#include <utils/debug.h>
typedef struct private_ntru_ke_t private_ntru_ke_t;
+typedef struct param_set_t param_set_t;
+
+/**
+ * Defines an NTRU parameter set by ID or OID
+ */
+struct param_set_t {
+ NTRU_ENCRYPT_PARAM_SET_ID id;
+ char oid[3];
+ char *name;
+};
+
+/* Best bandwidth and speed, no X9.98 compatibility */
+static param_set_t param_sets_optimum[] = {
+ { NTRU_EES401EP2, {0x00, 0x02, 0x10}, "ees401ep2" },
+ { NTRU_EES439EP1, {0x00, 0x03, 0x10}, "ees439ep1" },
+ { NTRU_EES593EP1, {0x00, 0x05, 0x10}, "ees593ep1" },
+ { NTRU_EES743EP1, {0x00, 0x06, 0x10}, "ees743ep1" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets for best speed */
+static param_set_t param_sets_x9_98_speed[] = {
+ { NTRU_EES659EP1, {0x00, 0x02, 0x06}, "ees659ep1" },
+ { NTRU_EES761EP1, {0x00, 0x03, 0x05}, "ees761ep1" },
+ { NTRU_EES1087EP1, {0x00, 0x05, 0x05}, "ees1087ep1" },
+ { NTRU_EES1499EP1, {0x00, 0x06, 0x05}, "ees1499ep1" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
+static param_set_t param_sets_x9_98_bandwidth[] = {
+ { NTRU_EES401EP1, {0x00, 0x02, 0x04}, "ees401ep1" },
+ { NTRU_EES449EP1, {0x00, 0x03, 0x03}, "ees449ep1" },
+ { NTRU_EES677EP1, {0x00, 0x05, 0x03}, "ees677ep1" },
+ { NTRU_EES1087EP2, {0x00, 0x06, 0x03}, "ees1087ep2" }
+};
+
+/* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
+static param_set_t param_sets_x9_98_balance[] = {
+ { NTRU_EES541EP1, {0x00, 0x02, 0x05}, "ees541ep1" },
+ { NTRU_EES613EP1, {0x00, 0x03, 0x04}, "ees613ep1" },
+ { NTRU_EES887EP1, {0x00, 0x05, 0x04}, "ees887ep1" },
+ { NTRU_EES1171EP1, {0x00, 0x06, 0x04}, "ees1171ep1" }
+};
/**
* Private data of an ntru_ke_t object.
u_int16_t group;
/**
- * NTRU Parameter Set ID
+ * NTRU Parameter Set
*/
- NTRU_ENCRYPT_PARAM_SET_ID param_set_id;
+ param_set_t *param_set;
/**
* Cryptographical strength in bits of the NTRU Parameter Set
if (this->pub_key.len == 0)
{
/* determine the NTRU public and private key sizes */
- if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set_id,
+ if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id,
&pub_key_len, NULL,
&priv_key_len, NULL) != NTRU_OK)
{
this->priv_key = chunk_alloc(priv_key_len);
/* generate a random NTRU public/private key pair */
- if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set_id,
+ if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id,
&pub_key_len, this->pub_key.ptr,
&priv_key_len, this->priv_key.ptr) != NTRU_OK)
{
{
/* responder generating and encrypting the shared secret */
this->responder = TRUE;
+
+ /* check the NTRU public key format */
+ if (value.len < 5 || value.ptr[0] != 1 || value.ptr[1] != 3)
+ {
+ DBG1(DBG_LIB, "received NTRU public key with invalid header");
+ return;
+ }
+ if (!memeq(value.ptr + 2, this->param_set->oid, 3))
+ {
+ DBG1(DBG_LIB, "received NTRU public key with wrong OID");
+ return;
+ }
this->pub_key = chunk_clone(value);
/* shared secret size is chosen as twice the cryptographical strength */
{
private_ntru_ke_t *this;
char personalization_str[] = "strongSwan NTRU-KE";
- NTRU_ENCRYPT_PARAM_SET_ID *param_set, param_set_id;
+ param_set_t *param_sets, *param_set;
DRBG_HANDLE drbg;
- char *param_set_selection;
+ char *parameter_set;
u_int32_t strength;
- /* Best bandwidth and speed, no X9.98 compatibility */
- NTRU_ENCRYPT_PARAM_SET_ID param_set_optimum[] = {
- NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1
- };
-
- /* X9.98/IEEE 1363.1 parameter set for best speed */
- NTRU_ENCRYPT_PARAM_SET_ID param_set_x9_98_speed[] = {
- NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1
- };
+ parameter_set = lib->settings->get_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set", "optimum");
- /* X9.98/IEEE 1363.1 parameter set for best bandwidth (smallest size) */
- NTRU_ENCRYPT_PARAM_SET_ID param_set_x9_98_bandwidth[] = {
- NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP1
- };
-
- /* X9.98/IEEE 1363.1 parameter set balancing speed and bandwidth */
- NTRU_ENCRYPT_PARAM_SET_ID param_set_x9_98_balance[] = {
- NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1
- };
-
- param_set_selection = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.ntru.param__set_selection", "optimum");
-
- if (streq(param_set_selection, "x9_98_speed"))
+ if (streq(parameter_set, "x9_98_speed"))
{
- param_set = param_set_x9_98_speed;
+ param_sets = param_sets_x9_98_speed;
}
- else if (streq(param_set_selection, "x9_98_bandwidth"))
+ else if (streq(parameter_set, "x9_98_bandwidth"))
{
- param_set = param_set_x9_98_bandwidth;
+ param_sets = param_sets_x9_98_bandwidth;
}
- else if (streq(param_set_selection, "x9_98_balance"))
+ else if (streq(parameter_set, "x9_98_balance"))
{
- param_set = param_set_x9_98_balance;
+ param_sets = param_sets_x9_98_balance;
}
else
{
- param_set = param_set_optimum;
+ param_sets = param_sets_optimum;
}
switch (group)
{
case NTRU_112_BIT:
strength = 112;
- param_set_id = param_set[0];
+ param_set = ¶m_sets[0];
break;
case NTRU_128_BIT:
strength = 128;
- param_set_id = param_set[1];
+ param_set = ¶m_sets[1];
break;
case NTRU_192_BIT:
strength = 192;
- param_set_id = param_set[2];
+ param_set = ¶m_sets[2];
break;
case NTRU_256_BIT:
strength = 256;
- param_set_id = param_set[3];
+ param_set = ¶m_sets[3];
break;
default:
return NULL;
}
+ DBG1(DBG_LIB, "%u bit %s NTRU parameter set %s selected", strength,
+ parameter_set, param_set->name);
if (ntru_crypto_drbg_instantiate(strength,
personalization_str, strlen(personalization_str),
DBG1(DBG_LIB, "error instantiating DRBG at %u bit security", strength);
return NULL;
}
- else
- {
- DBG2(DBG_LIB, "instantiated DRBG at %u bit security", strength);
- }
INIT(this,
.public = {
},
},
.group = group,
- .param_set_id = param_set_id,
+ .param_set = param_set,
.strength = strength,
.drbg = drbg,
);
/**
* NTRU parameter set selection
*/
-char *param_set_selection[] = {
+char *parameter_sets[] = {
"x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
};
ck_assert(len == 8);
ck_assert(streq(buf, params[_i].group_name));
- for (n = 0; n < countof(param_set_selection); n++)
+ for (n = 0; n < countof(parameter_sets); n++)
{
lib->settings->set_str(lib->settings,
- "libcharon.plugins.ntru.param_set_selection",
- param_set_selection[n]);
+ "libstrongswan.plugins.ntru.parameter_set",
+ parameter_sets[n]);
i_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group);
ck_assert(i_ntru != NULL);
}
END_TEST
-START_TEST(test_ntru_pubkey)
+START_TEST(test_ntru_pubkey_oid)
{
+ chunk_t test[] = {
+ chunk_empty,
+ chunk_from_chars(0x00),
+ chunk_from_chars(0x01),
+ chunk_from_chars(0x02),
+ chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
+ chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
+ };
+
diffie_hellman_t *r_ntru;
chunk_t cipher_text;
+ int i;
+
+ for (i = 0; i < countof(test); i++)
+ {
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
+ r_ntru->set_other_public_value(r_ntru, test[i]);
+ r_ntru->get_my_public_value(r_ntru, &cipher_text);
+ ck_assert(cipher_text.len == 0);
+ r_ntru->destroy(r_ntru);
+ }
+}
+END_TEST
- r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT);
- r_ntru->set_other_public_value(r_ntru, chunk_empty);
+START_TEST(test_ntru_wrong_set)
+{
+ diffie_hellman_t *i_ntru, *r_ntru;
+ chunk_t pub_key, cipher_text;
+
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ "x9_98_bandwidth");
+ i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
+ i_ntru->get_my_public_value(i_ntru, &pub_key);
+
+ lib->settings->set_str(lib->settings,
+ "libstrongswan.plugins.ntru.parameter_set",
+ "optimum");
+ r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT);
+ r_ntru->set_other_public_value(r_ntru, pub_key);
r_ntru->get_my_public_value(r_ntru, &cipher_text);
ck_assert(cipher_text.len == 0);
- r_ntru->destroy(r_ntru);
+ chunk_free(&pub_key);
+ chunk_free(&cipher_text);
+ i_ntru->destroy(i_ntru);
+ r_ntru->destroy(r_ntru);
}
END_TEST
tcase_add_loop_test(tc, test_ntru_ke, 0, countof(params));
suite_add_tcase(s, tc);
- tc = tcase_create("pubkey");
- tcase_add_test(tc, test_ntru_pubkey);
+ tc = tcase_create("pubkey_oid");
+ tcase_add_test(tc, test_ntru_pubkey_oid);
+ suite_add_tcase(s, tc);
+
+ tc = tcase_create("wrong_set");
+ tcase_add_test(tc, test_ntru_wrong_set);
suite_add_tcase(s, tc);
return s;