diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
| commit | 25663e04c3ab01ef8dc9f906608282319cfea2db (patch) | |
| tree | a0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /src/libstrongswan/plugins/bliss | |
| parent | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff) | |
| download | vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip | |
New upstream version 5.5.1
Diffstat (limited to 'src/libstrongswan/plugins/bliss')
25 files changed, 237 insertions, 849 deletions
diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am index e2aaaf55c..b2d09427e 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.am +++ b/src/libstrongswan/plugins/bliss/Makefile.am @@ -1,5 +1,6 @@ AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ $(PLUGIN_CFLAGS) \ @@ -7,9 +8,12 @@ AM_CFLAGS = \ # these file are also used by bliss_huffman noinst_LTLIBRARIES = libbliss-params.la + libbliss_params_la_SOURCES = \ - bliss_param_set.h bliss_param_set.c \ - bliss_fft_params.h bliss_fft_params.c + bliss_param_set.h bliss_param_set.c + +libbliss_params_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la # these files are also used by the tests, we can't directly refer to them # because of the subdirectory, which would cause distclean to fail @@ -20,12 +24,14 @@ libbliss_la_SOURCES = \ bliss_signature.h bliss_signature.c \ bliss_utils.h bliss_utils.c \ bliss_bitpacker.h bliss_bitpacker.c \ - bliss_fft.h bliss_fft.c \ bliss_huffman_code.h bliss_huffman_code.c \ bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \ bliss_huffman_coder.h bliss_huffman_coder.c \ bliss_sampler.h bliss_sampler.c -libbliss_la_LIBADD = libbliss-params.la + +libbliss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la if MONOLITHIC noinst_LTLIBRARIES += libstrongswan-bliss.la @@ -43,7 +49,10 @@ libstrongswan_bliss_la_LIBADD = libbliss.la noinst_PROGRAMS = bliss_huffman bliss_huffman_SOURCES = bliss_huffman.c -bliss_huffman_LDADD = -lm libbliss-params.la + +bliss_huffman_LDADD = -lm \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la recreate-bliss-huffman : bliss_huffman bliss_huffman_code.h $(AM_V_GEN) \ diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index 389e20ed4..746709b23 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -139,17 +139,20 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -libbliss_params_la_LIBADD = -am_libbliss_params_la_OBJECTS = bliss_param_set.lo bliss_fft_params.lo +libbliss_params_la_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la +am_libbliss_params_la_OBJECTS = bliss_param_set.lo libbliss_params_la_OBJECTS = $(am_libbliss_params_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -libbliss_la_DEPENDENCIES = libbliss-params.la +libbliss_la_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la am_libbliss_la_OBJECTS = bliss_private_key.lo bliss_public_key.lo \ bliss_signature.lo bliss_utils.lo bliss_bitpacker.lo \ - bliss_fft.lo bliss_huffman_code.lo bliss_huffman_code_1.lo \ + bliss_huffman_code.lo bliss_huffman_code_1.lo \ bliss_huffman_code_3.lo bliss_huffman_code_4.lo \ bliss_huffman_coder.lo bliss_sampler.lo libbliss_la_OBJECTS = $(am_libbliss_la_OBJECTS) @@ -166,7 +169,9 @@ libstrongswan_bliss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ PROGRAMS = $(noinst_PROGRAMS) am_bliss_huffman_OBJECTS = bliss_huffman.$(OBJEXT) bliss_huffman_OBJECTS = $(am_bliss_huffman_OBJECTS) -bliss_huffman_DEPENDENCIES = libbliss-params.la +bliss_huffman_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -370,7 +375,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -404,8 +408,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -459,11 +461,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft AM_CFLAGS = \ $(PLUGIN_CFLAGS) \ @@ -476,8 +481,10 @@ AM_CFLAGS = \ # because of the subdirectory, which would cause distclean to fail noinst_LTLIBRARIES = libbliss-params.la libbliss.la $(am__append_1) libbliss_params_la_SOURCES = \ - bliss_param_set.h bliss_param_set.c \ - bliss_fft_params.h bliss_fft_params.c + bliss_param_set.h bliss_param_set.c + +libbliss_params_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la libbliss_la_SOURCES = \ bliss_private_key.h bliss_private_key.c \ @@ -485,13 +492,15 @@ libbliss_la_SOURCES = \ bliss_signature.h bliss_signature.c \ bliss_utils.h bliss_utils.c \ bliss_bitpacker.h bliss_bitpacker.c \ - bliss_fft.h bliss_fft.c \ bliss_huffman_code.h bliss_huffman_code.c \ bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \ bliss_huffman_coder.h bliss_huffman_coder.c \ bliss_sampler.h bliss_sampler.c -libbliss_la_LIBADD = libbliss-params.la +libbliss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la + @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-bliss.la libstrongswan_bliss_la_SOURCES = \ bliss_plugin.h bliss_plugin.c @@ -499,7 +508,10 @@ libstrongswan_bliss_la_SOURCES = \ libstrongswan_bliss_la_LDFLAGS = -module -avoid-version libstrongswan_bliss_la_LIBADD = libbliss.la bliss_huffman_SOURCES = bliss_huffman.c -bliss_huffman_LDADD = -lm libbliss-params.la +bliss_huffman_LDADD = -lm \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ + libbliss-params.la + all: all-am .SUFFIXES: @@ -609,8 +621,6 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_bitpacker.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_fft.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_fft_params.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman_code.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_huffman_code_1.Plo@am__quote@ diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.c b/src/libstrongswan/plugins/bliss/bliss_fft.c deleted file mode 100644 index 033c2144e..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "bliss_fft.h" - -typedef struct private_bliss_fft_t private_bliss_fft_t; - -/** - * Private data structure for bliss_fft_t object - */ -struct private_bliss_fft_t { - /** - * Public interface. - */ - bliss_fft_t public; - - /** - * FFT parameter set used as constants - */ - bliss_fft_params_t *p; - -}; - -METHOD(bliss_fft_t, get_size, uint16_t, - private_bliss_fft_t *this) -{ - return this->p->n; -} - -METHOD(bliss_fft_t, get_modulus, uint16_t, - private_bliss_fft_t *this) -{ - return this->p->q; -} - -/** - * Do an FFT butterfly operation - * - * x[i1] ---|+|------- x[i1] - * \/ - * /\ w[iw] - * x[i2] ---|-|--|*|-- x[i2] - * - */ -static void butterfly(private_bliss_fft_t *this, uint32_t *x, int i1,int i2, - int iw) -{ - uint32_t xp, xm; - - xp = x[i1] + x[i2]; - xm = x[i1] + (this->p->q - x[i2]); - if (xp >= this->p->q) - { - xp -= this->p->q; - } - x[i1] = xp; - x[i2] = (xm * this->p->w[iw]) % this->p->q; -} - -/** - * Trivial butterfly operation of last FFT stage - */ -static void butterfly_last(private_bliss_fft_t *this, uint32_t *x, int i1) -{ - uint32_t xp, xm; - int i2 = i1 + 1; - - xp = x[i1] + x[i2]; - xm = x[i1] + (this->p->q - x[i2]); - if (xp >= this->p->q) - { - xp -= this->p->q; - } - if (xm >= this->p->q) - { - xm -= this->p->q; - } - x[i1] = xp; - x[i2] = xm; -} - -METHOD(bliss_fft_t, transform, void, - private_bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse) -{ - int stage, i, j, k, m, n, t, iw, i_rev; - uint16_t q; - uint32_t tmp; - - /* we are going to use the transform size n and the modulus q a lot */ - n = this->p->n; - q = this->p->q; - - if (!inverse) - { - /* apply linear phase needed for negative wrapped convolution */ - for (i = 0; i < n; i++) - { - b[i] = (a[i] * this->p->w[i]) % q; - } - } - else if (a != b) - { - /* copy if input and output array are not the same */ - for (i = 0; i < n; i++) - { - b[i] = a[i]; - } - } - - m = n; - k = 1; - - for (stage = this->p->stages; stage > 0; stage--) - { - m >>= 1; - t = 0; - - for (j = 0; j < k; j++) - { - if (stage == 1) - { - butterfly_last(this, b, t); - } - else - { - for (i = 0; i < m; i++) - { - iw = 2 * (inverse ? (n - i * k) : (i * k)); - butterfly(this, b, t + i, t + i + m, iw); - } - } - t += 2*m; - } - k <<= 1; - } - - /* Sort output in bit-reverse order */ - for (i = 0; i < n; i++) - { - i_rev = this->p->rev[i]; - - if (i_rev > i) - { - tmp = b[i]; - b[i] = b[i_rev]; - b[i_rev] = tmp; - } - } - - /** - * Compensate the linear phase needed for negative wrapped convolution - * and normalize the output array with 1/n mod q after the inverse FFT. - */ - if (inverse) - { - for (i = 0; i < n; i++) - { - b[i] = (((b[i] * this->p->w[2*n - i]) % q) * this->p->n_inv) % q; - } - } -} - -METHOD(bliss_fft_t, destroy, void, - private_bliss_fft_t *this) -{ - free(this); -} - -/** - * See header. - */ -bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params) -{ - private_bliss_fft_t *this; - - INIT(this, - .public = { - .get_size = _get_size, - .get_modulus = _get_modulus, - .transform = _transform, - .destroy = _destroy, - }, - .p = params, - ); - - return &this->public; -} diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.h b/src/libstrongswan/plugins/bliss/bliss_fft.h deleted file mode 100644 index a79edd2be..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup bliss_fft bliss_fft - * @{ @ingroup bliss_p - */ - -#ifndef BLISS_FFT_H_ -#define BLISS_FFT_H_ - -#include "bliss_fft_params.h" - -#include <library.h> - -typedef struct bliss_fft_t bliss_fft_t; - -/** - * Implements a Number Theoretic Transform (NTT) via the FFT algorithm - */ -struct bliss_fft_t { - - /** - * Get the size of the Number Theoretic Transform - * - * @result Transform size - */ - uint16_t (*get_size)(bliss_fft_t *this); - - /** - * Get the prime modulus of the Number Theoretic Transform - * - * @result Prime modulus - */ - uint16_t (*get_modulus)(bliss_fft_t *this); - - /** - * Compute the [inverse] NTT of a polynomial - * - * @param a Coefficient of input polynomial - * @param b Coefficient of output polynomial - * @param inverse TRUE if the inverse NTT has to be computed - */ - void (*transform)(bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse); - - /** - * Destroy bliss_fft_t object - */ - void (*destroy)(bliss_fft_t *this); -}; - -/** - * Create a bliss_fft_t object for a given FFT parameter set - * - * @param params FFT parameters - */ -bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params); - -#endif /** BLISS_FFT_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.c b/src/libstrongswan/plugins/bliss/bliss_fft_params.c deleted file mode 100644 index c892c06e6..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft_params.c +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "bliss_fft_params.h" - -/** - * FFT parameters for q = 12289 and 2n = 1024 - */ -static uint16_t w_12289_1024[] = { - 1, 49, 2401, 7048, 1260, 295, 2166, 7822, 2319, 3030, - 1002, 12231, 9447, 8210, 9042, 654, 7468, 9551, 1017, 677, - 8595, 3329, 3364, 5079, 3091, 3991, 11224, 9260, 11336, 2459, - 9890, 5339, 3542, 1512, 354, 5057, 2013, 325, 3636, 6118, - 4846, 3963, 9852, 3477, 10616, 4046, 1630, 6136, 5728, 10314, - 1537, 1579, 3637, 6167, 7247, 11011, 11112, 3772, 493, 11868, - 3949, 9166, 6730, 10256, 10984, 9789, 390, 6821, 2426, 8273, - 12129, 4449, 9088, 2908, 7313, 1956, 9821, 1958, 9919, 6760, - 11726, 9280, 27, 1323, 3382, 5961, 9442, 7965, 9326, 2281, - 1168, 8076, 2476, 10723, 9289, 468, 10643, 5369, 5012, 12097, - - 2881, 5990, 10863, 3860, 4805, 1954, 9723, 9445, 8112, 4240, - 11136, 4948, 8961, 8974, 9611, 3957, 9558, 1360, 5195, 8775, - 12149, 5429, 7952, 8689, 7935, 7856, 3985, 10930, 7143, 5915, - 7188, 8120, 4632, 5766, 12176, 6752, 11334, 2361, 5088, 3532, - 1022, 922, 8311, 1702, 9664, 6554, 1632, 6234, 10530, 12121, - 4057, 2169, 7969, 9522, 11885, 4782, 827, 3656, 7098, 3710, - 9744, 10474, 9377, 4780, 729, 11143, 5291, 1190, 9154, 6142, - 6022, 142, 6958, 9139, 5407, 6874, 5023, 347, 4714, 9784, - 145, 7105, 4053, 1973, 10654, 5908, 6845, 3602, 4452, 9235, - 10111, 3879, 5736, 10706, 8456, 8807, 1428, 8527, 12286, 12142, - - 5086, 3434, 8509, 11404, 5791, 1112, 5332, 3199, 9283, 174, - 8526, 12237, 9741, 10327, 2174, 8214, 9238, 10258, 11082, 2302, - 2197, 9341, 3016, 316, 3195, 9087, 2859, 4912, 7197, 8561, - 1663, 7753, 11227, 9407, 6250, 11314, 1381, 6224, 10040, 400, - 7311, 1858, 5019, 151, 7399, 6170, 7394, 5925, 7678, 7552, - 1378, 6077, 2837, 3834, 3531, 973, 10810, 1263, 442, 9369, - 4388, 6099, 3915, 7500, 11119, 4115, 5011, 12048, 480, 11231, - 9603, 3565, 2639, 6421, 7404, 6415, 7110, 4298, 1689, 9027, - 12208, 8320, 2143, 6695, 8541, 683, 8889, 5446, 8785, 350, - 4861, 4698, 9000, 10885, 4938, 8471, 9542, 576, 3646, 6608, - - 4278, 709, 10163, 6427, 7698, 8532, 242, 11858, 3459, 9734, - 9984, 9945, 8034, 418, 8193, 8209, 8993, 10542, 420, 8291, - 722, 10800, 773, 1010, 334, 4077, 3149, 6833, 3014, 218, - 10682, 7280, 339, 4322, 2865, 5206, 9314, 1693, 9223, 9523, - 11934, 7183, 7875, 4916, 7393, 5876, 5277, 504, 118, 5782, - 671, 8301, 1212, 10232, 9808, 1321, 3284, 1159, 7635, 5445, - 8736, 10238, 10102, 3438, 8705, 8719, 9405, 6152, 6512, 11863, - 3704, 9450, 8357, 3956, 9509, 11248, 10436, 7515, 11854, 3263, - 130, 6370, 4905, 6854, 4043, 1483, 11222, 9162, 6534, 652, - 7370, 4749, 11499, 10446, 8005, 11286, 9, 441, 9320, 1987, - - 11340, 2655, 7205, 8953, 8582, 2692, 9018, 11767, 11289, 156, - 7644, 5886, 5767, 12225, 9153, 6093, 3621, 5383, 5698, 8844, - 3241, 11341, 2704, 9606, 3712, 9842, 2987, 11184, 7300, 1319, - 3186, 8646, 5828, 2925, 8146, 5906, 6747, 11089, 2645, 6715, - 9521, 11836, 2381, 6068, 2396, 6803, 1544, 1922, 8155, 6347, - 3778, 787, 1696, 9370, 4437, 8500, 10963, 8760, 11414, 6281, - 544, 2078, 3510, 12233, 9545, 723, 10849, 3174, 8058, 1594, - 4372, 5315, 2366, 5333, 3248, 11684, 7222, 9786, 243, 11907, - 5860, 4493, 11244, 10240, 10200, 8240, 10512, 11239, 9995, 10484, - 9867, 4212, 9764, 11454, 8241, 10561, 1351, 4754, 11744, 10162, - - 6378, 5297, 1484, 11271, 11563, 1293, 1912, 7665, 6915, 7032, - 476, 11035, 12288, 12240, 9888, 5241, 11029, 11994, 10123, 4467, - 9970, 9259, 11287, 58, 2842, 4079, 3247, 11635, 4821, 2738, - 11272, 11612, 3694, 8960, 8925, 7210, 9198, 8298, 1065, 3029, - 953, 9830, 2399, 6950, 8747, 10777, 11935, 7232, 10276, 11964, - 8653, 6171, 7443, 8326, 2437, 8812, 1673, 8243, 10659, 6153, - 6561, 1975, 10752, 10710, 8652, 6122, 5042, 1278, 1177, 8517, - 11796, 421, 8340, 3123, 5559, 2033, 1305, 2500, 11899, 5468, - 9863, 4016, 160, 7840, 3201, 9381, 4976, 10333, 2468, 10331, - 2370, 5529, 563, 3009, 12262, 10966, 8907, 6328, 2847, 4324, - - 2963, 10008, 11121, 4213, 9813, 1566, 3000, 11821, 1646, 6920, - 7277, 192, 9408, 6299, 1426, 8429, 7484, 10335, 2566, 2844, - 4177, 8049, 1153, 7341, 3328, 3315, 2678, 8332, 2731, 10929, - 7094, 3514, 140, 6860, 4337, 3600, 4354, 4433, 8304, 1359, - 5146, 6374, 5101, 4169, 7657, 6523, 113, 5537, 955, 9928, - 7201, 8757, 11267, 11367, 3978, 10587, 2625, 5735, 10657, 6055, - 1759, 168, 8232, 10120, 4320, 2767, 404, 7507, 11462, 8633, - 5191, 8579, 2545, 1815, 2912, 7509, 11560, 1146, 6998, 11099, - 3135, 6147, 6267, 12147, 5331, 3150, 6882, 5415, 7266, 11942, - 7575, 2505, 12144, 5184, 8236, 10316, 1635, 6381, 5444, 8687, - - 7837, 3054, 2178, 8410, 6553, 1583, 3833, 3482, 10861, 3762, - 3, 147, 7203, 8855, 3780, 885, 6498, 11177, 6957, 9090, - 3006, 12115, 3763, 52, 2548, 1962, 10115, 4075, 3051, 2031, - 1207, 9987, 10092, 2948, 9273, 11973, 9094, 3202, 9430, 7377, - 5092, 3728, 10626, 4536, 1062, 2882, 6039, 975, 10908, 6065, - 2249, 11889, 4978, 10431, 7270, 12138, 4890, 6119, 4895, 6364, - 4611, 4737, 10911, 6212, 9452, 8455, 8758, 11316, 1479, 11026, - 11847, 2920, 7901, 6190, 8374, 4789, 1170, 8174, 7278, 241, - 11809, 1058, 2686, 8724, 9650, 5868, 4885, 5874, 5179, 7991, - 10600, 3262, 81, 3969, 10146, 5594, 3748, 11606, 3400, 6843, - - 3504, 11939, 7428, 7591, 3289, 1404, 7351, 3818, 2747, 11713, - 8643, 5681, 8011, 11580, 2126, 5862, 4591, 3757, 12047, 431, - 8830, 2555, 2305, 2344, 4255, 11871, 4096, 4080, 3296, 1747, - 11869, 3998, 11567, 1489, 11516, 11279, 11955, 8212, 9140, 5456, - 9275, 12071, 1607, 5009, 11950, 7967, 9424, 7083, 2975, 10596, - 3066, 2766, 355, 5106, 4414, 7373, 4896, 6413, 7012, 11785, - 12171, 6507, 11618, 3988, 11077, 2057, 2481, 10968, 9005, 11130, - 4654, 6844, 3553, 2051, 2187, 8851, 3584, 3570, 2884, 6137, - 5777, 426, 8585, 2839, 3932, 8333, 2780, 1041, 1853, 4774, - 435, 9026, 12159, 5919, 7384, 5435, 8246, 10806, 1067, 3127, - - 5755, 11637, 4919, 7540, 790, 1843, 4284, 1003, 12280, 11848, - 2969, 10302, 949, 9634, 5084, 3336, 3707, 9597, 3271, 522, - 1000, 12133, 4645, 6403, 6522, 64, 3136, 6196, 8668, 6906, - 6591, 3445, 9048, 948, 9585, 2683, 8577, 2447, 9302, 1105, - 4989, 10970, 9103, 3643, 6461, 9364, 4143, 6383, 5542, 1200, - 9644, 5574, 2768, 453, 9908, 6221, 9893, 5486, 10745, 10367, - 4134, 5942, 8511, 11502, 10593, 2919, 7852, 3789, 1326, 3529, - 875, 6008, 11745, 10211, 8779, 56, 2744, 11566, 1440, 9115, - 4231, 10695, 7917, 6974, 9923, 6956, 9041, 605, 5067, 2503, - 12046, 382, 6429, 7796, 1045, 2049, 2089, 4049, 1777, 1050, - - 2294, 1805, 2422, 8077, 2525, 835, 4048, 1728, 10938, 7535, - 545, 2127, 5911, 6992, 10805, 1018, 726, 10996, 10377, 4624, - 5374, 5257, 11813, 1254, 1 -}; - -/** - * Bit-reversed indices for n = 512 - */ -static uint16_t rev_512[] = { - 0, 256, 128, 384, 64, 320, 192, 448, 32, 288, - 160, 416, 96, 352, 224, 480, 16, 272, 144, 400, - 80, 336, 208, 464, 48, 304, 176, 432, 112, 368, - 240, 496, 8, 264, 136, 392, 72, 328, 200, 456, - 40, 296, 168, 424, 104, 360, 232, 488, 24, 280, - 152, 408, 88, 344, 216, 472, 56, 312, 184, 440, - 120, 376, 248, 504, 4, 260, 132, 388, 68, 324, - 196, 452, 36, 292, 164, 420, 100, 356, 228, 484, - 20, 276, 148, 404, 84, 340, 212, 468, 52, 308, - 180, 436, 116, 372, 244, 500, 12, 268, 140, 396, - - 76, 332, 204, 460, 44, 300, 172, 428, 108, 364, - 236, 492, 28, 284, 156, 412, 92, 348, 220, 476, - 60, 316, 188, 444, 124, 380, 252, 508, 2, 258, - 130, 386, 66, 322, 194, 450, 34, 290, 162, 418, - 98, 354, 226, 482, 18, 274, 146, 402, 82, 338, - 210, 466, 50, 306, 178, 434, 114, 370, 242, 498, - 10, 266, 138, 394, 74, 330, 202, 458, 42, 298, - 170, 426, 106, 362, 234, 490, 26, 282, 154, 410, - 90, 346, 218, 474, 58, 314, 186, 442, 122, 378, - 250, 506, 6, 262, 134, 390, 70, 326, 198, 454, - - 38, 294, 166, 422, 102, 358, 230, 486, 22, 278, - 150, 406, 86, 342, 214, 470, 54, 310, 182, 438, - 118, 374, 246, 502, 14, 270, 142, 398, 78, 334, - 206, 462, 46, 302, 174, 430, 110, 366, 238, 494, - 30, 286, 158, 414, 94, 350, 222, 478, 62, 318, - 190, 446, 126, 382, 254, 510, 1, 257, 129, 385, - 65, 321, 193, 449, 33, 289, 161, 417, 97, 353, - 225, 481, 17, 273, 145, 401, 81, 337, 209, 465, - 49, 305, 177, 433, 113, 369, 241, 497, 9, 265, - 137, 393, 73, 329, 201, 457, 41, 297, 169, 425, - - 105, 361, 233, 489, 25, 281, 153, 409, 89, 345, - 217, 473, 57, 313, 185, 441, 121, 377, 249, 505, - 5, 261, 133, 389, 69, 325, 197, 453, 37, 293, - 165, 421, 101, 357, 229, 485, 21, 277, 149, 405, - 85, 341, 213, 469, 53, 309, 181, 437, 117, 373, - 245, 501, 13, 269, 141, 397, 77, 333, 205, 461, - 45, 301, 173, 429, 109, 365, 237, 493, 29, 285, - 157, 413, 93, 349, 221, 477, 61, 317, 189, 445, - 125, 381, 253, 509, 3, 259, 131, 387, 67, 323, - 195, 451, 35, 291, 163, 419, 99, 355, 227, 483, - - 19, 275, 147, 403, 83, 339, 211, 467, 51, 307, - 179, 435, 115, 371, 243, 499, 11, 267, 139, 395, - 75, 331, 203, 459, 43, 299, 171, 427, 107, 363, - 235, 491, 27, 283, 155, 411, 91, 347, 219, 475, - 59, 315, 187, 443, 123, 379, 251, 507, 7, 263, - 135, 391, 71, 327, 199, 455, 39, 295, 167, 423, - 103, 359, 231, 487, 23, 279, 151, 407, 87, 343, - 215, 471, 55, 311, 183, 439, 119, 375, 247, 503, - 15, 271, 143, 399, 79, 335, 207, 463, 47, 303, - 175, 431, 111, 367, 239, 495, 31, 287, 159, 415, - - 95, 351, 223, 479, 63, 319, 191, 447, 127, 383, - 255, 511 -}; - -bliss_fft_params_t bliss_fft_12289_512 = { - 12289, 512, 12265, 9, w_12289_1024, rev_512 -}; - -/** - * FFT parameters for q = 17 and n = 16 - */ -static uint16_t w_17_16[] = { - 1, 3, 9, 10, 13, 5, 15, 11, 16, 14, 8, 7, 4, 12, 2, 6, 1 }; - -/** - * Bit-reversed indices for n = 8 - */ -static uint16_t rev_8[] = { 0, 4, 2, 6, 1, 5, 3, 7 }; - -bliss_fft_params_t bliss_fft_17_8 = { 17, 8, 15, 3, w_17_16, rev_8 }; diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.h b/src/libstrongswan/plugins/bliss/bliss_fft_params.h deleted file mode 100644 index 31b151b67..000000000 --- a/src/libstrongswan/plugins/bliss/bliss_fft_params.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup bliss_fft_params bliss_fft_params - * @{ @ingroup bliss_p - */ - -#ifndef BLISS_FFT_PARAMS_H_ -#define BLISS_FFT_PARAMS_H_ - -#include <library.h> - -typedef struct bliss_fft_params_t bliss_fft_params_t; - -/** - * Defines the parameters for an NTT computed via the FFT algorithm - */ -struct bliss_fft_params_t { - - /** - * Prime modulus - */ - uint16_t q; - - /** - * Size of the FFT with the condition k * n = q-1 - */ - uint16_t n; - - /** - * Inverse of n mod q used for normalization of the FFT - */ - uint16_t n_inv; - - /** - * Number of FFT stages stages = log2(n) - */ - uint16_t stages; - - /** - * FFT twiddle factors (n-th roots of unity) - */ - uint16_t *w; - - /** - * FFT bit reversal - */ - uint16_t *rev; - -}; - -/** - * FFT parameters for q = 12289 and n = 512 - */ -extern bliss_fft_params_t bliss_fft_12289_512; - -/** - * FFT parameters for q = 17 and n = 8 - */ -extern bliss_fft_params_t bliss_fft_17_8; - -#endif /** BLISS_FFT_PARAMS_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_huffman.c b/src/libstrongswan/plugins/bliss/bliss_huffman.c index 647234fd8..71e75d6bf 100644 --- a/src/libstrongswan/plugins/bliss/bliss_huffman.c +++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c @@ -209,7 +209,7 @@ static void remove_node(node_t *list, node_t **last, node_t *node) */ int main(int argc, char *argv[]) { - bliss_param_set_t *set; + const bliss_param_set_t *set; int dx, bliss_type, depth = 1, groups, groups_left, pairs = 1; int i_max = 9, k_max = 8, index_max = (2*k_max - 1) * i_max; int i, i_top, k, k_top; diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.c b/src/libstrongswan/plugins/bliss/bliss_param_set.c index 3781a588f..b6649d771 100644 --- a/src/libstrongswan/plugins/bliss/bliss_param_set.c +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.c @@ -33,7 +33,7 @@ ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV, * * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 93'076.9 */ -static uint8_t c_bliss_i[] = { +static const uint8_t c_bliss_i[] = { 255, 255, 75, 191, 247, 94, 30, 51, 147, 246, 89, 59, 99, 248, 26, 128, 255, 254, 151, 128, 109, 166, 88, 143, 30, 175, 149, 20, 240, 81, 138, 111, 255, 253, 47, 2, 214, 243, 188, 76, 236, 235, 40, 62, 54, 35, 33, 205, @@ -62,7 +62,7 @@ static uint8_t c_bliss_i[] = { * * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 125'550.5 */ -static uint8_t c_bliss_iii[] = { +static const uint8_t c_bliss_iii[] = { 255, 255, 122, 95, 16, 128, 14, 195, 60, 90, 166, 191, 205, 26, 144, 204, 255, 254, 244, 190, 102, 192, 187, 141, 169, 92, 33, 30, 170, 141, 184, 56, 255, 253, 233, 125, 228, 131, 93, 148, 121, 92, 52, 122, 149, 96, 29, 66, @@ -91,7 +91,7 @@ static uint8_t c_bliss_iii[] = { * * c[i] = exp(-2^i/f), i = 0..21, with f = k_sigma^2 / ln 2 = 147'732.0 */ -static uint8_t c_bliss_iv[] = { +static const uint8_t c_bliss_iv[] = { 255, 255, 142, 111, 102, 2, 141, 87, 150, 42, 18, 70, 6, 224, 18, 70, 255, 255, 28, 222, 254, 102, 20, 78, 133, 78, 189, 107, 29, 7, 23, 193, 255, 254, 57, 190, 198, 79, 181, 181, 108, 75, 142, 145, 45, 238, 193, 29, @@ -119,7 +119,7 @@ static uint8_t c_bliss_iv[] = { /** * BLISS signature parameter set definitions */ -static bliss_param_set_t bliss_param_sets[] = { +static const bliss_param_set_t bliss_param_sets[] = { /* BLISS-I scheme */ { @@ -131,7 +131,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 154, .non_zero2 = 0, .kappa = 23, @@ -161,7 +161,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 216, .non_zero2 = 16, .kappa = 30, @@ -191,7 +191,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 231, .non_zero2 = 31, .kappa = 39, @@ -221,7 +221,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 154, .non_zero2 = 0, .kappa = 23, @@ -251,7 +251,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 216, .non_zero2 = 16, .kappa = 30, @@ -281,7 +281,7 @@ static bliss_param_set_t bliss_param_sets[] = { .q2_inv = 6145, .n = 512, .n_bits = 9, - .fft_params = &bliss_fft_12289_512, + .fft_params = &ntt_fft_12289_512, .non_zero1 = 231, .non_zero2 = 31, .kappa = 39, @@ -306,7 +306,7 @@ static bliss_param_set_t bliss_param_sets[] = { /** * See header. */ -bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id) +const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id) { int i; @@ -324,7 +324,7 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id) /** * See header. */ -bliss_param_set_t* bliss_param_set_get_by_oid(int oid) +const bliss_param_set_t* bliss_param_set_get_by_oid(int oid) { int i; diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.h b/src/libstrongswan/plugins/bliss/bliss_param_set.h index 33a8009ff..8c043b925 100644 --- a/src/libstrongswan/plugins/bliss/bliss_param_set.h +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.h @@ -24,7 +24,7 @@ typedef enum bliss_param_set_id_t bliss_param_set_id_t; typedef struct bliss_param_set_t bliss_param_set_t; -#include "bliss_fft_params.h" +#include "ntt_fft_params.h" #include "bliss_huffman_code.h" #include <library.h> @@ -53,132 +53,132 @@ struct bliss_param_set_t { /** * BLISS parameter set ID */ - bliss_param_set_id_t id; + const bliss_param_set_id_t id; /** * BLISS parameter set OID */ - int oid; + const int oid; /** * Security strength in bits */ - uint16_t strength; + const uint16_t strength; /** * Prime modulus */ - uint16_t q; + const uint16_t q; /** * Number of bits in q */ - uint16_t q_bits; + const uint16_t q_bits; /** * Inverse of (q + 2) mod 2q */ - uint16_t q2_inv; + const uint16_t q2_inv; /** * Ring dimension equal to the number of polynomial coefficients */ - uint16_t n; + const uint16_t n; /** * Number of bits in n */ - uint16_t n_bits; + const uint16_t n_bits; /** * FFT parameters */ - bliss_fft_params_t *fft_params; + const ntt_fft_params_t *fft_params; /** * Number of [-1, +1] secret key coefficients */ - uint16_t non_zero1; + const uint16_t non_zero1; /** * Number of [-2, +2] secret key coefficients */ - uint16_t non_zero2; + const uint16_t non_zero2; /** * Number of secret key terms that go into Nk(S) norm */ - uint16_t kappa; + const uint16_t kappa; /** * Maximum Nk(S) tolerable NK(S) norm (BLISS only) */ - uint32_t nks_max; + const uint32_t nks_max; /** * Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only) */ - uint32_t p_max; + const uint32_t p_max; /** * Standard deviation sigma */ - uint16_t sigma; + const uint16_t sigma; /** * k_sigma = ceiling[ sqrt(2*ln 2) * sigma ] */ - uint16_t k_sigma; + const uint16_t k_sigma; /** * Number of bits in k_sigma */ - uint16_t k_sigma_bits; + const uint16_t k_sigma_bits; /** * Coefficients for Bernoulli sampling with exponential biases */ - uint8_t *c; + const uint8_t *c; /** * Number of columns in Bernoulli coefficient table */ - size_t c_cols; + const size_t c_cols; /** * Number of rows in Bernoulli coefficient table */ - size_t c_rows; + const size_t c_rows; /** * Number of bits in z1 */ - uint16_t z1_bits; + const uint16_t z1_bits; /** * Number of z2 bits to be dropped after rounding */ - uint16_t d; + const uint16_t d; /** * Modulus p = floor(2q / 2^d) applied after bit dropping */ - uint16_t p; + const uint16_t p; /** * M = sigma^2 / alpha_rejection^2 */ - uint32_t M; + const uint32_t M; /** * B_infinity bound */ - uint16_t B_inf; + const uint16_t B_inf; /** * B_verify bound */ - uint32_t B_l2; + const uint32_t B_l2; }; @@ -188,7 +188,7 @@ struct bliss_param_set_t { * @param id BLISS parameter set ID * @return BLISS parameter set */ -bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id); +const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id); /** * Get BLISS signature parameter set by BLISS parameter set OID @@ -196,6 +196,6 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id); * @param oid BLISS parameter set OID * @return BLISS parameter set */ -bliss_param_set_t* bliss_param_set_get_by_oid(int oid); +const bliss_param_set_t* bliss_param_set_get_by_oid(int oid); #endif /** BLISS_PARAM_SET_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c index 4adcf1e76..cdf3e96ea 100644 --- a/src/libstrongswan/plugins/bliss/bliss_plugin.c +++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -50,6 +50,8 @@ METHOD(plugin_t, get_features, int, PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE), PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS), PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256), PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_BLISS), PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE), @@ -57,29 +59,41 @@ METHOD(plugin_t, get_features, int, /* signature schemes, private */ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256), PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384), PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512), PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), /* signature verification schemes */ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256), PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384), PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512), PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512), }; *features = f; diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index 20bbc6ac5..25253ed37 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -20,9 +20,10 @@ #include "bliss_sampler.h" #include "bliss_signature.h" #include "bliss_bitpacker.h" -#include "bliss_fft.h" +#include "ntt_fft.h" +#include "ntt_fft_reduce.h" -#include <crypto/mgf1/mgf1_bitspender.h> +#include <crypto/xofs/xof_bitspender.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> #include <asn1/oid.h> @@ -46,7 +47,7 @@ struct private_bliss_private_key_t { /** * BLISS signature parameter set */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * BLISS secret key S1 (coefficients of polynomial f) @@ -64,6 +65,11 @@ struct private_bliss_private_key_t { uint32_t *A; /** + * NTT of BLISS public key in Montgomery representation Ar = rA mod + */ + uint32_t *Ar; + + /** * reference count */ refcount_t ref; @@ -163,12 +169,12 @@ static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices, static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, chunk_t data, chunk_t *signature) { - bliss_fft_t *fft; + ntt_fft_t *fft; bliss_signature_t *sig; bliss_sampler_t *sampler = NULL; rng_t *rng; hasher_t *hasher; - hash_algorithm_t mgf1_alg, oracle_alg; + ext_out_function_t mgf1_alg, oracle_alg; size_t mgf1_seed_len; uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512]; chunk_t mgf1_seed, data_hash; @@ -203,12 +209,12 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, /* Set MGF1 hash algorithm and seed length based on security strength */ if (this->set->strength > 160) { - mgf1_alg = HASH_SHA256; + mgf1_alg = XOF_MGF1_SHA256; mgf1_seed_len = HASH_SIZE_SHA256; } else { - mgf1_alg = HASH_SHA1; + mgf1_alg = XOF_MGF1_SHA1; mgf1_seed_len = HASH_SIZE_SHA1; } mgf1_seed = chunk_create(mgf1_seed_buf, mgf1_seed_len); @@ -220,7 +226,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, } /* MGF1 hash algorithm to be used for random oracle */ - oracle_alg = HASH_SHA512; + oracle_alg = XOF_MGF1_SHA512; /* Initialize a couple of needed variables */ n = this->set->n; @@ -241,7 +247,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, y2 = z2; ud = z2d; - fft = bliss_fft_create(this->set->fft_params); + fft = ntt_fft_create(this->set->fft_params); /* Use of the enhanced BLISS-B signature algorithm? */ switch (this->set->id) @@ -337,7 +343,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg, for (i = 0; i < n; i++) { - ay[i] = (this->A[i] * ay[i]) % q; + ay[i] = ntt_fft_mreduce(this->Ar[i] * ay[i], this->set->fft_params); } fft->transform(fft, ay, ay, TRUE); @@ -668,6 +674,7 @@ METHOD(private_key_t, destroy, void, free(this->s2); } free(this->A); + free(this->Ar); free(this); } } @@ -795,13 +802,13 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa) /** * Compute the inverse x1 of x modulo q as x^(-1) = x^(q-2) mod q */ -static uint32_t invert(uint32_t x, uint16_t q) +static uint32_t invert(private_bliss_private_key_t *this, uint32_t x) { uint32_t x1, x2; uint16_t q2; int i, i_max; - q2 = q - 2; + q2 = this->set->q - 2; x1 = (q2 & 1) ? x : 1; x2 = x; i_max = 15; @@ -812,11 +819,11 @@ static uint32_t invert(uint32_t x, uint16_t q) } for (i = 1; i <= i_max; i++) { - x2 = (x2 * x2) % q; + x2 = ntt_fft_mreduce(x2 * x2, this->set->fft_params); if (q2 & (1 << i)) { - x1 = (x1 * x2) % q; + x1 = ntt_fft_mreduce(x1 * x2, this->set->fft_params); } } @@ -827,14 +834,14 @@ static uint32_t invert(uint32_t x, uint16_t q) * Create a vector with sparse and small coefficients from seed */ static int8_t* create_vector_from_seed(private_bliss_private_key_t *this, - hash_algorithm_t alg, chunk_t seed) + ext_out_function_t alg, chunk_t seed) { - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; uint32_t index, sign; int8_t *vector; int non_zero; - bitspender = mgf1_bitspender_create(alg, seed, FALSE); + bitspender = xof_bitspender_create(alg, seed, FALSE); if (!bitspender) { return NULL; @@ -903,7 +910,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng, int i, n; chunk_t seed; size_t seed_len; - hash_algorithm_t alg; + ext_out_function_t alg; n = this->set->n; *s1 = NULL; @@ -912,12 +919,12 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng, /* Set MGF1 hash algorithm and seed length based on security strength */ if (this->set->strength > 160) { - alg = HASH_SHA256; + alg = XOF_MGF1_SHA256; seed_len = HASH_SIZE_SHA256; } else { - alg = HASH_SHA1; + alg = XOF_MGF1_SHA1; seed_len = HASH_SIZE_SHA1; } seed = chunk_create(seed_buf, seed_len); @@ -1000,8 +1007,8 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) uint32_t *S1, *S2, *a; uint16_t q; bool success = FALSE; - bliss_param_set_t *set; - bliss_fft_t *fft; + const bliss_param_set_t *set; + ntt_fft_t *fft; rng_t *rng; while (TRUE) @@ -1062,13 +1069,14 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) this->set = set; /* We derive the public key from the private key using the FFT */ - fft = bliss_fft_create(set->fft_params); + fft = ntt_fft_create(set->fft_params); /* Some vectors needed to derive the publi key */ S1 = malloc(n * sizeof(uint32_t)); S2 = malloc(n * sizeof(uint32_t)); a = malloc(n * sizeof(uint32_t)); - this->A = malloc(n * sizeof(uint32_t)); + this->A = malloc(n * sizeof(uint32_t)); + this->Ar = malloc(n * sizeof(uint32_t)); /* Instantiate a true random generator */ rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); @@ -1091,6 +1099,7 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) fft->transform(fft, S2, S2, FALSE); success = TRUE; + for (i = 0; i < n; i++) { if (S1[i] == 0) @@ -1103,8 +1112,9 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) success = FALSE; break; } - this->A[i] = invert(S1[i], q); - this->A[i] = (S2[i] * this->A[i]) % q; + this->Ar[i] = invert(this, S1[i]); + this->Ar[i] = ntt_fft_mreduce(S2[i] * this->Ar[i], set->fft_params); + this->A[i] = ntt_fft_mreduce(this->Ar[i], set->fft_params); } } while (!success && trials < SECRET_KEY_TRIALS_MAX); @@ -1114,13 +1124,15 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) if (success) { - fft->transform(fft, this->A, a, TRUE); + fft->transform(fft, this->Ar, a, TRUE); DBG4(DBG_LIB, " i f g a F G A"); for (i = 0; i < n; i++) { DBG4(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u", - i, this->s1[i], this->s2[i], a[i], S1[i], S2[i], this->A[i]); + i, this->s1[i], this->s2[i], + ntt_fft_mreduce(a[i], set->fft_params), + S1[i], S2[i], this->A[i]); } } else @@ -1167,7 +1179,7 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) asn1_parser_t *parser; size_t s_bits = 0; int8_t s, s_min = 0, s_max = 0; - uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value; + uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value, r2; bool success = FALSE; int objectID, oid, i; @@ -1248,6 +1260,14 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) { goto end; } + this->Ar = malloc(this->set->n * sizeof(uint32_t)); + r2 = this->set->fft_params->r2; + + for (i = 0; i < this->set->n; i++) + { + this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2, + this->set->fft_params); + } break; case PRIV_KEY_SECRET1: if (object.len != 1 + (s_bits * this->set->n + 7)/8) diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c index 93d1165eb..f7ddbbfd2 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,7 +16,8 @@ #include "bliss_public_key.h" #include "bliss_signature.h" #include "bliss_bitpacker.h" -#include "bliss_fft.h" +#include "ntt_fft.h" +#include "ntt_fft_reduce.h" #include "bliss_utils.h" #include <asn1/asn1.h> @@ -37,7 +38,7 @@ struct private_bliss_public_key_t { /** * BLISS signature parameter set */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * NTT of BLISS public key a (coefficients of polynomial (2g + 1)/f) @@ -45,6 +46,11 @@ struct private_bliss_public_key_t { uint32_t *A; /** + * NTT of BLISS public key in Montgomery representation Ar = rA mod + */ + uint32_t *Ar; + + /** * reference counter */ refcount_t ref; @@ -70,8 +76,8 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg, uint8_t data_hash_buf[HASH_SIZE_SHA512]; chunk_t data_hash; hasher_t *hasher; - hash_algorithm_t oracle_alg; - bliss_fft_t *fft; + ext_out_function_t oracle_alg; + ntt_fft_t *fft; bliss_signature_t *sig; bool success = FALSE; @@ -104,7 +110,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg, } /* MGF1 hash algorithm to be used for random oracle */ - oracle_alg = HASH_SHA512; + oracle_alg = XOF_MGF1_SHA512; /* Initialize a couple of needed variables */ n = this->set->n; @@ -120,12 +126,12 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg, { az[i] = z1[i] < 0 ? q + z1[i] : z1[i]; } - fft = bliss_fft_create(this->set->fft_params); + fft = ntt_fft_create(this->set->fft_params); fft->transform(fft, az, az, FALSE); for (i = 0; i < n; i++) { - az[i] = (this->A[i] * az[i]) % q; + az[i] = ntt_fft_mreduce(this->Ar[i] * az[i], this->set->fft_params); } fft->transform(fft, az, az, TRUE); @@ -279,6 +285,7 @@ METHOD(public_key_t, destroy, void, { lib->encoding->clear_cache(lib->encoding, this); free(this->A); + free(this->Ar); free(this); } } @@ -304,7 +311,8 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args) chunk_t blob = chunk_empty, object, param; asn1_parser_t *parser; bool success = FALSE; - int objectID, oid; + int objectID, oid, i; + uint32_t r2; while (TRUE) { @@ -380,6 +388,14 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args) { goto end; } + this->Ar = malloc(this->set->n * sizeof(uint32_t)); + r2 = this->set->fft_params->r2; + + for (i = 0; i < this->set->n; i++) + { + this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2, + this->set->fft_params); + } break; } } @@ -399,7 +415,7 @@ end: /** * See header. */ -bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, +bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set, uint32_t **pubkey) { bliss_bitpacker_t *packer; @@ -438,7 +454,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, /** * See header. */ -chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set) +chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set) { bliss_bitpacker_t *packer; chunk_t encoding; @@ -460,7 +476,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set) * See header. */ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, - bliss_param_set_t *set) + const bliss_param_set_t *set) { chunk_t encoding, pubkey_encoding; @@ -479,7 +495,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, * See header. */ bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey, - bliss_param_set_t *set, + const bliss_param_set_t *set, cred_encoding_type_t type, chunk_t *fp) { hasher_t *hasher; diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.h b/src/libstrongswan/plugins/bliss/bliss_public_key.h index cd8f231b2..d8dd2df5c 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.h +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.h @@ -61,7 +61,7 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args); * @param pubkey coefficients of public key vector * @return TRUE if parsing successful */ -bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, +bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set, uint32_t **pubkey); /** @@ -71,7 +71,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, * @param set BLISS parameter set for the public key vector * @result ASN.1 encoded subjectPublicKey */ -chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set); +chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set); /** * Encode a BLISS subjectPublicKeyInfo record in ASN.1 DER format @@ -82,7 +82,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set); * @result ASN.1 encoded subjectPublicKeyInfo record */ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, - bliss_param_set_t *set); + const bliss_param_set_t *set); /** * Generate a BLISS public key fingerprint @@ -95,7 +95,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey, * @result TRUE if generation was successful */ bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey, - bliss_param_set_t *set, + const bliss_param_set_t *set, cred_encoding_type_t type, chunk_t *fp); #endif /** BLISS_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.c b/src/libstrongswan/plugins/bliss/bliss_sampler.c index fa45a2fac..fb29d6622 100644 --- a/src/libstrongswan/plugins/bliss/bliss_sampler.c +++ b/src/libstrongswan/plugins/bliss/bliss_sampler.c @@ -17,7 +17,7 @@ typedef struct private_bliss_sampler_t private_bliss_sampler_t; -#include <crypto/mgf1/mgf1_bitspender.h> +#include <crypto/xofs/xof_bitspender.h> /** * Private data of a bliss_sampler_t object. @@ -32,12 +32,12 @@ struct private_bliss_sampler_t { /** * BLISS parameter the rejection sampling is to be based on */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * Bitspender used for random rejection sampling */ - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; }; @@ -45,7 +45,8 @@ METHOD(bliss_sampler_t, bernoulli_exp, bool, private_bliss_sampler_t *this, uint32_t x, bool *accepted) { uint32_t x_mask; - uint8_t *c, u; + uint8_t u; + const uint8_t *c; int i; x_mask = 1 << (this->set->c_rows - 1); @@ -221,13 +222,13 @@ METHOD(bliss_sampler_t, destroy, void, /** * See header. */ -bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed, - bliss_param_set_t *set) +bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed, + const bliss_param_set_t *set) { private_bliss_sampler_t *this; - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; - bitspender = mgf1_bitspender_create(alg, seed, FALSE); + bitspender = xof_bitspender_create(alg, seed, FALSE); if (!bitspender) { return NULL; diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.h b/src/libstrongswan/plugins/bliss/bliss_sampler.h index 2c75d4480..3e6d3d003 100644 --- a/src/libstrongswan/plugins/bliss/bliss_sampler.h +++ b/src/libstrongswan/plugins/bliss/bliss_sampler.h @@ -84,11 +84,11 @@ struct bliss_sampler_t { /** * Create a bliss_sampler_t object. * - * @param alg Hash algorithm to be used for the internal bitspender + * @param alg XOF to be used for the internal bitspender * @param seed Seed used to initialize the internal bitspender * @param set BLISS parameter set to be used */ -bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed, - bliss_param_set_t *set); +bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed, + const bliss_param_set_t *set); #endif /** BLISS_SAMPLER_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.c b/src/libstrongswan/plugins/bliss/bliss_signature.c index e603da399..f4e1bff30 100644 --- a/src/libstrongswan/plugins/bliss/bliss_signature.c +++ b/src/libstrongswan/plugins/bliss/bliss_signature.c @@ -32,7 +32,7 @@ struct private_bliss_signature_t { /** * BLISS signature parameter set */ - bliss_param_set_t *set; + const bliss_param_set_t *set; /** * BLISS signature vector z1 of size n @@ -134,7 +134,7 @@ METHOD(bliss_signature_t, destroy, void, /** * See header. */ -bliss_signature_t *bliss_signature_create(bliss_param_set_t *set) +bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set) { private_bliss_signature_t *this; @@ -156,7 +156,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set) /** * See header. */ -bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set, +bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set, chunk_t encoding) { private_bliss_signature_t *this; diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.h b/src/libstrongswan/plugins/bliss/bliss_signature.h index d37f5398b..20ed6c0a2 100644 --- a/src/libstrongswan/plugins/bliss/bliss_signature.h +++ b/src/libstrongswan/plugins/bliss/bliss_signature.h @@ -61,7 +61,7 @@ struct bliss_signature_t { * * @param set BLISS parameter set */ -bliss_signature_t *bliss_signature_create(bliss_param_set_t *set); +bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set); /** * Create a BLISS signature object from encoding. @@ -69,7 +69,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set); * @param set BLISS parameter set * @param encoding binary signature encoding */ -bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set, +bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set, chunk_t encoding); #endif /** BLISS_SIGNATURE_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.c b/src/libstrongswan/plugins/bliss/bliss_utils.c index 5e313ff26..5baa1f89a 100644 --- a/src/libstrongswan/plugins/bliss/bliss_utils.c +++ b/src/libstrongswan/plugins/bliss/bliss_utils.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -17,7 +17,7 @@ #include <asn1/asn1.h> #include <crypto/hashers/hasher.h> -#include <crypto/mgf1/mgf1_bitspender.h> +#include <crypto/xofs/xof_bitspender.h> #include <utils/debug.h> /** @@ -39,7 +39,8 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n) /** * See header. */ -void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd) +void bliss_utils_round_and_drop(const bliss_param_set_t *set, + int32_t *x, int16_t *xd) { int32_t factor; int i; @@ -55,8 +56,8 @@ void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd) /** * See header. */ -bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, - uint16_t *ud, bliss_param_set_t *set, +bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash, + uint16_t *ud, const bliss_param_set_t *set, uint16_t *c_indices) { int i, index_trials = 0, index_found = 0; @@ -64,7 +65,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, uint32_t index; uint8_t *seed_pos; chunk_t seed; - mgf1_bitspender_t *bitspender; + xof_bitspender_t *bitspender; seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t)); @@ -79,7 +80,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, seed_pos += sizeof(uint16_t); } - bitspender = mgf1_bitspender_create(alg, seed, FALSE); + bitspender = xof_bitspender_create(alg, seed, FALSE); if (!bitspender) { return NULL; @@ -117,7 +118,8 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, /** * See header. */ -bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d) +bool bliss_utils_check_norms(const bliss_param_set_t *set, + int32_t *z1, int16_t *z2d) { int32_t z2ds[set->n]; int32_t z1_min, z1_max, norm; diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.h b/src/libstrongswan/plugins/bliss/bliss_utils.h index 156968dd7..bfaf3c475 100644 --- a/src/libstrongswan/plugins/bliss/bliss_utils.h +++ b/src/libstrongswan/plugins/bliss/bliss_utils.h @@ -42,29 +42,31 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n); * @param x input vector x of size n * @param xd rounded vector x with d bits dropped */ -void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd); +void bliss_utils_round_and_drop(const bliss_param_set_t *set, + int32_t *x, int16_t *xd); /** * Generate the binary challenge vector c as an array of kappa indices * - * @param alg hash algorithm to be used for the internal oracle - * @param data_hash hash of the data to be signed - * @param ud input vector ud of size n - * @param set BLISS parameter set to be used (n, n_bits, kappa) - * @param c_indices indexes of non-zero challenge coefficients + * @param alg XOF to be used for the internal oracle + * @param data_hash hash of the data to be signed + * @param ud input vector ud of size n + * @param set BLISS parameter set to be used (n, n_bits, kappa) + * @param c_indices indexes of non-zero challenge coefficients */ -bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash, - uint16_t *ud, bliss_param_set_t *set, +bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash, + uint16_t *ud, const bliss_param_set_t *set, uint16_t *c_indices); /** * Check the infinity and l2 norms of the vectors z1 and z2d << d * - * @param set BLISS parameter set - * @param z1 input vector - * @param z2d input vector - * @result TRUE if infinite and l2 norms do not exceed boundaries + * @param set BLISS parameter set + * @param z1 input vector + * @param z2d input vector + * @result TRUE if infinite and l2 norms do not exceed boundaries */ -bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d); +bool bliss_utils_check_norms(const bliss_param_set_t *set, + int32_t *z1, int16_t *z2d); #endif /** BLISS_UTILS_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.am b/src/libstrongswan/plugins/bliss/tests/Makefile.am index bd87753f5..1ec8d551f 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.am +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.am @@ -3,7 +3,6 @@ TESTS = bliss_tests check_PROGRAMS = $(TESTS) bliss_tests_SOURCES = \ - suites/test_bliss_fft.c \ suites/test_bliss_bitpacker.c \ suites/test_bliss_huffman.c \ suites/test_bliss_keys.c \ @@ -15,6 +14,7 @@ bliss_tests_SOURCES = \ bliss_tests_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ -I$(top_srcdir)/src/libstrongswan/plugins/bliss \ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ -DPLUGINS=\""${s_plugins}\"" \ @@ -24,4 +24,5 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@ bliss_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ ../libbliss.la diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 85619c551..05f95dc61 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -110,7 +110,7 @@ CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__EXEEXT_1 = bliss_tests$(EXEEXT) am__dirstamp = $(am__leading_dot)dirstamp -am_bliss_tests_OBJECTS = suites/bliss_tests-test_bliss_fft.$(OBJEXT) \ +am_bliss_tests_OBJECTS = \ suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT) \ suites/bliss_tests-test_bliss_huffman.$(OBJEXT) \ suites/bliss_tests-test_bliss_keys.$(OBJEXT) \ @@ -122,6 +122,7 @@ bliss_tests_OBJECTS = $(am_bliss_tests_OBJECTS) bliss_tests_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ ../libbliss.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -353,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -387,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -442,11 +440,12 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ bliss_tests_SOURCES = \ - suites/test_bliss_fft.c \ suites/test_bliss_bitpacker.c \ suites/test_bliss_huffman.c \ suites/test_bliss_keys.c \ @@ -458,6 +457,7 @@ bliss_tests_SOURCES = \ bliss_tests_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libstrongswan/tests \ + -I$(top_srcdir)/src/libstrongswan/math/libnttfft \ -I$(top_srcdir)/src/libstrongswan/plugins/bliss \ -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ -DPLUGINS=\""${s_plugins}\"" \ @@ -467,6 +467,7 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@ bliss_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la \ + $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \ ../libbliss.la all: all-am @@ -517,8 +518,6 @@ suites/$(am__dirstamp): suites/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) suites/$(DEPDIR) @: > suites/$(DEPDIR)/$(am__dirstamp) -suites/bliss_tests-test_bliss_fft.$(OBJEXT): suites/$(am__dirstamp) \ - suites/$(DEPDIR)/$(am__dirstamp) suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT): \ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/bliss_tests-test_bliss_huffman.$(OBJEXT): \ @@ -545,7 +544,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bliss_tests-bliss_tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_huffman.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_keys.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/bliss_tests-test_bliss_sampler.Po@am__quote@ @@ -576,20 +574,6 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -suites/bliss_tests-test_bliss_fft.o: suites/test_bliss_fft.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c - -suites/bliss_tests-test_bliss_fft.obj: suites/test_bliss_fft.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.obj -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi` - suites/bliss_tests-test_bliss_bitpacker.o: suites/test_bliss_bitpacker.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_bitpacker.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo -c -o suites/bliss_tests-test_bliss_bitpacker.o `test -f 'suites/test_bliss_bitpacker.c' || echo '$(srcdir)/'`suites/test_bliss_bitpacker.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h index f0959cc08..61f37d5a1 100644 --- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h +++ b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,7 +13,6 @@ * for more details. */ -TEST_SUITE(bliss_fft_suite_create) TEST_SUITE(bliss_bitpacker_suite_create) TEST_SUITE(bliss_huffman_suite_create) TEST_SUITE(bliss_keys_suite_create) diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c deleted file mode 100644 index 009aaf802..000000000 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (C) 2014 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "test_suite.h" - -#include <bliss_fft.h> - -static bliss_fft_params_t *fft_params[] = { - &bliss_fft_17_8, - &bliss_fft_12289_512 -}; - -START_TEST(test_bliss_fft_impulse) -{ - bliss_fft_t *fft; - uint16_t n = fft_params[_i]->n; - uint32_t x[n], X[n]; - int i; - - for (i = 0; i < n; i++) - { - x[i] = 0; - } - x[0] = 1; - - fft = bliss_fft_create(fft_params[_i]); - fft->transform(fft, x, X, FALSE); - - for (i = 0; i < n; i++) - { - ck_assert(X[i] == 1); - } - fft->transform(fft, X, x, TRUE); - - for (i = 0; i < n; i++) - { - ck_assert(x[i] == (i == 0)); - } - fft->destroy(fft); -} -END_TEST - -START_TEST(test_bliss_fft_wrap) -{ - bliss_fft_t *fft; - uint16_t n = fft_params[_i]->n; - uint16_t q = fft_params[_i]->q; - uint32_t x[n],y[n], X[n], Y[n]; - int i, j; - - for (i = 0; i < n; i++) - { - x[i] = i; - y[i] = 0; - } - fft = bliss_fft_create(fft_params[_i]); - ck_assert(fft->get_size(fft) == n); - ck_assert(fft->get_modulus(fft) == q); - fft->transform(fft, x, X, FALSE); - - for (j = 0; j < n; j++) - { - y[j] = 1; - fft->transform(fft, y, Y, FALSE); - - for (i = 0; i < n; i++) - { - Y[i] = (X[i] * Y[i]) % q; - } - fft->transform(fft, Y, Y, TRUE); - - for (i = 0; i < n; i++) - { - ck_assert(Y[i] == ( i < j ? q - n - i + j : i - j)); - } - y[j] = 0; - } - fft->destroy(fft); -} -END_TEST - -Suite *bliss_fft_suite_create() -{ - Suite *s; - TCase *tc; - - s = suite_create("bliss_fft"); - - tc = tcase_create("impulse"); - tcase_add_loop_test(tc, test_bliss_fft_impulse, 0, countof(fft_params)); - suite_add_tcase(s, tc); - - tc = tcase_create("negative_wrap"); - tcase_add_loop_test(tc, test_bliss_fft_wrap, 0, countof(fft_params)); - suite_add_tcase(s, tc); - - return s; -} diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c index 1bd1266ad..26c5b60e6 100644 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c +++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c @@ -22,16 +22,16 @@ static u_int key_size[] = { 1, 3, 4}; START_TEST(test_bliss_sampler_gaussian) { bliss_sampler_t *sampler; - bliss_param_set_t *set; + const bliss_param_set_t *set; int i, k, count; uint32_t hist[8], sign[3]; int32_t z; - hash_algorithm_t alg; + ext_out_function_t alg; size_t seed_len; chunk_t seed; set = bliss_param_set_get_by_id(key_size[_i]); - alg = HASH_SHA256; + alg = XOF_MGF1_SHA256; seed_len = 32; count = 10000000; diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c index 2a2f48c53..6f566506a 100644 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c +++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c @@ -95,8 +95,8 @@ static chunk_t data = chunk_from_chars( START_TEST(test_bliss_signature_fail) { - bliss_param_set_t set2 = { .id = BLISS_B_II }; - bliss_param_set_t *set; + const bliss_param_set_t set2 = { .id = BLISS_B_II }; + const bliss_param_set_t *set; bliss_signature_t *signature; chunk_t encoding; int k; |