Implemented improved BLISS-B signature algorithm
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 31 Jan 2015 01:16:15 +0000 (02:16 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 25 Feb 2015 20:45:34 +0000 (21:45 +0100)
13 files changed:
conf/Makefile.am
conf/plugins/bliss.opt [new file with mode: 0644]
src/libstrongswan/asn1/oid.txt
src/libstrongswan/plugins/bliss/bliss_huffman_code.c
src/libstrongswan/plugins/bliss/bliss_param_set.c
src/libstrongswan/plugins/bliss/bliss_param_set.h
src/libstrongswan/plugins/bliss/bliss_private_key.c
src/libstrongswan/plugins/bliss/bliss_public_key.c
src/libstrongswan/plugins/bliss/bliss_signature.c
testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der
testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der
testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der
testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der

index 1085e48..c6f8741 100644 (file)
@@ -28,6 +28,7 @@ plugins = \
        plugins/android_log.opt \
        plugins/attr.opt \
        plugins/attr-sql.opt \
+       plugins/bliss.opt \
        plugins/certexpire.opt \
        plugins/coupling.opt \
        plugins/dhcp.opt \
diff --git a/conf/plugins/bliss.opt b/conf/plugins/bliss.opt
new file mode 100644 (file)
index 0000000..0983da0
--- /dev/null
@@ -0,0 +1,2 @@
+charon.plugins.bliss.use_bliss_b = yes
+       Use the enhanced BLISS-B key generation and signature algorithm.
index 39bc552..bf392da 100644 (file)
                     0x02     "BLISS-II"                                        OID_BLISS_II
                     0x03     "BLISS-III"                               OID_BLISS_III
                     0x04     "BLISS-IV"                                        OID_BLISS_IV
+                    0x05     "BLISS-B-I"                               OID_BLISS_B_I
+                    0x06     "BLISS-B-II"                              OID_BLISS_B_II
+                    0x07     "BLISS-B_III"                             OID_BLISS_B_III
+                    0x08     "BLISS-B_IV"                              OID_BLISS_B_IV
                   0x03       "blissSigType"
                     0x01     "BLISS-with-SHA512"               OID_BLISS_WITH_SHA512
           0x89               ""
index 68a799b..e31cd9d 100644 (file)
@@ -27,10 +27,13 @@ bliss_huffman_code_t* bliss_huffman_code_get_by_id(bliss_param_set_id_t id)
        switch (id)
        {
                case BLISS_I:
+               case BLISS_B_I:
                        return &bliss_huffman_code_1;
                case BLISS_III:
+               case BLISS_B_III:
                        return &bliss_huffman_code_3;
                case BLISS_IV:
+               case BLISS_B_IV:
                        return &bliss_huffman_code_4;
                default:
                        return NULL;
index cbdb56d..3781a58 100644 (file)
 
 #include <asn1/oid.h>
 
-ENUM(bliss_param_set_id_names, BLISS_I, BLISS_IV,
+ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV,
        "BLISS-I",
        "BLISS-II",
        "BLISS-III",
-       "BLISS-IV"
+       "BLISS-IV",
+       "BLISS-B-I",
+       "BLISS-B-II",
+       "BLISS-B-III",
+       "BLISS-B-IV"
 );
 
 /**
@@ -118,8 +122,8 @@ static uint8_t c_bliss_iv[] = {
 static bliss_param_set_t bliss_param_sets[] = {
 
        /* BLISS-I scheme */
-    {
-        .id = BLISS_I,
+       {
+               .id = BLISS_I,
                .oid = OID_BLISS_I,
                .strength = 128,
                .q = 12289,
@@ -132,6 +136,7 @@ static bliss_param_set_t bliss_param_sets[] = {
                .non_zero2 = 0,
                .kappa = 23,
                .nks_max = 46479,
+               .p_max = 0,     /* not needed */
                .sigma = 215,
                .k_sigma = 254,
                .k_sigma_bits = 8,
@@ -141,14 +146,14 @@ static bliss_param_set_t bliss_param_sets[] = {
                .z1_bits = 12,
                .d = 10,
                .p = 24,
-               .M = 46539,
-               .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */
+               .M = 46539,     /* with alpha = 1.000 */
+               .B_inf = 2047,  /* reduced from 2100 due to 12 bit z1 encoding */
                .B_l2 = 12872 * 12872
-      },
+       },
 
        /* BLISS-III scheme */
-    {
-        .id = BLISS_III,
+       {
+               .id = BLISS_III,
                .oid = OID_BLISS_III,
                .strength = 160,
                .q = 12289,
@@ -161,6 +166,7 @@ static bliss_param_set_t bliss_param_sets[] = {
                .non_zero2 = 16,
                .kappa = 30,
                .nks_max = 128626,
+               .p_max = 0,     /* not needed */
                .sigma = 250,
                .k_sigma = 295,
                .k_sigma_bits = 9,
@@ -170,14 +176,14 @@ static bliss_param_set_t bliss_param_sets[] = {
                .z1_bits = 12,
                .d = 9,
                .p = 48,
-               .M = 128113,
+               .M = 128113,    /* with alpha = 0.700 */
                .B_inf = 1760,
                .B_l2 = 10206 * 10206
-      },
+       },
 
        /* BLISS-IV scheme */
-    {
-        .id = BLISS_IV,
+       {
+               .id = BLISS_IV,
                .oid = OID_BLISS_IV,
                .strength = 192,
                .q = 12289,
@@ -190,6 +196,7 @@ static bliss_param_set_t bliss_param_sets[] = {
                .non_zero2 = 31,
                .kappa = 39,
                .nks_max = 244669,
+               .p_max = 0,     /* not needed */
                .sigma = 271,
                .k_sigma = 320,
                .k_sigma_bits = 9,
@@ -199,10 +206,101 @@ static bliss_param_set_t bliss_param_sets[] = {
                .z1_bits = 12,
                .d = 8,
                .p = 96,
-               .M = 244186,
+               .M = 244186,    /* with alpha = 0.550 */
                .B_inf = 1613,
                .B_l2 = 9901 * 9901
-     }
+       },
+
+       /* BLISS-B-I scheme */
+       {
+               .id = BLISS_B_I,
+               .oid = OID_BLISS_B_I,
+               .strength = 128,
+               .q = 12289,
+               .q_bits = 14,
+               .q2_inv = 6145,
+               .n = 512,
+               .n_bits = 9,
+               .fft_params = &bliss_fft_12289_512,
+               .non_zero1 = 154,
+               .non_zero2 = 0,
+               .kappa = 23,
+               .nks_max = 0,   /* not needed */
+               .p_max = 17825,
+               .sigma = 215,
+               .k_sigma = 254,
+               .k_sigma_bits = 8,
+               .c = c_bliss_i,
+               .c_cols = 16,
+               .c_rows = 21,
+               .z1_bits = 12,
+               .d = 10,
+               .p = 24,
+               .M = 17954,     /* with alpha = 1.610 */
+               .B_inf = 2047,  /* reduced from 2100 due to 12 bit z1 encoding */
+               .B_l2 = 12872 * 12872
+       },
+
+       /* BLISS-B-III scheme */
+       {
+               .id = BLISS_B_III,
+               .oid = OID_BLISS_B_III,
+               .strength = 160,
+               .q = 12289,
+               .q_bits = 14,
+               .q2_inv = 6145,
+               .n = 512,
+               .n_bits = 9,
+               .fft_params = &bliss_fft_12289_512,
+               .non_zero1 = 216,
+               .non_zero2 = 16,
+               .kappa = 30,
+               .nks_max = 0,   /* not needed */
+               .p_max = 42270,
+               .sigma = 250,
+               .k_sigma = 295,
+               .k_sigma_bits = 9,
+               .c = c_bliss_iii,
+               .c_cols = 16,
+               .c_rows = 21,
+               .z1_bits = 12,
+               .d = 9,
+               .p = 48,
+               .M = 42455,     /* with alpha = 1.216 */
+               .B_inf = 1760,
+               .B_l2 = 10206 * 10206
+       },
+
+       /* BLISS-B-IV scheme */
+       {
+               .id = BLISS_B_IV,
+               .oid = OID_BLISS_B_IV,
+               .strength = 192,
+               .q = 12289,
+               .q_bits = 14,
+               .q2_inv = 6145,
+               .n = 512,
+               .n_bits = 9,
+               .fft_params = &bliss_fft_12289_512,
+               .non_zero1 = 231,
+               .non_zero2 = 31,
+               .kappa = 39,
+               .nks_max = 0,   /* not needed */
+               .p_max = 69576,
+               .sigma = 271,
+               .k_sigma = 320,
+               .k_sigma_bits = 9,
+               .c = c_bliss_iv,
+               .c_cols = 16,
+               .c_rows = 22,
+               .z1_bits = 12,
+               .d = 8,
+               .p = 96,
+               .M = 70034,     /* with alpha = 1.027 */
+               .B_inf = 1613,
+               .B_l2 = 9901 * 9901
+       }
+
 };
 
 /**
index 8c73afa..33a8009 100644 (file)
@@ -33,10 +33,14 @@ typedef struct bliss_param_set_t bliss_param_set_t;
  * BLISS signature parameter set ID list
  */
 enum bliss_param_set_id_t {
-       BLISS_I =   1,
-       BLISS_II =  2,
-       BLISS_III = 3,
-       BLISS_IV =  4
+       BLISS_I =     1,
+       BLISS_II =    2,
+       BLISS_III =   3,
+       BLISS_IV =    4,
+       BLISS_B_I =   5,
+       BLISS_B_II =  6,
+       BLISS_B_III = 7,
+       BLISS_B_IV =  8
 };
 
 extern enum_name_t *bliss_param_set_id_names;
@@ -107,11 +111,16 @@ struct bliss_param_set_t {
        uint16_t kappa;
 
        /**
-        * Maximum Nk(S) tolerable NK(S) norm
+        * Maximum Nk(S) tolerable NK(S) norm (BLISS only)
         */
        uint32_t nks_max;
 
        /**
+        * Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only)
+        */
+       uint32_t p_max;
+
+       /**
         * Standard deviation sigma
         */
        uint16_t sigma;
index 4f1aeae..64f0b06 100644 (file)
@@ -103,6 +103,61 @@ static void multiply_by_c(int8_t *s, int n, uint16_t *c_indices,
 }
 
 /**
+ * BLISS-B GreedySC algorithm
+ */
+static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices,
+                                         uint16_t kappa, int32_t *v1, int32_t *v2)
+{
+       int i, j, index;
+       int32_t sign;
+
+       for (i = 0; i < n; i++)
+       {
+               v1[i] = v2[i] = 0;
+       }
+       for (j = 0; j < kappa; j++)
+       {
+               index = c_indices[j];
+               sign = 0;
+
+               for (i = 0; i < index; i++)
+               {
+                       sign -= (v1[i] * s1[i - index + n] + v2[i] * s2[i - index + n]);
+               }
+               for (i = index; i < n; i++)
+               {
+                       sign += (v1[i] * s1[i - index] + v2[i] * s2[i - index]);
+               }
+               for (i = 0; i < index; i++)
+               {
+                       if (sign > 0)
+                       {
+                               v1[i] += s1[i - index + n];
+                               v2[i] += s2[i - index + n];
+                       }
+                       else
+                       {
+                               v1[i] -= s1[i - index + n];
+                               v2[i] -= s2[i - index + n];
+                       }
+               }
+               for (i = index; i < n; i++)
+               {
+                       if (sign > 0)
+                       {
+                               v1[i] -= s1[i - index];
+                               v2[i] -= s2[i - index];
+                       }
+                       else
+                       {
+                               v1[i] += s1[i - index];
+                               v2[i] += s2[i - index];
+                       }
+               }
+       }
+}
+
+/**
  * Compute a BLISS signature based on a SHA-512 hash
  */
 static bool sign_bliss_with_sha512(private_bliss_private_key_t *this,
@@ -126,7 +181,7 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this,
        double mean1 = 0, mean2 = 0, sigma1 = 0, sigma2 = 0;
        chunk_t seed;
        chunk_t data_hash = { data_hash_buf, sizeof(data_hash_buf) };
-       bool accepted, positive, success = FALSE;
+       bool accepted, positive, success = FALSE, use_bliss_b;
 
        /* Initialize signature */
        *signature = chunk_empty;
@@ -184,6 +239,23 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this,
 
        fft = bliss_fft_create(this->set->fft_params);
 
+       /* Use of the enhanced BLISS-B signature algorithm? */
+       switch (this->set->id)
+       {
+               case BLISS_I:
+               case BLISS_II:
+               case BLISS_III:
+               case BLISS_IV:
+                       use_bliss_b = FALSE;
+                       break;
+               case BLISS_B_I:
+               case BLISS_B_II:
+               case BLISS_B_III:
+               case BLISS_B_IV:
+                       use_bliss_b = TRUE;
+                       break;
+       }
+
        while (true)
        {
                tests++;
@@ -284,20 +356,48 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this,
                        goto end;
                }
 
-               /* Compute s*c */
-               multiply_by_c(this->s1, n, c_indices, this->set->kappa, s1c);
-               multiply_by_c(this->s2, n, c_indices, this->set->kappa, s2c);
+               if (use_bliss_b)
+               {
+                       /* Compute v = (s1c, s2c) with the GreedySC algorithm */
+                       greedy_sc(this->s1, this->s2, n, c_indices, this->set->kappa,
+                                         s1c, s2c);
+
+                       /* Compute norm = ||v||^2 = ||Sc'||^2 */
+                       norm = bliss_utils_scalar_product(s1c, s1c, n) +
+                                  bliss_utils_scalar_product(s2c, s2c, n);
+
+                       /* Just in case. ||v||^2 <= P_max should always be fulfilled */
+                       if (norm > this->set->p_max)
+                       {
+                               goto end;
+                       }
+               }
+               else
+               {
+                       /* Compute s*c */
+                       multiply_by_c(this->s1, n, c_indices, this->set->kappa, s1c);
+                       multiply_by_c(this->s2, n, c_indices, this->set->kappa, s2c);
 
-               /* Reject with probability 1/(M*exp(-norm^2/2*sigma^2)) */
-               norm = bliss_utils_scalar_product(s1c, s1c, n) +
-                          bliss_utils_scalar_product(s2c, s2c, n);
+                       /* Compute norm = |Sc||^2 */
+                       norm = bliss_utils_scalar_product(s1c, s1c, n) +
+                                  bliss_utils_scalar_product(s2c, s2c, n);
+               }
 
                if (!sampler->bernoulli_exp(sampler, this->set->M - norm, &accepted))
                {
                        goto end;
                }
-               DBG2(DBG_LIB, "norm2(s1*c) + norm2(s2*c) = %u, %s",
-                                          norm, accepted ? "accepted" : "rejected");
+               if (use_bliss_b)
+               {
+                       DBG2(DBG_LIB, "norm2(s1*c') + norm2(s2*c') = %u (%u max), %s",
+                                norm, this->set->p_max, accepted ? "accepted" : "rejected");
+
+               }
+               else
+               {
+                       DBG2(DBG_LIB, "norm2(s1*c) + norm2(s2*c) = %u, %s",
+                                norm, accepted ? "accepted" : "rejected");
+               }
                if (!accepted)
                {
                        continue;
@@ -523,8 +623,10 @@ METHOD(private_key_t, get_fingerprint, bool,
        }
        success = bliss_public_key_fingerprint(this->set->oid, this->A,
                                                                                   this->set, type, fp);
-       lib->encoding->cache(lib->encoding, type, this, *fp);
-
+       if (success)
+       {
+               lib->encoding->cache(lib->encoding, type, this, *fp);
+       }
        return success;
 }
 
@@ -834,16 +936,34 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
 
                l2_norm = wrapped_product(f, f, n, 0) +  wrapped_product(g, g, n, 0);
                nks = nks_norm(f, g, n, this->set->kappa);
-               DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u (%u max)",
-                                          l2_norm, nks, this->set->nks_max);
-               if (nks < this->set->nks_max)
+
+               switch (this->set->id)
                {
-                       *s1 = f;
-                       *s2 = g;
-                       return TRUE;
+                       case BLISS_I:
+                       case BLISS_II:
+                       case BLISS_III:
+                       case BLISS_IV:
+                               DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u (%u max)",
+                                                          l2_norm, nks, this->set->nks_max);
+                               if (nks < this->set->nks_max)
+                               {
+                                       *s1 = f;
+                                       *s2 = g;
+                                       return TRUE;
+                               }
+                               free(f);
+                               free(g);
+                               break;
+                       case BLISS_B_I:
+                       case BLISS_B_II:
+                       case BLISS_B_III:
+                       case BLISS_B_IV:
+                               DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u",
+                                                          l2_norm, nks);
+                               *s1 = f;
+                               *s2 = g;
+                               return TRUE;
                }
-               free(f);
-               free(g);
        }
 
        return FALSE;
@@ -855,7 +975,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
 bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 {
        private_bliss_private_key_t *this;
-       u_int key_size = 1;
+       u_int key_size = BLISS_B_I;
        int i, n, trials = 0;
        uint32_t *S1, *S2, *a;
        uint16_t q;
@@ -879,11 +999,33 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
                break;
        }
 
-       /* Only BLISS-I, BLISS-III and BLISS-IV are currently supported */
+       if (lib->settings->get_bool(lib->settings, "%s.plugins.bliss.use_bliss_b",
+                                                               TRUE, lib->ns))
+       {
+               switch (key_size)
+               {
+                       case BLISS_I:
+                               key_size = BLISS_B_I;
+                               break;
+                       case BLISS_II:
+                               key_size = BLISS_B_II;
+                               break;
+                       case BLISS_III:
+                               key_size = BLISS_B_III;
+                               break;
+                       case BLISS_IV:
+                               key_size = BLISS_B_IV;
+                               break;
+                       default:
+                               break;
+               }
+       }
+
+       /* Only BLISS or BLISS-B types I, III, or IV are currently supported */
        set = bliss_param_set_get_by_id(key_size);
        if (!set)
        {
-               DBG1(DBG_LIB, "BLISS parameter set %u not supported");
+               DBG1(DBG_LIB, "BLISS parameter set %u not supported", key_size);
                return NULL;
        }
 
@@ -1004,6 +1146,7 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
        bliss_bitpacker_t *packer;
        asn1_parser_t *parser;
        size_t s_bits = 0;
+       int8_t s, s_min, s_max;
        uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value;
        bool success = FALSE;
        int objectID, oid, i;
@@ -1047,9 +1190,36 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
                                {
                                        goto end;
                                }
-
-                               /* Use either 2 or 3 bits per array element */
-                               s_bits = 2 + (this->set->non_zero2 > 0);
+                               if (lib->settings->get_bool(lib->settings,
+                                                       "%s.plugins.bliss.use_bliss_b",TRUE, lib->ns))
+                               {
+                                       switch (this->set->id)
+                                       {
+                                               case BLISS_I:
+                                                       this->set = bliss_param_set_get_by_id(BLISS_B_I);
+                                                       break;
+                                               case BLISS_III:
+                                                       this->set = bliss_param_set_get_by_id(BLISS_B_III);
+                                                       break;
+                                               case BLISS_IV:
+                                                       this->set = bliss_param_set_get_by_id(BLISS_B_IV);
+                                                       break;
+                                               default:
+                                                       break;
+                                       }
+                               }
+                               if (this->set->non_zero2)
+                               {
+                                       s_min = -2;
+                                       s_max =  2;
+                                       s_bits = 3;
+                               }
+                               else
+                               {
+                                       s_min = -1;
+                                       s_max =  1;
+                                       s_bits = 2;
+                               }
                                s_sign = 1 << (s_bits - 1);
                                s_mask = ((1 << (32 - s_bits)) - 1) << s_bits;
                                break;
@@ -1072,7 +1242,13 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
                                for (i = 0; i < this->set->n; i++)
                                {
                                        packer->read_bits(packer, &value, s_bits);
-                                       this->s1[i] = (value & s_sign) ? value | s_mask : value;
+                                       s = (value & s_sign) ? value | s_mask : value;
+                                       if (s < s_min || s > s_max)
+                                       {
+                                               packer->destroy(packer);
+                                               goto end;
+                                       }
+                                       this->s1[i] = s;
                                }
                                packer->destroy(packer);
                                break;
@@ -1089,7 +1265,13 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
                                for (i = 0; i < this->set->n; i++)
                                {
                                        packer->read_bits(packer, &value, s_bits);
-                                       this->s2[i] = 2*((value & s_sign) ? value | s_mask : value);
+                                       s = (value & s_sign) ? value | s_mask : value;
+                                       if (s < s_min || s > s_max)
+                                       {
+                                               packer->destroy(packer);
+                                               goto end;
+                                       }
+                                       this->s2[i] = 2 * s;
                                        if (i == 0)
                                        {
                                                this->s2[0] += 1;
index 912ec3d..4564d7c 100644 (file)
@@ -410,6 +410,11 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
        for (i = 0; i < set->n; i++)
        {
                packer->read_bits(packer, &coefficient, set->q_bits);
+               if (coefficient >= set->q)
+               {
+                       packer->destroy(packer);
+                       return FALSE;
+               }
                (*pubkey)[i] = coefficient;
        }
        packer->destroy(packer);
index ca385ee..e603da3 100644 (file)
@@ -177,6 +177,12 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
                return NULL;
        }
 
+       if (encoding.len == 0)
+       {
+               DBG1(DBG_LIB, "zero length BLISS signature");
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .get_encoding = _get_encoding,
@@ -198,6 +204,7 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
                        !packer->read_bits(packer, &z1_low, 8) ||
                        !coder->decode(coder, &z1, &z2))
                {
+                       DBG1(DBG_LIB, "truncated BLISS signature encoding of z1/z2");
                        coder->destroy(coder);
                        packer->destroy(packer);
                        destroy(this);
@@ -213,6 +220,7 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
        {
                if (!packer->read_bits(packer, &value, set->n_bits))
                {
+                       DBG1(DBG_LIB, "truncated BLISS signature encoding of c_indices");
                        packer->destroy(packer);
                        destroy(this);
                        return NULL;
index c1c9e8b..cbc7e09 100644 (file)
Binary files a/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der and b/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der differ
index c1c9e8b..cbc7e09 100644 (file)
Binary files a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der and b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der differ
index c1c9e8b..cbc7e09 100644 (file)
Binary files a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der and b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der differ
index c1c9e8b..cbc7e09 100644 (file)
Binary files a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der and b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der differ