diff options
-rw-r--r-- | conf/Makefile.am | 1 | ||||
-rw-r--r-- | conf/plugins/bliss.opt | 2 | ||||
-rw-r--r-- | src/libstrongswan/asn1/oid.txt | 4 | ||||
-rw-r--r-- | src/libstrongswan/plugins/bliss/bliss_huffman_code.c | 3 | ||||
-rw-r--r-- | src/libstrongswan/plugins/bliss/bliss_param_set.c | 128 | ||||
-rw-r--r-- | src/libstrongswan/plugins/bliss/bliss_param_set.h | 19 | ||||
-rw-r--r-- | src/libstrongswan/plugins/bliss/bliss_private_key.c | 236 | ||||
-rw-r--r-- | src/libstrongswan/plugins/bliss/bliss_public_key.c | 5 | ||||
-rw-r--r-- | src/libstrongswan/plugins/bliss/bliss_signature.c | 8 | ||||
-rw-r--r-- | testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der | bin | 2088 -> 2094 bytes | |||
-rw-r--r-- | testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der | bin | 2088 -> 2094 bytes | |||
-rw-r--r-- | testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der | bin | 2088 -> 2094 bytes | |||
-rw-r--r-- | testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der | bin | 2088 -> 2094 bytes |
13 files changed, 359 insertions, 47 deletions
diff --git a/conf/Makefile.am b/conf/Makefile.am index 1085e48e1..c6f8741cd 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -28,6 +28,7 @@ plugins = \ plugins/android_log.opt \ plugins/attr.opt \ plugins/attr-sql.opt \ + plugins/bliss.opt \ plugins/certexpire.opt \ plugins/coupling.opt \ plugins/dhcp.opt \ diff --git a/conf/plugins/bliss.opt b/conf/plugins/bliss.opt new file mode 100644 index 000000000..0983da026 --- /dev/null +++ b/conf/plugins/bliss.opt @@ -0,0 +1,2 @@ +charon.plugins.bliss.use_bliss_b = yes + Use the enhanced BLISS-B key generation and signature algorithm. diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 39bc552d4..bf392dad2 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -218,6 +218,10 @@ 0x02 "BLISS-II" OID_BLISS_II 0x03 "BLISS-III" OID_BLISS_III 0x04 "BLISS-IV" OID_BLISS_IV + 0x05 "BLISS-B-I" OID_BLISS_B_I + 0x06 "BLISS-B-II" OID_BLISS_B_II + 0x07 "BLISS-B_III" OID_BLISS_B_III + 0x08 "BLISS-B_IV" OID_BLISS_B_IV 0x03 "blissSigType" 0x01 "BLISS-with-SHA512" OID_BLISS_WITH_SHA512 0x89 "" diff --git a/src/libstrongswan/plugins/bliss/bliss_huffman_code.c b/src/libstrongswan/plugins/bliss/bliss_huffman_code.c index 68a799b24..e31cd9d3c 100644 --- a/src/libstrongswan/plugins/bliss/bliss_huffman_code.c +++ b/src/libstrongswan/plugins/bliss/bliss_huffman_code.c @@ -27,10 +27,13 @@ bliss_huffman_code_t* bliss_huffman_code_get_by_id(bliss_param_set_id_t id) switch (id) { case BLISS_I: + case BLISS_B_I: return &bliss_huffman_code_1; case BLISS_III: + case BLISS_B_III: return &bliss_huffman_code_3; case BLISS_IV: + case BLISS_B_IV: return &bliss_huffman_code_4; default: return NULL; diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.c b/src/libstrongswan/plugins/bliss/bliss_param_set.c index cbdb56dc0..3781a588f 100644 --- a/src/libstrongswan/plugins/bliss/bliss_param_set.c +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.c @@ -17,11 +17,15 @@ #include <asn1/oid.h> -ENUM(bliss_param_set_id_names, BLISS_I, BLISS_IV, +ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV, "BLISS-I", "BLISS-II", "BLISS-III", - "BLISS-IV" + "BLISS-IV", + "BLISS-B-I", + "BLISS-B-II", + "BLISS-B-III", + "BLISS-B-IV" ); /** @@ -118,8 +122,8 @@ static uint8_t c_bliss_iv[] = { static bliss_param_set_t bliss_param_sets[] = { /* BLISS-I scheme */ - { - .id = BLISS_I, + { + .id = BLISS_I, .oid = OID_BLISS_I, .strength = 128, .q = 12289, @@ -132,6 +136,7 @@ static bliss_param_set_t bliss_param_sets[] = { .non_zero2 = 0, .kappa = 23, .nks_max = 46479, + .p_max = 0, /* not needed */ .sigma = 215, .k_sigma = 254, .k_sigma_bits = 8, @@ -141,14 +146,14 @@ static bliss_param_set_t bliss_param_sets[] = { .z1_bits = 12, .d = 10, .p = 24, - .M = 46539, - .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */ + .M = 46539, /* with alpha = 1.000 */ + .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */ .B_l2 = 12872 * 12872 - }, + }, /* BLISS-III scheme */ - { - .id = BLISS_III, + { + .id = BLISS_III, .oid = OID_BLISS_III, .strength = 160, .q = 12289, @@ -161,6 +166,7 @@ static bliss_param_set_t bliss_param_sets[] = { .non_zero2 = 16, .kappa = 30, .nks_max = 128626, + .p_max = 0, /* not needed */ .sigma = 250, .k_sigma = 295, .k_sigma_bits = 9, @@ -170,14 +176,14 @@ static bliss_param_set_t bliss_param_sets[] = { .z1_bits = 12, .d = 9, .p = 48, - .M = 128113, + .M = 128113, /* with alpha = 0.700 */ .B_inf = 1760, .B_l2 = 10206 * 10206 - }, + }, /* BLISS-IV scheme */ - { - .id = BLISS_IV, + { + .id = BLISS_IV, .oid = OID_BLISS_IV, .strength = 192, .q = 12289, @@ -190,6 +196,7 @@ static bliss_param_set_t bliss_param_sets[] = { .non_zero2 = 31, .kappa = 39, .nks_max = 244669, + .p_max = 0, /* not needed */ .sigma = 271, .k_sigma = 320, .k_sigma_bits = 9, @@ -199,10 +206,101 @@ static bliss_param_set_t bliss_param_sets[] = { .z1_bits = 12, .d = 8, .p = 96, - .M = 244186, + .M = 244186, /* with alpha = 0.550 */ .B_inf = 1613, .B_l2 = 9901 * 9901 - } + }, + + /* BLISS-B-I scheme */ + { + .id = BLISS_B_I, + .oid = OID_BLISS_B_I, + .strength = 128, + .q = 12289, + .q_bits = 14, + .q2_inv = 6145, + .n = 512, + .n_bits = 9, + .fft_params = &bliss_fft_12289_512, + .non_zero1 = 154, + .non_zero2 = 0, + .kappa = 23, + .nks_max = 0, /* not needed */ + .p_max = 17825, + .sigma = 215, + .k_sigma = 254, + .k_sigma_bits = 8, + .c = c_bliss_i, + .c_cols = 16, + .c_rows = 21, + .z1_bits = 12, + .d = 10, + .p = 24, + .M = 17954, /* with alpha = 1.610 */ + .B_inf = 2047, /* reduced from 2100 due to 12 bit z1 encoding */ + .B_l2 = 12872 * 12872 + }, + + /* BLISS-B-III scheme */ + { + .id = BLISS_B_III, + .oid = OID_BLISS_B_III, + .strength = 160, + .q = 12289, + .q_bits = 14, + .q2_inv = 6145, + .n = 512, + .n_bits = 9, + .fft_params = &bliss_fft_12289_512, + .non_zero1 = 216, + .non_zero2 = 16, + .kappa = 30, + .nks_max = 0, /* not needed */ + .p_max = 42270, + .sigma = 250, + .k_sigma = 295, + .k_sigma_bits = 9, + .c = c_bliss_iii, + .c_cols = 16, + .c_rows = 21, + .z1_bits = 12, + .d = 9, + .p = 48, + .M = 42455, /* with alpha = 1.216 */ + .B_inf = 1760, + .B_l2 = 10206 * 10206 + }, + + /* BLISS-B-IV scheme */ + { + .id = BLISS_B_IV, + .oid = OID_BLISS_B_IV, + .strength = 192, + .q = 12289, + .q_bits = 14, + .q2_inv = 6145, + .n = 512, + .n_bits = 9, + .fft_params = &bliss_fft_12289_512, + .non_zero1 = 231, + .non_zero2 = 31, + .kappa = 39, + .nks_max = 0, /* not needed */ + .p_max = 69576, + .sigma = 271, + .k_sigma = 320, + .k_sigma_bits = 9, + .c = c_bliss_iv, + .c_cols = 16, + .c_rows = 22, + .z1_bits = 12, + .d = 8, + .p = 96, + .M = 70034, /* with alpha = 1.027 */ + .B_inf = 1613, + .B_l2 = 9901 * 9901 + } + }; /** diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.h b/src/libstrongswan/plugins/bliss/bliss_param_set.h index 8c73afa35..33a8009ff 100644 --- a/src/libstrongswan/plugins/bliss/bliss_param_set.h +++ b/src/libstrongswan/plugins/bliss/bliss_param_set.h @@ -33,10 +33,14 @@ typedef struct bliss_param_set_t bliss_param_set_t; * BLISS signature parameter set ID list */ enum bliss_param_set_id_t { - BLISS_I = 1, - BLISS_II = 2, - BLISS_III = 3, - BLISS_IV = 4 + BLISS_I = 1, + BLISS_II = 2, + BLISS_III = 3, + BLISS_IV = 4, + BLISS_B_I = 5, + BLISS_B_II = 6, + BLISS_B_III = 7, + BLISS_B_IV = 8 }; extern enum_name_t *bliss_param_set_id_names; @@ -107,11 +111,16 @@ struct bliss_param_set_t { uint16_t kappa; /** - * Maximum Nk(S) tolerable NK(S) norm + * Maximum Nk(S) tolerable NK(S) norm (BLISS only) */ uint32_t nks_max; /** + * Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only) + */ + uint32_t p_max; + + /** * Standard deviation sigma */ uint16_t sigma; diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index 4f1aeae92..64f0b063d 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -103,6 +103,61 @@ static void multiply_by_c(int8_t *s, int n, uint16_t *c_indices, } /** + * BLISS-B GreedySC algorithm + */ +static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices, + uint16_t kappa, int32_t *v1, int32_t *v2) +{ + int i, j, index; + int32_t sign; + + for (i = 0; i < n; i++) + { + v1[i] = v2[i] = 0; + } + for (j = 0; j < kappa; j++) + { + index = c_indices[j]; + sign = 0; + + for (i = 0; i < index; i++) + { + sign -= (v1[i] * s1[i - index + n] + v2[i] * s2[i - index + n]); + } + for (i = index; i < n; i++) + { + sign += (v1[i] * s1[i - index] + v2[i] * s2[i - index]); + } + for (i = 0; i < index; i++) + { + if (sign > 0) + { + v1[i] += s1[i - index + n]; + v2[i] += s2[i - index + n]; + } + else + { + v1[i] -= s1[i - index + n]; + v2[i] -= s2[i - index + n]; + } + } + for (i = index; i < n; i++) + { + if (sign > 0) + { + v1[i] -= s1[i - index]; + v2[i] -= s2[i - index]; + } + else + { + v1[i] += s1[i - index]; + v2[i] += s2[i - index]; + } + } + } +} + +/** * Compute a BLISS signature based on a SHA-512 hash */ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this, @@ -126,7 +181,7 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this, double mean1 = 0, mean2 = 0, sigma1 = 0, sigma2 = 0; chunk_t seed; chunk_t data_hash = { data_hash_buf, sizeof(data_hash_buf) }; - bool accepted, positive, success = FALSE; + bool accepted, positive, success = FALSE, use_bliss_b; /* Initialize signature */ *signature = chunk_empty; @@ -184,6 +239,23 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this, fft = bliss_fft_create(this->set->fft_params); + /* Use of the enhanced BLISS-B signature algorithm? */ + switch (this->set->id) + { + case BLISS_I: + case BLISS_II: + case BLISS_III: + case BLISS_IV: + use_bliss_b = FALSE; + break; + case BLISS_B_I: + case BLISS_B_II: + case BLISS_B_III: + case BLISS_B_IV: + use_bliss_b = TRUE; + break; + } + while (true) { tests++; @@ -284,20 +356,48 @@ static bool sign_bliss_with_sha512(private_bliss_private_key_t *this, goto end; } - /* Compute s*c */ - multiply_by_c(this->s1, n, c_indices, this->set->kappa, s1c); - multiply_by_c(this->s2, n, c_indices, this->set->kappa, s2c); + if (use_bliss_b) + { + /* Compute v = (s1c, s2c) with the GreedySC algorithm */ + greedy_sc(this->s1, this->s2, n, c_indices, this->set->kappa, + s1c, s2c); + + /* Compute norm = ||v||^2 = ||Sc'||^2 */ + norm = bliss_utils_scalar_product(s1c, s1c, n) + + bliss_utils_scalar_product(s2c, s2c, n); + + /* Just in case. ||v||^2 <= P_max should always be fulfilled */ + if (norm > this->set->p_max) + { + goto end; + } + } + else + { + /* Compute s*c */ + multiply_by_c(this->s1, n, c_indices, this->set->kappa, s1c); + multiply_by_c(this->s2, n, c_indices, this->set->kappa, s2c); - /* Reject with probability 1/(M*exp(-norm^2/2*sigma^2)) */ - norm = bliss_utils_scalar_product(s1c, s1c, n) + - bliss_utils_scalar_product(s2c, s2c, n); + /* Compute norm = |Sc||^2 */ + norm = bliss_utils_scalar_product(s1c, s1c, n) + + bliss_utils_scalar_product(s2c, s2c, n); + } if (!sampler->bernoulli_exp(sampler, this->set->M - norm, &accepted)) { goto end; } - DBG2(DBG_LIB, "norm2(s1*c) + norm2(s2*c) = %u, %s", - norm, accepted ? "accepted" : "rejected"); + if (use_bliss_b) + { + DBG2(DBG_LIB, "norm2(s1*c') + norm2(s2*c') = %u (%u max), %s", + norm, this->set->p_max, accepted ? "accepted" : "rejected"); + + } + else + { + DBG2(DBG_LIB, "norm2(s1*c) + norm2(s2*c) = %u, %s", + norm, accepted ? "accepted" : "rejected"); + } if (!accepted) { continue; @@ -523,8 +623,10 @@ METHOD(private_key_t, get_fingerprint, bool, } success = bliss_public_key_fingerprint(this->set->oid, this->A, this->set, type, fp); - lib->encoding->cache(lib->encoding, type, this, *fp); - + if (success) + { + lib->encoding->cache(lib->encoding, type, this, *fp); + } return success; } @@ -834,16 +936,34 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng, l2_norm = wrapped_product(f, f, n, 0) + wrapped_product(g, g, n, 0); nks = nks_norm(f, g, n, this->set->kappa); - DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u (%u max)", - l2_norm, nks, this->set->nks_max); - if (nks < this->set->nks_max) + + switch (this->set->id) { - *s1 = f; - *s2 = g; - return TRUE; + case BLISS_I: + case BLISS_II: + case BLISS_III: + case BLISS_IV: + DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u (%u max)", + l2_norm, nks, this->set->nks_max); + if (nks < this->set->nks_max) + { + *s1 = f; + *s2 = g; + return TRUE; + } + free(f); + free(g); + break; + case BLISS_B_I: + case BLISS_B_II: + case BLISS_B_III: + case BLISS_B_IV: + DBG2(DBG_LIB, "l2 norm of s1||s2: %d, Nk(S): %u", + l2_norm, nks); + *s1 = f; + *s2 = g; + return TRUE; } - free(f); - free(g); } return FALSE; @@ -855,7 +975,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng, bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) { private_bliss_private_key_t *this; - u_int key_size = 1; + u_int key_size = BLISS_B_I; int i, n, trials = 0; uint32_t *S1, *S2, *a; uint16_t q; @@ -879,11 +999,33 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args) break; } - /* Only BLISS-I, BLISS-III and BLISS-IV are currently supported */ + if (lib->settings->get_bool(lib->settings, "%s.plugins.bliss.use_bliss_b", + TRUE, lib->ns)) + { + switch (key_size) + { + case BLISS_I: + key_size = BLISS_B_I; + break; + case BLISS_II: + key_size = BLISS_B_II; + break; + case BLISS_III: + key_size = BLISS_B_III; + break; + case BLISS_IV: + key_size = BLISS_B_IV; + break; + default: + break; + } + } + + /* Only BLISS or BLISS-B types I, III, or IV are currently supported */ set = bliss_param_set_get_by_id(key_size); if (!set) { - DBG1(DBG_LIB, "BLISS parameter set %u not supported"); + DBG1(DBG_LIB, "BLISS parameter set %u not supported", key_size); return NULL; } @@ -1004,6 +1146,7 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) bliss_bitpacker_t *packer; asn1_parser_t *parser; size_t s_bits = 0; + int8_t s, s_min, s_max; uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value; bool success = FALSE; int objectID, oid, i; @@ -1047,9 +1190,36 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) { goto end; } - - /* Use either 2 or 3 bits per array element */ - s_bits = 2 + (this->set->non_zero2 > 0); + if (lib->settings->get_bool(lib->settings, + "%s.plugins.bliss.use_bliss_b",TRUE, lib->ns)) + { + switch (this->set->id) + { + case BLISS_I: + this->set = bliss_param_set_get_by_id(BLISS_B_I); + break; + case BLISS_III: + this->set = bliss_param_set_get_by_id(BLISS_B_III); + break; + case BLISS_IV: + this->set = bliss_param_set_get_by_id(BLISS_B_IV); + break; + default: + break; + } + } + if (this->set->non_zero2) + { + s_min = -2; + s_max = 2; + s_bits = 3; + } + else + { + s_min = -1; + s_max = 1; + s_bits = 2; + } s_sign = 1 << (s_bits - 1); s_mask = ((1 << (32 - s_bits)) - 1) << s_bits; break; @@ -1072,7 +1242,13 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) for (i = 0; i < this->set->n; i++) { packer->read_bits(packer, &value, s_bits); - this->s1[i] = (value & s_sign) ? value | s_mask : value; + s = (value & s_sign) ? value | s_mask : value; + if (s < s_min || s > s_max) + { + packer->destroy(packer); + goto end; + } + this->s1[i] = s; } packer->destroy(packer); break; @@ -1089,7 +1265,13 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args) for (i = 0; i < this->set->n; i++) { packer->read_bits(packer, &value, s_bits); - this->s2[i] = 2*((value & s_sign) ? value | s_mask : value); + s = (value & s_sign) ? value | s_mask : value; + if (s < s_min || s > s_max) + { + packer->destroy(packer); + goto end; + } + this->s2[i] = 2 * s; if (i == 0) { this->s2[0] += 1; diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c index 912ec3de5..4564d7c75 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c @@ -410,6 +410,11 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set, for (i = 0; i < set->n; i++) { packer->read_bits(packer, &coefficient, set->q_bits); + if (coefficient >= set->q) + { + packer->destroy(packer); + return FALSE; + } (*pubkey)[i] = coefficient; } packer->destroy(packer); diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.c b/src/libstrongswan/plugins/bliss/bliss_signature.c index ca385ee41..e603da399 100644 --- a/src/libstrongswan/plugins/bliss/bliss_signature.c +++ b/src/libstrongswan/plugins/bliss/bliss_signature.c @@ -177,6 +177,12 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set, return NULL; } + if (encoding.len == 0) + { + DBG1(DBG_LIB, "zero length BLISS signature"); + return NULL; + } + INIT(this, .public = { .get_encoding = _get_encoding, @@ -198,6 +204,7 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set, !packer->read_bits(packer, &z1_low, 8) || !coder->decode(coder, &z1, &z2)) { + DBG1(DBG_LIB, "truncated BLISS signature encoding of z1/z2"); coder->destroy(coder); packer->destroy(packer); destroy(this); @@ -213,6 +220,7 @@ bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set, { if (!packer->read_bits(packer, &value, set->n_bits)) { + DBG1(DBG_LIB, "truncated BLISS signature encoding of c_indices"); packer->destroy(packer); destroy(this); return NULL; diff --git a/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der b/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der Binary files differindex c1c9e8b0f..cbc7e09c1 100644 --- a/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der +++ b/testing/hosts/winnetou/etc/openssl/bliss/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der Binary files differindex c1c9e8b0f..cbc7e09c1 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der Binary files differindex c1c9e8b0f..cbc7e09c1 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der Binary files differindex c1c9e8b0f..cbc7e09c1 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der |