infidel/NTRU_IoT
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Hello Freedom

Browse Source
This commit is contained in:
infidel
2022-02-01 23:45:47 +07:00
commit 7009cb27c4
964 changed files with 513364 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
infidel-code/test/.deps/.dirstamp Normal file
View File

215
infidel-code/test/.deps/bench.Po Normal file
View File

@@ -0,0 +1,215 @@
test/bench.o: test/bench.c /usr/include/stdc-predef.h \
/usr/include/stdio.h \
/usr/include/x86_64-linux-gnu/bits/libc-header-start.h \
/usr/include/features.h /usr/include/x86_64-linux-gnu/sys/cdefs.h \
/usr/include/x86_64-linux-gnu/bits/wordsize.h \
/usr/include/x86_64-linux-gnu/bits/long-double.h \
/usr/include/x86_64-linux-gnu/gnu/stubs.h \
/usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
/usr/lib/gcc/x86_64-linux-gnu/7/include/stddef.h \
/usr/include/x86_64-linux-gnu/bits/types.h \
/usr/include/x86_64-linux-gnu/bits/typesizes.h \
/usr/include/x86_64-linux-gnu/bits/types/__FILE.h \
/usr/include/x86_64-linux-gnu/bits/types/FILE.h \
/usr/include/x86_64-linux-gnu/bits/libio.h \
/usr/include/x86_64-linux-gnu/bits/_G_config.h \
/usr/include/x86_64-linux-gnu/bits/types/__mbstate_t.h \
/usr/lib/gcc/x86_64-linux-gnu/7/include/stdarg.h \
/usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
/usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
/usr/include/x86_64-linux-gnu/bits/stdio.h \
/usr/include/x86_64-linux-gnu/bits/stdio2.h /usr/include/stdlib.h \
/usr/include/x86_64-linux-gnu/bits/waitflags.h \
/usr/include/x86_64-linux-gnu/bits/waitstatus.h \
/usr/include/x86_64-linux-gnu/bits/floatn.h \
/usr/include/x86_64-linux-gnu/bits/floatn-common.h \
/usr/include/x86_64-linux-gnu/sys/types.h \
/usr/include/x86_64-linux-gnu/bits/types/clock_t.h \
/usr/include/x86_64-linux-gnu/bits/types/clockid_t.h \
/usr/include/x86_64-linux-gnu/bits/types/time_t.h \
/usr/include/x86_64-linux-gnu/bits/types/timer_t.h \
/usr/include/x86_64-linux-gnu/bits/stdint-intn.h /usr/include/endian.h \
/usr/include/x86_64-linux-gnu/bits/endian.h \
/usr/include/x86_64-linux-gnu/bits/byteswap.h \
/usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
/usr/include/x86_64-linux-gnu/bits/uintn-identity.h \
/usr/include/x86_64-linux-gnu/sys/select.h \
/usr/include/x86_64-linux-gnu/bits/select.h \
/usr/include/x86_64-linux-gnu/bits/types/sigset_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h \
/usr/include/x86_64-linux-gnu/bits/select2.h \
/usr/include/x86_64-linux-gnu/sys/sysmacros.h \
/usr/include/x86_64-linux-gnu/bits/sysmacros.h \
/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h \
/usr/include/x86_64-linux-gnu/bits/thread-shared-types.h \
/usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h \
/usr/include/alloca.h \
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
/usr/include/x86_64-linux-gnu/bits/stdlib-float.h \
/usr/include/x86_64-linux-gnu/bits/stdlib.h /usr/include/string.h \
/usr/include/x86_64-linux-gnu/bits/types/locale_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__locale_t.h \
/usr/include/strings.h \
/usr/include/x86_64-linux-gnu/bits/strings_fortified.h \
/usr/include/x86_64-linux-gnu/bits/string_fortified.h \
/usr/include/time.h /usr/include/x86_64-linux-gnu/bits/time.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_tm.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_itimerspec.h \
include/ntru_crypto.h include/ntru_crypto_platform.h \
/usr/lib/gcc/x86_64-linux-gnu/7/include/stdint.h /usr/include/stdint.h \
/usr/include/x86_64-linux-gnu/bits/wchar.h \
/usr/include/x86_64-linux-gnu/bits/stdint-uintn.h /usr/include/assert.h \
include/ntru_crypto_drbg.h include/ntru_crypto_error.h \
include/ntru_crypto_drbg.h test/test_common.h
/usr/include/stdc-predef.h:
/usr/include/stdio.h:
/usr/include/x86_64-linux-gnu/bits/libc-header-start.h:
/usr/include/features.h:
/usr/include/x86_64-linux-gnu/sys/cdefs.h:
/usr/include/x86_64-linux-gnu/bits/wordsize.h:
/usr/include/x86_64-linux-gnu/bits/long-double.h:
/usr/include/x86_64-linux-gnu/gnu/stubs.h:
/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
/usr/lib/gcc/x86_64-linux-gnu/7/include/stddef.h:
/usr/include/x86_64-linux-gnu/bits/types.h:
/usr/include/x86_64-linux-gnu/bits/typesizes.h:
/usr/include/x86_64-linux-gnu/bits/types/__FILE.h:
/usr/include/x86_64-linux-gnu/bits/types/FILE.h:
/usr/include/x86_64-linux-gnu/bits/libio.h:
/usr/include/x86_64-linux-gnu/bits/_G_config.h:
/usr/include/x86_64-linux-gnu/bits/types/__mbstate_t.h:
/usr/lib/gcc/x86_64-linux-gnu/7/include/stdarg.h:
/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
/usr/include/x86_64-linux-gnu/bits/stdio.h:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:
/usr/include/stdlib.h:
/usr/include/x86_64-linux-gnu/bits/waitflags.h:
/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
/usr/include/x86_64-linux-gnu/bits/floatn.h:
/usr/include/x86_64-linux-gnu/bits/floatn-common.h:
/usr/include/x86_64-linux-gnu/sys/types.h:
/usr/include/x86_64-linux-gnu/bits/types/clock_t.h:
/usr/include/x86_64-linux-gnu/bits/types/clockid_t.h:
/usr/include/x86_64-linux-gnu/bits/types/time_t.h:
/usr/include/x86_64-linux-gnu/bits/types/timer_t.h:
/usr/include/x86_64-linux-gnu/bits/stdint-intn.h:
/usr/include/endian.h:
/usr/include/x86_64-linux-gnu/bits/endian.h:
/usr/include/x86_64-linux-gnu/bits/byteswap.h:
/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
/usr/include/x86_64-linux-gnu/bits/uintn-identity.h:
/usr/include/x86_64-linux-gnu/sys/select.h:
/usr/include/x86_64-linux-gnu/bits/select.h:
/usr/include/x86_64-linux-gnu/bits/types/sigset_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h:
/usr/include/x86_64-linux-gnu/bits/select2.h:
/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
/usr/include/x86_64-linux-gnu/bits/sysmacros.h:
/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
/usr/include/x86_64-linux-gnu/bits/thread-shared-types.h:
/usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h:
/usr/include/alloca.h:
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
/usr/include/x86_64-linux-gnu/bits/stdlib.h:
/usr/include/string.h:
/usr/include/x86_64-linux-gnu/bits/types/locale_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__locale_t.h:
/usr/include/strings.h:
/usr/include/x86_64-linux-gnu/bits/strings_fortified.h:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:
/usr/include/time.h:
/usr/include/x86_64-linux-gnu/bits/time.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_tm.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_itimerspec.h:
include/ntru_crypto.h:
include/ntru_crypto_platform.h:
/usr/lib/gcc/x86_64-linux-gnu/7/include/stdint.h:
/usr/include/stdint.h:
/usr/include/x86_64-linux-gnu/bits/wchar.h:
/usr/include/x86_64-linux-gnu/bits/stdint-uintn.h:
/usr/include/assert.h:
include/ntru_crypto_drbg.h:
include/ntru_crypto_error.h:
include/ntru_crypto_drbg.h:
test/test_common.h:

1
infidel-code/test/.deps/bin_check_internal-check_internal.Po Normal file
View File

@@ -0,0 +1 @@
# dummy

1
infidel-code/test/.deps/bin_check_internal-check_internal_key.Po Normal file
View File

@@ -0,0 +1 @@
# dummy

1
infidel-code/test/.deps/bin_check_internal-check_internal_mgf.Po Normal file
View File

@@ -0,0 +1 @@
# dummy

1
infidel-code/test/.deps/bin_check_internal-check_internal_poly.Po Normal file
View File

@@ -0,0 +1 @@
# dummy

1
infidel-code/test/.deps/bin_check_internal-check_internal_sha.Po Normal file
View File

@@ -0,0 +1 @@
# dummy

1
infidel-code/test/.deps/bin_check_public-check_public.Po Normal file
View File

@@ -0,0 +1 @@
# dummy

1
infidel-code/test/.deps/check_common.Plo Normal file
View File

@@ -0,0 +1 @@
# dummy

136
infidel-code/test/.deps/sanity.Po Normal file
View File

@@ -0,0 +1,136 @@
test/sanity.o: test/sanity.c /usr/include/stdc-predef.h \
/usr/include/stdio.h \
/usr/include/x86_64-linux-gnu/bits/libc-header-start.h \
/usr/include/features.h /usr/include/x86_64-linux-gnu/sys/cdefs.h \
/usr/include/x86_64-linux-gnu/bits/wordsize.h \
/usr/include/x86_64-linux-gnu/bits/long-double.h \
/usr/include/x86_64-linux-gnu/gnu/stubs.h \
/usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
/usr/lib/gcc/x86_64-linux-gnu/10/include/stddef.h \
/usr/lib/gcc/x86_64-linux-gnu/10/include/stdarg.h \
/usr/include/x86_64-linux-gnu/bits/types.h \
/usr/include/x86_64-linux-gnu/bits/timesize.h \
/usr/include/x86_64-linux-gnu/bits/typesizes.h \
/usr/include/x86_64-linux-gnu/bits/time64.h \
/usr/include/x86_64-linux-gnu/bits/types/__fpos_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__mbstate_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__fpos64_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__FILE.h \
/usr/include/x86_64-linux-gnu/bits/types/FILE.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_FILE.h \
/usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
/usr/include/x86_64-linux-gnu/bits/floatn.h \
/usr/include/x86_64-linux-gnu/bits/floatn-common.h \
/usr/include/x86_64-linux-gnu/bits/stdio.h \
/usr/include/x86_64-linux-gnu/bits/stdio2.h /usr/include/stdlib.h \
/usr/include/x86_64-linux-gnu/bits/waitflags.h \
/usr/include/x86_64-linux-gnu/bits/waitstatus.h \
/usr/include/x86_64-linux-gnu/sys/types.h \
/usr/include/x86_64-linux-gnu/bits/types/clock_t.h \
/usr/include/x86_64-linux-gnu/bits/types/clockid_t.h \
/usr/include/x86_64-linux-gnu/bits/types/time_t.h \
/usr/include/x86_64-linux-gnu/bits/types/timer_t.h \
/usr/include/x86_64-linux-gnu/bits/stdint-intn.h /usr/include/endian.h \
/usr/include/x86_64-linux-gnu/bits/endian.h \
/usr/include/x86_64-linux-gnu/bits/endianness.h \
/usr/include/x86_64-linux-gnu/bits/byteswap.h \
/usr/include/x86_64-linux-gnu/bits/uintn-identity.h \
/usr/include/x86_64-linux-gnu/sys/select.h \
/usr/include/x86_64-linux-gnu/bits/select.h \
/usr/include/x86_64-linux-gnu/bits/types/sigset_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h \
/usr/include/x86_64-linux-gnu/bits/select2.h \
/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h \
/usr/include/x86_64-linux-gnu/bits/thread-shared-types.h \
/usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h \
/usr/include/x86_64-linux-gnu/bits/struct_mutex.h \
/usr/include/x86_64-linux-gnu/bits/struct_rwlock.h /usr/include/alloca.h \
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
/usr/include/x86_64-linux-gnu/bits/stdlib-float.h \
/usr/include/x86_64-linux-gnu/bits/stdlib.h /usr/include/string.h \
/usr/include/x86_64-linux-gnu/bits/types/locale_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__locale_t.h \
/usr/include/strings.h \
/usr/include/x86_64-linux-gnu/bits/strings_fortified.h \
/usr/include/x86_64-linux-gnu/bits/string_fortified.h \
include/ntru_crypto.h include/ntru_crypto_platform.h \
/usr/lib/gcc/x86_64-linux-gnu/10/include/stdint.h /usr/include/stdint.h \
/usr/include/x86_64-linux-gnu/bits/wchar.h \
/usr/include/x86_64-linux-gnu/bits/stdint-uintn.h /usr/include/assert.h \
include/ntru_crypto_drbg.h include/ntru_crypto_error.h \
include/ntru_crypto_drbg.h test/test_common.h
/usr/include/stdc-predef.h:
/usr/include/stdio.h:
/usr/include/x86_64-linux-gnu/bits/libc-header-start.h:
/usr/include/features.h:
/usr/include/x86_64-linux-gnu/sys/cdefs.h:
/usr/include/x86_64-linux-gnu/bits/wordsize.h:
/usr/include/x86_64-linux-gnu/bits/long-double.h:
/usr/include/x86_64-linux-gnu/gnu/stubs.h:
/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
/usr/lib/gcc/x86_64-linux-gnu/10/include/stddef.h:
/usr/lib/gcc/x86_64-linux-gnu/10/include/stdarg.h:
/usr/include/x86_64-linux-gnu/bits/types.h:
/usr/include/x86_64-linux-gnu/bits/timesize.h:
/usr/include/x86_64-linux-gnu/bits/typesizes.h:
/usr/include/x86_64-linux-gnu/bits/time64.h:
/usr/include/x86_64-linux-gnu/bits/types/__fpos_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__mbstate_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__fpos64_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__FILE.h:
/usr/include/x86_64-linux-gnu/bits/types/FILE.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_FILE.h:
/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
/usr/include/x86_64-linux-gnu/bits/floatn.h:
/usr/include/x86_64-linux-gnu/bits/floatn-common.h:
/usr/include/x86_64-linux-gnu/bits/stdio.h:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:
/usr/include/stdlib.h:
/usr/include/x86_64-linux-gnu/bits/waitflags.h:
/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
/usr/include/x86_64-linux-gnu/sys/types.h:
/usr/include/x86_64-linux-gnu/bits/types/clock_t.h:
/usr/include/x86_64-linux-gnu/bits/types/clockid_t.h:
/usr/include/x86_64-linux-gnu/bits/types/time_t.h:
/usr/include/x86_64-linux-gnu/bits/types/timer_t.h:
/usr/include/x86_64-linux-gnu/bits/stdint-intn.h:
/usr/include/endian.h:
/usr/include/x86_64-linux-gnu/bits/endian.h:
/usr/include/x86_64-linux-gnu/bits/endianness.h:
/usr/include/x86_64-linux-gnu/bits/byteswap.h:
/usr/include/x86_64-linux-gnu/bits/uintn-identity.h:
/usr/include/x86_64-linux-gnu/sys/select.h:
/usr/include/x86_64-linux-gnu/bits/select.h:
/usr/include/x86_64-linux-gnu/bits/types/sigset_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h:
/usr/include/x86_64-linux-gnu/bits/select2.h:
/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
/usr/include/x86_64-linux-gnu/bits/thread-shared-types.h:
/usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h:
/usr/include/x86_64-linux-gnu/bits/struct_mutex.h:
/usr/include/x86_64-linux-gnu/bits/struct_rwlock.h:
/usr/include/alloca.h:
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
/usr/include/x86_64-linux-gnu/bits/stdlib.h:
/usr/include/string.h:
/usr/include/x86_64-linux-gnu/bits/types/locale_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__locale_t.h:
/usr/include/strings.h:
/usr/include/x86_64-linux-gnu/bits/strings_fortified.h:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:
include/ntru_crypto.h:
include/ntru_crypto_platform.h:
/usr/lib/gcc/x86_64-linux-gnu/10/include/stdint.h:
/usr/include/stdint.h:
/usr/include/x86_64-linux-gnu/bits/wchar.h:
/usr/include/x86_64-linux-gnu/bits/stdint-uintn.h:
/usr/include/assert.h:
include/ntru_crypto_drbg.h:
include/ntru_crypto_error.h:
include/ntru_crypto_drbg.h:
test/test_common.h:

207
infidel-code/test/.deps/test_common.Plo Normal file
View File

@@ -0,0 +1,207 @@
test/test_common.lo: test/test_common.c /usr/include/stdc-predef.h \
/usr/include/fcntl.h /usr/include/features.h \
/usr/include/x86_64-linux-gnu/sys/cdefs.h \
/usr/include/x86_64-linux-gnu/bits/wordsize.h \
/usr/include/x86_64-linux-gnu/bits/long-double.h \
/usr/include/x86_64-linux-gnu/gnu/stubs.h \
/usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
/usr/include/x86_64-linux-gnu/bits/types.h \
/usr/include/x86_64-linux-gnu/bits/typesizes.h \
/usr/include/x86_64-linux-gnu/bits/fcntl.h \
/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h \
/usr/include/x86_64-linux-gnu/bits/stat.h \
/usr/include/x86_64-linux-gnu/bits/fcntl2.h /usr/include/unistd.h \
/usr/include/x86_64-linux-gnu/bits/posix_opt.h \
/usr/include/x86_64-linux-gnu/bits/environments.h \
/usr/lib/gcc/x86_64-linux-gnu/7/include/stddef.h \
/usr/include/x86_64-linux-gnu/bits/confname.h \
/usr/include/x86_64-linux-gnu/bits/getopt_posix.h \
/usr/include/x86_64-linux-gnu/bits/getopt_core.h \
/usr/include/x86_64-linux-gnu/bits/unistd.h \
/usr/lib/gcc/x86_64-linux-gnu/7/include/stdint.h /usr/include/stdint.h \
/usr/include/x86_64-linux-gnu/bits/libc-header-start.h \
/usr/include/x86_64-linux-gnu/bits/wchar.h \
/usr/include/x86_64-linux-gnu/bits/stdint-intn.h \
/usr/include/x86_64-linux-gnu/bits/stdint-uintn.h include/ntru_crypto.h \
include/ntru_crypto_platform.h /usr/include/stdlib.h \
/usr/include/x86_64-linux-gnu/bits/waitflags.h \
/usr/include/x86_64-linux-gnu/bits/waitstatus.h \
/usr/include/x86_64-linux-gnu/bits/floatn.h \
/usr/include/x86_64-linux-gnu/bits/floatn-common.h \
/usr/include/x86_64-linux-gnu/sys/types.h \
/usr/include/x86_64-linux-gnu/bits/types/clock_t.h \
/usr/include/x86_64-linux-gnu/bits/types/clockid_t.h \
/usr/include/x86_64-linux-gnu/bits/types/time_t.h \
/usr/include/x86_64-linux-gnu/bits/types/timer_t.h /usr/include/endian.h \
/usr/include/x86_64-linux-gnu/bits/endian.h \
/usr/include/x86_64-linux-gnu/bits/byteswap.h \
/usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
/usr/include/x86_64-linux-gnu/bits/uintn-identity.h \
/usr/include/x86_64-linux-gnu/sys/select.h \
/usr/include/x86_64-linux-gnu/bits/select.h \
/usr/include/x86_64-linux-gnu/bits/types/sigset_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h \
/usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h \
/usr/include/x86_64-linux-gnu/bits/select2.h \
/usr/include/x86_64-linux-gnu/sys/sysmacros.h \
/usr/include/x86_64-linux-gnu/bits/sysmacros.h \
/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h \
/usr/include/x86_64-linux-gnu/bits/thread-shared-types.h \
/usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h \
/usr/include/alloca.h \
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
/usr/include/x86_64-linux-gnu/bits/stdlib-float.h \
/usr/include/x86_64-linux-gnu/bits/stdlib.h /usr/include/assert.h \
/usr/include/string.h \
/usr/include/x86_64-linux-gnu/bits/types/locale_t.h \
/usr/include/x86_64-linux-gnu/bits/types/__locale_t.h \
/usr/include/strings.h \
/usr/include/x86_64-linux-gnu/bits/strings_fortified.h \
/usr/include/x86_64-linux-gnu/bits/string_fortified.h \
include/ntru_crypto_drbg.h include/ntru_crypto_error.h \
include/ntru_crypto_drbg.h test/test_common.h
/usr/include/stdc-predef.h:
/usr/include/fcntl.h:
/usr/include/features.h:
/usr/include/x86_64-linux-gnu/sys/cdefs.h:
/usr/include/x86_64-linux-gnu/bits/wordsize.h:
/usr/include/x86_64-linux-gnu/bits/long-double.h:
/usr/include/x86_64-linux-gnu/gnu/stubs.h:
/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
/usr/include/x86_64-linux-gnu/bits/types.h:
/usr/include/x86_64-linux-gnu/bits/typesizes.h:
/usr/include/x86_64-linux-gnu/bits/fcntl.h:
/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_timespec.h:
/usr/include/x86_64-linux-gnu/bits/stat.h:
/usr/include/x86_64-linux-gnu/bits/fcntl2.h:
/usr/include/unistd.h:
/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
/usr/include/x86_64-linux-gnu/bits/environments.h:
/usr/lib/gcc/x86_64-linux-gnu/7/include/stddef.h:
/usr/include/x86_64-linux-gnu/bits/confname.h:
/usr/include/x86_64-linux-gnu/bits/getopt_posix.h:
/usr/include/x86_64-linux-gnu/bits/getopt_core.h:
/usr/include/x86_64-linux-gnu/bits/unistd.h:
/usr/lib/gcc/x86_64-linux-gnu/7/include/stdint.h:
/usr/include/stdint.h:
/usr/include/x86_64-linux-gnu/bits/libc-header-start.h:
/usr/include/x86_64-linux-gnu/bits/wchar.h:
/usr/include/x86_64-linux-gnu/bits/stdint-intn.h:
/usr/include/x86_64-linux-gnu/bits/stdint-uintn.h:
include/ntru_crypto.h:
include/ntru_crypto_platform.h:
/usr/include/stdlib.h:
/usr/include/x86_64-linux-gnu/bits/waitflags.h:
/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
/usr/include/x86_64-linux-gnu/bits/floatn.h:
/usr/include/x86_64-linux-gnu/bits/floatn-common.h:
/usr/include/x86_64-linux-gnu/sys/types.h:
/usr/include/x86_64-linux-gnu/bits/types/clock_t.h:
/usr/include/x86_64-linux-gnu/bits/types/clockid_t.h:
/usr/include/x86_64-linux-gnu/bits/types/time_t.h:
/usr/include/x86_64-linux-gnu/bits/types/timer_t.h:
/usr/include/endian.h:
/usr/include/x86_64-linux-gnu/bits/endian.h:
/usr/include/x86_64-linux-gnu/bits/byteswap.h:
/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
/usr/include/x86_64-linux-gnu/bits/uintn-identity.h:
/usr/include/x86_64-linux-gnu/sys/select.h:
/usr/include/x86_64-linux-gnu/bits/select.h:
/usr/include/x86_64-linux-gnu/bits/types/sigset_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__sigset_t.h:
/usr/include/x86_64-linux-gnu/bits/types/struct_timeval.h:
/usr/include/x86_64-linux-gnu/bits/select2.h:
/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
/usr/include/x86_64-linux-gnu/bits/sysmacros.h:
/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
/usr/include/x86_64-linux-gnu/bits/thread-shared-types.h:
/usr/include/x86_64-linux-gnu/bits/pthreadtypes-arch.h:
/usr/include/alloca.h:
/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
/usr/include/x86_64-linux-gnu/bits/stdlib.h:
/usr/include/assert.h:
/usr/include/string.h:
/usr/include/x86_64-linux-gnu/bits/types/locale_t.h:
/usr/include/x86_64-linux-gnu/bits/types/__locale_t.h:
/usr/include/strings.h:
/usr/include/x86_64-linux-gnu/bits/strings_fortified.h:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:
include/ntru_crypto_drbg.h:
include/ntru_crypto_error.h:
include/ntru_crypto_drbg.h:
test/test_common.h:

0
infidel-code/test/.dirstamp Normal file
View File

190
infidel-code/test/bench.c Normal file
View File

@@ -0,0 +1,190 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "ntru_crypto.h"
#include "ntru_crypto_drbg.h"
#include "test_common.h"
#define LOOPS 10000
int
main(int argc, char **argv)
{
uint16_t i;
uint32_t j;
uint8_t *public_key;
uint8_t *private_key;
uint8_t *message;
uint8_t *ciphertext;
uint8_t *plaintext;
uint16_t max_msg_len;
uint16_t public_key_len; /* no. of octets in public key */
uint16_t private_key_len; /* no. of octets in private key */
uint16_t ciphertext_len; /* no. of octets in ciphertext */
uint16_t plaintext_len; /* no. of octets in plaintext */
DRBG_HANDLE drbg; /* handle for instantiated DRBG */
uint32_t rc; /* return code */
uint32_t loops = LOOPS; /* number of loops when benchmarking */
clock_t clk;
NTRU_ENCRYPT_PARAM_SET_ID param_set_id;
uint32_t error[NUM_PARAM_SETS] = {0};
for(i=0; i<NUM_PARAM_SETS; i++)
{
param_set_id = PARAM_SET_IDS[i];
fprintf(stderr, "Testing parameter set %s... ", ntru_encrypt_get_param_set_name(param_set_id));
fflush (stderr);
rc = ntru_crypto_drbg_external_instantiate(
(RANDOM_BYTES_FN) &randombytes, &drbg);
if (rc != DRBG_OK)
{
fprintf(stderr,"\tError: An error occurred instantiating the DRBG\n");
error[i] = 1;
continue;
}
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id, &public_key_len,
NULL, &private_key_len, NULL);
if (rc != NTRU_OK)
{
ntru_crypto_drbg_uninstantiate(drbg);
fprintf(stderr,"\tError: An error occurred getting the key lengths\n");
error[i] = 1;
continue;
}
public_key = (uint8_t *)malloc(public_key_len * sizeof(uint8_t));
private_key = (uint8_t *)malloc(private_key_len * sizeof(uint8_t));
clk = clock();
for (j = 0; j < loops/10 || j < 1; j++)
{
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id, &public_key_len,
public_key,
&private_key_len,
private_key);
if (rc != NTRU_OK) break;
}
clk = clock() - clk;
if (rc != NTRU_OK)
{
ntru_crypto_drbg_uninstantiate(drbg);
free(public_key);
free(private_key);
fprintf(stderr,"\tError: An error occurred during key generation\n");
error[i] = 1;
continue;
}
if (loops) {
fprintf(stderr, "kg %dus, ", (int)((1.0*clk)/(loops/10)));
fflush (stderr);
}
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, 0, NULL,
&ciphertext_len, NULL);
if (rc != NTRU_OK)
{
fprintf(stderr,"\tError: Bad public key");
error[i] = 1;
continue;
}
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key, 0, NULL,
&max_msg_len, NULL);
if (rc != NTRU_OK)
{
fprintf(stderr,"\tError: Bad private key");
error[i] = 1;
continue;
}
message = (uint8_t *) malloc(max_msg_len * sizeof(uint8_t));
ciphertext = (uint8_t *) malloc(ciphertext_len * sizeof(uint8_t));
plaintext = (uint8_t *) malloc(max_msg_len * sizeof(uint8_t));
plaintext_len = max_msg_len;
randombytes(message, max_msg_len);
randombytes(ciphertext, ciphertext_len);
randombytes(plaintext, plaintext_len);
clk = clock();
for (j = 0; j < loops || j < 1; j++)
{
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
max_msg_len, message, &ciphertext_len, ciphertext);
if(rc != NTRU_OK) break;
}
clk = clock() - clk;
if (rc != NTRU_OK){
fprintf(stderr, "\tError: Encryption error %x\n", rc);
error[i] = 1;
break;
}
if (loops) {
fprintf(stderr, "e %dus, ", (int)((1.0*clk)/loops));
fflush (stderr);
}
clk = clock();
for (j = 0; j < loops || j < 1; j++)
{
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
if(rc != NTRU_OK) break;
}
clk = clock() - clk;
if (rc != NTRU_OK)
{
fprintf(stderr, "\tError: Decryption error %x\n", rc);
error[i] = 1;
break;
}
if (loops) {
fprintf(stderr, "d %dus", (int)((1.0*clk)/loops));
}
if(plaintext_len != max_msg_len || memcmp(plaintext,message,max_msg_len))
{
fprintf(stderr,
"\tError: Decryption result does not match original plaintext\n");
error[i] = 1;
break;
}
ntru_crypto_drbg_uninstantiate(drbg);
free(message);
free(public_key);
free(private_key);
free(plaintext);
free(ciphertext);
fprintf(stderr, "\t pk %d, sk %d, ct %d bytes",
public_key_len, private_key_len-public_key_len, ciphertext_len);
fprintf(stderr, "\n");
}
for(i=0; i<NUM_PARAM_SETS; i++) {
if(error[i]) {
fprintf(stderr, "Result: Fail\n");
return 1;
}
}
fprintf(stderr, "Result: Pass\n");
return 0;
}

64
infidel-code/test/check_common.c Normal file
View File

@@ -0,0 +1,64 @@
#include <check.h>
#include "ntru_crypto.h"
#include "ntru_crypto_drbg.h"
#include "test_common.h"
#include "check_common.h"
void
test_drbg_setup(void)
{
uint32_t rc;
rc = ntru_crypto_drbg_external_instantiate(
(RANDOM_BYTES_FN) &randombytes, &drbg);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
}
void
test_drbg_teardown(void)
{
uint32_t rc;
rc = ntru_crypto_drbg_uninstantiate(drbg);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
}
uint8_t *
ntru_ck_malloc(NTRU_CK_MEM *obj, size_t size)
{
uint32_t i;
obj->_alloc = (uint8_t *)malloc(size+32);
ck_assert_ptr_ne(obj->_alloc, NULL);
/* Fill first 16 bytes with random data */
randombytes(obj->_alloc, 16);
/* Fill last 16 bytes with bit-wise negation of first 16 */
for(i=0; i<16; i++)
{
obj->_alloc[16+size+i] = ~(obj->_alloc[i]);
}
obj->ptr = obj->_alloc+16;
obj->len = size;
return obj->ptr;
}
void
ntru_ck_mem_ok(NTRU_CK_MEM *obj)
{
uint32_t i;
uint8_t r=0;
/* check that xor of first 16 bytes with last 16 bytes gives all 1s */
for(i=0; i<16; i++)
{
r |= (obj->_alloc[i] ^ obj->_alloc[16 + obj->len + i]) + 1;
}
ck_assert_uint_eq(r, 0);
}
void
ntru_ck_mem_free(NTRU_CK_MEM *obj)
{
free(obj->_alloc);
obj->ptr = NULL;
obj->len = 0;
}

26
infidel-code/test/check_common.h Normal file
View File

@@ -0,0 +1,26 @@
#ifndef NTRU_CHECK_COMMON_H
#define NTRU_CHECK_COMMON_H
DRBG_HANDLE drbg;
/* Common components for tests that depend on CHECK library */
void test_drbg_setup(void);
void test_drbg_teardown(void);
typedef struct _NTRU_CK_MEM {
uint8_t *_alloc;
uint8_t *ptr;
size_t len;
} NTRU_CK_MEM;
uint8_t * ntru_ck_malloc(NTRU_CK_MEM *obj, size_t size);
void ntru_ck_mem_ok(NTRU_CK_MEM *obj);
void ntru_ck_mem_free(NTRU_CK_MEM *obj);
Suite * ntruencrypt_internal_poly_suite(void);
Suite * ntruencrypt_internal_key_suite(void);
Suite * ntruencrypt_internal_sha_suite(void);
Suite * ntruencrypt_internal_mgf_suite(void);
#endif

21
infidel-code/test/check_internal.c Normal file
View File

@@ -0,0 +1,21 @@
#include <check.h>
#include "ntru_crypto.h"
#include "check_common.h"
int
main(void)
{
int number_failed;
SRunner *sr;
sr = srunner_create(ntruencrypt_internal_poly_suite());
srunner_add_suite(sr, ntruencrypt_internal_key_suite());
srunner_add_suite(sr, ntruencrypt_internal_sha_suite());
srunner_add_suite(sr, ntruencrypt_internal_mgf_suite());
srunner_run_all(sr, CK_NORMAL);
number_failed = srunner_ntests_failed(sr);
srunner_free(sr);
return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}

305
infidel-code/test/check_internal_key.c Normal file
View File

@@ -0,0 +1,305 @@
#include <check.h>
#include "ntru_crypto.h"
#include "ntru_crypto_ntru_convert.h"
#include "ntru_crypto_ntru_encrypt_key.h"
#include "ntru_crypto_ntru_encrypt_param_sets.h"
#include "ntru_crypto_ntru_poly.h"
#include "test_common.h"
#include "check_common.h"
/*
* test_key_form
*
* For all parameter sets:
* Check that keys satisfy h = pf/g with f and g of the
* correct form by computing f*h.
*/
START_TEST(test_key_form)
{
uint32_t i;
uint32_t rc;
NTRU_CK_MEM pubkey_blob;
NTRU_CK_MEM privkey_blob;
NTRU_CK_MEM F_buf;
NTRU_CK_MEM h_poly;
NTRU_CK_MEM g_poly;
NTRU_CK_MEM scratch;
uint8_t *pubkey_blob_p;
uint8_t *privkey_blob_p;
uint8_t const *pubkey_pack_p;
uint8_t const *privkey_pack_p;
uint16_t *F_buf_p;
uint16_t *h_poly_p;
uint16_t *g_poly_p;
uint16_t *scratch_p;
uint16_t pubkey_blob_len = 0;
uint16_t privkey_blob_len = 0;
uint16_t pubkey_pack_len = 0;
uint8_t pubkey_pack_type = 0x00;
uint8_t privkey_pack_type = 0x00;
uint16_t mod_q_mask;
uint16_t h1;
uint32_t dF;
uint16_t scratch_polys;
uint16_t pad_deg;
NTRU_ENCRYPT_PARAM_SET *params = NULL;
NTRU_ENCRYPT_PARAM_SET_ID param_set_id;
param_set_id = PARAM_SET_IDS[_i];
params = ntru_encrypt_get_params_with_id(param_set_id);
ck_assert_ptr_ne(params, NULL);
mod_q_mask = params->q - 1;
ntru_ring_mult_indices_memreq(params->N, &scratch_polys, &pad_deg);
ck_assert_uint_ge(scratch_polys, 1);
ck_assert_uint_ge(pad_deg, params->N);
if(params->is_product_form)
{
scratch_polys += 1;
}
/* Generate a key */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id, &pubkey_blob_len,
NULL, &privkey_blob_len, NULL);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
pubkey_blob_p = ntru_ck_malloc(&pubkey_blob,
pubkey_blob_len*sizeof(*pubkey_blob_p));
privkey_blob_p = ntru_ck_malloc(&privkey_blob,
privkey_blob_len*sizeof(*privkey_blob_p));
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id,
&pubkey_blob_len, pubkey_blob_p,
&privkey_blob_len, privkey_blob_p);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
rc = ntru_crypto_ntru_encrypt_key_parse(FALSE,
privkey_blob_len,
privkey_blob_p, &pubkey_pack_type,
&privkey_pack_type, &params,
&pubkey_pack_p, &privkey_pack_p);
ck_assert_int_eq(rc, TRUE);
h_poly_p = (uint16_t*) ntru_ck_malloc(&h_poly, pad_deg*sizeof(*h_poly_p));
/* Unpack public key, h */
pubkey_pack_len = (params->N * params->q_bits + 7) >> 3;
ntru_octets_2_elements(pubkey_pack_len, pubkey_pack_p,
params->q_bits, h_poly_p);
/* Check that h(1) = p * f(1)/g(1) = 3 */
h1 = 0;
for(i=0; i<params->N; i++)
{
h1 += h_poly_p[i];
}
h1 &= mod_q_mask;
ck_assert_uint_eq(h1, 3);
/* Unpack private key, F */
dF = params->dF_r;
if (params->is_product_form)
{
dF = (dF + (dF >> 8) + (dF >> 16)) & 0xff;
}
F_buf_p = (uint16_t*)ntru_ck_malloc(&F_buf, 2*dF*sizeof(*F_buf_p));
if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_TRITS)
{
ntru_packed_trits_2_indices(privkey_pack_p, params->N, F_buf_p,
F_buf_p + dF);
}
else if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_INDICES)
{
ntru_octets_2_elements(
(2 * dF * params->N_bits + 7) >> 3,
privkey_pack_p, params->N_bits, F_buf_p);
}
g_poly_p = (uint16_t*) ntru_ck_malloc(&g_poly, pad_deg*sizeof(*g_poly_p));
scratch_p = (uint16_t*) ntru_ck_malloc(&scratch,
scratch_polys*pad_deg*sizeof(*scratch_p));
/* Check that (1 + p*F)*h = p*g */
/* Our h = p*g/f when generated properly. f = 1 + pF */
/* First compute g' = F*h */
if (params->is_product_form)
{
ntru_ring_mult_product_indices(h_poly_p,
(uint16_t)(params->dF_r & 0xff),
(uint16_t)((params->dF_r >> 8) & 0xff),
(uint16_t)((params->dF_r >> 16) & 0xff),
F_buf_p, params->N, params->q,
scratch_p, g_poly_p);
}
else
{
ntru_ring_mult_indices(h_poly_p, (uint16_t)dF, (uint16_t)dF,
F_buf_p, params->N, params->q,
scratch_p, g_poly_p);
}
/* Then g = 3*g' + h */
for(i=0; i<params->N; i++)
{
g_poly_p[i] = (3*g_poly_p[i] + h_poly_p[i]) & mod_q_mask;
}
/* Ensure g is of the right form: dg+1 coeffs = +3 and dg coeffs = -3 */
uint16_t g_p1 = 0;
uint16_t g_m1 = 0;
for(i=0; i<params->N; i++)
{
if(g_poly_p[i] == 3)
{
g_p1 += 1;
}
else if(g_poly_p[i] == params->q - 3)
{
g_m1 += 1;
}
else
{
ck_assert_uint_eq(g_poly_p[i], 0);
}
}
ck_assert_uint_eq(g_p1, params->dg + 1);
ck_assert_uint_eq(g_m1, params->dg);
ntru_ck_mem_ok(&scratch);
ntru_ck_mem_ok(&g_poly);
ntru_ck_mem_ok(&h_poly);
ntru_ck_mem_ok(&F_buf);
ntru_ck_mem_ok(&privkey_blob);
ntru_ck_mem_ok(&pubkey_blob);
ntru_ck_mem_free(&scratch);
ntru_ck_mem_free(&g_poly);
ntru_ck_mem_free(&h_poly);
ntru_ck_mem_free(&F_buf);
ntru_ck_mem_free(&privkey_blob);
ntru_ck_mem_free(&pubkey_blob);
}
END_TEST
START_TEST(test_key_encoding)
{
uint32_t rc;
NTRU_CK_MEM pubkey_mem;
NTRU_CK_MEM privkey_mem;
uint8_t *pubkey_blob = NULL;
uint8_t *privkey_blob = NULL;
uint16_t pubkey_blob_len = 0;
uint16_t privkey_blob_len = 0;
uint8_t tag = 0;
uint8_t pubkey_pack_type;
uint8_t privkey_pack_type;
uint8_t const *pubkey_packed;
uint8_t const *privkey_packed;
NTRU_ENCRYPT_PARAM_SET *params = NULL;
NTRU_ENCRYPT_PARAM_SET_ID param_set_id;
param_set_id = PARAM_SET_IDS[_i];
params = ntru_encrypt_get_params_with_id(param_set_id);
/* Generate a key */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id, &pubkey_blob_len,
NULL, &privkey_blob_len, NULL);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
ck_assert_uint_gt(pubkey_blob_len, 0);
ck_assert_uint_gt(privkey_blob_len, 0);
pubkey_blob = (uint8_t *)ntru_ck_malloc(&pubkey_mem, pubkey_blob_len);
privkey_blob = (uint8_t *)ntru_ck_malloc(&privkey_mem, privkey_blob_len);
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id,
&pubkey_blob_len, pubkey_blob,
&privkey_blob_len, privkey_blob);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* Mangle private key tag */
if(params->is_product_form)
{
/* Product form with trits encoding is not allowed */
tag = privkey_blob[0];
privkey_blob[0] = NTRU_ENCRYPT_PRIVKEY_TRITS_TAG;
rc = ntru_crypto_ntru_encrypt_key_parse(FALSE,
privkey_blob_len, privkey_blob, &pubkey_pack_type,
&privkey_pack_type, &params, &pubkey_packed, &privkey_packed);
ck_assert_uint_eq(rc, FALSE);
privkey_blob[0] = tag;
}
else
{
/* Tag doesn't match encoding type */
tag = privkey_blob[0];
uint16_t packed_trits_len = (params->N + 4) / 5;
uint16_t packed_indices_len;
packed_indices_len = ((params->dF_r << 1) * params->N_bits + 7) >> 3;
/* TODO: add test parameter suite violating the following constraint */
ck_assert_uint_ne(packed_trits_len, packed_indices_len);
if(packed_indices_len <= packed_trits_len)
{
/* Would normally use trits encoding */
privkey_blob[0] = NTRU_ENCRYPT_PRIVKEY_TRITS_TAG;
}
else /* Would normally use indices encoding */
{
privkey_blob[0] = NTRU_ENCRYPT_PRIVKEY_INDICES_TAG;
}
rc = ntru_crypto_ntru_encrypt_key_parse(FALSE,
privkey_blob_len, privkey_blob, &pubkey_pack_type,
&privkey_pack_type, &params, &pubkey_packed, &privkey_packed);
ck_assert_uint_eq(rc, FALSE);
privkey_blob[0] = tag;
}
ntru_ck_mem_ok(&pubkey_mem);
ntru_ck_mem_ok(&privkey_mem);
ntru_ck_mem_free(&pubkey_mem);
ntru_ck_mem_free(&privkey_mem);
}
END_TEST
Suite *
ntruencrypt_internal_key_suite(void)
{
Suite *s;
TCase *tc_key;
s = suite_create("NTRUEncrypt.Internal.Key");
tc_key = tcase_create("Key");
tcase_add_unchecked_fixture(tc_key, test_drbg_setup, test_drbg_teardown);
tcase_add_loop_test(tc_key, test_key_form, 0, NUM_PARAM_SETS);
tcase_add_loop_test(tc_key, test_key_encoding, 0, NUM_PARAM_SETS);
suite_add_tcase(s, tc_key);
return s;
}

114
infidel-code/test/check_internal_mgf.c Normal file
View File

@@ -0,0 +1,114 @@
#include <check.h>
#include "ntru_crypto.h"
#include "ntru_crypto_sha256.h"
#include "ntru_crypto_ntru_mgf1.h"
#include "test_common.h"
#include "check_common.h"
START_TEST(test_mgf)
{
uint32_t rc;
NTRU_CK_MEM state_mem;
NTRU_CK_MEM seed_mem;
NTRU_CK_MEM out1_mem;
NTRU_CK_MEM out2_mem;
uint8_t *state;
uint8_t *seed;
uint8_t *out1;
uint8_t *out2;
state = ntru_ck_malloc(&state_mem, SHA_256_MD_LEN + 4);
seed = ntru_ck_malloc(&seed_mem, SHA_256_MD_LEN + 8);
out1 = ntru_ck_malloc(&out1_mem, 10*SHA_256_MD_LEN);
out2 = ntru_ck_malloc(&out2_mem, 10*SHA_256_MD_LEN);
randombytes(seed, state_mem.len);
/* Check reproducibility */
/* seed */
rc = ntru_mgf1(state, NTRU_CRYPTO_HASH_ALGID_SHA256, SHA_256_MD_LEN,
0, seed_mem.len, seed, NULL);
/* make 10 calls */
rc = ntru_mgf1(state, NTRU_CRYPTO_HASH_ALGID_SHA256, SHA_256_MD_LEN,
10, 0, NULL, out1);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* reseed with same seed */
rc = ntru_mgf1(state, NTRU_CRYPTO_HASH_ALGID_SHA256, SHA_256_MD_LEN,
0, seed_mem.len, seed, NULL);
rc = ntru_mgf1(state, NTRU_CRYPTO_HASH_ALGID_SHA256, SHA_256_MD_LEN,
10, 0, NULL, out2);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* compare outputs (should match) */
ck_assert_int_eq(memcmp(out1, out2, out1_mem.len), 0);
/* Check dependence on counter */
/* reseed with same seed */
rc = ntru_mgf1(state, NTRU_CRYPTO_HASH_ALGID_SHA256, SHA_256_MD_LEN,
0, seed_mem.len, seed, NULL);
/* change counter */
memset(state + SHA_256_MD_LEN, 0xff, 4);
/* make 10 calls */
rc = ntru_mgf1(state, NTRU_CRYPTO_HASH_ALGID_SHA256, SHA_256_MD_LEN,
10, 0, NULL, out2);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* compare outputs (should not match) */
ck_assert_int_ne(memcmp(out1, out2, out1_mem.len), 0);
/* Try an unknown algorithm */
rc = ntru_mgf1(state, -1, SHA_256_MD_LEN, 1, 0, NULL, out1);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
ntru_ck_mem_ok(&state_mem);
ntru_ck_mem_ok(&seed_mem);
ntru_ck_mem_ok(&out1_mem);
ntru_ck_mem_ok(&out2_mem);
ntru_ck_mem_free(&state_mem);
ntru_ck_mem_free(&seed_mem);
ntru_ck_mem_free(&out2_mem);
}
END_TEST
START_TEST(test_mgftp1)
{
uint32_t rc;
/* Check error cases */
/* Fail in mgf1, initial request */
rc = ntru_mgftp1(-1,SHA_256_MD_LEN, 1, 0, NULL, NULL, 5, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* Fail in mgf1, num_trits_needed >= 5 */
rc = ntru_mgftp1(-1,SHA_256_MD_LEN, 0, 0, NULL, NULL, 5, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* Fail in mgf1, num_trits_needed < 5 */
rc = ntru_mgftp1(-1,SHA_256_MD_LEN, 0, 0, NULL, NULL, 1, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
}
END_TEST
Suite *
ntruencrypt_internal_mgf_suite(void)
{
Suite *s;
TCase *tc_mgf;
s = suite_create("NTRUEncrypt.Internal.MGF");
tc_mgf = tcase_create("Key");
tcase_add_test(tc_mgf, test_mgf);
tcase_add_test(tc_mgf, test_mgftp1);
suite_add_tcase(s, tc_mgf);
return s;
}

479
infidel-code/test/check_internal_poly.c Normal file
View File

@@ -0,0 +1,479 @@
#include <check.h>
#include "ntru_crypto.h"
#include "ntru_crypto_ntru_encrypt_param_sets.h"
#include "ntru_crypto_ntru_mgf1.h"
#include "ntru_crypto_ntru_poly.h"
#include "test_common.h"
#include "check_common.h"
START_TEST(test_gen_poly)
{
uint32_t rc;
uint32_t i;
uint32_t j;
uint8_t md_len;
uint16_t seed_len;
uint16_t mgf_buf_len;
uint16_t num_indices = 0;
NTRU_ENCRYPT_PARAM_SET *params = NULL;
NTRU_ENCRYPT_PARAM_SET_ID param_set_id;
NTRU_CRYPTO_HASH_ALGID hash_algid;
uint8_t *seed_buf_p;
uint8_t *mgf_buf_p;
uint16_t *F_buf_1_p;
uint16_t *F_buf_2_p;
NTRU_CK_MEM seed_buf;
NTRU_CK_MEM mgf_buf;
NTRU_CK_MEM F_buf_1;
NTRU_CK_MEM F_buf_2;
/* Get the parameter set */
param_set_id = PARAM_SET_IDS[_i];
params = ntru_encrypt_get_params_with_id(param_set_id);
ck_assert_ptr_ne(params, NULL);
if (params->hash_algid == NTRU_CRYPTO_HASH_ALGID_SHA1)
{
hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA1;
md_len = SHA_1_MD_LEN;
}
else if (params->hash_algid == NTRU_CRYPTO_HASH_ALGID_SHA256)
{
hash_algid = NTRU_CRYPTO_HASH_ALGID_SHA256;
md_len = SHA_256_MD_LEN;
}
else
{
ck_assert(0);
}
seed_len = 2 * params->sec_strength_len;
mgf_buf_len = 4 + params->N + md_len * (1+params->min_IGF_hash_calls);
if(params->is_product_form)
{
/* Need 2 * (dF1 + dF2 + dF3) indices) */
num_indices = (params->dF_r & 0x000000ff);
num_indices += (params->dF_r & 0x0000ff00) >> 8;
num_indices += (params->dF_r & 0x00ff0000) >> 16;
num_indices *= 2;
}
else
{
num_indices = 2 * params->dF_r;
}
seed_buf_p = ntru_ck_malloc(&seed_buf, seed_len*sizeof(*seed_buf_p));
mgf_buf_p = ntru_ck_malloc(&mgf_buf, mgf_buf_len*sizeof(*mgf_buf_p));
F_buf_1_p = (uint16_t *) ntru_ck_malloc(&F_buf_1,
num_indices*sizeof(F_buf_1_p));
F_buf_2_p = (uint16_t *) ntru_ck_malloc(&F_buf_2,
num_indices*sizeof(F_buf_2_p));
/* Generate a random seed */
rc = ntru_crypto_drbg_generate(drbg, params->sec_strength_len << 3,
seed_len, seed_buf_p);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
/* Generate an "F" type polynomial for this parameter set */
rc = ntru_gen_poly(hash_algid, md_len,
params->min_IGF_hash_calls,
seed_len, seed_buf_p, mgf_buf_p,
params->N, params->c_bits,
params->no_bias_limit,
params->is_product_form,
params->dF_r << 1, F_buf_1_p);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* Check that indices are pairwise distinct (per poly for prod-form) */
if(params->is_product_form)
{
uint16_t *Fp;
uint32_t c;
Fp = F_buf_1_p;
c = params->dF_r << 1;
while(c > 0) /* High byte of c is 0x00 */
{
for(i=0; i<(c&0xff)-1; i++)
{
for(j=i+1; j<(c&0xff); j++)
{
ck_assert_uint_ne(Fp[i], Fp[j]);
}
}
Fp += c & 0xff;
c >>= 8;
}
}
else
{
for(i=0; i<2*params->dF_r - 1; i++)
{
for(j=i+1; j<2*params->dF_r; j++)
{
ck_assert_uint_ne(F_buf_1_p[i], F_buf_1_p[j]);
}
}
}
/* Check that we get the same polynomial if we reuse the seed */
rc = ntru_gen_poly(hash_algid, md_len,
params->min_IGF_hash_calls,
seed_len, seed_buf_p, mgf_buf_p,
params->N, params->c_bits,
params->no_bias_limit,
params->is_product_form,
params->dF_r << 1, F_buf_2_p);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
ck_assert_int_eq(
memcmp(F_buf_1_p, F_buf_2_p, num_indices*sizeof(uint16_t)), 0);
/* Check some failure cases */
/* Trigger an mgf failure with an unknown hash_algid */
rc = ntru_gen_poly(-1, md_len,
params->min_IGF_hash_calls,
seed_len, seed_buf_p, mgf_buf_p,
params->N, params->c_bits,
params->no_bias_limit,
params->is_product_form,
params->dF_r << 1, F_buf_2_p);
ck_assert_uint_ne(rc, NTRU_RESULT(NTRU_OK));
ntru_ck_mem_ok(&F_buf_2);
ntru_ck_mem_ok(&F_buf_1);
ntru_ck_mem_ok(&mgf_buf);
ntru_ck_mem_ok(&seed_buf);
ntru_ck_mem_free(&F_buf_2);
ntru_ck_mem_free(&F_buf_1);
ntru_ck_mem_free(&mgf_buf);
ntru_ck_mem_free(&seed_buf);
}
END_TEST
START_TEST(test_min_weight)
{
uint8_t tpoly1[13] = {2, 2, 2, 2, 0, 0, 0, 0, 0, 1, 1, 1, 1};
ck_assert_int_eq(ntru_poly_check_min_weight(13, tpoly1, 4), TRUE);
ck_assert_int_eq(ntru_poly_check_min_weight(13, tpoly1, 5), FALSE);
}
END_TEST
/* test_inv_mod_2
*
* Compares the result of ntru_ring_inv to a fixed value precomputed
* with Pari/GP. Also checks that non-trivial non-invertible elements (factors
* of x^N - 1 mod 2) are recognized as such.
*/
START_TEST(test_inv_mod_2)
{
uint16_t tmp[34];
uint16_t out[17];
uint16_t a[17] = {1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1};
uint16_t test_a[17] = {1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1};
uint16_t b[17] = {1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0};
/* a is invertible with inverse equal to test_a */
ck_assert_int_eq(ntru_ring_inv(a, 17, tmp, out), TRUE);
ck_assert_int_eq(memcmp(out, test_a, sizeof(a)), 0);
/* Test error cases */
/* Changing the parity of a makes it trivially non-invertible */
a[0] = 0;
ck_assert_int_eq(ntru_ring_inv(a, 17, tmp, out), FALSE);
/* b is a nontrivial factor of x^17 - 1 mod 2 */
ck_assert_int_eq(ntru_ring_inv(b, 17, tmp, out), FALSE);
/* Input not provided */
ck_assert_int_eq(ntru_ring_inv(NULL, 17, tmp, out), FALSE);
ck_assert_int_eq(ntru_ring_inv(a, 17, NULL, out), FALSE);
ck_assert_int_eq(ntru_ring_inv(a, 17, tmp, NULL), FALSE);
}
END_TEST
/* test_lift_inv_mod_pow2
*/
START_TEST(test_lift_inv_mod_pow2)
{
uint32_t i;
uint16_t f_inv2[17] = {1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1};
uint16_t f1l = 2;
uint16_t f2l = 2;
uint16_t f3l = 3;
uint16_t fprod[14] = {7, 10, 9, 13, 1, 13, 6, 8, 4, 10, 11, 6, 9, 15};
uint16_t f[17] = {4, 65533, 3, 3, 6, 65533, 0, 0, 3, 65530, 0, 6, 0,
65533, 65533, 65533, 65533};
uint16_t inv_test[17] = {7319, 52697, 32987, 43221, 48819, 42807, 18160,
1250, 48426, 16935, 30796, 41596, 5768, 33264, 16639, 54271, 29334};
uint16_t N = 17;
uint16_t q = 0;
NTRU_CK_MEM scratch;
uint16_t * scratch_p;
NTRU_CK_MEM pol1;
NTRU_CK_MEM pol2;
uint16_t * pol1_p;
uint16_t * pol2_p;
uint16_t scratch_polys;
uint16_t pad_deg;
ntru_ring_mult_coefficients_memreq(N, &scratch_polys, &pad_deg);
ck_assert_uint_ge(scratch_polys, 1);
ck_assert_uint_ge(pad_deg, N);
/* Allocate memory */
scratch_p = (uint16_t*)ntru_ck_malloc(&scratch,
(1+scratch_polys) * pad_deg * sizeof(uint16_t));
pol1_p = (uint16_t*)ntru_ck_malloc(&pol1, pad_deg * sizeof(uint16_t));
pol2_p = (uint16_t*)ntru_ck_malloc(&pol2, pad_deg * sizeof(uint16_t));
/* We should be able to work with dirty scratch space */
randombytes(scratch.ptr, scratch.len);
/* Copy and pad the inputs */
memset(pol1.ptr, 0, pol1.len);
memset(pol2.ptr, 0, pol2.len);
memcpy(pol1_p, f_inv2, N*sizeof(uint16_t));
memcpy(pol2_p, f, N*sizeof(uint16_t));
/* Lift the inverse with f in coefficient form and check */
ntru_ring_lift_inv_pow2_standard(pol1_p, pol2_p, N, q, scratch_p);
for(i=0; i<N; i++)
{
ck_assert_uint_eq(pol1_p[i], inv_test[i]);
}
for(; i<pad_deg; i++)
{
ck_assert_uint_eq(pol1_p[i], 0);
}
randombytes(scratch.ptr, scratch.len);
memset(pol1.ptr, 0, pol1.len);
memcpy(pol1_p, f_inv2, N*sizeof(uint16_t));
/* Lift the inverse with f in product form and check */
ntru_ring_lift_inv_pow2_product(pol1_p, f1l, f2l, f3l, fprod, N, q, scratch_p);
for(i=0; i<N; i++)
{
ck_assert_uint_eq(pol1_p[i], inv_test[i]);
}
for(; i<pad_deg; i++)
{
ck_assert_uint_eq(pol1_p[i], 0);
}
ntru_ck_mem_ok(&scratch);
ntru_ck_mem_ok(&pol1);
ntru_ck_mem_ok(&pol2);
ntru_ck_mem_free(&scratch);
ntru_ck_mem_free(&pol1);
ntru_ck_mem_free(&pol2);
}
END_TEST
/* test_mult_indices
*
* Performs both ntru_ring_mult_indices and ntru_ring_mult_product_indices
* and compares the result with a fixed example generated with Pari/GP.
*/
START_TEST(test_mult_indices)
{
uint32_t i;
uint16_t a[17] = {36486, 20395, 8746, 16637, 26195, 1654, 24222, 13306,
9573, 26946, 29106, 2401, 32146, 2871, 41930, 7902, 3398};
uint16_t b1l = 2;
uint16_t b2l = 2;
uint16_t b3l = 3;
uint16_t bi[14] = {7, 10, 9, 13, 1, 13, 6, 8, 4, 10, 11, 6, 9, 15};
uint16_t test_single[17] = {6644, 48910, 5764, 16270, 2612, 10231, 769,
2577, 58289, 38323, 56334, 29942, 55901, 43714, 17452, 43795, 21225};
uint16_t test_prod[17] = {40787, 24792, 27808, 13989, 56309, 37625, 37436,
32307, 15311, 59789, 32769, 65008, 3711, 54663, 25343, 55984, 6193};
uint16_t N = 17;
uint16_t q = 0;
NTRU_CK_MEM pol1;
NTRU_CK_MEM t;
NTRU_CK_MEM out;
uint16_t *pol1_p;
uint16_t *t_p;
uint16_t *out_p;
uint16_t scratch_polys;
uint16_t pad_deg;
ntru_ring_mult_indices_memreq(N, &scratch_polys, &pad_deg);
ck_assert_uint_ge(scratch_polys, 1);
ck_assert_uint_ge(pad_deg, N);
pol1_p = (uint16_t*)ntru_ck_malloc(&pol1, pad_deg*sizeof(*pol1_p));
t_p = (uint16_t*)ntru_ck_malloc(&t, (scratch_polys+1)*pad_deg*sizeof(*t_p));
out_p = (uint16_t*)ntru_ck_malloc(&out, pad_deg*sizeof(*out_p));
/* Copy and pad the input */
memset(pol1.ptr, 0, pol1.len);
memcpy(pol1_p, a, N*sizeof(uint16_t));
/* We should be able to work with dirty scratch and output memory */
randombytes(t.ptr, t.len);
randombytes(out.ptr, out.len);
/* Test a single mult_indices first */
ntru_ring_mult_indices(pol1_p, b1l, b1l, bi, N, q, t_p, out_p);
/* Check result */
for(i=0; i<N; i++)
{
ck_assert_uint_eq(out_p[i], test_single[i]);
} /* Check padding is zero */
for(; i<pad_deg; i++)
{
ck_assert_uint_eq(out_p[i], 0);
}
/* Check over/under runs */
ntru_ck_mem_ok(&pol1);
ntru_ck_mem_ok(&t);
ntru_ck_mem_ok(&out);
/* Now try a full product form multiplication */
randombytes(t.ptr, t.len);
randombytes(out.ptr, out.len);
/* Multiply */
ntru_ring_mult_product_indices(pol1_p, b1l, b2l, b3l, bi, N, q, t_p, out_p);
/* Check result */
for(i=0; i<N; i++)
{
ck_assert_uint_eq(out_p[i], test_prod[i]);
} /* Check padding is zero */
for(; i<pad_deg; i++)
{
ck_assert_uint_eq(out_p[i], 0);
}
/* Check over/under runs */
ntru_ck_mem_ok(&pol1);
ntru_ck_mem_ok(&t);
ntru_ck_mem_ok(&out);
ntru_ck_mem_free(&pol1);
ntru_ck_mem_free(&t);
ntru_ck_mem_free(&out);
}
END_TEST
START_TEST(test_mult_coefficients)
{
uint32_t i;
uint16_t a[17] = {36486, 20395, 8746, 16637, 26195, 1654, 24222, 13306,
9573, 26946, 29106, 2401, 32146, 2871, 41930, 7902, 3398};
uint16_t b[17] = {5266, 35261, 54826, 45380, 46459, 46509, 56767, 46916,
33670, 11921, 46519, 47628, 20388, 4167, 39405, 2712, 52748};
uint16_t test[17] = {30101, 45125, 62370, 2275, 34473, 7074, 62574, 57665,
5199, 4482, 49487, 17159, 33125, 11061, 19328, 22268, 46230};
uint16_t N = 17;
uint16_t q = 0;
/* Determine proper padding for our mult implementation */
uint16_t num_polys;
uint16_t num_coeffs;
ntru_ring_mult_coefficients_memreq(N, &num_polys, &num_coeffs);
/* Allocate memory */
NTRU_CK_MEM pol1;
NTRU_CK_MEM pol2;
NTRU_CK_MEM tmp;
NTRU_CK_MEM out;
uint16_t *a_p;
uint16_t *b_p;
uint16_t *tmp_p;
uint16_t *out_p;
a_p = (uint16_t*)ntru_ck_malloc(&pol1, num_coeffs*sizeof(uint16_t));
b_p = (uint16_t*)ntru_ck_malloc(&pol2, num_coeffs*sizeof(uint16_t));
tmp_p = (uint16_t*)ntru_ck_malloc(&tmp,
num_polys*num_coeffs*sizeof(uint16_t));
out_p = (uint16_t*)ntru_ck_malloc(&out, num_coeffs*sizeof(uint16_t));
/* Copy and pad the inputs */
memcpy(a_p, a, N*sizeof(uint16_t));
memcpy(b_p, b, N*sizeof(uint16_t));
memset(a_p+N, 0, (num_coeffs-N)*sizeof(uint16_t));
memset(b_p+N, 0, (num_coeffs-N)*sizeof(uint16_t));
/* Should work with dirty scratch and output memory */
randombytes(tmp.ptr+N, (num_coeffs-N)*sizeof(uint16_t));
randombytes(out.ptr, out.len);
/* Multiply */
ntru_ring_mult_coefficients(a_p, b_p, N, q, tmp_p, out_p);
/* Check result */
for(i=0; i<N; i++)
{
ck_assert_uint_eq(out_p[i], test[i]);
} /* Padding should be zero */
for(; i<num_coeffs; i++)
{
ck_assert_uint_eq(out_p[i], 0);
}
/* Check over/under runs */
ntru_ck_mem_ok(&pol1);
ntru_ck_mem_ok(&pol2);
ntru_ck_mem_ok(&tmp);
ntru_ck_mem_ok(&out);
ntru_ck_mem_free(&pol1);
ntru_ck_mem_free(&pol2);
ntru_ck_mem_free(&tmp);
ntru_ck_mem_free(&out);
}
END_TEST
Suite *
ntruencrypt_internal_poly_suite(void)
{
Suite *s;
TCase *tc_poly;
s = suite_create("NTRUEncrypt.Internal.Poly");
tc_poly = tcase_create("Poly");
tcase_add_unchecked_fixture(tc_poly, test_drbg_setup, test_drbg_teardown);
tcase_add_loop_test(tc_poly, test_gen_poly, 0, NUM_PARAM_SETS);
tcase_add_test(tc_poly, test_min_weight);
tcase_add_test(tc_poly, test_inv_mod_2);
tcase_add_test(tc_poly, test_lift_inv_mod_pow2);
tcase_add_test(tc_poly, test_mult_indices);
tcase_add_test(tc_poly, test_mult_coefficients);
suite_add_tcase(s, tc_poly);
return s;
}

589
infidel-code/test/check_internal_sha.c Normal file
View File

@@ -0,0 +1,589 @@
#include <check.h>
#include "ntru_crypto.h"
#include "ntru_crypto_hmac.h"
#include "test_common.h"
#include "check_common.h"
void
do_hmac_sha256_test(
size_t key_len, uint8_t const *key,
size_t data_len, uint8_t const *data,
size_t test_len, uint8_t const *test)
{
uint32_t rc;
uint8_t md[32];
uint16_t md_len;
NTRU_CRYPTO_HMAC_CTX *ctx;
rc = ntru_crypto_hmac_create_ctx(
NTRU_CRYPTO_HASH_ALGID_SHA256, key, key_len, &ctx);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_OK));
ntru_crypto_hmac_get_md_len(ctx, &md_len);
ck_assert_uint_eq(md_len, sizeof(md));
rc = ntru_crypto_hmac_init(ctx);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_OK));
rc = ntru_crypto_hmac_update(ctx, data, data_len);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_OK));
rc = ntru_crypto_hmac_final(ctx, md);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_OK));
ck_assert_int_eq(memcmp(md, test, test_len), 0);
rc = ntru_crypto_hmac_destroy_ctx(ctx);
ck_assert_int_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_OK));
}
START_TEST(test_hmac_sha256_tv1)
{
uint8_t const key[20] =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"\
"\x0b\x0b\x0b\x0b";
uint8_t const data[8] =
"\x48\x69\x20\x54\x68\x65\x72\x65";
uint8_t const test[32] =
"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b"\
"\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7";
do_hmac_sha256_test(
sizeof(key), key, sizeof(data), data, sizeof(test), test);
}
END_TEST
START_TEST(test_hmac_sha256_tv2)
{
uint8_t const key[4] =
"\x4a\x65\x66\x65";
uint8_t const data[28] =
"\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20"\
"\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f";
uint8_t const test[32] =
"\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7"\
"\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43";
do_hmac_sha256_test(
sizeof(key), key, sizeof(data), data, sizeof(test), test);
}
END_TEST
START_TEST(test_hmac_sha256_tv3)
{
uint8_t const key[20] =
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa";
uint8_t const data[50] =
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"\
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"\
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"\
"\xdd\xdd";
uint8_t const test[32] =
"\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81\xa7"\
"\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5\x65\xfe";
do_hmac_sha256_test(
sizeof(key), key, sizeof(data), data, sizeof(test), test);
}
END_TEST
START_TEST(test_hmac_sha256_tv4)
{
uint8_t const key[25] =
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"\
"\x11\x12\x13\x14\x15\x16\x17\x18\x19";
uint8_t const data[50] =
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"\
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"\
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"\
"\xcd\xcd";
uint8_t const test[32] =
"\x82\x55\x8a\x38\x9a\x44\x3c\x0e\xa4\xcc\x81\x98\x99\xf2\x08\x3a"\
"\x85\xf0\xfa\xa3\xe5\x78\xf8\x07\x7a\x2e\x3f\xf4\x67\x29\x66\x5b";
do_hmac_sha256_test(
sizeof(key), key, sizeof(data), data, sizeof(test), test);
}
END_TEST
START_TEST(test_hmac_sha256_tv5)
{
uint8_t const key[20] =
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"\
"\x0c\x0c\x0c\x0c";
uint8_t const data[20] =
"\x54\x65\x73\x74\x20\x57\x69\x74\x68\x20\x54\x72\x75\x6e\x63\x61"\
"\x74\x69\x6f\x6e";
uint8_t const test[16] =
"\xa3\xb6\x16\x74\x73\x10\x0e\xe0\x6e\x0c\x79\x6c\x29\x55\x55\x2b";
do_hmac_sha256_test(
sizeof(key), key, sizeof(data), data, sizeof(test), test);
}
END_TEST
START_TEST(test_hmac_sha256_tv6)
{
uint8_t const key[131] =
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa";
uint8_t const data[54] =
"\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65"\
"\x72\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a"\
"\x65\x20\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79"\
"\x20\x46\x69\x72\x73\x74";
uint8_t const test[32] =
"\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7\x7f"\
"\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3\x7f\x54";
do_hmac_sha256_test(
sizeof(key), key, sizeof(data), data, sizeof(test), test);
}
END_TEST
START_TEST(test_hmac_sha256_tv7)
{
uint8_t const key[131] =
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"\
"\xaa\xaa\xaa";
uint8_t const data[152] =
"\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75"\
"\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68"\
"\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65"\
"\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74"\
"\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64"\
"\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65"\
"\x64\x73\x20\x74\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20"\
"\x62\x65\x66\x6f\x72\x65\x20\x62\x65\x69\x6e\x67\x20\x75\x73\x65"\
"\x64\x20\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41\x43\x20\x61\x6c"\
"\x67\x6f\x72\x69\x74\x68\x6d\x2e";
uint8_t const test[32] =
"\x9b\x09\xff\xa7\x1b\x94\x2f\xcb\x27\x63\x5f\xbc\xd5\xb0\xe9\x44"\
"\xbf\xdc\x63\x64\x4f\x07\x13\x93\x8a\x7f\x51\x53\x5c\x3a\x35\xe2";
do_hmac_sha256_test(
sizeof(key), key, sizeof(data), data, sizeof(test), test);
}
END_TEST
START_TEST(test_hmac)
{
uint32_t rc;
uint8_t const key[1] = "a";
uint8_t md = 0;
uint16_t md_len;
NTRU_CRYPTO_HMAC_CTX *ctx;
/* hmac_init: Null input */
rc = ntru_crypto_hmac_init(NULL);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_update: Null input */
rc = ntru_crypto_hmac_update(NULL, key, 1);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
rc = ntru_crypto_hmac_update(ctx, NULL, 1);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_final: Null input */
rc = ntru_crypto_hmac_final(NULL, &md);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
rc = ntru_crypto_hmac_final(ctx, NULL);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_create_ctx: Context not provided */
rc = ntru_crypto_hmac_create_ctx(
NTRU_CRYPTO_HASH_ALGID_SHA256, key, 1, NULL);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_create_ctx: Key not provided */
rc = ntru_crypto_hmac_create_ctx(
NTRU_CRYPTO_HASH_ALGID_SHA256, NULL, 1, &ctx);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_create_ctx: Algorithm does not exist */
rc = ntru_crypto_hmac_create_ctx(-1, key, 1, &ctx);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_ALG));
/* hmac_get_md_len: Context not provided */
rc = ntru_crypto_hmac_get_md_len(NULL, &md_len);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_get_md_len: Output pointer not provided */
rc = ntru_crypto_hmac_get_md_len(ctx, NULL);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_set_key: Context not provided */
rc = ntru_crypto_hmac_set_key(NULL, (const uint8_t *)"key");
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_set_key: Key not provided */
rc = ntru_crypto_hmac_get_md_len(ctx, NULL);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
/* hmac_destroy_ctx: Context not provided */
rc = ntru_crypto_hmac_destroy_ctx(NULL);
ck_assert_uint_eq(rc, HMAC_RESULT(NTRU_CRYPTO_HMAC_BAD_PARAMETER));
}
END_TEST
START_TEST(test_sha1)
{
uint32_t rc;
uint32_t i;
uint16_t blk_len;
uint16_t md_len;
NTRU_CRYPTO_HASH_CTX ctx;
NTRU_CRYPTO_SHA1_CTX sha1ctx;
uint8_t md[20];
uint8_t data1[3] = "abc";
uint8_t data2[56] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
uint8_t data3[64] =
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
uint8_t test1[20] = "\xa9\x99\x3e\x36\x47\x06\x81\x6a\xba\x3e"\
"\x25\x71\x78\x50\xc2\x6c\x9c\xd0\xd8\x9d";
uint8_t test2[20] = "\x84\x98\x3e\x44\x1c\x3b\xd2\x6e\xba\xae"\
"\x4a\xa1\xf9\x51\x29\xe5\xe5\x46\x70\xf1";
uint8_t test3[20] = "\x34\xaa\x97\x3c\xd4\xc4\xda\xa4\xf6\x1e"\
"\xeb\x2b\xdb\xad\x27\x31\x65\x34\x01\x6f";
rc = ntru_crypto_hash_digest(
NTRU_CRYPTO_HASH_ALGID_SHA1, data1, sizeof(data1), md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ck_assert_int_eq(memcmp(md, test1, 20), 0);
rc = ntru_crypto_hash_digest(
NTRU_CRYPTO_HASH_ALGID_SHA1, data2, sizeof(data2), md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ck_assert_int_eq(memcmp(md, test2, 20), 0);
rc = ntru_crypto_hash_set_alg(NTRU_CRYPTO_HASH_ALGID_SHA1, &ctx);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_OK));
rc = ntru_crypto_hash_block_length(&ctx, &blk_len);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_OK));
ck_assert_uint_eq(blk_len, 64);
rc = ntru_crypto_hash_digest_length(&ctx, &md_len);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_OK));
ck_assert_uint_eq(md_len, 20);
rc = ntru_crypto_hash_init(&ctx);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
for(i=0; i < 15625; i++)
{
rc = ntru_crypto_hash_update(&ctx, data3, sizeof(data3));
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
}
rc = ntru_crypto_hash_final(&ctx, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ck_assert_int_eq(memcmp(md, test3, 20), 0);
/* Test error cases */
/* sha1: Context not provided */
rc = ntru_crypto_sha1(NULL, NULL, data1, sizeof(data1), SHA_INIT, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha1: Input not not provided */
rc = ntru_crypto_sha1(&sha1ctx, NULL, NULL, sizeof(data1), SHA_INIT, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha1: Digest not provided */
rc = ntru_crypto_sha1(
&sha1ctx, NULL, data1, sizeof(data1), SHA_FINISH, NULL);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha1: Alternate initialization (not allowed, should fail) */
uint32_t init[4] = {0, 0, 0, 0};
rc = ntru_crypto_sha1(
&sha1ctx, init, data1, sizeof(data1), SHA_INIT, NULL);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha1: Try to update a ctx with > 63 bytes in its unhashed data buffer */
sha1ctx.unhashed_len = 64;
rc = ntru_crypto_sha1(
&sha1ctx, init, data1, sizeof(data1), 0, NULL);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_FAIL));
/* Test overflow */
rc = ntru_crypto_hash_init(&ctx);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ctx.alg_ctx.sha1.num_bits_hashed[0] = 0xffffffff;
ctx.alg_ctx.sha1.num_bits_hashed[1] = 0xffffffff;
rc = ntru_crypto_hash_update(&ctx, data3, sizeof(data3));
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OVERFLOW));
rc = ntru_crypto_hash_final(&ctx, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
}
END_TEST
START_TEST(test_sha256)
{
uint32_t rc;
uint32_t i;
uint16_t blk_len;
uint16_t md_len;
NTRU_CRYPTO_HASH_CTX ctx;
NTRU_CRYPTO_SHA2_CTX sha2ctx;
uint8_t md[20];
uint8_t data1[3] = "abc";
uint8_t data2[56] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
uint8_t data3[64] =
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
uint8_t test1[32] =
"\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"\
"\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad";
uint8_t test2[32] =
"\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"\
"\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1";
uint8_t test3[32] =
"\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"\
"\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0";
rc = ntru_crypto_hash_digest(
NTRU_CRYPTO_HASH_ALGID_SHA256, data1, sizeof(data1), md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ck_assert_int_eq(memcmp(md, test1, sizeof(test1)), 0);
rc = ntru_crypto_hash_digest(
NTRU_CRYPTO_HASH_ALGID_SHA256, data2, sizeof(data2), md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ck_assert_int_eq(memcmp(md, test2, sizeof(test2)), 0);
rc = ntru_crypto_hash_set_alg(NTRU_CRYPTO_HASH_ALGID_SHA256, &ctx);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_OK));
rc = ntru_crypto_hash_block_length(&ctx, &blk_len);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_OK));
ck_assert_uint_eq(blk_len, 64);
rc = ntru_crypto_hash_digest_length(&ctx, &md_len);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_OK));
ck_assert_uint_eq(md_len, 32);
rc = ntru_crypto_hash_init(&ctx);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
/* Hash "a" repeated 64*15625 = 1000000 times */
for(i=0; i < 15625; i++)
{
rc = ntru_crypto_hash_update(&ctx, data3, sizeof(data3));
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
}
rc = ntru_crypto_hash_final(&ctx, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ck_assert_int_eq(memcmp(md, test3, sizeof(test3)), 0);
/* Test error cases */
/* sha2: Algorithm other than SHA256 */
rc = ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA1, &sha2ctx,
NULL, data1, sizeof(data1), SHA_INIT, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha2: Context not provided */
rc = ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, NULL,
NULL, data1, sizeof(data1), SHA_INIT, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha2: Input not not provided */
rc = ntru_crypto_sha2(NTRU_CRYPTO_HASH_ALGID_SHA256, &sha2ctx,
NULL, NULL, sizeof(data1), SHA_INIT, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha2: Digest not provided */
rc = ntru_crypto_sha2(
NTRU_CRYPTO_HASH_ALGID_SHA256, &sha2ctx,
NULL, data1, sizeof(data1), SHA_FINISH, NULL);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha2: Alternate initialization (not allowed, should fail) */
uint32_t init[4] = {0, 0, 0, 0};
rc = ntru_crypto_sha2(
NTRU_CRYPTO_HASH_ALGID_SHA256, &sha2ctx,
init, data1, sizeof(data1), SHA_INIT, NULL);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_BAD_PARAMETER));
/* sha2: Try to update a ctx with > 63 bytes in its unhashed data buffer */
sha2ctx.unhashed_len = 64;
rc = ntru_crypto_sha2(
NTRU_CRYPTO_HASH_ALGID_SHA256, &sha2ctx,
init, data1, sizeof(data1), 0, NULL);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_FAIL));
/* Test overflow */
rc = ntru_crypto_hash_init(&ctx);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
ctx.alg_ctx.sha256.num_bits_hashed[0] = 0xffffffff;
ctx.alg_ctx.sha256.num_bits_hashed[1] = 0xffffffff;
rc = ntru_crypto_hash_update(&ctx, data3, sizeof(data3));
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OVERFLOW));
rc = ntru_crypto_hash_final(&ctx, md);
ck_assert_uint_eq(rc, SHA_RESULT(SHA_OK));
}
END_TEST
START_TEST(test_hash)
{
uint32_t rc;
NTRU_CRYPTO_HASH_CTX ctx;
uint16_t blen;
uint16_t dlen;
uint8_t const data[1] = "a";
uint8_t md[32];
/* Context not provided */
rc = ntru_crypto_hash_set_alg(NTRU_CRYPTO_HASH_ALGID_SHA256, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* Algorithm doesn't exist */
rc = ntru_crypto_hash_set_alg(-1, &ctx);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* block_length: Context not provided */
rc = ntru_crypto_hash_block_length(NULL, &blen);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* block_length: Result pointer not provided */
rc = ntru_crypto_hash_block_length(&ctx, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* block_length: A call to set_alg hasn't succeeded */
rc = ntru_crypto_hash_block_length(&ctx, &blen);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* digest_length: Context not provided */
rc = ntru_crypto_hash_digest_length(NULL, &dlen);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* digest_length: result pointer not provided */
rc = ntru_crypto_hash_digest_length(&ctx, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* digest_length: A call to set_alg hasn't succeeded */
rc = ntru_crypto_hash_digest_length(&ctx, &dlen);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* init: Context not provided */
rc = ntru_crypto_hash_init(NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* init: A call to set_alg hasn't succeeded */
rc = ntru_crypto_hash_init(&ctx);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* update: Context not provided */
rc = ntru_crypto_hash_update(NULL, data, 1);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* update: Data not provided, non-zero length */
rc = ntru_crypto_hash_update(&ctx, NULL, 1);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* update: A call to set_alg hasn't succeeded */
rc = ntru_crypto_hash_update(&ctx, data, 1);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* final: Context not provided */
rc = ntru_crypto_hash_final(NULL, md);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* final: Digest buffer not provided */
rc = ntru_crypto_hash_final(&ctx, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* final: A call to set_alg hasn't succeeded */
rc = ntru_crypto_hash_final(&ctx, md);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* digest: Algorithm doesn't exist */
rc = ntru_crypto_hash_digest(-1, data, 1, md);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_ALG));
/* digest: Data not provided, non-zero length */
rc = ntru_crypto_hash_digest(NTRU_CRYPTO_HASH_ALGID_SHA256, NULL, 1, md);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
/* digest: output buffer not provided*/
rc = ntru_crypto_hash_digest(NTRU_CRYPTO_HASH_ALGID_SHA256, data, 1, NULL);
ck_assert_uint_eq(rc, HASH_RESULT(NTRU_CRYPTO_HASH_BAD_PARAMETER));
}
END_TEST
Suite *
ntruencrypt_internal_sha_suite(void)
{
Suite *s;
TCase *tc_sha;
s = suite_create("NTRUEncrypt.Internal.SHA");
tc_sha = tcase_create("SHA");
suite_add_tcase(s, tc_sha);
/* Test HMAC SHA256 vectors from https://www.ietf.org/rfc/rfc4231.txt */
tcase_add_test(tc_sha, test_hmac);
tcase_add_test(tc_sha, test_hmac_sha256_tv1);
tcase_add_test(tc_sha, test_hmac_sha256_tv2);
tcase_add_test(tc_sha, test_hmac_sha256_tv3);
tcase_add_test(tc_sha, test_hmac_sha256_tv4);
tcase_add_test(tc_sha, test_hmac_sha256_tv5);
tcase_add_test(tc_sha, test_hmac_sha256_tv6);
tcase_add_test(tc_sha, test_hmac_sha256_tv7);
tcase_add_test(tc_sha, test_hash);
tcase_add_test(tc_sha, test_sha1);
tcase_add_test(tc_sha, test_sha256);
return s;
}

715
infidel-code/test/check_public.c Normal file
View File

@@ -0,0 +1,715 @@
#include <stdio.h>
#include <stdlib.h>
#include <check.h>
#include "ntru_crypto.h"
#include "ntru_crypto_drbg.h"
#include "test_common.h"
#include "check_common.h"
START_TEST(test_api_crypto)
{
uint32_t rc;
NTRU_CK_MEM public_key_mem;
NTRU_CK_MEM public_key2_mem;
NTRU_CK_MEM private_key_mem;
NTRU_CK_MEM message_mem;
NTRU_CK_MEM ciphertext_mem;
NTRU_CK_MEM plaintext_mem;
NTRU_CK_MEM encoded_public_key_mem;
uint8_t *public_key = NULL;
uint8_t *public_key2 = NULL;
uint8_t *private_key = NULL;
uint8_t *message = NULL;
uint8_t *ciphertext = NULL;
uint8_t *plaintext = NULL;
uint8_t *encoded_public_key = NULL;
uint8_t *next = NULL;
uint8_t tag = 0;
uint16_t max_msg_len = 0;
uint16_t mlen = 0;
uint16_t public_key_len = 0;
uint16_t public_key2_len = 0;
uint16_t private_key_len = 0;
uint16_t ciphertext_len = 0;
uint16_t plaintext_len = 0;
uint16_t encoded_public_key_len = 0;
uint32_t next_len;
NTRU_ENCRYPT_PARAM_SET_ID param_set_id;
param_set_id = PARAM_SET_IDS[_i];
/* Get public/private key lengths */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id, &public_key_len,
NULL, &private_key_len, NULL);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
ck_assert_uint_gt(public_key_len, 0);
ck_assert_uint_gt(private_key_len, 0);
/* Allocate storage for keys */
public_key = ntru_ck_malloc(&public_key_mem, public_key_len);
private_key = ntru_ck_malloc(&private_key_mem, private_key_len);
/* Generate key */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id,
&public_key_len, public_key,
&private_key_len, private_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* Check public key validity and get maximum ciphertext length */
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, 0, NULL,
&ciphertext_len, NULL);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* Check private key validity and get maximum plaintext length */
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key, 0, NULL,
&max_msg_len, NULL);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* Allocate memory for plaintexts/ciphertexts */
message = ntru_ck_malloc(&message_mem, (1 + max_msg_len));
ciphertext = ntru_ck_malloc(&ciphertext_mem, ciphertext_len);
plaintext = ntru_ck_malloc(&plaintext_mem, max_msg_len);
/* Encrypt/decrypt at every valid message length */
for(mlen=0; mlen<=max_msg_len; mlen++)
{
plaintext_len = max_msg_len;
randombytes(message, mlen);
randombytes(ciphertext, ciphertext_len);
randombytes(plaintext, plaintext_len);
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
mlen, message, &ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
ck_assert_uint_eq(plaintext_len, mlen);
ck_assert_int_eq(memcmp(plaintext,message,mlen), 0);
}
randombytes(message, 1+max_msg_len);
memset(ciphertext, 0, ciphertext_len);
memset(plaintext, 0, plaintext_len);
/* Begin checking error cases */
/*
* KeyGen Error Cases
*/
/* Generate a key with unknown parameter set */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, -1,
&public_key_len, public_key,
&private_key_len, private_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_INVALID_PARAMETER_SET));
/* Public key buffer length not provided */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id,
NULL, public_key,
NULL, private_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PARAMETER));
/* Public key buffer is too short */
public_key_len -= 1;
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id,
&public_key_len, public_key,
&private_key_len, private_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BUFFER_TOO_SMALL));
public_key_len += 1;
/* Private key buffer is too short */
private_key_len -= 1;
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id,
&public_key_len, public_key,
&private_key_len, private_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BUFFER_TOO_SMALL));
private_key_len += 1;
/*
* Encrypt Error Cases
*/
/* Public key not provided */
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, NULL,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PARAMETER));
/* Public key length zero */
rc = ntru_crypto_ntru_encrypt(drbg, 0, public_key,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_LENGTH));
/* Public key truncated */
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len-1, public_key,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PUBLIC_KEY));
/* Public key severely truncated */
rc = ntru_crypto_ntru_encrypt(drbg, 4, public_key,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PUBLIC_KEY));
/* Public key has OID field of length != 3 */
public_key[1] = 255;
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PUBLIC_KEY));
public_key[1] = 3;
/* Public key has private key tag */
tag = public_key[0];
public_key[0] = 0x02;
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PUBLIC_KEY));
/* Public key has unrecognized tag */
public_key[0] = 0xaa;
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PUBLIC_KEY));
public_key[0] = tag;
/* Plaintext not provided */
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
max_msg_len, NULL,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PARAMETER));
/* Plaintext that is too long */
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
1+max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_LENGTH));
/* Ciphertext buffer that is too short */
ciphertext_len -= 1;
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
max_msg_len, message,
&ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BUFFER_TOO_SMALL));
ciphertext_len += 1;
/* Perform a good encryption before testing decryption */
randombytes(message, max_msg_len);
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
max_msg_len, message, &ciphertext_len, ciphertext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/*
* Decrypt Error Cases
*/
/* Private key not provided */
rc = ntru_crypto_ntru_decrypt(private_key_len, NULL,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PARAMETER));
/* Private key length zero */
rc = ntru_crypto_ntru_decrypt(0, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_LENGTH));
/* Private key truncated */
rc = ntru_crypto_ntru_decrypt(private_key_len-10, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PRIVATE_KEY));
/* Private key has public key tag */
tag = private_key[0];
private_key[0] = 0x01;
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PRIVATE_KEY));
private_key[0] = tag;
/* Private key has bad OID */
private_key[3] ^= 0xff;
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PRIVATE_KEY));
private_key[3] ^= 0xff;
/* Ciphertext not provided */
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, NULL,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PARAMETER));
/* Ciphertext truncated */
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len-10, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_LENGTH));
/* Ciphertext manipulated */
ciphertext[ciphertext_len>>1] ^= 0xff;
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_FAIL));
ciphertext[ciphertext_len>>1] ^= 0xff;
/* Plaintext buffer too short */
plaintext_len -= 1;
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BUFFER_TOO_SMALL));
plaintext_len += 1;
/* Overwrite key pair and try decrypt with wrong key */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id,
&public_key_len, public_key,
&private_key_len, private_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_FAIL));
/* Try decrypting junk */
randombytes(ciphertext, ciphertext_len);
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_FAIL));
/* Check x509 encoding/decoding */
/* Get encoded public key size */
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
public_key_len, public_key, &encoded_public_key_len, NULL);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* Perform the encoding */
encoded_public_key = ntru_ck_malloc(&encoded_public_key_mem,
encoded_public_key_len);
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
public_key_len, public_key, &encoded_public_key_len,
encoded_public_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
/* Get the decoded public key size */
next = encoded_public_key;
next_len = encoded_public_key_len;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(next,
&public_key2_len, NULL, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
ck_assert_uint_eq(public_key_len, public_key2_len);
ck_assert_uint_eq(next_len, encoded_public_key_len);
ck_assert_ptr_eq(next, encoded_public_key);
/* Perform the decoding */
public_key2 = ntru_ck_malloc(&public_key2_mem, public_key2_len);
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(next,
&public_key2_len, public_key2, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OK));
ck_assert_uint_eq(next_len, 0);
ck_assert_ptr_eq(next, NULL);
/* Check decoded key matches original */
ck_assert_uint_eq(public_key_len, public_key2_len);
ck_assert_int_eq(memcmp(public_key,public_key2,public_key_len), 0);
/* Test error cases */
next = encoded_public_key;
next_len = encoded_public_key_len;
/* Public key to be encoded is not provided */
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
public_key_len, NULL, &encoded_public_key_len, next);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PARAMETER));
/* Public key to be encoded is length zero */
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
0, public_key, &encoded_public_key_len, next);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_LENGTH));
/* Public key is corrupted */
public_key[0] ^= 0xff;
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
public_key_len, public_key, &encoded_public_key_len, next);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PUBLIC_KEY));
public_key[0] ^= 0xff;
/* Encoded public key buffer too short */
encoded_public_key_len -= 1;
rc = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
public_key_len, public_key, &encoded_public_key_len,
encoded_public_key);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BUFFER_TOO_SMALL));
encoded_public_key_len += 1;
/* Encoded data not provided */
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(NULL,
&public_key2_len, public_key2, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_PARAMETER));
/* Encoded data truncated */
next_len = encoded_public_key_len-1;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(next,
&public_key2_len, public_key2, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_LENGTH));
next_len = encoded_public_key_len;
/* Encoded data of length less than prefix */
next_len = 17;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(next,
&public_key2_len, public_key2, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_LENGTH));
next_len = encoded_public_key_len;
/* Buffer for decoded key too short */
public_key2_len -= 1;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(next,
&public_key2_len, public_key2, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BUFFER_TOO_SMALL));
public_key2_len += 1;
/* Manipulate the DER id, should fail with OID_NOT_RECOGNIZED */
tag = encoded_public_key[31];
encoded_public_key[31] = 0xff;
next = encoded_public_key;
next_len = encoded_public_key_len;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(next,
&public_key2_len, public_key2, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_OID_NOT_RECOGNIZED));
encoded_public_key[31] = tag;
/* Manipulate the template, should fail with BAD_ENCODING */
memset(encoded_public_key, 18, 0xff);
next = encoded_public_key;
next_len = encoded_public_key_len;
rc = ntru_crypto_ntru_encrypt_subjectPublicKeyInfo2PublicKey(next,
&public_key2_len, public_key2, &next, &next_len);
ck_assert_uint_eq(rc, NTRU_RESULT(NTRU_BAD_ENCODING));
ntru_ck_mem_ok(&public_key2_mem);
ntru_ck_mem_ok(&encoded_public_key_mem);
ntru_ck_mem_ok(&message_mem);
ntru_ck_mem_ok(&public_key_mem);
ntru_ck_mem_ok(&private_key_mem);
ntru_ck_mem_ok(&plaintext_mem);
ntru_ck_mem_ok(&ciphertext_mem);
ntru_ck_mem_free(&public_key2_mem);
ntru_ck_mem_free(&encoded_public_key_mem);
ntru_ck_mem_free(&message_mem);
ntru_ck_mem_free(&public_key_mem);
ntru_ck_mem_free(&private_key_mem);
ntru_ck_mem_free(&plaintext_mem);
ntru_ck_mem_free(&ciphertext_mem);
}
END_TEST
START_TEST(test_api_drbg_sha256_hmac)
{
/* We run this as a loop test _i indexes the size */
uint32_t sizes[] = {112, 128, 192, 256};
uint32_t s_bits = sizes[_i];
uint32_t i;
uint32_t j;
uint32_t rc;
DRBG_HANDLE handles[DRBG_MAX_INSTANTIATIONS];
DRBG_HANDLE extra;
const uint8_t pers_str[] = "test_api_drbg";
uint32_t pers_str_bytes = sizeof(pers_str);
uint8_t pool[10];
uint8_t pool2[sizeof(pool)];
/* Internal SHA256 DRBG type */
/* Bad parameters */
rc = ntru_crypto_drbg_instantiate(-1, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy, handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_LENGTH));
rc = ntru_crypto_drbg_instantiate(s_bits, NULL, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy, handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str,
HMAC_DRBG_MAX_PERS_STR_BYTES+1,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy, handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_LENGTH));
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
NULL, handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy, NULL);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
/* Bad entropy functions */
/* Error in init */
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy_err_init, handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_ENTROPY_FAIL));
/* Error in get_num */
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy_err_get_num, handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_ENTROPY_FAIL));
/* get_num reports that source is perfectly predictable */
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy_err_num_eq_zero,
handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_ENTROPY_FAIL));
/* Error in get_byte */
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy_err_get_byte, handles+0);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_ENTROPY_FAIL));
/* Instantiate as many HMAC DRBGs as we are allowed */
for(i=0; i<DRBG_MAX_INSTANTIATIONS; i++)
{
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy, handles+i);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
}
/* Check pairwise distinctness of handles */
for(i=0; i<DRBG_MAX_INSTANTIATIONS-1; i++)
{
for(j=i+1; j<DRBG_MAX_INSTANTIATIONS; j++)
{
ck_assert_uint_ne(handles[i], handles[j]);
}
}
/* Instantiate too many DRBGs */
rc = ntru_crypto_drbg_instantiate(s_bits, pers_str, pers_str_bytes,
(ENTROPY_FN) drbg_sha256_hmac_get_entropy, &extra);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_NOT_AVAILABLE));
/* drbg_generate input checks */
rc = ntru_crypto_drbg_generate(handles[0], s_bits, sizeof(pool), NULL);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
rc = ntru_crypto_drbg_generate(handles[0], s_bits, 0, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_LENGTH));
/* Use a DRBG */
rc = ntru_crypto_drbg_generate(handles[0], s_bits, sizeof(pool), pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
/* Use a second DRBG */
rc = ntru_crypto_drbg_generate(handles[1], s_bits, sizeof(pool2), pool2);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
/* Hopefully those outputs are different (w/ prob 2^-80) */
ck_assert_int_ne(memcmp(pool, pool2, sizeof(pool)), 0);
/* Reseed an HMAC DRBG (should not fail) */
rc = ntru_crypto_drbg_reseed(handles[0]);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
/* Try to get zero bytes */
rc = ntru_crypto_drbg_generate(handles[0], s_bits, 0, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_LENGTH));
/* Request too high of a security level */
rc = ntru_crypto_drbg_generate(handles[0], 2*DRBG_MAX_SEC_STRENGTH_BITS,
sizeof(pool), pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_LENGTH));
/* Request too many bytes */
rc = ntru_crypto_drbg_generate(handles[0], s_bits,
1+HMAC_DRBG_MAX_BYTES_PER_REQUEST, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_LENGTH));
/* Uninstantiate DRBGs */
for(i=0; i<DRBG_MAX_INSTANTIATIONS; i++)
{
rc = ntru_crypto_drbg_uninstantiate(handles[i]);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
}
/* Reseed a uninstantiated DRBG */
rc = ntru_crypto_drbg_reseed(handles[0]);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
/* Double uninstantiate */
rc = ntru_crypto_drbg_uninstantiate(handles[0]);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
/* Use an uninstantiated DRBG */
rc = ntru_crypto_drbg_generate(handles[0], 0, 10, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
/* Use a DRBG that never existed */
handles[0] = 0xaabbccdd;
rc = ntru_crypto_drbg_generate(handles[0], 0, 10, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
}
END_TEST
START_TEST(test_api_drbg_external)
{
uint32_t i;
uint32_t j;
uint32_t rc;
DRBG_HANDLE handles[DRBG_MAX_INSTANTIATIONS];
DRBG_HANDLE extra;
uint8_t pool[10];
uint8_t pool2[sizeof(pool)];
/* External DRBG type */
/* Bad parameters */
rc = ntru_crypto_drbg_external_instantiate(
(RANDOM_BYTES_FN) &randombytes, NULL);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
rc = ntru_crypto_drbg_external_instantiate(NULL, handles);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
/* Instantiate as many external DRBGs as we are allowed */
for(i=0; i<DRBG_MAX_INSTANTIATIONS; i++)
{
rc = ntru_crypto_drbg_external_instantiate(
(RANDOM_BYTES_FN) &randombytes, handles+i);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
}
/* Check pairwise distinctness of handles */
for(i=0; i<DRBG_MAX_INSTANTIATIONS-1; i++)
{
for(j=i+1; j<DRBG_MAX_INSTANTIATIONS; j++)
{
ck_assert_uint_ne(handles[i], handles[j]);
}
}
/* Instantiate too many DRBGs */
rc = ntru_crypto_drbg_external_instantiate(
(RANDOM_BYTES_FN) &randombytes, &extra);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_NOT_AVAILABLE));
/* Use a DRBG */
rc = ntru_crypto_drbg_generate(handles[0], 0, sizeof(pool), pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
/* Use a second DRBG */
rc = ntru_crypto_drbg_generate(handles[1], 0, sizeof(pool2), pool2);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
/* Hopefully those outputs are different (w/ prob 2^-80) */
ck_assert_int_ne(memcmp(pool, pool2, sizeof(pool)), 0);
/* Reseed an external DRBG (not implemented, should fail) */
rc = ntru_crypto_drbg_reseed(handles[0]);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
/* Try to get zero bytes */
rc = ntru_crypto_drbg_generate(handles[0], 0, 0, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_LENGTH));
/* Instantiate too many DRBGs */
rc = ntru_crypto_drbg_external_instantiate(
(RANDOM_BYTES_FN) &randombytes, &extra);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_NOT_AVAILABLE));
/* Uninstantiate DRBGs */
for(i=0; i<DRBG_MAX_INSTANTIATIONS; i++)
{
rc = ntru_crypto_drbg_uninstantiate(handles[i]);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_OK));
}
/* Use an uninstantiated DRBG */
rc = ntru_crypto_drbg_generate(handles[0], 0, 10, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
/* Use a DRBG that never existed */
handles[0] = 0xaabbccdd;
rc = ntru_crypto_drbg_generate(handles[0], 0, 10, pool);
ck_assert_uint_eq(rc, DRBG_RESULT(DRBG_BAD_PARAMETER));
}
END_TEST
START_TEST(test_get_param_set_name)
{
const char *name;
name = ntru_encrypt_get_param_set_name(NTRU_EES401EP2);
ck_assert_str_eq(name, "ees401ep2");
name = ntru_encrypt_get_param_set_name(-1);
ck_assert_ptr_eq((void *)name, NULL);
}
END_TEST
Suite *
ntruencrypt_public_test_suite(void)
{
Suite *s;
TCase *tc_api_crypto;
TCase *tc_api_drbg;
TCase *tc_api_misc;
s = suite_create("NTRUEncrypt.Public");
/* Test publicly accessible DRBG routines */
tc_api_drbg = tcase_create("drbg");
tcase_add_test(tc_api_drbg, test_api_drbg_external);
tcase_add_loop_test(tc_api_drbg, test_api_drbg_sha256_hmac, 0, 4);
/* Test publicly accessible crypto routines for each parameter set */
tc_api_crypto = tcase_create("crypto");
tcase_add_unchecked_fixture(tc_api_crypto, test_drbg_setup, test_drbg_teardown);
tcase_add_loop_test(tc_api_crypto, test_api_crypto, 0, NUM_PARAM_SETS);
tc_api_misc = tcase_create("misc");
tcase_add_test(tc_api_misc, test_get_param_set_name);
suite_add_tcase(s, tc_api_misc);
suite_add_tcase(s, tc_api_drbg);
suite_add_tcase(s, tc_api_crypto);
return s;
}
int
main(void)
{
int number_failed;
Suite *s;
SRunner *sr;
s = ntruencrypt_public_test_suite();
sr = srunner_create(s);
srunner_run_all(sr, CK_NORMAL);
number_failed = srunner_ntests_failed(sr);
srunner_free(sr);
return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}

175
infidel-code/test/sanity.c Normal file
View File

@@ -0,0 +1,175 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "ntru_crypto.h"
#include "ntru_crypto_drbg.h"
#include "test_common.h"
/* For each parameter set:
* - Generate a key
* - Encrypt a message at every length between
* 0 and maxMsgLenBytes.
* - Check that decryption succeeds.
* - Check that decryption fails for bad ciphertexts
*/
int
main(int argc, char **argv)
{
uint16_t i;
uint8_t *public_key;
uint8_t *private_key;
uint8_t *message;
uint8_t *ciphertext;
uint8_t *plaintext;
uint16_t max_msg_len;
uint16_t mlen;
uint16_t public_key_len; /* no. of octets in public key */
uint16_t private_key_len; /* no. of octets in private key */
uint16_t ciphertext_len; /* no. of octets in ciphertext */
uint16_t plaintext_len; /* no. of octets in plaintext */
DRBG_HANDLE drbg; /* handle for instantiated DRBG */
uint32_t rc; /* return code */
NTRU_ENCRYPT_PARAM_SET_ID param_set_id;
uint32_t error[NUM_PARAM_SETS] = {0};
for(i=0; i<NUM_PARAM_SETS; i++)
{
param_set_id = PARAM_SET_IDS[i];
fprintf(stderr, "Testing parameter set %s... ",
ntru_encrypt_get_param_set_name(param_set_id));
fflush (stderr);
rc = ntru_crypto_drbg_external_instantiate(
(RANDOM_BYTES_FN) &randombytes, &drbg);
if (rc != DRBG_OK)
{
fprintf(stderr,"\tError: An error occurred instantiating the DRBG\n");
error[i] = 1;
continue;
}
/* Get public/private key lengths */
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id, &public_key_len,
NULL, &private_key_len, NULL);
if (rc != NTRU_OK)
{
ntru_crypto_drbg_uninstantiate(drbg);
fprintf(stderr,"\tError: An error occurred getting the key lengths\n");
error[i] = 1;
continue;
}
/* Generate a key */
public_key = (uint8_t *)malloc(public_key_len * sizeof(uint8_t));
private_key = (uint8_t *)malloc(private_key_len * sizeof(uint8_t));
rc = ntru_crypto_ntru_encrypt_keygen(drbg, param_set_id, &public_key_len,
public_key,
&private_key_len,
private_key);
if (rc != NTRU_OK)
{
ntru_crypto_drbg_uninstantiate(drbg);
free(public_key);
free(private_key);
fprintf(stderr,"\tError: An error occurred during key generation\n");
error[i] = 1;
continue;
}
/* Check public key validity and get maximum ciphertext length */
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, 0, NULL,
&ciphertext_len, NULL);
if (rc != NTRU_OK)
{
fprintf(stderr,"\tError: Bad public key");
error[i] = 1;
continue;
}
/* Check private key validity and get maximum plaintext length */
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key, 0, NULL,
&max_msg_len, NULL);
if (rc != NTRU_OK)
{
fprintf(stderr,"\tError: Bad private key");
error[i] = 1;
continue;
}
/* Allocate memory for plaintexts/ciphertexts */
message = (uint8_t *) malloc(max_msg_len * sizeof(uint8_t));
ciphertext = (uint8_t *) malloc(ciphertext_len * sizeof(uint8_t));
plaintext = (uint8_t *) malloc(max_msg_len * sizeof(uint8_t));
/* Encrypt/decrypt at every valid message length */
for(mlen=0; mlen<=max_msg_len; mlen++)
{
plaintext_len = max_msg_len;
randombytes(message, mlen);
randombytes(ciphertext, ciphertext_len);
randombytes(plaintext, plaintext_len);
rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
mlen, message, &ciphertext_len, ciphertext);
if (rc != NTRU_OK){
fprintf(stderr, "\tError: Encryption error %x\n", rc);
error[i] = 1;
break;
}
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
if (rc != NTRU_OK)
{
fprintf(stderr, "\tError: Decryption error %x\n", rc);
error[i] = 1;
break;
}
if(plaintext_len != mlen || memcmp(plaintext,message,mlen))
{
fprintf(stderr,
"\tError: Decryption result does not match original plaintext\n");
error[i] = 1;
break;
}
}
/* Try decrypting junk */
randombytes(ciphertext, ciphertext_len);
rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
ciphertext_len, ciphertext,
&plaintext_len, plaintext);
if (rc != NTRU_RESULT(NTRU_FAIL))
{
fprintf(stderr, "\tError: Accepted junk ciphertext\n");
error[i] = 1;
break;
}
ntru_crypto_drbg_uninstantiate(drbg);
free(message);
free(public_key);
free(private_key);
free(plaintext);
free(ciphertext);
fprintf(stderr, "\n");
}
for(i=0; i<NUM_PARAM_SETS; i++) {
if(error[i]) {
fprintf(stderr, "Result: Fail\n");
return 1;
}
}
fprintf(stderr, "Result: Pass\n");
return 0;
}

BIN
infidel-code/test/sanity.o Normal file
View File

Binary file not shown.

134
infidel-code/test/test_common.c Normal file
View File

@@ -0,0 +1,134 @@
#include <fcntl.h>
#include <unistd.h>
#include <stdint.h>
#include "ntru_crypto.h"
#include "ntru_crypto_drbg.h"
#include "test_common.h"
uint32_t randombytes(uint8_t *x, uint32_t xlen)
{
static int fd = -1;
int i;
if (fd == -1) {
for (;;) {
fd = open("/dev/urandom",O_RDONLY);
if (fd != -1) break;
sleep(1);
}
}
while (xlen > 0) {
if (xlen < 1048576) i = xlen; else i = 1048576;
i = read(fd,x,i);
if (i < 1) {
sleep(1);
continue;
}
x += i;
xlen -= i;
}
DRBG_RET(DRBG_OK);
}
uint8_t
drbg_sha256_hmac_get_entropy(
ENTROPY_CMD cmd,
uint8_t *out)
{
/* 48 bytes of entropy are needed to instantiate a DRBG with a
* security strength of 256 bits.
*/
static uint8_t seed[48];
static size_t index;
if (cmd == INIT)
{
/* Any initialization for a real entropy source goes here. */
index = 0;
randombytes(seed, sizeof(seed));
return 1;
}
if (out == NULL)
return 0;
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY)
{
/* Here we return the number of bytes needed from the entropy
* source to obtain 8 bits of entropy. Maximum is 8.
*/
*out = 1; /* treat this as a perfectly random source */
return 1;
}
if (cmd == GET_BYTE_OF_ENTROPY)
{
if (index >= sizeof(seed))
{
index = 0;
randombytes(seed, sizeof(seed));
}
*out = seed[index++]; /* deliver an entropy byte */
return 1;
}
return 0;
}
uint8_t
drbg_sha256_hmac_get_entropy_err_init(
ENTROPY_CMD cmd,
uint8_t *out)
{
if (cmd == INIT)
{
return 0;
}
return drbg_sha256_hmac_get_entropy(cmd, out);
}
uint8_t
drbg_sha256_hmac_get_entropy_err_get_num(
ENTROPY_CMD cmd,
uint8_t *out)
{
if (cmd == GET_BYTE_OF_ENTROPY)
{
return 0;
}
return drbg_sha256_hmac_get_entropy(cmd, out);
}
uint8_t
drbg_sha256_hmac_get_entropy_err_num_eq_zero(
ENTROPY_CMD cmd,
uint8_t *out)
{
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY)
{
*out = 0;
return 1;
}
return drbg_sha256_hmac_get_entropy(cmd, out);
}
uint8_t
drbg_sha256_hmac_get_entropy_err_get_byte(
ENTROPY_CMD cmd,
uint8_t *out)
{
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY)
{
return 0;
}
return drbg_sha256_hmac_get_entropy(cmd, out);
}

35
infidel-code/test/test_common.h Normal file
View File

@@ -0,0 +1,35 @@
#ifndef NTRU_TEST_COMMON_H
#define NTRU_TEST_COMMON_H
/* Common components for all test programs */
uint32_t randombytes(uint8_t *x,uint32_t xlen);
/* HMAC SHA256 entropy functions */
uint8_t
drbg_sha256_hmac_get_entropy(ENTROPY_CMD cmd, uint8_t *out);
uint8_t
drbg_sha256_hmac_get_entropy_err_init(ENTROPY_CMD cmd, uint8_t *out);
uint8_t
drbg_sha256_hmac_get_entropy_err_get_num(ENTROPY_CMD cmd, uint8_t *out);
uint8_t
drbg_sha256_hmac_get_entropy_err_num_eq_zero(ENTROPY_CMD cmd, uint8_t *out);
uint8_t
drbg_sha256_hmac_get_entropy_err_get_byte(ENTROPY_CMD cmd, uint8_t *out);
/* List of parameter sets */
static const NTRU_ENCRYPT_PARAM_SET_ID PARAM_SET_IDS[] = {
NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2,
NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1,
NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1,
NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1,
NTRU_EES443EP1, NTRU_EES587EP1
};
#define NUM_PARAM_SETS (sizeof(PARAM_SET_IDS)/sizeof(PARAM_SET_IDS[0]))
#endif