3204c89a8871d57d6476f42b3ab843a7d6e050aa
[strongswan.git] / src / libstrongswan / tests / suites / test_ntru.c
1 /*
2 * Copyright (C) 2013-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <tests/utils/test_rng.h>
19 #include <plugins/ntru/ntru_drbg.h>
20 #include <plugins/ntru/ntru_mgf1.h>
21 #include <plugins/ntru/ntru_trits.h>
22 #include <plugins/ntru/ntru_poly.h>
23 #include <plugins/ntru/ntru_param_set.h>
24 #include <plugins/ntru/ntru_private_key.h>
25 #include <utils/test.h>
26
27 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
28 u_int32_t strength, chunk_t pers_str, rng_t *entropy)
29
30 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create, ntru_mgf1_t*,
31 hash_algorithm_t alg, chunk_t seed, bool hash_seed)
32
33 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
34 size_t len, hash_algorithm_t alg, chunk_t seed)
35
36 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
37 hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
38 uint16_t N, uint16_t q, uint32_t indices_len_p,
39 uint32_t indices_len_m, bool is_product_form)
40
41 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
42 u_int16_t *data, uint16_t N, uint16_t q,
43 uint32_t indices_len_p, uint32_t indices_len_m,
44 bool is_product_form)
45
46 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_param_set_get_by_id, ntru_param_set_t* ,
47 ntru_param_set_id_t id)
48
49 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create, ntru_private_key_t*,
50 ntru_drbg_t *drbg, ntru_param_set_t *params)
51
52 /**
53 * NTRU parameter sets to test
54 */
55 static struct {
56 diffie_hellman_group_t group;
57 char *group_name;
58 } params[] = {
59 { NTRU_112_BIT, "NTRU_112" },
60 { NTRU_128_BIT, "NTRU_128" },
61 { NTRU_192_BIT, "NTRU_192" },
62 { NTRU_256_BIT, "NTRU_256" }
63 };
64
65 /**
66 * NTRU parameter set selection
67 */
68 char *parameter_sets[] = {
69 "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
70 };
71
72 typedef struct {
73 u_int32_t requested;
74 u_int32_t standard;
75 }strength_t;
76
77 strength_t strengths[] = {
78 { 80, 112 },
79 { 112, 112 },
80 { 120, 128 },
81 { 128, 128 },
82 { 150, 192 },
83 { 192, 192 },
84 { 200, 256 },
85 { 256, 256 },
86 { 512, 0 }
87 };
88
89 START_TEST(test_ntru_drbg_strength)
90 {
91 ntru_drbg_t *drbg;
92 rng_t *entropy;
93
94 entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
95 ck_assert(entropy != NULL);
96
97 drbg = ntru_drbg_create(strengths[_i].requested, chunk_empty, entropy);
98 if (strengths[_i].standard)
99 {
100 ck_assert(drbg != NULL);
101 ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
102 drbg->destroy(drbg);
103 }
104 else
105 {
106 ck_assert(drbg == NULL);
107 }
108 entropy->destroy(entropy);
109 }
110 END_TEST
111
112 typedef struct {
113 chunk_t pers_str;
114 chunk_t entropy;
115 chunk_t out;
116 } drbg_test_t;
117
118 /**
119 * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
120 */
121 drbg_test_t drbg_tests[] = {
122 /* SHA-256 test case 1 - count 0 */
123 { { NULL, 0 },
124 chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
125 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
126 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
127 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
128 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
129 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
130 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
131 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
132 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
133 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
134 chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
135 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
136 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
137 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
138 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
139 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
140 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
141 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
142 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
143 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
144 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
145 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
146 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
147 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
148 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
149 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
150 },
151 /* SHA-256 test case 3 - count 0 */
152 { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
153 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
154 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
155 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
156 chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
157 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
158 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
159 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
160 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
161 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
162 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
163 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
164 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
165 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
166 chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
167 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
168 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
169 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
170 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
171 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
172 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
173 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
174 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
175 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
176 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
177 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
178 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
179 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
180 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
181 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
182 },
183 /* SHA-256 test case 5 - count 0 */
184 { { NULL, 0 },
185 chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
186 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
187 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
188 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
189 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
190 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
191 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
192 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
193 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
194 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
195 chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
196 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
197 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
198 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
199 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
200 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
201 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
202 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
203 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
204 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
205 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
206 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
207 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
208 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
209 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
210 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
211 },
212 /* SHA-256 test case 7 - count 0 */
213 { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
214 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
215 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
216 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
217 chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
218 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
219 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
220 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
221 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
222 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
223 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
224 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
225 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
226 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
227 chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
228 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
229 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
230 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
231 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
232 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
233 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
234 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
235 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
236 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
237 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
238 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
239 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
240 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
241 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
242 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
243 }
244 };
245
246 START_TEST(test_ntru_drbg)
247 {
248 ntru_drbg_t *drbg;
249 rng_t *entropy;
250 chunk_t out;
251
252 out = chunk_alloc(128);
253 entropy = test_rng_create(drbg_tests[_i].entropy);
254 drbg = ntru_drbg_create(256, drbg_tests[_i].pers_str, entropy);
255 ck_assert(drbg != NULL);
256 ck_assert(drbg->reseed(drbg));
257 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
258 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
259 ck_assert(chunk_equals(out, drbg_tests[_i].out));
260 drbg->destroy(drbg);
261 entropy->destroy(entropy);
262 chunk_free(&out);
263 }
264 END_TEST
265
266 START_TEST(test_ntru_drbg_reseed)
267 {
268 ntru_drbg_t *drbg;
269 rng_t *entropy;
270 chunk_t out;
271
272 lib->settings->set_int(lib->settings,
273 "libstrongswan.plugins.ntru.max_drbg_requests", 2);
274 out = chunk_alloc(128);
275 entropy = test_rng_create(drbg_tests[0].entropy);
276 drbg = ntru_drbg_create(256, chunk_empty, entropy);
277
278 /* bad output parameters */
279 ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
280 ck_assert(!drbg->generate(drbg, 256, 128, NULL));
281
282 /* no reseeding occurs */
283 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
284 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
285
286 /* consuming remaining entropy */
287 ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
288
289 /* no entropy available for automatic reseeding */
290 ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
291 drbg->destroy(drbg);
292
293 /* no entropy available for DRBG instantiation */
294 drbg = ntru_drbg_create(256, chunk_empty, entropy);
295 ck_assert(drbg == NULL);
296 entropy->destroy(entropy);
297
298 /* one automatic reseeding occurs */
299 entropy = test_rng_create(drbg_tests[0].entropy);
300 drbg = ntru_drbg_create(256, chunk_empty, entropy);
301 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
302 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
303 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
304
305 /* no entropy left */
306 ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
307
308 drbg->destroy(drbg);
309 entropy->destroy(entropy);
310 chunk_free(&out);
311 lib->settings->set_int(lib->settings,
312 "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
313 }
314 END_TEST
315
316 typedef struct {
317 uint8_t c_bits;
318 uint16_t N;
319 uint16_t q;
320 bool is_product_form;
321 uint32_t indices_len;
322 uint32_t indices_size;
323 uint16_t *indices;
324 } poly_test_t;
325
326 typedef struct {
327 hash_algorithm_t alg;
328 size_t hash_size;
329 size_t ml1, ml2, ml3, seed_len;
330 chunk_t seed;
331 chunk_t hashed_seed;
332 chunk_t mask;
333 chunk_t trits;
334 poly_test_t poly_test[2];
335 } mgf1_test_t;
336
337 uint16_t indices_ees439ep1[] = {
338 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150,
339 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315,
340 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336
341 };
342
343 uint16_t indices_ees613ep1[] = {
344 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395,
345 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94,
346 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
347 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388,
348 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
349 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
350 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297,
351 283, 268, 54, 539, 5
352 };
353
354 uint16_t indices_ees743ep1[] = {
355 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520,
356 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291,
357 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
358 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
359 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
360 };
361
362 uint16_t indices_ees1171ep1[] = {
363 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568,
364 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133,
365 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173,
366 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
367 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
368 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
369 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213,
370 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
371 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940,
372 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
373 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
374 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
375 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547,
376 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
377 536, 191
378 };
379
380 /**
381 * MGF1 Mask Generation Function Test Vectors
382 */
383 mgf1_test_t mgf1_tests[] = {
384 { HASH_SHA1, 20, 60, 20, 15, 24,
385 chunk_from_chars(
386 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
387 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
388 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
389 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
390 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
391 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
392 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
393 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
394 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
395 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
396 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
397 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
398 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
399 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
400 chunk_from_chars(
401 0xF3, 0x9B, 0x0B, 0xB4, 0x97, 0x50, 0xB5, 0xA7,
402 0xE6, 0xBD, 0xDA, 0xD0, 0x9A, 0x52, 0xBE, 0xA0,
403 0x21, 0xC4, 0x90, 0xB6),
404 chunk_from_chars(
405 0x10, 0x43, 0x76, 0x72, 0x6C, 0xDE, 0xA0, 0x0E,
406 0x77, 0x51, 0xFB, 0x58, 0x39, 0x8A, 0x36, 0xE1,
407 0x63, 0x2B, 0xC9, 0x17, 0x56, 0x0C, 0x4B, 0x46,
408 0xA4, 0x07, 0xA4, 0x3B, 0x8E, 0x33, 0x4D, 0xD1,
409 0x65, 0xF1, 0xAC, 0xC8, 0x59, 0x21, 0x32, 0x16,
410 0x44, 0x2B, 0x7F, 0xB2, 0xA8, 0xA7, 0x26, 0x5D,
411 0xE8, 0x02, 0xBE, 0x8E, 0xDC, 0x34, 0xEB, 0x10,
412 0x76, 0x16, 0x8C, 0xDD, 0x90, 0x92, 0x3D, 0x29,
413 0x90, 0x98, 0x46, 0x11, 0x73, 0x53, 0x47, 0xB1,
414 0x2C, 0xD4, 0x83, 0x78, 0x9B, 0x93, 0x2F, 0x5B,
415 0xFC, 0x26, 0xFF, 0x42, 0x08, 0x1F, 0x70, 0x66,
416 0x40, 0x4B, 0xE7, 0x22, 0x3A, 0x56, 0x10, 0x6D,
417 0x4D, 0x29, 0x0B, 0xCE, 0xA6, 0x21, 0xB5, 0x5C,
418 0x71, 0x66, 0x2F, 0x70, 0x35, 0xD8, 0x8A, 0x92,
419 0x33, 0xF0, 0x16, 0xD4, 0x0E, 0x43, 0x8A, 0x14),
420 chunk_from_chars(
421 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1,
422 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0,
423 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0,
424 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1,
425 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1,
426 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2,
427 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1,
428 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1,
429 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1,
430 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0,
431 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2,
432 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2,
433 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2,
434 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1,
435 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1,
436 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1,
437 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1,
438 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0,
439 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1,
440 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0,
441 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
442 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
443 {
444 { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
445 countof(indices_ees439ep1), indices_ees439ep1
446 },
447 { 11, 613, 2048, FALSE, 55,
448 countof(indices_ees613ep1), indices_ees613ep1
449 }
450 }
451 },
452 { HASH_SHA256, 32, 64, 32, 33, 40,
453 chunk_from_chars(
454 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
455 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
456 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
457 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
458 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
459 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
460 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
461 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
462 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
463 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
464 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
465 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
466 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
467 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
468 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
469 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
470 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
471 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
472 0x54, 0xEE, 0x20, 0xF0, 0x80),
473 chunk_from_chars(
474 0x76, 0x89, 0x8B, 0x1B, 0x60, 0xEC, 0x10, 0x9D,
475 0x8F, 0x13, 0xF2, 0xFE, 0xD9, 0x85, 0xC1, 0xAB,
476 0x7E, 0xEE, 0xB1, 0x31, 0xDD, 0xF7, 0x7F, 0x0C,
477 0x7D, 0xF9, 0x6B, 0x7B, 0x19, 0x80, 0xBD, 0x28),
478 chunk_from_chars(
479 0xF1, 0x19, 0x02, 0x4F, 0xDA, 0x58, 0x05, 0x9A,
480 0x07, 0xDF, 0x61, 0x81, 0x22, 0x0E, 0x15, 0x46,
481 0xCB, 0x35, 0x3C, 0xDC, 0xAD, 0x20, 0xD9, 0x3F,
482 0x0D, 0xD1, 0xAA, 0x64, 0x66, 0x5C, 0xFA, 0x4A,
483 0xFE, 0xD6, 0x8F, 0x55, 0x57, 0x15, 0xB2, 0xA6,
484 0xA0, 0xE6, 0xA8, 0xC6, 0xBD, 0x28, 0xB4, 0xD5,
485 0x6E, 0x5B, 0x4B, 0xB0, 0x97, 0x09, 0xF5, 0xAC,
486 0x57, 0x65, 0x13, 0x97, 0x71, 0x2C, 0x45, 0x13,
487 0x3D, 0xEE, 0xFB, 0xBF, 0xFE, 0xAF, 0xBB, 0x4B,
488 0x0D, 0x5C, 0x45, 0xD4, 0x2F, 0x17, 0x92, 0x07,
489 0x66, 0x11, 0xF5, 0x46, 0xF8, 0x0C, 0x03, 0x92,
490 0xF5, 0xF5, 0xFF, 0xA4, 0xF3, 0x52, 0xF4, 0x08,
491 0x2C, 0x49, 0x32, 0x1A, 0x93, 0x51, 0x98, 0xB6,
492 0x94, 0x83, 0x39, 0xCF, 0x6B, 0x1F, 0x2F, 0xFC,
493 0x2B, 0xFF, 0x10, 0x71, 0x7D, 0x35, 0x6C, 0xEA,
494 0xC5, 0x66, 0xC7, 0x26, 0x7D, 0x9E, 0xAC, 0xDD,
495 0x35, 0xD7, 0x06, 0x3F, 0x40, 0x82, 0xDA, 0xC3,
496 0x2B, 0x3C, 0x91, 0x3A, 0x32, 0xF8, 0xB2, 0xC6,
497 0x44, 0x4D, 0xCD, 0xB6, 0x54, 0x5F, 0x81, 0x95,
498 0x59, 0xA1, 0xE5, 0x4E, 0xA5, 0x0A, 0x4A, 0x42),
499 chunk_from_chars(
500 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0,
501 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1,
502 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1,
503 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0,
504 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2,
505 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0,
506 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1,
507 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2,
508 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0,
509 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2,
510 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0,
511 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1,
512 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0,
513 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0,
514 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0,
515 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2,
516 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0,
517 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0,
518 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1,
519 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0,
520 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0,
521 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0,
522 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2,
523 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2,
524 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0,
525 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0,
526 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1,
527 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1,
528 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
529 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
530 {
531 { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
532 countof(indices_ees743ep1), indices_ees743ep1
533 },
534 { 12, 1171, 2048, FALSE, 106,
535 countof(indices_ees1171ep1), indices_ees1171ep1
536 }
537 }
538 }
539 };
540
541 START_TEST(test_ntru_mgf1)
542 {
543 ntru_mgf1_t *mgf1;
544 chunk_t mask, mask1, mask2, mask3;
545
546 mask1 = mgf1_tests[_i].mask;
547 mask2 = chunk_skip(mask1, mgf1_tests[_i].ml1);
548 mask3 = chunk_skip(mask2, mgf1_tests[_i].ml2);
549 mask1.len = mgf1_tests[_i].ml1;
550 mask2.len = mgf1_tests[_i].ml2;
551 mask3.len = mgf1_tests[_i].ml3;
552
553 mgf1 = ntru_mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
554 ck_assert(mgf1 == NULL);
555
556 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
557 ck_assert(mgf1 == NULL);
558
559 /* return mask in allocated chunk */
560 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
561 ck_assert(mgf1);
562
563 /* check hash size */
564 ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
565
566 /* get zero number of octets */
567 ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
568 ck_assert(mask.len == 0 && mask.ptr == NULL);
569
570 /* get non-zero number of octets */
571 ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
572 ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
573 mgf1->destroy(mgf1);
574
575 /* copy mask to pre-allocated buffer */
576 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
577 ck_assert(mgf1);
578 ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
579 ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
580 mgf1->destroy(mgf1);
581
582 /* get mask in batches without hashing the seed */
583 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
584 ck_assert(mgf1);
585
586 /* first batch */
587 ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
588 mask.len = mask1.len;
589 ck_assert(chunk_equals(mask, mask1));
590
591 /* second batch */
592 ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
593 mask.len = mask2.len;
594 ck_assert(chunk_equals(mask, mask2));
595
596 /* third batch */
597 ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
598 mask.len = mask3.len;
599 ck_assert(chunk_equals(mask, mask3));
600
601 mgf1->destroy(mgf1);
602 chunk_free(&mask);
603 }
604 END_TEST
605
606 START_TEST(test_ntru_trits)
607 {
608 ntru_trits_t *mask;
609 chunk_t trits;
610
611 mask = ntru_trits_create(mgf1_tests[_i].trits.len, HASH_UNKNOWN,
612 mgf1_tests[_i].seed);
613 ck_assert(mask == NULL);
614
615 mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
616 chunk_empty);
617 ck_assert(mask == NULL);
618
619 mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
620 mgf1_tests[_i].seed);
621 ck_assert(mask);
622
623 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
624 ck_assert(chunk_equals(trits, mgf1_tests[_i].trits));
625 mask->destroy(mask);
626
627 /* generate a multiple of 5 trits */
628 mask = ntru_trits_create(10, mgf1_tests[_i].alg, mgf1_tests[_i].seed);
629 ck_assert(mask);
630
631 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
632 ck_assert(chunk_equals(trits, chunk_create(mgf1_tests[_i].trits.ptr, 10)));
633 mask->destroy(mask);
634 }
635 END_TEST
636
637 START_TEST(test_ntru_poly)
638 {
639 ntru_poly_t *poly;
640 uint16_t *indices;
641 chunk_t seed;
642 poly_test_t *p;
643 int j, n;
644
645 seed = mgf1_tests[_i].seed;
646 seed.len = mgf1_tests[_i].seed_len;
647
648 p = &mgf1_tests[_i].poly_test[0];
649 poly = ntru_poly_create_from_seed(HASH_UNKNOWN, seed, p->c_bits, p->N, p->q,
650 p->indices_len, p->indices_len,
651 p->is_product_form);
652 ck_assert(poly == NULL);
653
654 for (n = 0; n < 2; n++)
655 {
656 p = &mgf1_tests[_i].poly_test[n];
657 poly = ntru_poly_create_from_seed(mgf1_tests[_i].alg, seed, p->c_bits,
658 p->N, p->q, p->indices_len,
659 p->indices_len, p->is_product_form);
660 ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
661
662 indices = poly->get_indices(poly);
663 for (j = 0; j < p->indices_size; j++)
664 {
665 ck_assert(indices[j] == p->indices[j]);
666 }
667 poly->destroy(poly);
668 }
669 }
670 END_TEST
671
672 typedef struct {
673 uint16_t N;
674 uint16_t q;
675 bool is_product_form;
676 uint32_t indices_len_p;
677 uint32_t indices_len_m;
678 uint16_t *indices;
679 uint16_t *a;
680 uint16_t *c;
681 } ring_mult_test_t;
682
683 uint16_t t1_indices[] = { 1, 6, 5, 3 };
684
685 uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 };
686 uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 };
687
688 uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 };
689 uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 };
690
691 uint16_t t3_a[] = { 4, 0, 0, 0, 0, 0, 0 };
692 uint16_t t3_c[] = { 0, 4, 0, 4, 0, 4, 4 };
693
694 uint16_t t4_a[] = { 0, 6, 0, 0, 0, 0, 0 };
695 uint16_t t4_c[] = { 6, 0, 6, 0, 2, 0, 2 };
696
697 uint16_t t5_a[] = { 4, 6, 0, 0, 0, 0, 0 };
698 uint16_t t5_c[] = { 6, 4, 6, 4, 2, 4, 6 };
699
700 uint16_t t6_a[] = { 0, 0, 3, 0, 0, 0, 0 };
701 uint16_t t6_c[] = { 5, 3, 0, 3, 0, 5, 0 };
702
703 uint16_t t7_a[] = { 4, 6, 3, 0, 0, 0, 0 };
704 uint16_t t7_c[] = { 3, 7, 6, 7, 2, 1, 6 };
705
706 uint16_t t8_a[] = { 0, 0, 0, 7, 0, 0, 0 };
707 uint16_t t8_c[] = { 0, 1, 7, 0, 7, 0, 1 };
708
709 uint16_t t9_a[] = { 4, 6, 3, 7, 0, 0, 0 };
710 uint16_t t9_c[] = { 3, 0, 5, 7, 1, 1, 7 };
711
712 uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 };
713 uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 };
714
715 uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 };
716 uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 };
717
718 uint16_t t2_indices[] = { 1, 6, 5, 2, 3 };
719
720 uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 };
721 uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 };
722 uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 };
723 uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 };
724 uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 };
725
726 uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 };
727
728 uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
729 uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 };
730
731 ring_mult_test_t ring_mult_tests[] = {
732 { 7, 8, FALSE, 2, 2, t1_indices, t1_a, t1_c },
733 { 7, 8, FALSE, 2, 2, t1_indices, t2_a, t2_c },
734 { 7, 8, FALSE, 2, 2, t1_indices, t3_a, t3_c },
735 { 7, 8, FALSE, 2, 2, t1_indices, t4_a, t4_c },
736 { 7, 8, FALSE, 2, 2, t1_indices, t5_a, t5_c },
737 { 7, 8, FALSE, 2, 2, t1_indices, t6_a, t6_c },
738 { 7, 8, FALSE, 2, 2, t1_indices, t7_a, t7_c },
739 { 7, 8, FALSE, 2, 2, t1_indices, t8_a, t8_c },
740 { 7, 8, FALSE, 2, 2, t1_indices, t9_a, t9_c },
741 { 7, 8, FALSE, 2, 2, t1_indices, t10_a, t10_c },
742 { 7, 8, FALSE, 2, 2, t1_indices, t11_a, t11_c },
743 { 7, 8, FALSE, 3, 2, t2_indices, t1_a, t12_c },
744 { 7, 8, FALSE, 2, 3, t2_indices, t1_a, t13_c },
745 { 7, 32, FALSE, 2, 2, t1_indices, t1_a, t14_c },
746 { 7, 2048, FALSE, 2, 2, t1_indices, t2_a, t15_c },
747 { 7, 32768, FALSE, 2, 2, t1_indices, t2_a, t16_c },
748 { 11, 8, TRUE, 197121, 197121, t3_indices, t17_a, t17_c },
749 };
750
751 START_TEST(test_ntru_ring_mult)
752 {
753 ntru_poly_t *poly;
754 ring_mult_test_t *t;
755 uint16_t *c;
756 int i;
757
758 t = &ring_mult_tests[_i];
759 poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p,
760 t->indices_len_m, t->is_product_form);
761 ck_assert(poly != NULL);
762
763 c = malloc(t->N * sizeof(uint16_t));
764 poly->ring_mult(poly, t->a, c);
765
766 for (i = 0; i < t->N; i++)
767 {
768 ck_assert(c[i] == t->c[i]);
769 }
770
771 free(c);
772 poly->destroy(poly);
773 }
774 END_TEST
775
776 int array_tests[] = { 0, 11, 12, 16 };
777
778 START_TEST(test_ntru_array)
779 {
780 ntru_poly_t *poly;
781 ring_mult_test_t *t;
782 uint16_t *c;
783 int i;
784
785 t = &ring_mult_tests[array_tests[_i]];
786
787 poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p,
788 t->indices_len_m, t->is_product_form);
789 ck_assert(poly != NULL);
790
791 c = malloc(t->N * sizeof(uint16_t));
792 poly->get_array(poly, c);
793
794 for (i = 0; i < t->N; i++)
795 {
796 ck_assert(c[i] == t->c[i]);
797 }
798
799 free(c);
800 poly->destroy(poly);
801 }
802 END_TEST
803
804 START_TEST(test_ntru_param_set)
805 {
806 ck_assert(ntru_param_set_get_by_id(-1) == NULL);
807 ck_assert(ntru_param_set_get_by_id(16) == NULL);
808 }
809 END_TEST
810
811 typedef struct {
812 ntru_param_set_id_t id;
813 chunk_t entropy;
814 chunk_t encoding;
815 } privkey_test_t;
816
817 privkey_test_t privkey_tests[] = {
818 {
819 NTRU_EES401EP1,
820 chunk_from_chars(
821 0x0C, 0x2F, 0x24, 0xE1, 0xA4, 0x81, 0x26, 0xA2,
822 0x6C, 0xEA, 0xCD, 0x1A, 0xF3, 0xEB, 0x3D, 0xBF,
823 0xEA, 0xAE, 0xC3, 0x0D, 0xC1),
824 chunk_from_chars(
825 0x02, 0x03, 0x00, 0x02, 0x04, 0x3E, 0xF3, 0xCB,
826 0x7A, 0x58, 0x13, 0x75, 0xBB, 0x87, 0xF5, 0xBF,
827 0x2E, 0x18, 0xAE, 0x03, 0xAF, 0xB8, 0x33, 0x85,
828 0xD8, 0xBF, 0x8A, 0xB5, 0x8C, 0xA6, 0xDF, 0x03,
829 0x90, 0x1E, 0xE4, 0x83, 0xA4, 0x95, 0x40, 0xB5,
830 0x08, 0x92, 0x29, 0xD8, 0x83, 0xA8, 0x42, 0xB2,
831 0x69, 0xC2, 0x00, 0x8B, 0xAE, 0x80, 0x00, 0x4F,
832 0x3D, 0xDD, 0xFB, 0xDB, 0x9A, 0xD8, 0x0F, 0xFF,
833 0xBC, 0x21, 0xD5, 0xE6, 0x04, 0x9C, 0xDD, 0x3B,
834 0x2D, 0x16, 0x4B, 0xC7, 0x3D, 0xBE, 0xDE, 0xBB,
835 0x6F, 0xF4, 0x8A, 0x31, 0xCD, 0x23, 0x19, 0xC2,
836 0x3C, 0xE1, 0xE2, 0xEE, 0xE4, 0xE7, 0x2E, 0xFC,
837 0x5C, 0xDD, 0xAD, 0x0C, 0x9D, 0x98, 0xC5, 0x18,
838 0x2A, 0x80, 0x21, 0x93, 0x61, 0xC4, 0x9A, 0x16,
839 0xE8, 0x9B, 0xF7, 0x3B, 0x6D, 0x06, 0x91, 0x9E,
840 0x71, 0x59, 0xBE, 0x8E, 0x65, 0x61, 0xB2, 0x69,
841 0x9C, 0x82, 0x58, 0x0D, 0x63, 0x7A, 0x1F, 0x2A,
842 0x1C, 0x2C, 0x92, 0x8C, 0x8D, 0xCA, 0x2B, 0x45,
843 0x24, 0x79, 0xDB, 0x7F, 0x1D, 0x2F, 0xAB, 0x88,
844 0x8C, 0x1D, 0xE3, 0x15, 0x8F, 0xCD, 0x46, 0x8C,
845 0x45, 0x20, 0x88, 0x1C, 0x17, 0xE0, 0xE5, 0x89,
846 0xF4, 0x60, 0x56, 0x3C, 0x6B, 0x9F, 0x2A, 0xD9,
847 0xD0, 0xAE, 0x3B, 0xB6, 0xC2, 0xB7, 0x58, 0xC6,
848 0x6E, 0x09, 0x36, 0x21, 0x0B, 0xDD, 0xE9, 0x52,
849 0x33, 0x27, 0x39, 0xC8, 0x51, 0x59, 0x69, 0x25,
850 0xC6, 0x3D, 0x19, 0x5C, 0x5E, 0x74, 0xD0, 0x62,
851 0xD9, 0x26, 0x90, 0xC7, 0x64, 0x92, 0xA8, 0x72,
852 0xD1, 0x77, 0x1F, 0x78, 0xC5, 0x11, 0xBD, 0x5D,
853 0x3C, 0x1B, 0x1F, 0x8B, 0x5B, 0xE4, 0x5D, 0xA1,
854 0x27, 0x6D, 0x20, 0x24, 0x32, 0x53, 0xF3, 0xB0,
855 0xE6, 0x71, 0x61, 0xCC, 0xFC, 0x4A, 0x06, 0xDA,
856 0xBE, 0xD7, 0x9F, 0x2F, 0xEB, 0x44, 0xD0, 0x8A,
857 0x7D, 0x8E, 0x82, 0xF5, 0x84, 0xCF, 0x8E, 0xE5,
858 0x4B, 0xA4, 0x30, 0x77, 0xBD, 0x14, 0xB9, 0x75,
859 0x02, 0x68, 0xDF, 0x71, 0x89, 0x81, 0xF2, 0x95,
860 0xC3, 0x67, 0x6E, 0x37, 0xE4, 0xD0, 0xC9, 0x1E,
861 0x02, 0xDE, 0x2D, 0x79, 0x99, 0xE8, 0x7D, 0x5C,
862 0x99, 0xF2, 0x1A, 0xDE, 0x12, 0x9B, 0xD1, 0x83,
863 0x9B, 0x01, 0xD3, 0xEB, 0x2B, 0x8E, 0x9C, 0xA5,
864 0x19, 0xE8, 0x2E, 0xFE, 0x23, 0x6E, 0xAD, 0x8F,
865 0x3C, 0xAF, 0xB9, 0xE6, 0xDB, 0x07, 0xA4, 0x31,
866 0x02, 0x2B, 0x6A, 0xA0, 0xFB, 0x51, 0x6C, 0xD0,
867 0x26, 0xD5, 0xAD, 0x29, 0x65, 0x10, 0xCE, 0xF8,
868 0x84, 0x4D, 0x1E, 0x37, 0x92, 0xA2, 0xD1, 0xFA,
869 0xF6, 0xC0, 0x36, 0x4C, 0x23, 0x3A, 0x42, 0xAA,
870 0xB8, 0x0D, 0x4E, 0xD4, 0x40, 0x61, 0xD5, 0x36,
871 0x62, 0x23, 0x7C, 0x1C, 0x5E, 0xEA, 0x16, 0xAD,
872 0x4F, 0x30, 0xF9, 0x16, 0x99, 0xCE, 0xC5, 0x50,
873 0xAC, 0x8F, 0x6F, 0x98, 0xD7, 0xE3, 0x89, 0x6E,
874 0x3A, 0x12, 0xCE, 0xA7, 0xA4, 0x17, 0x74, 0xDC,
875 0xDB, 0xFA, 0xFF, 0xF9, 0x35, 0xD7, 0xF5, 0x77,
876 0x03, 0xF5, 0xBF, 0x81, 0x6C, 0x9F, 0x62, 0xA6,
877 0x8A, 0x5B, 0xA3, 0xEF, 0x9D, 0xC3, 0xF6, 0x3A,
878 0x6A, 0xC0, 0x42, 0x71, 0xAF, 0x90, 0xCA, 0x1D,
879 0x86, 0x78, 0xD7, 0x2C, 0xFE, 0xB6, 0x99, 0x15,
880 0x8C, 0x10, 0x42, 0x92, 0x2C, 0x05, 0x43, 0x92,
881 0x69, 0x05, 0x8D, 0x9E, 0xBC, 0xAB, 0x8F, 0x28,
882 0xAA, 0x4B, 0xFB, 0x25, 0xD9, 0xAD, 0x29, 0xFF,
883 0x33, 0x65, 0x14, 0xC3, 0x75, 0x1F, 0xCF, 0xFC,
884 0x20, 0x83, 0xBF, 0xB9, 0xA5, 0x4B, 0x7B, 0xD9,
885 0x07, 0x5C, 0xA1, 0xD1, 0x5A, 0x3E, 0x94, 0xF8,
886 0x03, 0xDE, 0xB8, 0x94, 0x11, 0x92, 0x80, 0x77,
887 0x57, 0x45, 0x1E, 0x6B, 0xA5, 0x15, 0xDB, 0x48,
888 0xB6, 0x9E, 0x02, 0xF1, 0x61, 0x4A, 0xAC, 0x1D,
889 0x49, 0xBC, 0xA9, 0x3F, 0x03, 0x50, 0xAC, 0x02,
890 0x8E, 0x84, 0xE0, 0x12, 0x37, 0x76, 0xBC, 0x4A,
891 0xF9, 0xC6, 0x74, 0x36, 0xFC, 0x92, 0x1D, 0x59,
892 0x0C, 0x04, 0xD2, 0x14, 0xB7, 0x11, 0xE9, 0xE2,
893 0xFE, 0x0C, 0xE1, 0xDA, 0x8B, 0xCA, 0x10, 0xA1,
894 0x60, 0xB6, 0x57, 0x51, 0x00, 0xD6, 0x5B, 0x55,
895 0x09, 0x60, 0xE8, 0x00, 0x40, 0x45, 0x56, 0xBA,
896 0x83, 0x1E, 0x36, 0x12, 0x59, 0x4B, 0x19, 0x00,
897 0x53, 0xAE, 0x62, 0xA6, 0x29, 0x39, 0xED, 0x87,
898 0x24, 0x37, 0x1E, 0x1B, 0xCF, 0x3F, 0x3A, 0x71,
899 0x31, 0xB5, 0x50, 0x8D, 0x4B, 0x53, 0x53, 0x75,
900 0x3F, 0x33, 0x39, 0x09, 0x2A, 0x78, 0xA8, 0x71,
901 0x3E, 0x63, 0xC5, 0x61, 0x73, 0xB6, 0xE1, 0x71,
902 0x16, 0xDA, 0x06, 0xBF, 0x3F, 0x22, 0x74, 0x89,
903 0x08, 0xD2, 0x05, 0x0B, 0x16, 0xC8, 0xF0, 0x17,
904 0x4E, 0xA2, 0x65, 0x67, 0x6D, 0x02)
905 },
906 {
907 NTRU_EES743EP1,
908 chunk_from_chars(
909 0x9B, 0xAB, 0x57, 0xDB, 0x2C, 0x60, 0x83, 0x48,
910 0x9F, 0xC9, 0x70, 0x8F, 0x69, 0xF7, 0xB4, 0xBB,
911 0x63, 0x5C, 0x9A, 0x63, 0x07, 0x80, 0x17, 0xD3,
912 0xCD, 0xB1, 0x57, 0x79, 0xFE, 0x8D, 0x81, 0x70,
913 0xEB, 0x50, 0xFA, 0x05, 0xFB, 0x97, 0xB2, 0xAB,
914 0x25, 0xED, 0xD8, 0x18, 0x1C, 0xFE, 0x96, 0x7D),
915 chunk_from_chars(
916 0x02, 0x03, 0x00, 0x06, 0x10, 0x14, 0x53, 0x73,
917 0x56, 0xF5, 0xA9, 0x34, 0xDE, 0xA6, 0x4D, 0x46,
918 0x05, 0x9E, 0x80, 0xAE, 0xB6, 0x74, 0x91, 0xFF,
919 0xFB, 0x48, 0xD3, 0x5C, 0x61, 0x12, 0x46, 0x02,
920 0x9F, 0x53, 0x45, 0x87, 0x47, 0xBD, 0x6B, 0x26,
921 0xF7, 0x36, 0xD3, 0x99, 0x1B, 0xD7, 0xEA, 0xA3,
922 0xA8, 0x94, 0xFF, 0x93, 0x46, 0x7C, 0x2C, 0x5F,
923 0x87, 0x8C, 0x38, 0xB3, 0x7B, 0xC6, 0x49, 0xE2,
924 0x88, 0xCA, 0x67, 0x89, 0xD0, 0x6D, 0x7C, 0xAE,
925 0x7C, 0x98, 0x84, 0xDA, 0x6B, 0x93, 0x92, 0xEF,
926 0x4A, 0xD1, 0x4A, 0xD2, 0x5B, 0x13, 0xF8, 0x59,
927 0x15, 0x2E, 0xBC, 0x70, 0x8D, 0x2D, 0xA9, 0x47,
928 0xA1, 0x99, 0x19, 0x3F, 0x67, 0xE8, 0x18, 0xA7,
929 0x17, 0x07, 0xB3, 0x14, 0xF6, 0x20, 0xA1, 0xD8,
930 0x33, 0xE8, 0x08, 0x6A, 0xC1, 0x39, 0x99, 0x08,
931 0xB4, 0x88, 0xEB, 0x48, 0x7D, 0xFB, 0xF5, 0xEF,
932 0x03, 0x0D, 0x25, 0xB7, 0x98, 0xF3, 0xF1, 0x15,
933 0x63, 0xE4, 0x0F, 0xFD, 0x54, 0x9F, 0x56, 0xE9,
934 0xD1, 0x44, 0xE5, 0x89, 0x66, 0x14, 0x91, 0x1C,
935 0xFD, 0xD6, 0xFD, 0x38, 0xAE, 0x39, 0xE3, 0xF7,
936 0xCD, 0x77, 0xC2, 0xEA, 0x2E, 0xE4, 0xB7, 0x2B,
937 0xBA, 0x7A, 0xD1, 0x75, 0xB8, 0x28, 0x65, 0x18,
938 0xF4, 0xC6, 0xBD, 0xD0, 0x17, 0x7E, 0xEA, 0x86,
939 0x7E, 0xFC, 0x95, 0xD6, 0x4C, 0x92, 0x01, 0xC3,
940 0xFF, 0x04, 0x9B, 0xF8, 0xD6, 0xB3, 0x8F, 0x72,
941 0xEF, 0x64, 0x09, 0x61, 0xF8, 0xE4, 0x48, 0xFC,
942 0x0D, 0xEE, 0xEF, 0xA2, 0x9F, 0x3A, 0x2B, 0x1A,
943 0xFB, 0x8B, 0xA0, 0x9C, 0x11, 0x0B, 0x97, 0x75,
944 0x30, 0x7C, 0xB8, 0x9F, 0xEE, 0x3B, 0x53, 0x85,
945 0x7D, 0xE9, 0xCB, 0xC4, 0x4D, 0xD7, 0x7F, 0x59,
946 0x10, 0x72, 0x19, 0x3A, 0xC9, 0x38, 0xFE, 0xE8,
947 0xB3, 0x06, 0x55, 0x8D, 0xA2, 0x5A, 0x3D, 0x79,
948 0x67, 0x0E, 0x90, 0xC9, 0x25, 0x6D, 0x45, 0x9C,
949 0x39, 0x79, 0x5F, 0x18, 0x35, 0x9F, 0xC1, 0x49,
950 0x08, 0x6F, 0x1C, 0x47, 0x09, 0x0D, 0x49, 0x7C,
951 0x3C, 0x7B, 0xB1, 0x09, 0x92, 0x1C, 0x4E, 0x5A,
952 0xDA, 0x74, 0x9E, 0xBB, 0x55, 0x9D, 0xBB, 0x1E,
953 0x43, 0x28, 0x62, 0xAF, 0x02, 0xB0, 0x1A, 0xEA,
954 0x13, 0x0A, 0x70, 0x0F, 0x60, 0x0F, 0x62, 0xA2,
955 0x4E, 0x1F, 0xB2, 0xEA, 0x06, 0xDD, 0x18, 0x02,
956 0x6C, 0xF3, 0x82, 0xF1, 0x80, 0x7F, 0xA7, 0x2F,
957 0xCC, 0xC6, 0x18, 0xEA, 0xFF, 0x1F, 0xAD, 0xC6,
958 0xBA, 0x0C, 0x0E, 0x04, 0xB2, 0x58, 0x1D, 0xB6,
959 0x01, 0xA3, 0x97, 0xDF, 0x7D, 0x9B, 0xB5, 0x0A,
960 0xAD, 0x30, 0x2B, 0xC5, 0x67, 0x40, 0x07, 0xF1,
961 0xD5, 0x6C, 0x11, 0x10, 0xE1, 0x69, 0x30, 0xAD,
962 0x90, 0x06, 0xDB, 0xF8, 0xEA, 0x92, 0x9B, 0x39,
963 0x57, 0x38, 0x7B, 0xE4, 0xB2, 0xA2, 0x89, 0xFD,
964 0xB1, 0x6D, 0x88, 0x41, 0x62, 0x4D, 0x18, 0xB6,
965 0x3F, 0x12, 0x81, 0xDE, 0xE6, 0xDC, 0x4A, 0x31,
966 0x61, 0x26, 0xB1, 0x4B, 0x95, 0xC1, 0x69, 0xDC,
967 0xDC, 0xAC, 0xD0, 0x15, 0xFC, 0x21, 0xC5, 0x20,
968 0x5F, 0x97, 0x76, 0x41, 0xC1, 0xF2, 0xD7, 0x95,
969 0x1D, 0x25, 0x23, 0x36, 0x86, 0xFA, 0x7E, 0xF4,
970 0x14, 0x9F, 0x9D, 0x9F, 0xB2, 0xBB, 0x25, 0x1D,
971 0xD5, 0x7A, 0x6F, 0x9E, 0xF7, 0xEF, 0x9D, 0x63,
972 0x1E, 0xD5, 0xDE, 0x6A, 0xE6, 0x46, 0x48, 0x1F,
973 0xE1, 0x0C, 0x4D, 0x82, 0xC9, 0x19, 0x3B, 0x65,
974 0xA4, 0x06, 0x13, 0xB7, 0x04, 0xB1, 0x62, 0xF7,
975 0x08, 0xAE, 0xED, 0x42, 0x6D, 0xCC, 0x6C, 0xA6,
976 0x06, 0x06, 0x41, 0x3E, 0x0C, 0x89, 0x4C, 0xBD,
977 0x00, 0x4F, 0x0E, 0xA9, 0x72, 0x06, 0x21, 0x82,
978 0xD2, 0xB6, 0x6C, 0xB0, 0xB0, 0x01, 0x5B, 0xDD,
979 0x05, 0xCE, 0x71, 0x6E, 0x00, 0x58, 0xC7, 0xA6,
980 0x5B, 0xF6, 0xFB, 0x6B, 0x62, 0xB1, 0xE8, 0x4D,
981 0xAC, 0xC0, 0x6B, 0xF4, 0x40, 0x69, 0xEE, 0x0D,
982 0xE7, 0x82, 0x61, 0x8D, 0x35, 0x01, 0x97, 0x4E,
983 0xF2, 0xCC, 0xF5, 0x7F, 0xBF, 0xE4, 0xEC, 0x9C,
984 0xC4, 0xD2, 0xD9, 0x65, 0x78, 0x98, 0xD8, 0xB0,
985 0xFA, 0xA8, 0xFB, 0xB0, 0xCE, 0x22, 0x5D, 0x0B,
986 0x27, 0xDF, 0x0E, 0x63, 0x42, 0xFE, 0x89, 0x13,
987 0x99, 0xB2, 0x02, 0x0B, 0xF6, 0x04, 0xB6, 0xAF,
988 0x9F, 0x8C, 0xA6, 0x17, 0x0D, 0xD9, 0x5B, 0x45,
989 0xE4, 0x08, 0x53, 0x51, 0xE0, 0xD5, 0x22, 0x72,
990 0xBE, 0xAD, 0x74, 0x69, 0xB9, 0xFB, 0x91, 0xF8,
991 0xC1, 0x89, 0x28, 0x71, 0x27, 0x62, 0xB1, 0xF0,
992 0xFD, 0x78, 0xBC, 0x82, 0xFE, 0x76, 0xBE, 0x7B,
993 0x47, 0x79, 0x32, 0x71, 0xAD, 0xD6, 0x76, 0x46,
994 0xFB, 0x32, 0xE8, 0x4B, 0x98, 0x9A, 0xC6, 0x85,
995 0xF2, 0xF1, 0x8A, 0xEC, 0xC2, 0x4E, 0x9B, 0x2F,
996 0x2D, 0x6F, 0xC9, 0x9B, 0xB6, 0x14, 0x35, 0x6D,
997 0xD6, 0x5B, 0xF3, 0x02, 0x5A, 0xE5, 0xBD, 0x00,
998 0xF7, 0x6E, 0x51, 0xA7, 0xDB, 0x19, 0xAE, 0x01,
999 0x01, 0x05, 0x94, 0x23, 0xF7, 0x5B, 0x07, 0x79,
1000 0xFF, 0x39, 0x58, 0x9C, 0x2A, 0xF7, 0x7E, 0x5D,
1001 0x81, 0xF9, 0x59, 0xFE, 0xB9, 0x9A, 0x96, 0x63,
1002 0x1F, 0x65, 0xF6, 0xF0, 0x3D, 0xEA, 0xD7, 0xC2,
1003 0x8A, 0xCF, 0xB5, 0x58, 0x74, 0x77, 0x23, 0xD6,
1004 0x72, 0x58, 0xA8, 0xAE, 0x31, 0x8A, 0x59, 0xEA,
1005 0x69, 0x14, 0x6A, 0x20, 0x78, 0x79, 0x28, 0x5A,
1006 0xE1, 0x76, 0x6F, 0xA6, 0x1A, 0x9E, 0x47, 0xD2,
1007 0xAF, 0x63, 0xF8, 0x06, 0xF6, 0xD8, 0xD5, 0x14,
1008 0xA8, 0xD1, 0xEE, 0x96, 0xCE, 0xBB, 0x8E, 0x22,
1009 0x69, 0x2F, 0x52, 0x06, 0xB6, 0x6F, 0xC8, 0x99,
1010 0x96, 0xEA, 0xC6, 0x1D, 0x96, 0x4C, 0x69, 0x95,
1011 0xFE, 0x74, 0x04, 0x3C, 0x55, 0xD9, 0x5F, 0xE0,
1012 0x41, 0x21, 0x43, 0x21, 0x5A, 0x50, 0x5D, 0x8B,
1013 0xE8, 0xB2, 0x51, 0x1B, 0x7C, 0x63, 0x50, 0xAE,
1014 0x97, 0x4F, 0xBA, 0x7D, 0xF2, 0xB6, 0xB6, 0x16,
1015 0x1D, 0x47, 0x9E, 0x19, 0x68, 0xD4, 0x6B, 0x2B,
1016 0x75, 0xCD, 0xAE, 0x65, 0x33, 0x38, 0xF6, 0x6D,
1017 0xC7, 0x3E, 0x46, 0x98, 0x9E, 0x98, 0x8B, 0x45,
1018 0x11, 0xA7, 0x12, 0x05, 0xB0, 0x01, 0xC3, 0x51,
1019 0xA0, 0xEE, 0x7C, 0x16, 0xD1, 0x42, 0x96, 0xC4,
1020 0xF0, 0x7B, 0x71, 0xCD, 0x50, 0x38, 0xA4, 0xB0,
1021 0x6E, 0x6F, 0xE0, 0xBD, 0xC4, 0xF7, 0x96, 0x2B,
1022 0xF1, 0x6D, 0x9F, 0xF3, 0x71, 0x89, 0xFA, 0xB4,
1023 0x44, 0xA4, 0x32, 0xDC, 0xB2, 0x55, 0x13, 0x31,
1024 0x83, 0x29, 0x66, 0x21, 0x3E, 0x89, 0xF8, 0x78,
1025 0x97, 0x9C, 0x64, 0xF9, 0x2C, 0x0A, 0x88, 0xBC,
1026 0xCA, 0x6F, 0x83, 0x42, 0xF6, 0xD7, 0x00, 0xC4,
1027 0x19, 0x52, 0xB0, 0x31, 0xA8, 0xBA, 0xE8, 0xD4,
1028 0xAD, 0x4B, 0x5D, 0xC0, 0x01, 0x20, 0x6C, 0xBB,
1029 0x1D, 0x9A, 0x1D, 0xD4, 0x19, 0xFD, 0x33, 0xAB,
1030 0xA0, 0x54, 0x50, 0x91, 0xE9, 0x75, 0x5C, 0x7E,
1031 0x7E, 0xB3, 0x24, 0x79, 0xAE, 0x10, 0x3C, 0xB4,
1032 0xB7, 0x0A, 0x1D, 0x86, 0xAD, 0x06, 0x95, 0xCB,
1033 0x84, 0x9B, 0x0E, 0x8B, 0x77, 0x7E, 0x3E, 0xD2,
1034 0xA6, 0xDF, 0xAD, 0x4E, 0xFB, 0x69, 0x23, 0xAC,
1035 0x7A, 0xCB, 0xAA, 0xB0, 0x22, 0xDD, 0xD2, 0xC6,
1036 0xC7, 0xAD, 0xD7, 0xDE, 0xEC, 0x6F, 0x08, 0x41,
1037 0x54, 0xD5, 0x52, 0xDC, 0x77, 0xE4, 0x72, 0xF9,
1038 0x16, 0xB1, 0xC9, 0xAF, 0xB1, 0x3B, 0x18, 0x99,
1039 0x20, 0x9F, 0x79, 0x63, 0x7B, 0x07, 0xC7, 0x35,
1040 0xDF, 0xBB, 0xCE, 0x66, 0x93, 0x1B, 0xF5, 0x82,
1041 0x25, 0x67, 0xC1, 0xF2, 0xF0, 0x89, 0x0F, 0xEF,
1042 0x84, 0x0D, 0x63, 0xB6, 0x7B, 0xD0, 0x40, 0x8E,
1043 0xDB, 0x94, 0xCC, 0x71, 0x3C, 0xDB, 0x36, 0x14,
1044 0x34, 0xFD, 0xA0, 0xB0, 0xC1, 0x45, 0x31, 0xF8,
1045 0x8D, 0xD8, 0x23, 0xB1, 0x05, 0x14, 0xA9, 0x55,
1046 0x3A, 0x1A, 0x37, 0x48, 0x68, 0x89, 0x3F, 0x15,
1047 0x25, 0xD4, 0x99, 0x53, 0x4C, 0x85, 0x98, 0x78,
1048 0x1D, 0x35, 0x4A, 0x83, 0x79, 0x9A, 0x29, 0x90,
1049 0x2B, 0x45, 0x76, 0x0C, 0x13, 0x80, 0x4A, 0xE0,
1050 0x40, 0xED, 0x6B, 0x2E, 0x2A, 0x43, 0xA9, 0x28,
1051 0xB0, 0x2F, 0x89, 0x01, 0x6B, 0x39, 0x8C, 0x5E,
1052 0x80, 0x61, 0xD9, 0xEE, 0x0F, 0x41, 0x75, 0xB5,
1053 0xAE, 0xB6, 0xC2, 0x42, 0x49, 0x8D, 0x89, 0xD8,
1054 0xF4, 0x78, 0x1D, 0x90, 0x46, 0x26, 0x4C, 0x56,
1055 0xB7, 0xC0, 0xD9, 0x98, 0x7B, 0x07, 0xA1, 0x20)
1056 }
1057 };
1058
1059 START_TEST(test_ntru_privkey)
1060 {
1061 rng_t *entropy;
1062 ntru_drbg_t *drbg;
1063 ntru_private_key_t *privkey;
1064 ntru_public_key_t *pubkey;
1065 ntru_param_set_t *params;
1066 uint32_t strength;
1067 chunk_t encoding, privkey_encoding, pubkey_encoding;
1068
1069 params = ntru_param_set_get_by_id(privkey_tests[_i].id);
1070 strength = params->sec_strength_len * BITS_PER_BYTE;
1071 entropy = test_rng_create(privkey_tests[_i].entropy);
1072 drbg = ntru_drbg_create(strength, chunk_from_str("IKE NTRU-KE"), entropy);
1073 ck_assert(drbg != NULL);
1074
1075 privkey = ntru_private_key_create(drbg, params);
1076 ck_assert(privkey);
1077
1078 privkey_encoding = privkey->get_encoding(privkey);
1079 encoding = privkey_tests[_i].encoding;
1080 ck_assert(chunk_equals(privkey_encoding, encoding));
1081
1082
1083 pubkey= privkey->get_public_key(privkey);
1084 pubkey_encoding = pubkey->get_encoding(pubkey);
1085 encoding = chunk_clone(encoding);
1086 encoding.ptr[0] = NTRU_PUBKEY_TAG;
1087 encoding.len = pubkey_encoding.len;
1088 ck_assert(chunk_equals(pubkey_encoding, encoding));
1089
1090 /* get encoding a second time without generating it again internally */
1091 pubkey_encoding = pubkey->get_encoding(pubkey);
1092
1093 chunk_free(&encoding);
1094 privkey->destroy(privkey);
1095 pubkey->destroy(pubkey);
1096 }
1097 END_TEST
1098
1099 START_TEST(test_ntru_ke)
1100 {
1101 chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
1102 diffie_hellman_t *i_ntru, *r_ntru;
1103 char buf[10];
1104 int k, n, len;
1105 status_t status;
1106
1107 k = (_i) / countof(parameter_sets);
1108 n = (_i) % countof(parameter_sets);
1109
1110 len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
1111 params[k].group);
1112 ck_assert(len == 8);
1113 ck_assert(streq(buf, params[k].group_name));
1114
1115 lib->settings->set_str(lib->settings,
1116 "libstrongswan.plugins.ntru.parameter_set", parameter_sets[n]);
1117
1118 i_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1119 ck_assert(i_ntru != NULL);
1120 ck_assert(i_ntru->get_dh_group(i_ntru) == params[k].group);
1121
1122 i_ntru->get_my_public_value(i_ntru, &pub_key);
1123 ck_assert(pub_key.len > 0);
1124
1125 r_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1126 ck_assert(r_ntru != NULL);
1127
1128 r_ntru->set_other_public_value(r_ntru, pub_key);
1129 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1130 ck_assert(cipher_text.len > 0);
1131
1132 status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret);
1133 ck_assert(status == SUCCESS);
1134 ck_assert(r_shared_secret.len > 0);
1135
1136 i_ntru->set_other_public_value(i_ntru, cipher_text);
1137 status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret);
1138 ck_assert(status == SUCCESS);
1139 ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
1140
1141 chunk_clear(&i_shared_secret);
1142 chunk_clear(&r_shared_secret);
1143 chunk_free(&pub_key);
1144 chunk_free(&cipher_text);
1145 i_ntru->destroy(i_ntru);
1146 r_ntru->destroy(r_ntru);
1147 }
1148 END_TEST
1149
1150 START_TEST(test_ntru_retransmission)
1151 {
1152 diffie_hellman_t *i_ntru;
1153 chunk_t pub_key1, pub_key2;
1154
1155 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
1156 i_ntru->get_my_public_value(i_ntru, &pub_key1);
1157 i_ntru->get_my_public_value(i_ntru, &pub_key2);
1158 ck_assert(chunk_equals(pub_key1, pub_key2));
1159
1160 chunk_free(&pub_key1);
1161 chunk_free(&pub_key2);
1162 i_ntru->destroy(i_ntru);
1163 }
1164 END_TEST
1165
1166 chunk_t oid_tests[] = {
1167 { NULL, 0 },
1168 chunk_from_chars(0x00),
1169 chunk_from_chars(0x01),
1170 chunk_from_chars(0x02),
1171 chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
1172 chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
1173 chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
1174 chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
1175 };
1176
1177 START_TEST(test_ntru_pubkey_oid)
1178 {
1179 diffie_hellman_t *r_ntru;
1180 chunk_t cipher_text;
1181
1182 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1183 r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
1184 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1185 ck_assert(cipher_text.len == 0);
1186 r_ntru->destroy(r_ntru);
1187 }
1188 END_TEST
1189
1190 START_TEST(test_ntru_wrong_set)
1191 {
1192 diffie_hellman_t *i_ntru, *r_ntru;
1193 chunk_t pub_key, cipher_text;
1194
1195 lib->settings->set_str(lib->settings,
1196 "libstrongswan.plugins.ntru.parameter_set",
1197 "x9_98_bandwidth");
1198 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1199 i_ntru->get_my_public_value(i_ntru, &pub_key);
1200
1201 lib->settings->set_str(lib->settings,
1202 "libstrongswan.plugins.ntru.parameter_set",
1203 "optimum");
1204 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1205 r_ntru->set_other_public_value(r_ntru, pub_key);
1206 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1207 ck_assert(cipher_text.len == 0);
1208
1209 chunk_free(&pub_key);
1210 chunk_free(&cipher_text);
1211 i_ntru->destroy(i_ntru);
1212 r_ntru->destroy(r_ntru);
1213 }
1214 END_TEST
1215
1216 START_TEST(test_ntru_ciphertext)
1217 {
1218 char buf_00[604], buf_ff[604];
1219
1220 chunk_t test[] = {
1221 chunk_empty,
1222 chunk_from_chars(0x00),
1223 chunk_create(buf_00, sizeof(buf_00)),
1224 chunk_create(buf_ff, sizeof(buf_ff)),
1225 };
1226
1227 diffie_hellman_t *i_ntru;
1228 chunk_t pub_key, shared_secret;
1229 int i;
1230
1231 memset(buf_00, 0x00, sizeof(buf_00));
1232 memset(buf_ff, 0xff, sizeof(buf_ff));
1233
1234 for (i = 0; i < countof(test); i++)
1235 {
1236 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1237 i_ntru->get_my_public_value(i_ntru, &pub_key);
1238 i_ntru->set_other_public_value(i_ntru, test[i]);
1239 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
1240 ck_assert(shared_secret.len == 0);
1241
1242 chunk_free(&pub_key);
1243 i_ntru->destroy(i_ntru);
1244 }
1245 }
1246 END_TEST
1247
1248 START_TEST(test_ntru_wrong_ciphertext)
1249 {
1250 diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
1251 chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
1252
1253 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1254 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1255 m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1256
1257 i_ntru->get_my_public_value(i_ntru, &pub_key_i);
1258 m_ntru->get_my_public_value(m_ntru, &pub_key_m);
1259 r_ntru->set_other_public_value(r_ntru, pub_key_m);
1260 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1261 i_ntru->set_other_public_value(i_ntru, cipher_text);
1262 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
1263 ck_assert(shared_secret.len == 0);
1264
1265 chunk_free(&pub_key_i);
1266 chunk_free(&pub_key_m);
1267 chunk_free(&cipher_text);
1268 i_ntru->destroy(i_ntru);
1269 m_ntru->destroy(m_ntru);
1270 r_ntru->destroy(r_ntru);
1271 }
1272 END_TEST
1273
1274 Suite *ntru_suite_create()
1275 {
1276 Suite *s;
1277 TCase *tc;
1278
1279 s = suite_create("ntru");
1280
1281 tc = tcase_create("drbg_strength");
1282 tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
1283 suite_add_tcase(s, tc);
1284
1285 tc = tcase_create("drbg");
1286 tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
1287 suite_add_tcase(s, tc);
1288
1289 tc = tcase_create("drgb_reseed");
1290 tcase_add_test(tc, test_ntru_drbg_reseed);
1291 suite_add_tcase(s, tc);
1292
1293 tc = tcase_create("mgf1");
1294 tcase_add_loop_test(tc, test_ntru_mgf1, 0, countof(mgf1_tests));
1295 suite_add_tcase(s, tc);
1296
1297 tc = tcase_create("trits");
1298 tcase_add_loop_test(tc, test_ntru_trits, 0, countof(mgf1_tests));
1299 suite_add_tcase(s, tc);
1300
1301 tc = tcase_create("poly");
1302 tcase_add_loop_test(tc, test_ntru_poly, 0, countof(mgf1_tests));
1303 suite_add_tcase(s, tc);
1304
1305 tc = tcase_create("ring_mult");
1306 tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests));
1307 suite_add_tcase(s, tc);
1308
1309 tc = tcase_create("array");
1310 tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests));
1311 suite_add_tcase(s, tc);
1312
1313 tc = tcase_create("param_set");
1314 tcase_add_test(tc, test_ntru_param_set);
1315 suite_add_tcase(s, tc);
1316
1317 tc = tcase_create("privkey");
1318 tcase_add_loop_test(tc, test_ntru_privkey, 0, countof(privkey_tests));
1319 suite_add_tcase(s, tc);
1320
1321 tc = tcase_create("ke");
1322 tcase_add_loop_test(tc, test_ntru_ke, 0,
1323 countof(params) * countof(parameter_sets));
1324 suite_add_tcase(s, tc);
1325
1326 tc = tcase_create("retransmission");
1327 tcase_add_test(tc, test_ntru_retransmission);
1328 suite_add_tcase(s, tc);
1329
1330 tc = tcase_create("pubkey_oid");
1331 tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
1332 suite_add_tcase(s, tc);
1333
1334 tc = tcase_create("wrong_set");
1335 tcase_add_test(tc, test_ntru_wrong_set);
1336 suite_add_tcase(s, tc);
1337
1338 tc = tcase_create("ciphertext");
1339 tcase_add_test(tc, test_ntru_ciphertext);
1340 suite_add_tcase(s, tc);
1341
1342 tc = tcase_create("wrong_ciphertext");
1343 tcase_add_test(tc, test_ntru_wrong_ciphertext);
1344 suite_add_tcase(s, tc);
1345 return s;
1346 }