Defined BLISS I and IV parameter sets

4 files changed, 365 insertions, 19 deletions

diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am
index 94eb6da8d..e73ffb02a 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.am
+++ b/src/libstrongswan/plugins/bliss/Makefile.am
@@ -13,6 +13,7 @@ endif
 
 libstrongswan_bliss_la_SOURCES = \
 	bliss_plugin.h bliss_plugin.c \
+	bliss_param_set.h bliss_param_set.c \
 	bliss_private_key.h bliss_private_key.c \
 	bliss_public_key.h bliss_public_key.c \
 	bliss_fft.h bliss_fft.c \
diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.c b/src/libstrongswan/plugins/bliss/bliss_param_set.c
new file mode 100644
index 000000000..f2c2718fd
--- /dev/null
+++ b/src/libstrongswan/plugins/bliss/bliss_param_set.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "bliss_param_set.h"
+
+#include <asn1/oid.h>
+
+ENUM(bliss_param_set_id_names, BLISS_I, BLISS_IV,
+	"BLISS-I",
+	"BLISS-II",
+	"BLISS-III",
+	"BLISS-IV"
+);
+
+/**
+ * BLISS signature parameter set definitions
+ */
+static bliss_param_set_t bliss_param_sets[] = {
+
+	/* BLISS-I scheme */
+    {
+        .id = BLISS_I, 
+		.oid = OID_BLISS_I,
+		.strength = 128,
+		.q = 12289,
+		.n = 512,
+		.n_bits = 9,
+		.fft_params = &bliss_fft_12289_512,
+		.non_zero1 = 154,
+		.non_zero2 = 0,
+		.kappa = 23,
+		.nks_max = 46479,
+      },
+
+	/* BLISS-IV scheme */
+    {
+        .id = BLISS_IV, 
+		.oid = OID_BLISS_IV,
+		.strength = 192,
+		.q = 12289,
+		.n = 512,
+		.n_bits = 9,
+		.fft_params = &bliss_fft_12289_512,
+		.non_zero1 = 231,
+		.non_zero2 = 31,
+		.kappa = 39,
+		.nks_max = 244669,
+      }
+};
+
+/**
+ * See header.
+ */
+bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
+{
+	int i;
+
+	for (i = 0; i < countof(bliss_param_sets); i++)
+	{
+		if (bliss_param_sets[i].id == id)
+		{
+			return &bliss_param_sets[i];
+		}
+	}
+	return NULL;
+}
+
+
+/**
+ * See header.
+ */
+bliss_param_set_t* bliss_param_set_get_by_oid(int oid)
+{
+	int i;
+
+	for (i = 0; i < countof(bliss_param_sets); i++)
+	{
+		if (bliss_param_sets[i].oid == oid)
+		{
+			return &bliss_param_sets[i];
+		}
+	}
+	return NULL;
+}
diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.h b/src/libstrongswan/plugins/bliss/bliss_param_set.h
new file mode 100644
index 000000000..acc053bbc
--- /dev/null
+++ b/src/libstrongswan/plugins/bliss/bliss_param_set.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup bliss_param_set bliss_param_set
+ * @{ @ingroup bliss_p
+ */
+
+#ifndef BLISS_PARAM_SET_H_
+#define BLISS_PARAM_SET_H_
+
+typedef enum bliss_param_set_id_t bliss_param_set_id_t;
+typedef struct bliss_param_set_t bliss_param_set_t;
+
+#include "bliss_fft_params.h"
+
+#include <library.h>
+
+/**
+ * BLISS signature parameter set ID list
+ */
+enum bliss_param_set_id_t {
+	BLISS_I =   1,
+	BLISS_II =  2,
+	BLISS_III = 3,
+	BLISS_IV =  4
+};
+
+extern enum_name_t *bliss_param_set_id_names;
+
+/**
+ * BLISS
+ */
+struct bliss_param_set_t {
+
+	/**
+	 * BLISS parameter set ID
+	 */
+	bliss_param_set_id_t id;
+
+	/**
+	 * BLISS parameter set OID
+	 */
+	int oid;
+
+	/**
+	 * Security strength in bits
+	 */
+	uint16_t strength;
+
+	/**
+	 * Prime modulus
+	 */
+	uint16_t q;
+
+	/**
+	 * Ring dimension equal to the number of polynomial coefficients
+	 */
+	uint16_t n;
+
+	/**
+	 * Number of bits in n
+	 */
+	uint16_t n_bits;
+
+	/**
+	 * FFT parameters
+	 */
+	bliss_fft_params_t *fft_params;
+
+	/**
+	 * Number of [-1, +1] secret key coefficients
+	 */
+	uint16_t non_zero1;
+
+	/**
+	 * Number of [-2, +2] secret key coefficients
+	 */
+	uint16_t non_zero2;
+
+	/**
+	 * Number of secret key terms that go into Nk(S) norm
+	 */
+	uint16_t kappa;
+
+	/**
+	 * Maximum Nk(S) tolerable NK(S) norm
+	 */
+	uint32_t nks_max;
+
+};
+
+/**
+ * Get BLISS signature parameter set by BLISS parameter set ID
+ *
+ * @param id	BLISS parameter set ID
+ * @return		BLISS parameter set
+*/
+bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
+
+/**
+ * Get BLISS signature parameter set by BLISS parameter set OID
+ *
+ * @param oid	BLISS parameter set OID
+ * @return		BLISS parameter set
+*/
+bliss_param_set_t* bliss_param_set_get_by_oid(int oid);
+
+#endif /** BLISS_PARAM_SET_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index dcf1b7d73..38676d6a4 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -14,6 +14,7 @@
  */
 
 #include "bliss_private_key.h"
+#include "bliss_param_set.h"
 #include "bliss_fft.h"
 
 #define _GNU_SOURCE
@@ -30,11 +31,10 @@ struct private_bliss_private_key_t {
 	 */
 	bliss_private_key_t public;
 
-
 	/**
-	 * BLISS type
+	 * BLISS signature parameter set
 	 */
-	u_int key_size;
+	bliss_param_set_t *set;
 
 	/**
 	 * reference count
@@ -77,7 +77,7 @@ METHOD(private_key_t, decrypt, bool,
 METHOD(private_key_t, get_keysize, int,
 	private_bliss_private_key_t *this)
 {
-	return this->key_size;
+	return this->set->strength;
 }
 
 METHOD(private_key_t, get_public_key, public_key_t*,
@@ -209,16 +209,15 @@ static int compare(const int16_t *a, const int16_t *b)
 /**
  * Compute the Nk(S) norm of S = (s1, s2)
  */
-static uint32_t nks_norm(int16_t *s1, int16_t *s2, int n)
+static uint32_t nks_norm(int16_t *s1, int16_t *s2, int n, uint16_t kappa)
 {
 	int16_t t[n], t_wrapped[n], max_kappa[n];
 	uint32_t nks = 0;
-	int i, j, kappa = 23;
+	int i, j;
 
 	for (i = 0; i < n; i++)
 	{
 		t[i] = wrapped_product(s1, s1, n, i) + wrapped_product(s2, s2, n, i);
-		DBG1(DBG_LIB, "t[%d] = %5d", i, t[i]);
 	}
 
 	for (i = 0; i < n; i++)
@@ -231,7 +230,6 @@ static uint32_t nks_norm(int16_t *s1, int16_t *s2, int n)
 		{
 			max_kappa[i] += t_wrapped[n - j];
 		}
-		DBG1(DBG_LIB, "max_kappa[%d] = %5d", i, max_kappa[i]);
 	}
 	qsort(max_kappa, n, sizeof(int16_t), (__compar_fn_t)compare);
 
@@ -283,9 +281,10 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 	int i;
 	uint32_t *a, *A, *F, *G, nks;
 	uint16_t q, n, l2_norm;
+	bliss_param_set_t *set;
 	bliss_fft_t *fft;
 
-	int16_t f[] = {
+	int16_t f_bliss1[] = {
 		 0,  0,  0,  0,  1,  1,  0, -1,  0,  1, 
 		 0,  0,  0,  0,  0,  0,  0,  0,  0,  0, 
 		 0,  0, -1,  0,  0,  0, -1,  1,  0,  0, 
@@ -345,7 +344,7 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 		 0, -1
 	};
 
-int16_t g[] = {
+int16_t g_bliss1[] = {
 		-1,  0,  0,  0,  0,  0,  0,  0,  1,  0, 
 		 0,  0,  0,  0,  0,  0,  0,  1,  1,  0, 
 		 1,  0,  0,  0,  1,  0, -1,  0,  0,  0, 
@@ -405,6 +404,125 @@ int16_t g[] = {
 		 0, -1 
 };
 
+	int16_t f[] = {
+		 0, -1, -1,  0,  0,  1, -1, -1,  0,  0, 
+		 0,  0,  1,  1,  0,  0,  0,  1, -1,  1, 
+		-2,  1,  0,  0, -1,  0,  0,  0, -1,  0, 
+		 0, -1,  0,  1,  1, -1,  0,  1, -2, -1, 
+		 1,  0,  0,  0,  0, -1, -1,  0,  1,  2, 
+		 0,  0,  1,  0, -1,  0,  1,  1,  1,  0, 
+		 2, -1,  0,  0,  1,  0,  0, -1,  0,  0, 
+		 0,  0,  1,  0,  0, -1,  0, -1, -1,  0, 
+		 0,  0,  0, -1, -2, -1, -1, -1,  1,  0, 
+		 0,  1,  0,  1, -1, -1,  0,  0,  0,  1, 
+
+		 0, -1,  1,  1,  1,  0, -1,  0,  0, -1, 
+		 0,  1, -1,  1, -2,  0,  1,  1, -1,  0, 
+		 1, -1, -2,  0,  0, -1,  0,  0,  1,  0, 
+		 0,  0,  1, -1,  1, -2,  0,  0, -1,  1, 
+		 0,  0, -1, -1,  0, -1,  0,  0,  0,  0, 
+		-1,  0,  1, -1,  1,  0, -1,  1,  0,  1, 
+		 1,  0,  0, -1,  0,  1,  1,  0, -1,  1, 
+		 1,  1,  2,  0,  0,  1,  0,  1,  0,  0, 
+		-1, -1,  0, -2,  0, -1,  0,  0, -1,  1, 
+		-1, -2,  0,  2,  0, -1,  2,  1,  0,  1, 
+
+		 1,  1,  1,  0, -1,  1, -1,  1,  1, -1, 
+		 0,  1,  1,  1,  0,  0,  0,  0,  1,  0, 
+		-2,  0,  1,  1,  0, -1, -1,  1,  0,  1, 
+		-2,  1,  1, -1,  1,  0,  0,  1, -1, -1, 
+		 1,  0,  1,  1,  1, -1,  0, -1,  0,  0, 
+		 0,  0,  1,  0,  0, -1,  0,  0,  0,  0, 
+		 1, -1,  2, -1,  1,  0,  0,  1,  0,  0, 
+		 0, -1, -1,  2,  1,  1,  0, -1,  0, -1, 
+		 0,  0,  0,  0,  0,  0,  0, -1, -1,  0, 
+		 0,  0,  0, -1,  0,  1,  1,  1, -1,  0, 
+
+		-1,  1,  0,  1,  0,  0,  0,  1,  0, -1, 
+		 0,  0,  1, -2,  0,  0,  0,  0, -1,  1, 
+		 0,  1,  0,  0,  0, -1,  0,  1,  0, -1, 
+		 0,  1, -1,  0,  0,  1,  0,  0,  0,  0, 
+		 1, -1,  0, -2,  0,  0,  2,  0, -1, -1, 
+		-1,  1,  1,  0,  1, -1,  1,  2, -1,  1, 
+		-1,  0,  1, -2,  0,  0, -1,  2, -1,  0, 
+		-1,  0, -1,  0,  1, -2,  0,  2,  0,  0, 
+		 1, -1,  1, -1,  1,  0,  1,  1, -1,  0, 
+		 0,  0, -1, -1,  0,  0,  0, -1, -2,  0, 
+
+		 0,  0,  1, -2,  0,  0,  1,  1,  0, -1, 
+		 0,  0,  0,  0,  0,  1,  0,  0,  0,  0, 
+		 0,  0, -1,  0,  0,  0,  1,  0,  0,  0, 
+		 1,  2,  0, -1,  0,  0,  1,  0,  0,  0, 
+		-1,  0,  0,  1, -1,  0, -1,  0,  0, -1, 
+		-1, -1,  2,  0,  0,  0, -1,  0,  2,  0, 
+		-1,  0, -1,  0, -1,  1,  0,  0,  0,  0, 
+		-1,  2,  0,  1,  0,  0, -1,  0,  0,  0, 
+		 1, -1, -1,  0,  0, -1,  0, -1,  1, -1, 
+		 1,  0, -1, -1,  1,  1,  0,  0,  0,  0, 
+
+		 0,  0,  0,  1, -1,  0,  0,  0,  0,  0, 
+		 0,  0 
+	};
+int16_t g[] = {
+		 0,  2,  1,  0, -1,  1,  1,  1, -1, -1, 
+		 1,  2,  0,  0,  0, -1,  0, -1,  1,  0, 
+		 1, -1,  1,  0,  0,  0, -1, -1,  1,  0, 
+		-1,  1,  0,  0,  0,  0,  0,  0,  0,  0, 
+		 0,  1, -1, -1, -1, -1,  0,  0,  0,  0, 
+		 0, -1,  0, -1, -2,  0,  0,  1,  0, -1, 
+		-1, -1, -1, -1,  2,  1, -1,  0, -1,  0, 
+		 0,  1,  1,  0,  1,  0,  0,  0, -1,  1, 
+		 0,  1,  0,  0,  0,  1,  0,  0,  0,  0, 
+		 0, -1,  0,  0,  0, -1,  0,  0,  0,  0, 
+
+		 0,  1, -2,  1,  1, -1,  1,  1,  0,  1, 
+		 0,  0,  1,  0,  0,  0, -1,  0,  0,  0, 
+		 0,  0,  1,  0,  1, -1,  0,  0,  0,  1, 
+		 1,  1,  0,  0,  1,  0,  0,  1,  1,  1, 
+		 0,  0,  0, -1,  0, -1, -2,  1,  0,  1, 
+		 0, -1, -2,  1,  0,  0, -1,  0,  0,  0, 
+		 0,  0,  1,  0,  1, -1,  1,  1, -1,  0, 
+		 0,  0,  1, -1,  1,  1, -2, -1,  1,  0, 
+		-2,  0,  0,  0,  1,  1,  2,  0,  2,  1, 
+		 1,  0,  1,  0, -1,  1,  0,  0,  0, -1, 
+
+		-1, -1,  0,  0, -1,  1,  0,  1,  0, -1, 
+		 0,  0,  2,  1,  0,  0,  1, -2, -1,  0, 
+		 1,  0, -1,  1, -1,  0,  1, -1, -1,  1, 
+		 0,  0, -1, -1, -1,  0,  0,  1, -2, -1, 
+		 0, -1,  1, -1,  1, -1,  0, -1, -1,  1, 
+		 0,  1, -1,  0,  2,  1, -1,  0, -2,  0, 
+		-1,  0,  0,  1,  0, -1,  1,  1,  0,  0, 
+		 0, -1, -2,  1,  0,  0,  2,  0, -1,  0, 
+		 1,  1,  0, -1,  0,  0, -1, -1, -1,  0, 
+		 0, -1,  0,  0,  0,  0,  1,  0, -1, -1, 
+
+		 1, -1,  0,  0,  1,  0, -1,  1,  0,  1, 
+		 0,  1,  1,  1, -1,  0,  0,  1,  0, -1, 
+		 0, -1,  0,  0,  0, -1, -1,  0,  0,  0, 
+		-1, -1,  0,  1,  0,  0,  0,  1,  0,  0, 
+		 1,  1, -1,  0,  0,  0, -1,  0,  1,  1, 
+		 0,  1,  0,  1,  0, -1, -1,  0,  0,  0, 
+		 2, -1,  0,  0, -1,  1, -1, -2, -1,  0, 
+		 0,  1,  0,  1,  1,  0,  0,  0, -1,  2, 
+		 0, -1,  0,  0,  0, -1, -1, -1,  0,  1, 
+		-2,  0,  0,  1, -1,  0,  0,  0,  1,  1, 
+
+		 1,  1,  0, -1,  0,  0,  0,  0,  0,  0, 
+		 0,  0,  0,  0,  0,  0, -2,  0,  0,  0, 
+		 2,  1,  0,  0,  0,  0,  1,  0,  0, -1, 
+		 1, -2,  0,  0,  1,  1,  1,  0, -2,  0, 
+		-1,  0,  1,  2,  1,  0,  0, -2,  0, -1, 
+		-1,  0,  1,  0,  1,  0,  1,  0, -1, -1, 
+		 2,  0,  1, -1,  0,  1,  0,  0,  0, -1, 
+		 1,  0,  1, -1,  0,  0,  0,  0,  0, -1, 
+		 0,  0,  1, -1,  0,  0,  1,  1,  0,  0, 
+		 0,  1, -1,  0, -1, -2, -1,  0,  0, -2, 
+
+		 0, -1,  0,  0,  0, -1,  1,  0,  1,  1, 
+		-1,  0
+	};
+
 	while (TRUE)
 	{
 		switch (va_arg(args, builder_part_t))
@@ -421,18 +539,27 @@ int16_t g[] = {
 	}
 
 	/* Only BLISS-I and BLISS-IV are supported */
-	if (key_size != 1 && key_size != 4)
+	set = bliss_param_set_get_by_id(key_size);
+	if (!set)
 	{
+		DBG1(DBG_LIB, "BLISS parameter set %u not supported");
 		return NULL;
 	}
 
+	/* Some shortcuts for often used variables */
+	n = set->n;
+	q = set->q;
+
+	if (set->fft_params->n != n || set->fft_params->q != q)
+	{
+		DBG1(DBG_LIB, "FFT parameters do not match BLISS parameters");
+		return NULL;
+	}
 	this = bliss_private_key_create_empty();
-	this->key_size = key_size;
+	this->set = set;
 
 	/* We derive the public key from the private key using the FFT */
-	fft = bliss_fft_create(&bliss_fft_12289_512);
-	n = fft->get_size(fft);
-	q = fft->get_modulus(fft);
+	fft = bliss_fft_create(set->fft_params);
 
 	/* Compute 2g + 1 */
 	for (i = 0; i < n; i++)
@@ -442,8 +569,9 @@ int16_t g[] = {
 	g[0] += 1;
 
 	l2_norm = wrapped_product(f, f, n, 0) + wrapped_product(g, g, n, 0);
-	nks = nks_norm(f, g, n);
-	DBG1(DBG_LIB, "L2 norm of s1||s2: %d, Nk(S) = %u", l2_norm, nks);
+	nks = nks_norm(f, g, n, set->kappa);
+	DBG2(DBG_LIB, "L2 norm of s1||s2: %d, Nk(S): %u (%u max)",
+		 l2_norm, nks, set->nks_max);
 
 	F = malloc(n * sizeof(uint32_t));
 	G = malloc(n * sizeof(uint32_t));
@@ -470,10 +598,10 @@ int16_t g[] = {
 	}
 	fft->transform(fft, A, a, TRUE);
 
-	DBG1(DBG_LIB, "   i   f   g     a     F     G     A");
+	DBG4(DBG_LIB, "   i   f   g     a     F     G     A");
 	for (i = 0; i < n; i++)
 	{
-		DBG1(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u",
+		DBG4(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u",
 			 i, f[i], g[i], a[i], F[i], G[i], A[i]);
 	}