index limit can be easily computed
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 19 Feb 2014 19:18:18 +0000 (20:18 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 19 Feb 2014 19:18:53 +0000 (20:18 +0100)
src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c
src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c
src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h
src/libstrongswan/plugins/ntru/ntru_poly.c
src/libstrongswan/plugins/ntru/ntru_poly.h
src/libstrongswan/tests/suites/test_ntru.c

index 56236b5..7fae373 100644 (file)
@@ -229,8 +229,7 @@ ntru_crypto_ntru_encrypt(
                        DBG2(DBG_LIB, "generate polynomial r");
 
                        seed = chunk_create(tmp_buf, ptr - tmp_buf);
-                       r_poly = ntru_poly_create(hash_algid, seed,
-                                                                         params->c_bits, params->no_bias_limit,
+                       r_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
                                                                          params->N, 2 * params->dF_r,
                                                                          params->is_product_form);
                        if (!r_poly)
@@ -459,8 +458,8 @@ ntru_crypto_ntru_decrypt(
        ntru_trits_t           *mask;
        uint8_t                *mask_trits;
        chunk_t                 seed;
-       ntru_poly_t                        *i_poly;
-       uint16_t                           *i_indices;
+       ntru_poly_t                        *r_poly;
+       uint16_t                           *r_indices;
 
        /* check for bad parameters */
        if (!privkey_blob || !ct || !pt_len)
@@ -709,14 +708,13 @@ ntru_crypto_ntru_decrypt(
         ptr += params->sec_strength_len;
 
         /* generate cr */
-               DBG2(DBG_LIB, "generate polynomial i");
+               DBG2(DBG_LIB, "generate polynomial r");
 
                seed = chunk_create(tmp_buf, ptr - tmp_buf);
-               i_poly = ntru_poly_create(hash_algid, seed,
-                                                                 params->c_bits, params->no_bias_limit,
+               r_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
                                                                  params->N, 2 * params->dF_r,
                                                                  params->is_product_form);
-               if (!i_poly)
+               if (!r_poly)
                {
                   result = NTRU_MGF1_FAIL;
                }
@@ -735,21 +733,21 @@ ntru_crypto_ntru_decrypt(
                }
 
                /* form cR' = h * cr */
-               i_indices = i_poly->get_indices(i_poly);
+               r_indices = r_poly->get_indices(r_poly);
                if (params->is_product_form)
                {
                        ntru_ring_mult_product_indices(ringel_buf1, (uint16_t)dF_r1,
                                                                                   (uint16_t)dF_r2, (uint16_t)dF_r3,
-                                                                                  i_indices, params->N, params->q,
+                                                                                  r_indices, params->N, params->q,
                                                                                   scratch_buf, ringel_buf1);
                }
                else
                {
                        ntru_ring_mult_indices(ringel_buf1, (uint16_t)dF_r, (uint16_t)dF_r,
-                                                                  i_indices, params->N, params->q,
+                                                                  r_indices, params->N, params->q,
                                                                   scratch_buf, ringel_buf1);
                }
-               i_poly->destroy(i_poly);
+               r_poly->destroy(r_poly);
 
                /* compare cR' to cR */
                for (i = 0; i < params->N; i++)
@@ -960,8 +958,7 @@ ntru_crypto_ntru_encrypt_keygen(
                DBG2(DBG_LIB, "generate polynomial F");
 
                seed = chunk_create(tmp_buf, seed_len);
-               F_poly = ntru_poly_create(hash_algid, seed,
-                                                                 params->c_bits, params->no_bias_limit,
+               F_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
                                                                  params->N, 2 * params->dF_r,
                                                                  params->is_product_form);
                if (!F_poly)
@@ -1057,8 +1054,7 @@ ntru_crypto_ntru_encrypt_keygen(
                DBG2(DBG_LIB, "generate polynomial g");
 
                seed = chunk_create(tmp_buf, seed_len);
-               g_poly = ntru_poly_create(hash_algid, seed,
-                                                                 params->c_bits, params->no_bias_limit,
+               g_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
                                                                  params->N, 2*params->dg + 1, FALSE);
                if (!g_poly)
                {
index 05ee538..5ddf91d 100644 (file)
@@ -53,7 +53,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         133,                         /* dg */
         60,                          /* maxMsgLenBytes */
         113,                         /* dm0 */
-        2005,                        /* 2^c - (2^c mod N) */
         11,                          /* c */
         1,                           /* lLen */
     },
@@ -72,7 +71,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         149,                         /* dg */
         67,                          /* maxMsgLenBytes */
         134,                         /* dm0 */
-        449,                         /* 2^c - (2^c mod N) */
         9,                           /* c */
         1,                           /* lLen */
     },
@@ -91,7 +89,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         225,                         /* dg */
         101,                         /* maxMsgLenBytes */
         157,                         /* dm0 */
-        2031,                        /* 2^c - (2^c mod N) */
         11,                          /* c */
         1,                           /* lLen */
     },
@@ -110,7 +107,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         362,                         /* dg */
         170,                         /* maxMsgLenBytes */
         120,                         /* dm0 */
-        7609,                        /* 2^c - (2^c mod N) */
         13,                          /* c */
         1,                           /* lLen */
     },
@@ -129,7 +125,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         180,                         /* dg */
         86,                          /* maxMsgLenBytes */
         49,                          /* dm0 */
-        3787,                        /* 2^c - (2^c mod N) */
         12,                          /* c */
         1,                           /* lLen */
     },
@@ -148,7 +143,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         204,                         /* dg */
         97,                          /* maxMsgLenBytes */
         55,                          /* dm0 */
-        1839,                        /* 2^c - (2^c mod N) */
         11,                          /* c */
         1,                           /* lLen */
     },
@@ -167,7 +161,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         295,                         /* dg */
         141,                         /* maxMsgLenBytes */
         81,                          /* dm0 */
-        887,                         /* 2^c - (2^c mod N) */
         10,                          /* c */
         1,                           /* lLen */
     },
@@ -186,7 +179,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         390,                         /* dg */
         186,                         /* maxMsgLenBytes */
         106,                         /* dm0 */
-        3513,                        /* 2^c - (2^c mod N) */
         12,                          /* c */
         1,                           /* lLen */
     },
@@ -205,7 +197,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         219,                         /* dg */
         108,                         /* maxMsgLenBytes */
         38,                          /* dm0 */
-        1977,                        /* 2^c - (2^c mod N) */
         11,                          /* c */
         1,                           /* lLen */
     },
@@ -224,7 +215,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         253,                         /* dg */
         125,                         /* maxMsgLenBytes */
         42,                          /* dm0 */
-        3805,                        /* 2^c - (2^c mod N) */
         12,                          /* c */
         1,                           /* lLen */
     },
@@ -243,7 +233,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         362,                         /* dg */
         178,                         /* maxMsgLenBytes */
         63,                          /* dm0 */
-        7609,                        /* 2^c - (2^c mod N) */
         13,                          /* c */
         1,                           /* lLen */
     },
@@ -262,7 +251,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         499,                         /* dg */
         247,                         /* maxMsgLenBytes */
         79,                          /* dm0 */
-        7495,                        /* 2^c - (2^c mod N) */
         13,                          /* c */
         1,                           /* lLen */
     },
@@ -281,7 +269,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         133,                         /* dg */
         60,                          /* maxMsgLenBytes */
         136,                         /* m(1)_max */
-        2005,                        /* 2^c - (2^c mod N) */
         11,                          /* c */
         1,                           /* lLen */
    },
@@ -300,7 +287,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         146,                         /* dg */
         65,                          /* maxMsgLenBytes */
         126,                         /* m(1)_max */
-        439,                         /* 2^c - (2^c mod N) */
         9,                           /* c */
         1,                           /* lLen */
     },
@@ -319,7 +305,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         197,                         /* dg */
         86,                          /* maxMsgLenBytes */
         90,                          /* m(1)_max */
-        1779,                        /* 2^c - (2^c mod N) */
         11,                          /* c */
         1,                           /* lLen */
     },
@@ -338,7 +323,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
         247,                         /* dg */
         106,                         /* maxMsgLenBytes */
         60,                          /* m(1)_max */
-        8173,                        /* 2^c - (2^c mod N) */
         13,                          /* c */
         1,                           /* lLen */
     },
index 731bd36..e5e977a 100644 (file)
@@ -59,8 +59,6 @@ typedef struct _NTRU_ENCRYPT_PARAM_SET {
                                                      octets */
     uint16_t                  min_msg_rep_wt;     /* min. message
                                                      representative weight */
-    uint16_t                  no_bias_limit;      /* limit for no bias in
-                                                     IGF-2 */
     uint8_t                   c_bits;             /* no. bits in candidate for
                                                      deriving an index in
                                                      IGF-2 */
index a021ace..f893d4d 100644 (file)
@@ -69,14 +69,13 @@ METHOD(ntru_poly_t, destroy, void,
  * Described in header.
  */
 ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
-                                                         uint8_t c_bits, uint16_t limit, 
-                                                 uint16_t poly_len, uint32_t indices_count,
-                                                         bool is_product_form)
+                                                         uint8_t c_bits, uint16_t poly_len,
+                                                         uint32_t indices_count, bool is_product_form)
 {
        private_ntru_poly_t *this;
        size_t hash_len, octet_count = 0, i, num_polys, num_indices[3], indices_len;
        uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed;
-       uint16_t index, left = 0;
+       uint16_t index, limit, left = 0;
        int poly_i = 0, index_i = 0;
        ntru_mgf1_t *mgf1;
 
@@ -103,6 +102,7 @@ ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
                indices_len = indices_count;
        }
        used = malloc(poly_len);
+       limit = poly_len * ((1 << c_bits) / poly_len);
 
        INIT(this,
                .public = {
index 85bc341..92becb1 100644 (file)
@@ -55,14 +55,12 @@ struct ntru_poly_t {
  * @param seed                         seed used by MGF1 to generate trits from
  * @param poly_len                     size of the trits polynomial
  * @param c_bits                       number of bits for candidate index
- * @param limit                                conversion to index limit
  * @param indices_count                number of non-zero indices
  * @param is_product_form      generate multiple polynomials
  */
 ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
-                                                         uint8_t c_bits, uint16_t limit, 
-                                                 uint16_t poly_len, uint32_t indices_count,
-                                                         bool is_product_form);
+                                                         uint8_t c_bits, uint16_t poly_len,
+                                                         uint32_t indices_count, bool is_product_form);
 
 #endif /** NTRU_POLY_H_ @}*/
 
index 23ce695..e42bb8e 100644 (file)
@@ -33,8 +33,8 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
 
 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create, ntru_poly_t*,
                                                  hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
-                                                 uint16_t limit, uint16_t poly_len,
-                                                 uint32_t indices_count, bool is_product_form)
+                                                 uint16_t poly_len, uint32_t indices_count,
+                                                 bool is_product_form)
 
 /**
  * NTRU parameter sets to test
@@ -302,7 +302,6 @@ END_TEST
 
 typedef struct {
        uint8_t c_bits;
-       uint16_t limit;
        uint16_t poly_len;
        bool is_product_form;
        uint32_t indices_count;
@@ -428,10 +427,10 @@ mgf1_test_t mgf1_tests[] = {
                                0, 1, 1, 2, 0,  2, 2, 0, 0, 0,  1, 1, 0, 1, 0,  1, 1, 0, 1, 1,
                                0, 1, 2, 0, 1,  1, 0, 1, 2, 0,  0, 1, 2, 2, 0,  0, 2, 1, 2),
                {
-                       {       9, 439, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)),
+                       {       9, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)),
                                countof(indices_ees439ep1), indices_ees439ep1
                        },
-                       {       11, 1839, 613, FALSE, 2*55,
+                       {       11, 613, FALSE, 2*55,
                                countof(indices_ees613ep1), indices_ees613ep1
                        }
                }
@@ -515,10 +514,10 @@ mgf1_test_t mgf1_tests[] = {
                                1, 0, 1, 0, 2,  2, 1, 0, 2, 2,  2, 2, 2, 1, 0,  2, 2, 2, 1, 2,
                                0, 2, 0, 0, 0,  0, 0, 1, 2, 0,  1, 0, 1),
                {
-                       {       13, 8173, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)),
+                       {       13, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)),
                                countof(indices_ees743ep1), indices_ees743ep1
                        },
-                       {       12, 3513, 1171, FALSE, 2*106,
+                       {       12, 1171, FALSE, 2*106,
                                countof(indices_ees1171ep1), indices_ees1171ep1
                        }
                }
@@ -633,16 +632,15 @@ START_TEST(test_ntru_poly)
        seed.len = mgf1_tests[_i].seed_len;
 
        p = &mgf1_tests[_i].poly_test[0];
-       poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->limit,
-                                                       p->poly_len, p->indices_count, p->is_product_form);
+       poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->poly_len,
+                                                       p->indices_count, p->is_product_form);
        ck_assert(poly == NULL);
 
        for (n = 0; n < 2; n++)
        {
                p = &mgf1_tests[_i].poly_test[n];
-               poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->limit,
-                                                               p->poly_len, p->indices_count,
-                                                               p->is_product_form);
+               poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->poly_len,
+                                                               p->indices_count, p->is_product_form);
                ck_assert(poly != NULL && poly->get_size(poly) == p->indices_len);
 
                indices = poly->get_indices(poly);