ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Merge branch 'Ed25519'

This commit is contained in:
Andreas Steffen 2016-12-16 12:24:54 +01:00
parent 351179d4dc 4f19112b1f
commit 9da89eeb4f
73 changed files with 7058 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/libcharon/sa/ikev2/tasks/ike_init.c
View File

@ -159,6 +159,10 @@ static void send_supported_hash_algorithms(private_ike_init_t *this,
auth_cfg_t *auth;
auth_rule_t rule;
uintptr_t config;
int written;
size_t len = BUF_LEN;
char buf[len];
char *pos = buf;
char *plugin_name;
algos = hash_algorithm_set_create();
@ -205,11 +209,23 @@ static void send_supported_hash_algorithms(private_ike_init_t *this,
while (enumerator->enumerate(enumerator, &hash))
{
writer->write_uint16(writer, hash);
/* generate debug output */
written = snprintf(pos, len, " %N", hash_algorithm_short_names,
hash);
if (written > 0 && written < len)
{
pos += written;
len -= written;
}
}
enumerator->destroy(enumerator);
message->add_notify(message, FALSE, SIGNATURE_HASH_ALGORITHMS,
writer->get_buf(writer));
writer->destroy(writer);
*pos = '\0';
DBG2(DBG_CFG, "sending supported signature hash algorithms:%s", buf);
}
algos->destroy(algos);
}
@ -222,6 +238,10 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
{
bio_reader_t *reader;
uint16_t algo;
int written;
size_t len = BUF_LEN;
char buf[len];
char *pos = buf;
bool added = FALSE;
reader = bio_reader_create(notify->get_notification_data(notify));
@ -231,10 +251,22 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
{
this->keymat->add_hash_algorithm(this->keymat, algo);
added = TRUE;
/* generate debug output */
written = snprintf(pos, len, " %N", hash_algorithm_short_names,
algo);
if (written > 0 && written < len)
{
pos += written;
len -= written;
}
}
}
reader->destroy(reader);
*pos = '\0';
DBG2(DBG_CFG, "received supported signature hash algorithms:%s", buf);
if (added)
{
this->ike_sa->enable_extension(this->ike_sa, EXT_SIGNATURE_AUTH);

4
src/libstrongswan/asn1/asn1.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2006 Martin Will
* Copyright (C) 2000-2008 Andreas Steffen
* Copyright (C) 2000-2016 Andreas Steffen
*
* Hochschule fuer Technik Rapperswil
*
@ -47,6 +47,8 @@ chunk_t asn1_algorithmIdentifier(int oid)
case OID_ECDSA_WITH_SHA256:
case OID_ECDSA_WITH_SHA384:
case OID_ECDSA_WITH_SHA512:
case OID_ED25519:
case OID_ED448:
parameters = chunk_empty;
break;
default:

3
src/libstrongswan/asn1/oid.txt
View File

@ -382,6 +382,9 @@
0x0C "brainpoolP384t1"
0x0D "brainpoolP512r1"
0x0E "brainpoolP512t1"
0x65 "Thawte"
0x70 "id-Ed25519" OID_ED25519
0x71 "id-Ed448" OID_ED448
0x81 ""
0x04 "Certicom"
0x00 "curve"

48
src/libstrongswan/credentials/auth_cfg.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
* Copyright (C) 2016 Andreas Steffeb
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -547,22 +547,24 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
signature_scheme_t scheme;
key_type_t key;
} schemes[] = {
{ "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
{ "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
{ "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
{ "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
{ "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
{ "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
{ "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
{ "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
{ "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, },
{ "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
{ "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
{ "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
{ "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
{ "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
{ "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
{ "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
{ "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
{ "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
{ "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
{ "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
{ "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
{ "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
{ "sha512", SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, },
{ "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
{ "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
{ "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
{ "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
{ "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
{ "identity", SIGN_ED25519, KEY_ED25519, },
{ "identity", SIGN_ED448, KEY_ED448, },
};
if (expected_strength != AUTH_RULE_MAX)
@ -592,6 +594,18 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "ed25519") || streq(token, "ike:ed25519"))
{
expected_type = KEY_ED25519;
is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "ed448") || streq(token, "ike:ed448"))
{
expected_type = KEY_ED448;
is_ike = strpfx(token, "ike:");
continue;
}
if (streq(token, "bliss") || streq(token, "ike:bliss"))
{
expected_type = KEY_BLISS;

4
src/libstrongswan/credentials/builder.c
View File

@ -1,6 +1,7 @@
/*
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@ -70,5 +71,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_SAFE_PRIMES",
"BUILD_SHARES",
"BUILD_THRESHOLD",
"BUILD_EDDSA_PRIV_ASN1_DER",
"BUILD_END",
);

5
src/libstrongswan/credentials/builder.h
View File

@ -1,6 +1,7 @@
/*
* Copyright (C) 2008 Martin Willi
* Hochschule fuer Technik Rapperswil
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@ -151,6 +152,8 @@ enum builder_part_t {
BUILD_SHARES,
/** minimum number of participating private key shares */
BUILD_THRESHOLD,
/** DER encoded ASN.1 EdDSA private key */
BUILD_EDDSA_PRIV_ASN1_DER,
/** end of variable argument builder list */
BUILD_END,
};

4
src/libstrongswan/credentials/cred_encoding.h
View File

@ -144,6 +144,10 @@ enum cred_encoding_part_t {
CRED_PART_PKCS10_ASN1_DER,
/** a PGP encoded certificate */
CRED_PART_PGP_CERT,
/** a DER encoded EdDSA public key */
CRED_PART_EDDSA_PUB_ASN1_DER,
/** a DER encoded EdDSA private key */
CRED_PART_EDDSA_PRIV_ASN1_DER,
/** a DER encoded BLISS public key */
CRED_PART_BLISS_PUB_ASN1_DER,
/** a DER encoded BLISS private key */

36
src/libstrongswan/credentials/keys/public_key.c
View File

@ -24,6 +24,8 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS,
"RSA",
"ECDSA",
"DSA",
"ED25519",
"ED448",
"BLISS"
);
@ -48,6 +50,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
"ED25519",
"ED448",
"BLISS_WITH_SHA2_256",
"BLISS_WITH_SHA2_384",
"BLISS_WITH_SHA2_512",
@ -151,6 +155,10 @@ signature_scheme_t signature_scheme_from_oid(int oid)
return SIGN_ECDSA_WITH_SHA384_DER;
case OID_ECDSA_WITH_SHA512:
return SIGN_ECDSA_WITH_SHA512_DER;
case OID_ED25519:
return SIGN_ED25519;
case OID_ED448:
return SIGN_ED448;
case OID_BLISS_PUBLICKEY:
case OID_BLISS_WITH_SHA2_512:
return SIGN_BLISS_WITH_SHA2_512;
@ -210,6 +218,10 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
return OID_ECDSA_WITH_SHA384;
case SIGN_ECDSA_WITH_SHA512_DER:
return OID_ECDSA_WITH_SHA512;
case SIGN_ED25519:
return OID_ED25519;
case SIGN_ED448:
return OID_ED448;
case SIGN_BLISS_WITH_SHA2_256:
return OID_BLISS_WITH_SHA2_256;
case SIGN_BLISS_WITH_SHA2_384:
@ -236,15 +248,17 @@ static struct {
key_type_t type;
int max_keysize;
} scheme_map[] = {
{ SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
{ SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
{ SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
{ SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
{ SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
{ SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
{ SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
{ SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
{ SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
{ SIGN_ED25519, KEY_ED25519, 0 },
{ SIGN_ED448, KEY_ED448, 0 },
{ SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
{ SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
{ SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
};
/**
@ -323,6 +337,10 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
case SIGN_ECDSA_384:
case SIGN_ECDSA_521:
return KEY_ECDSA;
case SIGN_ED25519:
return KEY_ED25519;
case SIGN_ED448:
return KEY_ED448;
case SIGN_BLISS_WITH_SHA2_256:
case SIGN_BLISS_WITH_SHA2_384:
case SIGN_BLISS_WITH_SHA2_512:

19
src/libstrongswan/credentials/keys/public_key.h
View File

@ -37,16 +37,19 @@ typedef enum encryption_scheme_t encryption_scheme_t;
*/
enum key_type_t {
/** key type wildcard */
KEY_ANY = 0,
KEY_ANY = 0,
/** RSA crypto system as in PKCS#1 */
KEY_RSA = 1,
KEY_RSA = 1,
/** ECDSA as in ANSI X9.62 */
KEY_ECDSA = 2,
KEY_ECDSA = 2,
/** DSA */
KEY_DSA = 3,
KEY_DSA = 3,
/** Ed25519 PureEdDSA instance as in draft-irtf-cfrg-eddsa */
KEY_ED25519 = 4,
/** Ed448 PureEdDSA instance as in draft-irtf-cfrg-eddsa */
KEY_ED448 = 5,
/** BLISS */
KEY_BLISS = 4,
/** ElGamal, ... */
KEY_BLISS = 6,
};
/**
@ -102,6 +105,10 @@ enum signature_scheme_t {
SIGN_ECDSA_384,
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
/** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix */
SIGN_ED25519,
/** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix */
SIGN_ED448,
/** BLISS with SHA-2_256 */
SIGN_BLISS_WITH_SHA2_256,
/** BLISS with SHA-2_384 */

30
src/libstrongswan/crypto/hashers/hasher.c
View File

@ -20,7 +20,8 @@
#include <asn1/oid.h>
ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_SHA512,
ENUM_BEGIN(hash_algorithm_names, HASH_IDENTITY, HASH_SHA512,
"HASH_IDENTITY",
"HASH_SHA1",
"HASH_SHA256",
"HASH_SHA384",
@ -37,7 +38,8 @@ ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512,
"HASH_SHA3_512");
ENUM_END(hash_algorithm_names, HASH_SHA3_512);
ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_SHA512,
ENUM_BEGIN(hash_algorithm_short_names, HASH_IDENTITY, HASH_SHA512,
"identity",
"sha1",
"sha256",
"sha384",
@ -94,6 +96,9 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
case OID_SHA3_512:
case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
return HASH_SHA3_512;
case OID_ED25519:
case OID_ED448:
return HASH_IDENTITY;
default:
return HASH_UNKNOWN;
}
@ -267,6 +272,7 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
case HASH_SHA3_256:
case HASH_SHA3_384:
case HASH_SHA3_512:
case HASH_IDENTITY:
case HASH_UNKNOWN:
break;
}
@ -280,6 +286,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
{
switch (alg)
{
case HASH_IDENTITY:
case HASH_SHA1:
case HASH_SHA256:
case HASH_SHA384:
@ -396,6 +403,22 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
default:
return OID_UNKNOWN;
}
case KEY_ED25519:
switch (alg)
{
case HASH_IDENTITY:
return OID_ED25519;
default:
return OID_UNKNOWN;
}
case KEY_ED448:
switch (alg)
{
case HASH_IDENTITY:
return OID_ED448;
default:
return OID_UNKNOWN;
}
case KEY_BLISS:
switch (alg)
{
@ -430,6 +453,9 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
case SIGN_RSA_EMSA_PKCS1_NULL:
case SIGN_ECDSA_WITH_NULL:
break;
case SIGN_ED25519:
case SIGN_ED448:
return HASH_IDENTITY;
case SIGN_RSA_EMSA_PKCS1_MD5:
return HASH_MD5;
case SIGN_RSA_EMSA_PKCS1_SHA1:

4
src/libstrongswan/crypto/hashers/hasher.h
View File

@ -1,8 +1,9 @@
/*
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2012-2015 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@ -35,6 +36,7 @@ typedef struct hasher_t hasher_t;
* Hash algorithms as defined for IKEv2 by RFC 7427
*/
enum hash_algorithm_t {
HASH_IDENTITY = 0,
HASH_SHA1 = 1,
HASH_SHA256 = 2,
HASH_SHA384 = 3,

10
src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c
View File

@ -130,6 +130,12 @@ START_TEST(test_ntt_fft_speed)
}
END_TEST
START_TEST(test_ntt_fft_init)
{
libnttfft_init();
}
END_TEST
Suite *ntt_fft_suite_create()
{
Suite *s;
@ -137,6 +143,10 @@ Suite *ntt_fft_suite_create()
s = suite_create("ntt_fft");
tc = tcase_create("init");
tcase_add_test(tc, test_ntt_fft_init);
suite_add_tcase(s, tc);
tc = tcase_create("impulse");
tcase_add_loop_test(tc, test_ntt_fft_impulse, 0, countof(fft_params));
suite_add_tcase(s, tc);

6
src/libstrongswan/plugins/curve25519/Makefile.am
View File

@ -14,6 +14,10 @@ libstrongswan_curve25519_la_SOURCES = \
curve25519_dh.h curve25519_dh.c \
curve25519_drv.h curve25519_drv.c \
curve25519_drv_portable.h curve25519_drv_portable.c \
curve25519_plugin.h curve25519_plugin.c
curve25519_identity_hasher.h curve25519_identity_hasher.c \
curve25519_plugin.h curve25519_plugin.c \
curve25519_private_key.h curve25519_private_key.c \
curve25519_public_key.h curve25519_public_key.c \
ref10/ref10.h ref10/ref10.c ref10/base.h ref10/base2.h
libstrongswan_curve25519_la_LDFLAGS = -module -avoid-version

2
src/libstrongswan/plugins/curve25519/curve25519_drv.h
View File

@ -15,7 +15,7 @@
/**
* @defgroup curve25519_drv curve25519_drv
* @{ @ingroup curve25519
* @{ @ingroup curve25519_p
*/
#ifndef CURVE25519_DRV_H_

2
src/libstrongswan/plugins/curve25519/curve25519_drv_portable.h
View File

@ -15,7 +15,7 @@
/**
* @defgroup curve25519_drv_portable curve25519_drv_portable
* @{ @ingroup curve25519
* @{ @ingroup curve25519_p
*/
#include "curve25519_drv.h"

25
src/libstrongswan/plugins/curve25519/curve25519_identity_hasher.c Normal file
View File

@ -0,0 +1,25 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "curve25519_identity_hasher.h"
/*
* Described in header.
*/
curve25519_identity_hasher_t *curve25519_identity_hasher_create(hash_algorithm_t algo)
{
/* since the identity hasher is never actually used, always return NULL */
return NULL;
}

47
src/libstrongswan/plugins/curve25519/curve25519_identity_hasher.h Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup curve25519_identity_hasher curve25519_identity_hasher
* @{ @ingroup curve25519_p
*/
#ifndef CURVE25519_IDENTITY_HASHER_H_
#define CURVE25519_IDENTITY_HASHER_H_
typedef struct curve25519_identity_hasher_t curve25519_identity_hasher_t;
#include <crypto/hashers/hasher.h>
/**
* Implementation of hasher_t interface using the Identity algorithm.
*/
struct curve25519_identity_hasher_t {
/**
* Implements hasher_t interface.
*/
hasher_t hasher_interface;
};
/**
* Creates a new curve25519_identity_hasher_t.
*
* @param algo algorithm, must be HASH_IDENTITY
* @return curve25519_identity_hasher_t object
*/
curve25519_identity_hasher_t *curve25519_identity_hasher_create(hash_algorithm_t algo);
#endif /** CURVE25519_IDENTITY_HASHER_H_ @}*/

25
src/libstrongswan/plugins/curve25519/curve25519_plugin.c
View File

@ -2,6 +2,9 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
@ -15,6 +18,9 @@
#include "curve25519_plugin.h"
#include "curve25519_dh.h"
#include "curve25519_private_key.h"
#include "curve25519_public_key.h"
#include "curve25519_identity_hasher.h"
#include <library.h>
@ -41,9 +47,28 @@ METHOD(plugin_t, get_features, int,
private_curve25519_plugin_t *this, plugin_feature_t *features[])
{
static plugin_feature_t f[] = {
/* X25519 DH group */
PLUGIN_REGISTER(DH, curve25519_dh_create),
PLUGIN_PROVIDE(DH, CURVE_25519),
PLUGIN_DEPENDS(RNG, RNG_STRONG),
/* Ed25519 private/public keys */
PLUGIN_REGISTER(PRIVKEY, curve25519_private_key_load, TRUE),
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
PLUGIN_REGISTER(PRIVKEY_GEN, curve25519_private_key_gen, FALSE),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ED25519),
PLUGIN_DEPENDS(RNG, RNG_TRUE),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
PLUGIN_REGISTER(PUBKEY, curve25519_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
/* Ed25519 signature scheme, private */
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ED25519),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
/* Ed25519 signature verification scheme, public */
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ED25519),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
/* register a pro forma identity hasher */
PLUGIN_REGISTER(HASHER, curve25519_identity_hasher_create),
PLUGIN_PROVIDE(HASHER, HASH_IDENTITY),
};
*features = f;
return countof(f);

346
src/libstrongswan/plugins/curve25519/curve25519_private_key.c Normal file
View File

@ -0,0 +1,346 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "curve25519_private_key.h"
#include "curve25519_public_key.h"
#include "ref10/ref10.h"
#include <asn1/asn1.h>
#include <asn1/oid.h>
#define _GNU_SOURCE
#include <stdlib.h>
typedef struct private_curve25519_private_key_t private_curve25519_private_key_t;
/**
* Private data of a curve25519_private_key_t object.
*/
struct private_curve25519_private_key_t {
/**
* Public interface for this signer.
*/
curve25519_private_key_t public;
/**
* Secret scalar s derived from private key.
*/
uint8_t s[HASH_SIZE_SHA512];
/**
* Ed25519 private key
*/
chunk_t key;
/**
* Ed25519 public key
*/
chunk_t pubkey;
/**
* Reference count
*/
refcount_t ref;
};
METHOD(private_key_t, get_type, key_type_t,
private_curve25519_private_key_t *this)
{
return KEY_ED25519;
}
METHOD(private_key_t, sign, bool,
private_curve25519_private_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t *signature)
{
uint8_t r[HASH_SIZE_SHA512], k[HASH_SIZE_SHA512], sig[HASH_SIZE_SHA512];
hasher_t *hasher;
chunk_t prefix;
ge_p3 R;
bool success = FALSE;
if (scheme != SIGN_ED25519)
{
DBG1(DBG_LIB, "signature scheme %N not supported by Ed25519",
signature_scheme_names, scheme);
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
if (!hasher)
{
return FALSE;
}
prefix = chunk_create(this->s + 32, 32);
if (!hasher->get_hash(hasher, prefix, NULL) ||
!hasher->get_hash(hasher, data, r))
{
goto end;
}
sc_reduce(r);
ge_scalarmult_base(&R, r);
ge_p3_tobytes(sig, &R);
if (!hasher->get_hash(hasher, chunk_create(sig, 32), NULL) ||
!hasher->get_hash(hasher, this->pubkey, NULL) ||
!hasher->get_hash(hasher, data, k))
{
goto end;
}
sc_reduce(k);
sc_muladd(sig + 32, k, this->s, r);
*signature = chunk_clone(chunk_create(sig, sizeof(sig)));
success = TRUE;
end:
hasher->destroy(hasher);
return success;
}
METHOD(private_key_t, decrypt, bool,
private_curve25519_private_key_t *this, encryption_scheme_t scheme,
chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
scheme);
return FALSE;
}
METHOD(private_key_t, get_keysize, int,
private_curve25519_private_key_t *this)
{
return 8 * ED25519_KEY_LEN;
}
METHOD(private_key_t, get_public_key, public_key_t*,
private_curve25519_private_key_t *this)
{
public_key_t *public;
chunk_t pubkey;
pubkey = curve25519_public_key_info_encode(this->pubkey);
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, pubkey, BUILD_END);
free(pubkey.ptr);
return public;
}
METHOD(private_key_t, get_encoding, bool,
private_curve25519_private_key_t *this, cred_encoding_type_t type,
chunk_t *encoding)
{
switch (type)
{
case PRIVKEY_ASN1_DER:
case PRIVKEY_PEM:
{
bool success = TRUE;
*encoding = asn1_wrap(ASN1_SEQUENCE, "cms",
ASN1_INTEGER_0,
asn1_algorithmIdentifier(OID_ED25519),
asn1_wrap(ASN1_OCTET_STRING, "s",
asn1_simple_object(ASN1_OCTET_STRING, this->key)
)
);
if (type == PRIVKEY_PEM)
{
chunk_t asn1_encoding = *encoding;
success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM,
NULL, encoding, CRED_PART_EDDSA_PRIV_ASN1_DER,
asn1_encoding, CRED_PART_END);
chunk_clear(&asn1_encoding);
}
return success;
}
default:
return FALSE;
}
}
METHOD(private_key_t, get_fingerprint, bool,
private_curve25519_private_key_t *this, cred_encoding_type_t type,
chunk_t *fp)
{
bool success;
if (lib->encoding->get_cache(lib->encoding, type, this, fp))
{
return TRUE;
}
success = curve25519_public_key_fingerprint(this->pubkey, type, fp);
if (success)
{
lib->encoding->cache(lib->encoding, type, this, *fp);
}
return success;
}
METHOD(private_key_t, get_ref, private_key_t*,
private_curve25519_private_key_t *this)
{
ref_get(&this->ref);
return &this->public.key;
}
METHOD(private_key_t, destroy, void,
private_curve25519_private_key_t *this)
{
if (ref_put(&this->ref))
{
lib->encoding->clear_cache(lib->encoding, this);
memwipe(this->s, HASH_SIZE_SHA512);
chunk_clear(&this->key);
chunk_free(&this->pubkey);
free(this);
}
}
/**
* Internal generic constructor
*/
static private_curve25519_private_key_t *curve25519_private_key_create(chunk_t key)
{
private_curve25519_private_key_t *this;
hasher_t *hasher;
ge_p3 A;
/* derive public key from private key */
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
if (!hasher)
{
chunk_clear(&key);
return NULL;
}
INIT(this,
.public = {
.key = {
.get_type = _get_type,
.sign = _sign,
.decrypt = _decrypt,
.get_keysize = _get_keysize,
.get_public_key = _get_public_key,
.equals = private_key_equals,
.belongs_to = private_key_belongs_to,
.get_fingerprint = _get_fingerprint,
.has_fingerprint = private_key_has_fingerprint,
.get_encoding = _get_encoding,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.key = key,
.pubkey = chunk_alloc(ED25519_KEY_LEN),
.ref = 1,
);
/* derive secret scalar s from private key */
if (!hasher->get_hash(hasher, key, this->s))
{
destroy(this);
hasher->destroy(hasher);
return NULL;
}
hasher->destroy(hasher);
this->s[0] &= 0xf8;
this->s[31] &= 0x3f;
this->s[31] |= 0x40;
/* derive public key */
ge_scalarmult_base(&A, this->s);
ge_p3_tobytes(this->pubkey.ptr, &A);
return this;
}
/**
* See header.
*/
curve25519_private_key_t *curve25519_private_key_gen(key_type_t type,
va_list args)
{
private_curve25519_private_key_t *this;
chunk_t key;
rng_t *rng;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_KEY_SIZE:
/* key_size argument is not needed */
va_arg(args, u_int);
continue;
case BUILD_END:
break;
default:
return NULL;
}
break;
}
/* generate 256 bit true random private key */
rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
if (!rng || !rng->allocate_bytes(rng, ED25519_KEY_LEN, &key))
{
DESTROY_IF(rng);
return NULL;
}
rng->destroy(rng);
this = curve25519_private_key_create(key);
return this ? &this->public : NULL;
}
/**
* See header.
*/
curve25519_private_key_t *curve25519_private_key_load(key_type_t type,
va_list args)
{
private_curve25519_private_key_t *this;
chunk_t key = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_EDDSA_PRIV_ASN1_DER:
key = va_arg(args, chunk_t);
continue;
case BUILD_END:
break;
default:
return NULL;
}
break;
}
if (!asn1_parse_simple_object(&key, ASN1_OCTET_STRING, 0, "EdPrivateKey") ||
key.len != ED25519_KEY_LEN)
{
return NULL;
}
this = curve25519_private_key_create(chunk_clone(key));
return this ? &this->public : NULL;
}

60
src/libstrongswan/plugins/curve25519/curve25519_private_key.h Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup curve25519_private_key curve25519_private_key
* @{ @ingroup curve25519_p
*/
#ifndef CURVE25519_PRIVATE_KEY_H_
#define CURVE25519_PRIVATE_KEY_H_
#include <credentials/builder.h>
#include <credentials/keys/private_key.h>
typedef struct curve25519_private_key_t curve25519_private_key_t;
/**
* Private_key_t implementation of Ed25519 signature algorithm.
*/
struct curve25519_private_key_t {
/**
* Implements private_key_t interface
*/
private_key_t key;
};
/**
* Generate an Ed25519 private key.
*
* @param type type of the key, must be KEY_ED25519
* @param args builder_part_t argument list
* @return generated key, NULL on failure
*/
curve25519_private_key_t *curve25519_private_key_gen(key_type_t type,
va_list args);
/**
* Load an Ed25519 private key.
*
* @param type type of the key, must be KEY_ED25519
* @param args builder_part_t argument list
* @return loaded key, NULL on failure
*/
curve25519_private_key_t *curve25519_private_key_load(key_type_t type,
va_list args);
#endif /** CURVE25519_PRIVATE_KEY_H_ @}*/

331
src/libstrongswan/plugins/curve25519/curve25519_public_key.c Normal file
View File

@ -0,0 +1,331 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "curve25519_public_key.h"
#include "ref10/ref10.h"
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
#include <asn1/oid.h>
typedef struct private_curve25519_public_key_t private_curve25519_public_key_t;
/**
* Private data structure with signing context.
*/
struct private_curve25519_public_key_t {
/**
* Public interface for this signer.
*/
curve25519_public_key_t public;
/**
* Ed25519 public key
*/
chunk_t pubkey;
/**
* Reference counter
*/
refcount_t ref;
};
METHOD(public_key_t, get_type, key_type_t,
private_curve25519_public_key_t *this)
{
return KEY_ED25519;
}
METHOD(public_key_t, verify, bool,
private_curve25519_public_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t signature)
{
hasher_t *hasher;
uint8_t d = 0, k[HASH_SIZE_SHA512], r[32], *sig;
int i;
ge_p3 A;
ge_p2 R;
if (scheme != SIGN_ED25519)
{
DBG1(DBG_LIB, "signature scheme %N not supported by Ed25519",
signature_scheme_names, scheme);
return FALSE;
}
if (signature.len != 64)
{
DBG1(DBG_LIB, "size of Ed25519 signature is not 64 bytes");
return FALSE;
}
sig = signature.ptr;
if (sig[63] & 0xe0)
{
DBG1(DBG_LIB, "the three most significant bits of Ed25519 signature "
"are not zero");
return FALSE;
}
if (ge_frombytes_negate_vartime(&A, this->pubkey.ptr) != 0)
{
return FALSE;
}
/* check for all-zeroes public key */
for (i = 0; i < 32; i++)
{
d |= this->pubkey.ptr[i];
}
if (!d)
{
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
if (!hasher)
{
return FALSE;
}
if (!hasher->get_hash(hasher, chunk_create(sig, 32), NULL) ||
!hasher->get_hash(hasher, this->pubkey, NULL) ||
!hasher->get_hash(hasher, data, k))
{
hasher->destroy(hasher);
return FALSE;
}
hasher->destroy(hasher);
sc_reduce(k);
ge_double_scalarmult_vartime(&R, k, &A, sig + 32);
ge_tobytes(r, &R);
return memeq_const(sig, r, 32);
}
METHOD(public_key_t, encrypt_, bool,
private_curve25519_public_key_t *this, encryption_scheme_t scheme,
chunk_t plain, chunk_t *crypto)
{
DBG1(DBG_LIB, "encryption scheme %N not supported", encryption_scheme_names,
scheme);
return FALSE;
}
METHOD(public_key_t, get_keysize, int,
private_curve25519_public_key_t *this)
{
return 8 * ED25519_KEY_LEN;
}
METHOD(public_key_t, get_encoding, bool,
private_curve25519_public_key_t *this, cred_encoding_type_t type,
chunk_t *encoding)
{
bool success = TRUE;
*encoding = curve25519_public_key_info_encode(this->pubkey);
if (type != PUBKEY_SPKI_ASN1_DER)
{
chunk_t asn1_encoding = *encoding;
success = lib->encoding->encode(lib->encoding, type,
NULL, encoding, CRED_PART_EDDSA_PUB_ASN1_DER,
asn1_encoding, CRED_PART_END);
chunk_clear(&asn1_encoding);
}
return success;
}
METHOD(public_key_t, get_fingerprint, bool,
private_curve25519_public_key_t *this, cred_encoding_type_t type,
chunk_t *fp)
{
bool success;
if (lib->encoding->get_cache(lib->encoding, type, this, fp))
{
return TRUE;
}
success = curve25519_public_key_fingerprint(this->pubkey, type, fp);
if (success)
{
lib->encoding->cache(lib->encoding, type, this, *fp);
}
return success;
}
METHOD(public_key_t, get_ref, public_key_t*,
private_curve25519_public_key_t *this)
{
ref_get(&this->ref);
return &this->public.key;
}
METHOD(public_key_t, destroy, void,
private_curve25519_public_key_t *this)
{
if (ref_put(&this->ref))
{
lib->encoding->clear_cache(lib->encoding, this);
free(this->pubkey.ptr);
free(this);
}
}
/**
* ASN.1 definition of an Ed25519 public key
*/
static const asn1Object_t pubkeyObjects[] = {
{ 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
{ 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
{ 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */
{ 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define ED25519_SUBJECT_PUBLIC_KEY_ALGORITHM 1
#define ED25519_SUBJECT_PUBLIC_KEY 2
/**
* See header.
*/
curve25519_public_key_t *curve25519_public_key_load(key_type_t type,
va_list args)
{
private_curve25519_public_key_t *this;
chunk_t blob = chunk_empty, object;
asn1_parser_t *parser;
bool success = FALSE;
int objectID, oid;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_BLOB_ASN1_DER:
blob = va_arg(args, chunk_t);
continue;
case BUILD_END:
break;
default:
return NULL;
}
break;
}
INIT(this,
.public = {
.key = {
.get_type = _get_type,
.verify = _verify,
.encrypt = _encrypt_,
.equals = public_key_equals,
.get_keysize = _get_keysize,
.get_fingerprint = _get_fingerprint,
.has_fingerprint = public_key_has_fingerprint,
.get_encoding = _get_encoding,
.get_ref = _get_ref,
.destroy = _destroy,
},
},
.ref = 1,
);
parser = asn1_parser_create(pubkeyObjects, blob);
while (parser->iterate(parser, &objectID, &object))
{
switch (objectID)
{
case ED25519_SUBJECT_PUBLIC_KEY_ALGORITHM:
{
oid = asn1_parse_algorithmIdentifier(object,
parser->get_level(parser) + 1, NULL);
if (oid != OID_ED25519)
{
goto end;
}
break;
}
case ED25519_SUBJECT_PUBLIC_KEY:
{
/* encoded as an ASN1 BIT STRING */
if (object.len != 1 + ED25519_KEY_LEN)
{
goto end;
}
this->pubkey = chunk_clone(chunk_skip(object, 1));
break;
}
}
}
success = parser->success(parser);
end:
parser->destroy(parser);
if (!success)
{
destroy(this);
return NULL;
}
return &this->public;
}
/**
* See header.
*/
chunk_t curve25519_public_key_info_encode(chunk_t pubkey)
{
return asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_wrap(ASN1_SEQUENCE, "m",
asn1_build_known_oid(OID_ED25519)),
asn1_bitstring("c", pubkey));
}
/**
* See header.
*/
bool curve25519_public_key_fingerprint(chunk_t pubkey,
cred_encoding_type_t type, chunk_t *fp)
{
hasher_t *hasher;
chunk_t key;
switch (type)
{
case KEYID_PUBKEY_SHA1:
key = chunk_clone(pubkey);
break;
case KEYID_PUBKEY_INFO_SHA1:
key = curve25519_public_key_info_encode(pubkey);
break;
default:
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher || !hasher->allocate_hash(hasher, key, fp))
{
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
"fingerprinting failed");
DESTROY_IF(hasher);
free(key.ptr);
return FALSE;
}
hasher->destroy(hasher);
free(key.ptr);
return TRUE;
}

74
src/libstrongswan/plugins/curve25519/curve25519_public_key.h Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup curve25519_public_key curve25519_public_key
* @{ @ingroup curve25519_p
*/
#ifndef CURVE25519_PUBLIC_KEY_H_
#define CURVE25519_PUBLIC_KEY_H_
#include <credentials/builder.h>
#include <credentials/cred_encoding.h>
#include <credentials/keys/public_key.h>
typedef struct curve25519_public_key_t curve25519_public_key_t;
#define ED25519_KEY_LEN 32
/**
* public_key_t implementation of Ed25519 signature algorithm
*/
struct curve25519_public_key_t {
/**
* Implements the public_key_t interface
*/
public_key_t key;
};
/**
* Load an Ed25519 public key.
*
* @param type type of the key, must be KEY_ED25519
* @param args builder_part_t argument list
* @return loaded key, NULL on failure
*/
curve25519_public_key_t *curve25519_public_key_load(key_type_t type,
va_list args);
/* The following functions are shared with the curve25519_private_key class */
/**
* Encode a Ed25519 subjectPublicKeyInfo record in ASN.1 DER format
*
* @param pubkey Ed25519 public key
* @result ASN.1 encoded subjectPublicKeyInfo record
*/
chunk_t curve25519_public_key_info_encode(chunk_t pubkey);
/**
* Generate a Ed25519 public key fingerprint
*
* @param pubkey Ed25519 public key
* @param type type of fingerprint to be generated
* @param fp generated fingerprint (must be freed by caller)
* @result TRUE if generation was successful
*/
bool curve25519_public_key_fingerprint(chunk_t pubkey,
cred_encoding_type_t type, chunk_t *fp);
#endif /** CURVE25519_PUBLIC_KEY_H_ @}*/

2121
src/libstrongswan/plugins/curve25519/ref10/base.h Normal file
View File

File diff suppressed because it is too large Load Diff

73
src/libstrongswan/plugins/curve25519/ref10/base2.h Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Based on the public domain libsodium adaptation by Frank Denis
* of the SUPERCOP ref10 implementation by Daniel J. Bernstein,
* Niels Duif, Peter Schwabe, Tanja Lange and Bo-Yin Yang.
*/
{
{ 25967493, -14356035, 29566456, 3660896, -12694345,
4014787, 27544626, -11754271, -6079156, 2047605 },
{ -12545711, 934262, -2722910, 3049990, -727428,
9406986, 12720692, 5043384, 19500929, -15469378 },
{ -8738181, 4489570, 9688441, -14785194, 10184609,
-12363380, 29287919, 11864899, -24514362, -4438546 }
},
{
{ 15636291, -9688557, 24204773, -7912398, 616977,
-16685262, 27787600, -14772189, 28944400, -1550024 },
{ 16568933, 4717097, -11556148, -1102322, 15682896,
-11807043, 16354577, -11775962, 7689662, 11199574 },
{ 30464156, -5976125, -11779434, -15670865, 23220365,
15915852, 7512774, 10017326, -17749093, -9920357 }
},
{
{ 10861363, 11473154, 27284546, 1981175, -30064349,
12577861, 32867885, 14515107, -15438304, 10819380 },
{ 4708026, 6336745, 20377586, 9066809, -11272109,
6594696, -25653668, 12483688, -12668491, 5581306 },
{ 19563160, 16186464, -29386857, 4097519, 10237984,
-4348115, 28542350, 13850243, -23678021, -15815942 }
},
{
{ 5153746, 9909285, 1723747, -2777874, 30523605,
5516873, 19480852, 5230134, -23952439, -15175766 },
{ -30269007, -3463509, 7665486, 10083793, 28475525,
1649722, 20654025, 16520125, 30598449, 7715701 },
{ 28881845, 14381568, 9657904, 3680757, -20181635,
7843316, -31400660, 1370708, 29794553, -1409300 }
},
{
{ -22518993, -6692182, 14201702, -8745502, -23510406,
8844726, 18474211, -1361450, -13062696, 13821877 },
{ -6455177, -7839871, 3374702, -4740862, -27098617,
-10571707, 31655028, -7212327, 18853322, -14220951 },
{ 4566830, -12963868, -28974889, -12240689, -7602672,
-2830569, -8514358, -10431137, 2207753, -3209784 }
},
{
{ -25154831, -4185821, 29681144, 7868801, -6854661,
-9423865, -12437364, -663000, -31111463, -16132436 },
{ 25576264, -2703214, 7349804, -11814844, 16472782,
9300885, 3844789, 15725684, 171356, 6466918 },
{ 23103977, 13316479, 9739013, -16149481, 817875,
-15038942, 8965339, -14088058, -30714912, 16193877 }
},
{
{ -33521811, 3180713, -2394130, 14003687, -16903474,
-16270840, 17238398, 4729455, -18074513, 9256800 },
{ -25182317, -4174131, 32336398, 5036987, -21236817,
11360617, 22616405, 9761698, -19827198, 630305 },
{ -13720693, 2639453, -24237460, -7406481, 9494427,
-5774029, -6554551, -15960994, -2449256, -14291300 }
},
{
{ -3151181, -5046075, 9282714, 6866145, -31907062,
-863023, -18940575, 15033784, 25105118, -7894876 },
{ -24326370, 15950226, -31801215, -14592823, -11662737,
-5090925, 1573892, -2625887, 2198790, -15804619 },
{ -3099351, 10324967, -2241613, 7453183, -5446979,
-2735503, -13812022, -16236442, -32461234, -12290683 }
}

2731
src/libstrongswan/plugins/curve25519/ref10/ref10.c Normal file
View File

File diff suppressed because it is too large Load Diff

93
src/libstrongswan/plugins/curve25519/ref10/ref10.h Normal file
View File

@ -0,0 +1,93 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Based on the public domain libsodium adaptation by Frank Denis
* of the SUPERCOP ref10 implementation by Daniel J. Bernstein,
* Niels Duif, Peter Schwabe, Tanja Lange and Bo-Yin Yang.
*/
/**
* @defgroup curve25519_ref10 curve25519_ref10
* @{ @ingroup curve25519_p
*/
#ifndef REF10_H_
#define REF10_H_
#include <stddef.h>
#include <stdint.h>
typedef int32_t fe[10];
/**
* fe means field element.
* Here the field is \\Z/(2^255-19).
* An element t, entries t[0]...t[9], represents the integer
* t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
* Bounds on each t[i] vary depending on context.
*/
/**
* ge means group element.
*
* Here the group is the set of pairs (x,y) of field elements (see fe.h)
* satisfying -x^2 + y^2 = 1 + d x^2y^2
* where d = -121665/121666.
*
* Representations:
* ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
* ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
* ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
* ge_precomp (Duif): (y+x,y-x,2dxy)
*/
typedef struct {
fe X;
fe Y;
fe Z;
} ge_p2;
typedef struct {
fe X;
fe Y;
fe Z;
fe T;
} ge_p3;
typedef struct {
fe X;
fe Y;
fe Z;
fe T;
} ge_p1p1;
typedef struct {
fe yplusx;
fe yminusx;
fe xy2d;
} ge_precomp;
typedef struct {
fe YplusX;
fe YminusX;
fe Z;
fe T2d;
} ge_cached;
extern void ge_tobytes(uint8_t *, const ge_p2 *);
extern void ge_p3_tobytes(uint8_t *, const ge_p3 *);
extern int ge_frombytes_negate_vartime(ge_p3 *, const uint8_t *);
extern void ge_scalarmult_base(ge_p3 *, const uint8_t *);
extern void ge_double_scalarmult_vartime(ge_p2 *, const uint8_t *,
const ge_p3 *, const uint8_t *);
/**
* The set of scalars is \\Z/l
* where l = 2^252 + 27742317777372353535851937790883648493.
*/
extern void sc_reduce(uint8_t *);
extern void sc_muladd(uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *);
#endif /** REF10_H_ @}*/

21
src/libstrongswan/plugins/pem/pem_encoder.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2010 Andreas Steffen
* Hochschule fuer Technik Rapperswil
* Copyright (C) 2010-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@ -37,7 +37,11 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
if (cred_encoding_args(args, CRED_PART_RSA_PUB_ASN1_DER,
&asn1, CRED_PART_END) ||
cred_encoding_args(args, CRED_PART_ECDSA_PUB_ASN1_DER,
&asn1, CRED_PART_END))
&asn1, CRED_PART_END) ||
cred_encoding_args(args, CRED_PART_EDDSA_PUB_ASN1_DER,
&asn1, CRED_PART_END) ||
cred_encoding_args(args, CRED_PART_BLISS_PUB_ASN1_DER,
&asn1, CRED_PART_END))
{
break;
}
@ -53,11 +57,6 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
break;
}
}
if (cred_encoding_args(args, CRED_PART_BLISS_PUB_ASN1_DER,
&asn1, CRED_PART_END))
{
break;
}
return FALSE;
case PRIVKEY_PEM:
label ="RSA PRIVATE KEY";
@ -97,6 +96,12 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
label ="BLISS PRIVATE KEY";
break;
}
if (cred_encoding_args(args, CRED_PART_EDDSA_PRIV_ASN1_DER,
&asn1, CRED_PART_END))
{
label ="PRIVATE KEY";
break;
}
return FALSE;
case CERT_PEM:
if (cred_encoding_args(args, CRED_PART_X509_ASN1_DER,

7
src/libstrongswan/plugins/pem/pem_plugin.c
View File

@ -63,6 +63,9 @@ METHOD(plugin_t, get_features, int,
PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS),
PLUGIN_DEPENDS(PRIVKEY, KEY_BLISS),
PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
PLUGIN_DEPENDS(PRIVKEY, KEY_ED25519),
/* public key PEM decoding */
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
@ -79,6 +82,10 @@ METHOD(plugin_t, get_features, int,
PLUGIN_DEPENDS(PUBKEY, KEY_DSA),
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
PLUGIN_DEPENDS(PUBKEY, KEY_BLISS),
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
PLUGIN_PROVIDE(PUBKEY, KEY_ED25519),
PLUGIN_DEPENDS(PUBKEY, KEY_ED25519),
/* certificate PEM decoding */
PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),

7
src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
View File

@ -75,6 +75,13 @@ static public_key_t *parse_public_key(chunk_t blob)
KEY_BLISS, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
goto end;
}
else if (oid == OID_ED25519)
{
/* Need the whole subjectPublicKeyInfo for Ed25519 public keys */
key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
KEY_ED25519, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
goto end;
}
else
{
/* key type not supported */

3
src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
View File

@ -52,6 +52,9 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
PLUGIN_SDEPEND(PUBKEY, KEY_RSA),
PLUGIN_SDEPEND(PUBKEY, KEY_ECDSA),
PLUGIN_SDEPEND(PUBKEY, KEY_ED25519),
PLUGIN_SDEPEND(PUBKEY, KEY_ED448),
PLUGIN_SDEPEND(PUBKEY, KEY_BLISS),
PLUGIN_SDEPEND(PUBKEY, KEY_DSA),
PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),

15
src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
View File

@ -47,6 +47,7 @@ static private_key_t *parse_private_key(chunk_t blob)
int objectID;
private_key_t *key = NULL;
key_type_t type = KEY_ANY;
builder_part_t part = BUILD_BLOB_ASN1_DER;
parser = asn1_parser_create(pkinfoObjects, blob);
parser->set_flags(parser, FALSE, TRUE);
@ -68,6 +69,14 @@ static private_key_t *parse_private_key(chunk_t blob)
case OID_EC_PUBLICKEY:
type = KEY_ECDSA;
break;
case OID_ED25519:
type = KEY_ED25519;
part = BUILD_EDDSA_PRIV_ASN1_DER;
break;
case OID_ED448:
type = KEY_ED448;
part = BUILD_EDDSA_PRIV_ASN1_DER;
break;
default:
/* key type not supported */
goto end;
@ -81,14 +90,12 @@ static private_key_t *parse_private_key(chunk_t blob)
{
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
type, BUILD_BLOB_ALGID_PARAMS,
params, BUILD_BLOB_ASN1_DER,
object, BUILD_END);
params, part, object, BUILD_END);
}
else
{
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
type, BUILD_BLOB_ASN1_DER, object,
BUILD_END);
type, part, object, BUILD_END);
}
DBG2(DBG_ASN, "-- < --");
break;

2
src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
View File

@ -46,6 +46,8 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
PLUGIN_PROVIDE(PRIVKEY, KEY_ED25519),
PLUGIN_PROVIDE(PRIVKEY, KEY_ED448),
};
*features = f;
return countof(f);

3
src/libstrongswan/tests/Makefile.am
View File

@ -55,7 +55,8 @@ tests_SOURCES = tests.h tests.c \
suites/test_printf.c \
suites/test_test_rng.c \
suites/test_mgf1.c \
suites/test_ntru.c
suites/test_ntru.c \
suites/test_ed25519.c
tests_CFLAGS = \
-I$(top_srcdir)/src/libstrongswan \

3
src/libstrongswan/tests/suites/test_crypter.c
View File

@ -36,7 +36,8 @@ static crypter_oid_t oids[] = {
{ OID_AES256_CBC, ENCR_AES_CBC, 256 },
{ OID_CAMELLIA128_CBC, ENCR_CAMELLIA_CBC, 128 },
{ OID_CAMELLIA192_CBC, ENCR_CAMELLIA_CBC, 192 },
{ OID_CAMELLIA256_CBC, ENCR_CAMELLIA_CBC, 256 }
{ OID_CAMELLIA256_CBC, ENCR_CAMELLIA_CBC, 256 },
{ OID_BLOWFISH_CBC, ENCR_BLOWFISH, 0 }
};
START_TEST(test_crypter_from_oid)

527
src/libstrongswan/tests/suites/test_ed25519.c Normal file
View File

@ -0,0 +1,527 @@
/*
* Copyright (C) 2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "test_suite.h"
#include <time.h>
typedef struct sig_test_t sig_test_t;
struct sig_test_t {
chunk_t key;
chunk_t pubkey;
chunk_t msg;
chunk_t sig;
};
/**
* Ed25519 Test Vectors from draft-irtf-cfrg-eddsa
*/
static sig_test_t sig_tests[] = {
/* Test 1 */
{ chunk_from_chars(
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x9d, 0x61, 0xb1, 0x9d,
0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84, 0x4a, 0xf4, 0x92, 0xec,
0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69, 0x7b, 0x32, 0x69, 0x19,
0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae, 0x7f, 0x60),
chunk_from_chars(
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
0x21, 0x00, 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7,
0xd5, 0x4b, 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1,
0x72, 0xf3, 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68,
0xf7, 0x07, 0x51, 0x1a),
{ NULL, 0 },
chunk_from_chars(
0xe5, 0x56, 0x43, 0x00, 0xc3, 0x60, 0xac, 0x72, 0x90, 0x86,
0xe2, 0xcc, 0x80, 0x6e, 0x82, 0x8a, 0x84, 0x87, 0x7f, 0x1e,
0xb8, 0xe5, 0xd9, 0x74, 0xd8, 0x73, 0xe0, 0x65, 0x22, 0x49,
0x01, 0x55, 0x5f, 0xb8, 0x82, 0x15, 0x90, 0xa3, 0x3b, 0xac,
0xc6, 0x1e, 0x39, 0x70, 0x1c, 0xf9, 0xb4, 0x6b, 0xd2, 0x5b,
0xf5, 0xf0, 0x59, 0x5b, 0xbe, 0x24, 0x65, 0x51, 0x41, 0x43,
0x8e, 0x7a, 0x10, 0x0b)
},
/* Test 2 */
{ chunk_from_chars(
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x4c, 0xcd, 0x08, 0x9b,
0x28, 0xff, 0x96, 0xda, 0x9d, 0xb6, 0xc3, 0x46, 0xec, 0x11,
0x4e, 0x0f, 0x5b, 0x8a, 0x31, 0x9f, 0x35, 0xab, 0xa6, 0x24,
0xda, 0x8c, 0xf6, 0xed, 0x4f, 0xb8, 0xa6, 0xfb),
chunk_from_chars(
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
0x21, 0x00, 0x3d, 0x40, 0x17, 0xc3, 0xe8, 0x43, 0x89, 0x5a,
0x92, 0xb7, 0x0a, 0xa7, 0x4d, 0x1b, 0x7e, 0xbc, 0x9c, 0x98,
0x2c, 0xcf, 0x2e, 0xc4, 0x96, 0x8c, 0xc0, 0xcd, 0x55, 0xf1,
0x2a, 0xf4, 0x66, 0x0c),
chunk_from_chars(
0x72),
chunk_from_chars(
0x92, 0xa0, 0x09, 0xa9, 0xf0, 0xd4, 0xca, 0xb8, 0x72, 0x0e,
0x82, 0x0b, 0x5f, 0x64, 0x25, 0x40, 0xa2, 0xb2, 0x7b, 0x54,
0x16, 0x50, 0x3f, 0x8f, 0xb3, 0x76, 0x22, 0x23, 0xeb, 0xdb,
0x69, 0xda, 0x08, 0x5a, 0xc1, 0xe4, 0x3e, 0x15, 0x99, 0x6e,
0x45, 0x8f, 0x36, 0x13, 0xd0, 0xf1, 0x1d, 0x8c, 0x38, 0x7b,
0x2e, 0xae, 0xb4, 0x30, 0x2a, 0xee, 0xb0, 0x0d, 0x29, 0x16,
0x12, 0xbb, 0x0c, 0x00)
},
/* Test 3 */
{ chunk_from_chars(
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xc5, 0xaa, 0x8d, 0xf4,
0x3f, 0x9f, 0x83, 0x7b, 0xed, 0xb7, 0x44, 0x2f, 0x31, 0xdc,
0xb7, 0xb1, 0x66, 0xd3, 0x85, 0x35,0x07, 0x6f, 0x09, 0x4b,
0x85, 0xce, 0x3a, 0x2e, 0x0b, 0x44, 0x58, 0xf7),
chunk_from_chars(
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
0x21, 0x00, 0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3,
0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30, 0xf0, 0x58, 0x08, 0x16,
0xed, 0x13, 0xba, 0x33, 0x03, 0xac, 0x5d, 0xeb, 0x91, 0x15,
0x48, 0x90, 0x80, 0x25),
chunk_from_chars(
0xaf, 0x82),
chunk_from_chars(
0x62, 0x91, 0xd6, 0x57, 0xde, 0xec, 0x24, 0x02, 0x48, 0x27,
0xe6, 0x9c, 0x3a, 0xbe, 0x01, 0xa3, 0x0c, 0xe5, 0x48, 0xa2,
0x84, 0x74, 0x3a, 0x44, 0x5e, 0x36, 0x80, 0xd7, 0xdb, 0x5a,
0xc3, 0xac, 0x18, 0xff, 0x9b, 0x53, 0x8d, 0x16, 0xf2, 0x90,
0xae, 0x67, 0xf7, 0x60, 0x98, 0x4d, 0xc6, 0x59, 0x4a, 0x7c,
0x15, 0xe9, 0x71, 0x6e, 0xd2, 0x8d, 0xc0, 0x27, 0xbe, 0xce,
0xea, 0x1e, 0xc4, 0x0a)
},
/* Test 1024 */
{ chunk_from_chars(
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0xf5, 0xe5, 0x76, 0x7c,
0xf1, 0x53, 0x31, 0x95, 0x17, 0x63, 0x0f, 0x22, 0x68, 0x76,
0xb8, 0x6c, 0x81, 0x60, 0xcc, 0x58, 0x3b, 0xc0, 0x13, 0x74,
0x4c, 0x6b, 0xf2, 0x55, 0xf5, 0xcc, 0x0e, 0xe5),
chunk_from_chars(
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
0x21, 0x00, 0x27, 0x81, 0x17, 0xfc, 0x14, 0x4c, 0x72, 0x34,
0x0f, 0x67, 0xd0, 0xf2, 0x31, 0x6e, 0x83, 0x86, 0xce, 0xff,
0xbf, 0x2b, 0x24, 0x28, 0xc9, 0xc5, 0x1f, 0xef, 0x7c, 0x59,
0x7f, 0x1d, 0x42, 0x6e),
chunk_from_chars(
0x08, 0xb8, 0xb2, 0xb7, 0x33, 0x42, 0x42, 0x43, 0x76, 0x0f,
0xe4, 0x26, 0xa4, 0xb5, 0x49, 0x08, 0x63, 0x21, 0x10, 0xa6,
0x6c, 0x2f, 0x65, 0x91, 0xea, 0xbd, 0x33, 0x45, 0xe3, 0xe4,
0xeb, 0x98, 0xfa, 0x6e, 0x26, 0x4b, 0xf0, 0x9e, 0xfe, 0x12,
0xee, 0x50, 0xf8, 0xf5, 0x4e, 0x9f, 0x77, 0xb1, 0xe3, 0x55,
0xf6, 0xc5, 0x05, 0x44, 0xe2, 0x3f, 0xb1, 0x43, 0x3d, 0xdf,
0x73, 0xbe, 0x84, 0xd8, 0x79, 0xde, 0x7c, 0x00, 0x46, 0xdc,
0x49, 0x96, 0xd9, 0xe7, 0x73, 0xf4, 0xbc, 0x9e, 0xfe, 0x57,
0x38, 0x82, 0x9a, 0xdb, 0x26, 0xc8, 0x1b, 0x37, 0xc9, 0x3a,
0x1b, 0x27, 0x0b, 0x20, 0x32, 0x9d, 0x65, 0x86, 0x75, 0xfc,
0x6e, 0xa5, 0x34, 0xe0, 0x81, 0x0a, 0x44, 0x32, 0x82, 0x6b,
0xf5, 0x8c, 0x94, 0x1e, 0xfb, 0x65, 0xd5, 0x7a, 0x33, 0x8b,
0xbd, 0x2e, 0x26, 0x64, 0x0f, 0x89, 0xff, 0xbc, 0x1a, 0x85,
0x8e, 0xfc, 0xb8, 0x55, 0x0e, 0xe3, 0xa5, 0xe1, 0x99, 0x8b,
0xd1, 0x77, 0xe9, 0x3a, 0x73, 0x63, 0xc3, 0x44, 0xfe, 0x6b,
0x19, 0x9e, 0xe5, 0xd0, 0x2e, 0x82, 0xd5, 0x22, 0xc4, 0xfe,
0xba, 0x15, 0x45, 0x2f, 0x80, 0x28, 0x8a, 0x82, 0x1a, 0x57,
0x91, 0x16, 0xec, 0x6d, 0xad, 0x2b, 0x3b, 0x31, 0x0d, 0xa9,
0x03, 0x40, 0x1a, 0xa6, 0x21, 0x00, 0xab, 0x5d, 0x1a, 0x36,
0x55, 0x3e, 0x06, 0x20, 0x3b, 0x33, 0x89, 0x0c, 0xc9, 0xb8,
0x32, 0xf7, 0x9e, 0xf8, 0x05, 0x60, 0xcc, 0xb9, 0xa3, 0x9c,
0xe7, 0x67, 0x96, 0x7e, 0xd6, 0x28, 0xc6, 0xad, 0x57, 0x3c,
0xb1, 0x16, 0xdb, 0xef, 0xef, 0xd7, 0x54, 0x99, 0xda, 0x96,
0xbd, 0x68, 0xa8, 0xa9, 0x7b, 0x92, 0x8a, 0x8b, 0xbc, 0x10,
0x3b, 0x66, 0x21, 0xfc, 0xde, 0x2b, 0xec, 0xa1, 0x23, 0x1d,
0x20, 0x6b, 0xe6, 0xcd, 0x9e, 0xc7, 0xaf, 0xf6, 0xf6, 0xc9,
0x4f, 0xcd, 0x72, 0x04, 0xed, 0x34, 0x55, 0xc6, 0x8c, 0x83,
0xf4, 0xa4, 0x1d, 0xa4, 0xaf, 0x2b, 0x74, 0xef, 0x5c, 0x53,
0xf1, 0xd8, 0xac, 0x70, 0xbd, 0xcb, 0x7e, 0xd1, 0x85, 0xce,
0x81, 0xbd, 0x84, 0x35, 0x9d, 0x44, 0x25, 0x4d, 0x95, 0x62,
0x9e, 0x98, 0x55, 0xa9, 0x4a, 0x7c, 0x19, 0x58, 0xd1, 0xf8,
0xad, 0xa5, 0xd0, 0x53, 0x2e, 0xd8, 0xa5, 0xaa, 0x3f, 0xb2,
0xd1, 0x7b, 0xa7, 0x0e, 0xb6, 0x24, 0x8e, 0x59, 0x4e, 0x1a,
0x22, 0x97, 0xac, 0xbb, 0xb3, 0x9d, 0x50, 0x2f, 0x1a, 0x8c,
0x6e, 0xb6, 0xf1, 0xce, 0x22, 0xb3, 0xde, 0x1a, 0x1f, 0x40,
0xcc, 0x24, 0x55, 0x41, 0x19, 0xa8, 0x31, 0xa9, 0xaa, 0xd6,
0x07, 0x9c, 0xad, 0x88, 0x42, 0x5d, 0xe6, 0xbd, 0xe1, 0xa9,
0x18, 0x7e, 0xbb, 0x60, 0x92, 0xcf, 0x67, 0xbf, 0x2b, 0x13,
0xfd, 0x65, 0xf2, 0x70, 0x88, 0xd7, 0x8b, 0x7e, 0x88, 0x3c,
0x87, 0x59, 0xd2, 0xc4, 0xf5, 0xc6, 0x5a, 0xdb, 0x75, 0x53,
0x87, 0x8a, 0xd5, 0x75, 0xf9, 0xfa, 0xd8, 0x78, 0xe8, 0x0a,
0x0c, 0x9b, 0xa6, 0x3b, 0xcb, 0xcc, 0x27, 0x32, 0xe6, 0x94,
0x85, 0xbb, 0xc9, 0xc9, 0x0b, 0xfb, 0xd6, 0x24, 0x81, 0xd9,
0x08, 0x9b, 0xec, 0xcf, 0x80, 0xcf, 0xe2, 0xdf, 0x16, 0xa2,
0xcf, 0x65, 0xbd, 0x92, 0xdd, 0x59, 0x7b, 0x07, 0x07, 0xe0,
0x91, 0x7a, 0xf4, 0x8b, 0xbb, 0x75, 0xfe, 0xd4, 0x13, 0xd2,
0x38, 0xf5, 0x55, 0x5a, 0x7a, 0x56, 0x9d, 0x80, 0xc3, 0x41,
0x4a, 0x8d, 0x08, 0x59, 0xdc, 0x65, 0xa4, 0x61, 0x28, 0xba,
0xb2, 0x7a, 0xf8, 0x7a, 0x71, 0x31, 0x4f, 0x31, 0x8c, 0x78,
0x2b, 0x23, 0xeb, 0xfe, 0x80, 0x8b, 0x82, 0xb0, 0xce, 0x26,
0x40, 0x1d, 0x2e, 0x22, 0xf0, 0x4d, 0x83, 0xd1, 0x25, 0x5d,
0xc5, 0x1a, 0xdd, 0xd3, 0xb7, 0x5a, 0x2b, 0x1a, 0xe0, 0x78,
0x45, 0x04, 0xdf, 0x54, 0x3a, 0xf8, 0x96, 0x9b, 0xe3, 0xea,
0x70, 0x82, 0xff, 0x7f, 0xc9, 0x88, 0x8c, 0x14, 0x4d, 0xa2,
0xaf, 0x58, 0x42, 0x9e, 0xc9, 0x60, 0x31, 0xdb, 0xca, 0xd3,
0xda, 0xd9, 0xaf, 0x0d, 0xcb, 0xaa, 0xaf, 0x26, 0x8c, 0xb8,
0xfc, 0xff, 0xea, 0xd9, 0x4f, 0x3c, 0x7c, 0xa4, 0x95, 0xe0,
0x56, 0xa9, 0xb4, 0x7a, 0xcd, 0xb7, 0x51, 0xfb, 0x73, 0xe6,
0x66, 0xc6, 0xc6, 0x55, 0xad, 0xe8, 0x29, 0x72, 0x97, 0xd0,
0x7a, 0xd1, 0xba, 0x5e, 0x43, 0xf1, 0xbc, 0xa3, 0x23, 0x01,
0x65, 0x13, 0x39, 0xe2, 0x29, 0x04, 0xcc, 0x8c, 0x42, 0xf5,
0x8c, 0x30, 0xc0, 0x4a, 0xaf, 0xdb, 0x03, 0x8d, 0xda, 0x08,
0x47, 0xdd, 0x98, 0x8d, 0xcd, 0xa6, 0xf3, 0xbf, 0xd1, 0x5c,
0x4b, 0x4c, 0x45, 0x25, 0x00, 0x4a, 0xa0, 0x6e, 0xef, 0xf8,
0xca, 0x61, 0x78, 0x3a, 0xac, 0xec, 0x57, 0xfb, 0x3d, 0x1f,
0x92, 0xb0, 0xfe, 0x2f, 0xd1, 0xa8, 0x5f, 0x67, 0x24, 0x51,
0x7b, 0x65, 0xe6, 0x14, 0xad, 0x68, 0x08, 0xd6, 0xf6, 0xee,
0x34, 0xdf, 0xf7, 0x31, 0x0f, 0xdc, 0x82, 0xae, 0xbf, 0xd9,
0x04, 0xb0, 0x1e, 0x1d, 0xc5, 0x4b, 0x29, 0x27, 0x09, 0x4b,
0x2d, 0xb6, 0x8d, 0x6f, 0x90, 0x3b, 0x68, 0x40, 0x1a, 0xde,
0xbf, 0x5a, 0x7e, 0x08, 0xd7, 0x8f, 0xf4, 0xef, 0x5d, 0x63,
0x65, 0x3a, 0x65, 0x04, 0x0c, 0xf9, 0xbf, 0xd4, 0xac, 0xa7,
0x98, 0x4a, 0x74, 0xd3, 0x71, 0x45, 0x98, 0x67, 0x80, 0xfc,
0x0b, 0x16, 0xac, 0x45, 0x16, 0x49, 0xde, 0x61, 0x88, 0xa7,
0xdb, 0xdf, 0x19, 0x1f, 0x64, 0xb5, 0xfc, 0x5e, 0x2a, 0xb4,
0x7b, 0x57, 0xf7, 0xf7, 0x27, 0x6c, 0xd4, 0x19, 0xc1, 0x7a,
0x3c, 0xa8, 0xe1, 0xb9, 0x39, 0xae, 0x49, 0xe4, 0x88, 0xac,
0xba, 0x6b, 0x96, 0x56, 0x10, 0xb5, 0x48, 0x01, 0x09, 0xc8,
0xb1, 0x7b, 0x80, 0xe1, 0xb7, 0xb7, 0x50, 0xdf, 0xc7, 0x59,
0x8d, 0x5d, 0x50, 0x11, 0xfd, 0x2d, 0xcc, 0x56, 0x00, 0xa3,
0x2e, 0xf5, 0xb5, 0x2a, 0x1e, 0xcc, 0x82, 0x0e, 0x30, 0x8a,
0xa3, 0x42, 0x72, 0x1a, 0xac, 0x09, 0x43, 0xbf, 0x66, 0x86,
0xb6, 0x4b, 0x25, 0x79, 0x37, 0x65, 0x04, 0xcc, 0xc4, 0x93,
0xd9, 0x7e, 0x6a, 0xed, 0x3f, 0xb0, 0xf9, 0xcd, 0x71, 0xa4,
0x3d, 0xd4, 0x97, 0xf0, 0x1f, 0x17, 0xc0, 0xe2, 0xcb, 0x37,
0x97, 0xaa, 0x2a, 0x2f, 0x25, 0x66, 0x56, 0x16, 0x8e, 0x6c,
0x49, 0x6a, 0xfc, 0x5f, 0xb9, 0x32, 0x46, 0xf6, 0xb1, 0x11,
0x63, 0x98, 0xa3, 0x46, 0xf1, 0xa6, 0x41, 0xf3, 0xb0, 0x41,
0xe9, 0x89, 0xf7, 0x91, 0x4f, 0x90, 0xcc, 0x2c, 0x7f, 0xff,
0x35, 0x78, 0x76, 0xe5, 0x06, 0xb5, 0x0d, 0x33, 0x4b, 0xa7,
0x7c, 0x22, 0x5b, 0xc3, 0x07, 0xba, 0x53, 0x71, 0x52, 0xf3,
0xf1, 0x61, 0x0e, 0x4e, 0xaf, 0xe5, 0x95, 0xf6, 0xd9, 0xd9,
0x0d, 0x11, 0xfa, 0xa9, 0x33, 0xa1, 0x5e, 0xf1, 0x36, 0x95,
0x46, 0x86, 0x8a, 0x7f, 0x3a, 0x45, 0xa9, 0x67, 0x68, 0xd4,
0x0f, 0xd9, 0xd0, 0x34, 0x12, 0xc0, 0x91, 0xc6, 0x31, 0x5c,
0xf4, 0xfd, 0xe7, 0xcb, 0x68, 0x60, 0x69, 0x37, 0x38, 0x0d,
0xb2, 0xea, 0xaa, 0x70, 0x7b, 0x4c, 0x41, 0x85, 0xc3, 0x2e,
0xdd, 0xcd, 0xd3, 0x06, 0x70, 0x5e, 0x4d, 0xc1, 0xff, 0xc8,
0x72, 0xee, 0xee, 0x47, 0x5a, 0x64, 0xdf, 0xac, 0x86, 0xab,
0xa4, 0x1c, 0x06, 0x18, 0x98, 0x3f, 0x87, 0x41, 0xc5, 0xef,
0x68, 0xd3, 0xa1, 0x01, 0xe8, 0xa3, 0xb8, 0xca, 0xc6, 0x0c,
0x90, 0x5c, 0x15, 0xfc, 0x91, 0x08, 0x40, 0xb9, 0x4c, 0x00,
0xa0, 0xb9, 0xd0),
chunk_from_chars(
0x0a, 0xab, 0x4c, 0x90, 0x05, 0x01, 0xb3, 0xe2, 0x4d, 0x7c,
0xdf, 0x46, 0x63, 0x32, 0x6a, 0x3a, 0x87, 0xdf, 0x5e, 0x48,
0x43, 0xb2, 0xcb, 0xdb, 0x67, 0xcb, 0xf6, 0xe4, 0x60, 0xfe,
0xc3, 0x50, 0xaa, 0x53, 0x71, 0xb1, 0x50, 0x8f, 0x9f, 0x45,
0x28, 0xec, 0xea, 0x23, 0xc4, 0x36, 0xd9, 0x4b, 0x5e, 0x8f,
0xcd, 0x4f, 0x68, 0x1e, 0x30, 0xa6, 0xac, 0x00, 0xa9, 0x70,
0x4a, 0x18, 0x8a, 0x03)
},
/* Test SHA(abc) */
{ chunk_from_chars(
0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b,
0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x83, 0x3f, 0xe6, 0x24,
0x09, 0x23, 0x7b, 0x9d, 0x62, 0xec, 0x77, 0x58, 0x75, 0x20,
0x91, 0x1e, 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42),
chunk_from_chars(
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
0x21, 0x00, 0xec, 0x17, 0x2b, 0x93, 0xad, 0x5e, 0x56, 0x3b,
0xf4, 0x93, 0x2c, 0x70, 0xe1, 0x24, 0x50, 0x34, 0xc3, 0x54,
0x67, 0xef, 0x2e, 0xfd, 0x4d, 0x64, 0xeb, 0xf8, 0x19, 0x68,
0x34, 0x67, 0xe2, 0xbf),
chunk_from_chars(
0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41,
0x73, 0x49, 0xae, 0x20, 0x41, 0x31, 0x12, 0xe6, 0xfa, 0x4e,
0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55,
0xd3, 0x9a, 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, 0x45, 0x4d,
0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f,
0xa5, 0x4c, 0xa4, 0x9f),
chunk_from_chars(
0xdc, 0x2a, 0x44, 0x59, 0xe7, 0x36, 0x96, 0x33, 0xa5, 0x2b,
0x1b, 0xf2, 0x77, 0x83, 0x9a, 0x00, 0x20, 0x10, 0x09, 0xa3,
0xef, 0xbf, 0x3e, 0xcb, 0x69, 0xbe, 0xa2, 0x18, 0x6c, 0x26,
0xb5, 0x89, 0x09, 0x35, 0x1f, 0xc9, 0xac, 0x90, 0xb3, 0xec,
0xfd, 0xfb, 0xc7, 0xc6, 0x64, 0x31, 0xe0, 0x30, 0x3d, 0xca,
0x17, 0x9c, 0x13, 0x8a, 0xc1, 0x7a, 0xd9, 0xbe, 0xf1, 0x17,
0x73, 0x31, 0xa7, 0x04)
}
};
START_TEST(test_ed25519_sign)
{
private_key_t *key;
public_key_t *pubkey, *public;
chunk_t sig, encoding;
/* load private key */
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, sig_tests[_i].key, BUILD_END);
ck_assert(key != NULL);
ck_assert(key->get_encoding(key, PRIVKEY_ASN1_DER, &encoding));
ck_assert(chunk_equals(encoding, sig_tests[_i].key));
chunk_free(&encoding);
/* load public key */
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, sig_tests[_i].pubkey, BUILD_END);
ck_assert(pubkey != NULL);
ck_assert(pubkey->get_encoding(pubkey, PUBKEY_SPKI_ASN1_DER, &encoding));
ck_assert(chunk_equals(encoding, sig_tests[_i].pubkey));
chunk_free(&encoding);
/* compare public keys */
public = key->get_public_key(key);
ck_assert(public != NULL);
ck_assert(public->equals(public, pubkey));
/* sign */
ck_assert(key->sign(key, SIGN_ED25519, sig_tests[_i].msg, &sig));
ck_assert(sig.len == 64);
ck_assert(chunk_equals(sig, sig_tests[_i].sig));
/* verify */
ck_assert(pubkey->verify(pubkey, SIGN_ED25519, sig_tests[_i].msg,
sig_tests[_i].sig));
/* cleanup */
key->destroy(key);
pubkey->destroy(pubkey);
public->destroy(public);
chunk_free(&sig);
}
END_TEST
START_TEST(test_ed25519_gen)
{
private_key_t *key, *key2;
public_key_t *pubkey, *pubkey2;
chunk_t msg = chunk_from_str("Ed25519"), sig, encoding, fp_priv, fp_pub;
/* generate private key */
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_KEY_SIZE, 256, BUILD_END);
ck_assert(key != NULL);
ck_assert(key->get_type(key) == KEY_ED25519);
ck_assert(key->get_keysize(key) == 256);
ck_assert(!key->get_encoding(key, PRIVKEY_PGP, &encoding));
ck_assert(key->get_encoding(key, PRIVKEY_PEM, &encoding));
ck_assert(encoding.ptr != NULL);
ck_assert(strstr(encoding.ptr, "PRIVATE KEY"));
chunk_free(&encoding);
/* clone private key */
key2 = key->get_ref(key);
ck_assert(key2);
key2->destroy(key2);
/* decryption not supported */
ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL));
/* wrong signature scheme */
ck_assert(!key->sign(key, SIGN_ED448, msg, &sig));
/* correct signature scheme*/
ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
/* export public key */
pubkey = key->get_public_key(key);
ck_assert(pubkey != NULL);
ck_assert(pubkey->get_type(pubkey) == KEY_ED25519);
ck_assert(pubkey->get_keysize(pubkey) == 256);
ck_assert(pubkey->get_encoding(pubkey, PUBKEY_PEM, &encoding));
ck_assert(encoding.ptr != NULL);
ck_assert(strstr(encoding.ptr, "PUBLIC KEY"));
chunk_free(&encoding);
/* generate and compare public and private key fingerprints */
ck_assert(!key->get_fingerprint(key, KEYID_PGPV4, &fp_priv));
ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp_priv));
ck_assert(key->get_fingerprint(key, KEYID_PUBKEY_SHA1, &fp_priv));
ck_assert(fp_priv.ptr != NULL);
ck_assert(!pubkey->get_fingerprint(pubkey, KEYID_PGPV4, &fp_pub));
ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &fp_pub));
ck_assert(pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &fp_pub));
ck_assert(fp_pub.ptr != NULL);
ck_assert(chunk_equals(fp_pub, fp_priv));
/* clone public key */
pubkey2 = pubkey->get_ref(pubkey);
ck_assert(pubkey2 != NULL);
pubkey2->destroy(pubkey2);
/* encryption not supported */
ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL));
/* verify with wrong signature scheme */
ck_assert(!pubkey->verify(pubkey, SIGN_ED448, msg, sig));
/* verify with correct signature scheme */
ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
/* cleanup */
key->destroy(key);
pubkey->destroy(pubkey);
chunk_free(&sig);
}
END_TEST
START_TEST(test_ed25519_speed)
{
private_key_t *key;
public_key_t *pubkey;
chunk_t msg = chunk_from_str("Hello Ed25519"), sig;
int i, count = 1000;
#ifdef HAVE_CLOCK_GETTIME
struct timespec start, stop;
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
#endif
for (i = 0; i < count; i++)
{
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_KEY_SIZE, 256, BUILD_END);
ck_assert(key != NULL);
ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
pubkey = key->get_public_key(key);
ck_assert(pubkey != NULL);
ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig));
key->destroy(key);
pubkey->destroy(pubkey);
chunk_free(&sig);
}
#ifdef HAVE_CLOCK_GETTIME
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop);
DBG0(DBG_LIB, "%d Ed25519 keys and signatures in %d ms\n", count,
(stop.tv_nsec - start.tv_nsec) / 1000000 +
(stop.tv_sec - start.tv_sec) * 1000);
#endif
}
END_TEST
static chunk_t zero_pk = chunk_from_chars(
0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00);
START_TEST(test_ed25519_fail)
{
private_key_t *key;
public_key_t *pubkey;
chunk_t blob, sig;
uint8_t sig1[64];
/* Invalid private key format */
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, chunk_empty, BUILD_END);
ck_assert(key == NULL);
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_EDDSA_PRIV_ASN1_DER, chunk_empty, BUILD_END);
ck_assert(key == NULL);
blob = chunk_from_chars(0x04, 0x01, 0x9d);
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_EDDSA_PRIV_ASN1_DER, blob, BUILD_END);
ck_assert(key == NULL);
/* Invalid public key format */
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, chunk_empty, BUILD_END);
ck_assert(pubkey == NULL);
blob = chunk_from_chars(0x30, 0x0b, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x70, 0x03, 0x02, 0x00, 0xd7);
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, blob, BUILD_END);
ck_assert(pubkey == NULL);
blob = chunk_from_chars(0x30, 0x0b, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x00,
0x70, 0x03, 0x02, 0x00, 0xd7);
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, blob, BUILD_END);
ck_assert(pubkey == NULL);
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_KEY_SIZE, 256, BUILD_BLOB_ASN1_DER, blob, BUILD_END);
ck_assert(pubkey == NULL);
/* Invalid signature format */
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, sig_tests[0].pubkey, BUILD_END);
ck_assert(pubkey != NULL);
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, chunk_empty, chunk_empty));
/* malformed signature */
sig = chunk_create(sig1, 64);
memcpy(sig1, sig_tests[0].sig.ptr, 64);
sig1[63] |= 0xe0;
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
/* wrong signature */
memcpy(sig1, sig_tests[0].sig.ptr, 64);
sig1[0] = 0xe4;
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
/* detect all-zeroes public key */
pubkey->destroy(pubkey);
pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END);
ck_assert(pubkey != NULL);
ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig));
pubkey->destroy(pubkey);
}
END_TEST
Suite *ed25519_suite_create()
{
Suite *s;
TCase *tc;
s = suite_create("ed25519");
tc = tcase_create("ed25519_sign");
tcase_add_loop_test(tc, test_ed25519_sign, 0, countof(sig_tests));
suite_add_tcase(s, tc);
tc = tcase_create("ed25519_gen");
tcase_add_test(tc, test_ed25519_gen);
suite_add_tcase(s, tc);
tc = tcase_create("ed25519_fail");
tcase_add_test(tc, test_ed25519_fail);
suite_add_tcase(s, tc);
tc = tcase_create("ed25519_speed");
test_case_set_timeout(tc, 10);
tcase_add_test(tc, test_ed25519_speed);
suite_add_tcase(s, tc);
return s;
}

78
src/libstrongswan/tests/suites/test_hasher.c
View File

@ -28,38 +28,47 @@ typedef struct {
}hasher_oid_t;
static hasher_oid_t oids[] = {
{ OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */
{ OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */
{ OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */
{ OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */
{ OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */
{ OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */
{ OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */
{ OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */
{ OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */
{ OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */
{ OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */
{ OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */
{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */
{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */
{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */
{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */
{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */
{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 19 */
{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 20 */
{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 21 */
{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 22 */
{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 23 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 24 */
{ OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 25 */
{ OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 26 */
{ OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 27 */
{ OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 28 */
{ OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 29 */
{ OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 30 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS } /* 31 */
{ OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */
{ OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */
{ OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */
{ OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */
{ OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */
{ OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */
{ OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */
{ OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */
{ OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */
{ OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */
{ OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */
{ OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */
{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */
{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */
{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */
{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */
{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */
{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */
{ OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 19 */
{ OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 20 */
{ OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 21 */
{ OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 22 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 23 */
{ OID_ED25519, HASH_IDENTITY, KEY_ED25519 }, /* 24 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 }, /* 25 */
{ OID_ED448, HASH_IDENTITY, KEY_ED448 }, /* 26 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 }, /* 27 */
{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 28 */
{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 29 */
{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 30 */
{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 31 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 32 */
{ OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 33 */
{ OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 34 */
{ OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 35 */
{ OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 36 */
{ OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 37 */
{ OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 38 */
{ OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS }, /* 39 */
};
START_TEST(test_hasher_from_oid)
@ -113,6 +122,8 @@ static hasher_sig_scheme_t sig_schemes[] = {
{ SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
{ SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
{ SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
{ SIGN_ED25519, HASH_IDENTITY },
{ SIGN_ED448, HASH_IDENTITY },
{ 30, HASH_UNKNOWN }
};
@ -214,6 +225,7 @@ typedef struct {
}hasher_ikev2_t;
static hasher_ikev2_t ikev2[] = {
{ HASH_IDENTITY, TRUE },
{ HASH_SHA1, TRUE },
{ HASH_SHA256, TRUE },
{ HASH_SHA384, TRUE },
@ -244,7 +256,7 @@ Suite *hasher_suite_create()
s = suite_create("hasher");
tc = tcase_create("from_oid");
tcase_add_loop_test(tc, test_hasher_from_oid, 0, 15);
tcase_add_loop_test(tc, test_hasher_from_oid, 0, 28);
suite_add_tcase(s, tc);
tc = tcase_create("to_oid");

2
src/libstrongswan/tests/tests.h
View File

@ -50,3 +50,5 @@ TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519)

11
src/pki/commands/gen.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
* Copyright (C) 2014-2015 Andreas Steffen
* Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -44,6 +44,10 @@ static int gen()
{
type = KEY_ECDSA;
}
else if (streq(arg, "ed25519"))
{
type = KEY_ED25519;
}
else if (streq(arg, "bliss"))
{
type = KEY_BLISS;
@ -101,6 +105,9 @@ static int gen()
case KEY_ECDSA:
size = 384;
break;
case KEY_ED25519:
size = 256;
break;
case KEY_BLISS:
size = 1;
break;
@ -159,7 +166,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
gen, 'g', "gen", "generate a new private key",
{" [--type rsa|ecdsa|bliss] [--size bits] [--safe-primes]",
{" [--type rsa|ecdsa|ed25519|bliss] [--size bits] [--safe-primes]",
"[--shares n] [--threshold l] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},

9
src/pki/commands/issue.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
* Copyright (C) 2015 Andreas Steffen
* Copyright (C) 2015-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -112,6 +112,11 @@ static int issue()
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
else if (streq(arg, "ed25519"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ED25519;
}
else if (streq(arg, "bliss"))
{
type = CRED_PRIVATE_KEY;
@ -585,7 +590,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
{"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
{"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|ed25519|bliss] --cakey file|--cakeyid hex",
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",

10
src/pki/commands/print.c
View File

@ -2,7 +2,7 @@
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
* Copyright (C) 2015 Andreas Steffen
* Copyright (C) 2015-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -106,6 +106,12 @@ static int print()
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
else if (streq(arg, "ed25519") ||
streq(arg, "ed25519-priv"))
{
type = CRED_PRIVATE_KEY;
subtype = KEY_ED25519;
}
else if (streq(arg, "bliss") ||
streq(arg, "bliss-priv"))
{
@ -181,7 +187,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ print, 'a', "print",
"print a credential in a human readable form",
{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|ed25519|bliss]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},

8
src/pki/commands/self.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
* Copyright (C) 2015 Andreas Steffen
* Copyright (C) 2015-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@ -90,6 +90,10 @@ static int self()
{
type = KEY_ECDSA;
}
else if (streq(arg, "ed25519"))
{
type = KEY_ED25519;
}
else if (streq(arg, "bliss"))
{
type = KEY_BLISS;
@ -421,7 +425,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
{" [--in file|--keyid hex] [--type rsa|ecdsa|ed25519|bliss|priv]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",

5
src/pki/man/pki---gen.1.in
View File

@ -1,4 +1,4 @@
.TH "PKI \-\-GEN" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.TH "PKI \-\-GEN" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
@ -45,7 +45,8 @@ Set debug level, default: 1.
Read command line options from \fIfile\fR.
.TP
.BI "\-t, \-\-type " type
Type of key to generate. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
Type of key to generate. Either \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR or
\fIbliss\fR, defaults to \fIrsa\fR.
.TP
.BI "\-s, \-\-size " bits
Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR.

8
src/pki/man/pki---issue.1.in
View File

@ -1,4 +1,4 @@
.TH "PKI \-\-ISSUE" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
.TH "PKI \-\-ISSUE" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
@ -68,9 +68,9 @@ key/request is read from \fISTDIN\fR.
.TP
.BI "\-t, \-\-type " type
Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to
\fIpub\fR.
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key),
\fIed25519\fR (Ed25519 private key) \fIbliss\fR (BLISS private key) or
\fIpkcs10\fR (PKCS#10 certificate request), defaults to \fIpub\fR.
.TP
.BI "\-k, \-\-cakey " file
CA private key file. Either this or

6
src/pki/man/pki---print.1.in
View File

@ -1,4 +1,4 @@
.TH "PKI \-\-PRINT" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.TH "PKI \-\-PRINT" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
@ -47,8 +47,8 @@ Input file. If not given the input is read from \fISTDIN\fR.
Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private
key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to
\fIx509\fR.
key), \fIed25519\fR (Ed25519 private key), \fIbliss\fR (BLISS private key),
\fIpriv\fR (private key), defaults to \fIx509\fR.
.
.SH "SEE ALSO"
.

6
src/pki/man/pki---self.1.in
View File

@ -1,4 +1,4 @@
.TH "PKI \-\-SELF" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.TH "PKI \-\-SELF" 1 "2016-12-13" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
@ -68,8 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR.
Key ID of a private key on a smartcard.
.TP
.BI "\-t, \-\-type " type
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
defaults to \fIpriv\fR.
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR
or \fIbliss\fR, defaults to \fIpriv\fR.
.TP
.BI "\-d, \-\-dn " distinguished-name
Subject and issuer distinguished name (DN). Required.

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB4jCCAZSgAwIBAgIBAzAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDExWhcNMjExMjA0MjI0MDExWjBbMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh
APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GIMIGFMB8GA1UdIwQY
MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u
Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAFBgMrZXADQQAC5ukfb9FmxhM5
ynVSrYUvCfii+zD7SjA+kFabRZ6tgoTWBBUONT31dwLpD0Aqe0z7SWLTXpeVVAl4
JbhZsPUD
-----END CERTIFICATE-----

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/daveCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB4DCCAZKgAwIBAgIBBDAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjIzODQwWhcNMjExMjA0MjIzODQwWjBaMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRwwGgYDVQQDDBNkYXZlQHN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
fYCNzyBpr3lne+kVB27q7O7TvMkERDB9kRnzNSx30hijgYcwgYQwHwYDVR0jBBgw
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
d2FuLm9yZzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
b3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmwwBQYDK2VwA0EAEG4SjQX49xhuMiyn
86uOCxDWy08KUQRBLoqan+cPfYDPgCbblpbmJOoCBtcUyzEYQ+L/gCQzwLAUZSbK
MEj7Dg==
-----END CERTIFICATE-----

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/moonCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww
BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX
8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA==
-----END CERTIFICATE-----

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/sunCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn
HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW
gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh
bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0
cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG
AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq
8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA=
-----END CERTIFICATE-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/carolKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIJk9u+XHU+E8YNCuj/bTDVRHbWDk2NzCyrTFqtzWRAv8
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/daveKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIF17ReOyn64y7tmC11XyYzcALKmu9lkS0VnWSd0l54FX
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/moonKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/sunKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0
-----END PRIVATE KEY-----

BIN
testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519.crl Normal file
View File

Binary file not shown.

11
testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Cert.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
-----END CERTIFICATE-----

3
testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Key.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIHb+63Ppcfc9m/E9EyoojCDUz6KcUmwTquU7sgpmctz0
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/generate-crl
View File

@ -63,3 +63,6 @@ cp strongswan_bliss.crl ${ROOT}
cd /etc/openssl/sha3-rsa
pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --digest sha3_256 > strongswan-sha3-rsa.crl
cp strongswan-sha3-rsa.crl ${ROOT}
cd /etc/openssl/ed25519
pki --signcrl --cacert strongswan_ed25519Cert.pem --cakey strongswan_ed25519Key.pem --lifetime 30 > strongswan_ed25519.crl
cp strongswan_ed25519.crl ${ROOT}

2
testing/hosts/winnetou/etc/strongswan.conf
View File

@ -1,5 +1,5 @@
# strongswan.conf - strongSwan configuration file
pki {
load = random pem sha1 sha2 sha3 pkcs1 pem gmp mgf1 bliss x509
load = random pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 bliss curve25519 x509
}

6
testing/tests/swanctl/net2net-ed25519/description.txt Executable file
View File

@ -0,0 +1,6 @@
A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
The authentication is based on <b>X.509 certificates</b> containing <b>Ed25519</b> keys.
Upon the successful establishment of the IPsec tunnel, the updown script automatically
inserts iptables-based firewall rules that let pass the tunneled traffic.
In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
pings client <b>bob</b> located behind gateway <b>sun</b>.

7
testing/tests/swanctl/net2net-ed25519/evaltest.dat Executable file
View File

@ -0,0 +1,7 @@
moon::cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with ED25519 successful::YES
sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ED25519 successful::YES
moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES

22
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf Executable file
View File

@ -0,0 +1,22 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
charon {
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
start-scripts {
creds = /usr/local/sbin/swanctl --load-creds
conns = /usr/local/sbin/swanctl --load-conns
}
syslog {
auth {
default = 0
}
daemon {
default = 1
}
}
}

3
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/pkcs8/moonKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk
-----END PRIVATE KEY-----

33
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf Executable file
View File

@ -0,0 +1,33 @@
connections {
gw-gw {
local_addrs = 192.168.0.1
remote_addrs = 192.168.0.2
local {
auth = pubkey
certs = moonCert.pem
id = moon.strongswan.org
}
remote {
auth = pubkey
id = sun.strongswan.org
}
children {
net-net {
local_ts = 10.1.0.0/16
remote_ts = 10.2.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
rekey_time = 5400
rekey_bytes = 500000000
rekey_packets = 1000000
esp_proposals = aes128gcm128-curve25519
}
}
version = 2
mobike = no
reauth_time = 10800
proposals = aes128-sha256-curve25519
}
}

13
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509/moonCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww
BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX
8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA==
-----END CERTIFICATE-----

11
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
-----END CERTIFICATE-----

22
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf Executable file
View File

@ -0,0 +1,22 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
charon {
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
start-scripts {
creds = /usr/local/sbin/swanctl --load-creds
conns = /usr/local/sbin/swanctl --load-conns
}
syslog {
auth {
default = 0
}
daemon {
default = 1
}
}
}

3
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/pkcs8/sunKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0
-----END PRIVATE KEY-----

33
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf Executable file
View File

@ -0,0 +1,33 @@
connections {
gw-gw {
local_addrs = 192.168.0.2
remote_addrs = 192.168.0.1
local {
auth = pubkey
certs = sunCert.pem
id = sun.strongswan.org
}
remote {
auth = pubkey
id = moon.strongswan.org
}
children {
net-net {
local_ts = 10.2.0.0/16
remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
rekey_time = 5400
rekey_bytes = 500000000
rekey_packets = 1000000
esp_proposals = aes128gcm128-curve25519
}
}
version = 2
mobike = no
reauth_time = 10800
proposals = aes128-sha256-curve25519
}
}

13
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509/sunCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn
HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW
gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh
bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0
cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG
AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq
8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA=
-----END CERTIFICATE-----

11
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
-----END CERTIFICATE-----

7
testing/tests/swanctl/net2net-ed25519/posttest.dat Executable file
View File

@ -0,0 +1,7 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
moon::service charon stop 2> /dev/null
sun::service charon stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pkcs8/*
sun::rm /etc/swanctl/pkcs8/*

9
testing/tests/swanctl/net2net-ed25519/pretest.dat Executable file
View File

@ -0,0 +1,9 @@
moon::rm /etc/swanctl/rsa/moonKey.pem
sun::rm /etc/swanctl/rsa/sunKey.pem
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::service charon start 2> /dev/null
sun::service charon start 2> /dev/null
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null

25
testing/tests/swanctl/net2net-ed25519/test.conf Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#
# This configuration file provides information on the
# guest instances used for this test
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b.png"
# Guest instances on which tcpdump is to be started
#
TCPDUMPHOSTS="sun"
# Guest instances on which IPsec is started
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
# charon controlled by swanctl
#
SWANCTL=1