ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

oqs: Support of Falcon signature algorithms

This commit is contained in:
Andreas Steffen 2020-11-20 17:30:15 +01:00 committed by Tobias Brunner
parent eeb5cf36fb
commit ff11243b8e
16 changed files with 4980 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libstrongswan/asn1/asn1.c
View File

@ -60,6 +60,8 @@ chunk_t asn1_algorithmIdentifier(int oid)
case OID_DILITHIUM_2:
case OID_DILITHIUM_3:
case OID_DILITHIUM_4:
case OID_FALCON_512:
case OID_FALCON_1024:
parameters = chunk_empty;
break;
default:

5
src/libstrongswan/asn1/oid.txt
View File

@ -421,6 +421,11 @@
0x25 "sect409r1" OID_SECT409R1
0x26 "sect571k1" OID_SECT571K1
0x27 "sect571r1" OID_SECT571R1
0xCE ""
0x0F "Reserved"
0x03 "Falcon"
0x01 "falcon512" OID_FALCON_512
0x04 "falcon1024" OID_FALCON_1024
0x60 ""
0x86 ""
0x48 ""

2
src/libstrongswan/credentials/auth_cfg.c
View File

@ -601,6 +601,8 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
{ "identity", SIGN_DILITHIUM_2, KEY_DILITHIUM_2, },
{ "identity", SIGN_DILITHIUM_3, KEY_DILITHIUM_3, },
{ "identity", SIGN_DILITHIUM_4, KEY_DILITHIUM_4, },
{ "identity", SIGN_FALCON_512, KEY_FALCON_512, },
{ "identity", SIGN_FALCON_1024, KEY_FALCON_1024, },
};
if (expected_strength != AUTH_RULE_MAX)

30
src/libstrongswan/credentials/keys/public_key.c
View File

@ -20,7 +20,7 @@
#include "public_key.h"
#include "signature_params.h"
ENUM(key_type_names, KEY_ANY, KEY_DILITHIUM_4,
ENUM(key_type_names, KEY_ANY, KEY_FALCON_1024,
"ANY",
"RSA",
"ECDSA",
@ -30,9 +30,11 @@ ENUM(key_type_names, KEY_ANY, KEY_DILITHIUM_4,
"Dilithium2",
"Dilithium3",
"Dilithium4",
"Falcon512",
"Falcon1024",
);
ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_DILITHIUM_4,
ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_FALCON_1024,
"UNKNOWN",
"RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
@ -59,6 +61,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_DILITHIUM_4,
"DILITHIUM_2",
"DILITHIUM_3",
"DILITHIUM_4",
"FALCON_512",
"FALCON_1024",
);
ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
@ -131,6 +135,10 @@ int key_type_to_oid(key_type_t type)
return OID_DILITHIUM_3;
case KEY_DILITHIUM_4:
return OID_DILITHIUM_4;
case KEY_FALCON_512:
return OID_FALCON_512;
case KEY_FALCON_1024:
return OID_FALCON_1024;
default:
return OID_UNKNOWN;
}
@ -153,6 +161,10 @@ key_type_t key_type_from_oid(int oid)
return KEY_DILITHIUM_3;
case OID_DILITHIUM_4:
return KEY_DILITHIUM_4;
case OID_FALCON_512:
return KEY_FALCON_512;
case OID_FALCON_1024:
return KEY_FALCON_1024;
default:
return KEY_ANY;
}
@ -212,6 +224,10 @@ signature_scheme_t signature_scheme_from_oid(int oid)
return SIGN_DILITHIUM_3;
case OID_DILITHIUM_4:
return SIGN_DILITHIUM_4;
case OID_FALCON_512:
return SIGN_FALCON_512;
case OID_FALCON_1024:
return SIGN_FALCON_1024;
}
return SIGN_UNKNOWN;
}
@ -270,6 +286,10 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
return OID_DILITHIUM_3;
case SIGN_DILITHIUM_4:
return OID_DILITHIUM_4;
case SIGN_FALCON_512:
return OID_FALCON_512;
case SIGN_FALCON_1024:
return OID_FALCON_1024;
}
return OID_UNKNOWN;
}
@ -314,6 +334,8 @@ static struct {
{ KEY_DILITHIUM_2, 0, { .scheme = SIGN_DILITHIUM_2}},
{ KEY_DILITHIUM_3, 0, { .scheme = SIGN_DILITHIUM_3}},
{ KEY_DILITHIUM_4, 0, { .scheme = SIGN_DILITHIUM_4}},
{ KEY_FALCON_512, 0, { .scheme = SIGN_FALCON_512}},
{ KEY_FALCON_1024, 0, { .scheme = SIGN_FALCON_1024}},
};
/**
@ -408,6 +430,10 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
return KEY_DILITHIUM_3;
case SIGN_DILITHIUM_4:
return KEY_DILITHIUM_4;
case SIGN_FALCON_512:
return KEY_FALCON_512;
case SIGN_FALCON_1024:
return KEY_FALCON_1024;
}
return KEY_ANY;
}

8
src/libstrongswan/credentials/keys/public_key.h
View File

@ -53,6 +53,10 @@ enum key_type_t {
KEY_DILITHIUM_3 = 7,
/** Dilithium4 NIST Round 3 Submission candidate */
KEY_DILITHIUM_4 = 8,
/** Falcon512 NIST Round 3 Submission candidate */
KEY_FALCON_512 = 9,
/** Falcon1024 NIST Round 3 Submission candidate */
KEY_FALCON_1024 = 10,
};
/**
@ -120,6 +124,10 @@ enum signature_scheme_t {
SIGN_DILITHIUM_3,
/** Dilithium4 NIST Round 3 Submission signature */
SIGN_DILITHIUM_4,
/** Falcon512 NIST Round 3 Submission signature */
SIGN_FALCON_512,
/** Falcon1024 NIST Round 3 Submission signature */
SIGN_FALCON_1024,
};
/**

20
src/libstrongswan/crypto/hashers/hasher.c
View File

@ -158,6 +158,8 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
case OID_DILITHIUM_2:
case OID_DILITHIUM_3:
case OID_DILITHIUM_4:
case OID_FALCON_512:
case OID_FALCON_1024:
return HASH_IDENTITY;
default:
return HASH_UNKNOWN;
@ -503,6 +505,22 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
default:
return OID_UNKNOWN;
}
case KEY_FALCON_512:
switch (alg)
{
case HASH_IDENTITY:
return OID_FALCON_512;
default:
return OID_UNKNOWN;
}
case KEY_FALCON_1024:
switch (alg)
{
case HASH_IDENTITY:
return OID_FALCON_1024;
default:
return OID_UNKNOWN;
}
default:
return OID_UNKNOWN;
}
@ -532,6 +550,8 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
case SIGN_DILITHIUM_2:
case SIGN_DILITHIUM_3:
case SIGN_DILITHIUM_4:
case SIGN_FALCON_512:
case SIGN_FALCON_1024:
return HASH_IDENTITY;
case SIGN_RSA_EMSA_PKCS1_MD5:
return HASH_MD5;

10
src/libstrongswan/plugins/oqs/oqs_plugin.c
View File

@ -72,23 +72,33 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_2),
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_3),
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_4),
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_512),
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_1024),
PLUGIN_REGISTER(PRIVKEY_GEN, oqs_private_key_gen, FALSE),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_DILITHIUM_2),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_DILITHIUM_3),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_DILITHIUM_4),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_FALCON_512),
PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_FALCON_1024),
PLUGIN_REGISTER(PUBKEY, oqs_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_DILITHIUM_2),
PLUGIN_PROVIDE(PUBKEY, KEY_DILITHIUM_3),
PLUGIN_PROVIDE(PUBKEY, KEY_DILITHIUM_4),
PLUGIN_PROVIDE(PUBKEY, KEY_FALCON_512),
PLUGIN_PROVIDE(PUBKEY, KEY_FALCON_1024),
PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
/* signature schemes, private */
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_DILITHIUM_2),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_DILITHIUM_3),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_DILITHIUM_4),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_FALCON_512),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_FALCON_1024),
/* signature verification schemes */
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_DILITHIUM_2),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_DILITHIUM_3),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_DILITHIUM_4),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_FALCON_512),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_FALCON_1024),
};
*features = f;
return countof(f);

8
src/libstrongswan/plugins/oqs/oqs_private_key.c
View File

@ -114,7 +114,7 @@ METHOD(private_key_t, decrypt, bool,
METHOD(private_key_t, get_keysize, int,
private_oqs_private_key_t *this)
{
return this->public_key.len;
return BITS_PER_BYTE * this->public_key.len;
}
METHOD(private_key_t, get_public_key, public_key_t*,
@ -222,6 +222,12 @@ static private_oqs_private_key_t *oqs_private_key_create_empty(key_type_t type)
case KEY_DILITHIUM_4:
sig_alg = OQS_SIG_alg_dilithium_4;
break;
case KEY_FALCON_512:
sig_alg = OQS_SIG_alg_falcon_512;
break;
case KEY_FALCON_1024:
sig_alg = OQS_SIG_alg_falcon_1024;
break;
default:
return NULL;
}

10
src/libstrongswan/plugins/oqs/oqs_public_key.c
View File

@ -90,7 +90,7 @@ METHOD(public_key_t, encrypt_, bool,
METHOD(public_key_t, get_keysize, int,
private_oqs_public_key_t *this)
{
return this->public_key.len;
return BITS_PER_BYTE * this->public_key.len;
}
static chunk_t public_key_info_encode(chunk_t pubkey, int oid)
@ -276,6 +276,12 @@ end:
case KEY_DILITHIUM_4:
sig_alg = OQS_SIG_alg_dilithium_4;
break;
case KEY_FALCON_512:
sig_alg = OQS_SIG_alg_falcon_512;
break;
case KEY_FALCON_1024:
sig_alg = OQS_SIG_alg_falcon_1024;
break;
default:
destroy(this);
return NULL;
@ -302,6 +308,8 @@ bool oqs_supported(key_type_t type)
case KEY_DILITHIUM_2:
case KEY_DILITHIUM_3:
case KEY_DILITHIUM_4:
case KEY_FALCON_512:
case KEY_FALCON_1024:
return TRUE;
default:
return FALSE;

4877
src/libstrongswan/plugins/oqs/tests/suites/test_oqs_sig.c
View File

File diff suppressed because it is too large Load Diff

4
src/libstrongswan/plugins/pem/pem_plugin.c
View File

@ -73,6 +73,10 @@ METHOD(plugin_t, get_features, int,
PLUGIN_DEPENDS(PRIVKEY, KEY_DILITHIUM_3),
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_4),
PLUGIN_DEPENDS(PRIVKEY, KEY_DILITHIUM_4),
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_512),
PLUGIN_DEPENDS(PRIVKEY, KEY_FALCON_512),
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_1024),
PLUGIN_DEPENDS(PRIVKEY, KEY_FALCON_1024),
/* public key PEM decoding */
PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),

8
src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
View File

@ -100,6 +100,14 @@ static private_key_t *parse_private_key(chunk_t blob)
type = KEY_DILITHIUM_4;
part = BUILD_PRIV_ASN1_DER;
break;
case OID_FALCON_512:
type = KEY_FALCON_512;
part = BUILD_PRIV_ASN1_DER;
break;
case OID_FALCON_1024:
type = KEY_FALCON_1024;
part = BUILD_PRIV_ASN1_DER;
break;
default:
/* key type not supported */
goto end;

2
src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
View File

@ -51,6 +51,8 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_2),
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_3),
PLUGIN_PROVIDE(PRIVKEY, KEY_DILITHIUM_4),
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_512),
PLUGIN_PROVIDE(PRIVKEY, KEY_FALCON_1024),
};
*features = f;
return countof(f);

4
src/libstrongswan/tests/suites/test_hasher.c
View File

@ -64,6 +64,8 @@ static hasher_oid_t oids[] = {
{ OID_DILITHIUM_2, HASH_IDENTITY, KEY_DILITHIUM_2}, /* 33 */
{ OID_DILITHIUM_3, HASH_IDENTITY, KEY_DILITHIUM_3}, /* 34 */
{ OID_DILITHIUM_4, HASH_IDENTITY, KEY_DILITHIUM_4}, /* 35 */
{ OID_FALCON_512, HASH_IDENTITY, KEY_FALCON_512}, /* 36 */
{ OID_FALCON_1024, HASH_IDENTITY, KEY_FALCON_1024}, /* 37 */
};
START_TEST(test_hasher_from_oid)
@ -115,6 +117,8 @@ static struct {
{ SIGN_DILITHIUM_2, HASH_IDENTITY },
{ SIGN_DILITHIUM_3, HASH_IDENTITY },
{ SIGN_DILITHIUM_4, HASH_IDENTITY },
{ SIGN_FALCON_512, HASH_IDENTITY },
{ SIGN_FALCON_1024, HASH_IDENTITY },
{ 30, HASH_UNKNOWN },
};

10
src/pki/commands/gen.c
View File

@ -64,6 +64,14 @@ static int gen()
{
type = KEY_DILITHIUM_4;
}
else if (streq(arg, "falcon512"))
{
type = KEY_FALCON_512;
}
else if (streq(arg, "falcon1024"))
{
type = KEY_FALCON_1024;
}
else
{
return command_usage("invalid key type");
@ -178,7 +186,7 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
gen, 'g', "gen", "generate a new private key",
{"[--type rsa|ecdsa|ed25519|ed448|dilithium2|dilithium3|dilithium4]",
{"[--type rsa|ecdsa|ed25519|ed448|dilithium2|dilithium3|dilithium4|falcon512|falcon1024]",
"[--size bits] [--safe-primes] [--shares n] [--threshold l]",
"[--outform der|pem]"},
{

8
src/pki/man/pki---gen.1.in
View File

@ -2,7 +2,7 @@
.
.SH "NAME"
.
pki \-\-gen \- Generate a new RSA or ECDSA private key
pki \-\-gen \- Generate a new RSA, ECDSA, Edwards Curve, Dilithium or Falcon private key
.
.SH "SYNOPSIS"
.
@ -30,7 +30,7 @@ pki \-\-gen \- Generate a new RSA or ECDSA private key
.
This sub-command of
.BR pki (1)
is used to generate a new RSA or ECDSA private key.
is used to generate a new RSA, ECDSA, Edwards Curve, Dilithium or Falcon private key.
.
.SH "OPTIONS"
.
@ -46,8 +46,8 @@ Read command line options from \fIfile\fR.
.TP
.BI "\-t, \-\-type " type
Type of key to generate. Either \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR,
\fIed448\fR, \fIdilithium2\fR, \fIdilithium3\fR or \fIdilitium4\fR,
defaults to \fIrsa\fR.
\fIed448\fR, \fIdilithium2\fR, \fIdilithium3\fR, \fIdilitium4\fR,
\fIfalcon512\fR or \fIfalcon1024\fR, defaults to \fIrsa\fR.
.TP
.BI "\-s, \-\-size " bits
Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR.