diffie-hellman: Use bool instead of status_t as get_shared_secret() return value
[strongswan.git] / src / libstrongswan / tests / suites / test_ntru.c
1 /*
2 * Copyright (C) 2013-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <tests/utils/test_rng.h>
19 #include <utils/test.h>
20 #include <crypto/mgf1/mgf1.h>
21 #include <plugins/ntru/ntru_drbg.h>
22 #include <plugins/ntru/ntru_trits.h>
23 #include <plugins/ntru/ntru_poly.h>
24 #include <plugins/ntru/ntru_param_set.h>
25 #include <plugins/ntru/ntru_private_key.h>
26
27 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
28 u_int32_t strength, chunk_t pers_str, rng_t *entropy)
29
30 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
31 size_t len, hash_algorithm_t alg, chunk_t seed)
32
33 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
34 hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
35 uint16_t N, uint16_t q, uint32_t indices_len_p,
36 uint32_t indices_len_m, bool is_product_form)
37
38 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
39 u_int16_t *data, uint16_t N, uint16_t q,
40 uint32_t indices_len_p, uint32_t indices_len_m,
41 bool is_product_form)
42
43 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_param_set_get_by_id, ntru_param_set_t* ,
44 ntru_param_set_id_t id)
45
46 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create, ntru_private_key_t*,
47 ntru_drbg_t *drbg, ntru_param_set_t *params)
48
49 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create_from_data, ntru_private_key_t*,
50 ntru_drbg_t *drbg, chunk_t data)
51
52 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_public_key_create_from_data, ntru_public_key_t*,
53 ntru_drbg_t *drbg, chunk_t data)
54
55 /**
56 * NTRU parameter sets to test
57 */
58 static struct {
59 diffie_hellman_group_t group;
60 char *group_name;
61 } params[] = {
62 { NTRU_112_BIT, "NTRU_112" },
63 { NTRU_128_BIT, "NTRU_128" },
64 { NTRU_192_BIT, "NTRU_192" },
65 { NTRU_256_BIT, "NTRU_256" }
66 };
67
68 /**
69 * NTRU parameter set selection
70 */
71 char *parameter_sets[] = {
72 "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
73 };
74
75 typedef struct {
76 u_int32_t requested;
77 u_int32_t standard;
78 }strength_t;
79
80 strength_t strengths[] = {
81 { 80, 112 },
82 { 112, 112 },
83 { 120, 128 },
84 { 128, 128 },
85 { 150, 192 },
86 { 192, 192 },
87 { 200, 256 },
88 { 256, 256 },
89 { 512, 0 }
90 };
91
92 START_TEST(test_ntru_drbg_strength)
93 {
94 ntru_drbg_t *drbg;
95 rng_t *entropy;
96
97 entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
98 ck_assert(entropy != NULL);
99
100 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, strengths[_i].requested,
101 chunk_empty, entropy);
102 if (strengths[_i].standard)
103 {
104 ck_assert(drbg != NULL);
105 ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
106 drbg->destroy(drbg);
107 }
108 else
109 {
110 ck_assert(drbg == NULL);
111 }
112 entropy->destroy(entropy);
113 }
114 END_TEST
115
116 typedef struct {
117 chunk_t pers_str;
118 chunk_t entropy;
119 chunk_t out;
120 } drbg_test_t;
121
122 /**
123 * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
124 */
125 drbg_test_t drbg_tests[] = {
126 /* SHA-256 test case 1 - count 0 */
127 { { NULL, 0 },
128 chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
129 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
130 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
131 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
132 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
133 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
134 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
135 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
136 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
137 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
138 chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
139 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
140 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
141 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
142 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
143 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
144 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
145 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
146 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
147 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
148 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
149 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
150 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
151 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
152 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
153 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
154 },
155 /* SHA-256 test case 3 - count 0 */
156 { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
157 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
158 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
159 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
160 chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
161 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
162 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
163 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
164 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
165 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
166 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
167 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
168 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
169 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
170 chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
171 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
172 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
173 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
174 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
175 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
176 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
177 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
178 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
179 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
180 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
181 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
182 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
183 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
184 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
185 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
186 },
187 /* SHA-256 test case 5 - count 0 */
188 { { NULL, 0 },
189 chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
190 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
191 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
192 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
193 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
194 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
195 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
196 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
197 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
198 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
199 chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
200 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
201 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
202 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
203 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
204 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
205 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
206 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
207 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
208 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
209 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
210 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
211 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
212 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
213 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
214 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
215 },
216 /* SHA-256 test case 7 - count 0 */
217 { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
218 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
219 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
220 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
221 chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
222 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
223 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
224 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
225 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
226 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
227 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
228 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
229 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
230 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
231 chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
232 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
233 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
234 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
235 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
236 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
237 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
238 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
239 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
240 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
241 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
242 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
243 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
244 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
245 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
246 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
247 }
248 };
249
250 START_TEST(test_ntru_drbg)
251 {
252 ntru_drbg_t *drbg;
253 rng_t *entropy;
254 chunk_t out;
255
256 out = chunk_alloc(128);
257 entropy = test_rng_create(drbg_tests[_i].entropy);
258 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, drbg_tests[_i].pers_str,
259 entropy);
260 ck_assert(drbg != NULL);
261 ck_assert(drbg->reseed(drbg));
262 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
263 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
264 ck_assert(chunk_equals(out, drbg_tests[_i].out));
265 drbg->destroy(drbg);
266 entropy->destroy(entropy);
267 chunk_free(&out);
268 }
269 END_TEST
270
271 START_TEST(test_ntru_drbg_reseed)
272 {
273 ntru_drbg_t *drbg;
274 rng_t *entropy;
275 chunk_t out;
276
277 lib->settings->set_int(lib->settings,
278 "libstrongswan.plugins.ntru.max_drbg_requests", 2);
279 out = chunk_alloc(128);
280 entropy = test_rng_create(drbg_tests[0].entropy);
281 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy);
282
283 /* bad output parameters */
284 ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
285 ck_assert(!drbg->generate(drbg, 256, 128, NULL));
286
287 /* no reseeding occurs */
288 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
289 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
290
291 /* consuming remaining entropy */
292 ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
293
294 /* no entropy available for automatic reseeding */
295 ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
296 drbg->destroy(drbg);
297
298 /* no entropy available for DRBG instantiation */
299 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy);
300 ck_assert(drbg == NULL);
301 entropy->destroy(entropy);
302
303 /* one automatic reseeding occurs */
304 entropy = test_rng_create(drbg_tests[0].entropy);
305 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy);
306 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
307 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
308 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
309
310 /* no entropy left */
311 ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
312
313 drbg->destroy(drbg);
314 entropy->destroy(entropy);
315 chunk_free(&out);
316 lib->settings->set_int(lib->settings,
317 "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
318 }
319 END_TEST
320
321 typedef struct {
322 uint8_t c_bits;
323 uint16_t N;
324 uint16_t q;
325 bool is_product_form;
326 uint32_t indices_len;
327 uint32_t indices_size;
328 uint16_t *indices;
329 } poly_test_t;
330
331 typedef struct {
332 hash_algorithm_t alg;
333 size_t hash_size;
334 size_t seed_len;
335 chunk_t seed;
336 chunk_t trits;
337 poly_test_t poly_test[2];
338 } trits_test_t;
339
340 uint16_t indices_ees439ep1[] = {
341 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150,
342 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315,
343 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336
344 };
345
346 uint16_t indices_ees613ep1[] = {
347 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395,
348 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94,
349 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
350 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388,
351 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
352 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
353 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297,
354 283, 268, 54, 539, 5
355 };
356
357 uint16_t indices_ees743ep1[] = {
358 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520,
359 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291,
360 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
361 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
362 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
363 };
364
365 uint16_t indices_ees1171ep1[] = {
366 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568,
367 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133,
368 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173,
369 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
370 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
371 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
372 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213,
373 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
374 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940,
375 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
376 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
377 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
378 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547,
379 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
380 536, 191
381 };
382
383 /**
384 * Trits and Polynomial Test Vectors
385 */
386 static trits_test_t trits_tests[] = {
387 { HASH_SHA1, 20, 24,
388 chunk_from_chars(
389 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
390 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
391 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
392 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
393 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
394 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
395 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
396 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
397 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
398 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
399 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
400 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
401 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
402 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
403 chunk_from_chars(
404 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1,
405 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0,
406 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0,
407 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1,
408 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1,
409 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2,
410 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1,
411 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1,
412 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1,
413 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0,
414 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2,
415 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2,
416 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2,
417 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1,
418 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1,
419 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1,
420 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1,
421 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0,
422 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1,
423 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0,
424 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
425 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
426 {
427 { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
428 countof(indices_ees439ep1), indices_ees439ep1
429 },
430 { 11, 613, 2048, FALSE, 55,
431 countof(indices_ees613ep1), indices_ees613ep1
432 }
433 }
434 },
435 { HASH_SHA256, 32, 40,
436 chunk_from_chars(
437 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
438 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
439 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
440 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
441 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
442 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
443 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
444 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
445 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
446 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
447 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
448 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
449 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
450 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
451 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
452 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
453 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
454 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
455 0x54, 0xEE, 0x20, 0xF0, 0x80),
456 chunk_from_chars(
457 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0,
458 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1,
459 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1,
460 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0,
461 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2,
462 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0,
463 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1,
464 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2,
465 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0,
466 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2,
467 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0,
468 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1,
469 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0,
470 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0,
471 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0,
472 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2,
473 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0,
474 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0,
475 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1,
476 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0,
477 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0,
478 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0,
479 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2,
480 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2,
481 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0,
482 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0,
483 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1,
484 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1,
485 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
486 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
487 {
488 { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
489 countof(indices_ees743ep1), indices_ees743ep1
490 },
491 { 12, 1171, 2048, FALSE, 106,
492 countof(indices_ees1171ep1), indices_ees1171ep1
493 }
494 }
495 }
496 };
497
498 START_TEST(test_ntru_trits)
499 {
500 ntru_trits_t *mask;
501 chunk_t trits;
502
503 mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
504 HASH_UNKNOWN, trits_tests[_i].seed);
505 ck_assert(mask == NULL);
506
507 mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
508 trits_tests[_i].alg, chunk_empty);
509 ck_assert(mask == NULL);
510
511 mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
512 trits_tests[_i].alg, trits_tests[_i].seed);
513 ck_assert(mask);
514
515 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
516 ck_assert(chunk_equals(trits, trits_tests[_i].trits));
517 mask->destroy(mask);
518
519 /* generate a multiple of 5 trits */
520 mask = TEST_FUNCTION(ntru, ntru_trits_create, 10, trits_tests[_i].alg,
521 trits_tests[_i].seed);
522 ck_assert(mask);
523
524 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
525 ck_assert(chunk_equals(trits, chunk_create(trits_tests[_i].trits.ptr, 10)));
526 mask->destroy(mask);
527 }
528 END_TEST
529
530 START_TEST(test_ntru_poly)
531 {
532 ntru_poly_t *poly;
533 uint16_t *indices;
534 chunk_t seed;
535 poly_test_t *p;
536 int j, n;
537
538 seed = trits_tests[_i].seed;
539 seed.len = trits_tests[_i].seed_len;
540
541 p = &trits_tests[_i].poly_test[0];
542 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed,
543 p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
544 p->is_product_form);
545 ck_assert(poly == NULL);
546
547 for (n = 0; n < 2; n++)
548 {
549 p = &trits_tests[_i].poly_test[n];
550 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed,
551 trits_tests[_i].alg, seed, p->c_bits, p->N, p->q,
552 p->indices_len, p->indices_len, p->is_product_form);
553 ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
554
555 indices = poly->get_indices(poly);
556 for (j = 0; j < p->indices_size; j++)
557 {
558 ck_assert(indices[j] == p->indices[j]);
559 }
560 poly->destroy(poly);
561 }
562 }
563 END_TEST
564
565 typedef struct {
566 uint16_t N;
567 uint16_t q;
568 bool is_product_form;
569 uint32_t indices_len_p;
570 uint32_t indices_len_m;
571 uint16_t *indices;
572 uint16_t *a;
573 uint16_t *c;
574 } ring_mult_test_t;
575
576 uint16_t t1_indices[] = { 1, 6, 5, 3 };
577
578 uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 };
579 uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 };
580
581 uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 };
582 uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 };
583
584 uint16_t t3_a[] = { 4, 0, 0, 0, 0, 0, 0 };
585 uint16_t t3_c[] = { 0, 4, 0, 4, 0, 4, 4 };
586
587 uint16_t t4_a[] = { 0, 6, 0, 0, 0, 0, 0 };
588 uint16_t t4_c[] = { 6, 0, 6, 0, 2, 0, 2 };
589
590 uint16_t t5_a[] = { 4, 6, 0, 0, 0, 0, 0 };
591 uint16_t t5_c[] = { 6, 4, 6, 4, 2, 4, 6 };
592
593 uint16_t t6_a[] = { 0, 0, 3, 0, 0, 0, 0 };
594 uint16_t t6_c[] = { 5, 3, 0, 3, 0, 5, 0 };
595
596 uint16_t t7_a[] = { 4, 6, 3, 0, 0, 0, 0 };
597 uint16_t t7_c[] = { 3, 7, 6, 7, 2, 1, 6 };
598
599 uint16_t t8_a[] = { 0, 0, 0, 7, 0, 0, 0 };
600 uint16_t t8_c[] = { 0, 1, 7, 0, 7, 0, 1 };
601
602 uint16_t t9_a[] = { 4, 6, 3, 7, 0, 0, 0 };
603 uint16_t t9_c[] = { 3, 0, 5, 7, 1, 1, 7 };
604
605 uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 };
606 uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 };
607
608 uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 };
609 uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 };
610
611 uint16_t t2_indices[] = { 1, 6, 5, 2, 3 };
612
613 uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 };
614 uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 };
615 uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 };
616 uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 };
617 uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 };
618
619 uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 };
620
621 uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
622 uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 };
623
624 ring_mult_test_t ring_mult_tests[] = {
625 { 7, 8, FALSE, 2, 2, t1_indices, t1_a, t1_c },
626 { 7, 8, FALSE, 2, 2, t1_indices, t2_a, t2_c },
627 { 7, 8, FALSE, 2, 2, t1_indices, t3_a, t3_c },
628 { 7, 8, FALSE, 2, 2, t1_indices, t4_a, t4_c },
629 { 7, 8, FALSE, 2, 2, t1_indices, t5_a, t5_c },
630 { 7, 8, FALSE, 2, 2, t1_indices, t6_a, t6_c },
631 { 7, 8, FALSE, 2, 2, t1_indices, t7_a, t7_c },
632 { 7, 8, FALSE, 2, 2, t1_indices, t8_a, t8_c },
633 { 7, 8, FALSE, 2, 2, t1_indices, t9_a, t9_c },
634 { 7, 8, FALSE, 2, 2, t1_indices, t10_a, t10_c },
635 { 7, 8, FALSE, 2, 2, t1_indices, t11_a, t11_c },
636 { 7, 8, FALSE, 3, 2, t2_indices, t1_a, t12_c },
637 { 7, 8, FALSE, 2, 3, t2_indices, t1_a, t13_c },
638 { 7, 32, FALSE, 2, 2, t1_indices, t1_a, t14_c },
639 { 7, 2048, FALSE, 2, 2, t1_indices, t2_a, t15_c },
640 { 7, 32768, FALSE, 2, 2, t1_indices, t2_a, t16_c },
641 { 11, 8, TRUE, 197121, 197121, t3_indices, t17_a, t17_c },
642 };
643
644 START_TEST(test_ntru_ring_mult)
645 {
646 ntru_poly_t *poly;
647 ring_mult_test_t *t;
648 uint16_t *c;
649 int i;
650
651 t = &ring_mult_tests[_i];
652 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_data, t->indices, t->N,
653 t->q, t->indices_len_p, t->indices_len_m,
654 t->is_product_form);
655 ck_assert(poly != NULL);
656
657 c = malloc(t->N * sizeof(uint16_t));
658 poly->ring_mult(poly, t->a, c);
659
660 for (i = 0; i < t->N; i++)
661 {
662 ck_assert(c[i] == t->c[i]);
663 }
664
665 free(c);
666 poly->destroy(poly);
667 }
668 END_TEST
669
670 int array_tests[] = { 0, 11, 12, 16 };
671
672 START_TEST(test_ntru_array)
673 {
674 ntru_poly_t *poly;
675 ring_mult_test_t *t;
676 uint16_t *c;
677 int i;
678
679 t = &ring_mult_tests[array_tests[_i]];
680
681 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_data, t->indices, t->N,
682 t->q, t->indices_len_p, t->indices_len_m,
683 t->is_product_form);
684 ck_assert(poly != NULL);
685
686 c = malloc(t->N * sizeof(uint16_t));
687 poly->get_array(poly, c);
688
689 for (i = 0; i < t->N; i++)
690 {
691 ck_assert(c[i] == t->c[i]);
692 }
693
694 free(c);
695 poly->destroy(poly);
696 }
697 END_TEST
698
699 START_TEST(test_ntru_param_set)
700 {
701 ck_assert(TEST_FUNCTION(ntru, ntru_param_set_get_by_id, -1) == NULL);
702 ck_assert(TEST_FUNCTION(ntru, ntru_param_set_get_by_id, 16) == NULL);
703 }
704 END_TEST
705
706 typedef struct {
707 ntru_param_set_id_t id;
708 chunk_t entropy;
709 chunk_t encoding;
710 } privkey_test_t;
711
712 privkey_test_t privkey_tests[] = {
713 {
714 NTRU_EES401EP1,
715 chunk_from_chars(
716 0x0C, 0x2F, 0x24, 0xE1, 0xA4, 0x81, 0x26, 0xA2,
717 0x6C, 0xEA, 0xCD, 0x1A, 0xF3, 0xEB, 0x3D, 0xBF,
718 0xEA, 0xAE, 0xC3, 0x0D, 0xC1),
719 chunk_from_chars(
720 0x02, 0x03, 0x00, 0x02, 0x04, 0x3E, 0xF3, 0xCB,
721 0x7A, 0x58, 0x13, 0x75, 0xBB, 0x87, 0xF5, 0xBF,
722 0x2E, 0x18, 0xAE, 0x03, 0xAF, 0xB8, 0x33, 0x85,
723 0xD8, 0xBF, 0x8A, 0xB5, 0x8C, 0xA6, 0xDF, 0x03,
724 0x90, 0x1E, 0xE4, 0x83, 0xA4, 0x95, 0x40, 0xB5,
725 0x08, 0x92, 0x29, 0xD8, 0x83, 0xA8, 0x42, 0xB2,
726 0x69, 0xC2, 0x00, 0x8B, 0xAE, 0x80, 0x00, 0x4F,
727 0x3D, 0xDD, 0xFB, 0xDB, 0x9A, 0xD8, 0x0F, 0xFF,
728 0xBC, 0x21, 0xD5, 0xE6, 0x04, 0x9C, 0xDD, 0x3B,
729 0x2D, 0x16, 0x4B, 0xC7, 0x3D, 0xBE, 0xDE, 0xBB,
730 0x6F, 0xF4, 0x8A, 0x31, 0xCD, 0x23, 0x19, 0xC2,
731 0x3C, 0xE1, 0xE2, 0xEE, 0xE4, 0xE7, 0x2E, 0xFC,
732 0x5C, 0xDD, 0xAD, 0x0C, 0x9D, 0x98, 0xC5, 0x18,
733 0x2A, 0x80, 0x21, 0x93, 0x61, 0xC4, 0x9A, 0x16,
734 0xE8, 0x9B, 0xF7, 0x3B, 0x6D, 0x06, 0x91, 0x9E,
735 0x71, 0x59, 0xBE, 0x8E, 0x65, 0x61, 0xB2, 0x69,
736 0x9C, 0x82, 0x58, 0x0D, 0x63, 0x7A, 0x1F, 0x2A,
737 0x1C, 0x2C, 0x92, 0x8C, 0x8D, 0xCA, 0x2B, 0x45,
738 0x24, 0x79, 0xDB, 0x7F, 0x1D, 0x2F, 0xAB, 0x88,
739 0x8C, 0x1D, 0xE3, 0x15, 0x8F, 0xCD, 0x46, 0x8C,
740 0x45, 0x20, 0x88, 0x1C, 0x17, 0xE0, 0xE5, 0x89,
741 0xF4, 0x60, 0x56, 0x3C, 0x6B, 0x9F, 0x2A, 0xD9,
742 0xD0, 0xAE, 0x3B, 0xB6, 0xC2, 0xB7, 0x58, 0xC6,
743 0x6E, 0x09, 0x36, 0x21, 0x0B, 0xDD, 0xE9, 0x52,
744 0x33, 0x27, 0x39, 0xC8, 0x51, 0x59, 0x69, 0x25,
745 0xC6, 0x3D, 0x19, 0x5C, 0x5E, 0x74, 0xD0, 0x62,
746 0xD9, 0x26, 0x90, 0xC7, 0x64, 0x92, 0xA8, 0x72,
747 0xD1, 0x77, 0x1F, 0x78, 0xC5, 0x11, 0xBD, 0x5D,
748 0x3C, 0x1B, 0x1F, 0x8B, 0x5B, 0xE4, 0x5D, 0xA1,
749 0x27, 0x6D, 0x20, 0x24, 0x32, 0x53, 0xF3, 0xB0,
750 0xE6, 0x71, 0x61, 0xCC, 0xFC, 0x4A, 0x06, 0xDA,
751 0xBE, 0xD7, 0x9F, 0x2F, 0xEB, 0x44, 0xD0, 0x8A,
752 0x7D, 0x8E, 0x82, 0xF5, 0x84, 0xCF, 0x8E, 0xE5,
753 0x4B, 0xA4, 0x30, 0x77, 0xBD, 0x14, 0xB9, 0x75,
754 0x02, 0x68, 0xDF, 0x71, 0x89, 0x81, 0xF2, 0x95,
755 0xC3, 0x67, 0x6E, 0x37, 0xE4, 0xD0, 0xC9, 0x1E,
756 0x02, 0xDE, 0x2D, 0x79, 0x99, 0xE8, 0x7D, 0x5C,
757 0x99, 0xF2, 0x1A, 0xDE, 0x12, 0x9B, 0xD1, 0x83,
758 0x9B, 0x01, 0xD3, 0xEB, 0x2B, 0x8E, 0x9C, 0xA5,
759 0x19, 0xE8, 0x2E, 0xFE, 0x23, 0x6E, 0xAD, 0x8F,
760 0x3C, 0xAF, 0xB9, 0xE6, 0xDB, 0x07, 0xA4, 0x31,
761 0x02, 0x2B, 0x6A, 0xA0, 0xFB, 0x51, 0x6C, 0xD0,
762 0x26, 0xD5, 0xAD, 0x29, 0x65, 0x10, 0xCE, 0xF8,
763 0x84, 0x4D, 0x1E, 0x37, 0x92, 0xA2, 0xD1, 0xFA,
764 0xF6, 0xC0, 0x36, 0x4C, 0x23, 0x3A, 0x42, 0xAA,
765 0xB8, 0x0D, 0x4E, 0xD4, 0x40, 0x61, 0xD5, 0x36,
766 0x62, 0x23, 0x7C, 0x1C, 0x5E, 0xEA, 0x16, 0xAD,
767 0x4F, 0x30, 0xF9, 0x16, 0x99, 0xCE, 0xC5, 0x50,
768 0xAC, 0x8F, 0x6F, 0x98, 0xD7, 0xE3, 0x89, 0x6E,
769 0x3A, 0x12, 0xCE, 0xA7, 0xA4, 0x17, 0x74, 0xDC,
770 0xDB, 0xFA, 0xFF, 0xF9, 0x35, 0xD7, 0xF5, 0x77,
771 0x03, 0xF5, 0xBF, 0x81, 0x6C, 0x9F, 0x62, 0xA6,
772 0x8A, 0x5B, 0xA3, 0xEF, 0x9D, 0xC3, 0xF6, 0x3A,
773 0x6A, 0xC0, 0x42, 0x71, 0xAF, 0x90, 0xCA, 0x1D,
774 0x86, 0x78, 0xD7, 0x2C, 0xFE, 0xB6, 0x99, 0x15,
775 0x8C, 0x10, 0x42, 0x92, 0x2C, 0x05, 0x43, 0x92,
776 0x69, 0x05, 0x8D, 0x9E, 0xBC, 0xAB, 0x8F, 0x28,
777 0xAA, 0x4B, 0xFB, 0x25, 0xD9, 0xAD, 0x29, 0xFF,
778 0x33, 0x65, 0x14, 0xC3, 0x75, 0x1F, 0xCF, 0xFC,
779 0x20, 0x83, 0xBF, 0xB9, 0xA5, 0x4B, 0x7B, 0xD9,
780 0x07, 0x5C, 0xA1, 0xD1, 0x5A, 0x3E, 0x94, 0xF8,
781 0x03, 0xDE, 0xB8, 0x94, 0x11, 0x92, 0x80, 0x77,
782 0x57, 0x45, 0x1E, 0x6B, 0xA5, 0x15, 0xDB, 0x48,
783 0xB6, 0x9E, 0x02, 0xF1, 0x61, 0x4A, 0xAC, 0x1D,
784 0x49, 0xBC, 0xA9, 0x3F, 0x03, 0x50, 0xAC, 0x02,
785 0x8E, 0x84, 0xE0, 0x12, 0x37, 0x76, 0xBC, 0x4A,
786 0xF9, 0xC6, 0x74, 0x36, 0xFC, 0x92, 0x1D, 0x59,
787 0x0C, 0x04, 0xD2, 0x14, 0xB7, 0x11, 0xE9, 0xE2,
788 0xFE, 0x0C, 0xE1, 0xDA, 0x8B, 0xCA, 0x10, 0xA1,
789 0x60, 0xB6, 0x57, 0x51, 0x00, 0xD6, 0x5B, 0x55,
790 0x09, 0x60, 0xE8, 0x00, 0x40, 0x45, 0x56, 0xBA,
791 0x83, 0x1E, 0x36, 0x12, 0x59, 0x4B, 0x19, 0x00,
792 0x53, 0xAE, 0x62, 0xA6, 0x29, 0x39, 0xED, 0x87,
793 0x24, 0x37, 0x1E, 0x1B, 0xCF, 0x3F, 0x3A, 0x71,
794 0x31, 0xB5, 0x50, 0x8D, 0x4B, 0x53, 0x53, 0x75,
795 0x3F, 0x33, 0x39, 0x09, 0x2A, 0x78, 0xA8, 0x71,
796 0x3E, 0x63, 0xC5, 0x61, 0x73, 0xB6, 0xE1, 0x71,
797 0x16, 0xDA, 0x06, 0xBF, 0x3F, 0x22, 0x74, 0x89,
798 0x08, 0xD2, 0x05, 0x0B, 0x16, 0xC8, 0xF0, 0x17,
799 0x4E, 0xA2, 0x65, 0x67, 0x6D, 0x02)
800 },
801 {
802 NTRU_EES743EP1,
803 chunk_from_chars(
804 0x9B, 0xAB, 0x57, 0xDB, 0x2C, 0x60, 0x83, 0x48,
805 0x9F, 0xC9, 0x70, 0x8F, 0x69, 0xF7, 0xB4, 0xBB,
806 0x63, 0x5C, 0x9A, 0x63, 0x07, 0x80, 0x17, 0xD3,
807 0xCD, 0xB1, 0x57, 0x79, 0xFE, 0x8D, 0x81, 0x70,
808 0xEB, 0x50, 0xFA, 0x05, 0xFB, 0x97, 0xB2, 0xAB,
809 0x25, 0xED, 0xD8, 0x18, 0x1C, 0xFE, 0x96, 0x7D),
810 chunk_from_chars(
811 0x02, 0x03, 0x00, 0x06, 0x10, 0x14, 0x53, 0x73,
812 0x56, 0xF5, 0xA9, 0x34, 0xDE, 0xA6, 0x4D, 0x46,
813 0x05, 0x9E, 0x80, 0xAE, 0xB6, 0x74, 0x91, 0xFF,
814 0xFB, 0x48, 0xD3, 0x5C, 0x61, 0x12, 0x46, 0x02,
815 0x9F, 0x53, 0x45, 0x87, 0x47, 0xBD, 0x6B, 0x26,
816 0xF7, 0x36, 0xD3, 0x99, 0x1B, 0xD7, 0xEA, 0xA3,
817 0xA8, 0x94, 0xFF, 0x93, 0x46, 0x7C, 0x2C, 0x5F,
818 0x87, 0x8C, 0x38, 0xB3, 0x7B, 0xC6, 0x49, 0xE2,
819 0x88, 0xCA, 0x67, 0x89, 0xD0, 0x6D, 0x7C, 0xAE,
820 0x7C, 0x98, 0x84, 0xDA, 0x6B, 0x93, 0x92, 0xEF,
821 0x4A, 0xD1, 0x4A, 0xD2, 0x5B, 0x13, 0xF8, 0x59,
822 0x15, 0x2E, 0xBC, 0x70, 0x8D, 0x2D, 0xA9, 0x47,
823 0xA1, 0x99, 0x19, 0x3F, 0x67, 0xE8, 0x18, 0xA7,
824 0x17, 0x07, 0xB3, 0x14, 0xF6, 0x20, 0xA1, 0xD8,
825 0x33, 0xE8, 0x08, 0x6A, 0xC1, 0x39, 0x99, 0x08,
826 0xB4, 0x88, 0xEB, 0x48, 0x7D, 0xFB, 0xF5, 0xEF,
827 0x03, 0x0D, 0x25, 0xB7, 0x98, 0xF3, 0xF1, 0x15,
828 0x63, 0xE4, 0x0F, 0xFD, 0x54, 0x9F, 0x56, 0xE9,
829 0xD1, 0x44, 0xE5, 0x89, 0x66, 0x14, 0x91, 0x1C,
830 0xFD, 0xD6, 0xFD, 0x38, 0xAE, 0x39, 0xE3, 0xF7,
831 0xCD, 0x77, 0xC2, 0xEA, 0x2E, 0xE4, 0xB7, 0x2B,
832 0xBA, 0x7A, 0xD1, 0x75, 0xB8, 0x28, 0x65, 0x18,
833 0xF4, 0xC6, 0xBD, 0xD0, 0x17, 0x7E, 0xEA, 0x86,
834 0x7E, 0xFC, 0x95, 0xD6, 0x4C, 0x92, 0x01, 0xC3,
835 0xFF, 0x04, 0x9B, 0xF8, 0xD6, 0xB3, 0x8F, 0x72,
836 0xEF, 0x64, 0x09, 0x61, 0xF8, 0xE4, 0x48, 0xFC,
837 0x0D, 0xEE, 0xEF, 0xA2, 0x9F, 0x3A, 0x2B, 0x1A,
838 0xFB, 0x8B, 0xA0, 0x9C, 0x11, 0x0B, 0x97, 0x75,
839 0x30, 0x7C, 0xB8, 0x9F, 0xEE, 0x3B, 0x53, 0x85,
840 0x7D, 0xE9, 0xCB, 0xC4, 0x4D, 0xD7, 0x7F, 0x59,
841 0x10, 0x72, 0x19, 0x3A, 0xC9, 0x38, 0xFE, 0xE8,
842 0xB3, 0x06, 0x55, 0x8D, 0xA2, 0x5A, 0x3D, 0x79,
843 0x67, 0x0E, 0x90, 0xC9, 0x25, 0x6D, 0x45, 0x9C,
844 0x39, 0x79, 0x5F, 0x18, 0x35, 0x9F, 0xC1, 0x49,
845 0x08, 0x6F, 0x1C, 0x47, 0x09, 0x0D, 0x49, 0x7C,
846 0x3C, 0x7B, 0xB1, 0x09, 0x92, 0x1C, 0x4E, 0x5A,
847 0xDA, 0x74, 0x9E, 0xBB, 0x55, 0x9D, 0xBB, 0x1E,
848 0x43, 0x28, 0x62, 0xAF, 0x02, 0xB0, 0x1A, 0xEA,
849 0x13, 0x0A, 0x70, 0x0F, 0x60, 0x0F, 0x62, 0xA2,
850 0x4E, 0x1F, 0xB2, 0xEA, 0x06, 0xDD, 0x18, 0x02,
851 0x6C, 0xF3, 0x82, 0xF1, 0x80, 0x7F, 0xA7, 0x2F,
852 0xCC, 0xC6, 0x18, 0xEA, 0xFF, 0x1F, 0xAD, 0xC6,
853 0xBA, 0x0C, 0x0E, 0x04, 0xB2, 0x58, 0x1D, 0xB6,
854 0x01, 0xA3, 0x97, 0xDF, 0x7D, 0x9B, 0xB5, 0x0A,
855 0xAD, 0x30, 0x2B, 0xC5, 0x67, 0x40, 0x07, 0xF1,
856 0xD5, 0x6C, 0x11, 0x10, 0xE1, 0x69, 0x30, 0xAD,
857 0x90, 0x06, 0xDB, 0xF8, 0xEA, 0x92, 0x9B, 0x39,
858 0x57, 0x38, 0x7B, 0xE4, 0xB2, 0xA2, 0x89, 0xFD,
859 0xB1, 0x6D, 0x88, 0x41, 0x62, 0x4D, 0x18, 0xB6,
860 0x3F, 0x12, 0x81, 0xDE, 0xE6, 0xDC, 0x4A, 0x31,
861 0x61, 0x26, 0xB1, 0x4B, 0x95, 0xC1, 0x69, 0xDC,
862 0xDC, 0xAC, 0xD0, 0x15, 0xFC, 0x21, 0xC5, 0x20,
863 0x5F, 0x97, 0x76, 0x41, 0xC1, 0xF2, 0xD7, 0x95,
864 0x1D, 0x25, 0x23, 0x36, 0x86, 0xFA, 0x7E, 0xF4,
865 0x14, 0x9F, 0x9D, 0x9F, 0xB2, 0xBB, 0x25, 0x1D,
866 0xD5, 0x7A, 0x6F, 0x9E, 0xF7, 0xEF, 0x9D, 0x63,
867 0x1E, 0xD5, 0xDE, 0x6A, 0xE6, 0x46, 0x48, 0x1F,
868 0xE1, 0x0C, 0x4D, 0x82, 0xC9, 0x19, 0x3B, 0x65,
869 0xA4, 0x06, 0x13, 0xB7, 0x04, 0xB1, 0x62, 0xF7,
870 0x08, 0xAE, 0xED, 0x42, 0x6D, 0xCC, 0x6C, 0xA6,
871 0x06, 0x06, 0x41, 0x3E, 0x0C, 0x89, 0x4C, 0xBD,
872 0x00, 0x4F, 0x0E, 0xA9, 0x72, 0x06, 0x21, 0x82,
873 0xD2, 0xB6, 0x6C, 0xB0, 0xB0, 0x01, 0x5B, 0xDD,
874 0x05, 0xCE, 0x71, 0x6E, 0x00, 0x58, 0xC7, 0xA6,
875 0x5B, 0xF6, 0xFB, 0x6B, 0x62, 0xB1, 0xE8, 0x4D,
876 0xAC, 0xC0, 0x6B, 0xF4, 0x40, 0x69, 0xEE, 0x0D,
877 0xE7, 0x82, 0x61, 0x8D, 0x35, 0x01, 0x97, 0x4E,
878 0xF2, 0xCC, 0xF5, 0x7F, 0xBF, 0xE4, 0xEC, 0x9C,
879 0xC4, 0xD2, 0xD9, 0x65, 0x78, 0x98, 0xD8, 0xB0,
880 0xFA, 0xA8, 0xFB, 0xB0, 0xCE, 0x22, 0x5D, 0x0B,
881 0x27, 0xDF, 0x0E, 0x63, 0x42, 0xFE, 0x89, 0x13,
882 0x99, 0xB2, 0x02, 0x0B, 0xF6, 0x04, 0xB6, 0xAF,
883 0x9F, 0x8C, 0xA6, 0x17, 0x0D, 0xD9, 0x5B, 0x45,
884 0xE4, 0x08, 0x53, 0x51, 0xE0, 0xD5, 0x22, 0x72,
885 0xBE, 0xAD, 0x74, 0x69, 0xB9, 0xFB, 0x91, 0xF8,
886 0xC1, 0x89, 0x28, 0x71, 0x27, 0x62, 0xB1, 0xF0,
887 0xFD, 0x78, 0xBC, 0x82, 0xFE, 0x76, 0xBE, 0x7B,
888 0x47, 0x79, 0x32, 0x71, 0xAD, 0xD6, 0x76, 0x46,
889 0xFB, 0x32, 0xE8, 0x4B, 0x98, 0x9A, 0xC6, 0x85,
890 0xF2, 0xF1, 0x8A, 0xEC, 0xC2, 0x4E, 0x9B, 0x2F,
891 0x2D, 0x6F, 0xC9, 0x9B, 0xB6, 0x14, 0x35, 0x6D,
892 0xD6, 0x5B, 0xF3, 0x02, 0x5A, 0xE5, 0xBD, 0x00,
893 0xF7, 0x6E, 0x51, 0xA7, 0xDB, 0x19, 0xAE, 0x01,
894 0x01, 0x05, 0x94, 0x23, 0xF7, 0x5B, 0x07, 0x79,
895 0xFF, 0x39, 0x58, 0x9C, 0x2A, 0xF7, 0x7E, 0x5D,
896 0x81, 0xF9, 0x59, 0xFE, 0xB9, 0x9A, 0x96, 0x63,
897 0x1F, 0x65, 0xF6, 0xF0, 0x3D, 0xEA, 0xD7, 0xC2,
898 0x8A, 0xCF, 0xB5, 0x58, 0x74, 0x77, 0x23, 0xD6,
899 0x72, 0x58, 0xA8, 0xAE, 0x31, 0x8A, 0x59, 0xEA,
900 0x69, 0x14, 0x6A, 0x20, 0x78, 0x79, 0x28, 0x5A,
901 0xE1, 0x76, 0x6F, 0xA6, 0x1A, 0x9E, 0x47, 0xD2,
902 0xAF, 0x63, 0xF8, 0x06, 0xF6, 0xD8, 0xD5, 0x14,
903 0xA8, 0xD1, 0xEE, 0x96, 0xCE, 0xBB, 0x8E, 0x22,
904 0x69, 0x2F, 0x52, 0x06, 0xB6, 0x6F, 0xC8, 0x99,
905 0x96, 0xEA, 0xC6, 0x1D, 0x96, 0x4C, 0x69, 0x95,
906 0xFE, 0x74, 0x04, 0x3C, 0x55, 0xD9, 0x5F, 0xE0,
907 0x41, 0x21, 0x43, 0x21, 0x5A, 0x50, 0x5D, 0x8B,
908 0xE8, 0xB2, 0x51, 0x1B, 0x7C, 0x63, 0x50, 0xAE,
909 0x97, 0x4F, 0xBA, 0x7D, 0xF2, 0xB6, 0xB6, 0x16,
910 0x1D, 0x47, 0x9E, 0x19, 0x68, 0xD4, 0x6B, 0x2B,
911 0x75, 0xCD, 0xAE, 0x65, 0x33, 0x38, 0xF6, 0x6D,
912 0xC7, 0x3E, 0x46, 0x98, 0x9E, 0x98, 0x8B, 0x45,
913 0x11, 0xA7, 0x12, 0x05, 0xB0, 0x01, 0xC3, 0x51,
914 0xA0, 0xEE, 0x7C, 0x16, 0xD1, 0x42, 0x96, 0xC4,
915 0xF0, 0x7B, 0x71, 0xCD, 0x50, 0x38, 0xA4, 0xB0,
916 0x6E, 0x6F, 0xE0, 0xBD, 0xC4, 0xF7, 0x96, 0x2B,
917 0xF1, 0x6D, 0x9F, 0xF3, 0x71, 0x89, 0xFA, 0xB4,
918 0x44, 0xA4, 0x32, 0xDC, 0xB2, 0x55, 0x13, 0x31,
919 0x83, 0x29, 0x66, 0x21, 0x3E, 0x89, 0xF8, 0x78,
920 0x97, 0x9C, 0x64, 0xF9, 0x2C, 0x0A, 0x88, 0xBC,
921 0xCA, 0x6F, 0x83, 0x42, 0xF6, 0xD7, 0x00, 0xC4,
922 0x19, 0x52, 0xB0, 0x31, 0xA8, 0xBA, 0xE8, 0xD4,
923 0xAD, 0x4B, 0x5D, 0xC0, 0x01, 0x20, 0x6C, 0xBB,
924 0x1D, 0x9A, 0x1D, 0xD4, 0x19, 0xFD, 0x33, 0xAB,
925 0xA0, 0x54, 0x50, 0x91, 0xE9, 0x75, 0x5C, 0x7E,
926 0x7E, 0xB3, 0x24, 0x79, 0xAE, 0x10, 0x3C, 0xB4,
927 0xB7, 0x0A, 0x1D, 0x86, 0xAD, 0x06, 0x95, 0xCB,
928 0x84, 0x9B, 0x0E, 0x8B, 0x77, 0x7E, 0x3E, 0xD2,
929 0xA6, 0xDF, 0xAD, 0x4E, 0xFB, 0x69, 0x23, 0xAC,
930 0x7A, 0xCB, 0xAA, 0xB0, 0x22, 0xDD, 0xD2, 0xC6,
931 0xC7, 0xAD, 0xD7, 0xDE, 0xEC, 0x6F, 0x08, 0x41,
932 0x54, 0xD5, 0x52, 0xDC, 0x77, 0xE4, 0x72, 0xF9,
933 0x16, 0xB1, 0xC9, 0xAF, 0xB1, 0x3B, 0x18, 0x99,
934 0x20, 0x9F, 0x79, 0x63, 0x7B, 0x07, 0xC7, 0x35,
935 0xDF, 0xBB, 0xCE, 0x66, 0x93, 0x1B, 0xF5, 0x82,
936 0x25, 0x67, 0xC1, 0xF2, 0xF0, 0x89, 0x0F, 0xEF,
937 0x84, 0x0D, 0x63, 0xB6, 0x7B, 0xD0, 0x40, 0x8E,
938 0xDB, 0x94, 0xCC, 0x71, 0x3C, 0xDB, 0x36, 0x14,
939 0x34, 0xFD, 0xA0, 0xB0, 0xC1, 0x45, 0x31, 0xF8,
940 0x8D, 0xD8, 0x23, 0xB1, 0x05, 0x14, 0xA9, 0x55,
941 0x3A, 0x1A, 0x37, 0x48, 0x68, 0x89, 0x3F, 0x15,
942 0x25, 0xD4, 0x99, 0x53, 0x4C, 0x85, 0x98, 0x78,
943 0x1D, 0x35, 0x4A, 0x83, 0x79, 0x9A, 0x29, 0x90,
944 0x2B, 0x45, 0x76, 0x0C, 0x13, 0x80, 0x4A, 0xE0,
945 0x40, 0xED, 0x6B, 0x2E, 0x2A, 0x43, 0xA9, 0x28,
946 0xB0, 0x2F, 0x89, 0x01, 0x6B, 0x39, 0x8C, 0x5E,
947 0x80, 0x61, 0xD9, 0xEE, 0x0F, 0x41, 0x75, 0xB5,
948 0xAE, 0xB6, 0xC2, 0x42, 0x49, 0x8D, 0x89, 0xD8,
949 0xF4, 0x78, 0x1D, 0x90, 0x46, 0x26, 0x4C, 0x56,
950 0xB7, 0xC0, 0xD9, 0x98, 0x7B, 0x07, 0xA1, 0x20)
951 }
952 };
953
954 START_TEST(test_ntru_privkey)
955 {
956 rng_t *entropy;
957 ntru_drbg_t *drbg;
958 ntru_private_key_t *privkey;
959 ntru_public_key_t *pubkey;
960 ntru_param_set_t *params;
961 uint32_t strength;
962 chunk_t encoding, privkey_encoding, pubkey_encoding;
963
964 params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
965 privkey_tests[_i].id);
966 strength = params->sec_strength_len * BITS_PER_BYTE;
967 entropy = test_rng_create(privkey_tests[_i].entropy);
968 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, strength,
969 chunk_from_str("IKE NTRU-KE"), entropy);
970 ck_assert(drbg != NULL);
971
972 privkey = TEST_FUNCTION(ntru, ntru_private_key_create, drbg, params);
973 ck_assert(privkey);
974 ck_assert(privkey->get_id(privkey) == privkey_tests[_i].id);
975
976 privkey_encoding = privkey->get_encoding(privkey);
977 encoding = privkey_tests[_i].encoding;
978 ck_assert(chunk_equals(privkey_encoding, encoding));
979
980 /* load private key as a packed blob */
981 privkey->destroy(privkey);
982 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
983 drbg, chunk_empty);
984 ck_assert(privkey == NULL);
985
986 encoding = chunk_clone(encoding);
987 encoding.ptr[0] = NTRU_PUBKEY_TAG;
988 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
989 drbg, encoding);
990 ck_assert(privkey == NULL);
991
992 encoding.ptr[0] = NTRU_PRIVKEY_TRITS_TAG;
993 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
994 drbg, encoding);
995 if (params->is_product_form)
996 {
997 ck_assert(privkey == NULL);
998 }
999 else
1000 {
1001 ck_assert(privkey != NULL);
1002 privkey->destroy(privkey);
1003 }
1004
1005 encoding.ptr[0] = NTRU_PRIVKEY_INDICES_TAG;
1006 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1007 drbg, encoding);
1008 if (params->is_product_form)
1009 {
1010 ck_assert(privkey != NULL);
1011 privkey->destroy(privkey);
1012 }
1013 else
1014 {
1015 ck_assert(privkey == NULL);
1016 }
1017
1018 encoding.ptr[0] = NTRU_PRIVKEY_DEFAULT_TAG;
1019 encoding.ptr[1] = NTRU_OID_LEN - 1;
1020 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1021 drbg, encoding);
1022 ck_assert(privkey == NULL);
1023
1024 encoding.ptr[1] = NTRU_OID_LEN;
1025 encoding.ptr[2] = 0xff;
1026 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1027 drbg, encoding);
1028 ck_assert(privkey == NULL);
1029
1030 encoding.ptr[2] = params->oid[0];
1031 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1032 drbg, encoding);
1033 privkey_encoding = privkey->get_encoding(privkey);
1034 ck_assert(chunk_equals(privkey_encoding, encoding));
1035
1036 pubkey = privkey->get_public_key(privkey);
1037 pubkey_encoding = pubkey->get_encoding(pubkey);
1038
1039 encoding.ptr[0] = NTRU_PUBKEY_TAG;
1040 encoding.len = pubkey_encoding.len;
1041 ck_assert(chunk_equals(pubkey_encoding, encoding));
1042
1043 /* load public key as a packed blob */
1044 pubkey->destroy(pubkey);
1045 pubkey = TEST_FUNCTION(ntru, ntru_public_key_create_from_data,
1046 drbg, encoding);
1047 pubkey_encoding = pubkey->get_encoding(pubkey);
1048 ck_assert(chunk_equals(pubkey_encoding, encoding));
1049
1050 chunk_free(&encoding);
1051 privkey->destroy(privkey);
1052 pubkey->destroy(pubkey);
1053 drbg->destroy(drbg);
1054 entropy->destroy(entropy);
1055 }
1056 END_TEST
1057
1058 START_TEST(test_ntru_ke)
1059 {
1060 chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
1061 diffie_hellman_t *i_ntru, *r_ntru;
1062 char buf[10];
1063 int k, n, len;
1064
1065 k = (_i) / countof(parameter_sets);
1066 n = (_i) % countof(parameter_sets);
1067
1068 len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
1069 params[k].group);
1070 ck_assert(len == 8);
1071 ck_assert(streq(buf, params[k].group_name));
1072
1073 lib->settings->set_str(lib->settings,
1074 "libstrongswan.plugins.ntru.parameter_set", parameter_sets[n]);
1075
1076 i_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1077 ck_assert(i_ntru != NULL);
1078 ck_assert(i_ntru->get_dh_group(i_ntru) == params[k].group);
1079
1080 i_ntru->get_my_public_value(i_ntru, &pub_key);
1081 ck_assert(pub_key.len > 0);
1082
1083 r_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1084 ck_assert(r_ntru != NULL);
1085
1086 r_ntru->set_other_public_value(r_ntru, pub_key);
1087 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1088 ck_assert(cipher_text.len > 0);
1089
1090 ck_assert(r_ntru->get_shared_secret(r_ntru, &r_shared_secret));
1091 ck_assert(r_shared_secret.len > 0);
1092
1093 i_ntru->set_other_public_value(i_ntru, cipher_text);
1094 ck_assert(i_ntru->get_shared_secret(i_ntru, &i_shared_secret));
1095 ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
1096
1097 chunk_clear(&i_shared_secret);
1098 chunk_clear(&r_shared_secret);
1099 chunk_free(&pub_key);
1100 chunk_free(&cipher_text);
1101 i_ntru->destroy(i_ntru);
1102 r_ntru->destroy(r_ntru);
1103 }
1104 END_TEST
1105
1106 START_TEST(test_ntru_retransmission)
1107 {
1108 diffie_hellman_t *i_ntru;
1109 chunk_t pub_key1, pub_key2;
1110
1111 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
1112 i_ntru->get_my_public_value(i_ntru, &pub_key1);
1113 i_ntru->get_my_public_value(i_ntru, &pub_key2);
1114 ck_assert(chunk_equals(pub_key1, pub_key2));
1115
1116 chunk_free(&pub_key1);
1117 chunk_free(&pub_key2);
1118 i_ntru->destroy(i_ntru);
1119 }
1120 END_TEST
1121
1122 chunk_t oid_tests[] = {
1123 { NULL, 0 },
1124 chunk_from_chars(0x00),
1125 chunk_from_chars(0x01),
1126 chunk_from_chars(0x02),
1127 chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
1128 chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
1129 chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
1130 chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
1131 };
1132
1133 START_TEST(test_ntru_pubkey_oid)
1134 {
1135 diffie_hellman_t *r_ntru;
1136 chunk_t cipher_text;
1137
1138 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1139 r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
1140 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1141 ck_assert(cipher_text.len == 0);
1142 r_ntru->destroy(r_ntru);
1143 }
1144 END_TEST
1145
1146 START_TEST(test_ntru_wrong_set)
1147 {
1148 diffie_hellman_t *i_ntru, *r_ntru;
1149 chunk_t pub_key, cipher_text;
1150
1151 lib->settings->set_str(lib->settings,
1152 "libstrongswan.plugins.ntru.parameter_set",
1153 "x9_98_bandwidth");
1154 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1155 i_ntru->get_my_public_value(i_ntru, &pub_key);
1156
1157 lib->settings->set_str(lib->settings,
1158 "libstrongswan.plugins.ntru.parameter_set",
1159 "optimum");
1160 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1161 r_ntru->set_other_public_value(r_ntru, pub_key);
1162 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1163 ck_assert(cipher_text.len == 0);
1164
1165 chunk_free(&pub_key);
1166 chunk_free(&cipher_text);
1167 i_ntru->destroy(i_ntru);
1168 r_ntru->destroy(r_ntru);
1169 }
1170 END_TEST
1171
1172 START_TEST(test_ntru_ciphertext)
1173 {
1174 char buf_00[604], buf_ff[604];
1175
1176 chunk_t test[] = {
1177 chunk_empty,
1178 chunk_from_chars(0x00),
1179 chunk_create(buf_00, sizeof(buf_00)),
1180 chunk_create(buf_ff, sizeof(buf_ff)),
1181 };
1182
1183 diffie_hellman_t *i_ntru;
1184 chunk_t pub_key, shared_secret;
1185 int i;
1186
1187 memset(buf_00, 0x00, sizeof(buf_00));
1188 memset(buf_ff, 0xff, sizeof(buf_ff));
1189
1190 for (i = 0; i < countof(test); i++)
1191 {
1192 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1193 i_ntru->get_my_public_value(i_ntru, &pub_key);
1194 i_ntru->set_other_public_value(i_ntru, test[i]);
1195 ck_assert(!i_ntru->get_shared_secret(i_ntru, &shared_secret));
1196 ck_assert(shared_secret.len == 0);
1197
1198 chunk_free(&pub_key);
1199 i_ntru->destroy(i_ntru);
1200 }
1201 }
1202 END_TEST
1203
1204 START_TEST(test_ntru_wrong_ciphertext)
1205 {
1206 diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
1207 chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
1208
1209 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1210 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1211 m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1212
1213 i_ntru->get_my_public_value(i_ntru, &pub_key_i);
1214 m_ntru->get_my_public_value(m_ntru, &pub_key_m);
1215 r_ntru->set_other_public_value(r_ntru, pub_key_m);
1216 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1217 i_ntru->set_other_public_value(i_ntru, cipher_text);
1218 ck_assert(!i_ntru->get_shared_secret(i_ntru, &shared_secret));
1219 ck_assert(shared_secret.len == 0);
1220
1221 chunk_free(&pub_key_i);
1222 chunk_free(&pub_key_m);
1223 chunk_free(&cipher_text);
1224 i_ntru->destroy(i_ntru);
1225 m_ntru->destroy(m_ntru);
1226 r_ntru->destroy(r_ntru);
1227 }
1228 END_TEST
1229
1230 Suite *ntru_suite_create()
1231 {
1232 Suite *s;
1233 TCase *tc;
1234
1235 s = suite_create("ntru");
1236
1237 tc = tcase_create("drbg_strength");
1238 tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
1239 suite_add_tcase(s, tc);
1240
1241 tc = tcase_create("drbg");
1242 tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
1243 suite_add_tcase(s, tc);
1244
1245 tc = tcase_create("drgb_reseed");
1246 tcase_add_test(tc, test_ntru_drbg_reseed);
1247 suite_add_tcase(s, tc);
1248
1249 tc = tcase_create("trits");
1250 tcase_add_loop_test(tc, test_ntru_trits, 0, countof(trits_tests));
1251 suite_add_tcase(s, tc);
1252
1253 tc = tcase_create("poly");
1254 tcase_add_loop_test(tc, test_ntru_poly, 0, countof(trits_tests));
1255 suite_add_tcase(s, tc);
1256
1257 tc = tcase_create("ring_mult");
1258 tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests));
1259 suite_add_tcase(s, tc);
1260
1261 tc = tcase_create("array");
1262 tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests));
1263 suite_add_tcase(s, tc);
1264
1265 tc = tcase_create("param_set");
1266 tcase_add_test(tc, test_ntru_param_set);
1267 suite_add_tcase(s, tc);
1268
1269 tc = tcase_create("privkey");
1270 tcase_add_loop_test(tc, test_ntru_privkey, 0, countof(privkey_tests));
1271 suite_add_tcase(s, tc);
1272
1273 tc = tcase_create("ke");
1274 tcase_add_loop_test(tc, test_ntru_ke, 0,
1275 countof(params) * countof(parameter_sets));
1276 suite_add_tcase(s, tc);
1277
1278 tc = tcase_create("retransmission");
1279 tcase_add_test(tc, test_ntru_retransmission);
1280 suite_add_tcase(s, tc);
1281
1282 tc = tcase_create("pubkey_oid");
1283 tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
1284 suite_add_tcase(s, tc);
1285
1286 tc = tcase_create("wrong_set");
1287 tcase_add_test(tc, test_ntru_wrong_set);
1288 suite_add_tcase(s, tc);
1289
1290 tc = tcase_create("ciphertext");
1291 tcase_add_test(tc, test_ntru_ciphertext);
1292 suite_add_tcase(s, tc);
1293
1294 tc = tcase_create("wrong_ciphertext");
1295 tcase_add_test(tc, test_ntru_wrong_ciphertext);
1296 suite_add_tcase(s, tc);
1297 return s;
1298 }