DBG2(DBG_LIB, "generate polynomial r");
seed = chunk_create(tmp_buf, ptr - tmp_buf);
- r_poly = ntru_poly_create(hash_algid, seed,
- params->c_bits, params->no_bias_limit,
+ r_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->N, 2 * params->dF_r,
params->is_product_form);
if (!r_poly)
ntru_trits_t *mask;
uint8_t *mask_trits;
chunk_t seed;
- ntru_poly_t *i_poly;
- uint16_t *i_indices;
+ ntru_poly_t *r_poly;
+ uint16_t *r_indices;
/* check for bad parameters */
if (!privkey_blob || !ct || !pt_len)
ptr += params->sec_strength_len;
/* generate cr */
- DBG2(DBG_LIB, "generate polynomial i");
+ DBG2(DBG_LIB, "generate polynomial r");
seed = chunk_create(tmp_buf, ptr - tmp_buf);
- i_poly = ntru_poly_create(hash_algid, seed,
- params->c_bits, params->no_bias_limit,
+ r_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->N, 2 * params->dF_r,
params->is_product_form);
- if (!i_poly)
+ if (!r_poly)
{
result = NTRU_MGF1_FAIL;
}
}
/* form cR' = h * cr */
- i_indices = i_poly->get_indices(i_poly);
+ r_indices = r_poly->get_indices(r_poly);
if (params->is_product_form)
{
ntru_ring_mult_product_indices(ringel_buf1, (uint16_t)dF_r1,
(uint16_t)dF_r2, (uint16_t)dF_r3,
- i_indices, params->N, params->q,
+ r_indices, params->N, params->q,
scratch_buf, ringel_buf1);
}
else
{
ntru_ring_mult_indices(ringel_buf1, (uint16_t)dF_r, (uint16_t)dF_r,
- i_indices, params->N, params->q,
+ r_indices, params->N, params->q,
scratch_buf, ringel_buf1);
}
- i_poly->destroy(i_poly);
+ r_poly->destroy(r_poly);
/* compare cR' to cR */
for (i = 0; i < params->N; i++)
DBG2(DBG_LIB, "generate polynomial F");
seed = chunk_create(tmp_buf, seed_len);
- F_poly = ntru_poly_create(hash_algid, seed,
- params->c_bits, params->no_bias_limit,
+ F_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->N, 2 * params->dF_r,
params->is_product_form);
if (!F_poly)
DBG2(DBG_LIB, "generate polynomial g");
seed = chunk_create(tmp_buf, seed_len);
- g_poly = ntru_poly_create(hash_algid, seed,
- params->c_bits, params->no_bias_limit,
+ g_poly = ntru_poly_create(hash_algid, seed, params->c_bits,
params->N, 2*params->dg + 1, FALSE);
if (!g_poly)
{
133, /* dg */
60, /* maxMsgLenBytes */
113, /* dm0 */
- 2005, /* 2^c - (2^c mod N) */
11, /* c */
1, /* lLen */
},
149, /* dg */
67, /* maxMsgLenBytes */
134, /* dm0 */
- 449, /* 2^c - (2^c mod N) */
9, /* c */
1, /* lLen */
},
225, /* dg */
101, /* maxMsgLenBytes */
157, /* dm0 */
- 2031, /* 2^c - (2^c mod N) */
11, /* c */
1, /* lLen */
},
362, /* dg */
170, /* maxMsgLenBytes */
120, /* dm0 */
- 7609, /* 2^c - (2^c mod N) */
13, /* c */
1, /* lLen */
},
180, /* dg */
86, /* maxMsgLenBytes */
49, /* dm0 */
- 3787, /* 2^c - (2^c mod N) */
12, /* c */
1, /* lLen */
},
204, /* dg */
97, /* maxMsgLenBytes */
55, /* dm0 */
- 1839, /* 2^c - (2^c mod N) */
11, /* c */
1, /* lLen */
},
295, /* dg */
141, /* maxMsgLenBytes */
81, /* dm0 */
- 887, /* 2^c - (2^c mod N) */
10, /* c */
1, /* lLen */
},
390, /* dg */
186, /* maxMsgLenBytes */
106, /* dm0 */
- 3513, /* 2^c - (2^c mod N) */
12, /* c */
1, /* lLen */
},
219, /* dg */
108, /* maxMsgLenBytes */
38, /* dm0 */
- 1977, /* 2^c - (2^c mod N) */
11, /* c */
1, /* lLen */
},
253, /* dg */
125, /* maxMsgLenBytes */
42, /* dm0 */
- 3805, /* 2^c - (2^c mod N) */
12, /* c */
1, /* lLen */
},
362, /* dg */
178, /* maxMsgLenBytes */
63, /* dm0 */
- 7609, /* 2^c - (2^c mod N) */
13, /* c */
1, /* lLen */
},
499, /* dg */
247, /* maxMsgLenBytes */
79, /* dm0 */
- 7495, /* 2^c - (2^c mod N) */
13, /* c */
1, /* lLen */
},
133, /* dg */
60, /* maxMsgLenBytes */
136, /* m(1)_max */
- 2005, /* 2^c - (2^c mod N) */
11, /* c */
1, /* lLen */
},
146, /* dg */
65, /* maxMsgLenBytes */
126, /* m(1)_max */
- 439, /* 2^c - (2^c mod N) */
9, /* c */
1, /* lLen */
},
197, /* dg */
86, /* maxMsgLenBytes */
90, /* m(1)_max */
- 1779, /* 2^c - (2^c mod N) */
11, /* c */
1, /* lLen */
},
247, /* dg */
106, /* maxMsgLenBytes */
60, /* m(1)_max */
- 8173, /* 2^c - (2^c mod N) */
13, /* c */
1, /* lLen */
},
octets */
uint16_t min_msg_rep_wt; /* min. message
representative weight */
- uint16_t no_bias_limit; /* limit for no bias in
- IGF-2 */
uint8_t c_bits; /* no. bits in candidate for
deriving an index in
IGF-2 */
* Described in header.
*/
ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
- uint8_t c_bits, uint16_t limit,
- uint16_t poly_len, uint32_t indices_count,
- bool is_product_form)
+ uint8_t c_bits, uint16_t poly_len,
+ uint32_t indices_count, bool is_product_form)
{
private_ntru_poly_t *this;
size_t hash_len, octet_count = 0, i, num_polys, num_indices[3], indices_len;
uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed;
- uint16_t index, left = 0;
+ uint16_t index, limit, left = 0;
int poly_i = 0, index_i = 0;
ntru_mgf1_t *mgf1;
indices_len = indices_count;
}
used = malloc(poly_len);
+ limit = poly_len * ((1 << c_bits) / poly_len);
INIT(this,
.public = {
* @param seed seed used by MGF1 to generate trits from
* @param poly_len size of the trits polynomial
* @param c_bits number of bits for candidate index
- * @param limit conversion to index limit
* @param indices_count number of non-zero indices
* @param is_product_form generate multiple polynomials
*/
ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed,
- uint8_t c_bits, uint16_t limit,
- uint16_t poly_len, uint32_t indices_count,
- bool is_product_form);
+ uint8_t c_bits, uint16_t poly_len,
+ uint32_t indices_count, bool is_product_form);
#endif /** NTRU_POLY_H_ @}*/
IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create, ntru_poly_t*,
hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
- uint16_t limit, uint16_t poly_len,
- uint32_t indices_count, bool is_product_form)
+ uint16_t poly_len, uint32_t indices_count,
+ bool is_product_form)
/**
* NTRU parameter sets to test
typedef struct {
uint8_t c_bits;
- uint16_t limit;
uint16_t poly_len;
bool is_product_form;
uint32_t indices_count;
0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1,
0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2),
{
- { 9, 439, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)),
+ { 9, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)),
countof(indices_ees439ep1), indices_ees439ep1
},
- { 11, 1839, 613, FALSE, 2*55,
+ { 11, 613, FALSE, 2*55,
countof(indices_ees613ep1), indices_ees613ep1
}
}
1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2,
0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1),
{
- { 13, 8173, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)),
+ { 13, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)),
countof(indices_ees743ep1), indices_ees743ep1
},
- { 12, 3513, 1171, FALSE, 2*106,
+ { 12, 1171, FALSE, 2*106,
countof(indices_ees1171ep1), indices_ees1171ep1
}
}
seed.len = mgf1_tests[_i].seed_len;
p = &mgf1_tests[_i].poly_test[0];
- poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->limit,
- p->poly_len, p->indices_count, p->is_product_form);
+ poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->poly_len,
+ p->indices_count, p->is_product_form);
ck_assert(poly == NULL);
for (n = 0; n < 2; n++)
{
p = &mgf1_tests[_i].poly_test[n];
- poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->limit,
- p->poly_len, p->indices_count,
- p->is_product_form);
+ poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->poly_len,
+ p->indices_count, p->is_product_form);
ck_assert(poly != NULL && poly->get_size(poly) == p->indices_len);
indices = poly->get_indices(poly);
projects / thirdparty / strongswan.git / commitdiff
