ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

index limit can be easily computed

This commit is contained in:
Andreas Steffen 2014-02-19 20:18:18 +01:00
parent ab13364c65
commit e80014f1e8
6 changed files with 28 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c
View File

@ -229,8 +229,7 @@ ntru_crypto_ntru_encrypt(
DBG2(DBG_LIB, "generate polynomial r"); DBG2(DBG_LIB, "generate polynomial r");
seed = chunk_create(tmp_buf, ptr - tmp_buf); seed = chunk_create(tmp_buf, ptr - tmp_buf);
r_poly = ntru_poly_create(hash_algid, seed, r_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->c_bits, params->no_bias_limit,
params->N, 2 * params->dF_r, params->N, 2 * params->dF_r,
params->is_product_form); params->is_product_form);
if (!r_poly) if (!r_poly)
@ -459,8 +458,8 @@ ntru_crypto_ntru_decrypt(
ntru_trits_t *mask; ntru_trits_t *mask;
uint8_t *mask_trits; uint8_t *mask_trits;
chunk_t seed; chunk_t seed;
ntru_poly_t *i_poly; ntru_poly_t *r_poly;
uint16_t *i_indices; uint16_t *r_indices;
/* check for bad parameters */ /* check for bad parameters */
if (!privkey_blob || !ct || !pt_len) if (!privkey_blob || !ct || !pt_len)
@ -709,14 +708,13 @@ ntru_crypto_ntru_decrypt(
ptr += params->sec_strength_len; ptr += params->sec_strength_len;
/* generate cr */ /* generate cr */
DBG2(DBG_LIB, "generate polynomial i"); DBG2(DBG_LIB, "generate polynomial r");
seed = chunk_create(tmp_buf, ptr - tmp_buf); seed = chunk_create(tmp_buf, ptr - tmp_buf);
i_poly = ntru_poly_create(hash_algid, seed, r_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->c_bits, params->no_bias_limit,
params->N, 2 * params->dF_r, params->N, 2 * params->dF_r,
params->is_product_form); params->is_product_form);
if (!i_poly) if (!r_poly)
{ {
result = NTRU_MGF1_FAIL; result = NTRU_MGF1_FAIL;
} }
@ -735,21 +733,21 @@ ntru_crypto_ntru_decrypt(
} }
/* form cR' = h * cr */ /* form cR' = h * cr */
i_indices = i_poly->get_indices(i_poly); r_indices = r_poly->get_indices(r_poly);
if (params->is_product_form) if (params->is_product_form)
{ {
ntru_ring_mult_product_indices(ringel_buf1, (uint16_t)dF_r1, ntru_ring_mult_product_indices(ringel_buf1, (uint16_t)dF_r1,
(uint16_t)dF_r2, (uint16_t)dF_r3, (uint16_t)dF_r2, (uint16_t)dF_r3,
i_indices, params->N, params->q, r_indices, params->N, params->q,
scratch_buf, ringel_buf1); scratch_buf, ringel_buf1);
} }
else else
{ {
ntru_ring_mult_indices(ringel_buf1, (uint16_t)dF_r, (uint16_t)dF_r, ntru_ring_mult_indices(ringel_buf1, (uint16_t)dF_r, (uint16_t)dF_r,
i_indices, params->N, params->q, r_indices, params->N, params->q,
scratch_buf, ringel_buf1); scratch_buf, ringel_buf1);
} }
i_poly->destroy(i_poly); r_poly->destroy(r_poly);
/* compare cR' to cR */ /* compare cR' to cR */
for (i = 0; i < params->N; i++) for (i = 0; i < params->N; i++)
@ -960,8 +958,7 @@ ntru_crypto_ntru_encrypt_keygen(
DBG2(DBG_LIB, "generate polynomial F"); DBG2(DBG_LIB, "generate polynomial F");
seed = chunk_create(tmp_buf, seed_len); seed = chunk_create(tmp_buf, seed_len);
F_poly = ntru_poly_create(hash_algid, seed, F_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->c_bits, params->no_bias_limit,
params->N, 2 * params->dF_r, params->N, 2 * params->dF_r,
params->is_product_form); params->is_product_form);
if (!F_poly) if (!F_poly)
@ -1057,8 +1054,7 @@ ntru_crypto_ntru_encrypt_keygen(
DBG2(DBG_LIB, "generate polynomial g"); DBG2(DBG_LIB, "generate polynomial g");
seed = chunk_create(tmp_buf, seed_len); seed = chunk_create(tmp_buf, seed_len);
g_poly = ntru_poly_create(hash_algid, seed, g_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->c_bits, params->no_bias_limit,
params->N, 2*params->dg + 1, FALSE); params->N, 2*params->dg + 1, FALSE);
if (!g_poly) if (!g_poly)
{ {

16
src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c
View File

@ -53,7 +53,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
133, /* dg */ 133, /* dg */
60, /* maxMsgLenBytes */ 60, /* maxMsgLenBytes */
113, /* dm0 */ 113, /* dm0 */
2005, /* 2^c - (2^c mod N) */
11, /* c */ 11, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -72,7 +71,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
149, /* dg */ 149, /* dg */
67, /* maxMsgLenBytes */ 67, /* maxMsgLenBytes */
134, /* dm0 */ 134, /* dm0 */
449, /* 2^c - (2^c mod N) */
9, /* c */ 9, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -91,7 +89,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
225, /* dg */ 225, /* dg */
101, /* maxMsgLenBytes */ 101, /* maxMsgLenBytes */
157, /* dm0 */ 157, /* dm0 */
2031, /* 2^c - (2^c mod N) */
11, /* c */ 11, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -110,7 +107,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
362, /* dg */ 362, /* dg */
170, /* maxMsgLenBytes */ 170, /* maxMsgLenBytes */
120, /* dm0 */ 120, /* dm0 */
7609, /* 2^c - (2^c mod N) */
13, /* c */ 13, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -129,7 +125,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
180, /* dg */ 180, /* dg */
86, /* maxMsgLenBytes */ 86, /* maxMsgLenBytes */
49, /* dm0 */ 49, /* dm0 */
3787, /* 2^c - (2^c mod N) */
12, /* c */ 12, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -148,7 +143,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
204, /* dg */ 204, /* dg */
97, /* maxMsgLenBytes */ 97, /* maxMsgLenBytes */
55, /* dm0 */ 55, /* dm0 */
1839, /* 2^c - (2^c mod N) */
11, /* c */ 11, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -167,7 +161,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
295, /* dg */ 295, /* dg */
141, /* maxMsgLenBytes */ 141, /* maxMsgLenBytes */
81, /* dm0 */ 81, /* dm0 */
887, /* 2^c - (2^c mod N) */
10, /* c */ 10, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -186,7 +179,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
390, /* dg */ 390, /* dg */
186, /* maxMsgLenBytes */ 186, /* maxMsgLenBytes */
106, /* dm0 */ 106, /* dm0 */
3513, /* 2^c - (2^c mod N) */
12, /* c */ 12, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -205,7 +197,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
219, /* dg */ 219, /* dg */
108, /* maxMsgLenBytes */ 108, /* maxMsgLenBytes */
38, /* dm0 */ 38, /* dm0 */
1977, /* 2^c - (2^c mod N) */
11, /* c */ 11, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -224,7 +215,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
253, /* dg */ 253, /* dg */
125, /* maxMsgLenBytes */ 125, /* maxMsgLenBytes */
42, /* dm0 */ 42, /* dm0 */
3805, /* 2^c - (2^c mod N) */
12, /* c */ 12, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -243,7 +233,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
362, /* dg */ 362, /* dg */
178, /* maxMsgLenBytes */ 178, /* maxMsgLenBytes */
63, /* dm0 */ 63, /* dm0 */
7609, /* 2^c - (2^c mod N) */
13, /* c */ 13, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -262,7 +251,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
499, /* dg */ 499, /* dg */
247, /* maxMsgLenBytes */ 247, /* maxMsgLenBytes */
79, /* dm0 */ 79, /* dm0 */
7495, /* 2^c - (2^c mod N) */
13, /* c */ 13, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -281,7 +269,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
133, /* dg */ 133, /* dg */
60, /* maxMsgLenBytes */ 60, /* maxMsgLenBytes */
136, /* m(1)_max */ 136, /* m(1)_max */
2005, /* 2^c - (2^c mod N) */
11, /* c */ 11, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -300,7 +287,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
146, /* dg */ 146, /* dg */
65, /* maxMsgLenBytes */ 65, /* maxMsgLenBytes */
126, /* m(1)_max */ 126, /* m(1)_max */
439, /* 2^c - (2^c mod N) */
9, /* c */ 9, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -319,7 +305,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
197, /* dg */ 197, /* dg */
86, /* maxMsgLenBytes */ 86, /* maxMsgLenBytes */
90, /* m(1)_max */ 90, /* m(1)_max */
1779, /* 2^c - (2^c mod N) */
11, /* c */ 11, /* c */
1, /* lLen */ 1, /* lLen */
}, },
@ -338,7 +323,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = {
247, /* dg */ 247, /* dg */
106, /* maxMsgLenBytes */ 106, /* maxMsgLenBytes */
60, /* m(1)_max */ 60, /* m(1)_max */
8173, /* 2^c - (2^c mod N) */
13, /* c */ 13, /* c */
1, /* lLen */ 1, /* lLen */
}, },

2
src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h
View File

@ -59,8 +59,6 @@ typedef struct _NTRU_ENCRYPT_PARAM_SET {
octets */ octets */
uint16_t min_msg_rep_wt; /* min. message uint16_t min_msg_rep_wt; /* min. message
representative weight */ representative weight */
uint16_t no_bias_limit; /* limit for no bias in
IGF-2 */
uint8_t c_bits; /* no. bits in candidate for uint8_t c_bits; /* no. bits in candidate for
deriving an index in deriving an index in
IGF-2 */ IGF-2 */

8
src/libstrongswan/plugins/ntru/ntru_poly.c
View File

@ -69,14 +69,13 @@ METHOD(ntru_poly_t, destroy, void,
* Described in header. * Described in header.
*/ */
ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed, ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
uint8_t c_bits, uint16_t limit, uint8_t c_bits, uint16_t poly_len,
uint16_t poly_len, uint32_t indices_count, uint32_t indices_count, bool is_product_form)
bool is_product_form)
{ {
private_ntru_poly_t *this; private_ntru_poly_t *this;
size_t hash_len, octet_count = 0, i, num_polys, num_indices[3], indices_len; size_t hash_len, octet_count = 0, i, num_polys, num_indices[3], indices_len;
uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed; uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed;
uint16_t index, left = 0; uint16_t index, limit, left = 0;
int poly_i = 0, index_i = 0; int poly_i = 0, index_i = 0;
ntru_mgf1_t *mgf1; ntru_mgf1_t *mgf1;
@ -103,6 +102,7 @@ ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
indices_len = indices_count; indices_len = indices_count;
} }
used = malloc(poly_len); used = malloc(poly_len);
limit = poly_len * ((1 << c_bits) / poly_len);
INIT(this, INIT(this,
.public = { .public = {

6
src/libstrongswan/plugins/ntru/ntru_poly.h
View File

@ -55,14 +55,12 @@ struct ntru_poly_t {
* @param seed seed used by MGF1 to generate trits from * @param seed seed used by MGF1 to generate trits from
* @param poly_len size of the trits polynomial * @param poly_len size of the trits polynomial
* @param c_bits number of bits for candidate index * @param c_bits number of bits for candidate index
* @param limit conversion to index limit
* @param indices_count number of non-zero indices * @param indices_count number of non-zero indices
* @param is_product_form generate multiple polynomials * @param is_product_form generate multiple polynomials
*/ */
ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed, ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
uint8_t c_bits, uint16_t limit, uint8_t c_bits, uint16_t poly_len,
uint16_t poly_len, uint32_t indices_count, uint32_t indices_count, bool is_product_form);
bool is_product_form);
#endif /** NTRU_POLY_H_ @}*/ #endif /** NTRU_POLY_H_ @}*/

22
src/libstrongswan/tests/suites/test_ntru.c
View File

@ -33,8 +33,8 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create, ntru_poly_t*, IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create, ntru_poly_t*,
hash_algorithm_t alg, chunk_t seed, uint8_t c_bits, hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
uint16_t limit, uint16_t poly_len, uint16_t poly_len, uint32_t indices_count,
uint32_t indices_count, bool is_product_form) bool is_product_form)
/** /**
* NTRU parameter sets to test * NTRU parameter sets to test
@ -302,7 +302,6 @@ END_TEST
typedef struct { typedef struct {
uint8_t c_bits; uint8_t c_bits;
uint16_t limit;
uint16_t poly_len; uint16_t poly_len;
bool is_product_form; bool is_product_form;
uint32_t indices_count; uint32_t indices_count;
@ -428,10 +427,10 @@ mgf1_test_t mgf1_tests[] = {
0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2), 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
{ {
{ 9, 439, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)), { 9, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)),
countof(indices_ees439ep1), indices_ees439ep1 countof(indices_ees439ep1), indices_ees439ep1
}, },
{ 11, 1839, 613, FALSE, 2*55, { 11, 613, FALSE, 2*55,
countof(indices_ees613ep1), indices_ees613ep1 countof(indices_ees613ep1), indices_ees613ep1
} }
} }
@ -515,10 +514,10 @@ mgf1_test_t mgf1_tests[] = {
1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2, 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1), 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
{ {
{ 13, 8173, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)), { 13, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)),
countof(indices_ees743ep1), indices_ees743ep1 countof(indices_ees743ep1), indices_ees743ep1
}, },
{ 12, 3513, 1171, FALSE, 2*106, { 12, 1171, FALSE, 2*106,
countof(indices_ees1171ep1), indices_ees1171ep1 countof(indices_ees1171ep1), indices_ees1171ep1
} }
} }
@ -633,16 +632,15 @@ START_TEST(test_ntru_poly)
seed.len = mgf1_tests[_i].seed_len; seed.len = mgf1_tests[_i].seed_len;
p = &mgf1_tests[_i].poly_test[0]; p = &mgf1_tests[_i].poly_test[0];
poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->limit, poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->poly_len,
p->poly_len, p->indices_count, p->is_product_form); p->indices_count, p->is_product_form);
ck_assert(poly == NULL); ck_assert(poly == NULL);
for (n = 0; n < 2; n++) for (n = 0; n < 2; n++)
{ {
p = &mgf1_tests[_i].poly_test[n]; p = &mgf1_tests[_i].poly_test[n];
poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->limit, poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->poly_len,
p->poly_len, p->indices_count, p->indices_count, p->is_product_form);
p->is_product_form);
ck_assert(poly != NULL && poly->get_size(poly) == p->indices_len); ck_assert(poly != NULL && poly->get_size(poly) == p->indices_len);
indices = poly->get_indices(poly); indices = poly->get_indices(poly);