Added DRBG automatic reseeding tests
[strongswan.git] / src / libstrongswan / tests / suites / test_ntru.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <plugins/ntru/ntru_drbg.h>
19 #include <plugins/ntru/ntru_test_rng.h>
20
21 /**
22 * NTRU parameter sets to test
23 */
24 static struct {
25 diffie_hellman_group_t group;
26 char *group_name;
27 } params[] = {
28 { NTRU_112_BIT, "NTRU_112" },
29 { NTRU_128_BIT, "NTRU_128" },
30 { NTRU_192_BIT, "NTRU_192" },
31 { NTRU_256_BIT, "NTRU_256" }
32 };
33
34 /**
35 * NTRU parameter set selection
36 */
37 char *parameter_sets[] = {
38 "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
39 };
40
41 START_TEST(test_ntru_test_rng)
42 {
43 rng_t *entropy;
44 chunk_t in, in1, in2, out;
45
46 in1 = chunk_from_chars(0x01, 0x02, 0x03, 0x04, 0x05, 0x06);
47 in2 = chunk_from_chars(0x07, 0x08);
48 in = chunk_cat("cc", in1, in2);
49
50 entropy = ntru_test_rng_create(in);
51 ck_assert(entropy->allocate_bytes(entropy, 6, &out));
52 ck_assert(chunk_equals(in1, out));
53 ck_assert(entropy->get_bytes(entropy, 2, out.ptr));
54 ck_assert(memeq(in2.ptr, out.ptr, in2.len));
55 ck_assert(!entropy->get_bytes(entropy, 4, out.ptr));
56 chunk_free(&out);
57 ck_assert(!entropy->allocate_bytes(entropy, 4, &out));
58 entropy->destroy(entropy);
59 chunk_free(&in);
60 }
61 END_TEST
62
63 typedef struct {
64 u_int32_t requested;
65 u_int32_t standard;
66 }strength_t;
67
68 strength_t strengths[] = {
69 { 80, 112 },
70 { 112, 112 },
71 { 120, 128 },
72 { 128, 128 },
73 { 150, 192 },
74 { 192, 192 },
75 { 200, 256 },
76 { 256, 256 },
77 { 512, 0 }
78 };
79
80 START_TEST(test_ntru_drbg_strength)
81 {
82 ntru_drbg_t *drbg;
83 rng_t *entropy;
84
85 entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
86 ck_assert(entropy != NULL);
87
88 drbg = ntru_drbg_create(strengths[_i].requested, chunk_empty, entropy);
89 if (strengths[_i].standard)
90 {
91 ck_assert(drbg != NULL);
92 ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
93 drbg->destroy(drbg);
94 }
95 else
96 {
97 ck_assert(drbg == NULL);
98 }
99 entropy->destroy(entropy);
100 }
101 END_TEST
102
103 typedef struct {
104 chunk_t pers_str;
105 chunk_t entropy;
106 chunk_t out;
107 } drbg_test_t;
108
109 /**
110 * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
111 */
112 drbg_test_t drbg_tests[] = {
113 /* SHA-256 test case 1 - count 0 */
114 { { NULL, 0 },
115 chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
116 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
117 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
118 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
119 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
120 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
121 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
122 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
123 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
124 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
125 chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
126 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
127 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
128 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
129 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
130 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
131 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
132 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
133 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
134 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
135 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
136 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
137 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
138 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
139 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
140 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
141 },
142 /* SHA-256 test case 3 - count 0 */
143 { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
144 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
145 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
146 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
147 chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
148 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
149 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
150 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
151 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
152 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
153 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
154 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
155 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
156 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
157 chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
158 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
159 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
160 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
161 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
162 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
163 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
164 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
165 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
166 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
167 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
168 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
169 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
170 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
171 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
172 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
173 },
174 /* SHA-256 test case 5 - count 0 */
175 { { NULL, 0 },
176 chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
177 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
178 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
179 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
180 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
181 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
182 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
183 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
184 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
185 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
186 chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
187 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
188 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
189 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
190 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
191 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
192 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
193 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
194 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
195 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
196 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
197 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
198 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
199 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
200 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
201 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
202 },
203 /* SHA-256 test case 7 - count 0 */
204 { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
205 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
206 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
207 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
208 chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
209 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
210 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
211 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
212 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
213 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
214 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
215 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
216 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
217 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
218 chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
219 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
220 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
221 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
222 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
223 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
224 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
225 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
226 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
227 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
228 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
229 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
230 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
231 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
232 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
233 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
234 }
235 };
236
237 START_TEST(test_ntru_drbg)
238 {
239 ntru_drbg_t *drbg;
240 rng_t *entropy;
241 chunk_t out;
242
243 out = chunk_alloc(128);
244 entropy = ntru_test_rng_create(drbg_tests[_i].entropy);
245 drbg = ntru_drbg_create(256, drbg_tests[_i].pers_str, entropy);
246 ck_assert(drbg != NULL);
247 ck_assert(drbg->reseed(drbg));
248 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
249 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
250 ck_assert(chunk_equals(out, drbg_tests[_i].out));
251 drbg->destroy(drbg);
252 entropy->destroy(entropy);
253 chunk_free(&out);
254 }
255 END_TEST
256
257 START_TEST(test_ntru_drbg_reseed)
258 {
259 ntru_drbg_t *drbg;
260 rng_t *entropy;
261 chunk_t out;
262
263 lib->settings->set_int(lib->settings,
264 "libstrongswan.plugins.ntru.max_drbg_requests", 2);
265 out = chunk_alloc(128);
266 entropy = ntru_test_rng_create(drbg_tests[0].entropy);
267 drbg = ntru_drbg_create(256, chunk_empty, entropy);
268
269 /* bad output parameters */
270 ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
271 ck_assert(!drbg->generate(drbg, 256, 128, NULL));
272
273 /* no reseeding occurs */
274 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
275 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
276
277 /* consuming remaining entropy */
278 ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
279
280 /* no entropy available for automatic reseeding */
281 ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
282 drbg->destroy(drbg);
283
284 /* no entropy available for DRBG instantiation */
285 drbg = ntru_drbg_create(256, chunk_empty, entropy);
286 ck_assert(drbg == NULL);
287 entropy->destroy(entropy);
288
289 /* one automatic reseeding occurs */
290 entropy = ntru_test_rng_create(drbg_tests[0].entropy);
291 drbg = ntru_drbg_create(256, chunk_empty, entropy);
292 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
293 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
294 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
295
296 /* no entropy left */
297 ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
298
299 drbg->destroy(drbg);
300 entropy->destroy(entropy);
301 chunk_free(&out);
302 lib->settings->set_int(lib->settings,
303 "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
304 }
305 END_TEST
306
307 START_TEST(test_ntru_ke)
308 {
309 chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
310 diffie_hellman_t *i_ntru, *r_ntru;
311 char buf[10];
312 int n, len;
313 status_t status;
314
315 len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
316 params[_i].group);
317 ck_assert(len == 8);
318 ck_assert(streq(buf, params[_i].group_name));
319
320 for (n = 0; n < countof(parameter_sets); n++)
321 {
322 lib->settings->set_str(lib->settings,
323 "libstrongswan.plugins.ntru.parameter_set",
324 parameter_sets[n]);
325
326 i_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
327 ck_assert(i_ntru != NULL);
328 ck_assert(i_ntru->get_dh_group(i_ntru) == params[_i].group);
329
330 i_ntru->get_my_public_value(i_ntru, &pub_key);
331 ck_assert(pub_key.len > 0);
332
333 r_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
334 ck_assert(r_ntru != NULL);
335
336 r_ntru->set_other_public_value(r_ntru, pub_key);
337 r_ntru->get_my_public_value(r_ntru, &cipher_text);
338 ck_assert(cipher_text.len > 0);
339
340 status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret);
341 ck_assert(status == SUCCESS);
342 ck_assert(r_shared_secret.len > 0);
343
344 i_ntru->set_other_public_value(i_ntru, cipher_text);
345 status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret);
346
347 if (status == SUCCESS)
348 {
349 ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
350 }
351 else
352 {
353 ck_assert(i_shared_secret.len == 0);
354 }
355
356 chunk_clear(&i_shared_secret);
357 chunk_clear(&r_shared_secret);
358 chunk_free(&pub_key);
359 chunk_free(&cipher_text);
360 i_ntru->destroy(i_ntru);
361 r_ntru->destroy(r_ntru);
362 }
363 }
364 END_TEST
365
366 START_TEST(test_ntru_retransmission)
367 {
368 diffie_hellman_t *i_ntru;
369 chunk_t pub_key1, pub_key2;
370
371 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
372 i_ntru->get_my_public_value(i_ntru, &pub_key1);
373 i_ntru->get_my_public_value(i_ntru, &pub_key2);
374 ck_assert(chunk_equals(pub_key1, pub_key2));
375
376 chunk_free(&pub_key1);
377 chunk_free(&pub_key2);
378 i_ntru->destroy(i_ntru);
379 }
380 END_TEST
381
382 chunk_t oid_tests[] = {
383 { NULL, 0 },
384 chunk_from_chars(0x00),
385 chunk_from_chars(0x01),
386 chunk_from_chars(0x02),
387 chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
388 chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
389 chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
390 chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
391 };
392
393 START_TEST(test_ntru_pubkey_oid)
394 {
395 diffie_hellman_t *r_ntru;
396 chunk_t cipher_text;
397
398 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
399 r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
400 r_ntru->get_my_public_value(r_ntru, &cipher_text);
401 ck_assert(cipher_text.len == 0);
402 r_ntru->destroy(r_ntru);
403 }
404 END_TEST
405
406 START_TEST(test_ntru_wrong_set)
407 {
408 diffie_hellman_t *i_ntru, *r_ntru;
409 chunk_t pub_key, cipher_text;
410
411 lib->settings->set_str(lib->settings,
412 "libstrongswan.plugins.ntru.parameter_set",
413 "x9_98_bandwidth");
414 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
415 i_ntru->get_my_public_value(i_ntru, &pub_key);
416
417 lib->settings->set_str(lib->settings,
418 "libstrongswan.plugins.ntru.parameter_set",
419 "optimum");
420 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
421 r_ntru->set_other_public_value(r_ntru, pub_key);
422 r_ntru->get_my_public_value(r_ntru, &cipher_text);
423 ck_assert(cipher_text.len == 0);
424
425 chunk_free(&pub_key);
426 chunk_free(&cipher_text);
427 i_ntru->destroy(i_ntru);
428 r_ntru->destroy(r_ntru);
429 }
430 END_TEST
431
432 START_TEST(test_ntru_ciphertext)
433 {
434 char buf_00[604], buf_ff[604];
435
436 chunk_t test[] = {
437 chunk_empty,
438 chunk_from_chars(0x00),
439 chunk_create(buf_00, sizeof(buf_00)),
440 chunk_create(buf_ff, sizeof(buf_ff)),
441 };
442
443 diffie_hellman_t *i_ntru;
444 chunk_t pub_key, shared_secret;
445 int i;
446
447 memset(buf_00, 0x00, sizeof(buf_00));
448 memset(buf_ff, 0xff, sizeof(buf_ff));
449
450 for (i = 0; i < countof(test); i++)
451 {
452 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
453 i_ntru->get_my_public_value(i_ntru, &pub_key);
454 i_ntru->set_other_public_value(i_ntru, test[i]);
455 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
456 ck_assert(shared_secret.len == 0);
457
458 chunk_free(&pub_key);
459 i_ntru->destroy(i_ntru);
460 }
461 }
462 END_TEST
463
464 START_TEST(test_ntru_wrong_ciphertext)
465 {
466 diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
467 chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
468
469 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
470 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
471 m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
472
473 i_ntru->get_my_public_value(i_ntru, &pub_key_i);
474 m_ntru->get_my_public_value(m_ntru, &pub_key_m);
475 r_ntru->set_other_public_value(r_ntru, pub_key_m);
476 r_ntru->get_my_public_value(r_ntru, &cipher_text);
477 i_ntru->set_other_public_value(i_ntru, cipher_text);
478 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
479 ck_assert(shared_secret.len == 0);
480
481 chunk_free(&pub_key_i);
482 chunk_free(&pub_key_m);
483 chunk_free(&cipher_text);
484 i_ntru->destroy(i_ntru);
485 m_ntru->destroy(m_ntru);
486 r_ntru->destroy(r_ntru);
487 }
488 END_TEST
489
490 Suite *ntru_suite_create()
491 {
492 Suite *s;
493 TCase *tc;
494
495 s = suite_create("ntru");
496
497 tc = tcase_create("test_rng");
498 tcase_add_test(tc, test_ntru_test_rng);
499 suite_add_tcase(s, tc);
500
501 tc = tcase_create("drbg_strength");
502 tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
503 suite_add_tcase(s, tc);
504
505 tc = tcase_create("drbg");
506 tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
507 suite_add_tcase(s, tc);
508
509 tc = tcase_create("drgb_reseed");
510 tcase_add_test(tc, test_ntru_drbg_reseed);
511 suite_add_tcase(s, tc);
512
513 tc = tcase_create("ke");
514 tcase_add_loop_test(tc, test_ntru_ke, 0, countof(params));
515 suite_add_tcase(s, tc);
516
517 tc = tcase_create("retransmission");
518 tcase_add_test(tc, test_ntru_retransmission);
519 suite_add_tcase(s, tc);
520
521 tc = tcase_create("pubkey_oid");
522 tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
523 suite_add_tcase(s, tc);
524
525 tc = tcase_create("wrong_set");
526 tcase_add_test(tc, test_ntru_wrong_set);
527 suite_add_tcase(s, tc);
528
529 tc = tcase_create("ciphertext");
530 tcase_add_test(tc, test_ntru_ciphertext);
531 suite_add_tcase(s, tc);
532
533 tc = tcase_create("wrong_ciphertext");
534 tcase_add_test(tc, test_ntru_wrong_ciphertext);
535 suite_add_tcase(s, tc);
536 return s;
537 }