3bb785178bb0c5d1212eef9699f683d03c3911be
[strongswan.git] / src / libstrongswan / tests / suites / test_ntru.c
1 /*
2 * Copyright (C) 2013-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <tests/utils/test_rng.h>
19 #include <plugins/ntru/ntru_drbg.h>
20 #include <plugins/ntru/ntru_mgf1.h>
21 #include <plugins/ntru/ntru_trits.h>
22 #include <plugins/ntru/ntru_poly.h>
23 #include <utils/test.h>
24
25 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
26 u_int32_t strength, chunk_t pers_str, rng_t *entropy)
27
28 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create, ntru_mgf1_t*,
29 hash_algorithm_t alg, chunk_t seed, bool hash_seed)
30
31 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
32 size_t len, hash_algorithm_t alg, chunk_t seed)
33
34 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create, ntru_poly_t*,
35 hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
36 uint16_t N, uint16_t q, uint32_t indices_len_p,
37 uint32_t indices_len_m, bool is_product_form)
38
39 /**
40 * NTRU parameter sets to test
41 */
42 static struct {
43 diffie_hellman_group_t group;
44 char *group_name;
45 } params[] = {
46 { NTRU_112_BIT, "NTRU_112" },
47 { NTRU_128_BIT, "NTRU_128" },
48 { NTRU_192_BIT, "NTRU_192" },
49 { NTRU_256_BIT, "NTRU_256" }
50 };
51
52 /**
53 * NTRU parameter set selection
54 */
55 char *parameter_sets[] = {
56 "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
57 };
58
59 typedef struct {
60 u_int32_t requested;
61 u_int32_t standard;
62 }strength_t;
63
64 strength_t strengths[] = {
65 { 80, 112 },
66 { 112, 112 },
67 { 120, 128 },
68 { 128, 128 },
69 { 150, 192 },
70 { 192, 192 },
71 { 200, 256 },
72 { 256, 256 },
73 { 512, 0 }
74 };
75
76 START_TEST(test_ntru_drbg_strength)
77 {
78 ntru_drbg_t *drbg;
79 rng_t *entropy;
80
81 entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
82 ck_assert(entropy != NULL);
83
84 drbg = ntru_drbg_create(strengths[_i].requested, chunk_empty, entropy);
85 if (strengths[_i].standard)
86 {
87 ck_assert(drbg != NULL);
88 ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
89 drbg->destroy(drbg);
90 }
91 else
92 {
93 ck_assert(drbg == NULL);
94 }
95 entropy->destroy(entropy);
96 }
97 END_TEST
98
99 typedef struct {
100 chunk_t pers_str;
101 chunk_t entropy;
102 chunk_t out;
103 } drbg_test_t;
104
105 /**
106 * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
107 */
108 drbg_test_t drbg_tests[] = {
109 /* SHA-256 test case 1 - count 0 */
110 { { NULL, 0 },
111 chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
112 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
113 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
114 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
115 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
116 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
117 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
118 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
119 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
120 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
121 chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
122 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
123 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
124 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
125 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
126 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
127 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
128 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
129 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
130 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
131 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
132 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
133 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
134 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
135 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
136 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
137 },
138 /* SHA-256 test case 3 - count 0 */
139 { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
140 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
141 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
142 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
143 chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
144 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
145 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
146 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
147 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
148 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
149 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
150 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
151 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
152 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
153 chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
154 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
155 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
156 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
157 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
158 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
159 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
160 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
161 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
162 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
163 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
164 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
165 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
166 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
167 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
168 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
169 },
170 /* SHA-256 test case 5 - count 0 */
171 { { NULL, 0 },
172 chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
173 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
174 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
175 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
176 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
177 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
178 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
179 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
180 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
181 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
182 chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
183 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
184 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
185 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
186 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
187 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
188 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
189 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
190 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
191 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
192 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
193 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
194 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
195 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
196 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
197 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
198 },
199 /* SHA-256 test case 7 - count 0 */
200 { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
201 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
202 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
203 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
204 chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
205 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
206 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
207 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
208 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
209 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
210 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
211 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
212 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
213 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
214 chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
215 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
216 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
217 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
218 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
219 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
220 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
221 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
222 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
223 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
224 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
225 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
226 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
227 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
228 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
229 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
230 }
231 };
232
233 START_TEST(test_ntru_drbg)
234 {
235 ntru_drbg_t *drbg;
236 rng_t *entropy;
237 chunk_t out;
238
239 out = chunk_alloc(128);
240 entropy = test_rng_create(drbg_tests[_i].entropy);
241 drbg = ntru_drbg_create(256, drbg_tests[_i].pers_str, entropy);
242 ck_assert(drbg != NULL);
243 ck_assert(drbg->reseed(drbg));
244 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
245 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
246 ck_assert(chunk_equals(out, drbg_tests[_i].out));
247 drbg->destroy(drbg);
248 entropy->destroy(entropy);
249 chunk_free(&out);
250 }
251 END_TEST
252
253 START_TEST(test_ntru_drbg_reseed)
254 {
255 ntru_drbg_t *drbg;
256 rng_t *entropy;
257 chunk_t out;
258
259 lib->settings->set_int(lib->settings,
260 "libstrongswan.plugins.ntru.max_drbg_requests", 2);
261 out = chunk_alloc(128);
262 entropy = test_rng_create(drbg_tests[0].entropy);
263 drbg = ntru_drbg_create(256, chunk_empty, entropy);
264
265 /* bad output parameters */
266 ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
267 ck_assert(!drbg->generate(drbg, 256, 128, NULL));
268
269 /* no reseeding occurs */
270 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
271 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
272
273 /* consuming remaining entropy */
274 ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
275
276 /* no entropy available for automatic reseeding */
277 ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
278 drbg->destroy(drbg);
279
280 /* no entropy available for DRBG instantiation */
281 drbg = ntru_drbg_create(256, chunk_empty, entropy);
282 ck_assert(drbg == NULL);
283 entropy->destroy(entropy);
284
285 /* one automatic reseeding occurs */
286 entropy = test_rng_create(drbg_tests[0].entropy);
287 drbg = ntru_drbg_create(256, chunk_empty, entropy);
288 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
289 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
290 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
291
292 /* no entropy left */
293 ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
294
295 drbg->destroy(drbg);
296 entropy->destroy(entropy);
297 chunk_free(&out);
298 lib->settings->set_int(lib->settings,
299 "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
300 }
301 END_TEST
302
303 typedef struct {
304 uint8_t c_bits;
305 uint16_t N;
306 uint16_t q;
307 bool is_product_form;
308 uint32_t indices_len;
309 uint32_t indices_size;
310 uint16_t *indices;
311 } poly_test_t;
312
313 typedef struct {
314 hash_algorithm_t alg;
315 size_t hash_size;
316 size_t ml1, ml2, ml3, seed_len;
317 chunk_t seed;
318 chunk_t hashed_seed;
319 chunk_t mask;
320 chunk_t trits;
321 poly_test_t poly_test[2];
322 } mgf1_test_t;
323
324 uint16_t indices_ees439ep1[] = {
325 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150,
326 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315,
327 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336
328 };
329
330 uint16_t indices_ees613ep1[] = {
331 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395,
332 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94,
333 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
334 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388,
335 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
336 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
337 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297,
338 283, 268, 54, 539, 5
339 };
340
341 uint16_t indices_ees743ep1[] = {
342 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520,
343 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291,
344 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
345 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
346 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
347 };
348
349 uint16_t indices_ees1171ep1[] = {
350 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568,
351 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133,
352 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173,
353 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
354 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
355 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
356 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213,
357 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
358 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940,
359 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
360 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
361 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
362 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547,
363 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
364 536, 191
365 };
366
367 /**
368 * MGF1 Mask Generation Function Test Vectors
369 */
370 mgf1_test_t mgf1_tests[] = {
371 { HASH_SHA1, 20, 60, 20, 15, 24,
372 chunk_from_chars(
373 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
374 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
375 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
376 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
377 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
378 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
379 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
380 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
381 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
382 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
383 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
384 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
385 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
386 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
387 chunk_from_chars(
388 0xF3, 0x9B, 0x0B, 0xB4, 0x97, 0x50, 0xB5, 0xA7,
389 0xE6, 0xBD, 0xDA, 0xD0, 0x9A, 0x52, 0xBE, 0xA0,
390 0x21, 0xC4, 0x90, 0xB6),
391 chunk_from_chars(
392 0x10, 0x43, 0x76, 0x72, 0x6C, 0xDE, 0xA0, 0x0E,
393 0x77, 0x51, 0xFB, 0x58, 0x39, 0x8A, 0x36, 0xE1,
394 0x63, 0x2B, 0xC9, 0x17, 0x56, 0x0C, 0x4B, 0x46,
395 0xA4, 0x07, 0xA4, 0x3B, 0x8E, 0x33, 0x4D, 0xD1,
396 0x65, 0xF1, 0xAC, 0xC8, 0x59, 0x21, 0x32, 0x16,
397 0x44, 0x2B, 0x7F, 0xB2, 0xA8, 0xA7, 0x26, 0x5D,
398 0xE8, 0x02, 0xBE, 0x8E, 0xDC, 0x34, 0xEB, 0x10,
399 0x76, 0x16, 0x8C, 0xDD, 0x90, 0x92, 0x3D, 0x29,
400 0x90, 0x98, 0x46, 0x11, 0x73, 0x53, 0x47, 0xB1,
401 0x2C, 0xD4, 0x83, 0x78, 0x9B, 0x93, 0x2F, 0x5B,
402 0xFC, 0x26, 0xFF, 0x42, 0x08, 0x1F, 0x70, 0x66,
403 0x40, 0x4B, 0xE7, 0x22, 0x3A, 0x56, 0x10, 0x6D,
404 0x4D, 0x29, 0x0B, 0xCE, 0xA6, 0x21, 0xB5, 0x5C,
405 0x71, 0x66, 0x2F, 0x70, 0x35, 0xD8, 0x8A, 0x92,
406 0x33, 0xF0, 0x16, 0xD4, 0x0E, 0x43, 0x8A, 0x14),
407 chunk_from_chars(
408 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1,
409 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0,
410 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0,
411 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1,
412 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1,
413 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2,
414 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1,
415 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1,
416 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1,
417 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0,
418 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2,
419 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2,
420 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2,
421 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1,
422 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1,
423 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1,
424 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1,
425 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0,
426 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1,
427 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0,
428 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
429 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
430 {
431 { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
432 countof(indices_ees439ep1), indices_ees439ep1
433 },
434 { 11, 613, 2048, FALSE, 55,
435 countof(indices_ees613ep1), indices_ees613ep1
436 }
437 }
438 },
439 { HASH_SHA256, 32, 64, 32, 33, 40,
440 chunk_from_chars(
441 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
442 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
443 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
444 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
445 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
446 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
447 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
448 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
449 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
450 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
451 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
452 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
453 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
454 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
455 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
456 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
457 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
458 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
459 0x54, 0xEE, 0x20, 0xF0, 0x80),
460 chunk_from_chars(
461 0x76, 0x89, 0x8B, 0x1B, 0x60, 0xEC, 0x10, 0x9D,
462 0x8F, 0x13, 0xF2, 0xFE, 0xD9, 0x85, 0xC1, 0xAB,
463 0x7E, 0xEE, 0xB1, 0x31, 0xDD, 0xF7, 0x7F, 0x0C,
464 0x7D, 0xF9, 0x6B, 0x7B, 0x19, 0x80, 0xBD, 0x28),
465 chunk_from_chars(
466 0xF1, 0x19, 0x02, 0x4F, 0xDA, 0x58, 0x05, 0x9A,
467 0x07, 0xDF, 0x61, 0x81, 0x22, 0x0E, 0x15, 0x46,
468 0xCB, 0x35, 0x3C, 0xDC, 0xAD, 0x20, 0xD9, 0x3F,
469 0x0D, 0xD1, 0xAA, 0x64, 0x66, 0x5C, 0xFA, 0x4A,
470 0xFE, 0xD6, 0x8F, 0x55, 0x57, 0x15, 0xB2, 0xA6,
471 0xA0, 0xE6, 0xA8, 0xC6, 0xBD, 0x28, 0xB4, 0xD5,
472 0x6E, 0x5B, 0x4B, 0xB0, 0x97, 0x09, 0xF5, 0xAC,
473 0x57, 0x65, 0x13, 0x97, 0x71, 0x2C, 0x45, 0x13,
474 0x3D, 0xEE, 0xFB, 0xBF, 0xFE, 0xAF, 0xBB, 0x4B,
475 0x0D, 0x5C, 0x45, 0xD4, 0x2F, 0x17, 0x92, 0x07,
476 0x66, 0x11, 0xF5, 0x46, 0xF8, 0x0C, 0x03, 0x92,
477 0xF5, 0xF5, 0xFF, 0xA4, 0xF3, 0x52, 0xF4, 0x08,
478 0x2C, 0x49, 0x32, 0x1A, 0x93, 0x51, 0x98, 0xB6,
479 0x94, 0x83, 0x39, 0xCF, 0x6B, 0x1F, 0x2F, 0xFC,
480 0x2B, 0xFF, 0x10, 0x71, 0x7D, 0x35, 0x6C, 0xEA,
481 0xC5, 0x66, 0xC7, 0x26, 0x7D, 0x9E, 0xAC, 0xDD,
482 0x35, 0xD7, 0x06, 0x3F, 0x40, 0x82, 0xDA, 0xC3,
483 0x2B, 0x3C, 0x91, 0x3A, 0x32, 0xF8, 0xB2, 0xC6,
484 0x44, 0x4D, 0xCD, 0xB6, 0x54, 0x5F, 0x81, 0x95,
485 0x59, 0xA1, 0xE5, 0x4E, 0xA5, 0x0A, 0x4A, 0x42),
486 chunk_from_chars(
487 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0,
488 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1,
489 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1,
490 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0,
491 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2,
492 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0,
493 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1,
494 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2,
495 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0,
496 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2,
497 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0,
498 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1,
499 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0,
500 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0,
501 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0,
502 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2,
503 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0,
504 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0,
505 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1,
506 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0,
507 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0,
508 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0,
509 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2,
510 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2,
511 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0,
512 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0,
513 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1,
514 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1,
515 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
516 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
517 {
518 { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
519 countof(indices_ees743ep1), indices_ees743ep1
520 },
521 { 12, 1171, 2048, FALSE, 106,
522 countof(indices_ees1171ep1), indices_ees1171ep1
523 }
524 }
525 }
526 };
527
528 START_TEST(test_ntru_mgf1)
529 {
530 ntru_mgf1_t *mgf1;
531 chunk_t mask, mask1, mask2, mask3;
532
533 mask1 = mgf1_tests[_i].mask;
534 mask2 = chunk_skip(mask1, mgf1_tests[_i].ml1);
535 mask3 = chunk_skip(mask2, mgf1_tests[_i].ml2);
536 mask1.len = mgf1_tests[_i].ml1;
537 mask2.len = mgf1_tests[_i].ml2;
538 mask3.len = mgf1_tests[_i].ml3;
539
540 mgf1 = ntru_mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
541 ck_assert(mgf1 == NULL);
542
543 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
544 ck_assert(mgf1 == NULL);
545
546 /* return mask in allocated chunk */
547 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
548 ck_assert(mgf1);
549
550 /* check hash size */
551 ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
552
553 /* get zero number of octets */
554 ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
555 ck_assert(mask.len == 0 && mask.ptr == NULL);
556
557 /* get non-zero number of octets */
558 ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
559 ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
560 mgf1->destroy(mgf1);
561
562 /* copy mask to pre-allocated buffer */
563 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
564 ck_assert(mgf1);
565 ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
566 ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
567 mgf1->destroy(mgf1);
568
569 /* get mask in batches without hashing the seed */
570 mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
571 ck_assert(mgf1);
572
573 /* first batch */
574 ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
575 mask.len = mask1.len;
576 ck_assert(chunk_equals(mask, mask1));
577
578 /* second batch */
579 ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
580 mask.len = mask2.len;
581 ck_assert(chunk_equals(mask, mask2));
582
583 /* third batch */
584 ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
585 mask.len = mask3.len;
586 ck_assert(chunk_equals(mask, mask3));
587
588 mgf1->destroy(mgf1);
589 chunk_free(&mask);
590 }
591 END_TEST
592
593 START_TEST(test_ntru_trits)
594 {
595 ntru_trits_t *mask;
596 chunk_t trits;
597
598 mask = ntru_trits_create(mgf1_tests[_i].trits.len, HASH_UNKNOWN,
599 mgf1_tests[_i].seed);
600 ck_assert(mask == NULL);
601
602 mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
603 chunk_empty);
604 ck_assert(mask == NULL);
605
606 mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
607 mgf1_tests[_i].seed);
608 ck_assert(mask);
609
610 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
611 ck_assert(chunk_equals(trits, mgf1_tests[_i].trits));
612 mask->destroy(mask);
613
614 /* generate a multiple of 5 trits */
615 mask = ntru_trits_create(10, mgf1_tests[_i].alg, mgf1_tests[_i].seed);
616 ck_assert(mask);
617
618 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
619 ck_assert(chunk_equals(trits, chunk_create(mgf1_tests[_i].trits.ptr, 10)));
620 mask->destroy(mask);
621 }
622 END_TEST
623
624 START_TEST(test_ntru_poly)
625 {
626 ntru_poly_t *poly;
627 uint16_t *indices;
628 chunk_t seed;
629 poly_test_t *p;
630 int j, n;
631
632 seed = mgf1_tests[_i].seed;
633 seed.len = mgf1_tests[_i].seed_len;
634
635 p = &mgf1_tests[_i].poly_test[0];
636 poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->N, p->q,
637 p->indices_len, p->indices_len,
638 p->is_product_form);
639 ck_assert(poly == NULL);
640
641 for (n = 0; n < 2; n++)
642 {
643 p = &mgf1_tests[_i].poly_test[n];
644 poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->N, p->q,
645 p->indices_len, p->indices_len,
646 p->is_product_form);
647 ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
648
649 indices = poly->get_indices(poly);
650 for (j = 0; j < p->indices_size; j++)
651 {
652 ck_assert(indices[j] == p->indices[j]);
653 }
654 poly->destroy(poly);
655 }
656 }
657 END_TEST
658
659 START_TEST(test_ntru_ke)
660 {
661 chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
662 diffie_hellman_t *i_ntru, *r_ntru;
663 char buf[10];
664 int n, len;
665 status_t status;
666
667 len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
668 params[_i].group);
669 ck_assert(len == 8);
670 ck_assert(streq(buf, params[_i].group_name));
671
672 for (n = 0; n < countof(parameter_sets); n++)
673 {
674 lib->settings->set_str(lib->settings,
675 "libstrongswan.plugins.ntru.parameter_set",
676 parameter_sets[n]);
677
678 i_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
679 ck_assert(i_ntru != NULL);
680 ck_assert(i_ntru->get_dh_group(i_ntru) == params[_i].group);
681
682 i_ntru->get_my_public_value(i_ntru, &pub_key);
683 ck_assert(pub_key.len > 0);
684
685 r_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
686 ck_assert(r_ntru != NULL);
687
688 r_ntru->set_other_public_value(r_ntru, pub_key);
689 r_ntru->get_my_public_value(r_ntru, &cipher_text);
690 ck_assert(cipher_text.len > 0);
691
692 status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret);
693 ck_assert(status == SUCCESS);
694 ck_assert(r_shared_secret.len > 0);
695
696 i_ntru->set_other_public_value(i_ntru, cipher_text);
697 status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret);
698
699 if (status == SUCCESS)
700 {
701 ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
702 }
703 else
704 {
705 ck_assert(i_shared_secret.len == 0);
706 }
707
708 chunk_clear(&i_shared_secret);
709 chunk_clear(&r_shared_secret);
710 chunk_free(&pub_key);
711 chunk_free(&cipher_text);
712 i_ntru->destroy(i_ntru);
713 r_ntru->destroy(r_ntru);
714 }
715 }
716 END_TEST
717
718 START_TEST(test_ntru_retransmission)
719 {
720 diffie_hellman_t *i_ntru;
721 chunk_t pub_key1, pub_key2;
722
723 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
724 i_ntru->get_my_public_value(i_ntru, &pub_key1);
725 i_ntru->get_my_public_value(i_ntru, &pub_key2);
726 ck_assert(chunk_equals(pub_key1, pub_key2));
727
728 chunk_free(&pub_key1);
729 chunk_free(&pub_key2);
730 i_ntru->destroy(i_ntru);
731 }
732 END_TEST
733
734 chunk_t oid_tests[] = {
735 { NULL, 0 },
736 chunk_from_chars(0x00),
737 chunk_from_chars(0x01),
738 chunk_from_chars(0x02),
739 chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
740 chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
741 chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
742 chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
743 };
744
745 START_TEST(test_ntru_pubkey_oid)
746 {
747 diffie_hellman_t *r_ntru;
748 chunk_t cipher_text;
749
750 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
751 r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
752 r_ntru->get_my_public_value(r_ntru, &cipher_text);
753 ck_assert(cipher_text.len == 0);
754 r_ntru->destroy(r_ntru);
755 }
756 END_TEST
757
758 START_TEST(test_ntru_wrong_set)
759 {
760 diffie_hellman_t *i_ntru, *r_ntru;
761 chunk_t pub_key, cipher_text;
762
763 lib->settings->set_str(lib->settings,
764 "libstrongswan.plugins.ntru.parameter_set",
765 "x9_98_bandwidth");
766 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
767 i_ntru->get_my_public_value(i_ntru, &pub_key);
768
769 lib->settings->set_str(lib->settings,
770 "libstrongswan.plugins.ntru.parameter_set",
771 "optimum");
772 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
773 r_ntru->set_other_public_value(r_ntru, pub_key);
774 r_ntru->get_my_public_value(r_ntru, &cipher_text);
775 ck_assert(cipher_text.len == 0);
776
777 chunk_free(&pub_key);
778 chunk_free(&cipher_text);
779 i_ntru->destroy(i_ntru);
780 r_ntru->destroy(r_ntru);
781 }
782 END_TEST
783
784 START_TEST(test_ntru_ciphertext)
785 {
786 char buf_00[604], buf_ff[604];
787
788 chunk_t test[] = {
789 chunk_empty,
790 chunk_from_chars(0x00),
791 chunk_create(buf_00, sizeof(buf_00)),
792 chunk_create(buf_ff, sizeof(buf_ff)),
793 };
794
795 diffie_hellman_t *i_ntru;
796 chunk_t pub_key, shared_secret;
797 int i;
798
799 memset(buf_00, 0x00, sizeof(buf_00));
800 memset(buf_ff, 0xff, sizeof(buf_ff));
801
802 for (i = 0; i < countof(test); i++)
803 {
804 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
805 i_ntru->get_my_public_value(i_ntru, &pub_key);
806 i_ntru->set_other_public_value(i_ntru, test[i]);
807 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
808 ck_assert(shared_secret.len == 0);
809
810 chunk_free(&pub_key);
811 i_ntru->destroy(i_ntru);
812 }
813 }
814 END_TEST
815
816 START_TEST(test_ntru_wrong_ciphertext)
817 {
818 diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
819 chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
820
821 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
822 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
823 m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
824
825 i_ntru->get_my_public_value(i_ntru, &pub_key_i);
826 m_ntru->get_my_public_value(m_ntru, &pub_key_m);
827 r_ntru->set_other_public_value(r_ntru, pub_key_m);
828 r_ntru->get_my_public_value(r_ntru, &cipher_text);
829 i_ntru->set_other_public_value(i_ntru, cipher_text);
830 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
831 ck_assert(shared_secret.len == 0);
832
833 chunk_free(&pub_key_i);
834 chunk_free(&pub_key_m);
835 chunk_free(&cipher_text);
836 i_ntru->destroy(i_ntru);
837 m_ntru->destroy(m_ntru);
838 r_ntru->destroy(r_ntru);
839 }
840 END_TEST
841
842 Suite *ntru_suite_create()
843 {
844 Suite *s;
845 TCase *tc;
846
847 s = suite_create("ntru");
848
849 tc = tcase_create("drbg_strength");
850 tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
851 suite_add_tcase(s, tc);
852
853 tc = tcase_create("drbg");
854 tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
855 suite_add_tcase(s, tc);
856
857 tc = tcase_create("drgb_reseed");
858 tcase_add_test(tc, test_ntru_drbg_reseed);
859 suite_add_tcase(s, tc);
860
861 tc = tcase_create("mgf1");
862 tcase_add_loop_test(tc, test_ntru_mgf1, 0, countof(mgf1_tests));
863 suite_add_tcase(s, tc);
864
865 tc = tcase_create("trits");
866 tcase_add_loop_test(tc, test_ntru_trits, 0, countof(mgf1_tests));
867 suite_add_tcase(s, tc);
868
869 tc = tcase_create("poly");
870 tcase_add_loop_test(tc, test_ntru_poly, 0, countof(mgf1_tests));
871 suite_add_tcase(s, tc);
872
873 tc = tcase_create("ke");
874 tcase_add_loop_test(tc, test_ntru_ke, 0, countof(params));
875 suite_add_tcase(s, tc);
876
877 tc = tcase_create("retransmission");
878 tcase_add_test(tc, test_ntru_retransmission);
879 suite_add_tcase(s, tc);
880
881 tc = tcase_create("pubkey_oid");
882 tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
883 suite_add_tcase(s, tc);
884
885 tc = tcase_create("wrong_set");
886 tcase_add_test(tc, test_ntru_wrong_set);
887 suite_add_tcase(s, tc);
888
889 tc = tcase_create("ciphertext");
890 tcase_add_test(tc, test_ntru_ciphertext);
891 suite_add_tcase(s, tc);
892
893 tc = tcase_create("wrong_ciphertext");
894 tcase_add_test(tc, test_ntru_wrong_ciphertext);
895 suite_add_tcase(s, tc);
896 return s;
897 }