unit-tests: Call functions with TEST_ prefix in ntru test
[strongswan.git] / src / libstrongswan / tests / suites / test_ntru.c
1 /*
2 * Copyright (C) 2013-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <tests/utils/test_rng.h>
19 #include <plugins/ntru/ntru_drbg.h>
20 #include <plugins/ntru/ntru_mgf1.h>
21 #include <plugins/ntru/ntru_trits.h>
22 #include <plugins/ntru/ntru_poly.h>
23 #include <plugins/ntru/ntru_param_set.h>
24 #include <plugins/ntru/ntru_private_key.h>
25 #include <utils/test.h>
26
27 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
28 u_int32_t strength, chunk_t pers_str, rng_t *entropy)
29
30 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create, ntru_mgf1_t*,
31 hash_algorithm_t alg, chunk_t seed, bool hash_seed)
32
33 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
34 size_t len, hash_algorithm_t alg, chunk_t seed)
35
36 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
37 hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
38 uint16_t N, uint16_t q, uint32_t indices_len_p,
39 uint32_t indices_len_m, bool is_product_form)
40
41 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
42 u_int16_t *data, uint16_t N, uint16_t q,
43 uint32_t indices_len_p, uint32_t indices_len_m,
44 bool is_product_form)
45
46 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_param_set_get_by_id, ntru_param_set_t* ,
47 ntru_param_set_id_t id)
48
49 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create, ntru_private_key_t*,
50 ntru_drbg_t *drbg, ntru_param_set_t *params)
51
52 /**
53 * NTRU parameter sets to test
54 */
55 static struct {
56 diffie_hellman_group_t group;
57 char *group_name;
58 } params[] = {
59 { NTRU_112_BIT, "NTRU_112" },
60 { NTRU_128_BIT, "NTRU_128" },
61 { NTRU_192_BIT, "NTRU_192" },
62 { NTRU_256_BIT, "NTRU_256" }
63 };
64
65 /**
66 * NTRU parameter set selection
67 */
68 char *parameter_sets[] = {
69 "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
70 };
71
72 typedef struct {
73 u_int32_t requested;
74 u_int32_t standard;
75 }strength_t;
76
77 strength_t strengths[] = {
78 { 80, 112 },
79 { 112, 112 },
80 { 120, 128 },
81 { 128, 128 },
82 { 150, 192 },
83 { 192, 192 },
84 { 200, 256 },
85 { 256, 256 },
86 { 512, 0 }
87 };
88
89 START_TEST(test_ntru_drbg_strength)
90 {
91 ntru_drbg_t *drbg;
92 rng_t *entropy;
93
94 entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
95 ck_assert(entropy != NULL);
96
97 drbg = TEST_ntru_drbg_create(strengths[_i].requested, chunk_empty, entropy);
98 if (strengths[_i].standard)
99 {
100 ck_assert(drbg != NULL);
101 ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
102 drbg->destroy(drbg);
103 }
104 else
105 {
106 ck_assert(drbg == NULL);
107 }
108 entropy->destroy(entropy);
109 }
110 END_TEST
111
112 typedef struct {
113 chunk_t pers_str;
114 chunk_t entropy;
115 chunk_t out;
116 } drbg_test_t;
117
118 /**
119 * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
120 */
121 drbg_test_t drbg_tests[] = {
122 /* SHA-256 test case 1 - count 0 */
123 { { NULL, 0 },
124 chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
125 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
126 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
127 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
128 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
129 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
130 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
131 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
132 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
133 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
134 chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
135 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
136 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
137 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
138 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
139 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
140 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
141 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
142 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
143 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
144 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
145 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
146 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
147 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
148 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
149 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
150 },
151 /* SHA-256 test case 3 - count 0 */
152 { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
153 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
154 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
155 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
156 chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
157 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
158 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
159 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
160 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
161 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
162 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
163 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
164 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
165 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
166 chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
167 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
168 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
169 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
170 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
171 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
172 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
173 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
174 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
175 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
176 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
177 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
178 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
179 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
180 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
181 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
182 },
183 /* SHA-256 test case 5 - count 0 */
184 { { NULL, 0 },
185 chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
186 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
187 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
188 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
189 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
190 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
191 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
192 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
193 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
194 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
195 chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
196 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
197 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
198 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
199 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
200 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
201 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
202 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
203 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
204 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
205 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
206 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
207 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
208 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
209 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
210 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
211 },
212 /* SHA-256 test case 7 - count 0 */
213 { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
214 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
215 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
216 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
217 chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
218 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
219 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
220 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
221 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
222 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
223 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
224 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
225 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
226 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
227 chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
228 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
229 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
230 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
231 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
232 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
233 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
234 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
235 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
236 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
237 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
238 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
239 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
240 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
241 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
242 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
243 }
244 };
245
246 START_TEST(test_ntru_drbg)
247 {
248 ntru_drbg_t *drbg;
249 rng_t *entropy;
250 chunk_t out;
251
252 out = chunk_alloc(128);
253 entropy = test_rng_create(drbg_tests[_i].entropy);
254 drbg = TEST_ntru_drbg_create(256, drbg_tests[_i].pers_str, entropy);
255 ck_assert(drbg != NULL);
256 ck_assert(drbg->reseed(drbg));
257 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
258 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
259 ck_assert(chunk_equals(out, drbg_tests[_i].out));
260 drbg->destroy(drbg);
261 entropy->destroy(entropy);
262 chunk_free(&out);
263 }
264 END_TEST
265
266 START_TEST(test_ntru_drbg_reseed)
267 {
268 ntru_drbg_t *drbg;
269 rng_t *entropy;
270 chunk_t out;
271
272 lib->settings->set_int(lib->settings,
273 "libstrongswan.plugins.ntru.max_drbg_requests", 2);
274 out = chunk_alloc(128);
275 entropy = test_rng_create(drbg_tests[0].entropy);
276 drbg = TEST_ntru_drbg_create(256, chunk_empty, entropy);
277
278 /* bad output parameters */
279 ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
280 ck_assert(!drbg->generate(drbg, 256, 128, NULL));
281
282 /* no reseeding occurs */
283 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
284 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
285
286 /* consuming remaining entropy */
287 ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
288
289 /* no entropy available for automatic reseeding */
290 ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
291 drbg->destroy(drbg);
292
293 /* no entropy available for DRBG instantiation */
294 drbg = TEST_ntru_drbg_create(256, chunk_empty, entropy);
295 ck_assert(drbg == NULL);
296 entropy->destroy(entropy);
297
298 /* one automatic reseeding occurs */
299 entropy = test_rng_create(drbg_tests[0].entropy);
300 drbg = TEST_ntru_drbg_create(256, chunk_empty, entropy);
301 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
302 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
303 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
304
305 /* no entropy left */
306 ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
307
308 drbg->destroy(drbg);
309 entropy->destroy(entropy);
310 chunk_free(&out);
311 lib->settings->set_int(lib->settings,
312 "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
313 }
314 END_TEST
315
316 typedef struct {
317 uint8_t c_bits;
318 uint16_t N;
319 uint16_t q;
320 bool is_product_form;
321 uint32_t indices_len;
322 uint32_t indices_size;
323 uint16_t *indices;
324 } poly_test_t;
325
326 typedef struct {
327 hash_algorithm_t alg;
328 size_t hash_size;
329 size_t ml1, ml2, ml3, seed_len;
330 chunk_t seed;
331 chunk_t hashed_seed;
332 chunk_t mask;
333 chunk_t trits;
334 poly_test_t poly_test[2];
335 } mgf1_test_t;
336
337 uint16_t indices_ees439ep1[] = {
338 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150,
339 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315,
340 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336
341 };
342
343 uint16_t indices_ees613ep1[] = {
344 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395,
345 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94,
346 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
347 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388,
348 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
349 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
350 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297,
351 283, 268, 54, 539, 5
352 };
353
354 uint16_t indices_ees743ep1[] = {
355 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520,
356 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291,
357 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
358 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
359 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
360 };
361
362 uint16_t indices_ees1171ep1[] = {
363 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568,
364 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133,
365 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173,
366 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
367 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
368 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
369 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213,
370 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
371 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940,
372 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
373 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
374 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
375 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547,
376 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
377 536, 191
378 };
379
380 /**
381 * MGF1 Mask Generation Function Test Vectors
382 */
383 mgf1_test_t mgf1_tests[] = {
384 { HASH_SHA1, 20, 60, 20, 15, 24,
385 chunk_from_chars(
386 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
387 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
388 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
389 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
390 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
391 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
392 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
393 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
394 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
395 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
396 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
397 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
398 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
399 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
400 chunk_from_chars(
401 0xF3, 0x9B, 0x0B, 0xB4, 0x97, 0x50, 0xB5, 0xA7,
402 0xE6, 0xBD, 0xDA, 0xD0, 0x9A, 0x52, 0xBE, 0xA0,
403 0x21, 0xC4, 0x90, 0xB6),
404 chunk_from_chars(
405 0x10, 0x43, 0x76, 0x72, 0x6C, 0xDE, 0xA0, 0x0E,
406 0x77, 0x51, 0xFB, 0x58, 0x39, 0x8A, 0x36, 0xE1,
407 0x63, 0x2B, 0xC9, 0x17, 0x56, 0x0C, 0x4B, 0x46,
408 0xA4, 0x07, 0xA4, 0x3B, 0x8E, 0x33, 0x4D, 0xD1,
409 0x65, 0xF1, 0xAC, 0xC8, 0x59, 0x21, 0x32, 0x16,
410 0x44, 0x2B, 0x7F, 0xB2, 0xA8, 0xA7, 0x26, 0x5D,
411 0xE8, 0x02, 0xBE, 0x8E, 0xDC, 0x34, 0xEB, 0x10,
412 0x76, 0x16, 0x8C, 0xDD, 0x90, 0x92, 0x3D, 0x29,
413 0x90, 0x98, 0x46, 0x11, 0x73, 0x53, 0x47, 0xB1,
414 0x2C, 0xD4, 0x83, 0x78, 0x9B, 0x93, 0x2F, 0x5B,
415 0xFC, 0x26, 0xFF, 0x42, 0x08, 0x1F, 0x70, 0x66,
416 0x40, 0x4B, 0xE7, 0x22, 0x3A, 0x56, 0x10, 0x6D,
417 0x4D, 0x29, 0x0B, 0xCE, 0xA6, 0x21, 0xB5, 0x5C,
418 0x71, 0x66, 0x2F, 0x70, 0x35, 0xD8, 0x8A, 0x92,
419 0x33, 0xF0, 0x16, 0xD4, 0x0E, 0x43, 0x8A, 0x14),
420 chunk_from_chars(
421 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1,
422 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0,
423 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0,
424 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1,
425 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1,
426 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2,
427 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1,
428 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1,
429 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1,
430 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0,
431 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2,
432 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2,
433 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2,
434 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1,
435 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1,
436 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1,
437 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1,
438 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0,
439 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1,
440 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0,
441 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
442 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
443 {
444 { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
445 countof(indices_ees439ep1), indices_ees439ep1
446 },
447 { 11, 613, 2048, FALSE, 55,
448 countof(indices_ees613ep1), indices_ees613ep1
449 }
450 }
451 },
452 { HASH_SHA256, 32, 64, 32, 33, 40,
453 chunk_from_chars(
454 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
455 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
456 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
457 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
458 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
459 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
460 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
461 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
462 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
463 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
464 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
465 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
466 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
467 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
468 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
469 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
470 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
471 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
472 0x54, 0xEE, 0x20, 0xF0, 0x80),
473 chunk_from_chars(
474 0x76, 0x89, 0x8B, 0x1B, 0x60, 0xEC, 0x10, 0x9D,
475 0x8F, 0x13, 0xF2, 0xFE, 0xD9, 0x85, 0xC1, 0xAB,
476 0x7E, 0xEE, 0xB1, 0x31, 0xDD, 0xF7, 0x7F, 0x0C,
477 0x7D, 0xF9, 0x6B, 0x7B, 0x19, 0x80, 0xBD, 0x28),
478 chunk_from_chars(
479 0xF1, 0x19, 0x02, 0x4F, 0xDA, 0x58, 0x05, 0x9A,
480 0x07, 0xDF, 0x61, 0x81, 0x22, 0x0E, 0x15, 0x46,
481 0xCB, 0x35, 0x3C, 0xDC, 0xAD, 0x20, 0xD9, 0x3F,
482 0x0D, 0xD1, 0xAA, 0x64, 0x66, 0x5C, 0xFA, 0x4A,
483 0xFE, 0xD6, 0x8F, 0x55, 0x57, 0x15, 0xB2, 0xA6,
484 0xA0, 0xE6, 0xA8, 0xC6, 0xBD, 0x28, 0xB4, 0xD5,
485 0x6E, 0x5B, 0x4B, 0xB0, 0x97, 0x09, 0xF5, 0xAC,
486 0x57, 0x65, 0x13, 0x97, 0x71, 0x2C, 0x45, 0x13,
487 0x3D, 0xEE, 0xFB, 0xBF, 0xFE, 0xAF, 0xBB, 0x4B,
488 0x0D, 0x5C, 0x45, 0xD4, 0x2F, 0x17, 0x92, 0x07,
489 0x66, 0x11, 0xF5, 0x46, 0xF8, 0x0C, 0x03, 0x92,
490 0xF5, 0xF5, 0xFF, 0xA4, 0xF3, 0x52, 0xF4, 0x08,
491 0x2C, 0x49, 0x32, 0x1A, 0x93, 0x51, 0x98, 0xB6,
492 0x94, 0x83, 0x39, 0xCF, 0x6B, 0x1F, 0x2F, 0xFC,
493 0x2B, 0xFF, 0x10, 0x71, 0x7D, 0x35, 0x6C, 0xEA,
494 0xC5, 0x66, 0xC7, 0x26, 0x7D, 0x9E, 0xAC, 0xDD,
495 0x35, 0xD7, 0x06, 0x3F, 0x40, 0x82, 0xDA, 0xC3,
496 0x2B, 0x3C, 0x91, 0x3A, 0x32, 0xF8, 0xB2, 0xC6,
497 0x44, 0x4D, 0xCD, 0xB6, 0x54, 0x5F, 0x81, 0x95,
498 0x59, 0xA1, 0xE5, 0x4E, 0xA5, 0x0A, 0x4A, 0x42),
499 chunk_from_chars(
500 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0,
501 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1,
502 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1,
503 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0,
504 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2,
505 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0,
506 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1,
507 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2,
508 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0,
509 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2,
510 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0,
511 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1,
512 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0,
513 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0,
514 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0,
515 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2,
516 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0,
517 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0,
518 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1,
519 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0,
520 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0,
521 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0,
522 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2,
523 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2,
524 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0,
525 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0,
526 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1,
527 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1,
528 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
529 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
530 {
531 { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
532 countof(indices_ees743ep1), indices_ees743ep1
533 },
534 { 12, 1171, 2048, FALSE, 106,
535 countof(indices_ees1171ep1), indices_ees1171ep1
536 }
537 }
538 }
539 };
540
541 START_TEST(test_ntru_mgf1)
542 {
543 ntru_mgf1_t *mgf1;
544 chunk_t mask, mask1, mask2, mask3;
545
546 mask1 = mgf1_tests[_i].mask;
547 mask2 = chunk_skip(mask1, mgf1_tests[_i].ml1);
548 mask3 = chunk_skip(mask2, mgf1_tests[_i].ml2);
549 mask1.len = mgf1_tests[_i].ml1;
550 mask2.len = mgf1_tests[_i].ml2;
551 mask3.len = mgf1_tests[_i].ml3;
552
553 mgf1 = TEST_ntru_mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
554 ck_assert(mgf1 == NULL);
555
556 mgf1 = TEST_ntru_mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
557 ck_assert(mgf1 == NULL);
558
559 /* return mask in allocated chunk */
560 mgf1 = TEST_ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
561 ck_assert(mgf1);
562
563 /* check hash size */
564 ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
565
566 /* get zero number of octets */
567 ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
568 ck_assert(mask.len == 0 && mask.ptr == NULL);
569
570 /* get non-zero number of octets */
571 ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
572 ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
573 mgf1->destroy(mgf1);
574
575 /* copy mask to pre-allocated buffer */
576 mgf1 = TEST_ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
577 ck_assert(mgf1);
578 ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
579 ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
580 mgf1->destroy(mgf1);
581
582 /* get mask in batches without hashing the seed */
583 mgf1 = TEST_ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed,
584 FALSE);
585 ck_assert(mgf1);
586
587 /* first batch */
588 ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
589 mask.len = mask1.len;
590 ck_assert(chunk_equals(mask, mask1));
591
592 /* second batch */
593 ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
594 mask.len = mask2.len;
595 ck_assert(chunk_equals(mask, mask2));
596
597 /* third batch */
598 ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
599 mask.len = mask3.len;
600 ck_assert(chunk_equals(mask, mask3));
601
602 mgf1->destroy(mgf1);
603 chunk_free(&mask);
604 }
605 END_TEST
606
607 START_TEST(test_ntru_trits)
608 {
609 ntru_trits_t *mask;
610 chunk_t trits;
611
612 mask = TEST_ntru_trits_create(mgf1_tests[_i].trits.len, HASH_UNKNOWN,
613 mgf1_tests[_i].seed);
614 ck_assert(mask == NULL);
615
616 mask = TEST_ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
617 chunk_empty);
618 ck_assert(mask == NULL);
619
620 mask = TEST_ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg,
621 mgf1_tests[_i].seed);
622 ck_assert(mask);
623
624 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
625 ck_assert(chunk_equals(trits, mgf1_tests[_i].trits));
626 mask->destroy(mask);
627
628 /* generate a multiple of 5 trits */
629 mask = TEST_ntru_trits_create(10, mgf1_tests[_i].alg, mgf1_tests[_i].seed);
630 ck_assert(mask);
631
632 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
633 ck_assert(chunk_equals(trits, chunk_create(mgf1_tests[_i].trits.ptr, 10)));
634 mask->destroy(mask);
635 }
636 END_TEST
637
638 START_TEST(test_ntru_poly)
639 {
640 ntru_poly_t *poly;
641 uint16_t *indices;
642 chunk_t seed;
643 poly_test_t *p;
644 int j, n;
645
646 seed = mgf1_tests[_i].seed;
647 seed.len = mgf1_tests[_i].seed_len;
648
649 p = &mgf1_tests[_i].poly_test[0];
650 poly = TEST_ntru_poly_create_from_seed(HASH_UNKNOWN, seed, p->c_bits, p->N,
651 p->q, p->indices_len, p->indices_len,
652 p->is_product_form);
653 ck_assert(poly == NULL);
654
655 for (n = 0; n < 2; n++)
656 {
657 p = &mgf1_tests[_i].poly_test[n];
658 poly = TEST_ntru_poly_create_from_seed(mgf1_tests[_i].alg, seed,
659 p->c_bits, p->N, p->q, p->indices_len,
660 p->indices_len, p->is_product_form);
661 ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
662
663 indices = poly->get_indices(poly);
664 for (j = 0; j < p->indices_size; j++)
665 {
666 ck_assert(indices[j] == p->indices[j]);
667 }
668 poly->destroy(poly);
669 }
670 }
671 END_TEST
672
673 typedef struct {
674 uint16_t N;
675 uint16_t q;
676 bool is_product_form;
677 uint32_t indices_len_p;
678 uint32_t indices_len_m;
679 uint16_t *indices;
680 uint16_t *a;
681 uint16_t *c;
682 } ring_mult_test_t;
683
684 uint16_t t1_indices[] = { 1, 6, 5, 3 };
685
686 uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 };
687 uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 };
688
689 uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 };
690 uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 };
691
692 uint16_t t3_a[] = { 4, 0, 0, 0, 0, 0, 0 };
693 uint16_t t3_c[] = { 0, 4, 0, 4, 0, 4, 4 };
694
695 uint16_t t4_a[] = { 0, 6, 0, 0, 0, 0, 0 };
696 uint16_t t4_c[] = { 6, 0, 6, 0, 2, 0, 2 };
697
698 uint16_t t5_a[] = { 4, 6, 0, 0, 0, 0, 0 };
699 uint16_t t5_c[] = { 6, 4, 6, 4, 2, 4, 6 };
700
701 uint16_t t6_a[] = { 0, 0, 3, 0, 0, 0, 0 };
702 uint16_t t6_c[] = { 5, 3, 0, 3, 0, 5, 0 };
703
704 uint16_t t7_a[] = { 4, 6, 3, 0, 0, 0, 0 };
705 uint16_t t7_c[] = { 3, 7, 6, 7, 2, 1, 6 };
706
707 uint16_t t8_a[] = { 0, 0, 0, 7, 0, 0, 0 };
708 uint16_t t8_c[] = { 0, 1, 7, 0, 7, 0, 1 };
709
710 uint16_t t9_a[] = { 4, 6, 3, 7, 0, 0, 0 };
711 uint16_t t9_c[] = { 3, 0, 5, 7, 1, 1, 7 };
712
713 uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 };
714 uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 };
715
716 uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 };
717 uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 };
718
719 uint16_t t2_indices[] = { 1, 6, 5, 2, 3 };
720
721 uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 };
722 uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 };
723 uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 };
724 uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 };
725 uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 };
726
727 uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 };
728
729 uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
730 uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 };
731
732 ring_mult_test_t ring_mult_tests[] = {
733 { 7, 8, FALSE, 2, 2, t1_indices, t1_a, t1_c },
734 { 7, 8, FALSE, 2, 2, t1_indices, t2_a, t2_c },
735 { 7, 8, FALSE, 2, 2, t1_indices, t3_a, t3_c },
736 { 7, 8, FALSE, 2, 2, t1_indices, t4_a, t4_c },
737 { 7, 8, FALSE, 2, 2, t1_indices, t5_a, t5_c },
738 { 7, 8, FALSE, 2, 2, t1_indices, t6_a, t6_c },
739 { 7, 8, FALSE, 2, 2, t1_indices, t7_a, t7_c },
740 { 7, 8, FALSE, 2, 2, t1_indices, t8_a, t8_c },
741 { 7, 8, FALSE, 2, 2, t1_indices, t9_a, t9_c },
742 { 7, 8, FALSE, 2, 2, t1_indices, t10_a, t10_c },
743 { 7, 8, FALSE, 2, 2, t1_indices, t11_a, t11_c },
744 { 7, 8, FALSE, 3, 2, t2_indices, t1_a, t12_c },
745 { 7, 8, FALSE, 2, 3, t2_indices, t1_a, t13_c },
746 { 7, 32, FALSE, 2, 2, t1_indices, t1_a, t14_c },
747 { 7, 2048, FALSE, 2, 2, t1_indices, t2_a, t15_c },
748 { 7, 32768, FALSE, 2, 2, t1_indices, t2_a, t16_c },
749 { 11, 8, TRUE, 197121, 197121, t3_indices, t17_a, t17_c },
750 };
751
752 START_TEST(test_ntru_ring_mult)
753 {
754 ntru_poly_t *poly;
755 ring_mult_test_t *t;
756 uint16_t *c;
757 int i;
758
759 t = &ring_mult_tests[_i];
760 poly = TEST_ntru_poly_create_from_data(t->indices, t->N, t->q,
761 t->indices_len_p, t->indices_len_m, t->is_product_form);
762 ck_assert(poly != NULL);
763
764 c = malloc(t->N * sizeof(uint16_t));
765 poly->ring_mult(poly, t->a, c);
766
767 for (i = 0; i < t->N; i++)
768 {
769 ck_assert(c[i] == t->c[i]);
770 }
771
772 free(c);
773 poly->destroy(poly);
774 }
775 END_TEST
776
777 int array_tests[] = { 0, 11, 12, 16 };
778
779 START_TEST(test_ntru_array)
780 {
781 ntru_poly_t *poly;
782 ring_mult_test_t *t;
783 uint16_t *c;
784 int i;
785
786 t = &ring_mult_tests[array_tests[_i]];
787
788 poly = TEST_ntru_poly_create_from_data(t->indices, t->N, t->q,
789 t->indices_len_p, t->indices_len_m, t->is_product_form);
790 ck_assert(poly != NULL);
791
792 c = malloc(t->N * sizeof(uint16_t));
793 poly->get_array(poly, c);
794
795 for (i = 0; i < t->N; i++)
796 {
797 ck_assert(c[i] == t->c[i]);
798 }
799
800 free(c);
801 poly->destroy(poly);
802 }
803 END_TEST
804
805 START_TEST(test_ntru_param_set)
806 {
807 ck_assert(TEST_ntru_param_set_get_by_id(-1) == NULL);
808 ck_assert(TEST_ntru_param_set_get_by_id(16) == NULL);
809 }
810 END_TEST
811
812 typedef struct {
813 ntru_param_set_id_t id;
814 chunk_t entropy;
815 chunk_t encoding;
816 } privkey_test_t;
817
818 privkey_test_t privkey_tests[] = {
819 {
820 NTRU_EES401EP1,
821 chunk_from_chars(
822 0x0C, 0x2F, 0x24, 0xE1, 0xA4, 0x81, 0x26, 0xA2,
823 0x6C, 0xEA, 0xCD, 0x1A, 0xF3, 0xEB, 0x3D, 0xBF,
824 0xEA, 0xAE, 0xC3, 0x0D, 0xC1),
825 chunk_from_chars(
826 0x02, 0x03, 0x00, 0x02, 0x04, 0x3E, 0xF3, 0xCB,
827 0x7A, 0x58, 0x13, 0x75, 0xBB, 0x87, 0xF5, 0xBF,
828 0x2E, 0x18, 0xAE, 0x03, 0xAF, 0xB8, 0x33, 0x85,
829 0xD8, 0xBF, 0x8A, 0xB5, 0x8C, 0xA6, 0xDF, 0x03,
830 0x90, 0x1E, 0xE4, 0x83, 0xA4, 0x95, 0x40, 0xB5,
831 0x08, 0x92, 0x29, 0xD8, 0x83, 0xA8, 0x42, 0xB2,
832 0x69, 0xC2, 0x00, 0x8B, 0xAE, 0x80, 0x00, 0x4F,
833 0x3D, 0xDD, 0xFB, 0xDB, 0x9A, 0xD8, 0x0F, 0xFF,
834 0xBC, 0x21, 0xD5, 0xE6, 0x04, 0x9C, 0xDD, 0x3B,
835 0x2D, 0x16, 0x4B, 0xC7, 0x3D, 0xBE, 0xDE, 0xBB,
836 0x6F, 0xF4, 0x8A, 0x31, 0xCD, 0x23, 0x19, 0xC2,
837 0x3C, 0xE1, 0xE2, 0xEE, 0xE4, 0xE7, 0x2E, 0xFC,
838 0x5C, 0xDD, 0xAD, 0x0C, 0x9D, 0x98, 0xC5, 0x18,
839 0x2A, 0x80, 0x21, 0x93, 0x61, 0xC4, 0x9A, 0x16,
840 0xE8, 0x9B, 0xF7, 0x3B, 0x6D, 0x06, 0x91, 0x9E,
841 0x71, 0x59, 0xBE, 0x8E, 0x65, 0x61, 0xB2, 0x69,
842 0x9C, 0x82, 0x58, 0x0D, 0x63, 0x7A, 0x1F, 0x2A,
843 0x1C, 0x2C, 0x92, 0x8C, 0x8D, 0xCA, 0x2B, 0x45,
844 0x24, 0x79, 0xDB, 0x7F, 0x1D, 0x2F, 0xAB, 0x88,
845 0x8C, 0x1D, 0xE3, 0x15, 0x8F, 0xCD, 0x46, 0x8C,
846 0x45, 0x20, 0x88, 0x1C, 0x17, 0xE0, 0xE5, 0x89,
847 0xF4, 0x60, 0x56, 0x3C, 0x6B, 0x9F, 0x2A, 0xD9,
848 0xD0, 0xAE, 0x3B, 0xB6, 0xC2, 0xB7, 0x58, 0xC6,
849 0x6E, 0x09, 0x36, 0x21, 0x0B, 0xDD, 0xE9, 0x52,
850 0x33, 0x27, 0x39, 0xC8, 0x51, 0x59, 0x69, 0x25,
851 0xC6, 0x3D, 0x19, 0x5C, 0x5E, 0x74, 0xD0, 0x62,
852 0xD9, 0x26, 0x90, 0xC7, 0x64, 0x92, 0xA8, 0x72,
853 0xD1, 0x77, 0x1F, 0x78, 0xC5, 0x11, 0xBD, 0x5D,
854 0x3C, 0x1B, 0x1F, 0x8B, 0x5B, 0xE4, 0x5D, 0xA1,
855 0x27, 0x6D, 0x20, 0x24, 0x32, 0x53, 0xF3, 0xB0,
856 0xE6, 0x71, 0x61, 0xCC, 0xFC, 0x4A, 0x06, 0xDA,
857 0xBE, 0xD7, 0x9F, 0x2F, 0xEB, 0x44, 0xD0, 0x8A,
858 0x7D, 0x8E, 0x82, 0xF5, 0x84, 0xCF, 0x8E, 0xE5,
859 0x4B, 0xA4, 0x30, 0x77, 0xBD, 0x14, 0xB9, 0x75,
860 0x02, 0x68, 0xDF, 0x71, 0x89, 0x81, 0xF2, 0x95,
861 0xC3, 0x67, 0x6E, 0x37, 0xE4, 0xD0, 0xC9, 0x1E,
862 0x02, 0xDE, 0x2D, 0x79, 0x99, 0xE8, 0x7D, 0x5C,
863 0x99, 0xF2, 0x1A, 0xDE, 0x12, 0x9B, 0xD1, 0x83,
864 0x9B, 0x01, 0xD3, 0xEB, 0x2B, 0x8E, 0x9C, 0xA5,
865 0x19, 0xE8, 0x2E, 0xFE, 0x23, 0x6E, 0xAD, 0x8F,
866 0x3C, 0xAF, 0xB9, 0xE6, 0xDB, 0x07, 0xA4, 0x31,
867 0x02, 0x2B, 0x6A, 0xA0, 0xFB, 0x51, 0x6C, 0xD0,
868 0x26, 0xD5, 0xAD, 0x29, 0x65, 0x10, 0xCE, 0xF8,
869 0x84, 0x4D, 0x1E, 0x37, 0x92, 0xA2, 0xD1, 0xFA,
870 0xF6, 0xC0, 0x36, 0x4C, 0x23, 0x3A, 0x42, 0xAA,
871 0xB8, 0x0D, 0x4E, 0xD4, 0x40, 0x61, 0xD5, 0x36,
872 0x62, 0x23, 0x7C, 0x1C, 0x5E, 0xEA, 0x16, 0xAD,
873 0x4F, 0x30, 0xF9, 0x16, 0x99, 0xCE, 0xC5, 0x50,
874 0xAC, 0x8F, 0x6F, 0x98, 0xD7, 0xE3, 0x89, 0x6E,
875 0x3A, 0x12, 0xCE, 0xA7, 0xA4, 0x17, 0x74, 0xDC,
876 0xDB, 0xFA, 0xFF, 0xF9, 0x35, 0xD7, 0xF5, 0x77,
877 0x03, 0xF5, 0xBF, 0x81, 0x6C, 0x9F, 0x62, 0xA6,
878 0x8A, 0x5B, 0xA3, 0xEF, 0x9D, 0xC3, 0xF6, 0x3A,
879 0x6A, 0xC0, 0x42, 0x71, 0xAF, 0x90, 0xCA, 0x1D,
880 0x86, 0x78, 0xD7, 0x2C, 0xFE, 0xB6, 0x99, 0x15,
881 0x8C, 0x10, 0x42, 0x92, 0x2C, 0x05, 0x43, 0x92,
882 0x69, 0x05, 0x8D, 0x9E, 0xBC, 0xAB, 0x8F, 0x28,
883 0xAA, 0x4B, 0xFB, 0x25, 0xD9, 0xAD, 0x29, 0xFF,
884 0x33, 0x65, 0x14, 0xC3, 0x75, 0x1F, 0xCF, 0xFC,
885 0x20, 0x83, 0xBF, 0xB9, 0xA5, 0x4B, 0x7B, 0xD9,
886 0x07, 0x5C, 0xA1, 0xD1, 0x5A, 0x3E, 0x94, 0xF8,
887 0x03, 0xDE, 0xB8, 0x94, 0x11, 0x92, 0x80, 0x77,
888 0x57, 0x45, 0x1E, 0x6B, 0xA5, 0x15, 0xDB, 0x48,
889 0xB6, 0x9E, 0x02, 0xF1, 0x61, 0x4A, 0xAC, 0x1D,
890 0x49, 0xBC, 0xA9, 0x3F, 0x03, 0x50, 0xAC, 0x02,
891 0x8E, 0x84, 0xE0, 0x12, 0x37, 0x76, 0xBC, 0x4A,
892 0xF9, 0xC6, 0x74, 0x36, 0xFC, 0x92, 0x1D, 0x59,
893 0x0C, 0x04, 0xD2, 0x14, 0xB7, 0x11, 0xE9, 0xE2,
894 0xFE, 0x0C, 0xE1, 0xDA, 0x8B, 0xCA, 0x10, 0xA1,
895 0x60, 0xB6, 0x57, 0x51, 0x00, 0xD6, 0x5B, 0x55,
896 0x09, 0x60, 0xE8, 0x00, 0x40, 0x45, 0x56, 0xBA,
897 0x83, 0x1E, 0x36, 0x12, 0x59, 0x4B, 0x19, 0x00,
898 0x53, 0xAE, 0x62, 0xA6, 0x29, 0x39, 0xED, 0x87,
899 0x24, 0x37, 0x1E, 0x1B, 0xCF, 0x3F, 0x3A, 0x71,
900 0x31, 0xB5, 0x50, 0x8D, 0x4B, 0x53, 0x53, 0x75,
901 0x3F, 0x33, 0x39, 0x09, 0x2A, 0x78, 0xA8, 0x71,
902 0x3E, 0x63, 0xC5, 0x61, 0x73, 0xB6, 0xE1, 0x71,
903 0x16, 0xDA, 0x06, 0xBF, 0x3F, 0x22, 0x74, 0x89,
904 0x08, 0xD2, 0x05, 0x0B, 0x16, 0xC8, 0xF0, 0x17,
905 0x4E, 0xA2, 0x65, 0x67, 0x6D, 0x02)
906 },
907 {
908 NTRU_EES743EP1,
909 chunk_from_chars(
910 0x9B, 0xAB, 0x57, 0xDB, 0x2C, 0x60, 0x83, 0x48,
911 0x9F, 0xC9, 0x70, 0x8F, 0x69, 0xF7, 0xB4, 0xBB,
912 0x63, 0x5C, 0x9A, 0x63, 0x07, 0x80, 0x17, 0xD3,
913 0xCD, 0xB1, 0x57, 0x79, 0xFE, 0x8D, 0x81, 0x70,
914 0xEB, 0x50, 0xFA, 0x05, 0xFB, 0x97, 0xB2, 0xAB,
915 0x25, 0xED, 0xD8, 0x18, 0x1C, 0xFE, 0x96, 0x7D),
916 chunk_from_chars(
917 0x02, 0x03, 0x00, 0x06, 0x10, 0x14, 0x53, 0x73,
918 0x56, 0xF5, 0xA9, 0x34, 0xDE, 0xA6, 0x4D, 0x46,
919 0x05, 0x9E, 0x80, 0xAE, 0xB6, 0x74, 0x91, 0xFF,
920 0xFB, 0x48, 0xD3, 0x5C, 0x61, 0x12, 0x46, 0x02,
921 0x9F, 0x53, 0x45, 0x87, 0x47, 0xBD, 0x6B, 0x26,
922 0xF7, 0x36, 0xD3, 0x99, 0x1B, 0xD7, 0xEA, 0xA3,
923 0xA8, 0x94, 0xFF, 0x93, 0x46, 0x7C, 0x2C, 0x5F,
924 0x87, 0x8C, 0x38, 0xB3, 0x7B, 0xC6, 0x49, 0xE2,
925 0x88, 0xCA, 0x67, 0x89, 0xD0, 0x6D, 0x7C, 0xAE,
926 0x7C, 0x98, 0x84, 0xDA, 0x6B, 0x93, 0x92, 0xEF,
927 0x4A, 0xD1, 0x4A, 0xD2, 0x5B, 0x13, 0xF8, 0x59,
928 0x15, 0x2E, 0xBC, 0x70, 0x8D, 0x2D, 0xA9, 0x47,
929 0xA1, 0x99, 0x19, 0x3F, 0x67, 0xE8, 0x18, 0xA7,
930 0x17, 0x07, 0xB3, 0x14, 0xF6, 0x20, 0xA1, 0xD8,
931 0x33, 0xE8, 0x08, 0x6A, 0xC1, 0x39, 0x99, 0x08,
932 0xB4, 0x88, 0xEB, 0x48, 0x7D, 0xFB, 0xF5, 0xEF,
933 0x03, 0x0D, 0x25, 0xB7, 0x98, 0xF3, 0xF1, 0x15,
934 0x63, 0xE4, 0x0F, 0xFD, 0x54, 0x9F, 0x56, 0xE9,
935 0xD1, 0x44, 0xE5, 0x89, 0x66, 0x14, 0x91, 0x1C,
936 0xFD, 0xD6, 0xFD, 0x38, 0xAE, 0x39, 0xE3, 0xF7,
937 0xCD, 0x77, 0xC2, 0xEA, 0x2E, 0xE4, 0xB7, 0x2B,
938 0xBA, 0x7A, 0xD1, 0x75, 0xB8, 0x28, 0x65, 0x18,
939 0xF4, 0xC6, 0xBD, 0xD0, 0x17, 0x7E, 0xEA, 0x86,
940 0x7E, 0xFC, 0x95, 0xD6, 0x4C, 0x92, 0x01, 0xC3,
941 0xFF, 0x04, 0x9B, 0xF8, 0xD6, 0xB3, 0x8F, 0x72,
942 0xEF, 0x64, 0x09, 0x61, 0xF8, 0xE4, 0x48, 0xFC,
943 0x0D, 0xEE, 0xEF, 0xA2, 0x9F, 0x3A, 0x2B, 0x1A,
944 0xFB, 0x8B, 0xA0, 0x9C, 0x11, 0x0B, 0x97, 0x75,
945 0x30, 0x7C, 0xB8, 0x9F, 0xEE, 0x3B, 0x53, 0x85,
946 0x7D, 0xE9, 0xCB, 0xC4, 0x4D, 0xD7, 0x7F, 0x59,
947 0x10, 0x72, 0x19, 0x3A, 0xC9, 0x38, 0xFE, 0xE8,
948 0xB3, 0x06, 0x55, 0x8D, 0xA2, 0x5A, 0x3D, 0x79,
949 0x67, 0x0E, 0x90, 0xC9, 0x25, 0x6D, 0x45, 0x9C,
950 0x39, 0x79, 0x5F, 0x18, 0x35, 0x9F, 0xC1, 0x49,
951 0x08, 0x6F, 0x1C, 0x47, 0x09, 0x0D, 0x49, 0x7C,
952 0x3C, 0x7B, 0xB1, 0x09, 0x92, 0x1C, 0x4E, 0x5A,
953 0xDA, 0x74, 0x9E, 0xBB, 0x55, 0x9D, 0xBB, 0x1E,
954 0x43, 0x28, 0x62, 0xAF, 0x02, 0xB0, 0x1A, 0xEA,
955 0x13, 0x0A, 0x70, 0x0F, 0x60, 0x0F, 0x62, 0xA2,
956 0x4E, 0x1F, 0xB2, 0xEA, 0x06, 0xDD, 0x18, 0x02,
957 0x6C, 0xF3, 0x82, 0xF1, 0x80, 0x7F, 0xA7, 0x2F,
958 0xCC, 0xC6, 0x18, 0xEA, 0xFF, 0x1F, 0xAD, 0xC6,
959 0xBA, 0x0C, 0x0E, 0x04, 0xB2, 0x58, 0x1D, 0xB6,
960 0x01, 0xA3, 0x97, 0xDF, 0x7D, 0x9B, 0xB5, 0x0A,
961 0xAD, 0x30, 0x2B, 0xC5, 0x67, 0x40, 0x07, 0xF1,
962 0xD5, 0x6C, 0x11, 0x10, 0xE1, 0x69, 0x30, 0xAD,
963 0x90, 0x06, 0xDB, 0xF8, 0xEA, 0x92, 0x9B, 0x39,
964 0x57, 0x38, 0x7B, 0xE4, 0xB2, 0xA2, 0x89, 0xFD,
965 0xB1, 0x6D, 0x88, 0x41, 0x62, 0x4D, 0x18, 0xB6,
966 0x3F, 0x12, 0x81, 0xDE, 0xE6, 0xDC, 0x4A, 0x31,
967 0x61, 0x26, 0xB1, 0x4B, 0x95, 0xC1, 0x69, 0xDC,
968 0xDC, 0xAC, 0xD0, 0x15, 0xFC, 0x21, 0xC5, 0x20,
969 0x5F, 0x97, 0x76, 0x41, 0xC1, 0xF2, 0xD7, 0x95,
970 0x1D, 0x25, 0x23, 0x36, 0x86, 0xFA, 0x7E, 0xF4,
971 0x14, 0x9F, 0x9D, 0x9F, 0xB2, 0xBB, 0x25, 0x1D,
972 0xD5, 0x7A, 0x6F, 0x9E, 0xF7, 0xEF, 0x9D, 0x63,
973 0x1E, 0xD5, 0xDE, 0x6A, 0xE6, 0x46, 0x48, 0x1F,
974 0xE1, 0x0C, 0x4D, 0x82, 0xC9, 0x19, 0x3B, 0x65,
975 0xA4, 0x06, 0x13, 0xB7, 0x04, 0xB1, 0x62, 0xF7,
976 0x08, 0xAE, 0xED, 0x42, 0x6D, 0xCC, 0x6C, 0xA6,
977 0x06, 0x06, 0x41, 0x3E, 0x0C, 0x89, 0x4C, 0xBD,
978 0x00, 0x4F, 0x0E, 0xA9, 0x72, 0x06, 0x21, 0x82,
979 0xD2, 0xB6, 0x6C, 0xB0, 0xB0, 0x01, 0x5B, 0xDD,
980 0x05, 0xCE, 0x71, 0x6E, 0x00, 0x58, 0xC7, 0xA6,
981 0x5B, 0xF6, 0xFB, 0x6B, 0x62, 0xB1, 0xE8, 0x4D,
982 0xAC, 0xC0, 0x6B, 0xF4, 0x40, 0x69, 0xEE, 0x0D,
983 0xE7, 0x82, 0x61, 0x8D, 0x35, 0x01, 0x97, 0x4E,
984 0xF2, 0xCC, 0xF5, 0x7F, 0xBF, 0xE4, 0xEC, 0x9C,
985 0xC4, 0xD2, 0xD9, 0x65, 0x78, 0x98, 0xD8, 0xB0,
986 0xFA, 0xA8, 0xFB, 0xB0, 0xCE, 0x22, 0x5D, 0x0B,
987 0x27, 0xDF, 0x0E, 0x63, 0x42, 0xFE, 0x89, 0x13,
988 0x99, 0xB2, 0x02, 0x0B, 0xF6, 0x04, 0xB6, 0xAF,
989 0x9F, 0x8C, 0xA6, 0x17, 0x0D, 0xD9, 0x5B, 0x45,
990 0xE4, 0x08, 0x53, 0x51, 0xE0, 0xD5, 0x22, 0x72,
991 0xBE, 0xAD, 0x74, 0x69, 0xB9, 0xFB, 0x91, 0xF8,
992 0xC1, 0x89, 0x28, 0x71, 0x27, 0x62, 0xB1, 0xF0,
993 0xFD, 0x78, 0xBC, 0x82, 0xFE, 0x76, 0xBE, 0x7B,
994 0x47, 0x79, 0x32, 0x71, 0xAD, 0xD6, 0x76, 0x46,
995 0xFB, 0x32, 0xE8, 0x4B, 0x98, 0x9A, 0xC6, 0x85,
996 0xF2, 0xF1, 0x8A, 0xEC, 0xC2, 0x4E, 0x9B, 0x2F,
997 0x2D, 0x6F, 0xC9, 0x9B, 0xB6, 0x14, 0x35, 0x6D,
998 0xD6, 0x5B, 0xF3, 0x02, 0x5A, 0xE5, 0xBD, 0x00,
999 0xF7, 0x6E, 0x51, 0xA7, 0xDB, 0x19, 0xAE, 0x01,
1000 0x01, 0x05, 0x94, 0x23, 0xF7, 0x5B, 0x07, 0x79,
1001 0xFF, 0x39, 0x58, 0x9C, 0x2A, 0xF7, 0x7E, 0x5D,
1002 0x81, 0xF9, 0x59, 0xFE, 0xB9, 0x9A, 0x96, 0x63,
1003 0x1F, 0x65, 0xF6, 0xF0, 0x3D, 0xEA, 0xD7, 0xC2,
1004 0x8A, 0xCF, 0xB5, 0x58, 0x74, 0x77, 0x23, 0xD6,
1005 0x72, 0x58, 0xA8, 0xAE, 0x31, 0x8A, 0x59, 0xEA,
1006 0x69, 0x14, 0x6A, 0x20, 0x78, 0x79, 0x28, 0x5A,
1007 0xE1, 0x76, 0x6F, 0xA6, 0x1A, 0x9E, 0x47, 0xD2,
1008 0xAF, 0x63, 0xF8, 0x06, 0xF6, 0xD8, 0xD5, 0x14,
1009 0xA8, 0xD1, 0xEE, 0x96, 0xCE, 0xBB, 0x8E, 0x22,
1010 0x69, 0x2F, 0x52, 0x06, 0xB6, 0x6F, 0xC8, 0x99,
1011 0x96, 0xEA, 0xC6, 0x1D, 0x96, 0x4C, 0x69, 0x95,
1012 0xFE, 0x74, 0x04, 0x3C, 0x55, 0xD9, 0x5F, 0xE0,
1013 0x41, 0x21, 0x43, 0x21, 0x5A, 0x50, 0x5D, 0x8B,
1014 0xE8, 0xB2, 0x51, 0x1B, 0x7C, 0x63, 0x50, 0xAE,
1015 0x97, 0x4F, 0xBA, 0x7D, 0xF2, 0xB6, 0xB6, 0x16,
1016 0x1D, 0x47, 0x9E, 0x19, 0x68, 0xD4, 0x6B, 0x2B,
1017 0x75, 0xCD, 0xAE, 0x65, 0x33, 0x38, 0xF6, 0x6D,
1018 0xC7, 0x3E, 0x46, 0x98, 0x9E, 0x98, 0x8B, 0x45,
1019 0x11, 0xA7, 0x12, 0x05, 0xB0, 0x01, 0xC3, 0x51,
1020 0xA0, 0xEE, 0x7C, 0x16, 0xD1, 0x42, 0x96, 0xC4,
1021 0xF0, 0x7B, 0x71, 0xCD, 0x50, 0x38, 0xA4, 0xB0,
1022 0x6E, 0x6F, 0xE0, 0xBD, 0xC4, 0xF7, 0x96, 0x2B,
1023 0xF1, 0x6D, 0x9F, 0xF3, 0x71, 0x89, 0xFA, 0xB4,
1024 0x44, 0xA4, 0x32, 0xDC, 0xB2, 0x55, 0x13, 0x31,
1025 0x83, 0x29, 0x66, 0x21, 0x3E, 0x89, 0xF8, 0x78,
1026 0x97, 0x9C, 0x64, 0xF9, 0x2C, 0x0A, 0x88, 0xBC,
1027 0xCA, 0x6F, 0x83, 0x42, 0xF6, 0xD7, 0x00, 0xC4,
1028 0x19, 0x52, 0xB0, 0x31, 0xA8, 0xBA, 0xE8, 0xD4,
1029 0xAD, 0x4B, 0x5D, 0xC0, 0x01, 0x20, 0x6C, 0xBB,
1030 0x1D, 0x9A, 0x1D, 0xD4, 0x19, 0xFD, 0x33, 0xAB,
1031 0xA0, 0x54, 0x50, 0x91, 0xE9, 0x75, 0x5C, 0x7E,
1032 0x7E, 0xB3, 0x24, 0x79, 0xAE, 0x10, 0x3C, 0xB4,
1033 0xB7, 0x0A, 0x1D, 0x86, 0xAD, 0x06, 0x95, 0xCB,
1034 0x84, 0x9B, 0x0E, 0x8B, 0x77, 0x7E, 0x3E, 0xD2,
1035 0xA6, 0xDF, 0xAD, 0x4E, 0xFB, 0x69, 0x23, 0xAC,
1036 0x7A, 0xCB, 0xAA, 0xB0, 0x22, 0xDD, 0xD2, 0xC6,
1037 0xC7, 0xAD, 0xD7, 0xDE, 0xEC, 0x6F, 0x08, 0x41,
1038 0x54, 0xD5, 0x52, 0xDC, 0x77, 0xE4, 0x72, 0xF9,
1039 0x16, 0xB1, 0xC9, 0xAF, 0xB1, 0x3B, 0x18, 0x99,
1040 0x20, 0x9F, 0x79, 0x63, 0x7B, 0x07, 0xC7, 0x35,
1041 0xDF, 0xBB, 0xCE, 0x66, 0x93, 0x1B, 0xF5, 0x82,
1042 0x25, 0x67, 0xC1, 0xF2, 0xF0, 0x89, 0x0F, 0xEF,
1043 0x84, 0x0D, 0x63, 0xB6, 0x7B, 0xD0, 0x40, 0x8E,
1044 0xDB, 0x94, 0xCC, 0x71, 0x3C, 0xDB, 0x36, 0x14,
1045 0x34, 0xFD, 0xA0, 0xB0, 0xC1, 0x45, 0x31, 0xF8,
1046 0x8D, 0xD8, 0x23, 0xB1, 0x05, 0x14, 0xA9, 0x55,
1047 0x3A, 0x1A, 0x37, 0x48, 0x68, 0x89, 0x3F, 0x15,
1048 0x25, 0xD4, 0x99, 0x53, 0x4C, 0x85, 0x98, 0x78,
1049 0x1D, 0x35, 0x4A, 0x83, 0x79, 0x9A, 0x29, 0x90,
1050 0x2B, 0x45, 0x76, 0x0C, 0x13, 0x80, 0x4A, 0xE0,
1051 0x40, 0xED, 0x6B, 0x2E, 0x2A, 0x43, 0xA9, 0x28,
1052 0xB0, 0x2F, 0x89, 0x01, 0x6B, 0x39, 0x8C, 0x5E,
1053 0x80, 0x61, 0xD9, 0xEE, 0x0F, 0x41, 0x75, 0xB5,
1054 0xAE, 0xB6, 0xC2, 0x42, 0x49, 0x8D, 0x89, 0xD8,
1055 0xF4, 0x78, 0x1D, 0x90, 0x46, 0x26, 0x4C, 0x56,
1056 0xB7, 0xC0, 0xD9, 0x98, 0x7B, 0x07, 0xA1, 0x20)
1057 }
1058 };
1059
1060 START_TEST(test_ntru_privkey)
1061 {
1062 rng_t *entropy;
1063 ntru_drbg_t *drbg;
1064 ntru_private_key_t *privkey;
1065 ntru_public_key_t *pubkey;
1066 ntru_param_set_t *params;
1067 uint32_t strength;
1068 chunk_t encoding, privkey_encoding, pubkey_encoding;
1069
1070 params = TEST_ntru_param_set_get_by_id(privkey_tests[_i].id);
1071 strength = params->sec_strength_len * BITS_PER_BYTE;
1072 entropy = test_rng_create(privkey_tests[_i].entropy);
1073 drbg = TEST_ntru_drbg_create(strength, chunk_from_str("IKE NTRU-KE"),
1074 entropy);
1075 ck_assert(drbg != NULL);
1076
1077 privkey = TEST_ntru_private_key_create(drbg, params);
1078 ck_assert(privkey);
1079
1080 privkey_encoding = privkey->get_encoding(privkey);
1081 encoding = privkey_tests[_i].encoding;
1082 ck_assert(chunk_equals(privkey_encoding, encoding));
1083
1084
1085 pubkey= privkey->get_public_key(privkey);
1086 pubkey_encoding = pubkey->get_encoding(pubkey);
1087 encoding = chunk_clone(encoding);
1088 encoding.ptr[0] = NTRU_PUBKEY_TAG;
1089 encoding.len = pubkey_encoding.len;
1090 ck_assert(chunk_equals(pubkey_encoding, encoding));
1091
1092 /* get encoding a second time without generating it again internally */
1093 pubkey_encoding = pubkey->get_encoding(pubkey);
1094
1095 chunk_free(&encoding);
1096 privkey->destroy(privkey);
1097 pubkey->destroy(pubkey);
1098 }
1099 END_TEST
1100
1101 START_TEST(test_ntru_ke)
1102 {
1103 chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
1104 diffie_hellman_t *i_ntru, *r_ntru;
1105 char buf[10];
1106 int k, n, len;
1107 status_t status;
1108
1109 k = (_i) / countof(parameter_sets);
1110 n = (_i) % countof(parameter_sets);
1111
1112 len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
1113 params[k].group);
1114 ck_assert(len == 8);
1115 ck_assert(streq(buf, params[k].group_name));
1116
1117 lib->settings->set_str(lib->settings,
1118 "libstrongswan.plugins.ntru.parameter_set", parameter_sets[n]);
1119
1120 i_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1121 ck_assert(i_ntru != NULL);
1122 ck_assert(i_ntru->get_dh_group(i_ntru) == params[k].group);
1123
1124 i_ntru->get_my_public_value(i_ntru, &pub_key);
1125 ck_assert(pub_key.len > 0);
1126
1127 r_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1128 ck_assert(r_ntru != NULL);
1129
1130 r_ntru->set_other_public_value(r_ntru, pub_key);
1131 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1132 ck_assert(cipher_text.len > 0);
1133
1134 status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret);
1135 ck_assert(status == SUCCESS);
1136 ck_assert(r_shared_secret.len > 0);
1137
1138 i_ntru->set_other_public_value(i_ntru, cipher_text);
1139 status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret);
1140 ck_assert(status == SUCCESS);
1141 ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
1142
1143 chunk_clear(&i_shared_secret);
1144 chunk_clear(&r_shared_secret);
1145 chunk_free(&pub_key);
1146 chunk_free(&cipher_text);
1147 i_ntru->destroy(i_ntru);
1148 r_ntru->destroy(r_ntru);
1149 }
1150 END_TEST
1151
1152 START_TEST(test_ntru_retransmission)
1153 {
1154 diffie_hellman_t *i_ntru;
1155 chunk_t pub_key1, pub_key2;
1156
1157 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
1158 i_ntru->get_my_public_value(i_ntru, &pub_key1);
1159 i_ntru->get_my_public_value(i_ntru, &pub_key2);
1160 ck_assert(chunk_equals(pub_key1, pub_key2));
1161
1162 chunk_free(&pub_key1);
1163 chunk_free(&pub_key2);
1164 i_ntru->destroy(i_ntru);
1165 }
1166 END_TEST
1167
1168 chunk_t oid_tests[] = {
1169 { NULL, 0 },
1170 chunk_from_chars(0x00),
1171 chunk_from_chars(0x01),
1172 chunk_from_chars(0x02),
1173 chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
1174 chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
1175 chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
1176 chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
1177 };
1178
1179 START_TEST(test_ntru_pubkey_oid)
1180 {
1181 diffie_hellman_t *r_ntru;
1182 chunk_t cipher_text;
1183
1184 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1185 r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
1186 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1187 ck_assert(cipher_text.len == 0);
1188 r_ntru->destroy(r_ntru);
1189 }
1190 END_TEST
1191
1192 START_TEST(test_ntru_wrong_set)
1193 {
1194 diffie_hellman_t *i_ntru, *r_ntru;
1195 chunk_t pub_key, cipher_text;
1196
1197 lib->settings->set_str(lib->settings,
1198 "libstrongswan.plugins.ntru.parameter_set",
1199 "x9_98_bandwidth");
1200 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1201 i_ntru->get_my_public_value(i_ntru, &pub_key);
1202
1203 lib->settings->set_str(lib->settings,
1204 "libstrongswan.plugins.ntru.parameter_set",
1205 "optimum");
1206 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1207 r_ntru->set_other_public_value(r_ntru, pub_key);
1208 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1209 ck_assert(cipher_text.len == 0);
1210
1211 chunk_free(&pub_key);
1212 chunk_free(&cipher_text);
1213 i_ntru->destroy(i_ntru);
1214 r_ntru->destroy(r_ntru);
1215 }
1216 END_TEST
1217
1218 START_TEST(test_ntru_ciphertext)
1219 {
1220 char buf_00[604], buf_ff[604];
1221
1222 chunk_t test[] = {
1223 chunk_empty,
1224 chunk_from_chars(0x00),
1225 chunk_create(buf_00, sizeof(buf_00)),
1226 chunk_create(buf_ff, sizeof(buf_ff)),
1227 };
1228
1229 diffie_hellman_t *i_ntru;
1230 chunk_t pub_key, shared_secret;
1231 int i;
1232
1233 memset(buf_00, 0x00, sizeof(buf_00));
1234 memset(buf_ff, 0xff, sizeof(buf_ff));
1235
1236 for (i = 0; i < countof(test); i++)
1237 {
1238 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1239 i_ntru->get_my_public_value(i_ntru, &pub_key);
1240 i_ntru->set_other_public_value(i_ntru, test[i]);
1241 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
1242 ck_assert(shared_secret.len == 0);
1243
1244 chunk_free(&pub_key);
1245 i_ntru->destroy(i_ntru);
1246 }
1247 }
1248 END_TEST
1249
1250 START_TEST(test_ntru_wrong_ciphertext)
1251 {
1252 diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
1253 chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
1254
1255 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1256 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1257 m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1258
1259 i_ntru->get_my_public_value(i_ntru, &pub_key_i);
1260 m_ntru->get_my_public_value(m_ntru, &pub_key_m);
1261 r_ntru->set_other_public_value(r_ntru, pub_key_m);
1262 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1263 i_ntru->set_other_public_value(i_ntru, cipher_text);
1264 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
1265 ck_assert(shared_secret.len == 0);
1266
1267 chunk_free(&pub_key_i);
1268 chunk_free(&pub_key_m);
1269 chunk_free(&cipher_text);
1270 i_ntru->destroy(i_ntru);
1271 m_ntru->destroy(m_ntru);
1272 r_ntru->destroy(r_ntru);
1273 }
1274 END_TEST
1275
1276 Suite *ntru_suite_create()
1277 {
1278 Suite *s;
1279 TCase *tc;
1280
1281 s = suite_create("ntru");
1282
1283 tc = tcase_create("drbg_strength");
1284 tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
1285 suite_add_tcase(s, tc);
1286
1287 tc = tcase_create("drbg");
1288 tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
1289 suite_add_tcase(s, tc);
1290
1291 tc = tcase_create("drgb_reseed");
1292 tcase_add_test(tc, test_ntru_drbg_reseed);
1293 suite_add_tcase(s, tc);
1294
1295 tc = tcase_create("mgf1");
1296 tcase_add_loop_test(tc, test_ntru_mgf1, 0, countof(mgf1_tests));
1297 suite_add_tcase(s, tc);
1298
1299 tc = tcase_create("trits");
1300 tcase_add_loop_test(tc, test_ntru_trits, 0, countof(mgf1_tests));
1301 suite_add_tcase(s, tc);
1302
1303 tc = tcase_create("poly");
1304 tcase_add_loop_test(tc, test_ntru_poly, 0, countof(mgf1_tests));
1305 suite_add_tcase(s, tc);
1306
1307 tc = tcase_create("ring_mult");
1308 tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests));
1309 suite_add_tcase(s, tc);
1310
1311 tc = tcase_create("array");
1312 tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests));
1313 suite_add_tcase(s, tc);
1314
1315 tc = tcase_create("param_set");
1316 tcase_add_test(tc, test_ntru_param_set);
1317 suite_add_tcase(s, tc);
1318
1319 tc = tcase_create("privkey");
1320 tcase_add_loop_test(tc, test_ntru_privkey, 0, countof(privkey_tests));
1321 suite_add_tcase(s, tc);
1322
1323 tc = tcase_create("ke");
1324 tcase_add_loop_test(tc, test_ntru_ke, 0,
1325 countof(params) * countof(parameter_sets));
1326 suite_add_tcase(s, tc);
1327
1328 tc = tcase_create("retransmission");
1329 tcase_add_test(tc, test_ntru_retransmission);
1330 suite_add_tcase(s, tc);
1331
1332 tc = tcase_create("pubkey_oid");
1333 tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
1334 suite_add_tcase(s, tc);
1335
1336 tc = tcase_create("wrong_set");
1337 tcase_add_test(tc, test_ntru_wrong_set);
1338 suite_add_tcase(s, tc);
1339
1340 tc = tcase_create("ciphertext");
1341 tcase_add_test(tc, test_ntru_ciphertext);
1342 suite_add_tcase(s, tc);
1343
1344 tc = tcase_create("wrong_ciphertext");
1345 tcase_add_test(tc, test_ntru_wrong_ciphertext);
1346 suite_add_tcase(s, tc);
1347 return s;
1348 }