Created framework for BLISS post-quantum signature algorithm
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 21 Oct 2014 22:19:49 +0000 (00:19 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 29 Nov 2014 13:51:14 +0000 (14:51 +0100)
12 files changed:
configure.ac
src/libstrongswan/Makefile.am
src/libstrongswan/credentials/keys/public_key.c
src/libstrongswan/credentials/keys/public_key.h
src/libstrongswan/plugins/bliss/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/bliss/bliss_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/bliss/bliss_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/bliss/bliss_private_key.c [new file with mode: 0644]
src/libstrongswan/plugins/bliss/bliss_private_key.h [new file with mode: 0644]
src/libstrongswan/plugins/bliss/bliss_public_key.c [new file with mode: 0644]
src/libstrongswan/plugins/bliss/bliss_public_key.h [new file with mode: 0644]
src/pki/commands/gen.c

index 7e561ed..ff8fefe 100644 (file)
@@ -123,6 +123,7 @@ m4_include(m4/macros/enable-disable.m4)
 # crypto plugins
 ARG_DISBL_SET([aes],            [disable AES software implementation plugin.])
 ARG_ENABL_SET([af-alg],         [enable AF_ALG crypto interface to Linux Crypto API.])
+ARG_ENABL_SET([bliss],          [enable BLISS software implementation plugin.])
 ARG_ENABL_SET([blowfish],       [enable Blowfish software implementation plugin.])
 ARG_ENABL_SET([ccm],            [enables the CCM AEAD wrapper crypto plugin.])
 ARG_DISBL_SET([cmac],           [disable CMAC crypto implementation plugin.])
@@ -1251,6 +1252,7 @@ ADD_PLUGIN([ctr],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ccm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([gcm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ntru],                 [s charon scripts nm cmd])
+ADD_PLUGIN([bliss],                [s charon pki scripts nm cmd])
 ADD_PLUGIN([curl],                 [s charon scepclient pki scripts nm cmd])
 ADD_PLUGIN([winhttp],              [s charon pki scripts])
 ADD_PLUGIN([soup],                 [s charon pki scripts nm cmd])
@@ -1398,6 +1400,7 @@ AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue)
 AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue)
 AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
 AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
+AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
 
 #  charon plugins
 # ----------------
@@ -1641,6 +1644,7 @@ AC_CONFIG_FILES([
        src/libstrongswan/plugins/gcm/Makefile
        src/libstrongswan/plugins/af_alg/Makefile
        src/libstrongswan/plugins/ntru/Makefile
+       src/libstrongswan/plugins/bliss/Makefile
        src/libstrongswan/plugins/test_vectors/Makefile
        src/libstrongswan/tests/Makefile
        src/libhydra/Makefile
index 1b72d6f..9460a9e 100644 (file)
@@ -544,6 +544,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_BLISS
+  SUBDIRS += plugins/bliss
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/bliss/libstrongswan-bliss.la
+endif
+endif
+
 if USE_TEST_VECTORS
   SUBDIRS += plugins/test_vectors
 if MONOLITHIC
index 37bba77..5ec6f56 100644 (file)
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
 
 #include "public_key.h"
 
-ENUM(key_type_names, KEY_ANY, KEY_DSA,
+ENUM(key_type_names, KEY_ANY, KEY_BLISS,
        "ANY",
        "RSA",
        "ECDSA",
-       "DSA"
+       "DSA",
+       "BLISS"
 );
 
-ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_IV_SHA384,
        "UNKNOWN",
        "RSA_EMSA_PKCS1_NULL",
        "RSA_EMSA_PKCS1_MD5",
@@ -41,6 +43,8 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
        "ECDSA-256",
        "ECDSA-384",
        "ECDSA-521",
+       "BLISS-I_SHA256",
+       "BLISS-IV_SHA384",
 );
 
 ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
index 2afcf83..728c08e 100644 (file)
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -42,6 +43,8 @@ enum key_type_t {
        KEY_ECDSA = 2,
        /** DSA */
        KEY_DSA   = 3,
+       /** BLISS */
+       KEY_BLISS = 4,
        /** ElGamal, ... */
 };
 
@@ -90,6 +93,10 @@ enum signature_scheme_t {
        SIGN_ECDSA_384,
        /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
        SIGN_ECDSA_521,
+       /** BLISS-I with SHA-256                                           */
+       SIGN_BLISS_I_SHA256,
+       /** BLISS-IV with SHA-384                                          */
+       SIGN_BLISS_IV_SHA384,
 };
 
 /**
diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am
new file mode 100644 (file)
index 0000000..3075688
--- /dev/null
@@ -0,0 +1,19 @@
+AM_CPPFLAGS = \
+       -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+       $(PLUGIN_CFLAGS) \
+       @COVERAGE_CFLAGS@
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-bliss.la
+else
+plugin_LTLIBRARIES = libstrongswan-bliss.la
+endif
+
+libstrongswan_bliss_la_SOURCES = \
+       bliss_plugin.h bliss_plugin.c \
+       bliss_private_key.h bliss_private_key.c \
+       bliss_public_key.h bliss_public_key.c
+
+libstrongswan_bliss_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c
new file mode 100644 (file)
index 0000000..7958940
--- /dev/null
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "bliss_plugin.h"
+#include "bliss_private_key.h"
+#include "bliss_public_key.h"
+
+#include <library.h>
+
+typedef struct private_bliss_plugin_t private_bliss_plugin_t;
+
+/**
+ * private data of bliss_plugin
+ */
+struct private_bliss_plugin_t {
+
+       /**
+        * public functions
+        */
+       bliss_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+       private_bliss_plugin_t *this)
+{
+       return "bliss";
+}
+
+METHOD(plugin_t, get_features, int,
+       private_bliss_plugin_t *this, plugin_feature_t *features[])
+{
+       static plugin_feature_t f[] = {
+               /* private/public keys */
+               PLUGIN_REGISTER(PRIVKEY, bliss_private_key_load, TRUE),
+                       PLUGIN_PROVIDE(PRIVKEY, KEY_BLISS),
+               PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE),
+                       PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS),
+                               PLUGIN_DEPENDS(RNG, RNG_TRUE),
+               PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
+                       PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
+               /* signature schemes, private */
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_I_SHA256),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_IV_SHA384),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+               /* signature verification schemes */
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_I_SHA256),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_IV_SHA384),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+       };
+       *features = f;
+
+       return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+       private_bliss_plugin_t *this)
+{
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *bliss_plugin_create()
+{
+       private_bliss_plugin_t *this;
+
+       INIT(this,
+               .public = {
+                       .plugin = {
+                               .get_name = _get_name,
+                               .get_features = _get_features,
+                               .destroy = _destroy,
+                       },
+               },
+       );
+
+       return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.h b/src/libstrongswan/plugins/bliss/bliss_plugin.h
new file mode 100644 (file)
index 0000000..d3d80ac
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup bliss_p bliss
+ * @ingroup plugins
+ *
+ * @defgroup bliss_plugin bliss_plugin
+ * @{ @ingroup bliss_p
+ */
+
+#ifndef BLISS_PLUGIN_H_
+#define BLISS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct bliss_plugin_t bliss_plugin_t;
+
+/**
+ * Plugin implementing the BLISS post-quantu authentication algorithm
+ */
+struct bliss_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+#endif /** BLISS_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
new file mode 100644 (file)
index 0000000..7d3cee9
--- /dev/null
@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "bliss_private_key.h"
+
+typedef struct private_bliss_private_key_t private_bliss_private_key_t;
+
+/**
+ * Private data of a bliss_private_key_t object.
+ */
+struct private_bliss_private_key_t {
+       /**
+        * Public interface for this signer.
+        */
+       bliss_private_key_t public;
+
+
+       /**
+        * BLISS type
+        */
+       u_int key_size;
+
+       /**
+        * reference count
+        */
+       refcount_t ref;
+};
+
+METHOD(private_key_t, get_type, key_type_t,
+       private_bliss_private_key_t *this)
+{
+       return KEY_BLISS;
+}
+
+METHOD(private_key_t, sign, bool,
+       private_bliss_private_key_t *this, signature_scheme_t scheme,
+       chunk_t data, chunk_t *signature)
+{
+       switch (scheme)
+       {
+               case SIGN_BLISS_I_SHA256:
+                       return FALSE;
+               case SIGN_BLISS_IV_SHA384:
+                       return FALSE;
+               default:
+                       DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
+                                signature_scheme_names, scheme);
+                       return FALSE;
+       }
+}
+
+METHOD(private_key_t, decrypt, bool,
+       private_bliss_private_key_t *this, encryption_scheme_t scheme,
+       chunk_t crypto, chunk_t *plain)
+{
+       DBG1(DBG_LIB, "encryption scheme %N not supported",
+                                  encryption_scheme_names, scheme);
+       return FALSE;
+}
+
+METHOD(private_key_t, get_keysize, int,
+       private_bliss_private_key_t *this)
+{
+       return this->key_size;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+       private_bliss_private_key_t *this)
+{
+       public_key_t *public = NULL;
+
+       return public;
+}
+
+METHOD(private_key_t, get_encoding, bool,
+       private_bliss_private_key_t *this, cred_encoding_type_t type,
+       chunk_t *encoding)
+{
+       bool success = TRUE;
+
+       *encoding = chunk_empty;
+
+       return success;
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+       private_bliss_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
+{
+       bool success = FALSE;
+
+       return success;
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+       private_bliss_private_key_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+       private_bliss_private_key_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               free(this);
+       }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_bliss_private_key_t *bliss_private_key_create_empty(void)
+{
+       private_bliss_private_key_t *this;
+
+       INIT(this,
+               .public = {
+                       .key = {
+                               .get_type = _get_type,
+                               .sign = _sign,
+                               .decrypt = _decrypt,
+                               .get_keysize = _get_keysize,
+                               .get_public_key = _get_public_key,
+                               .equals = private_key_equals,
+                               .belongs_to = private_key_belongs_to,
+                               .get_fingerprint = _get_fingerprint,
+                               .has_fingerprint = private_key_has_fingerprint,
+                               .get_encoding = _get_encoding,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+               },
+               .ref = 1,
+       );
+       return this;
+}
+
+/**
+ * See header.
+ */
+bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
+{
+       private_bliss_private_key_t *this;
+       u_int key_size = 1;
+
+       while (TRUE)
+       {
+               switch (va_arg(args, builder_part_t))
+               {
+                       case BUILD_KEY_SIZE:
+                               key_size = va_arg(args, u_int);
+                               continue;
+                       case BUILD_END:
+                               break;
+                       default:
+                               return NULL;
+               }
+               break;
+       }
+
+       /* Only BLISS-I and BLISS-IV are supported */
+       if (key_size != 1 && key_size != 4)
+       {
+               return NULL;
+       }
+
+       this = bliss_private_key_create_empty();
+       this->key_size = key_size;
+
+       return &this->public;
+}
+
+/**
+ * See header.
+ */
+bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
+{
+       private_bliss_private_key_t *this;
+
+       while (TRUE)
+       {
+               switch (va_arg(args, builder_part_t))
+               {
+                       default:
+                               return NULL;
+               }
+               break;
+       }
+
+       this = bliss_private_key_create_empty();
+
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.h b/src/libstrongswan/plugins/bliss/bliss_private_key.h
new file mode 100644 (file)
index 0000000..c9b93a6
--- /dev/null
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup bliss_private_key bliss_private_key
+ * @{ @ingroup gmp_p
+ */
+
+#ifndef BLISS_PRIVATE_KEY_H_
+#define BLISS_PRIVATE_KEY_H_
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+typedef struct bliss_private_key_t bliss_private_key_t;
+
+/**
+ * Private_key_t implementation of BLISS signature algorithm.
+ */
+struct bliss_private_key_t {
+
+       /**
+        * Implements private_key_t interface
+        */
+       private_key_t key;
+};
+
+/**
+ * Generate a BLISS private key.
+ *
+ * Accepts the BUILD_KEY_SIZE argument.
+ *
+ * @param type         type of the key, must be KEY_BLISS
+ * @param args         builder_part_t argument list
+ * @return                     generated key, NULL on failure
+ */
+bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args);
+
+/**
+ * Load a BLISS private key.
+ *
+ * Accepts BUILD_BLISS_* components.
+ *
+ * @param type         type of the key, must be KEY_BLISS
+ * @param args         builder_part_t argument list
+ * @return                     loaded key, NULL on failure
+ */
+bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args);
+
+#endif /** BLISS_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
new file mode 100644 (file)
index 0000000..002bf34
--- /dev/null
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "bliss_public_key.h"
+
+typedef struct private_bliss_public_key_t private_bliss_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_bliss_public_key_t {
+       /**
+        * Public interface for this signer.
+        */
+       bliss_public_key_t public;
+
+       /**
+        * BLISS type
+        */
+       u_int key_size;
+
+       /**
+        * reference counter
+        */
+       refcount_t ref;
+};
+
+METHOD(public_key_t, get_type, key_type_t,
+       private_bliss_public_key_t *this)
+{
+       return KEY_BLISS;
+}
+
+METHOD(public_key_t, verify, bool,
+       private_bliss_public_key_t *this, signature_scheme_t scheme,
+       chunk_t data, chunk_t signature)
+{
+       switch (scheme)
+       {
+               case SIGN_BLISS_I_SHA256:
+                       return FALSE;
+               case SIGN_BLISS_IV_SHA384:
+                       return FALSE;
+               default:
+                       DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
+                                signature_scheme_names, scheme);
+                       return FALSE;
+       }
+}
+
+METHOD(public_key_t, encrypt_, bool,
+       private_bliss_public_key_t *this, encryption_scheme_t scheme,
+       chunk_t plain, chunk_t *crypto)
+{
+       DBG1(DBG_LIB, "encryption scheme %N not supported",
+                                  encryption_scheme_names, scheme);
+       return FALSE;
+}
+
+METHOD(public_key_t, get_keysize, int,
+       private_bliss_public_key_t *this)
+{
+       return this->key_size;
+}
+
+METHOD(public_key_t, get_encoding, bool,
+       private_bliss_public_key_t *this, cred_encoding_type_t type,
+       chunk_t *encoding)
+{
+       bool success = TRUE;
+
+       *encoding = chunk_empty;
+
+       return success;
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+       private_bliss_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
+{
+       bool success = FALSE;
+
+       return success;
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+       private_bliss_public_key_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+       private_bliss_public_key_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               free(this);
+       }
+}
+
+/**
+ * See header.
+ */
+bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
+{
+       private_bliss_public_key_t *this;
+
+       while (TRUE)
+       {
+               switch (va_arg(args, builder_part_t))
+               {
+                       case BUILD_END:
+                               break;
+                       default:
+                               return NULL;
+               }
+               break;
+       }
+
+       INIT(this,
+               .public = {
+                       .key = {
+                               .get_type = _get_type,
+                               .verify = _verify,
+                               .encrypt = _encrypt_,
+                               .equals = public_key_equals,
+                               .get_keysize = _get_keysize,
+                               .get_fingerprint = _get_fingerprint,
+                               .has_fingerprint = public_key_has_fingerprint,
+                               .get_encoding = _get_encoding,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+               },
+               .ref = 1,
+       );
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.h b/src/libstrongswan/plugins/bliss/bliss_public_key.h
new file mode 100644 (file)
index 0000000..71e0e4e
--- /dev/null
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup bliss_public_key bliss_public_key
+ * @{ @ingroup gmp_p
+ */
+
+#ifndef BLISS_PUBLIC_KEY_H_
+#define BLISS_PUBLIC_KEY_H_
+
+#include <credentials/builder.h>
+#include <credentials/keys/public_key.h>
+
+typedef struct bliss_public_key_t bliss_public_key_t;
+
+/**
+ * public_key_t implementation of BLISS signature algorithm
+ */
+struct bliss_public_key_t {
+
+       /**
+        * Implements the public_key_t interface
+        */
+       public_key_t key;
+};
+
+/**
+ * Load a BLISS public key.
+ *
+ * Accepts BUILD_BLISS_* components.
+ *
+ * @param type         type of the key, must be KEY_BLISS
+ * @param args         builder_part_t argument list
+ * @return                     loaded key, NULL on failure
+ */
+bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args);
+
+#endif /** BLISS_PUBLIC_KEY_H_ @}*/
index ce28a09..c39644e 100644 (file)
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -43,6 +44,10 @@ static int gen()
                                {
                                        type = KEY_ECDSA;
                                }
+                               else if (streq(arg, "bliss"))
+                               {
+                                       type = KEY_BLISS;
+                               }
                                else
                                {
                                        return command_usage("invalid key type");
@@ -96,6 +101,9 @@ static int gen()
                        case KEY_ECDSA:
                                size = 384;
                                break;
+                       case KEY_BLISS:
+                               size = 1;
+                               break;
                        default:
                                break;
                }
@@ -151,12 +159,12 @@ static void __attribute__ ((constructor))reg()
 {
        command_register((command_t) {
                gen, 'g', "gen", "generate a new private key",
-               {"  [--type rsa|ecdsa] [--size bits] [--safe-primes]",
+               {"  [--type rsa|ecdsa|bliss] [--size bits] [--safe-primes]",
                 "[--shares n] [--threshold l] [--outform der|pem]"},
                {
                        {"help",                'h', 0, "show usage information"},
                        {"type",                't', 1, "type of key, default: rsa"},
-                       {"size",                's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"},
+                       {"size",                's', 1, "keylength in bits, default: rsa 2048, ecdsa 384, bliss 1"},
                        {"safe-primes", 'p', 0, "generate rsa safe primes"},
                        {"shares",              'n', 1, "number of private rsa key shares"},
                        {"threshold",   'l', 1, "minimum number of participating rsa key shares"},