a28b4bc58f207632dc078ad2cac3db2627f6127d
[strongswan.git] / src / libstrongswan / tests / suites / test_ntru.c
1 /*
2 * Copyright (C) 2013-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <tests/utils/test_rng.h>
19 #include <utils/test.h>
20 #include <crypto/mgf1/mgf1.h>
21 #include <plugins/ntru/ntru_drbg.h>
22 #include <plugins/ntru/ntru_trits.h>
23 #include <plugins/ntru/ntru_poly.h>
24 #include <plugins/ntru/ntru_param_set.h>
25 #include <plugins/ntru/ntru_private_key.h>
26
27 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
28 u_int32_t strength, chunk_t pers_str, rng_t *entropy)
29
30 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
31 size_t len, hash_algorithm_t alg, chunk_t seed)
32
33 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
34 hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
35 uint16_t N, uint16_t q, uint32_t indices_len_p,
36 uint32_t indices_len_m, bool is_product_form)
37
38 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
39 u_int16_t *data, uint16_t N, uint16_t q,
40 uint32_t indices_len_p, uint32_t indices_len_m,
41 bool is_product_form)
42
43 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_param_set_get_by_id, ntru_param_set_t* ,
44 ntru_param_set_id_t id)
45
46 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create, ntru_private_key_t*,
47 ntru_drbg_t *drbg, ntru_param_set_t *params)
48
49 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create_from_data, ntru_private_key_t*,
50 ntru_drbg_t *drbg, chunk_t data)
51
52 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_public_key_create_from_data, ntru_public_key_t*,
53 ntru_drbg_t *drbg, chunk_t data)
54
55 /**
56 * NTRU parameter sets to test
57 */
58 static struct {
59 diffie_hellman_group_t group;
60 char *group_name;
61 } params[] = {
62 { NTRU_112_BIT, "NTRU_112" },
63 { NTRU_128_BIT, "NTRU_128" },
64 { NTRU_192_BIT, "NTRU_192" },
65 { NTRU_256_BIT, "NTRU_256" }
66 };
67
68 /**
69 * NTRU parameter set selection
70 */
71 char *parameter_sets[] = {
72 "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
73 };
74
75 typedef struct {
76 u_int32_t requested;
77 u_int32_t standard;
78 }strength_t;
79
80 strength_t strengths[] = {
81 { 80, 112 },
82 { 112, 112 },
83 { 120, 128 },
84 { 128, 128 },
85 { 150, 192 },
86 { 192, 192 },
87 { 200, 256 },
88 { 256, 256 },
89 { 512, 0 }
90 };
91
92 START_TEST(test_ntru_drbg_strength)
93 {
94 ntru_drbg_t *drbg;
95 rng_t *entropy;
96
97 entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
98 ck_assert(entropy != NULL);
99
100 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, strengths[_i].requested,
101 chunk_empty, entropy);
102 if (strengths[_i].standard)
103 {
104 ck_assert(drbg != NULL);
105 ck_assert(drbg->get_strength(drbg) == strengths[_i].standard);
106 drbg->destroy(drbg);
107 }
108 else
109 {
110 ck_assert(drbg == NULL);
111 }
112 entropy->destroy(entropy);
113 }
114 END_TEST
115
116 typedef struct {
117 chunk_t pers_str;
118 chunk_t entropy;
119 chunk_t out;
120 } drbg_test_t;
121
122 /**
123 * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS)
124 */
125 drbg_test_t drbg_tests[] = {
126 /* SHA-256 test case 1 - count 0 */
127 { { NULL, 0 },
128 chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39,
129 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11,
130 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf,
131 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d,
132 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a,
133 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf,
134 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8,
135 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7,
136 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0,
137 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52),
138 chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc,
139 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a,
140 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb,
141 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb,
142 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20,
143 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51,
144 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23,
145 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42,
146 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e,
147 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0,
148 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f,
149 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54,
150 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b,
151 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6,
152 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e,
153 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24)
154 },
155 /* SHA-256 test case 3 - count 0 */
156 { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59,
157 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31,
158 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa,
159 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c),
160 chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90,
161 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64,
162 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6,
163 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40,
164 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb,
165 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5,
166 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa,
167 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f,
168 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41,
169 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6),
170 chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20,
171 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a,
172 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a,
173 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b,
174 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02,
175 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c,
176 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40,
177 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93,
178 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f,
179 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8,
180 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb,
181 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0,
182 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6,
183 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed,
184 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42,
185 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe)
186 },
187 /* SHA-256 test case 5 - count 0 */
188 { { NULL, 0 },
189 chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47,
190 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a,
191 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85,
192 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a,
193 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19,
194 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b,
195 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44,
196 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16,
197 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b,
198 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89),
199 chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2,
200 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4,
201 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b,
202 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77,
203 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47,
204 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00,
205 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a,
206 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78,
207 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b,
208 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1,
209 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d,
210 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf,
211 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38,
212 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5,
213 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32,
214 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74)
215 },
216 /* SHA-256 test case 7 - count 0 */
217 { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0,
218 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d,
219 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46,
220 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2),
221 chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8,
222 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00,
223 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08,
224 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5,
225 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55,
226 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4,
227 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc,
228 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96,
229 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d,
230 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86),
231 chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea,
232 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53,
233 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52,
234 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a,
235 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b,
236 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae,
237 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6,
238 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53,
239 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91,
240 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a,
241 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98,
242 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca,
243 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39,
244 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57,
245 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a,
246 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25)
247 }
248 };
249
250 START_TEST(test_ntru_drbg)
251 {
252 ntru_drbg_t *drbg;
253 rng_t *entropy;
254 chunk_t out;
255
256 out = chunk_alloc(128);
257 entropy = test_rng_create(drbg_tests[_i].entropy);
258 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, drbg_tests[_i].pers_str,
259 entropy);
260 ck_assert(drbg != NULL);
261 ck_assert(drbg->reseed(drbg));
262 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
263 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
264 ck_assert(chunk_equals(out, drbg_tests[_i].out));
265 drbg->destroy(drbg);
266 entropy->destroy(entropy);
267 chunk_free(&out);
268 }
269 END_TEST
270
271 START_TEST(test_ntru_drbg_reseed)
272 {
273 ntru_drbg_t *drbg;
274 rng_t *entropy;
275 chunk_t out;
276
277 lib->settings->set_int(lib->settings,
278 "libstrongswan.plugins.ntru.max_drbg_requests", 2);
279 out = chunk_alloc(128);
280 entropy = test_rng_create(drbg_tests[0].entropy);
281 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy);
282
283 /* bad output parameters */
284 ck_assert(!drbg->generate(drbg, 256, 0, out.ptr));
285 ck_assert(!drbg->generate(drbg, 256, 128, NULL));
286
287 /* no reseeding occurs */
288 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
289 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
290
291 /* consuming remaining entropy */
292 ck_assert(entropy->get_bytes(entropy, 32, out.ptr));
293
294 /* no entropy available for automatic reseeding */
295 ck_assert(!drbg->generate(drbg, 256, 128, out.ptr));
296 drbg->destroy(drbg);
297
298 /* no entropy available for DRBG instantiation */
299 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy);
300 ck_assert(drbg == NULL);
301 entropy->destroy(entropy);
302
303 /* one automatic reseeding occurs */
304 entropy = test_rng_create(drbg_tests[0].entropy);
305 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy);
306 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
307 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
308 ck_assert(drbg->generate(drbg, 256, 128, out.ptr));
309
310 /* no entropy left */
311 ck_assert(!entropy->get_bytes(entropy, 32, out.ptr));
312
313 drbg->destroy(drbg);
314 entropy->destroy(entropy);
315 chunk_free(&out);
316 lib->settings->set_int(lib->settings,
317 "libstrongswan.plugins.ntru.max_drbg_requests", 2000);
318 }
319 END_TEST
320
321 typedef struct {
322 uint8_t c_bits;
323 uint16_t N;
324 uint16_t q;
325 bool is_product_form;
326 uint32_t indices_len;
327 uint32_t indices_size;
328 uint16_t *indices;
329 } poly_test_t;
330
331 typedef struct {
332 hash_algorithm_t alg;
333 size_t hash_size;
334 size_t seed_len;
335 chunk_t seed;
336 chunk_t trits;
337 poly_test_t poly_test[2];
338 } trits_test_t;
339
340 uint16_t indices_ees439ep1[] = {
341 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150,
342 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315,
343 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336
344 };
345
346 uint16_t indices_ees613ep1[] = {
347 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395,
348 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94,
349 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
350 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388,
351 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
352 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
353 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297,
354 283, 268, 54, 539, 5
355 };
356
357 uint16_t indices_ees743ep1[] = {
358 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520,
359 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291,
360 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
361 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
362 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
363 };
364
365 uint16_t indices_ees1171ep1[] = {
366 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568,
367 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133,
368 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173,
369 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
370 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
371 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
372 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213,
373 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
374 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940,
375 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
376 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
377 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
378 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547,
379 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
380 536, 191
381 };
382
383 /**
384 * Trits and Polynomial Test Vectors
385 */
386 static trits_test_t trits_tests[] = {
387 { HASH_SHA1, 20, 24,
388 chunk_from_chars(
389 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
390 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
391 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
392 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
393 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
394 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
395 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
396 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
397 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
398 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
399 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
400 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
401 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
402 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
403 chunk_from_chars(
404 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1,
405 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0,
406 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0,
407 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1,
408 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1,
409 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2,
410 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1,
411 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1,
412 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1,
413 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0,
414 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2,
415 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2,
416 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2,
417 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1,
418 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1,
419 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1,
420 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1,
421 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0,
422 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1,
423 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0,
424 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
425 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
426 {
427 { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
428 countof(indices_ees439ep1), indices_ees439ep1
429 },
430 { 11, 613, 2048, FALSE, 55,
431 countof(indices_ees613ep1), indices_ees613ep1
432 }
433 }
434 },
435 { HASH_SHA256, 32, 40,
436 chunk_from_chars(
437 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
438 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
439 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
440 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
441 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
442 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
443 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
444 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
445 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
446 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
447 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
448 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
449 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
450 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
451 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
452 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
453 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
454 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
455 0x54, 0xEE, 0x20, 0xF0, 0x80),
456 chunk_from_chars(
457 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0,
458 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1,
459 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1,
460 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0,
461 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2,
462 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0,
463 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1,
464 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2,
465 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0,
466 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2,
467 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0,
468 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1,
469 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0,
470 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0,
471 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0,
472 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2,
473 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0,
474 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0,
475 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1,
476 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0,
477 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0,
478 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0,
479 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2,
480 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2,
481 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0,
482 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0,
483 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1,
484 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1,
485 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
486 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
487 {
488 { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
489 countof(indices_ees743ep1), indices_ees743ep1
490 },
491 { 12, 1171, 2048, FALSE, 106,
492 countof(indices_ees1171ep1), indices_ees1171ep1
493 }
494 }
495 }
496 };
497
498 START_TEST(test_ntru_trits)
499 {
500 ntru_trits_t *mask;
501 chunk_t trits;
502
503 mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
504 HASH_UNKNOWN, trits_tests[_i].seed);
505 ck_assert(mask == NULL);
506
507 mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
508 trits_tests[_i].alg, chunk_empty);
509 ck_assert(mask == NULL);
510
511 mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
512 trits_tests[_i].alg, trits_tests[_i].seed);
513 ck_assert(mask);
514
515 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
516 ck_assert(chunk_equals(trits, trits_tests[_i].trits));
517 mask->destroy(mask);
518
519 /* generate a multiple of 5 trits */
520 mask = TEST_FUNCTION(ntru, ntru_trits_create, 10, trits_tests[_i].alg,
521 trits_tests[_i].seed);
522 ck_assert(mask);
523
524 trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
525 ck_assert(chunk_equals(trits, chunk_create(trits_tests[_i].trits.ptr, 10)));
526 mask->destroy(mask);
527 }
528 END_TEST
529
530 START_TEST(test_ntru_poly)
531 {
532 ntru_poly_t *poly;
533 uint16_t *indices;
534 chunk_t seed;
535 poly_test_t *p;
536 int j, n;
537
538 seed = trits_tests[_i].seed;
539 seed.len = trits_tests[_i].seed_len;
540
541 p = &trits_tests[_i].poly_test[0];
542 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed,
543 p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
544 p->is_product_form);
545 ck_assert(poly == NULL);
546
547 for (n = 0; n < 2; n++)
548 {
549 p = &trits_tests[_i].poly_test[n];
550 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed,
551 trits_tests[_i].alg, seed, p->c_bits, p->N, p->q,
552 p->indices_len, p->indices_len, p->is_product_form);
553 ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
554
555 indices = poly->get_indices(poly);
556 for (j = 0; j < p->indices_size; j++)
557 {
558 ck_assert(indices[j] == p->indices[j]);
559 }
560 poly->destroy(poly);
561 }
562 }
563 END_TEST
564
565 typedef struct {
566 uint16_t N;
567 uint16_t q;
568 bool is_product_form;
569 uint32_t indices_len_p;
570 uint32_t indices_len_m;
571 uint16_t *indices;
572 uint16_t *a;
573 uint16_t *c;
574 } ring_mult_test_t;
575
576 uint16_t t1_indices[] = { 1, 6, 5, 3 };
577
578 uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 };
579 uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 };
580
581 uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 };
582 uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 };
583
584 uint16_t t3_a[] = { 4, 0, 0, 0, 0, 0, 0 };
585 uint16_t t3_c[] = { 0, 4, 0, 4, 0, 4, 4 };
586
587 uint16_t t4_a[] = { 0, 6, 0, 0, 0, 0, 0 };
588 uint16_t t4_c[] = { 6, 0, 6, 0, 2, 0, 2 };
589
590 uint16_t t5_a[] = { 4, 6, 0, 0, 0, 0, 0 };
591 uint16_t t5_c[] = { 6, 4, 6, 4, 2, 4, 6 };
592
593 uint16_t t6_a[] = { 0, 0, 3, 0, 0, 0, 0 };
594 uint16_t t6_c[] = { 5, 3, 0, 3, 0, 5, 0 };
595
596 uint16_t t7_a[] = { 4, 6, 3, 0, 0, 0, 0 };
597 uint16_t t7_c[] = { 3, 7, 6, 7, 2, 1, 6 };
598
599 uint16_t t8_a[] = { 0, 0, 0, 7, 0, 0, 0 };
600 uint16_t t8_c[] = { 0, 1, 7, 0, 7, 0, 1 };
601
602 uint16_t t9_a[] = { 4, 6, 3, 7, 0, 0, 0 };
603 uint16_t t9_c[] = { 3, 0, 5, 7, 1, 1, 7 };
604
605 uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 };
606 uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 };
607
608 uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 };
609 uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 };
610
611 uint16_t t2_indices[] = { 1, 6, 5, 2, 3 };
612
613 uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 };
614 uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 };
615 uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 };
616 uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 };
617 uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 };
618
619 uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 };
620
621 uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
622 uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 };
623
624 ring_mult_test_t ring_mult_tests[] = {
625 { 7, 8, FALSE, 2, 2, t1_indices, t1_a, t1_c },
626 { 7, 8, FALSE, 2, 2, t1_indices, t2_a, t2_c },
627 { 7, 8, FALSE, 2, 2, t1_indices, t3_a, t3_c },
628 { 7, 8, FALSE, 2, 2, t1_indices, t4_a, t4_c },
629 { 7, 8, FALSE, 2, 2, t1_indices, t5_a, t5_c },
630 { 7, 8, FALSE, 2, 2, t1_indices, t6_a, t6_c },
631 { 7, 8, FALSE, 2, 2, t1_indices, t7_a, t7_c },
632 { 7, 8, FALSE, 2, 2, t1_indices, t8_a, t8_c },
633 { 7, 8, FALSE, 2, 2, t1_indices, t9_a, t9_c },
634 { 7, 8, FALSE, 2, 2, t1_indices, t10_a, t10_c },
635 { 7, 8, FALSE, 2, 2, t1_indices, t11_a, t11_c },
636 { 7, 8, FALSE, 3, 2, t2_indices, t1_a, t12_c },
637 { 7, 8, FALSE, 2, 3, t2_indices, t1_a, t13_c },
638 { 7, 32, FALSE, 2, 2, t1_indices, t1_a, t14_c },
639 { 7, 2048, FALSE, 2, 2, t1_indices, t2_a, t15_c },
640 { 7, 32768, FALSE, 2, 2, t1_indices, t2_a, t16_c },
641 { 11, 8, TRUE, 197121, 197121, t3_indices, t17_a, t17_c },
642 };
643
644 START_TEST(test_ntru_ring_mult)
645 {
646 ntru_poly_t *poly;
647 ring_mult_test_t *t;
648 uint16_t *c;
649 int i;
650
651 t = &ring_mult_tests[_i];
652 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_data, t->indices, t->N,
653 t->q, t->indices_len_p, t->indices_len_m,
654 t->is_product_form);
655 ck_assert(poly != NULL);
656
657 c = malloc(t->N * sizeof(uint16_t));
658 poly->ring_mult(poly, t->a, c);
659
660 for (i = 0; i < t->N; i++)
661 {
662 ck_assert(c[i] == t->c[i]);
663 }
664
665 free(c);
666 poly->destroy(poly);
667 }
668 END_TEST
669
670 int array_tests[] = { 0, 11, 12, 16 };
671
672 START_TEST(test_ntru_array)
673 {
674 ntru_poly_t *poly;
675 ring_mult_test_t *t;
676 uint16_t *c;
677 int i;
678
679 t = &ring_mult_tests[array_tests[_i]];
680
681 poly = TEST_FUNCTION(ntru, ntru_poly_create_from_data, t->indices, t->N,
682 t->q, t->indices_len_p, t->indices_len_m,
683 t->is_product_form);
684 ck_assert(poly != NULL);
685
686 c = malloc(t->N * sizeof(uint16_t));
687 poly->get_array(poly, c);
688
689 for (i = 0; i < t->N; i++)
690 {
691 ck_assert(c[i] == t->c[i]);
692 }
693
694 free(c);
695 poly->destroy(poly);
696 }
697 END_TEST
698
699 START_TEST(test_ntru_param_set)
700 {
701 ck_assert(TEST_FUNCTION(ntru, ntru_param_set_get_by_id, -1) == NULL);
702 ck_assert(TEST_FUNCTION(ntru, ntru_param_set_get_by_id, 16) == NULL);
703 }
704 END_TEST
705
706 typedef struct {
707 ntru_param_set_id_t id;
708 chunk_t entropy;
709 chunk_t encoding;
710 } privkey_test_t;
711
712 privkey_test_t privkey_tests[] = {
713 {
714 NTRU_EES401EP1,
715 chunk_from_chars(
716 0x0C, 0x2F, 0x24, 0xE1, 0xA4, 0x81, 0x26, 0xA2,
717 0x6C, 0xEA, 0xCD, 0x1A, 0xF3, 0xEB, 0x3D, 0xBF,
718 0xEA, 0xAE, 0xC3, 0x0D, 0xC1),
719 chunk_from_chars(
720 0x02, 0x03, 0x00, 0x02, 0x04, 0x3E, 0xF3, 0xCB,
721 0x7A, 0x58, 0x13, 0x75, 0xBB, 0x87, 0xF5, 0xBF,
722 0x2E, 0x18, 0xAE, 0x03, 0xAF, 0xB8, 0x33, 0x85,
723 0xD8, 0xBF, 0x8A, 0xB5, 0x8C, 0xA6, 0xDF, 0x03,
724 0x90, 0x1E, 0xE4, 0x83, 0xA4, 0x95, 0x40, 0xB5,
725 0x08, 0x92, 0x29, 0xD8, 0x83, 0xA8, 0x42, 0xB2,
726 0x69, 0xC2, 0x00, 0x8B, 0xAE, 0x80, 0x00, 0x4F,
727 0x3D, 0xDD, 0xFB, 0xDB, 0x9A, 0xD8, 0x0F, 0xFF,
728 0xBC, 0x21, 0xD5, 0xE6, 0x04, 0x9C, 0xDD, 0x3B,
729 0x2D, 0x16, 0x4B, 0xC7, 0x3D, 0xBE, 0xDE, 0xBB,
730 0x6F, 0xF4, 0x8A, 0x31, 0xCD, 0x23, 0x19, 0xC2,
731 0x3C, 0xE1, 0xE2, 0xEE, 0xE4, 0xE7, 0x2E, 0xFC,
732 0x5C, 0xDD, 0xAD, 0x0C, 0x9D, 0x98, 0xC5, 0x18,
733 0x2A, 0x80, 0x21, 0x93, 0x61, 0xC4, 0x9A, 0x16,
734 0xE8, 0x9B, 0xF7, 0x3B, 0x6D, 0x06, 0x91, 0x9E,
735 0x71, 0x59, 0xBE, 0x8E, 0x65, 0x61, 0xB2, 0x69,
736 0x9C, 0x82, 0x58, 0x0D, 0x63, 0x7A, 0x1F, 0x2A,
737 0x1C, 0x2C, 0x92, 0x8C, 0x8D, 0xCA, 0x2B, 0x45,
738 0x24, 0x79, 0xDB, 0x7F, 0x1D, 0x2F, 0xAB, 0x88,
739 0x8C, 0x1D, 0xE3, 0x15, 0x8F, 0xCD, 0x46, 0x8C,
740 0x45, 0x20, 0x88, 0x1C, 0x17, 0xE0, 0xE5, 0x89,
741 0xF4, 0x60, 0x56, 0x3C, 0x6B, 0x9F, 0x2A, 0xD9,
742 0xD0, 0xAE, 0x3B, 0xB6, 0xC2, 0xB7, 0x58, 0xC6,
743 0x6E, 0x09, 0x36, 0x21, 0x0B, 0xDD, 0xE9, 0x52,
744 0x33, 0x27, 0x39, 0xC8, 0x51, 0x59, 0x69, 0x25,
745 0xC6, 0x3D, 0x19, 0x5C, 0x5E, 0x74, 0xD0, 0x62,
746 0xD9, 0x26, 0x90, 0xC7, 0x64, 0x92, 0xA8, 0x72,
747 0xD1, 0x77, 0x1F, 0x78, 0xC5, 0x11, 0xBD, 0x5D,
748 0x3C, 0x1B, 0x1F, 0x8B, 0x5B, 0xE4, 0x5D, 0xA1,
749 0x27, 0x6D, 0x20, 0x24, 0x32, 0x53, 0xF3, 0xB0,
750 0xE6, 0x71, 0x61, 0xCC, 0xFC, 0x4A, 0x06, 0xDA,
751 0xBE, 0xD7, 0x9F, 0x2F, 0xEB, 0x44, 0xD0, 0x8A,
752 0x7D, 0x8E, 0x82, 0xF5, 0x84, 0xCF, 0x8E, 0xE5,
753 0x4B, 0xA4, 0x30, 0x77, 0xBD, 0x14, 0xB9, 0x75,
754 0x02, 0x68, 0xDF, 0x71, 0x89, 0x81, 0xF2, 0x95,
755 0xC3, 0x67, 0x6E, 0x37, 0xE4, 0xD0, 0xC9, 0x1E,
756 0x02, 0xDE, 0x2D, 0x79, 0x99, 0xE8, 0x7D, 0x5C,
757 0x99, 0xF2, 0x1A, 0xDE, 0x12, 0x9B, 0xD1, 0x83,
758 0x9B, 0x01, 0xD3, 0xEB, 0x2B, 0x8E, 0x9C, 0xA5,
759 0x19, 0xE8, 0x2E, 0xFE, 0x23, 0x6E, 0xAD, 0x8F,
760 0x3C, 0xAF, 0xB9, 0xE6, 0xDB, 0x07, 0xA4, 0x31,
761 0x02, 0x2B, 0x6A, 0xA0, 0xFB, 0x51, 0x6C, 0xD0,
762 0x26, 0xD5, 0xAD, 0x29, 0x65, 0x10, 0xCE, 0xF8,
763 0x84, 0x4D, 0x1E, 0x37, 0x92, 0xA2, 0xD1, 0xFA,
764 0xF6, 0xC0, 0x36, 0x4C, 0x23, 0x3A, 0x42, 0xAA,
765 0xB8, 0x0D, 0x4E, 0xD4, 0x40, 0x61, 0xD5, 0x36,
766 0x62, 0x23, 0x7C, 0x1C, 0x5E, 0xEA, 0x16, 0xAD,
767 0x4F, 0x30, 0xF9, 0x16, 0x99, 0xCE, 0xC5, 0x50,
768 0xAC, 0x8F, 0x6F, 0x98, 0xD7, 0xE3, 0x89, 0x6E,
769 0x3A, 0x12, 0xCE, 0xA7, 0xA4, 0x17, 0x74, 0xDC,
770 0xDB, 0xFA, 0xFF, 0xF9, 0x35, 0xD7, 0xF5, 0x77,
771 0x03, 0xF5, 0xBF, 0x81, 0x6C, 0x9F, 0x62, 0xA6,
772 0x8A, 0x5B, 0xA3, 0xEF, 0x9D, 0xC3, 0xF6, 0x3A,
773 0x6A, 0xC0, 0x42, 0x71, 0xAF, 0x90, 0xCA, 0x1D,
774 0x86, 0x78, 0xD7, 0x2C, 0xFE, 0xB6, 0x99, 0x15,
775 0x8C, 0x10, 0x42, 0x92, 0x2C, 0x05, 0x43, 0x92,
776 0x69, 0x05, 0x8D, 0x9E, 0xBC, 0xAB, 0x8F, 0x28,
777 0xAA, 0x4B, 0xFB, 0x25, 0xD9, 0xAD, 0x29, 0xFF,
778 0x33, 0x65, 0x14, 0xC3, 0x75, 0x1F, 0xCF, 0xFC,
779 0x20, 0x83, 0xBF, 0xB9, 0xA5, 0x4B, 0x7B, 0xD9,
780 0x07, 0x5C, 0xA1, 0xD1, 0x5A, 0x3E, 0x94, 0xF8,
781 0x03, 0xDE, 0xB8, 0x94, 0x11, 0x92, 0x80, 0x77,
782 0x57, 0x45, 0x1E, 0x6B, 0xA5, 0x15, 0xDB, 0x48,
783 0xB6, 0x9E, 0x02, 0xF1, 0x61, 0x4A, 0xAC, 0x1D,
784 0x49, 0xBC, 0xA9, 0x3F, 0x03, 0x50, 0xAC, 0x02,
785 0x8E, 0x84, 0xE0, 0x12, 0x37, 0x76, 0xBC, 0x4A,
786 0xF9, 0xC6, 0x74, 0x36, 0xFC, 0x92, 0x1D, 0x59,
787 0x0C, 0x04, 0xD2, 0x14, 0xB7, 0x11, 0xE9, 0xE2,
788 0xFE, 0x0C, 0xE1, 0xDA, 0x8B, 0xCA, 0x10, 0xA1,
789 0x60, 0xB6, 0x57, 0x51, 0x00, 0xD6, 0x5B, 0x55,
790 0x09, 0x60, 0xE8, 0x00, 0x40, 0x45, 0x56, 0xBA,
791 0x83, 0x1E, 0x36, 0x12, 0x59, 0x4B, 0x19, 0x00,
792 0x53, 0xAE, 0x62, 0xA6, 0x29, 0x39, 0xED, 0x87,
793 0x24, 0x37, 0x1E, 0x1B, 0xCF, 0x3F, 0x3A, 0x71,
794 0x31, 0xB5, 0x50, 0x8D, 0x4B, 0x53, 0x53, 0x75,
795 0x3F, 0x33, 0x39, 0x09, 0x2A, 0x78, 0xA8, 0x71,
796 0x3E, 0x63, 0xC5, 0x61, 0x73, 0xB6, 0xE1, 0x71,
797 0x16, 0xDA, 0x06, 0xBF, 0x3F, 0x22, 0x74, 0x89,
798 0x08, 0xD2, 0x05, 0x0B, 0x16, 0xC8, 0xF0, 0x17,
799 0x4E, 0xA2, 0x65, 0x67, 0x6D, 0x02)
800 },
801 {
802 NTRU_EES743EP1,
803 chunk_from_chars(
804 0x9B, 0xAB, 0x57, 0xDB, 0x2C, 0x60, 0x83, 0x48,
805 0x9F, 0xC9, 0x70, 0x8F, 0x69, 0xF7, 0xB4, 0xBB,
806 0x63, 0x5C, 0x9A, 0x63, 0x07, 0x80, 0x17, 0xD3,
807 0xCD, 0xB1, 0x57, 0x79, 0xFE, 0x8D, 0x81, 0x70,
808 0xEB, 0x50, 0xFA, 0x05, 0xFB, 0x97, 0xB2, 0xAB,
809 0x25, 0xED, 0xD8, 0x18, 0x1C, 0xFE, 0x96, 0x7D),
810 chunk_from_chars(
811 0x02, 0x03, 0x00, 0x06, 0x10, 0x14, 0x53, 0x73,
812 0x56, 0xF5, 0xA9, 0x34, 0xDE, 0xA6, 0x4D, 0x46,
813 0x05, 0x9E, 0x80, 0xAE, 0xB6, 0x74, 0x91, 0xFF,
814 0xFB, 0x48, 0xD3, 0x5C, 0x61, 0x12, 0x46, 0x02,
815 0x9F, 0x53, 0x45, 0x87, 0x47, 0xBD, 0x6B, 0x26,
816 0xF7, 0x36, 0xD3, 0x99, 0x1B, 0xD7, 0xEA, 0xA3,
817 0xA8, 0x94, 0xFF, 0x93, 0x46, 0x7C, 0x2C, 0x5F,
818 0x87, 0x8C, 0x38, 0xB3, 0x7B, 0xC6, 0x49, 0xE2,
819 0x88, 0xCA, 0x67, 0x89, 0xD0, 0x6D, 0x7C, 0xAE,
820 0x7C, 0x98, 0x84, 0xDA, 0x6B, 0x93, 0x92, 0xEF,
821 0x4A, 0xD1, 0x4A, 0xD2, 0x5B, 0x13, 0xF8, 0x59,
822 0x15, 0x2E, 0xBC, 0x70, 0x8D, 0x2D, 0xA9, 0x47,
823 0xA1, 0x99, 0x19, 0x3F, 0x67, 0xE8, 0x18, 0xA7,
824 0x17, 0x07, 0xB3, 0x14, 0xF6, 0x20, 0xA1, 0xD8,
825 0x33, 0xE8, 0x08, 0x6A, 0xC1, 0x39, 0x99, 0x08,
826 0xB4, 0x88, 0xEB, 0x48, 0x7D, 0xFB, 0xF5, 0xEF,
827 0x03, 0x0D, 0x25, 0xB7, 0x98, 0xF3, 0xF1, 0x15,
828 0x63, 0xE4, 0x0F, 0xFD, 0x54, 0x9F, 0x56, 0xE9,
829 0xD1, 0x44, 0xE5, 0x89, 0x66, 0x14, 0x91, 0x1C,
830 0xFD, 0xD6, 0xFD, 0x38, 0xAE, 0x39, 0xE3, 0xF7,
831 0xCD, 0x77, 0xC2, 0xEA, 0x2E, 0xE4, 0xB7, 0x2B,
832 0xBA, 0x7A, 0xD1, 0x75, 0xB8, 0x28, 0x65, 0x18,
833 0xF4, 0xC6, 0xBD, 0xD0, 0x17, 0x7E, 0xEA, 0x86,
834 0x7E, 0xFC, 0x95, 0xD6, 0x4C, 0x92, 0x01, 0xC3,
835 0xFF, 0x04, 0x9B, 0xF8, 0xD6, 0xB3, 0x8F, 0x72,
836 0xEF, 0x64, 0x09, 0x61, 0xF8, 0xE4, 0x48, 0xFC,
837 0x0D, 0xEE, 0xEF, 0xA2, 0x9F, 0x3A, 0x2B, 0x1A,
838 0xFB, 0x8B, 0xA0, 0x9C, 0x11, 0x0B, 0x97, 0x75,
839 0x30, 0x7C, 0xB8, 0x9F, 0xEE, 0x3B, 0x53, 0x85,
840 0x7D, 0xE9, 0xCB, 0xC4, 0x4D, 0xD7, 0x7F, 0x59,
841 0x10, 0x72, 0x19, 0x3A, 0xC9, 0x38, 0xFE, 0xE8,
842 0xB3, 0x06, 0x55, 0x8D, 0xA2, 0x5A, 0x3D, 0x79,
843 0x67, 0x0E, 0x90, 0xC9, 0x25, 0x6D, 0x45, 0x9C,
844 0x39, 0x79, 0x5F, 0x18, 0x35, 0x9F, 0xC1, 0x49,
845 0x08, 0x6F, 0x1C, 0x47, 0x09, 0x0D, 0x49, 0x7C,
846 0x3C, 0x7B, 0xB1, 0x09, 0x92, 0x1C, 0x4E, 0x5A,
847 0xDA, 0x74, 0x9E, 0xBB, 0x55, 0x9D, 0xBB, 0x1E,
848 0x43, 0x28, 0x62, 0xAF, 0x02, 0xB0, 0x1A, 0xEA,
849 0x13, 0x0A, 0x70, 0x0F, 0x60, 0x0F, 0x62, 0xA2,
850 0x4E, 0x1F, 0xB2, 0xEA, 0x06, 0xDD, 0x18, 0x02,
851 0x6C, 0xF3, 0x82, 0xF1, 0x80, 0x7F, 0xA7, 0x2F,
852 0xCC, 0xC6, 0x18, 0xEA, 0xFF, 0x1F, 0xAD, 0xC6,
853 0xBA, 0x0C, 0x0E, 0x04, 0xB2, 0x58, 0x1D, 0xB6,
854 0x01, 0xA3, 0x97, 0xDF, 0x7D, 0x9B, 0xB5, 0x0A,
855 0xAD, 0x30, 0x2B, 0xC5, 0x67, 0x40, 0x07, 0xF1,
856 0xD5, 0x6C, 0x11, 0x10, 0xE1, 0x69, 0x30, 0xAD,
857 0x90, 0x06, 0xDB, 0xF8, 0xEA, 0x92, 0x9B, 0x39,
858 0x57, 0x38, 0x7B, 0xE4, 0xB2, 0xA2, 0x89, 0xFD,
859 0xB1, 0x6D, 0x88, 0x41, 0x62, 0x4D, 0x18, 0xB6,
860 0x3F, 0x12, 0x81, 0xDE, 0xE6, 0xDC, 0x4A, 0x31,
861 0x61, 0x26, 0xB1, 0x4B, 0x95, 0xC1, 0x69, 0xDC,
862 0xDC, 0xAC, 0xD0, 0x15, 0xFC, 0x21, 0xC5, 0x20,
863 0x5F, 0x97, 0x76, 0x41, 0xC1, 0xF2, 0xD7, 0x95,
864 0x1D, 0x25, 0x23, 0x36, 0x86, 0xFA, 0x7E, 0xF4,
865 0x14, 0x9F, 0x9D, 0x9F, 0xB2, 0xBB, 0x25, 0x1D,
866 0xD5, 0x7A, 0x6F, 0x9E, 0xF7, 0xEF, 0x9D, 0x63,
867 0x1E, 0xD5, 0xDE, 0x6A, 0xE6, 0x46, 0x48, 0x1F,
868 0xE1, 0x0C, 0x4D, 0x82, 0xC9, 0x19, 0x3B, 0x65,
869 0xA4, 0x06, 0x13, 0xB7, 0x04, 0xB1, 0x62, 0xF7,
870 0x08, 0xAE, 0xED, 0x42, 0x6D, 0xCC, 0x6C, 0xA6,
871 0x06, 0x06, 0x41, 0x3E, 0x0C, 0x89, 0x4C, 0xBD,
872 0x00, 0x4F, 0x0E, 0xA9, 0x72, 0x06, 0x21, 0x82,
873 0xD2, 0xB6, 0x6C, 0xB0, 0xB0, 0x01, 0x5B, 0xDD,
874 0x05, 0xCE, 0x71, 0x6E, 0x00, 0x58, 0xC7, 0xA6,
875 0x5B, 0xF6, 0xFB, 0x6B, 0x62, 0xB1, 0xE8, 0x4D,
876 0xAC, 0xC0, 0x6B, 0xF4, 0x40, 0x69, 0xEE, 0x0D,
877 0xE7, 0x82, 0x61, 0x8D, 0x35, 0x01, 0x97, 0x4E,
878 0xF2, 0xCC, 0xF5, 0x7F, 0xBF, 0xE4, 0xEC, 0x9C,
879 0xC4, 0xD2, 0xD9, 0x65, 0x78, 0x98, 0xD8, 0xB0,
880 0xFA, 0xA8, 0xFB, 0xB0, 0xCE, 0x22, 0x5D, 0x0B,
881 0x27, 0xDF, 0x0E, 0x63, 0x42, 0xFE, 0x89, 0x13,
882 0x99, 0xB2, 0x02, 0x0B, 0xF6, 0x04, 0xB6, 0xAF,
883 0x9F, 0x8C, 0xA6, 0x17, 0x0D, 0xD9, 0x5B, 0x45,
884 0xE4, 0x08, 0x53, 0x51, 0xE0, 0xD5, 0x22, 0x72,
885 0xBE, 0xAD, 0x74, 0x69, 0xB9, 0xFB, 0x91, 0xF8,
886 0xC1, 0x89, 0x28, 0x71, 0x27, 0x62, 0xB1, 0xF0,
887 0xFD, 0x78, 0xBC, 0x82, 0xFE, 0x76, 0xBE, 0x7B,
888 0x47, 0x79, 0x32, 0x71, 0xAD, 0xD6, 0x76, 0x46,
889 0xFB, 0x32, 0xE8, 0x4B, 0x98, 0x9A, 0xC6, 0x85,
890 0xF2, 0xF1, 0x8A, 0xEC, 0xC2, 0x4E, 0x9B, 0x2F,
891 0x2D, 0x6F, 0xC9, 0x9B, 0xB6, 0x14, 0x35, 0x6D,
892 0xD6, 0x5B, 0xF3, 0x02, 0x5A, 0xE5, 0xBD, 0x00,
893 0xF7, 0x6E, 0x51, 0xA7, 0xDB, 0x19, 0xAE, 0x01,
894 0x01, 0x05, 0x94, 0x23, 0xF7, 0x5B, 0x07, 0x79,
895 0xFF, 0x39, 0x58, 0x9C, 0x2A, 0xF7, 0x7E, 0x5D,
896 0x81, 0xF9, 0x59, 0xFE, 0xB9, 0x9A, 0x96, 0x63,
897 0x1F, 0x65, 0xF6, 0xF0, 0x3D, 0xEA, 0xD7, 0xC2,
898 0x8A, 0xCF, 0xB5, 0x58, 0x74, 0x77, 0x23, 0xD6,
899 0x72, 0x58, 0xA8, 0xAE, 0x31, 0x8A, 0x59, 0xEA,
900 0x69, 0x14, 0x6A, 0x20, 0x78, 0x79, 0x28, 0x5A,
901 0xE1, 0x76, 0x6F, 0xA6, 0x1A, 0x9E, 0x47, 0xD2,
902 0xAF, 0x63, 0xF8, 0x06, 0xF6, 0xD8, 0xD5, 0x14,
903 0xA8, 0xD1, 0xEE, 0x96, 0xCE, 0xBB, 0x8E, 0x22,
904 0x69, 0x2F, 0x52, 0x06, 0xB6, 0x6F, 0xC8, 0x99,
905 0x96, 0xEA, 0xC6, 0x1D, 0x96, 0x4C, 0x69, 0x95,
906 0xFE, 0x74, 0x04, 0x3C, 0x55, 0xD9, 0x5F, 0xE0,
907 0x41, 0x21, 0x43, 0x21, 0x5A, 0x50, 0x5D, 0x8B,
908 0xE8, 0xB2, 0x51, 0x1B, 0x7C, 0x63, 0x50, 0xAE,
909 0x97, 0x4F, 0xBA, 0x7D, 0xF2, 0xB6, 0xB6, 0x16,
910 0x1D, 0x47, 0x9E, 0x19, 0x68, 0xD4, 0x6B, 0x2B,
911 0x75, 0xCD, 0xAE, 0x65, 0x33, 0x38, 0xF6, 0x6D,
912 0xC7, 0x3E, 0x46, 0x98, 0x9E, 0x98, 0x8B, 0x45,
913 0x11, 0xA7, 0x12, 0x05, 0xB0, 0x01, 0xC3, 0x51,
914 0xA0, 0xEE, 0x7C, 0x16, 0xD1, 0x42, 0x96, 0xC4,
915 0xF0, 0x7B, 0x71, 0xCD, 0x50, 0x38, 0xA4, 0xB0,
916 0x6E, 0x6F, 0xE0, 0xBD, 0xC4, 0xF7, 0x96, 0x2B,
917 0xF1, 0x6D, 0x9F, 0xF3, 0x71, 0x89, 0xFA, 0xB4,
918 0x44, 0xA4, 0x32, 0xDC, 0xB2, 0x55, 0x13, 0x31,
919 0x83, 0x29, 0x66, 0x21, 0x3E, 0x89, 0xF8, 0x78,
920 0x97, 0x9C, 0x64, 0xF9, 0x2C, 0x0A, 0x88, 0xBC,
921 0xCA, 0x6F, 0x83, 0x42, 0xF6, 0xD7, 0x00, 0xC4,
922 0x19, 0x52, 0xB0, 0x31, 0xA8, 0xBA, 0xE8, 0xD4,
923 0xAD, 0x4B, 0x5D, 0xC0, 0x01, 0x20, 0x6C, 0xBB,
924 0x1D, 0x9A, 0x1D, 0xD4, 0x19, 0xFD, 0x33, 0xAB,
925 0xA0, 0x54, 0x50, 0x91, 0xE9, 0x75, 0x5C, 0x7E,
926 0x7E, 0xB3, 0x24, 0x79, 0xAE, 0x10, 0x3C, 0xB4,
927 0xB7, 0x0A, 0x1D, 0x86, 0xAD, 0x06, 0x95, 0xCB,
928 0x84, 0x9B, 0x0E, 0x8B, 0x77, 0x7E, 0x3E, 0xD2,
929 0xA6, 0xDF, 0xAD, 0x4E, 0xFB, 0x69, 0x23, 0xAC,
930 0x7A, 0xCB, 0xAA, 0xB0, 0x22, 0xDD, 0xD2, 0xC6,
931 0xC7, 0xAD, 0xD7, 0xDE, 0xEC, 0x6F, 0x08, 0x41,
932 0x54, 0xD5, 0x52, 0xDC, 0x77, 0xE4, 0x72, 0xF9,
933 0x16, 0xB1, 0xC9, 0xAF, 0xB1, 0x3B, 0x18, 0x99,
934 0x20, 0x9F, 0x79, 0x63, 0x7B, 0x07, 0xC7, 0x35,
935 0xDF, 0xBB, 0xCE, 0x66, 0x93, 0x1B, 0xF5, 0x82,
936 0x25, 0x67, 0xC1, 0xF2, 0xF0, 0x89, 0x0F, 0xEF,
937 0x84, 0x0D, 0x63, 0xB6, 0x7B, 0xD0, 0x40, 0x8E,
938 0xDB, 0x94, 0xCC, 0x71, 0x3C, 0xDB, 0x36, 0x14,
939 0x34, 0xFD, 0xA0, 0xB0, 0xC1, 0x45, 0x31, 0xF8,
940 0x8D, 0xD8, 0x23, 0xB1, 0x05, 0x14, 0xA9, 0x55,
941 0x3A, 0x1A, 0x37, 0x48, 0x68, 0x89, 0x3F, 0x15,
942 0x25, 0xD4, 0x99, 0x53, 0x4C, 0x85, 0x98, 0x78,
943 0x1D, 0x35, 0x4A, 0x83, 0x79, 0x9A, 0x29, 0x90,
944 0x2B, 0x45, 0x76, 0x0C, 0x13, 0x80, 0x4A, 0xE0,
945 0x40, 0xED, 0x6B, 0x2E, 0x2A, 0x43, 0xA9, 0x28,
946 0xB0, 0x2F, 0x89, 0x01, 0x6B, 0x39, 0x8C, 0x5E,
947 0x80, 0x61, 0xD9, 0xEE, 0x0F, 0x41, 0x75, 0xB5,
948 0xAE, 0xB6, 0xC2, 0x42, 0x49, 0x8D, 0x89, 0xD8,
949 0xF4, 0x78, 0x1D, 0x90, 0x46, 0x26, 0x4C, 0x56,
950 0xB7, 0xC0, 0xD9, 0x98, 0x7B, 0x07, 0xA1, 0x20)
951 }
952 };
953
954 START_TEST(test_ntru_privkey)
955 {
956 rng_t *entropy;
957 ntru_drbg_t *drbg;
958 ntru_private_key_t *privkey;
959 ntru_public_key_t *pubkey;
960 ntru_param_set_t *params;
961 uint32_t strength;
962 chunk_t encoding, privkey_encoding, pubkey_encoding;
963
964 params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
965 privkey_tests[_i].id);
966 strength = params->sec_strength_len * BITS_PER_BYTE;
967 entropy = test_rng_create(privkey_tests[_i].entropy);
968 drbg = TEST_FUNCTION(ntru, ntru_drbg_create, strength,
969 chunk_from_str("IKE NTRU-KE"), entropy);
970 ck_assert(drbg != NULL);
971
972 privkey = TEST_FUNCTION(ntru, ntru_private_key_create, drbg, params);
973 ck_assert(privkey);
974 ck_assert(privkey->get_id(privkey) == privkey_tests[_i].id);
975
976 privkey_encoding = privkey->get_encoding(privkey);
977 encoding = privkey_tests[_i].encoding;
978 ck_assert(chunk_equals(privkey_encoding, encoding));
979
980 /* load private key as a packed blob */
981 privkey->destroy(privkey);
982 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
983 drbg, chunk_empty);
984 ck_assert(privkey == NULL);
985
986 encoding = chunk_clone(encoding);
987 encoding.ptr[0] = NTRU_PUBKEY_TAG;
988 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
989 drbg, encoding);
990 ck_assert(privkey == NULL);
991
992 encoding.ptr[0] = NTRU_PRIVKEY_TRITS_TAG;
993 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
994 drbg, encoding);
995 if (params->is_product_form)
996 {
997 ck_assert(privkey == NULL);
998 }
999 else
1000 {
1001 ck_assert(privkey != NULL);
1002 privkey->destroy(privkey);
1003 }
1004
1005 encoding.ptr[0] = NTRU_PRIVKEY_INDICES_TAG;
1006 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1007 drbg, encoding);
1008 if (params->is_product_form)
1009 {
1010 ck_assert(privkey != NULL);
1011 privkey->destroy(privkey);
1012 }
1013 else
1014 {
1015 ck_assert(privkey == NULL);
1016 }
1017
1018 encoding.ptr[0] = NTRU_PRIVKEY_DEFAULT_TAG;
1019 encoding.ptr[1] = NTRU_OID_LEN - 1;
1020 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1021 drbg, encoding);
1022 ck_assert(privkey == NULL);
1023
1024 encoding.ptr[1] = NTRU_OID_LEN;
1025 encoding.ptr[2] = 0xff;
1026 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1027 drbg, encoding);
1028 ck_assert(privkey == NULL);
1029
1030 encoding.ptr[2] = params->oid[0];
1031 privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
1032 drbg, encoding);
1033 privkey_encoding = privkey->get_encoding(privkey);
1034 ck_assert(chunk_equals(privkey_encoding, encoding));
1035
1036 pubkey = privkey->get_public_key(privkey);
1037 pubkey_encoding = pubkey->get_encoding(pubkey);
1038
1039 encoding.ptr[0] = NTRU_PUBKEY_TAG;
1040 encoding.len = pubkey_encoding.len;
1041 ck_assert(chunk_equals(pubkey_encoding, encoding));
1042
1043 /* load public key as a packed blob */
1044 pubkey->destroy(pubkey);
1045 pubkey = TEST_FUNCTION(ntru, ntru_public_key_create_from_data,
1046 drbg, encoding);
1047 pubkey_encoding = pubkey->get_encoding(pubkey);
1048 ck_assert(chunk_equals(pubkey_encoding, encoding));
1049
1050 chunk_free(&encoding);
1051 privkey->destroy(privkey);
1052 pubkey->destroy(pubkey);
1053 drbg->destroy(drbg);
1054 entropy->destroy(entropy);
1055 }
1056 END_TEST
1057
1058 START_TEST(test_ntru_ke)
1059 {
1060 chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
1061 diffie_hellman_t *i_ntru, *r_ntru;
1062 char buf[10];
1063 int k, n, len;
1064 status_t status;
1065
1066 k = (_i) / countof(parameter_sets);
1067 n = (_i) % countof(parameter_sets);
1068
1069 len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names,
1070 params[k].group);
1071 ck_assert(len == 8);
1072 ck_assert(streq(buf, params[k].group_name));
1073
1074 lib->settings->set_str(lib->settings,
1075 "libstrongswan.plugins.ntru.parameter_set", parameter_sets[n]);
1076
1077 i_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1078 ck_assert(i_ntru != NULL);
1079 ck_assert(i_ntru->get_dh_group(i_ntru) == params[k].group);
1080
1081 i_ntru->get_my_public_value(i_ntru, &pub_key);
1082 ck_assert(pub_key.len > 0);
1083
1084 r_ntru = lib->crypto->create_dh(lib->crypto, params[k].group);
1085 ck_assert(r_ntru != NULL);
1086
1087 r_ntru->set_other_public_value(r_ntru, pub_key);
1088 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1089 ck_assert(cipher_text.len > 0);
1090
1091 status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret);
1092 ck_assert(status == SUCCESS);
1093 ck_assert(r_shared_secret.len > 0);
1094
1095 i_ntru->set_other_public_value(i_ntru, cipher_text);
1096 status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret);
1097 ck_assert(status == SUCCESS);
1098 ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
1099
1100 chunk_clear(&i_shared_secret);
1101 chunk_clear(&r_shared_secret);
1102 chunk_free(&pub_key);
1103 chunk_free(&cipher_text);
1104 i_ntru->destroy(i_ntru);
1105 r_ntru->destroy(r_ntru);
1106 }
1107 END_TEST
1108
1109 START_TEST(test_ntru_retransmission)
1110 {
1111 diffie_hellman_t *i_ntru;
1112 chunk_t pub_key1, pub_key2;
1113
1114 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT);
1115 i_ntru->get_my_public_value(i_ntru, &pub_key1);
1116 i_ntru->get_my_public_value(i_ntru, &pub_key2);
1117 ck_assert(chunk_equals(pub_key1, pub_key2));
1118
1119 chunk_free(&pub_key1);
1120 chunk_free(&pub_key2);
1121 i_ntru->destroy(i_ntru);
1122 }
1123 END_TEST
1124
1125 chunk_t oid_tests[] = {
1126 { NULL, 0 },
1127 chunk_from_chars(0x00),
1128 chunk_from_chars(0x01),
1129 chunk_from_chars(0x02),
1130 chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
1131 chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
1132 chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
1133 chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
1134 };
1135
1136 START_TEST(test_ntru_pubkey_oid)
1137 {
1138 diffie_hellman_t *r_ntru;
1139 chunk_t cipher_text;
1140
1141 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1142 r_ntru->set_other_public_value(r_ntru, oid_tests[_i]);
1143 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1144 ck_assert(cipher_text.len == 0);
1145 r_ntru->destroy(r_ntru);
1146 }
1147 END_TEST
1148
1149 START_TEST(test_ntru_wrong_set)
1150 {
1151 diffie_hellman_t *i_ntru, *r_ntru;
1152 chunk_t pub_key, cipher_text;
1153
1154 lib->settings->set_str(lib->settings,
1155 "libstrongswan.plugins.ntru.parameter_set",
1156 "x9_98_bandwidth");
1157 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1158 i_ntru->get_my_public_value(i_ntru, &pub_key);
1159
1160 lib->settings->set_str(lib->settings,
1161 "libstrongswan.plugins.ntru.parameter_set",
1162 "optimum");
1163 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
1164 r_ntru->set_other_public_value(r_ntru, pub_key);
1165 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1166 ck_assert(cipher_text.len == 0);
1167
1168 chunk_free(&pub_key);
1169 chunk_free(&cipher_text);
1170 i_ntru->destroy(i_ntru);
1171 r_ntru->destroy(r_ntru);
1172 }
1173 END_TEST
1174
1175 START_TEST(test_ntru_ciphertext)
1176 {
1177 char buf_00[604], buf_ff[604];
1178
1179 chunk_t test[] = {
1180 chunk_empty,
1181 chunk_from_chars(0x00),
1182 chunk_create(buf_00, sizeof(buf_00)),
1183 chunk_create(buf_ff, sizeof(buf_ff)),
1184 };
1185
1186 diffie_hellman_t *i_ntru;
1187 chunk_t pub_key, shared_secret;
1188 int i;
1189
1190 memset(buf_00, 0x00, sizeof(buf_00));
1191 memset(buf_ff, 0xff, sizeof(buf_ff));
1192
1193 for (i = 0; i < countof(test); i++)
1194 {
1195 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1196 i_ntru->get_my_public_value(i_ntru, &pub_key);
1197 i_ntru->set_other_public_value(i_ntru, test[i]);
1198 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
1199 ck_assert(shared_secret.len == 0);
1200
1201 chunk_free(&pub_key);
1202 i_ntru->destroy(i_ntru);
1203 }
1204 }
1205 END_TEST
1206
1207 START_TEST(test_ntru_wrong_ciphertext)
1208 {
1209 diffie_hellman_t *i_ntru, *r_ntru, *m_ntru;
1210 chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
1211
1212 i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1213 r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1214 m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
1215
1216 i_ntru->get_my_public_value(i_ntru, &pub_key_i);
1217 m_ntru->get_my_public_value(m_ntru, &pub_key_m);
1218 r_ntru->set_other_public_value(r_ntru, pub_key_m);
1219 r_ntru->get_my_public_value(r_ntru, &cipher_text);
1220 i_ntru->set_other_public_value(i_ntru, cipher_text);
1221 ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS);
1222 ck_assert(shared_secret.len == 0);
1223
1224 chunk_free(&pub_key_i);
1225 chunk_free(&pub_key_m);
1226 chunk_free(&cipher_text);
1227 i_ntru->destroy(i_ntru);
1228 m_ntru->destroy(m_ntru);
1229 r_ntru->destroy(r_ntru);
1230 }
1231 END_TEST
1232
1233 Suite *ntru_suite_create()
1234 {
1235 Suite *s;
1236 TCase *tc;
1237
1238 s = suite_create("ntru");
1239
1240 tc = tcase_create("drbg_strength");
1241 tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths));
1242 suite_add_tcase(s, tc);
1243
1244 tc = tcase_create("drbg");
1245 tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests));
1246 suite_add_tcase(s, tc);
1247
1248 tc = tcase_create("drgb_reseed");
1249 tcase_add_test(tc, test_ntru_drbg_reseed);
1250 suite_add_tcase(s, tc);
1251
1252 tc = tcase_create("trits");
1253 tcase_add_loop_test(tc, test_ntru_trits, 0, countof(trits_tests));
1254 suite_add_tcase(s, tc);
1255
1256 tc = tcase_create("poly");
1257 tcase_add_loop_test(tc, test_ntru_poly, 0, countof(trits_tests));
1258 suite_add_tcase(s, tc);
1259
1260 tc = tcase_create("ring_mult");
1261 tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests));
1262 suite_add_tcase(s, tc);
1263
1264 tc = tcase_create("array");
1265 tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests));
1266 suite_add_tcase(s, tc);
1267
1268 tc = tcase_create("param_set");
1269 tcase_add_test(tc, test_ntru_param_set);
1270 suite_add_tcase(s, tc);
1271
1272 tc = tcase_create("privkey");
1273 tcase_add_loop_test(tc, test_ntru_privkey, 0, countof(privkey_tests));
1274 suite_add_tcase(s, tc);
1275
1276 tc = tcase_create("ke");
1277 tcase_add_loop_test(tc, test_ntru_ke, 0,
1278 countof(params) * countof(parameter_sets));
1279 suite_add_tcase(s, tc);
1280
1281 tc = tcase_create("retransmission");
1282 tcase_add_test(tc, test_ntru_retransmission);
1283 suite_add_tcase(s, tc);
1284
1285 tc = tcase_create("pubkey_oid");
1286 tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
1287 suite_add_tcase(s, tc);
1288
1289 tc = tcase_create("wrong_set");
1290 tcase_add_test(tc, test_ntru_wrong_set);
1291 suite_add_tcase(s, tc);
1292
1293 tc = tcase_create("ciphertext");
1294 tcase_add_test(tc, test_ntru_ciphertext);
1295 suite_add_tcase(s, tc);
1296
1297 tc = tcase_create("wrong_ciphertext");
1298 tcase_add_test(tc, test_ntru_wrong_ciphertext);
1299 suite_add_tcase(s, tc);
1300 return s;
1301 }