Bug#803787: [Pkg-swan-devel] Bug#803787: [strongswan] Enable post-quantum algorithms

Gerald Turner Sun, 23 Apr 2017 15:21:19 -0700

Control: tags -1 + patch

Hi, this is a cleanup of the previously submitted patch.  The mgf1
plugin was added in 5.5.1 and is a dependency of bliss (and newhope)
plugins.  I removed chapoly from the patch as it has it's own bug report
(bug #814927).  FYI newhope, another post-quantum key exchange
algorithm, was added in 5.5.1, but I'll be opening a separate bug
report/patch.


---
 debian/control                             |  4 ++++
 debian/libstrongswan-extra-plugins.install | 11 +++++++++++
 debian/rules                               |  2 ++
 3 files changed, 17 insertions(+)

diff --git a/debian/control b/debian/control
index 59e08ce9..a7d84fd7 100644
--- a/debian/control
+++ b/debian/control
@@ -140,6 +140,8 @@ Description: strongSwan utility and crypto library (extra 
plugins)
  Included plugins are:
   - af-alg [linux] (AF_ALG Linux crypto API interface, provides
     ciphers/hashers/hmac/xcbc)
+  - bliss (Bimodal Lattice Signature Scheme (BLISS) post-quantum computer
+    signature scheme)
   - ccm (CCM cipher mode wrapper)
   - cmac (CMAC cipher mode wrapper)
   - ctr (CTR cipher mode wrapper)
@@ -147,7 +149,9 @@ Description: strongSwan utility and crypto library (extra 
plugins)
   - gcrypt (Crypto backend based on libgcrypt, provides
     RSA/DH/ciphers/hashers/rng)
   - ldap (LDAP fetching plugin based on libldap)
+  - mgf1 (MGF1 mask generation function)
   - mysql (MySQL database backend based on libmysqlclient)
+  - ntru (Key exchange based on post-quantum computer NTRU encryption)
   - padlock (VIA padlock crypto backend, provides AES128/SHA1)
   - pkcs11 (PKCS#11 smartcard backend)
   - rdrand (High quality / high performance random source using the Intel
diff --git a/debian/libstrongswan-extra-plugins.install 
b/debian/libstrongswan-extra-plugins.install
index e5f8baac..6bd32976 100644
--- a/debian/libstrongswan-extra-plugins.install
+++ b/debian/libstrongswan-extra-plugins.install
@@ -1,37 +1,48 @@
 # libstrongswan plugins
+usr/lib/ipsec/plugins/libstrongswan-bliss.so
 usr/lib/ipsec/plugins/libstrongswan-ccm.so
 usr/lib/ipsec/plugins/libstrongswan-cmac.so
 usr/lib/ipsec/plugins/libstrongswan-ctr.so
 usr/lib/ipsec/plugins/libstrongswan-curl.so
 usr/lib/ipsec/plugins/libstrongswan-gcrypt.so
 usr/lib/ipsec/plugins/libstrongswan-ldap.so
+usr/lib/ipsec/plugins/libstrongswan-mgf1.so
 usr/lib/ipsec/plugins/libstrongswan-mysql.so
+usr/lib/ipsec/plugins/libstrongswan-ntru.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs11.so
 usr/lib/ipsec/plugins/libstrongswan-sqlite.so
 usr/lib/ipsec/plugins/libstrongswan-test-vectors.so
 usr/lib/ipsec/plugins/libstrongswan-unbound.so
 # default configuration files
+usr/share/strongswan/templates/config/plugins/bliss.conf
 usr/share/strongswan/templates/config/plugins/ccm.conf
 usr/share/strongswan/templates/config/plugins/cmac.conf
 usr/share/strongswan/templates/config/plugins/ctr.conf
 usr/share/strongswan/templates/config/plugins/curl.conf
 usr/share/strongswan/templates/config/plugins/gcrypt.conf
 usr/share/strongswan/templates/config/plugins/ldap.conf
+usr/share/strongswan/templates/config/plugins/mgf1.conf
 usr/share/strongswan/templates/config/plugins/mysql.conf
+usr/share/strongswan/templates/config/plugins/ntru.conf
 usr/share/strongswan/templates/config/plugins/pkcs11.conf
 usr/share/strongswan/templates/config/plugins/sqlite.conf
 usr/share/strongswan/templates/config/plugins/test-vectors.conf
 usr/share/strongswan/templates/config/plugins/unbound.conf
 usr/share/strongswan/templates/database/sql/mysql.sql
 usr/share/strongswan/templates/database/sql/sqlite.sql
+etc/strongswan.d/charon/bliss.conf
 etc/strongswan.d/charon/ccm.conf
 etc/strongswan.d/charon/cmac.conf
 etc/strongswan.d/charon/ctr.conf
 etc/strongswan.d/charon/curl.conf
 etc/strongswan.d/charon/gcrypt.conf
 etc/strongswan.d/charon/ldap.conf
+etc/strongswan.d/charon/mgf1.conf
 etc/strongswan.d/charon/mysql.conf
+etc/strongswan.d/charon/ntru.conf
 etc/strongswan.d/charon/pkcs11.conf
 etc/strongswan.d/charon/sqlite.conf
 etc/strongswan.d/charon/test-vectors.conf
 etc/strongswan.d/charon/unbound.conf
+# support libs
+usr/lib/ipsec/libnttfft.so*
diff --git a/debian/rules b/debian/rules
index 08c8aa09..d99b21c6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,6 +7,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
                --enable-addrblock \
                --enable-agent \
                --enable-attr-sql \
+               --enable-bliss \
                --enable-ccm \
                --enable-certexpire \
                --enable-cmd \
@@ -32,6 +33,7 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \
                --enable-lookip \
                --enable-mediation \
                --enable-mysql \
+               --enable-ntru \
                --enable-openssl \
                --enable-pkcs11 \
                --enable-sqlite \
-- 
Gerald Turner <gtur...@unzane.com>        Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80  3858 EC94 2276 FDB8 716D

signature.asc
Description: PGP signature

Bug#803787: [Pkg-swan-devel] Bug#803787: [strongswan] Enable post-quantum algorithms

Reply via email to