ARG_DISBL_SET([sha2], [disable SHA256/SHA384/SHA512 software implementation plugin.])
ARG_ENABL_SET([sha3], [enable SHA3_224/SHA3_256/SHA3_384/SHA3_512 software implementation plugin.])
ARG_DISBL_SET([xcbc], [disable xcbc crypto implementation plugin.])
+ARG_ENABL_SET([mgf1], [enables the MGF1 software implementation plugin.])
# encoding/decoding plugins
ARG_DISBL_SET([dnskey], [disable DNS RR key decoding plugin.])
ARG_DISBL_SET([pem], [disable PEM decoding plugin.])
tss_tss2=true
fi
+if test x$ntru = xtrue -o x$bliss = xtrue; then
+ mgf1=true
+fi
+
# ===========================================
# check required libraries and header files
# ===========================================
ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
+ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
+AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
src/libstrongswan/plugins/sha1/Makefile
src/libstrongswan/plugins/sha2/Makefile
src/libstrongswan/plugins/sha3/Makefile
+ src/libstrongswan/plugins/mgf1/Makefile
src/libstrongswan/plugins/fips_prf/Makefile
src/libstrongswan/plugins/gmp/Makefile
src/libstrongswan/plugins/rdrand/Makefile
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
crypto/iv/iv_gen_null.c \
-crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
-crypto/xofs/xof.c \
+crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
credentials/keys/public_key.c credentials/keys/shared_key.c \
crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
-crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
-crypto/xofs/xof.h \
+crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
credentials/credential_factory.h credentials/builder.h \
credentials/cred_encoding.h credentials/keys/private_key.h \
credentials/keys/public_key.h credentials/keys/shared_key.h \
endif
endif
+if USE_MGF1
+ SUBDIRS += plugins/mgf1
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/mgf1/libstrongswan-mgf1.la
+endif
+endif
+
if USE_NTRU
SUBDIRS += plugins/ntru
if MONOLITHIC
+++ /dev/null
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1.h"
-
-#include "crypto/hashers/hasher.h"
-#include "utils/debug.h"
-#include "utils/test.h"
-
-typedef struct private_mgf1_t private_mgf1_t;
-
-/**
- * Private data of an mgf1_t object.
- */
-struct private_mgf1_t {
-
- /**
- * Public mgf1_t interface.
- */
- mgf1_t public;
-
- /**
- * Hasher the MGF1 Mask Generation Function is based on
- */
- hasher_t *hasher;
-
- /**
- * Counter
- */
- uint32_t counter;
-
- /**
- * Set if counter has reached 2^32
- */
- bool overflow;
-
- /**
- * Current state to be hashed
- */
- chunk_t state;
-
- /**
- * Position of the 4 octet counter string
- */
- u_char *ctr_str;
-
-};
-
-METHOD(mgf1_t, get_hash_size, size_t,
- private_mgf1_t *this)
-{
- return this->hasher->get_hash_size(this->hasher);
-}
-
-METHOD(mgf1_t, get_mask, bool,
- private_mgf1_t *this, size_t mask_len, u_char *mask)
-{
- u_char buf[HASH_SIZE_SHA512];
- size_t hash_len;
-
- hash_len = this->hasher->get_hash_size(this->hasher);
-
- while (mask_len > 0)
- {
- /* detect overflow, set counter string and increment counter */
- if (this->overflow)
- {
- return FALSE;
- }
- htoun32(this->ctr_str, this->counter++);
- if (this->counter == 0)
- {
- this->overflow = TRUE;
- }
-
- /* get the next or final mask block from the hash function */
- if (!this->hasher->get_hash(this->hasher, this->state,
- (mask_len < hash_len) ? buf : mask))
- {
- return FALSE;
- }
- if (mask_len < hash_len)
- {
- memcpy(mask, buf, mask_len);
- return TRUE;
- }
- mask_len -= hash_len;
- mask += hash_len;
- }
- return TRUE;
-}
-
-METHOD(mgf1_t, allocate_mask, bool,
- private_mgf1_t *this, size_t mask_len, chunk_t *mask)
-{
- if (mask_len == 0)
- {
- *mask = chunk_empty;
- return TRUE;
- }
- *mask = chunk_alloc(mask_len);
-
- return get_mask(this, mask_len, mask->ptr);
-}
-
-METHOD(mgf1_t, destroy, void,
- private_mgf1_t *this)
-{
- this->hasher->destroy(this->hasher);
- chunk_clear(&this->state);
- free(this);
-}
-
-/*
- * Described in header.
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed)
-{
- private_mgf1_t *this;
- hasher_t *hasher;
- size_t state_len;
-
- if (seed.len == 0)
- {
- DBG1(DBG_LIB, "empty seed for MGF1");
- return NULL;
- }
-
- hasher = lib->crypto->create_hasher(lib->crypto, alg);
- if (!hasher)
- {
- DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
- hash_algorithm_names, alg);
- return NULL;
- }
- state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
-
- INIT(this,
- .public = {
- .get_hash_size = _get_hash_size,
- .allocate_mask = _allocate_mask,
- .get_mask = _get_mask,
- .destroy = _destroy,
- },
- .hasher = hasher,
- .state = chunk_alloc(state_len),
- );
-
- /* determine position of the 4 octet counter string */
- this->ctr_str = this->state.ptr + state_len - 4;
-
- if (hash_seed)
- {
- if (!hasher->get_hash(hasher, seed, this->state.ptr))
- {
- DBG1(DBG_LIB, "failed to hash seed for MGF1");
- destroy(this);
- return NULL;
- }
- }
- else
- {
- memcpy(this->state.ptr, seed.ptr, seed.len);
- }
-
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup mgf1 mgf1
- * @{ @ingroup crypto
- */
-
-#ifndef MGF1_H_
-#define MGF1_H_
-
-typedef struct mgf1_t mgf1_t;
-
-#include <library.h>
-
-/**
- * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
- * defined in section 10.2.1 of RFC 2437
- */
-struct mgf1_t {
-
- /**
- * Get the hash size of the underlying hash function
- *
- * @return hash size in bytes
- */
- size_t (*get_hash_size)(mgf1_t *this);
-
- /**
- * Generate a mask pattern and copy it to an output buffer
- * If the maximum number of requests has been reached, reseeding occurs
- *
- * @param mask_len number of mask bytes to generate
- * @param mask output buffer of minimum size mask_len
- * @return TRUE if successful
- */
- bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask);
-
- /**
- * Generate a mask pattern and return it in an allocated chunk
- *
- * @param mask_len number of mask bytes to generate
- * @param mask chunk containing generated mask
- * @return TRUE if successful
- */
- bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask);
-
- /**
- * Destroy the MGF1 object
- */
- void (*destroy)(mgf1_t *this);
-};
-
-/**
- * Create an MGF1 object
- *
- * @param alg hash algorithm to be used by MGF1
- * @param seed seed used by MGF1 to generate mask from
- * @param hash_seed hash seed before using it as a seed for MGF1
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed);
-
-#endif /** MGF1_H_ @}*/
-
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1_bitspender.h"
-
-#include <crypto/mgf1/mgf1.h>
-
-typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t;
-
-/**
- * Private data structure for mgf1_bitspender_t object
- */
-struct private_mgf1_bitspender_t {
- /**
- * Public interface.
- */
- mgf1_bitspender_t public;
-
- /**
- * MGF1 bit mask generator
- */
- mgf1_t *mgf1;
-
- /**
- * Octet storage (accommodates up to 64 octets)
- */
- uint8_t octets[HASH_SIZE_SHA512];
-
- /**
- * Length of the returned hash value in octets
- */
- int hash_len;
-
- /**
- * Number of generated octets
- */
- int octets_count;
-
- /**
- * Number of available octets
- */
- int octets_left;
-
- /**
- * Bit storage (accommodates up to 32 bits)
- */
- uint32_t bits;
-
- /**
- * Number of available bits
- */
- int bits_left;
-
- /**
- * Byte storage (accommodates up to 4 bytes)
- */
- uint8_t bytes[4];
-
- /**
- * Number of available bytes
- */
- int bytes_left;
-
-};
-
-METHOD(mgf1_bitspender_t, get_bits, bool,
- private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits)
-{
- int bits_now;
-
- *bits = 0x00000000;
-
- if (bits_needed == 0)
- {
- /* trivial */
- return TRUE;
- }
- if (bits_needed > 32)
- {
- /* too many bits requested */
- return FALSE;
- }
-
- while (bits_needed)
- {
- if (this->bits_left == 0)
- {
- if (this->octets_left == 0)
- {
- /* get another block from MGF1 */
- if (!this->mgf1->get_mask(this->mgf1, this->hash_len,
- this->octets))
- {
- /* no block available */
- return FALSE;
- }
- this->octets_left = this->hash_len;
- this->octets_count += this->hash_len;
- }
- this->bits = untoh32(this->octets + this->hash_len -
- this->octets_left);
- this->bits_left = 32;
- this->octets_left -= 4;
- }
- if (bits_needed > this->bits_left)
- {
- bits_now = this->bits_left;
- this->bits_left = 0;
- bits_needed -= bits_now;
- }
- else
- {
- bits_now = bits_needed;
- this->bits_left -= bits_needed;
- bits_needed = 0;
- }
- if (bits_now == 32)
- {
- *bits = this->bits;
- }
- else
- {
- *bits <<= bits_now;
- *bits |= this->bits >> this->bits_left;
- if (this->bits_left)
- {
- this->bits &= 0xffffffff >> (32 - this->bits_left);
- }
- }
- }
- return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, get_byte, bool,
- private_mgf1_bitspender_t *this, uint8_t *byte)
-{
- if (this->bytes_left == 0)
- {
- if (this->octets_left == 0)
- {
- /* get another block from MGF1 */
- if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets))
- {
- /* no block available */
- return FALSE;
- }
- this->octets_left = this->hash_len;
- this->octets_count += this->hash_len;
- }
- memcpy(this->bytes, this->octets + this->hash_len - this->octets_left, 4);
- this->bytes_left = 4;
- this->octets_left -= 4;
- }
- *byte = this->bytes[4 - this->bytes_left--];
-
- return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, destroy, void,
- private_mgf1_bitspender_t *this)
-{
- DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count);
- memwipe(this->octets, sizeof(this->octets));
- this->mgf1->destroy(this->mgf1);
- free(this);
-}
-
-/**
- * See header.
- */
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed)
-{
- private_mgf1_bitspender_t *this;
- mgf1_t *mgf1;
-
- mgf1 = mgf1_create(alg, seed, hash_seed);
- if (!mgf1)
- {
- return NULL;
- }
- DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets",
- hash_algorithm_short_names, alg, seed.len);
-
- INIT(this,
- .public = {
- .get_bits = _get_bits,
- .get_byte = _get_byte,
- .destroy = _destroy,
- },
- .mgf1 = mgf1,
- .hash_len = mgf1->get_hash_size(mgf1),
- );
-
- return &this->public;
-}
+++ /dev/null
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup mgf1_bitspender mgf1_bitspender
- * @{ @ingroup mgf1
- */
-
-#ifndef MGF1_BITSPENDER_H_
-#define MGF1_BITSPENDER_H_
-
-#include <library.h>
-#include <crypto/hashers/hasher.h>
-
-typedef struct mgf1_bitspender_t mgf1_bitspender_t;
-
-/**
- * Generates a given number of pseudo-random bits at a time using MGF1
- */
-struct mgf1_bitspender_t {
-
- /**
- * Get pseudo-random bits
- *
- * @param bits_needed Number of needed bits (1..32)
- * @param bits Pseudo-random bits
- * @result FALSE if internal MGF1 error occurred
- */
- bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits);
-
- /**
- * Get a pseudo-random byte
- *
- * @param byte Pseudo-random byte
- * @result FALSE if internal MGF1 error occurred
- */
- bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte);
-
- /**
- * Destroy mgf1_bitspender_t object
- */
- void (*destroy)(mgf1_bitspender_t *this);
-};
-
-/**
- * Create a mgf1_bitspender_t object
- *
- * @param alg Hash algorithm to be used with MGF1
- * @param seed Seed used to initialize MGF1
- * @param hash_seed Hash seed before using it as a seed for MFG1
- */
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
- bool hash_seed);
-
-#endif /** MGF1_BITSPENDER_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1 mgf1
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_H_
+#define MGF1_H_
+
+typedef struct mgf1_t mgf1_t;
+
+#include "xof.h"
+
+/**
+ * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
+ * defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_t {
+
+ /**
+ * Generic xof_t interface for this Extended Output Function (XOF).
+ */
+ xof_t xof_interface;
+
+ /**
+ * Hash the seed before using it as a seed for MGF1
+ *
+ * @param yes TRUE if seed has to be hashed first
+ */
+ void (*set_hash_seed)(mgf1_t *this, bool yes);
+};
+
+#endif /** MGF1_H_ @}*/
ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
"XOF_UNDEFINED",
- "XOF_SHAKE128",
- "XOF_SHAKE256",
"XOF_MGF1_SHA1",
"XOF_MGF1_SHA256",
"XOF_MGF1_SHA512",
+ "XOF_SHAKE128",
+ "XOF_SHAKE256",
"XOF_CHACHA20"
);
*/
enum ext_out_function_t {
XOF_UNDEFINED,
- /** FIPS 202 */
- XOF_SHAKE_128,
- /** FIPS 202 */
- XOF_SHAKE_256,
/** RFC 2437 PKCS#1 */
XOF_MGF1_SHA1,
/** RFC 2437 PKCS#1 */
XOF_MGF1_SHA256,
/** RFC 2437 PKCS#1 */
XOF_MGF1_SHA512,
+ /** FIPS 202 */
+ XOF_SHAKE_128,
+ /** FIPS 202 */
+ XOF_SHAKE_256,
/** RFC 7539 ChaCha20 */
XOF_CHACHA20,
};
extern enum_name_t *ext_out_function_names;
/**
- * Generic interface for pseudo-random-functions.
+ * Generic interface for Extended Output Function (XOF)
*/
struct xof_t {
/**
+ * Return the type of the Extended Output Function
+ *
+ * @return XOF type
+ */
+ ext_out_function_t (*get_type)(xof_t *this);
+
+ /**
* Generates pseudo random bytes and writes them in the buffer.
*
* @param out_len number of output bytes requested
--- /dev/null
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof_bitspender.h"
+#include "mgf1.h"
+
+typedef struct private_xof_bitspender_t private_xof_bitspender_t;
+
+/**
+ * Private data structure for xof_bitspender_t object
+ */
+struct private_xof_bitspender_t {
+ /**
+ * Public interface.
+ */
+ xof_bitspender_t public;
+
+ /**
+ * Extended Output Function (XOF)
+ */
+ xof_t *xof;
+
+ /**
+ * Length of the returned hash value in octets
+ */
+ int hash_len;
+
+ /**
+ * Bit storage (accommodates up to 32 bits)
+ */
+ uint32_t bits;
+
+ /**
+ * Number of available bits
+ */
+ int bits_left;
+
+ /**
+ * Byte storage (accommodates up to 4 bytes)
+ */
+ uint8_t bytes[4];
+
+ /**
+ * Number of available bytes
+ */
+ int bytes_left;
+
+ /**
+ * Number of octets spent
+ */
+ int octet_count;
+
+};
+
+static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer)
+{
+ if (!this->xof->get_bytes(this->xof, 4, buffer))
+ {
+ /* no block available */
+ return FALSE;
+ }
+ this->octet_count += 4;
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_bits, bool,
+ private_xof_bitspender_t *this, int bits_needed, uint32_t *bits)
+{
+ int bits_now;
+
+ *bits = 0x00000000;
+
+ if (bits_needed == 0)
+ {
+ /* trivial */
+ return TRUE;
+ }
+ if (bits_needed > 32)
+ {
+ /* too many bits requested */
+ return FALSE;
+ }
+
+ while (bits_needed)
+ {
+ if (this->bits_left == 0)
+ {
+ uint8_t buf[4];
+
+ if (!get_next_block(this, buf))
+ {
+ return FALSE;
+ }
+ this->bits = untoh32(buf);
+ this->bits_left = 32;
+ }
+ if (bits_needed > this->bits_left)
+ {
+ bits_now = this->bits_left;
+ this->bits_left = 0;
+ bits_needed -= bits_now;
+ }
+ else
+ {
+ bits_now = bits_needed;
+ this->bits_left -= bits_needed;
+ bits_needed = 0;
+ }
+ if (bits_now == 32)
+ {
+ *bits = this->bits;
+ }
+ else
+ {
+ *bits <<= bits_now;
+ *bits |= this->bits >> this->bits_left;
+ if (this->bits_left)
+ {
+ this->bits &= 0xffffffff >> (32 - this->bits_left);
+ }
+ }
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_byte, bool,
+ private_xof_bitspender_t *this, uint8_t *byte)
+{
+ if (this->bytes_left == 0)
+ {
+ if (!get_next_block(this, this->bytes))
+ {
+ return FALSE;
+ }
+ this->bytes_left = 4;
+ }
+ *byte = this->bytes[4 - this->bytes_left--];
+
+ return TRUE;
+}
+
+METHOD(xof_bitspender_t, destroy, void,
+ private_xof_bitspender_t *this)
+{
+ DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names,
+ this->xof->get_type(this->xof), this->octet_count);
+ memwipe(this->bytes, 4);
+ this->xof->destroy(this->xof);
+ free(this);
+}
+
+/**
+ * See header.
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+ bool hash_seed)
+{
+ private_xof_bitspender_t *this;
+ xof_t *xof;
+
+ xof = lib->crypto->create_xof(lib->crypto, alg);
+ if (!xof)
+ {
+ return NULL;
+ }
+
+ switch (alg)
+ {
+ case XOF_MGF1_SHA1:
+ case XOF_MGF1_SHA256:
+ case XOF_MGF1_SHA512:
+ {
+ mgf1_t *mgf1 = (mgf1_t*)xof;
+
+ mgf1->set_hash_seed(mgf1, hash_seed);
+ break;
+ }
+ default:
+ break;
+ }
+ if (!xof->set_seed(xof, seed))
+ {
+ xof->destroy(xof);
+ return NULL;
+ }
+ DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names,
+ alg, seed.len);
+
+ INIT(this,
+ .public = {
+ .get_bits = _get_bits,
+ .get_byte = _get_byte,
+ .destroy = _destroy,
+ },
+ .xof = xof,
+ );
+
+ return &this->public;
+}
--- /dev/null
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xof_bitspender xof_bitspender
+ * @{ @ingroup mgf1
+ */
+
+#ifndef XOF_BITSPENDER_H_
+#define XOF_BITSPENDER_H_
+
+#include "xof.h"
+
+#include <library.h>
+
+typedef struct xof_bitspender_t xof_bitspender_t;
+
+/**
+ * Generates a given number of pseudo-random bits at a time using an
+ * Extended Output Function (XOF)
+ */
+struct xof_bitspender_t {
+
+ /**
+ * Get pseudo-random bits
+ *
+ * @param bits_needed Number of needed bits (1..32)
+ * @param bits Pseudo-random bits
+ * @result FALSE if internal MGF1 error occurred
+ */
+ bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits);
+
+ /**
+ * Get a pseudo-random byte
+ *
+ * @param byte Pseudo-random byte
+ * @result FALSE if internal MGF1 error occurred
+ */
+ bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte);
+
+ /**
+ * Destroy xof_bitspender_t object
+ */
+ void (*destroy)(xof_bitspender_t *this);
+};
+
+/**
+ * Create a xof_bitspender_t object
+ *
+ * @param alg XOF to be used
+ * @param seed Seed used to initialize XOF
+ * @param hash_seed Hash seed before using it as a seed for MFG1
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+ bool hash_seed);
+
+#endif /** XOF_BITSPENDER_H_ @}*/
#include "ntt_fft.h"
#include "ntt_fft_reduce.h"
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
#include <asn1/oid.h>
bliss_sampler_t *sampler = NULL;
rng_t *rng;
hasher_t *hasher;
- hash_algorithm_t mgf1_alg, oracle_alg;
+ hash_algorithm_t mgf1_alg;
+ ext_out_function_t oracle_alg;
size_t mgf1_seed_len;
uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512];
chunk_t mgf1_seed, data_hash;
}
/* MGF1 hash algorithm to be used for random oracle */
- oracle_alg = HASH_SHA512;
+ oracle_alg = XOF_MGF1_SHA512;
/* Initialize a couple of needed variables */
n = this->set->n;
* Create a vector with sparse and small coefficients from seed
*/
static int8_t* create_vector_from_seed(private_bliss_private_key_t *this,
- hash_algorithm_t alg, chunk_t seed)
+ ext_out_function_t alg, chunk_t seed)
{
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
uint32_t index, sign;
int8_t *vector;
int non_zero;
- bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+ bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
int i, n;
chunk_t seed;
size_t seed_len;
- hash_algorithm_t alg;
+ ext_out_function_t alg;
n = this->set->n;
*s1 = NULL;
/* Set MGF1 hash algorithm and seed length based on security strength */
if (this->set->strength > 160)
{
- alg = HASH_SHA256;
+ alg = XOF_MGF1_SHA256;
seed_len = HASH_SIZE_SHA256;
}
else
{
- alg = HASH_SHA1;
+ alg = XOF_MGF1_SHA1;
seed_len = HASH_SIZE_SHA1;
}
seed = chunk_create(seed_buf, seed_len);
uint8_t data_hash_buf[HASH_SIZE_SHA512];
chunk_t data_hash;
hasher_t *hasher;
- hash_algorithm_t oracle_alg;
+ ext_out_function_t oracle_alg;
ntt_fft_t *fft;
bliss_signature_t *sig;
bool success = FALSE;
}
/* MGF1 hash algorithm to be used for random oracle */
- oracle_alg = HASH_SHA512;
+ oracle_alg = XOF_MGF1_SHA512;
/* Initialize a couple of needed variables */
n = this->set->n;
typedef struct private_bliss_sampler_t private_bliss_sampler_t;
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
/**
* Private data of a bliss_sampler_t object.
/**
* Bitspender used for random rejection sampling
*/
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
};
/**
* See header.
*/
-bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
+bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
const bliss_param_set_t *set)
{
private_bliss_sampler_t *this;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
- bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+ bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
/**
* Create a bliss_sampler_t object.
*
- * @param alg Hash algorithm to be used for the internal bitspender
+ * @param alg XOF to be used for the internal bitspender
* @param seed Seed used to initialize the internal bitspender
* @param set BLISS parameter set to be used
*/
-bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
+bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
const bliss_param_set_t *set);
#endif /** BLISS_SAMPLER_H_ @}*/
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <asn1/asn1.h>
#include <crypto/hashers/hasher.h>
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
/**
/**
* See header.
*/
-bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
+bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
uint16_t *ud, const bliss_param_set_t *set,
uint16_t *c_indices)
{
uint32_t index;
uint8_t *seed_pos;
chunk_t seed;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
seed_pos += sizeof(uint16_t);
}
- bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+ bitspender = xof_bitspender_create(alg, seed, FALSE);
if (!bitspender)
{
return NULL;
/**
* Generate the binary challenge vector c as an array of kappa indices
*
- * @param alg hash algorithm to be used for the internal oracle
- * @param data_hash hash of the data to be signed
- * @param ud input vector ud of size n
- * @param set BLISS parameter set to be used (n, n_bits, kappa)
- * @param c_indices indexes of non-zero challenge coefficients
+ * @param alg XOF to be used for the internal oracle
+ * @param data_hash hash of the data to be signed
+ * @param ud input vector ud of size n
+ * @param set BLISS parameter set to be used (n, n_bits, kappa)
+ * @param c_indices indexes of non-zero challenge coefficients
*/
-bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
+bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
uint16_t *ud, const bliss_param_set_t *set,
uint16_t *c_indices);
/**
* Check the infinity and l2 norms of the vectors z1 and z2d << d
*
- * @param set BLISS parameter set
- * @param z1 input vector
- * @param z2d input vector
- * @result TRUE if infinite and l2 norms do not exceed boundaries
+ * @param set BLISS parameter set
+ * @param z1 input vector
+ * @param z2d input vector
+ * @result TRUE if infinite and l2 norms do not exceed boundaries
*/
bool bliss_utils_check_norms(const bliss_param_set_t *set,
int32_t *z1, int16_t *z2d);
chapoly_drv_t *drv;
};
+METHOD(xof_t, get_type, ext_out_function_t,
+ private_chapoly_xof_t *this)
+{
+ return XOF_CHACHA20;
+}
+
METHOD(xof_t, get_bytes, bool,
private_chapoly_xof_t *this, size_t out_len, uint8_t *buffer)
{
len = min(out_len, CHACHA_BLOCK_SIZE - this->stream_index);
if (len)
{
- memcpy(buffer + index, this->stream + this->stream_index, len);
+ memcpy(buffer, this->stream + this->stream_index, len);
index += len;
this->stream_index += len;
}
INIT(this,
.public = {
.xof_interface = {
+ .get_type = _get_type,
.get_bytes = _get_bytes,
.allocate_bytes = _allocate_bytes,
.get_block_size = _get_block_size,
--- /dev/null
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-mgf1.la
+else
+plugin_LTLIBRARIES = libstrongswan-mgf1.la
+endif
+
+libstrongswan_mgf1_la_SOURCES = \
+ mgf1_plugin.h mgf1_plugin.c \
+ mgf1_xof.h mgf1_xof.c
+
+libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version
--- /dev/null
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mgf1_plugin.h"
+#include "mgf1_xof.h"
+
+#include <library.h>
+
+typedef struct private_mgf1_plugin_t private_mgf1_plugin_t;
+
+/**
+ * private data of mgf1_plugin
+ */
+struct private_mgf1_plugin_t {
+
+ /**
+ * public functions
+ */
+ mgf1_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_mgf1_plugin_t *this)
+{
+ return "mgf1";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_mgf1_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(XOF, mgf1_xof_create),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_mgf1_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *mgf1_plugin_create()
+{
+ private_mgf1_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1_p mgf1
+ * @ingroup plugins
+ *
+ * @defgroup mgf1_plugin mgf1_plugin
+ * @{ @ingroup mgf1_p
+ */
+
+#ifndef MGF1_PLUGIN_H_
+#define MGF1_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct mgf1_plugin_t mgf1_plugin_t;
+
+/**
+ * Plugin implementing the MGF1 Mask Generator Function in software.
+ */
+struct mgf1_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** MGF1_PLUGIN_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2013-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mgf1_xof.h"
+
+#include "crypto/hashers/hasher.h"
+#include "utils/debug.h"
+
+typedef struct private_mgf1_xof_t private_mgf1_xof_t;
+
+/**
+ * Private data of an mgf1_xof_t object.
+ */
+struct private_mgf1_xof_t {
+
+ /**
+ * Public mgf1_xof_t interface.
+ */
+ mgf1_xof_t public;
+
+ /**
+ * XOF type of the MGF1 Mask Generation Function
+ */
+ ext_out_function_t type;
+
+ /**
+ * Hasher the MGF1 Mask Generation Function is based on
+ */
+ hasher_t *hasher;
+
+ /**
+ * Is the seed hashed before using it as a seed for MGF1 ?
+ */
+ bool hash_seed;
+
+ /**
+ * Counter
+ */
+ uint32_t counter;
+
+ /**
+ * Set if counter has reached 2^32
+ */
+ bool overflow;
+
+ /**
+ * Current state to be hashed
+ */
+ chunk_t state;
+
+ /**
+ * Position of the 4 octet counter string
+ */
+ uint8_t *ctr_str;
+
+ /**
+ * Latest hash block
+ */
+ uint8_t buf[HASH_SIZE_SHA512];
+
+ /**
+ * Index pointing to the current position in the hash block
+ */
+ size_t buf_index;
+
+};
+
+METHOD(xof_t, get_type, ext_out_function_t,
+ private_mgf1_xof_t *this)
+{
+ return this->type;
+}
+
+static bool get_next_block(private_mgf1_xof_t *this, uint8_t *buffer)
+{
+ /* detect overflow, set counter string and increment counter */
+ if (this->overflow)
+ {
+ DBG1(DBG_LIB, "MGF1 overflow occurred");
+ return FALSE;
+ }
+ htoun32(this->ctr_str, this->counter++);
+ if (this->counter == 0)
+ {
+ this->overflow = TRUE;
+ }
+
+ /* get the next block from the hash function */
+ if (!this->hasher->get_hash(this->hasher, this->state, buffer))
+ {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, get_bytes, bool,
+ private_mgf1_xof_t *this, size_t out_len, uint8_t *buffer)
+{
+ size_t index = 0, blocks, len, hash_size;
+
+ hash_size = this->hasher->get_hash_size(this->hasher);
+
+ /* empty the current hash block buffer first */
+ len = min(out_len, hash_size - this->buf_index);
+ if (len)
+ {
+ memcpy(buffer, this->buf + this->buf_index, len);
+ index += len;
+ this->buf_index += len;
+ }
+
+ /* copy whole hash blocks directly to output buffer */
+ blocks = (out_len - index) / hash_size;
+ while (blocks--)
+ {
+ if (!get_next_block(this, buffer + index))
+ {
+ return FALSE;
+ }
+ index += hash_size;
+ }
+
+ /* get another hash block if some more output bytes are needed */
+ len = out_len - index;
+ if (len)
+ {
+ if (!get_next_block(this, this->buf))
+ {
+ return FALSE;
+ }
+ memcpy(buffer + index, this->buf, len);
+ this->buf_index = len;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, allocate_bytes, bool,
+ private_mgf1_xof_t *this, size_t out_len, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(out_len);
+
+ if (!get_bytes(this, out_len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, get_block_size, size_t,
+ private_mgf1_xof_t *this)
+{
+ return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(xof_t, get_seed_size, size_t,
+ private_mgf1_xof_t *this)
+{
+ return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(xof_t, set_seed, bool,
+ private_mgf1_xof_t *this, chunk_t seed)
+{
+ size_t hash_size, state_len;
+
+ if (seed.len == 0)
+ {
+ DBG1(DBG_LIB, "empty seed for MGF1");
+ return FALSE;
+ }
+
+ /* determine state size and allocate space accordingly */
+ hash_size = this->hasher->get_hash_size(this->hasher);
+ state_len = (this->hash_seed ? hash_size : seed.len) + 4;
+ chunk_clear(&this->state);
+ this->state = chunk_alloc(state_len);
+
+ /* hash block buffer is empty */
+ this->buf_index = hash_size;
+
+ /* reset counter */
+ this->counter = 0;
+
+ /* determine position of the 4 octet counter string */
+ this->ctr_str = this->state.ptr + state_len - 4;
+
+ if (this->hash_seed)
+ {
+ if (!this->hasher->get_hash(this->hasher, seed, this->state.ptr))
+ {
+ DBG1(DBG_LIB, "failed to hash seed for MGF1");
+ return FALSE;
+ }
+ }
+ else
+ {
+ memcpy(this->state.ptr, seed.ptr, seed.len);
+ }
+
+ return TRUE;
+}
+
+METHOD(xof_t, destroy, void,
+ private_mgf1_xof_t *this)
+{
+ this->hasher->destroy(this->hasher);
+ chunk_clear(&this->state);
+ free(this);
+}
+
+METHOD(mgf1_t, set_hash_seed, void,
+ private_mgf1_xof_t *this, bool yes)
+{
+ this->hash_seed = yes;
+}
+
+/*
+ * Described in header.
+ */
+mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm)
+{
+ private_mgf1_xof_t *this;
+ hash_algorithm_t hash_alg;
+ hasher_t *hasher;
+
+ switch (algorithm)
+ {
+ case XOF_MGF1_SHA1:
+ hash_alg = HASH_SHA1;
+ break;
+ case XOF_MGF1_SHA256:
+ hash_alg = HASH_SHA256;
+ break;
+ case XOF_MGF1_SHA512:
+ hash_alg = HASH_SHA512;
+ break;
+ default:
+ return NULL;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+ if (!hasher)
+ {
+ DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
+ hash_algorithm_names, hash_alg);
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .mgf1_interface = {
+ .xof_interface = {
+ .get_type = _get_type,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_seed_size = _get_seed_size,
+ .set_seed = _set_seed,
+ .destroy = _destroy,
+ },
+ .set_hash_seed = _set_hash_seed,
+ },
+ },
+ .type = algorithm,
+ .hasher = hasher,
+ );
+
+ return &this->public;
+}
--- /dev/null
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1_xof mgf1_xof
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_XOF_H_
+#define MGF1_XOF_H_
+
+typedef struct mgf1_xof_t mgf1_xof_t;
+
+#include <crypto/xofs/mgf1.h>
+
+/**
+ * Implements the PKCS#1 MGF1_XOF Mask Generation Function based on a hash
+ * function defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_xof_t {
+
+ /**
+ * mgf1_t interface for this Extended Output Function (XOF).
+ */
+ mgf1_t mgf1_interface;
+};
+
+/**
+ * Create an mgf1_xof_t object
+ *
+ * @param algorithm XOF_MGF1_SHA1, XOF_MGF1_SHA256 or XOF_MGF1_SHA512
+ * @return mgf1_xof_t object, NULL if not supported
+ */
+mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm);
+
+#endif /** MGF1_XOF_H_ @}*/
+
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
#include "ntru_poly.h"
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
#include <utils/test.h>
/*
* Described in header.
*/
-ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
- uint8_t c_bits, uint16_t N, uint16_t q,
+ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t mgf1_type,
+ chunk_t seed, uint8_t c_bits,
+ uint16_t N, uint16_t q,
uint32_t indices_len_p,
uint32_t indices_len_m,
bool is_product_form)
int n, num_indices, index_i = 0;
uint32_t index, limit;
uint8_t *used;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
- bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+ bitspender = xof_bitspender_create(mgf1_type, seed, TRUE);
if (!bitspender)
{
return NULL;
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
typedef struct ntru_poly_t ntru_poly_t;
#include <library.h>
+#include <crypto/xofs/xof.h>
/**
* Implements a trinary polynomial storing the indices of non-zero coefficients
};
/**
- * Create a trits polynomial from a seed using MGF1 with a base hash function
+ * Create a trits polynomial from a seed using MGF1
*
- * @param alg hash algorithm to be used by MGF1
+ * @param alg MGF1 algorithm used(XOF_MGF1_SHA1 or XOF_MGF_SHA256)
* @param seed seed used by MGF1 to generate trits from
* @param N ring dimension, number of polynomial coefficients
* @param q large modulus
* @param indices_len_m number of indices for -1 coefficients
* @param is_product_form generate multiple polynomials
*/
-ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
+ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t alg, chunk_t seed,
uint8_t c_bits, uint16_t N, uint16_t q,
uint32_t indices_len_p,
uint32_t indices_len_m,
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
METHOD(ntru_private_key_t, decrypt, bool,
private_ntru_private_key_t *this, chunk_t ciphertext, chunk_t *plaintext)
{
- hash_algorithm_t hash_algid;
+ ext_out_function_t alg;
size_t t_len, seed1_len, seed2_len;
uint16_t *t1, *t2, *t = NULL;
uint16_t mod_q_mask, q_mod_p, cmprime_len, cm_len = 0, num_zeros;
Mtrin = (uint8_t *)t1;
M = Mtrin + this->params->N;
- /* set hash algorithm based on security strength */
- hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
- HASH_SHA256;
+ /* set MGF1 algorithm type based on security strength */
+ alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+ XOF_MGF1_SHA256;
/* set constants */
mod_q_mask = this->params->q - 1;
ntru_coeffs_mod4_2_octets(this->params->N, t2, seed.ptr);
/* form mask */
- mask = ntru_trits_create(this->params->N, hash_algid, seed);
+ mask = ntru_trits_create(this->params->N, alg, seed);
if (!mask)
{
DBG1(DBG_LIB, "mask creation failed");
/* generate cr */
DBG2(DBG_LIB, "generate polynomial r");
- r_poly = ntru_poly_create_from_seed(hash_algid, seed,
- this->params->c_bits, this->params->N,
- this->params->q, this->params->dF_r,
+ r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
+ this->params->N, this->params->q, this->params->dF_r,
this->params->dF_r, this->params->is_product_form);
if (!r_poly)
{
size_t t_len;
uint16_t *t1, *t2, *t = NULL;
uint16_t mod_q_mask;
- hash_algorithm_t hash_algid;
+ ext_out_function_t alg;
ntru_poly_t *g_poly;
chunk_t seed;
int i;
);
/* set hash algorithm and seed length based on security strength */
- if (params->sec_strength_len <= 20)
- {
- hash_algid = HASH_SHA1;
- }
- else
- {
- hash_algid = HASH_SHA256;
- }
+ alg = (params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+ XOF_MGF1_SHA256;
seed =chunk_alloc(params->sec_strength_len + 8);
/* get random seed for generating trinary F as a list of indices */
}
DBG2(DBG_LIB, "generate polynomial F");
- this->privkey = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ this->privkey = ntru_poly_create_from_seed(alg, seed, params->c_bits,
params->N, params->q,
params->dF_r, params->dF_r,
params->is_product_form);
}
DBG2(DBG_LIB, "generate polynomial g");
- g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+ g_poly = ntru_poly_create_from_seed(alg, seed, params->c_bits,
params->N, params->q, params->dg + 1,
params->dg, FALSE);
if (!g_poly)
/*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2009-2013 Security Innovation
METHOD(ntru_public_key_t, encrypt, bool,
private_ntru_public_key_t *this, chunk_t plaintext, chunk_t *ciphertext)
{
- hash_algorithm_t hash_algid;
+ ext_out_function_t alg;
size_t t_len, seed1_len, seed2_len;
uint16_t *t1, *t = NULL;
uint8_t b[MAX_SEC_STRENGTH_LEN];
M = Mtrin + this->params->N;
/* set hash algorithm based on security strength */
- hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
- HASH_SHA256;
+ alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+ XOF_MGF1_SHA256;
/* set constants */
mod_q_mask = this->params->q - 1;
seed.len = seed2_len;
DBG2(DBG_LIB, "generate polynomial r");
- r_poly = ntru_poly_create_from_seed(hash_algid, seed, this->params->c_bits,
+ r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
this->params->N, this->params->q,
this->params->dF_r, this->params->dF_r,
this->params->is_product_form);
seed.len = seed1_len;
/* form mask */
- mask = ntru_trits_create(this->params->N, hash_algid, seed);
+ mask = ntru_trits_create(this->params->N, alg, seed);
if (!mask)
{
DBG1(DBG_LIB, "mask creation failed");
/*
- * Copyright (C) 2013-2014 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include "ntru_trits.h"
#include "ntru_convert.h"
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
#include <utils/debug.h>
#include <utils/test.h>
/*
* Described in header.
*/
-ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
+ntru_trits_t *ntru_trits_create(size_t len, ext_out_function_t alg,
+ chunk_t seed)
{
private_ntru_trits_t *this;
uint8_t octet, buf[5], *trits;
size_t trits_needed;
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
- bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+ bitspender = xof_bitspender_create(alg, seed, TRUE);
if (!bitspender)
{
return NULL;
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
typedef struct ntru_trits_t ntru_trits_t;
#include <library.h>
+#include <crypto/xofs/xof.h>
/**
* Implements an array of trinary elements (trits)
* Create a trits array from a seed using MGF1 with a base hash function
*
* @param size size of the trits array
- * @param alg hash algorithm to be used by MGF1
+ * @param alg MGF1 algorithm used (XOF_MGF1_SHA1 or XOF_MGF_SHA256)
* @param seed seed used by MGF1 to generate trits from
*/
-ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed);
+ntru_trits_t *ntru_trits_create(size_t size, ext_out_function_t alg,
+ chunk_t seed);
#endif /** NTRU_TRITS_H_ @}*/
};
+METHOD(xof_t, get_type, ext_out_function_t,
+ private_sha3_shake_t *this)
+{
+ return this->algorithm;
+}
METHOD(xof_t, get_bytes, bool,
private_sha3_shake_t *this, size_t out_len, uint8_t *buffer)
INIT(this,
.public = {
.xof_interface = {
+ .get_type = _get_type,
.get_bytes = _get_bytes,
.allocate_bytes = _allocate_bytes,
.get_block_size = _get_block_size,
#include <tests/utils/test_rng.h>
#include <utils/test.h>
-#include <crypto/mgf1/mgf1.h>
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof.h>
+#include <crypto/xofs/xof_bitspender.h>
+#include <crypto/xofs/mgf1.h>
typedef struct {
- hash_algorithm_t alg;
+ ext_out_function_t alg;
size_t hash_size;
size_t ml1, ml2, ml3, seed_len;
chunk_t seed;
* MGF1 Mask Generation Function Test Vectors
*/
mgf1_test_t mgf1_tests[] = {
- { HASH_SHA1, 20, 60, 20, 15, 24,
+ { XOF_MGF1_SHA1, 20, 60, 20, 15, 24,
chunk_from_chars(
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
{ 0, 0, 0, 4, 1, 1, 46, 103, 38, 411, 848, 57, 3540, 4058, 12403,
0x63, 0x2B, 0xC9, 0x17, 0x56, 669409, 0xA407A43B },
},
- { HASH_SHA256, 32, 64, 32, 33, 40,
+ { XOF_MGF1_SHA256, 32, 64, 32, 33, 40,
chunk_from_chars(
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
START_TEST(mgf1_test_mgf1)
{
+ xof_t *xof;
mgf1_t *mgf1;
chunk_t mask, mask1, mask2, mask3;
mask2.len = mgf1_tests[_i].ml2;
mask3.len = mgf1_tests[_i].ml3;
- mgf1 = mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
- ck_assert(mgf1 == NULL);
+ /* unknown XOF */
+ xof = lib->crypto->create_xof(lib->crypto, XOF_UNDEFINED);
+ ck_assert(xof == NULL);
- mgf1 = mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
- ck_assert(mgf1 == NULL);
+ /* create MGF1 XOF */
+ xof = lib->crypto->create_xof(lib->crypto, mgf1_tests[_i].alg);
+ ck_assert(xof);
- /* return mask in allocated chunk */
- mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
- ck_assert(mgf1);
+ /* hash the seed */
+ mgf1 = (mgf1_t*)xof;
+ mgf1->set_hash_seed(mgf1, TRUE);
- /* check hash size */
- ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
+ /* check MGF1 type */
+ ck_assert(xof->get_type(xof) == mgf1_tests[_i].alg);
- /* get zero number of octets */
- ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
+ /* check seed size */
+ ck_assert(xof->get_seed_size(xof) == mgf1_tests[_i].hash_size);
+
+ /* check block size */
+ ck_assert(xof->get_block_size(xof) == mgf1_tests[_i].hash_size);
+
+ /* empty seed */
+ ck_assert(!xof->set_seed(xof, chunk_empty));
+
+ /* initialize MGF1 with non-empty seed */
+ ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
+
+ /* allocate zero number of octets */
+ ck_assert(xof->allocate_bytes(xof, 0, &mask));
ck_assert(mask.len == 0 && mask.ptr == NULL);
- /* get non-zero number of octets */
- ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
+ /* allocate non-zero number of octets */
+ ck_assert(xof->allocate_bytes(xof, mgf1_tests[_i].mask.len, &mask));
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
- mgf1->destroy(mgf1);
+
+ /* re-initialize MGF1 with non-empty seed */
+ ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
/* copy mask to pre-allocated buffer */
- mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
- ck_assert(mgf1);
- ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mgf1_tests[_i].mask.len, mask.ptr));
ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
- mgf1->destroy(mgf1);
- /* get mask in batches without hashing the seed */
- mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
- ck_assert(mgf1);
+ /* do not hash the seed */
+ mgf1->set_hash_seed(mgf1, FALSE);
+
+ /* re-initialize MGF1 with non-empty seed */
+ ck_assert(xof->set_seed(xof, mgf1_tests[_i].hashed_seed));
/* first batch */
- ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mask1.len, mask.ptr));
mask.len = mask1.len;
ck_assert(chunk_equals(mask, mask1));
/* second batch */
- ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mask2.len, mask.ptr));
mask.len = mask2.len;
ck_assert(chunk_equals(mask, mask2));
/* third batch */
- ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
+ ck_assert(xof->get_bytes(xof, mask3.len, mask.ptr));
mask.len = mask3.len;
ck_assert(chunk_equals(mask, mask3));
- mgf1->destroy(mgf1);
+ /* clean up */
+ xof->destroy(xof);
chunk_free(&mask);
}
END_TEST
START_TEST(mgf1_test_bitspender)
{
- mgf1_bitspender_t *bitspender;
+ xof_bitspender_t *bitspender;
uint32_t bits;
uint8_t byte;
int j;
- bitspender = mgf1_bitspender_create(HASH_UNKNOWN,
- mgf1_tests[_i].hashed_seed, FALSE);
+ bitspender = xof_bitspender_create(XOF_UNDEFINED,
+ mgf1_tests[_i].hashed_seed, FALSE);
ck_assert(bitspender == NULL);
- bitspender = mgf1_bitspender_create(mgf1_tests[_i].alg,
- mgf1_tests[_i].hashed_seed, FALSE);
+ bitspender = xof_bitspender_create(mgf1_tests[_i].alg,
+ mgf1_tests[_i].hashed_seed, FALSE);
ck_assert(bitspender);
for (j = 0; j < 15; j++)
#include <tests/utils/test_rng.h>
#include <utils/test.h>
-#include <crypto/mgf1/mgf1.h>
+#include <crypto/xofs/xof.h>
#include <plugins/ntru/ntru_drbg.h>
#include <plugins/ntru/ntru_trits.h>
#include <plugins/ntru/ntru_poly.h>
uint32_t strength, chunk_t pers_str, rng_t *entropy)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
- size_t len, hash_algorithm_t alg, chunk_t seed)
+ size_t len, ext_out_function_t alg, chunk_t seed)
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
- hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
+ ext_out_function_t alg, chunk_t seed, uint8_t c_bits,
uint16_t N, uint16_t q, uint32_t indices_len_p,
uint32_t indices_len_m, bool is_product_form)
} poly_test_t;
typedef struct {
- hash_algorithm_t alg;
+ ext_out_function_t alg;
size_t hash_size;
size_t seed_len;
chunk_t seed;
* Trits and Polynomial Test Vectors
*/
static trits_test_t trits_tests[] = {
- { HASH_SHA1, 20, 24,
+ { XOF_MGF1_SHA1, 20, 24,
chunk_from_chars(
0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
}
}
},
- { HASH_SHA256, 32, 40,
+ { XOF_MGF1_SHA256, 32, 40,
chunk_from_chars(
0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
chunk_t trits;
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
- HASH_UNKNOWN, trits_tests[_i].seed);
+ XOF_UNDEFINED, trits_tests[_i].seed);
ck_assert(mask == NULL);
mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
seed.len = trits_tests[_i].seed_len;
p = &trits_tests[_i].poly_test[0];
- poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed,
+ poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, XOF_UNDEFINED, seed,
p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
p->is_product_form);
ck_assert(poly == NULL);
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
+
multiple_authentication = no
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce chapoly aes sha1 sha2 md5 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = chapoly aes des sha1 sha2 md5 pem pkcs1 gmp ntru random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce chapoly aes sha1 sha2 pem pkcs1 gmp mgf1 ntru x509 curl revocation hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl ntru revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 sha3 chapoly newhope bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 mgf1 ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 mgf1 ntru hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
}
charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
}
charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
}
charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 sha3 hmac ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500