEY_LEN 32
|
||||
|
||||
/**
|
||||
* public_key_t implementation of Ed25519 signature algorithm
|
||||
*/
|
||||
struct curve25519_public_key_t {
|
||||
|
||||
/**
|
||||
* Implements the public_key_t interface
|
||||
*/
|
||||
public_key_t key;
|
||||
};
|
||||
|
||||
/**
|
||||
* Load an Ed25519 public key.
|
||||
*
|
||||
* @param type type of the key, must be KEY_ED25519
|
||||
* @param args builder_part_t argument list
|
||||
* @return loaded key, NULL on failure
|
||||
*/
|
||||
curve25519_public_key_t *curve25519_public_key_load(key_type_t type,
|
||||
va_list args);
|
||||
|
||||
/* The following functions are shared with the curve25519_private_key class */
|
||||
|
||||
/**
|
||||
* Encode a Ed25519 subjectPublicKeyInfo record in ASN.1 DER format
|
||||
*
|
||||
* @param pubkey Ed25519 public key
|
||||
* @result ASN.1 encoded subjectPublicKeyInfo record
|
||||
*/
|
||||
chunk_t curve25519_public_key_info_encode(chunk_t pubkey);
|
||||
|
||||
/**
|
||||
* Generate a Ed25519 public key fingerprint
|
||||
*
|
||||
* @param pubkey Ed25519 public key
|
||||
* @param type type of fingerprint to be generated
|
||||
* @param fp generated fingerprint (must be freed by caller)
|
||||
* @result TRUE if generation was successful
|
||||
*/
|
||||
bool curve25519_public_key_fingerprint(chunk_t pubkey,
|
||||
cred_encoding_type_t type, chunk_t *fp);
|
||||
|
||||
#endif /** CURVE25519_PUBLIC_KEY_H_ @}*/
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,73 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* Based on the public domain libsodium adaptation by Frank Denis
|
||||
* of the SUPERCOP ref10 implementation by Daniel J. Bernstein,
|
||||
* Niels Duif, Peter Schwabe, Tanja Lange and Bo-Yin Yang.
|
||||
*/
|
||||
|
||||
{
|
||||
{ 25967493, -14356035, 29566456, 3660896, -12694345,
|
||||
4014787, 27544626, -11754271, -6079156, 2047605 },
|
||||
{ -12545711, 934262, -2722910, 3049990, -727428,
|
||||
9406986, 12720692, 5043384, 19500929, -15469378 },
|
||||
{ -8738181, 4489570, 9688441, -14785194, 10184609,
|
||||
-12363380, 29287919, 11864899, -24514362, -4438546 }
|
||||
},
|
||||
{
|
||||
{ 15636291, -9688557, 24204773, -7912398, 616977,
|
||||
-16685262, 27787600, -14772189, 28944400, -1550024 },
|
||||
{ 16568933, 4717097, -11556148, -1102322, 15682896,
|
||||
-11807043, 16354577, -11775962, 7689662, 11199574 },
|
||||
{ 30464156, -5976125, -11779434, -15670865, 23220365,
|
||||
15915852, 7512774, 10017326, -17749093, -9920357 }
|
||||
},
|
||||
{
|
||||
{ 10861363, 11473154, 27284546, 1981175, -30064349,
|
||||
12577861, 32867885, 14515107, -15438304, 10819380 },
|
||||
{ 4708026, 6336745, 20377586, 9066809, -11272109,
|
||||
6594696, -25653668, 12483688, -12668491, 5581306 },
|
||||
{ 19563160, 16186464, -29386857, 4097519, 10237984,
|
||||
-4348115, 28542350, 13850243, -23678021, -15815942 }
|
||||
},
|
||||
{
|
||||
{ 5153746, 9909285, 1723747, -2777874, 30523605,
|
||||
5516873, 19480852, 5230134, -23952439, -15175766 },
|
||||
{ -30269007, -3463509, 7665486, 10083793, 28475525,
|
||||
1649722, 20654025, 16520125, 30598449, 7715701 },
|
||||
{ 28881845, 14381568, 9657904, 3680757, -20181635,
|
||||
7843316, -31400660, 1370708, 29794553, -1409300 }
|
||||
},
|
||||
{
|
||||
{ -22518993, -6692182, 14201702, -8745502, -23510406,
|
||||
8844726, 18474211, -1361450, -13062696, 13821877 },
|
||||
{ -6455177, -7839871, 3374702, -4740862, -27098617,
|
||||
-10571707, 31655028, -7212327, 18853322, -14220951 },
|
||||
{ 4566830, -12963868, -28974889, -12240689, -7602672,
|
||||
-2830569, -8514358, -10431137, 2207753, -3209784 }
|
||||
},
|
||||
{
|
||||
{ -25154831, -4185821, 29681144, 7868801, -6854661,
|
||||
-9423865, -12437364, -663000, -31111463, -16132436 },
|
||||
{ 25576264, -2703214, 7349804, -11814844, 16472782,
|
||||
9300885, 3844789, 15725684, 171356, 6466918 },
|
||||
{ 23103977, 13316479, 9739013, -16149481, 817875,
|
||||
-15038942, 8965339, -14088058, -30714912, 16193877 }
|
||||
},
|
||||
{
|
||||
{ -33521811, 3180713, -2394130, 14003687, -16903474,
|
||||
-16270840, 17238398, 4729455, -18074513, 9256800 },
|
||||
{ -25182317, -4174131, 32336398, 5036987, -21236817,
|
||||
11360617, 22616405, 9761698, -19827198, 630305 },
|
||||
{ -13720693, 2639453, -24237460, -7406481, 9494427,
|
||||
-5774029, -6554551, -15960994, -2449256, -14291300 }
|
||||
},
|
||||
{
|
||||
{ -3151181, -5046075, 9282714, 6866145, -31907062,
|
||||
-863023, -18940575, 15033784, 25105118, -7894876 },
|
||||
{ -24326370, 15950226, -31801215, -14592823, -11662737,
|
||||
-5090925, 1573892, -2625887, 2198790, -15804619 },
|
||||
{ -3099351, 10324967, -2241613, 7453183, -5446979,
|
||||
-2735503, -13812022, -16236442, -32461234, -12290683 }
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,93 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* Based on the public domain libsodium adaptation by Frank Denis
|
||||
* of the SUPERCOP ref10 implementation by Daniel J. Bernstein,
|
||||
* Niels Duif, Peter Schwabe, Tanja Lange and Bo-Yin Yang.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup curve25519_ref10 curve25519_ref10
|
||||
* @{ @ingroup curve25519_p
|
||||
*/
|
||||
|
||||
#ifndef REF10_H_
|
||||
#define REF10_H_
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
typedef int32_t fe[10];
|
||||
|
||||
/**
|
||||
* fe means field element.
|
||||
* Here the field is \\Z/(2^255-19).
|
||||
* An element t, entries t[0]...t[9], represents the integer
|
||||
* t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
|
||||
* Bounds on each t[i] vary depending on context.
|
||||
*/
|
||||
|
||||
/**
|
||||
* ge means group element.
|
||||
*
|
||||
* Here the group is the set of pairs (x,y) of field elements (see fe.h)
|
||||
* satisfying -x^2 + y^2 = 1 + d x^2y^2
|
||||
* where d = -121665/121666.
|
||||
*
|
||||
* Representations:
|
||||
* ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
|
||||
* ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
|
||||
* ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
|
||||
* ge_precomp (Duif): (y+x,y-x,2dxy)
|
||||
*/
|
||||
|
||||
typedef struct {
|
||||
fe X;
|
||||
fe Y;
|
||||
fe Z;
|
||||
} ge_p2;
|
||||
|
||||
typedef struct {
|
||||
fe X;
|
||||
fe Y;
|
||||
fe Z;
|
||||
fe T;
|
||||
} ge_p3;
|
||||
|
||||
typedef struct {
|
||||
fe X;
|
||||
fe Y;
|
||||
fe Z;
|
||||
fe T;
|
||||
} ge_p1p1;
|
||||
|
||||
typedef struct {
|
||||
fe yplusx;
|
||||
fe yminusx;
|
||||
fe xy2d;
|
||||
} ge_precomp;
|
||||
|
||||
typedef struct {
|
||||
fe YplusX;
|
||||
fe YminusX;
|
||||
fe Z;
|
||||
fe T2d;
|
||||
} ge_cached;
|
||||
|
||||
extern void ge_tobytes(uint8_t *, const ge_p2 *);
|
||||
extern void ge_p3_tobytes(uint8_t *, const ge_p3 *);
|
||||
extern int ge_frombytes_negate_vartime(ge_p3 *, const uint8_t *);
|
||||
extern void ge_scalarmult_base(ge_p3 *, const uint8_t *);
|
||||
extern void ge_double_scalarmult_vartime(ge_p2 *, const uint8_t *,
|
||||
const ge_p3 *, const uint8_t *);
|
||||
|
||||
/**
|
||||
* The set of scalars is \\Z/l
|
||||
* where l = 2^252 + 27742317777372353535851937790883648493.
|
||||
*/
|
||||
|
||||
extern void sc_reduce(uint8_t *);
|
||||
extern void sc_muladd(uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *);
|
||||
|
||||
#endif /** REF10_H_ @}*/
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Andreas Steffen
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2010-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -37,7 +37,11 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
|
|||
if (cred_encoding_args(args, CRED_PART_RSA_PUB_ASN1_DER,
|
||||
&asn1, CRED_PART_END) ||
|
||||
cred_encoding_args(args, CRED_PART_ECDSA_PUB_ASN1_DER,
|
||||
&asn1, CRED_PART_END))
|
||||
&asn1, CRED_PART_END) ||
|
||||
cred_encoding_args(args, CRED_PART_EDDSA_PUB_ASN1_DER,
|
||||
&asn1, CRED_PART_END) ||
|
||||
cred_encoding_args(args, CRED_PART_BLISS_PUB_ASN1_DER,
|
||||
&asn1, CRED_PART_END))
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
@ -53,11 +57,6 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
|
|||
break;
|
||||
}
|
||||
}
|
||||
if (cred_encoding_args(args, CRED_PART_BLISS_PUB_ASN1_DER,
|
||||
&asn1, CRED_PART_END))
|
||||
{
|
||||
break;
|
||||
}
|
||||
return FALSE;
|
||||
case PRIVKEY_PEM:
|
||||
label ="RSA PRIVATE KEY";
|
||||
|
@ -97,6 +96,12 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
|
|||
label ="BLISS PRIVATE KEY";
|
||||
break;
|
||||
}
|
||||
if (cred_encoding_args(args, CRED_PART_EDDSA_PRIV_ASN1_DER,
|
||||
&asn1, CRED_PART_END))
|
||||
{
|
||||
label ="PRIVATE KEY";
|
||||
break;
|
||||
}
|
||||
return FALSE;
|
||||
case CERT_PEM:
|
||||
if (cred_encoding_args(args, CRED_PART_X509_ASN1_DER,
|
||||
|
|
|
@ -63,6 +63,9 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS),
|
||||
PLUGIN_DEPENDS(PRIVKEY, KEY_BLISS),
|
||||
PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
|
||||
PLUGIN_DEPENDS(PRIVKEY, KEY_ED25519),
|
||||
|
||||
/* public key PEM decoding */
|
||||
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
|
||||
|
@ -79,6 +82,10 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_DEPENDS(PUBKEY, KEY_DSA),
|
||||
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
|
||||
PLUGIN_DEPENDS(PUBKEY, KEY_BLISS),
|
||||
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
|
||||
PLUGIN_DEPENDS(PUBKEY, KEY_ED25519),
|
||||
|
||||
/* certificate PEM decoding */
|
||||
PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
|
||||
|
|
|
@ -75,6 +75,13 @@ static public_key_t *parse_public_key(chunk_t blob)
|
|||
KEY_BLISS, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
|
||||
goto end;
|
||||
}
|
||||
else if (oid == OID_ED25519)
|
||||
{
|
||||
/* Need the whole subjectPublicKeyInfo for Ed25519 public keys */
|
||||
key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
|
||||
KEY_ED25519, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
|
||||
goto end;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* key type not supported */
|
||||
|
|
|
@ -52,6 +52,9 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
|
||||
PLUGIN_SDEPEND(PUBKEY, KEY_RSA),
|
||||
PLUGIN_SDEPEND(PUBKEY, KEY_ECDSA),
|
||||
PLUGIN_SDEPEND(PUBKEY, KEY_ED25519),
|
||||
PLUGIN_SDEPEND(PUBKEY, KEY_ED448),
|
||||
PLUGIN_SDEPEND(PUBKEY, KEY_BLISS),
|
||||
PLUGIN_SDEPEND(PUBKEY, KEY_DSA),
|
||||
PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
|
||||
|
|
|
@ -47,6 +47,7 @@ static private_key_t *parse_private_key(chunk_t blob)
|
|||
int objectID;
|
||||
private_key_t *key = NULL;
|
||||
key_type_t type = KEY_ANY;
|
||||
builder_part_t part = BUILD_BLOB_ASN1_DER;
|
||||
|
||||
parser = asn1_parser_create(pkinfoObjects, blob);
|
||||
parser->set_flags(parser, FALSE, TRUE);
|
||||
|
@ -68,6 +69,14 @@ static private_key_t *parse_private_key(chunk_t blob)
|
|||
case OID_EC_PUBLICKEY:
|
||||
type = KEY_ECDSA;
|
||||
break;
|
||||
case OID_ED25519:
|
||||
type = KEY_ED25519;
|
||||
part = BUILD_EDDSA_PRIV_ASN1_DER;
|
||||
break;
|
||||
case OID_ED448:
|
||||
type = KEY_ED448;
|
||||
part = BUILD_EDDSA_PRIV_ASN1_DER;
|
||||
break;
|
||||
default:
|
||||
/* key type not supported */
|
||||
goto end;
|
||||
|
@ -81,14 +90,12 @@ static private_key_t *parse_private_key(chunk_t blob)
|
|||
{
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
|
||||
type, BUILD_BLOB_ALGID_PARAMS,
|
||||
params, BUILD_BLOB_ASN1_DER,
|
||||
object, BUILD_END);
|
||||
params, part, object, BUILD_END);
|
||||
}
|
||||
else
|
||||
{
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
|
||||
type, BUILD_BLOB_ASN1_DER, object,
|
||||
BUILD_END);
|
||||
type, part, object, BUILD_END);
|
||||
}
|
||||
DBG2(DBG_ASN, "-- < --");
|
||||
break;
|
||||
|
|
|
@ -46,6 +46,8 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
|
||||
PLUGIN_PROVIDE(PRIVKEY, KEY_ED448),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
|
|
|
@ -55,7 +55,8 @@ tests_SOURCES = tests.h tests.c \
|
|||
suites/test_printf.c \
|
||||
suites/test_test_rng.c \
|
||||
suites/test_mgf1.c \
|
||||
suites/test_ntru.c
|
||||
suites/test_ntru.c \
|
||||
suites/test_ed25519.c
|
||||
|
||||
tests_CFLAGS = \
|
||||
-I$(top_srcdir)/src/libstrongswan \
|
||||
|
|
|
@ -36,7 +36,8 @@ static crypter_oid_t oids[] = {
|
|||
{ OID_AES256_CBC, ENCR_AES_CBC, 256 },
|
||||
{ OID_CAMELLIA128_CBC, ENCR_CAMELLIA_CBC, 128 },
|
||||
{ OID_CAMELLIA192_CBC, ENCR_CAMELLIA_CBC, 192 },
|
||||
{ OID_CAMELLIA256_CBC, ENCR_CAMELLIA_CBC, 256 }
|
||||
{ OID_CAMELLIA256_CBC, ENCR_CAMELLIA_CBC, 256 },
|
||||
{ OID_BLOWFISH_CBC, ENCR_BLOWFISH, 0 }
|
||||
};
|
||||
|
||||
START_TEST(test_crypter_from_oid)
|
||||
|
|
|
@ -0,0 +1,527 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "test_suite.h"
|
||||
|
||||
#include <time.h>
|
||||
|
||||
typedef struct sig_test_t sig_test_t;
|
||||
|
||||
struct sig_test_t {
|
||||
chunk_t key;
|
||||
chunk_t pubkey;
|
||||
chunk_t msg;
|
||||
chunk_t sig;
|
||||
};
|
||||
|
||||
/**
|
||||
* Ed25519 Test Vectors from draft-irtf-cfrg-eddsa
|
||||
*/
|
||||
static sig_test_t sig_tests[] = {
|
||||
/* Test 1 */
|
||||
{ chunk_from_chars(
|
||||
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
|
||||
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x9d, 0x61, 0xb1, 0x9d,
|
||||
0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84, 0x4a, 0xf4, 0x92, 0xec,
|
||||
0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69, 0x7b, 0x32, 0x69, 0x19,
|
||||
0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, 0x7f, 0x60),
|
||||
chunk_from_chars(
|
||||
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7,
|
||||
0xd5, 0x4b, 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1,
|
||||
0x72, 0xf3, 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68,
|
||||
0xf7, 0x07, 0x51, 0x1a),
|
||||
{ NULL, 0 },
|
||||
chunk_from_chars(
|
||||
0xe5, 0x56, 0x43, 0x00, 0xc3, 0x60, 0xac, 0x72, 0x90, 0x86,
|
||||
0xe2, 0xcc, 0x80, 0x6e, 0x82, 0x8a, 0x84, 0x87, 0x7f, 0x1e,
|
||||
0xb8, 0xe5, 0xd9, 0x74, 0xd8, 0x73, 0xe0, 0x65, 0x22, 0x49,
|
||||
0x01, 0x55, 0x5f, 0xb8, 0x82, 0x15, 0x90, 0xa3, 0x3b, 0xac,
|
||||
0xc6, 0x1e, 0x39, 0x70, 0x1c, 0xf9, 0xb4, 0x6b, 0xd2, 0x5b,
|
||||
0xf5, 0xf0, 0x59, 0x5b, 0xbe, 0x24, 0x65, 0x51, 0x41, 0x43,
|
||||
0x8e, 0x7a, 0x10, 0x0b)
|
||||
},
|
||||
/* Test 2 */
|
||||
{ chunk_from_chars(
|
||||
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
|
||||
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x4c, 0xcd, 0x08, 0x9b,
|
||||
0x28, 0xff, 0x96, 0xda, 0x9d, 0xb6, 0xc3, 0x46, 0xec, 0x11,
|
||||
0x4e, 0x0f, 0x5b, 0x8a, 0x31, 0x9f, 0x35, 0xab, 0xa6, 0x24,
|
||||
0xda, 0x8c, 0xf6, 0xed, 0x4f, 0xb8, 0xa6, 0xfb),
|
||||
chunk_from_chars(
|
||||
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0x3d, 0x40, 0x17, 0xc3, 0xe8, 0x43, 0x89, 0x5a,
|
||||
0x92, 0xb7, 0x0a, 0xa7, 0x4d, 0x1b, 0x7e, 0xbc, 0x9c, 0x98,
|
||||
0x2c, 0xcf, 0x2e, 0xc4, 0x96, 0x8c, 0xc0, 0xcd, 0x55, 0xf1,
|
||||
0x2a, 0xf4, 0x66, 0x0c),
|
||||
chunk_from_chars(
|
||||
0x72),
|
||||
chunk_from_chars(
|
||||
0x92, 0xa0, 0x09, 0xa9, 0xf0, 0xd4, 0xca, 0xb8, 0x72, 0x0e,
|
||||
0x82, 0x0b, 0x5f, 0x64, 0x25, 0x40, 0xa2, 0xb2, 0x7b, 0x54,
|
||||
0x16, 0x50, 0x3f, 0x8f, 0xb3, 0x76, 0x22, 0x23, 0xeb, 0xdb,
|
||||
0x69, 0xda, 0x08, 0x5a, 0xc1, 0xe4, 0x3e, 0x15, 0x99, 0x6e,
|
||||
0x45, 0x8f, 0x36, 0x13, 0xd0, 0xf1, 0x1d, 0x8c, 0x38, 0x7b,
|
||||
0x2e, 0xae, 0xb4, 0x30, 0x2a, 0xee, 0xb0, 0x0d, 0x29, 0x16,
|
||||
0x12, 0xbb, 0x0c, 0x00)
|
||||
},
|
||||
/* Test 3 */
|
||||
{ chunk_from_chars(
|
||||
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
|
||||
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xc5, 0xaa, 0x8d, 0xf4,
|
||||
0x3f, 0x9f, 0x83, 0x7b, 0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc,
|
||||
0xb7, 0xb1, 0x66, 0xd3, 0x85, 0x35,0x07, 0x6f, 0x09, 0x4b,
|
||||
0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7),
|
||||
chunk_from_chars(
|
||||
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3,
|
||||
0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58, 0x08, 0x16,
|
||||
0xed, 0x13, 0xba, 0x33, 0x03, 0xac, 0x5d, 0xeb, 0x91, 0x15,
|
||||
0x48, 0x90, 0x80, 0x25),
|
||||
chunk_from_chars(
|
||||
0xaf, 0x82),
|
||||
chunk_from_chars(
|
||||
0x62, 0x91, 0xd6, 0x57, 0xde, 0xec, 0x24, 0x02, 0x48, 0x27,
|
||||
0xe6, 0x9c, 0x3a, 0xbe, 0x01, 0xa3, 0x0c, 0xe5, 0x48, 0xa2,
|
||||
0x84, 0x74, 0x3a, 0x44, 0x5e, 0x36, 0x80, 0xd7, 0xdb, 0x5a,
|
||||
0xc3, 0xac, 0x18, 0xff, 0x9b, 0x53, 0x8d, 0x16, 0xf2, 0x90,
|
||||
0xae, 0x67, 0xf7, 0x60, 0x98, 0x4d, 0xc6, 0x59, 0x4a, 0x7c,
|
||||
0x15, 0xe9, 0x71, 0x6e, 0xd2, 0x8d, 0xc0, 0x27, 0xbe, 0xce,
|
||||
0xea, 0x1e, 0xc4, 0x0a)
|
||||
},
|
||||
/* Test 1024 */
|
||||
{ chunk_from_chars(
|
||||
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
|
||||
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xf5, 0xe5, 0x76, 0x7c,
|
||||
0xf1, 0x53, 0x31, 0x95, 0x17, 0x63, 0x0f, 0x22, 0x68, 0x76,
|
||||
0xb8, 0x6c, 0x81, 0x60, 0xcc, 0x58, 0x3b, 0xc0, 0x13, 0x74,
|
||||
0x4c, 0x6b, 0xf2, 0x55, 0xf5, 0xcc, 0x0e, 0xe5),
|
||||
chunk_from_chars(
|
||||
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0x27, 0x81, 0x17, 0xfc, 0x14, 0x4c, 0x72, 0x34,
|
||||
0x0f, 0x67, 0xd0, 0xf2, 0x31, 0x6e, 0x83, 0x86, 0xce, 0xff,
|
||||
0xbf, 0x2b, 0x24, 0x28, 0xc9, 0xc5, 0x1f, 0xef, 0x7c, 0x59,
|
||||
0x7f, 0x1d, 0x42, 0x6e),
|
||||
chunk_from_chars(
|
||||
0x08, 0xb8, 0xb2, 0xb7, 0x33, 0x42, 0x42, 0x43, 0x76, 0x0f,
|
||||
0xe4, 0x26, 0xa4, 0xb5, 0x49, 0x08, 0x63, 0x21, 0x10, 0xa6,
|
||||
0x6c, 0x2f, 0x65, 0x91, 0xea, 0xbd, 0x33, 0x45, 0xe3, 0xe4,
|
||||
0xeb, 0x98, 0xfa, 0x6e, 0x26, 0x4b, 0xf0, 0x9e, 0xfe, 0x12,
|
||||
0xee, 0x50, 0xf8, 0xf5, 0x4e, 0x9f, 0x77, 0xb1, 0xe3, 0x55,
|
||||
0xf6, 0xc5, 0x05, 0x44, 0xe2, 0x3f, 0xb1, 0x43, 0x3d, 0xdf,
|
||||
0x73, 0xbe, 0x84, 0xd8, 0x79, 0xde, 0x7c, 0x00, 0x46, 0xdc,
|
||||
0x49, 0x96, 0xd9, 0xe7, 0x73, 0xf4, 0xbc, 0x9e, 0xfe, 0x57,
|
||||
0x38, 0x82, 0x9a, 0xdb, 0x26, 0xc8, 0x1b, 0x37, 0xc9, 0x3a,
|
||||
0x1b, 0x27, 0x0b, 0x20, 0x32, 0x9d, 0x65, 0x86, 0x75, 0xfc,
|
||||
|
||||
0x6e, 0xa5, 0x34, 0xe0, 0x81, 0x0a, 0x44, 0x32, 0x82, 0x6b,
|
||||
0xf5, 0x8c, 0x94, 0x1e, 0xfb, 0x65, 0xd5, 0x7a, 0x33, 0x8b,
|
||||
0xbd, 0x2e, 0x26, 0x64, 0x0f, 0x89, 0xff, 0xbc, 0x1a, 0x85,
|
||||
0x8e, 0xfc, 0xb8, 0x55, 0x0e, 0xe3, 0xa5, 0xe1, 0x99, 0x8b,
|
||||
0xd1, 0x77, 0xe9, 0x3a, 0x73, 0x63, 0xc3, 0x44, 0xfe, 0x6b,
|
||||
0x19, 0x9e, 0xe5, 0xd0, 0x2e, 0x82, 0xd5, 0x22, 0xc4, 0xfe,
|
||||
0xba, 0x15, 0x45, 0x2f, 0x80, 0x28, 0x8a, 0x82, 0x1a, 0x57,
|
||||
0x91, 0x16, 0xec, 0x6d, 0xad, 0x2b, 0x3b, 0x31, 0x0d, 0xa9,
|
||||
0x03, 0x40, 0x1a, 0xa6, 0x21, 0x00, 0xab, 0x5d, 0x1a, 0x36,
|
||||
0x55, 0x3e, 0x06, 0x20, 0x3b, 0x33, 0x89, 0x0c, 0xc9, 0xb8,
|
||||
|
||||
0x32, 0xf7, 0x9e, 0xf8, 0x05, 0x60, 0xcc, 0xb9, 0xa3, 0x9c,
|
||||
0xe7, 0x67, 0x96, 0x7e, 0xd6, 0x28, 0xc6, 0xad, 0x57, 0x3c,
|
||||
0xb1, 0x16, 0xdb, 0xef, 0xef, 0xd7, 0x54, 0x99, 0xda, 0x96,
|
||||
0xbd, 0x68, 0xa8, 0xa9, 0x7b, 0x92, 0x8a, 0x8b, 0xbc, 0x10,
|
||||
0x3b, 0x66, 0x21, 0xfc, 0xde, 0x2b, 0xec, 0xa1, 0x23, 0x1d,
|
||||
0x20, 0x6b, 0xe6, 0xcd, 0x9e, 0xc7, 0xaf, 0xf6, 0xf6, 0xc9,
|
||||
0x4f, 0xcd, 0x72, 0x04, 0xed, 0x34, 0x55, 0xc6, 0x8c, 0x83,
|
||||
0xf4, 0xa4, 0x1d, 0xa4, 0xaf, 0x2b, 0x74, 0xef, 0x5c, 0x53,
|
||||
0xf1, 0xd8, 0xac, 0x70, 0xbd, 0xcb, 0x7e, 0xd1, 0x85, 0xce,
|
||||
0x81, 0xbd, 0x84, 0x35, 0x9d, 0x44, 0x25, 0x4d, 0x95, 0x62,
|
||||
|
||||
0x9e, 0x98, 0x55, 0xa9, 0x4a, 0x7c, 0x19, 0x58, 0xd1, 0xf8,
|
||||
0xad, 0xa5, 0xd0, 0x53, 0x2e, 0xd8, 0xa5, 0xaa, 0x3f, 0xb2,
|
||||
0xd1, 0x7b, 0xa7, 0x0e, 0xb6, 0x24, 0x8e, 0x59, 0x4e, 0x1a,
|
||||
0x22, 0x97, 0xac, 0xbb, 0xb3, 0x9d, 0x50, 0x2f, 0x1a, 0x8c,
|
||||
0x6e, 0xb6, 0xf1, 0xce, 0x22, 0xb3, 0xde, 0x1a, 0x1f, 0x40,
|
||||
0xcc, 0x24, 0x55, 0x41, 0x19, 0xa8, 0x31, 0xa9, 0xaa, 0xd6,
|
||||
0x07, 0x9c, 0xad, 0x88, 0x42, 0x5d, 0xe6, 0xbd, 0xe1, 0xa9,
|
||||
0x18, 0x7e, 0xbb, 0x60, 0x92, 0xcf, 0x67, 0xbf, 0x2b, 0x13,
|
||||
0xfd, 0x65, 0xf2, 0x70, 0x88, 0xd7, 0x8b, 0x7e, 0x88, 0x3c,
|
||||
0x87, 0x59, 0xd2, 0xc4, 0xf5, 0xc6, 0x5a, 0xdb, 0x75, 0x53,
|
||||
|
||||
0x87, 0x8a, 0xd5, 0x75, 0xf9, 0xfa, 0xd8, 0x78, 0xe8, 0x0a,
|
||||
0x0c, 0x9b, 0xa6, 0x3b, 0xcb, 0xcc, 0x27, 0x32, 0xe6, 0x94,
|
||||
0x85, 0xbb, 0xc9, 0xc9, 0x0b, 0xfb, 0xd6, 0x24, 0x81, 0xd9,
|
||||
0x08, 0x9b, 0xec, 0xcf, 0x80, 0xcf, 0xe2, 0xdf, 0x16, 0xa2,
|
||||
0xcf, 0x65, 0xbd, 0x92, 0xdd, 0x59, 0x7b, 0x07, 0x07, 0xe0,
|
||||
0x91, 0x7a, 0xf4, 0x8b, 0xbb, 0x75, 0xfe, 0xd4, 0x13, 0xd2,
|
||||
0x38, 0xf5, 0x55, 0x5a, 0x7a, 0x56, 0x9d, 0x80, 0xc3, 0x41,
|
||||
0x4a, 0x8d, 0x08, 0x59, 0xdc, 0x65, 0xa4, 0x61, 0x28, 0xba,
|
||||
0xb2, 0x7a, 0xf8, 0x7a, 0x71, 0x31, 0x4f, 0x31, 0x8c, 0x78,
|
||||
0x2b, 0x23, 0xeb, 0xfe, 0x80, 0x8b, 0x82, 0xb0, 0xce, 0x26,
|
||||
|
||||
0x40, 0x1d, 0x2e, 0x22, 0xf0, 0x4d, 0x83, 0xd1, 0x25, 0x5d,
|
||||
0xc5, 0x1a, 0xdd, 0xd3, 0xb7, 0x5a, 0x2b, 0x1a, 0xe0, 0x78,
|
||||
0x45, 0x04, 0xdf, 0x54, 0x3a, 0xf8, 0x96, 0x9b, 0xe3, 0xea,
|
||||
0x70, 0x82, 0xff, 0x7f, 0xc9, 0x88, 0x8c, 0x14, 0x4d, 0xa2,
|
||||
0xaf, 0x58, 0x42, 0x9e, 0xc9, 0x60, 0x31, 0xdb, 0xca, 0xd3,
|
||||
0xda, 0xd9, 0xaf, 0x0d, 0xcb, 0xaa, 0xaf, 0x26, 0x8c, 0xb8,
|
||||
0xfc, 0xff, 0xea, 0xd9, 0x4f, 0x3c, 0x7c, 0xa4, 0x95, 0xe0,
|
||||
0x56, 0xa9, 0xb4, 0x7a, 0xcd, 0xb7, 0x51, 0xfb, 0x73, 0xe6,
|
||||
0x66, 0xc6, 0xc6, 0x55, 0xad, 0xe8, 0x29, 0x72, 0x97, 0xd0,
|
||||
0x7a, 0xd1, 0xba, 0x5e, 0x43, 0xf1, 0xbc, 0xa3, 0x23, 0x01,
|
||||
|
||||
0x65, 0x13, 0x39, 0xe2, 0x29, 0x04, 0xcc, 0x8c, 0x42, 0xf5,
|
||||
0x8c, 0x30, 0xc0, 0x4a, 0xaf, 0xdb, 0x03, 0x8d, 0xda, 0x08,
|
||||
0x47, 0xdd, 0x98, 0x8d, 0xcd, 0xa6, 0xf3, 0xbf, 0xd1, 0x5c,
|
||||
0x4b, 0x4c, 0x45, 0x25, 0x00, 0x4a, 0xa0, 0x6e, 0xef, 0xf8,
|
||||
0xca, 0x61, 0x78, 0x3a, 0xac, 0xec, 0x57, 0xfb, 0x3d, 0x1f,
|
||||
0x92, 0xb0, 0xfe, 0x2f, 0xd1, 0xa8, 0x5f, 0x67, 0x24, 0x51,
|
||||
0x7b, 0x65, 0xe6, 0x14, 0xad, 0x68, 0x08, 0xd6, 0xf6, 0xee,
|
||||
0x34, 0xdf, 0xf7, 0x31, 0x0f, 0xdc, 0x82, 0xae, 0xbf, 0xd9,
|
||||
0x04, 0xb0, 0x1e, 0x1d, 0xc5, 0x4b, 0x29, 0x27, 0x09, 0x4b,
|
||||
0x2d, 0xb6, 0x8d, 0x6f, 0x90, 0x3b, 0x68, 0x40, 0x1a, 0xde,
|
||||
|
||||
0xbf, 0x5a, 0x7e, 0x08, 0xd7, 0x8f, 0xf4, 0xef, 0x5d, 0x63,
|
||||
0x65, 0x3a, 0x65, 0x04, 0x0c, 0xf9, 0xbf, 0xd4, 0xac, 0xa7,
|
||||
0x98, 0x4a, 0x74, 0xd3, 0x71, 0x45, 0x98, 0x67, 0x80, 0xfc,
|
||||
0x0b, 0x16, 0xac, 0x45, 0x16, 0x49, 0xde, 0x61, 0x88, 0xa7,
|
||||
0xdb, 0xdf, 0x19, 0x1f, 0x64, 0xb5, 0xfc, 0x5e, 0x2a, 0xb4,
|
||||
0x7b, 0x57, 0xf7, 0xf7, 0x27, 0x6c, 0xd4, 0x19, 0xc1, 0x7a,
|
||||
0x3c, 0xa8, 0xe1, 0xb9, 0x39, 0xae, 0x49, 0xe4, 0x88, 0xac,
|
||||
0xba, 0x6b, 0x96, 0x56, 0x10, 0xb5, 0x48, 0x01, 0x09, 0xc8,
|
||||
0xb1, 0x7b, 0x80, 0xe1, 0xb7, 0xb7, 0x50, 0xdf, 0xc7, 0x59,
|
||||
0x8d, 0x5d, 0x50, 0x11, 0xfd, 0x2d, 0xcc, 0x56, 0x00, 0xa3,
|
||||
|
||||
0x2e, 0xf5, 0xb5, 0x2a, 0x1e, 0xcc, 0x82, 0x0e, 0x30, 0x8a,
|
||||
0xa3, 0x42, 0x72, 0x1a, 0xac, 0x09, 0x43, 0xbf, 0x66, 0x86,
|
||||
0xb6, 0x4b, 0x25, 0x79, 0x37, 0x65, 0x04, 0xcc, 0xc4, 0x93,
|
||||
0xd9, 0x7e, 0x6a, 0xed, 0x3f, 0xb0, 0xf9, 0xcd, 0x71, 0xa4,
|
||||
0x3d, 0xd4, 0x97, 0xf0, 0x1f, 0x17, 0xc0, 0xe2, 0xcb, 0x37,
|
||||
0x97, 0xaa, 0x2a, 0x2f, 0x25, 0x66, 0x56, 0x16, 0x8e, 0x6c,
|
||||
0x49, 0x6a, 0xfc, 0x5f, 0xb9, 0x32, 0x46, 0xf6, 0xb1, 0x11,
|
||||
0x63, 0x98, 0xa3, 0x46, 0xf1, 0xa6, 0x41, 0xf3, 0xb0, 0x41,
|
||||
0xe9, 0x89, 0xf7, 0x91, 0x4f, 0x90, 0xcc, 0x2c, 0x7f, 0xff,
|
||||
0x35, 0x78, 0x76, 0xe5, 0x06, 0xb5, 0x0d, 0x33, 0x4b, 0xa7,
|
||||
|
||||
0x7c, 0x22, 0x5b, 0xc3, 0x07, 0xba, 0x53, 0x71, 0x52, 0xf3,
|
||||
0xf1, 0x61, 0x0e, 0x4e, 0xaf, 0xe5, 0x95, 0xf6, 0xd9, 0xd9,
|
||||
0x0d, 0x11, 0xfa, 0xa9, 0x33, 0xa1, 0x5e, 0xf1, 0x36, 0x95,
|
||||
0x46, 0x86, 0x8a, 0x7f, 0x3a, 0x45, 0xa9, 0x67, 0x68, 0xd4,
|
||||
0x0f, 0xd9, 0xd0, 0x34, 0x12, 0xc0, 0x91, 0xc6, 0x31, 0x5c,
|
||||
0xf4, 0xfd, 0xe7, 0xcb, 0x68, 0x60, 0x69, 0x37, 0x38, 0x0d,
|
||||
0xb2, 0xea, 0xaa, 0x70, 0x7b, 0x4c, 0x41, 0x85, 0xc3, 0x2e,
|
||||
0xdd, 0xcd, 0xd3, 0x06, 0x70, 0x5e, 0x4d, 0xc1, 0xff, 0xc8,
|
||||
0x72, 0xee, 0xee, 0x47, 0x5a, 0x64, 0xdf, 0xac, 0x86, 0xab,
|
||||
0xa4, 0x1c, 0x06, 0x18, 0x98, 0x3f, 0x87, 0x41, 0xc5, 0xef,
|
||||
|
||||
0x68, 0xd3, 0xa1, 0x01, 0xe8, 0xa3, 0xb8, 0xca, 0xc6, 0x0c,
|
||||
0x90, 0x5c, 0x15, 0xfc, 0x91, 0x08, 0x40, 0xb9, 0x4c, 0x00,
|
||||
0xa0, 0xb9, 0xd0),
|
||||
chunk_from_chars(
|
||||
0x0a, 0xab, 0x4c, 0x90, 0x05, 0x01, 0xb3, 0xe2, 0x4d, 0x7c,
|
||||
0xdf, 0x46, 0x63, 0x32, 0x6a, 0x3a, 0x87, 0xdf, 0x5e, 0x48,
|
||||
0x43, 0xb2, 0xcb, 0xdb, 0x67, 0xcb, 0xf6, 0xe4, 0x60, 0xfe,
|
||||
0xc3, 0x50, 0xaa, 0x53, 0x71, 0xb1, 0x50, 0x8f, 0x9f, 0x45,
|
||||
0x28, 0xec, 0xea, 0x23, 0xc4, 0x36, 0xd9, 0x4b, 0x5e, 0x8f,
|
||||
0xcd, 0x4f, 0x68, 0x1e, 0x30, 0xa6, 0xac, 0x00, 0xa9, 0x70,
|
||||
0x4a, 0x18, 0x8a, 0x03)
|
||||
},
|
||||
/* Test SHA(abc) */
|
||||
{ chunk_from_chars(
|
||||
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
|
||||
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x83, 0x3f, 0xe6, 0x24,
|
||||
0x09, 0x23, 0x7b, 0x9d, 0x62, 0xec, 0x77, 0x58, 0x75, 0x20,
|
||||
0x91, 0x1e, 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
|
||||
0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42),
|
||||
chunk_from_chars(
|
||||
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0xec, 0x17, 0x2b, 0x93, 0xad, 0x5e, 0x56, 0x3b,
|
||||
0xf4, 0x93, 0x2c, 0x70, 0xe1, 0x24, 0x50, 0x34, 0xc3, 0x54,
|
||||
0x67, 0xef, 0x2e, 0xfd, 0x4d, 0x64, 0xeb, 0xf8, 0x19, 0x68,
|
||||
0x34, 0x67, 0xe2, 0xbf),
|
||||
chunk_from_chars(
|
||||
0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41,
|
||||
0x73, 0x49, 0xae, 0x20, 0x41, 0x31, 0x12, 0xe6, 0xfa, 0x4e,
|
||||
0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55,
|
||||
0xd3, 0x9a, 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
|
||||
0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, 0x45, 0x4d,
|
||||
0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f,
|
||||
0xa5, 0x4c, 0xa4, 0x9f),
|
||||
chunk_from_chars(
|
||||
0xdc, 0x2a, 0x44, 0x59, 0xe7, 0x36, 0x96, 0x33, 0xa5, 0x2b,
|
||||
0x1b, 0xf2, 0x77, 0x83, 0x9a, 0x00, 0x20, 0x10, 0x09, 0xa3,
|
||||
0xef, 0xbf, 0x3e, 0xcb, 0x69, 0xbe, 0xa2, 0x18, 0x6c, 0x26,
|
||||
0xb5, 0x89, 0x09, 0x35, 0x1f, 0xc9, 0xac, 0x90, 0xb3, 0xec,
|
||||
0xfd, 0xfb, 0xc7, 0xc6, 0x64, 0x31, 0xe0, 0x30, 0x3d, 0xca,
|
||||
0x17, 0x9c, 0x13, 0x8a, 0xc1, 0x7a, 0xd9, 0xbe, 0xf1, 0x17,
|
||||
0x73, 0x31, 0xa7, 0x04)
|
||||
}
|
||||
};
|
||||
|
||||
START_TEST(test_ed25519_sign)
|
||||
{
|
||||
private_key_t *key;
|
||||
public_key_t *pubkey, *public;
|
||||
chunk_t sig, encoding;
|
||||
|
||||
/* load private key */
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, sig_tests[_i].key, BUILD_END);
|
||||
ck_assert(key != NULL);
|
||||
ck_assert(key->get_encoding(key, PRIVKEY_ASN1_DER, &encoding));
|
||||
ck_assert(chunk_equals(encoding, sig_tests[_i].key));
|
||||
chunk_free(&encoding);
|
||||
|
||||
/* load public key */
|
||||
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, sig_tests[_i].pubkey, BUILD_END);
|
||||
ck_assert(pubkey != NULL);
|
||||
ck_assert(pubkey->get_encoding(pubkey, PUBKEY_SPKI_ASN1_DER, &encoding));
|
||||
ck_assert(chunk_equals(encoding, sig_tests[_i].pubkey));
|
||||
chunk_free(&encoding);
|
||||
|
||||
/* compare public keys */
|
||||
public = key->get_public_key(key);
|
||||
ck_assert(public != NULL);
|
||||
ck_assert(public->equals(public, pubkey));
|
||||
|
||||
/* sign */
|
||||
ck_assert(key->sign(key, SIGN_ED25519, sig_tests[_i].msg, &sig));
|
||||
ck_assert(sig.len == 64);
|
||||
ck_assert(chunk_equals(sig, sig_tests[_i].sig));
|
||||
|
||||
/* verify */
|
||||
ck_assert(pubkey->verify(pubkey, SIGN_ED25519, sig_tests[_i].msg,
|
||||
sig_tests[_i].sig));
|
||||
|
||||
/* cleanup */
|
||||
key->destroy(key);
|
||||
pubkey->destroy(pubkey);
|
||||
public->destroy(public);
|
||||
chunk_free(&sig);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(test_ed25519_gen)
|
||||
{
|
||||
private_key_t *key, *key2;
|
||||
public_key_t *pubkey, *pubkey2;
|
||||
chunk_t msg = chunk_from_str("Ed25519"), sig, encoding, fp_priv, fp_pub;
|
||||
|
||||
/* generate private key */
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
|
||||
BUILD_KEY_SIZE, 256, BUILD_END);
|
||||
ck_assert(key != NULL);
|
||||
ck_assert(key->get_type(key) == KEY_ED25519);
|
||||
ck_assert(key->get_keysize(key) == 256);
|
||||
ck_assert(!key->get_encoding(key, PRIVKEY_PGP, &encoding));
|
||||
ck_assert(key->get_encoding(key, PRIVKEY_PEM, &encoding));
|
||||
ck_assert(encoding.ptr != NULL);
|
||||
ck_assert(strstr(encoding.ptr, "PRIVATE KEY"));
|
||||
chunk_free(&encoding);
|
||||
|
||||
/* clone private key */
|
||||
key2 = key->get_ref(key);
|
||||
ck_assert(key2);
|
||||
key2->destroy(key2);
|
||||
|
||||
/* decryption not supported */
|
||||
ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL));
|
||||
|
||||
/* wrong signature scheme */
|
||||
ck_assert(!key->sign(key, SIGN_ED448, msg, &sig));
|
||||
|
||||
/* correct signature scheme*/
|
||||
ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
|
||||
|
||||
/* export public key */
|
||||
pubkey = key->get_public_key(key);
|
||||
ck_assert(pubkey != NULL);
|
||||
ck_assert(pubkey->get_type(pubkey) == KEY_ED25519);
|
||||
ck_assert(pubkey->get_keysize(pubkey) == 256);
|
||||
ck_assert(pubkey->get_encoding(pubkey, PUBKEY_PEM, &encoding));
|
||||
ck_assert(encoding.ptr != NULL);
|
||||
ck_assert(strstr(encoding.ptr, "PUBLIC KEY"));
|
||||
chunk_free(&encoding);
|
||||
|
||||
/* generate and compare public and private key fingerprints */
|
||||
ck_assert(!key->get_fingerprint(key, KEYID_PGPV4, &fp_priv));
|
||||
ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp_priv));
|
||||
ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp_priv));
|
||||
ck_assert(fp_priv.ptr != NULL);
|
||||
ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp_pub));
|
||||
ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &fp_pub));
|
||||
ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &fp_pub));
|
||||
ck_assert(fp_pub.ptr != NULL);
|
||||
ck_assert(chunk_equals(fp_pub, fp_priv));
|
||||
|
||||
/* clone public key */
|
||||
pubkey2 = pubkey->get_ref(pubkey);
|
||||
ck_assert(pubkey2 != NULL);
|
||||
pubkey2->destroy(pubkey2);
|
||||
|
||||
/* encryption not supported */
|
||||
ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL));
|
||||
|
||||
/* verify with wrong signature scheme */
|
||||
ck_assert(!pubkey->verify(pubkey, SIGN_ED448, msg, sig));
|
||||
|
||||
/* verify with correct signature scheme */
|
||||
ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
|
||||
|
||||
/* cleanup */
|
||||
key->destroy(key);
|
||||
pubkey->destroy(pubkey);
|
||||
chunk_free(&sig);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(test_ed25519_speed)
|
||||
{
|
||||
private_key_t *key;
|
||||
public_key_t *pubkey;
|
||||
chunk_t msg = chunk_from_str("Hello Ed25519"), sig;
|
||||
int i, count = 1000;
|
||||
|
||||
#ifdef HAVE_CLOCK_GETTIME
|
||||
struct timespec start, stop;
|
||||
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
|
||||
#endif
|
||||
|
||||
for (i = 0; i < count; i++)
|
||||
{
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
|
||||
BUILD_KEY_SIZE, 256, BUILD_END);
|
||||
ck_assert(key != NULL);
|
||||
ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
|
||||
pubkey = key->get_public_key(key);
|
||||
ck_assert(pubkey != NULL);
|
||||
ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
|
||||
key->destroy(key);
|
||||
pubkey->destroy(pubkey);
|
||||
chunk_free(&sig);
|
||||
}
|
||||
|
||||
#ifdef HAVE_CLOCK_GETTIME
|
||||
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop);
|
||||
DBG0(DBG_LIB, "%d Ed25519 keys and signatures in %d ms\n", count,
|
||||
(stop.tv_nsec - start.tv_nsec) / 1000000 +
|
||||
(stop.tv_sec - start.tv_sec) * 1000);
|
||||
#endif
|
||||
}
|
||||
END_TEST
|
||||
|
||||
static chunk_t zero_pk = chunk_from_chars(
|
||||
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
|
||||
0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00);
|
||||
|
||||
START_TEST(test_ed25519_fail)
|
||||
{
|
||||
private_key_t *key;
|
||||
public_key_t *pubkey;
|
||||
chunk_t blob, sig;
|
||||
uint8_t sig1[64];
|
||||
|
||||
/* Invalid private key format */
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, chunk_empty, BUILD_END);
|
||||
ck_assert(key == NULL);
|
||||
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
|
||||
BUILD_EDDSA_PRIV_ASN1_DER, chunk_empty, BUILD_END);
|
||||
ck_assert(key == NULL);
|
||||
|
||||
blob = chunk_from_chars(0x04, 0x01, 0x9d);
|
||||
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
|
||||
BUILD_EDDSA_PRIV_ASN1_DER, blob, BUILD_END);
|
||||
ck_assert(key == NULL);
|
||||
|
||||
/* Invalid public key format */
|
||||
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, chunk_empty, BUILD_END);
|
||||
ck_assert(pubkey == NULL);
|
||||
|
||||
blob = chunk_from_chars(0x30, 0x0b, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
|
||||
0x70, 0x03, 0x02, 0x00, 0xd7);
|
||||
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, blob, BUILD_END);
|
||||
ck_assert(pubkey == NULL);
|
||||
|
||||
blob = chunk_from_chars(0x30, 0x0b, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x00,
|
||||
0x70, 0x03, 0x02, 0x00, 0xd7);
|
||||
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, blob, BUILD_END);
|
||||
ck_assert(pubkey == NULL);
|
||||
|
||||
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_KEY_SIZE, 256, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
|
||||
ck_assert(pubkey == NULL);
|
||||
|
||||
/* Invalid signature format */
|
||||
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, sig_tests[0].pubkey, BUILD_END);
|
||||
ck_assert(pubkey != NULL);
|
||||
|
||||
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, chunk_empty, chunk_empty));
|
||||
|
||||
/* malformed signature */
|
||||
sig = chunk_create(sig1, 64);
|
||||
memcpy(sig1, sig_tests[0].sig.ptr, 64);
|
||||
sig1[63] |= 0xe0;
|
||||
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
|
||||
|
||||
/* wrong signature */
|
||||
memcpy(sig1, sig_tests[0].sig.ptr, 64);
|
||||
sig1[0] = 0xe4;
|
||||
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
|
||||
|
||||
/* detect all-zeroes public key */
|
||||
pubkey->destroy(pubkey);
|
||||
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
|
||||
BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END);
|
||||
ck_assert(pubkey != NULL);
|
||||
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
|
||||
pubkey->destroy(pubkey);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
Suite *ed25519_suite_create()
|
||||
{
|
||||
Suite *s;
|
||||
TCase *tc;
|
||||
|
||||
s = suite_create("ed25519");
|
||||
|
||||
tc = tcase_create("ed25519_sign");
|
||||
tcase_add_loop_test(tc, test_ed25519_sign, 0, countof(sig_tests));
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
tc = tcase_create("ed25519_gen");
|
||||
tcase_add_test(tc, test_ed25519_gen);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
tc = tcase_create("ed25519_fail");
|
||||
tcase_add_test(tc, test_ed25519_fail);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
tc = tcase_create("ed25519_speed");
|
||||
test_case_set_timeout(tc, 10);
|
||||
tcase_add_test(tc, test_ed25519_speed);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
return s;
|
||||
}
|
|
@ -28,38 +28,47 @@ typedef struct {
|
|||
}hasher_oid_t;
|
||||
|
||||
static hasher_oid_t oids[] = {
|
||||
{ OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */
|
||||
{ OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */
|
||||
{ OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */
|
||||
{ OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */
|
||||
{ OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */
|
||||
{ OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */
|
||||
{ OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */
|
||||
{ OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */
|
||||
{ OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */
|
||||
{ OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */
|
||||
{ OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */
|
||||
{ OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */
|
||||
{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */
|
||||
{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */
|
||||
{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */
|
||||
{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */
|
||||
{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */
|
||||
{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 19 */
|
||||
{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 20 */
|
||||
{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 21 */
|
||||
{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 22 */
|
||||
{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 23 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 24 */
|
||||
{ OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 25 */
|
||||
{ OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 26 */
|
||||
{ OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 27 */
|
||||
{ OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 28 */
|
||||
{ OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 29 */
|
||||
{ OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 30 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS } /* 31 */
|
||||
{ OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */
|
||||
{ OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */
|
||||
{ OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */
|
||||
{ OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */
|
||||
{ OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */
|
||||
{ OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */
|
||||
{ OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */
|
||||
{ OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */
|
||||
{ OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */
|
||||
{ OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */
|
||||
{ OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */
|
||||
{ OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */
|
||||
{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */
|
||||
{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */
|
||||
{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */
|
||||
{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */
|
||||
{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */
|
||||
{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */
|
||||
{ OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 19 */
|
||||
{ OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 20 */
|
||||
{ OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 21 */
|
||||
{ OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 22 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 23 */
|
||||
{ OID_ED25519, HASH_IDENTITY, KEY_ED25519 }, /* 24 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 }, /* 25 */
|
||||
{ OID_ED448, HASH_IDENTITY, KEY_ED448 }, /* 26 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 }, /* 27 */
|
||||
{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 28 */
|
||||
{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 29 */
|
||||
{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 30 */
|
||||
{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 31 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 32 */
|
||||
{ OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 33 */
|
||||
{ OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 34 */
|
||||
{ OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 35 */
|
||||
{ OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 36 */
|
||||
{ OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 37 */
|
||||
{ OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 38 */
|
||||
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS }, /* 39 */
|
||||
|
||||
};
|
||||
|
||||
START_TEST(test_hasher_from_oid)
|
||||
|
@ -113,6 +122,8 @@ static hasher_sig_scheme_t sig_schemes[] = {
|
|||
{ SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
|
||||
{ SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
|
||||
{ SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
|
||||
{ SIGN_ED25519, HASH_IDENTITY },
|
||||
{ SIGN_ED448, HASH_IDENTITY },
|
||||
{ 30, HASH_UNKNOWN }
|
||||
};
|
||||
|
||||
|
@ -214,6 +225,7 @@ typedef struct {
|
|||
}hasher_ikev2_t;
|
||||
|
||||
static hasher_ikev2_t ikev2[] = {
|
||||
{ HASH_IDENTITY, TRUE },
|
||||
{ HASH_SHA1, TRUE },
|
||||
{ HASH_SHA256, TRUE },
|
||||
{ HASH_SHA384, TRUE },
|
||||
|
@ -244,7 +256,7 @@ Suite *hasher_suite_create()
|
|||
s = suite_create("hasher");
|
||||
|
||||
tc = tcase_create("from_oid");
|
||||
tcase_add_loop_test(tc, test_hasher_from_oid, 0, 15);
|
||||
tcase_add_loop_test(tc, test_hasher_from_oid, 0, 28);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
tc = tcase_create("to_oid");
|
||||
|
|
|
@ -50,3 +50,5 @@ TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
|
|||
TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
|
||||
TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
|
||||
TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
|
||||
TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519)
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2009 Martin Willi
|
||||
* Copyright (C) 2014-2015 Andreas Steffen
|
||||
* Copyright (C) 2014-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -44,6 +44,10 @@ static int gen()
|
|||
{
|
||||
type = KEY_ECDSA;
|
||||
}
|
||||
else if (streq(arg, "ed25519"))
|
||||
{
|
||||
type = KEY_ED25519;
|
||||
}
|
||||
else if (streq(arg, "bliss"))
|
||||
{
|
||||
type = KEY_BLISS;
|
||||
|
@ -101,6 +105,9 @@ static int gen()
|
|||
case KEY_ECDSA:
|
||||
size = 384;
|
||||
break;
|
||||
case KEY_ED25519:
|
||||
size = 256;
|
||||
break;
|
||||
case KEY_BLISS:
|
||||
size = 1;
|
||||
break;
|
||||
|
@ -159,7 +166,7 @@ static void __attribute__ ((constructor))reg()
|
|||
{
|
||||
command_register((command_t) {
|
||||
gen, 'g', "gen", "generate a new private key",
|
||||
{" [--type rsa|ecdsa|bliss] [--size bits] [--safe-primes]",
|
||||
{" [--type rsa|ecdsa|ed25519|bliss] [--size bits] [--safe-primes]",
|
||||
"[--shares n] [--threshold l] [--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2009 Martin Willi
|
||||
* Copyright (C) 2015 Andreas Steffen
|
||||
* Copyright (C) 2015-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -112,6 +112,11 @@ static int issue()
|
|||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ECDSA;
|
||||
}
|
||||
else if (streq(arg, "ed25519"))
|
||||
{
|
||||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ED25519;
|
||||
}
|
||||
else if (streq(arg, "bliss"))
|
||||
{
|
||||
type = CRED_PRIVATE_KEY;
|
||||
|
@ -585,7 +590,7 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t) {
|
||||
issue, 'i', "issue",
|
||||
"issue a certificate using a CA certificate and key",
|
||||
{"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
|
||||
{"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|ed25519|bliss] --cakey file|--cakeyid hex",
|
||||
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
|
||||
"[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
|
||||
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* Copyright (C) 2010 Martin Willi
|
||||
* Copyright (C) 2010 revosec AG
|
||||
*
|
||||
* Copyright (C) 2015 Andreas Steffen
|
||||
* Copyright (C) 2015-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -106,6 +106,12 @@ static int print()
|
|||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ECDSA;
|
||||
}
|
||||
else if (streq(arg, "ed25519") ||
|
||||
streq(arg, "ed25519-priv"))
|
||||
{
|
||||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ED25519;
|
||||
}
|
||||
else if (streq(arg, "bliss") ||
|
||||
streq(arg, "bliss-priv"))
|
||||
{
|
||||
|
@ -181,7 +187,7 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t)
|
||||
{ print, 'a', "print",
|
||||
"print a credential in a human readable form",
|
||||
{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
|
||||
{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "input file, default: stdin"},
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2009 Martin Willi
|
||||
* Copyright (C) 2015 Andreas Steffen
|
||||
* Copyright (C) 2015-2016 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -90,6 +90,10 @@ static int self()
|
|||
{
|
||||
type = KEY_ECDSA;
|
||||
}
|
||||
else if (streq(arg, "ed25519"))
|
||||
{
|
||||
type = KEY_ED25519;
|
||||
}
|
||||
else if (streq(arg, "bliss"))
|
||||
{
|
||||
type = KEY_BLISS;
|
||||
|
@ -421,7 +425,7 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t) {
|
||||
self, 's', "self",
|
||||
"create a self signed certificate",
|
||||
{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
|
||||
{" [--in file|--keyid hex] [--type rsa|ecdsa|ed25519|bliss|priv]",
|
||||
" --dn distinguished-name [--san subjectAltName]+",
|
||||
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
|
||||
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "PKI \-\-GEN" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.TH "PKI \-\-GEN" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.
|
||||
.SH "NAME"
|
||||
.
|
||||
|
@ -45,7 +45,8 @@ Set debug level, default: 1.
|
|||
Read command line options from \fIfile\fR.
|
||||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of key to generate. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
|
||||
Type of key to generate. Either \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR or
|
||||
\fIbliss\fR, defaults to \fIrsa\fR.
|
||||
.TP
|
||||
.BI "\-s, \-\-size " bits
|
||||
Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "PKI \-\-ISSUE" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.TH "PKI \-\-ISSUE" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.
|
||||
.SH "NAME"
|
||||
.
|
||||
|
@ -68,9 +68,9 @@ key/request is read from \fISTDIN\fR.
|
|||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
|
||||
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
|
||||
private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to
|
||||
\fIpub\fR.
|
||||
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key),
|
||||
\fIed25519\fR (Ed25519 private key) \fIbliss\fR (BLISS private key) or
|
||||
\fIpkcs10\fR (PKCS#10 certificate request), defaults to \fIpub\fR.
|
||||
.TP
|
||||
.BI "\-k, \-\-cakey " file
|
||||
CA private key file. Either this or
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "PKI \-\-PRINT" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.TH "PKI \-\-PRINT" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.
|
||||
.SH "NAME"
|
||||
.
|
||||
|
@ -47,8 +47,8 @@ Input file. If not given the input is read from \fISTDIN\fR.
|
|||
Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
|
||||
Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
|
||||
\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private
|
||||
key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to
|
||||
\fIx509\fR.
|
||||
key), \fIed25519\fR (Ed25519 private key), \fIbliss\fR (BLISS private key),
|
||||
\fIpriv\fR (private key), defaults to \fIx509\fR.
|
||||
.
|
||||
.SH "SEE ALSO"
|
||||
.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.TH "PKI \-\-SELF" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.TH "PKI \-\-SELF" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.
|
||||
.SH "NAME"
|
||||
.
|
||||
|
@ -68,8 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR.
|
|||
Key ID of a private key on a smartcard.
|
||||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
|
||||
defaults to \fIpriv\fR.
|
||||
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR
|
||||
or \fIbliss\fR, defaults to \fIpriv\fR.
|
||||
.TP
|
||||
.BI "\-d, \-\-dn " distinguished-name
|
||||
Subject and issuer distinguished name (DN). Required.
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB4jCCAZSgAwIBAgIBAzAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
|
||||
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
|
||||
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDExWhcNMjExMjA0MjI0MDExWjBbMQswCQYD
|
||||
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
|
||||
ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh
|
||||
APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GIMIGFMB8GA1UdIwQY
|
||||
MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u
|
||||
Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
|
||||
bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAFBgMrZXADQQAC5ukfb9FmxhM5
|
||||
ynVSrYUvCfii+zD7SjA+kFabRZ6tgoTWBBUONT31dwLpD0Aqe0z7SWLTXpeVVAl4
|
||||
JbhZsPUD
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB4DCCAZKgAwIBAgIBBDAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
|
||||
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
|
||||
IFJvb3QgQ0EwHhcNMTYxMjA0MjIzODQwWhcNMjExMjA0MjIzODQwWjBaMQswCQYD
|
||||
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
|
||||
ZDI1NTE5MRwwGgYDVQQDDBNkYXZlQHN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
|
||||
fYCNzyBpr3lne+kVB27q7O7TvMkERDB9kRnzNSx30hijgYcwgYQwHwYDVR0jBBgw
|
||||
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
|
||||
d2FuLm9yZzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
|
||||
b3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmwwBQYDK2VwA0EAEG4SjQX49xhuMiyn
|
||||
86uOCxDWy08KUQRBLoqan+cPfYDPgCbblpbmJOoCBtcUyzEYQ+L/gCQzwLAUZSbK
|
||||
MEj7Dg==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
|
||||
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
|
||||
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD
|
||||
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
|
||||
ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
|
||||
4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw
|
||||
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
|
||||
d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
|
||||
dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww
|
||||
BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX
|
||||
8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
|
||||
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
|
||||
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD
|
||||
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
|
||||
ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn
|
||||
HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW
|
||||
gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh
|
||||
bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0
|
||||
cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG
|
||||
AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq
|
||||
8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIJk9u+XHU+E8YNCuj/bTDVRHbWDk2NzCyrTFqtzWRAv8
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIF17ReOyn64y7tmC11XyYzcALKmu9lkS0VnWSd0l54FX
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0
|
||||
-----END PRIVATE KEY-----
|
Binary file not shown.
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
|
||||
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
|
||||
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
|
||||
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
|
||||
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
|
||||
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
|
||||
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
|
||||
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
|
||||
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIHb+63Ppcfc9m/E9EyoojCDUz6KcUmwTquU7sgpmctz0
|
||||
-----END PRIVATE KEY-----
|
|
@ -63,3 +63,6 @@ cp strongswan_bliss.crl ${ROOT}
|
|||
cd /etc/openssl/sha3-rsa
|
||||
pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --digest sha3_256 > strongswan-sha3-rsa.crl
|
||||
cp strongswan-sha3-rsa.crl ${ROOT}
|
||||
cd /etc/openssl/ed25519
|
||||
pki --signcrl --cacert strongswan_ed25519Cert.pem --cakey strongswan_ed25519Key.pem --lifetime 30 > strongswan_ed25519.crl
|
||||
cp strongswan_ed25519.crl ${ROOT}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# strongswan.conf - strongSwan configuration file
|
||||
|
||||
pki {
|
||||
load = random pem sha1 sha2 sha3 pkcs1 pem gmp mgf1 bliss x509
|
||||
load = random pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 bliss curve25519 x509
|
||||
}
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
|
||||
The authentication is based on <b>X.509 certificates</b> containing <b>Ed25519</b> keys.
|
||||
Upon the successful establishment of the IPsec tunnel, the updown script automatically
|
||||
inserts iptables-based firewall rules that let pass the tunneled traffic.
|
||||
In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
|
||||
pings client <b>bob</b> located behind gateway <b>sun</b>.
|
|
@ -0,0 +1,7 @@
|
|||
moon::cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with ED25519 successful::YES
|
||||
sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ED25519 successful::YES
|
||||
moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
|
||||
sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
|
||||
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
|
||||
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
|
||||
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
|
|
@ -0,0 +1,22 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,33 @@
|
|||
connections {
|
||||
|
||||
gw-gw {
|
||||
local_addrs = 192.168.0.1
|
||||
remote_addrs = 192.168.0.2
|
||||
|
||||
local {
|
||||
auth = pubkey
|
||||
certs = moonCert.pem
|
||||
id = moon.strongswan.org
|
||||
}
|
||||
remote {
|
||||
auth = pubkey
|
||||
id = sun.strongswan.org
|
||||
}
|
||||
children {
|
||||
net-net {
|
||||
local_ts = 10.1.0.0/16
|
||||
remote_ts = 10.2.0.0/16
|
||||
|
||||
updown = /usr/local/libexec/ipsec/_updown iptables
|
||||
rekey_time = 5400
|
||||
rekey_bytes = 500000000
|
||||
rekey_packets = 1000000
|
||||
esp_proposals = aes128gcm128-curve25519
|
||||
}
|
||||
}
|
||||
version = 2
|
||||
mobike = no
|
||||
reauth_time = 10800
|
||||
proposals = aes128-sha256-curve25519
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
|
||||
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
|
||||
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD
|
||||
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
|
||||
ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
|
||||
4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw
|
||||
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
|
||||
d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
|
||||
dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww
|
||||
BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX
|
||||
8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
|
||||
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
|
||||
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
|
||||
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
|
||||
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
|
||||
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
|
||||
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
|
||||
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
|
||||
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,22 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,33 @@
|
|||
connections {
|
||||
|
||||
gw-gw {
|
||||
local_addrs = 192.168.0.2
|
||||
remote_addrs = 192.168.0.1
|
||||
|
||||
local {
|
||||
auth = pubkey
|
||||
certs = sunCert.pem
|
||||
id = sun.strongswan.org
|
||||
}
|
||||
remote {
|
||||
auth = pubkey
|
||||
id = moon.strongswan.org
|
||||
}
|
||||
children {
|
||||
net-net {
|
||||
local_ts = 10.2.0.0/16
|
||||
remote_ts = 10.1.0.0/16
|
||||
|
||||
updown = /usr/local/libexec/ipsec/_updown iptables
|
||||
rekey_time = 5400
|
||||
rekey_bytes = 500000000
|
||||
rekey_packets = 1000000
|
||||
esp_proposals = aes128gcm128-curve25519
|
||||
}
|
||||
}
|
||||
version = 2
|
||||
mobike = no
|
||||
reauth_time = 10800
|
||||
proposals = aes128-sha256-curve25519
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
|
||||
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
|
||||
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD
|
||||
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
|
||||
ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn
|
||||
HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW
|
||||
gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh
|
||||
bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0
|
||||
cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG
|
||||
AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq
|
||||
8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
|
||||
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
|
||||
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
|
||||
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
|
||||
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
|
||||
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
|
||||
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
|
||||
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
|
||||
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,7 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
moon::rm /etc/swanctl/pkcs8/*
|
||||
sun::rm /etc/swanctl/pkcs8/*
|
|
@ -0,0 +1,9 @@
|
|||
moon::rm /etc/swanctl/rsa/moonKey.pem
|
||||
sun::rm /etc/swanctl/rsa/sunKey.pem
|
||||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::expect-connection gw-gw
|
||||
sun::expect-connection gw-gw
|
||||
moon::swanctl --initiate --child net-net 2> /dev/null
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# This configuration file provides information on the
|
||||
# guest instances used for this test
|
||||
|
||||
# All guest instances that are required for this test
|
||||
#
|
||||
VIRTHOSTS="alice moon winnetou sun bob"
|
||||
|
||||
# Corresponding block diagram
|
||||
#
|
||||
DIAGRAM="a-m-w-s-b.png"
|
||||
|
||||
# Guest instances on which tcpdump is to be started
|
||||
#
|
||||
TCPDUMPHOSTS="sun"
|
||||
|
||||
# Guest instances on which IPsec is started
|
||||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon sun"
|
||||
|
||||
# charon controlled by swanctl
|
||||
#
|
||||
SWANCTL=1
|
Loading…
Reference in New Issue