ntru: Removed legacy NTRU key exchange method

diff --git a/conf/Makefile.am b/conf/Makefile.am
index f7eeeaa2297a842bf1f947becc168949c49167de..370cb6df696ad7edd2862dd8971fd920eff49a8c 100644 (file)
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -76,7 +76,6 @@ plugins = \
        plugins/kernel-pfroute.opt \
        plugins/load-tester.opt \
        plugins/lookip.opt \
-       plugins/ntru.opt \
        plugins/openssl.opt \
        plugins/osx-attr.opt \
        plugins/p-cscf.opt \

diff --git a/conf/plugins/ntru.opt b/conf/plugins/ntru.opt
deleted file mode 100644 (file)
index afed563..0000000
--- a/conf/plugins/ntru.opt
+++ /dev/null
@@ -1,4 +0,0 @@
-charon.plugins.ntru.parameter_set = optimum
-       The following parameter sets are available: **x9_98_speed**,
-       **x9_98_bandwidth**, **x9_98_balance** and **optimum**, the last set not
-       being part of the X9.98 standard but having the best performance.

diff --git a/configure.ac b/configure.ac
index 209635a0bff917a575170f3d27553f66619417a3..cd12f2016e6f49c170a486bc8e57553ea12d5707 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -153,7 +153,6 @@ ARG_ENABL_SET([md4],            [enable MD4 software implementation plugin.])
 ARG_DISBL_SET([md5],            [disable MD5 software implementation plugin.])
 ARG_ENABL_SET([mgf1],           [enable the MGF1 software implementation plugin.])
 ARG_DISBL_SET([nonce],          [disable nonce generation plugin.])
-ARG_ENABL_SET([ntru],           [enables the NTRU crypto plugin.])
 ARG_ENABL_SET([frodo],          [enable FrodoKEM Post Quantum Safe plugin.])
 ARG_ENABL_SET([oqs],            [enable Open Quantum Safe (liboqs) plugin.])
 ARG_ENABL_SET([openssl],        [enables the OpenSSL crypto plugin.])
@@ -508,7 +507,7 @@ if test x$tpm = xtrue; then
        tss_tss2=true
 fi
 
-if test x$gmp = xtrue -o x$ntru = xtrue; then
+if test x$gmp = xtrue; then
        mgf1=true
 fi
 
@@ -1584,7 +1583,6 @@ ADD_PLUGIN([kdf],                  [s charon pki scripts nm cmd])
 ADD_PLUGIN([ctr],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ccm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([gcm],                  [s charon scripts nm cmd])
-ADD_PLUGIN([ntru],                 [s charon scripts nm cmd])
 ADD_PLUGIN([frodo],                [s charon scripts nm cmd])
 ADD_PLUGIN([oqs],                  [s charon scripts nm cmd])
 ADD_PLUGIN([drbg],                 [s charon pki scripts nm cmd])
@@ -1752,7 +1750,6 @@ AM_CONDITIONAL(USE_CTR, test x$ctr = xtrue)
 AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue)
 AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue)
 AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
-AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
 AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
 AM_CONDITIONAL(USE_OQS, test x$oqs = xtrue)
 AM_CONDITIONAL(USE_FRODO, test x$frodo = xtrue)
@@ -2031,7 +2028,6 @@ AC_CONFIG_FILES([
        src/libstrongswan/plugins/gcm/Makefile
        src/libstrongswan/plugins/af_alg/Makefile
        src/libstrongswan/plugins/drbg/Makefile
-       src/libstrongswan/plugins/ntru/Makefile
        src/libstrongswan/plugins/frodo/Makefile
        src/libstrongswan/plugins/oqs/Makefile
        src/libstrongswan/plugins/oqs/tests/Makefile

diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 773a4e7b333f179ca55ff8c5786595da0feedf95..86dd62b650cc0a108e6a2024b92577643de90fbb 100644 (file)
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -654,13 +654,6 @@ if MONOLITHIC
 endif
 endif
 
-if USE_NTRU
-  SUBDIRS += plugins/ntru
-if MONOLITHIC
-  libstrongswan_la_LIBADD += plugins/ntru/libstrongswan-ntru.la
-endif
-endif
-
 if USE_DRBG
   SUBDIRS += plugins/drbg
 if MONOLITHIC

diff --git a/src/libstrongswan/crypto/key_exchange.c b/src/libstrongswan/crypto/key_exchange.c
index 748dc670805565c9dd8ab003ffd103ad84cc1fc3..08da48ab570c39e8719abcc7e631c4fcf8c88cc9 100644 (file)
--- a/src/libstrongswan/crypto/key_exchange.c
+++ b/src/libstrongswan/crypto/key_exchange.c
@@ -51,12 +51,7 @@ ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
        "CURVE_448");
 ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, CURVE_448,
        "MODP_NULL");
-ENUM_NEXT(key_exchange_method_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
-       "NTRU_112",
-       "NTRU_128",
-       "NTRU_192",
-       "NTRU_256");
-ENUM_NEXT(key_exchange_method_names, KE_KYBER_L1, KE_SIKE_L5, NTRU_256_BIT,
+ENUM_NEXT(key_exchange_method_names, KE_KYBER_L1, KE_SIKE_L5, MODP_NULL,
        "KYBER_L1",
        "KYBER_L3",
        "KYBER_L5",
@@ -116,12 +111,7 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT
        "curve448");
 ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, CURVE_448,
        "modpnull");
-ENUM_NEXT(key_exchange_method_names_short, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
-       "ntru112",
-       "ntru128",
-       "ntru192",
-       "ntru256");
-ENUM_NEXT(key_exchange_method_names_short, KE_KYBER_L1, KE_SIKE_L5, NTRU_256_BIT,
+ENUM_NEXT(key_exchange_method_names_short, KE_KYBER_L1, KE_SIKE_L5, MODP_NULL,
        "kyber1",
        "kyber3",
        "kyber5",
@@ -760,10 +750,6 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
                case CURVE_448:
                        valid = value.len == 56;
                        break;
-               case NTRU_112_BIT:
-               case NTRU_128_BIT:
-               case NTRU_192_BIT:
-               case NTRU_256_BIT:
                case KE_KYBER_L1:
                case KE_KYBER_L3:
                case KE_KYBER_L5:

diff --git a/src/libstrongswan/crypto/key_exchange.h b/src/libstrongswan/crypto/key_exchange.h
index d789e3890954b8d266362c3e6f74d611faaff0ca..ce8392c291eb2891253d8eb2c52f98c23f3b9e60 100644 (file)
--- a/src/libstrongswan/crypto/key_exchange.h
+++ b/src/libstrongswan/crypto/key_exchange.h
@@ -68,11 +68,6 @@ enum key_exchange_method_t {
        CURVE_448     = 32,
        /** insecure NULL diffie hellman group for testing, in PRIVATE USE */
        MODP_NULL          = 1024,
-       /** Parameters defined by IEEE 1363.1, in PRIVATE USE */
-       NTRU_112_BIT       = 1030,
-       NTRU_128_BIT       = 1031,
-       NTRU_192_BIT       = 1032,
-       NTRU_256_BIT       = 1033,
        /** NIST round 3 KEM candidates, in PRIVATE USE */
        KE_KYBER_L1        = 1050,
        KE_KYBER_L3        = 1051,

diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index f00134d9589588214ff5c2251c4931e70484bb4d..944486a5a17f7f02cabd7911c4131837d0718bf4 100644 (file)
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -1215,7 +1215,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
        }
        enumerator->destroy(enumerator);
 
-       /* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */
+       /* Round 1 adds ECC with at least 128 bit security strength */
        enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
        while (enumerator->enumerate(enumerator, &group, &plugin_name))
        {
@@ -1229,9 +1229,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
                        case ECP_512_BP:
                        case CURVE_25519:
                        case CURVE_448:
-                       case NTRU_128_BIT:
-                       case NTRU_192_BIT:
-                       case NTRU_256_BIT:
                                add_algorithm(this, KEY_EXCHANGE_METHOD, group, 0);
                                break;
                        default:
@@ -1280,7 +1277,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
                        case ECP_224_BIT:
                        case ECP_224_BP:
                        case ECP_192_BIT:
-                       case NTRU_112_BIT:
                                /* rarely used */
                                break;
                        case MODP_2048_BIT:

diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index 8c3e05596740a2efa8b67675a4b311a787bdfe16..34200e4ff0c6e29a63dedf532d31401d8e7c433d 100644 (file)
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -176,10 +176,6 @@ curve25519,       KEY_EXCHANGE_METHOD, CURVE_25519,                0
 x25519,           KEY_EXCHANGE_METHOD, CURVE_25519,                0
 curve448,         KEY_EXCHANGE_METHOD, CURVE_448,                  0
 x448,             KEY_EXCHANGE_METHOD, CURVE_448,                  0
-ntru112,          KEY_EXCHANGE_METHOD, NTRU_112_BIT,               0
-ntru128,          KEY_EXCHANGE_METHOD, NTRU_128_BIT,               0
-ntru192,          KEY_EXCHANGE_METHOD, NTRU_192_BIT,               0
-ntru256,          KEY_EXCHANGE_METHOD, NTRU_256_BIT,               0
 kyber1,           KEY_EXCHANGE_METHOD, KE_KYBER_L1,                0
 kyber3,           KEY_EXCHANGE_METHOD, KE_KYBER_L3,                0
 kyber5,           KEY_EXCHANGE_METHOD, KE_KYBER_L5,                0

diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am
deleted file mode 100644 (file)
index b46afe1..0000000
--- a/src/libstrongswan/plugins/ntru/Makefile.am
+++ /dev/null
@@ -1,23 +0,0 @@
-AM_CPPFLAGS = \
-       -I$(top_srcdir)/src/libstrongswan
-
-AM_CFLAGS = \
-       $(PLUGIN_CFLAGS)
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-ntru.la
-else
-plugin_LTLIBRARIES = libstrongswan-ntru.la
-endif
-
-libstrongswan_ntru_la_SOURCES = \
-       ntru_plugin.h ntru_plugin.c \
-       ntru_convert.h ntru_convert.c \
-       ntru_ke.h ntru_ke.c \
-       ntru_param_set.h ntru_param_set.c \
-       ntru_poly.h ntru_poly.c \
-       ntru_public_key.h ntru_public_key.c \
-       ntru_private_key.h ntru_private_key.c \
-       ntru_trits.h ntru_trits.c
-
-libstrongswan_ntru_la_LDFLAGS = -module -avoid-version

diff --git a/src/libstrongswan/plugins/ntru/ntru_convert.c b/src/libstrongswan/plugins/ntru/ntru_convert.c
deleted file mode 100644 (file)
index b188406..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_convert.c
+++ /dev/null
@@ -1,451 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) 2009-2013  Security Innovation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "ntru_convert.h"
-
-/**
- * 3-bit to 2-trit conversion tables: 2 represents -1
- */
-static uint8_t const bits_2_trit1[] = {0, 0, 0, 1, 1, 1, 2, 2};
-static uint8_t const bits_2_trit2[] = {0, 1, 2, 0, 1, 2, 0, 1};
-
-/**
- * See header.
- */
-void ntru_bits_2_trits(uint8_t const *octets, uint16_t num_trits, uint8_t *trits)
-{
-       uint32_t bits24, bits3, shift;
-
-       while (num_trits >= 16)
-       {
-               /* get next three octets */
-               bits24  = ((uint32_t)(*octets++)) << 16;
-               bits24 |= ((uint32_t)(*octets++)) <<  8;
-               bits24 |=  (uint32_t)(*octets++);
-
-               /* for each 3 bits in the three octets, output 2 trits */
-               bits3 = (bits24 >> 21) & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               bits3 = (bits24 >> 18) & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               bits3 = (bits24 >> 15) & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               bits3 = (bits24 >> 12) & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               bits3 = (bits24 >>  9) & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               bits3 = (bits24 >>  6) & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               bits3 = (bits24 >>  3) & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               bits3 = bits24 & 0x7;
-               *trits++ = bits_2_trit1[bits3];
-               *trits++ = bits_2_trit2[bits3];
-
-               num_trits -= 16;
-       }
-       if (num_trits == 0)
-       {
-               return;
-       }
-
-       /* get three octets */
-       bits24  = ((uint32_t)(*octets++)) << 16;
-       bits24 |= ((uint32_t)(*octets++)) <<  8;
-       bits24 |=  (uint32_t)(*octets++);
-
-       shift = 21;
-       while (num_trits)
-       {
-               /**
-                * for each 3 bits in the three octets, output up to 2 trits
-                * until all trits needed are produced
-                */
-               bits3 = (bits24 >> shift) & 0x7;
-               shift -= 3;
-               *trits++ = bits_2_trit1[bits3];
-               if (--num_trits)
-               {
-                       *trits++ = bits_2_trit2[bits3];
-                       --num_trits;
-               }
-       }
-}
-
-/**
- * See header.
- */
-bool ntru_trits_2_bits(uint8_t const *trits, uint32_t num_trits, uint8_t *octets)
-{
-       bool all_trits_valid = TRUE;
-       uint32_t bits24, bits3, shift;
-
-       while (num_trits >= 16)
-       {
-               /* convert each 2 trits to 3 bits and pack */
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 = (bits3 << 21);
-
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= (bits3 << 18);
-
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= (bits3 << 15);
-
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= (bits3 << 12);
-
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= (bits3 <<  9);
-
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= (bits3 <<  6);
-
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= (bits3 <<  3);
-
-               bits3  = *trits++ * 3;
-               bits3 += *trits++;
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= bits3;
-
-               num_trits -= 16;
-
-               /* output three octets */
-               *octets++ = (uint8_t)((bits24 >> 16) & 0xff);
-               *octets++ = (uint8_t)((bits24 >>  8) & 0xff);
-               *octets++ = (uint8_t)(bits24 & 0xff);
-       }
-
-       bits24 = 0;
-       shift = 21;
-       while (num_trits)
-       {
-               /* convert each 2 trits to 3 bits and pack */
-               bits3 = *trits++ * 3;
-               if (--num_trits)
-               {
-                       bits3 += *trits++;
-                       --num_trits;
-               }
-               if (bits3 > 7)
-               {
-                       bits3 = 7;
-                       all_trits_valid = FALSE;
-               }
-               bits24 |= (bits3 << shift);
-               shift -= 3;
-       }
-
-       /* output three octets */
-       *octets++ = (uint8_t)((bits24 >> 16) & 0xff);
-       *octets++ = (uint8_t)((bits24 >>  8) & 0xff);
-       *octets++ = (uint8_t)(bits24 & 0xff);
-
-       return all_trits_valid;
-}
-
-/**
- * See header
- */
-void ntru_coeffs_mod4_2_octets(uint16_t num_coeffs, uint16_t const *coeffs, uint8_t *octets)
-{
-    uint8_t bits2;
-    int shift, i;
-
-       *octets = 0;
-       shift = 6;
-       for (i = 0; i < num_coeffs; i++)
-       {
-               bits2 = (uint8_t)(coeffs[i] & 0x3);
-               *octets |= bits2 << shift;
-               shift -= 2;
-               if (shift < 0)
-               {
-                       ++octets;
-                       *octets = 0;
-                       shift = 6;
-               }
-       }
-}
-
-/**
- * See header.
- */
-void ntru_trits_2_octet(uint8_t const *trits, uint8_t *octet)
-{
-       int i;
-
-       *octet = 0;
-       for (i = 4; i >= 0; i--)
-       {
-               *octet = (*octet * 3) + trits[i];
-       }
-}
-
-/**
- * See header.
- */
-void ntru_octet_2_trits(uint8_t octet, uint8_t *trits)
-{
-       int i;
-
-       for (i = 0; i < 5; i++)
-       {
-               trits[i] = octet % 3;
-               octet = (octet - trits[i]) / 3;
-       }
-}
-
-/**
- * See header.
- */
-void ntru_indices_2_trits(uint16_t in_len, uint16_t const *in, bool plus1,
-                                                 uint8_t *out)
-{
-       uint8_t trit = plus1 ? 1 : 2;
-       int  i;
-
-    for (i = 0; i < in_len; i++)
-       {
-               out[in[i]] = trit;
-       }
-}
-
-/**
- * See header.
- */
-void ntru_packed_trits_2_indices(uint8_t const *in, uint16_t num_trits,
-                                                                uint16_t *indices_plus1,
-                                                                uint16_t *indices_minus1)
-{
-       uint8_t trits[5];
-       uint16_t i = 0;
-       int j;
-
-       while (num_trits >= 5)
-       {
-               ntru_octet_2_trits(*in++, trits);
-               num_trits -= 5;
-               for (j = 0; j < 5; j++, i++)
-               {
-                       if (trits[j] == 1)
-                       {
-                               *indices_plus1 = i;
-                               ++indices_plus1;
-                       }
-                       else if (trits[j] == 2)
-                       {
-                               *indices_minus1 = i;
-                               ++indices_minus1;
-                       }
-               }
-    }
-       if (num_trits)
-       {
-               ntru_octet_2_trits(*in, trits);
-               for (j = 0; num_trits && (j < 5); j++, i++)
-               {
-                       if (trits[j] == 1)
-                       {
-                               *indices_plus1 = i;
-                               ++indices_plus1;
-                       }
-                       else if (trits[j] == 2)
-                       {
-                               *indices_minus1 = i;
-                               ++indices_minus1;
-                       }
-                       --num_trits;
-               }
-       }
-}
-
-/**
- * See header.
- */
-void ntru_indices_2_packed_trits(uint16_t const *indices, uint16_t num_plus1,
-                                                                uint16_t num_minus1, uint16_t num_trits,
-                                                                uint8_t *buf, uint8_t *out)
-{
-       /* convert indices to an array of trits */
-       memset(buf, 0, num_trits);
-       ntru_indices_2_trits(num_plus1, indices, TRUE, buf);
-       ntru_indices_2_trits(num_minus1, indices + num_plus1, FALSE, buf);
-
-       /* pack the array of trits */
-       while (num_trits >= 5)
-       {
-               ntru_trits_2_octet(buf, out);
-               num_trits -= 5;
-               buf += 5;
-               ++out;
-       }
-       if (num_trits)
-       {
-               uint8_t trits[5];
-
-               memcpy(trits, buf, num_trits);
-               memset(trits + num_trits, 0, sizeof(trits) - num_trits);
-               ntru_trits_2_octet(trits, out);
-       }
-}
-
-/**
- * See header
- */
-void ntru_elements_2_octets(uint16_t in_len, uint16_t const *in, uint8_t n_bits,
-                                                       uint8_t *out)
-{
-       uint16_t temp;
-       int shift, i;
-
-       /* pack */
-       temp = 0;
-       shift = n_bits - 8;
-       i = 0;
-       while (i < in_len)
-       {
-               /* add bits to temp to fill an octet and output the octet */
-               temp |= in[i] >> shift;
-               *out++ = (uint8_t)(temp & 0xff);
-               shift = 8 - shift;
-               if (shift < 1)
-               {
-                       /* next full octet is in current input word */
-                       shift += n_bits;
-                       temp = 0;
-               }
-               else
-               {
-                       /* put remaining bits of input word in temp as partial octet,
-                        * and increment index to next input word
-                        */
-                       temp = in[i] << (uint16_t)shift;
-                       ++i;
-               }
-               shift = n_bits - shift;
-       }
-
-       /* output any bits remaining in last input word */
-       if (shift != n_bits - 8)
-       {
-               *out++ = (uint8_t)(temp & 0xff);
-       }
-}
-
-
-/**
- * See header.
- */
-void ntru_octets_2_elements(uint16_t in_len, uint8_t const *in, uint8_t n_bits,
-                                                       uint16_t *out)
-{
-       uint16_t  temp;
-       uint16_t  mask = (1 << n_bits) - 1;
-       int shift, i;
-
-       /* unpack */
-       temp = 0;
-       shift = n_bits;
-       i = 0;
-       while (i < in_len)
-       {
-               shift = 8 - shift;
-               if (shift < 0)
-               {
-                       /* the current octet will not fill the current element */
-                       shift += n_bits;
-               }
-               else
-               {
-                       /* add bits from the current octet to fill the current element and
-                        * output the element
-                        */
-                       temp |= ((uint16_t)in[i]) >> shift;
-                       *out++ = temp & mask;
-                       temp = 0;
-               }
-
-               /* add the remaining bits of the current octet to start an element */
-               shift = n_bits - shift;
-               temp |= ((uint16_t)in[i]) << shift;
-               ++i;
-       }
-}

diff --git a/src/libstrongswan/plugins/ntru/ntru_convert.h b/src/libstrongswan/plugins/ntru/ntru_convert.h
deleted file mode 100644 (file)
index 2a23e7a..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_convert.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) 2009-2013  Security Innovation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_convert ntru_convert
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_CONVERT_H_
-#define NTRU_CONVERT_H_
-
-#include <library.h>
-
-/**
- * Each 3 bits in an array of octets is converted to 2 trits in an array
- * of trits.
- *
- * @param octets               pointer to array of octets
- * @param num_trits            number of trits to produce
- * @param trits                        address for array of trits
- */
-void ntru_bits_2_trits(uint8_t const *octets, uint16_t num_trits,
-                                          uint8_t *trits);
-
-/**
- * Each 2 trits in an array of trits is converted to 3 bits, and the bits
- * are packed in an array of octets.  A multiple of 3 octets is output.
- * Any bits in the final octets not derived from trits are zero.
- *
- * @param trits                                pointer to array of trits
- * @param num_trits                    number of trits to convert
- * @param octets                       address for array of octets
- * @return                                     TRUE if all trits were valid
- *                                     FALSE if invalid trits were found
- */
-bool ntru_trits_2_bits(uint8_t const *trits, uint32_t num_trits,
-                                          uint8_t *octets);
-
-/**
- * Takes an array of coefficients mod 4 and packs the results into an
- * octet string.
- *
- * @param num_coeffs           number of coefficients
- * @param coeffs                       pointer to coefficients
- * @param octets                       address for octets
- */
-void ntru_coeffs_mod4_2_octets(uint16_t num_coeffs, uint16_t const *coeffs,
-                                                          uint8_t *octets);
-
-/**
- * Packs 5 trits in an octet, where a trit is 0, 1, or 2 (-1).
- *
- * @param trits                                pointer to trits
- * @param octet                                address for octet
- */
-void ntru_trits_2_octet(uint8_t const *trits, uint8_t *octet);
-
-/**
- * Unpacks an octet to 5 trits, where a trit is 0, 1, or 2 (-1).
- *
- * @param octet                                octet to be unpacked
- * @param trits                                address for trits
- */
-void ntru_octet_2_trits(uint8_t  octet, uint8_t *trits);
-
-/**
- *
- * Converts a list of the nonzero indices of a polynomial into an array of
- * trits.
- *
- * @param in_len                       no. of indices
- * @param in                           pointer to list of indices
- * @param plus1                                if list is +1 coefficients
- * @param out                          address of output polynomial
- */
-void ntru_indices_2_trits(uint16_t in_len, uint16_t const *in, bool plus1,
-                                                 uint8_t *out);
-
-/**
- * Unpacks an array of N trits and creates a list of array indices
- * corresponding to trits = +1, and list of array indices corresponding to
- * trits = -1.
- *
- * @param in                           pointer to packed-trit octets
- * @param num_trits                    no. of packed trits
- * @param indices_plus1                address for indices of +1 trits
- * @param indices_minus1       address for indices of -1 trits
- */
-void ntru_packed_trits_2_indices(uint8_t const *in, uint16_t num_trits,
-                                                                uint16_t *indices_plus1,
-                                                                uint16_t *indices_minus1);
-
-/**
- * Takes a list of array indices corresponding to elements whose values
- * are +1 or -1, and packs the N-element array of trits described by these
- * lists into octets, 5 trits per octet.
- *
- * @param indices                      pointer to indices
- * @param num_plus1                    no. of indices for +1 trits
- * @param num_minus1           no. of indices for -1 trits
- * @param num_trits                    N, no. of trits in array
- * @param buf                          temp buf, N octets
- * @param out                          address for packed octet
- */
-void ntru_indices_2_packed_trits(uint16_t const *indices, uint16_t num_plus1,
-                                                                uint16_t num_minus1, uint16_t num_trits,
-                                                                uint8_t *buf, uint8_t *out);
-
-/**
- * Packs an array of n-bit elements into an array of
- * ((in_len * n_bits) + 7) / 8 octets, 8 < n_bits < 16.
- *
- * @param in_len                       no. of elements to be packed
- * @param in                           ptr to elements to be packed
- * @param n_bits                       no. of bits in input element
- * @param out                          addr for output octets
- */
-void ntru_elements_2_octets(uint16_t in_len, uint16_t const *in, uint8_t n_bits,
-                                                       uint8_t *out);
-
-/**
- * Unpacks an octet string into an array of ((in_len * 8) / n_bits)
- * n-bit elements, 8 < n < 16.  Any extra bits are discarded.
- *
- * @param in_len                       no. of octets to be unpacked
- * @param in                           ptr to octets to be unpacked
- * @param n_bits                       no. of bits in output element
- * @param out                          addr for output elements
- */
-void ntru_octets_2_elements(uint16_t in_len, uint8_t const *in, uint8_t n_bits,
-                                                       uint16_t *out);
-
-#endif /** NTRU_CONVERT_H_ @}*/

diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
deleted file mode 100644 (file)
index bedf41a..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_ke.h"
-#include "ntru_param_set.h"
-#include "ntru_private_key.h"
-#include "ntru_public_key.h"
-
-#include <crypto/key_exchange.h>
-#include <crypto/drbgs/drbg.h>
-#include <utils/debug.h>
-
-typedef struct private_ntru_ke_t private_ntru_ke_t;
-
-/* Best bandwidth and speed, no X9.98 compatibility */
-static const ntru_param_set_id_t param_sets_optimum[] = {
-       NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1
-};
-
-/* X9.98/IEEE 1363.1 parameter sets for best speed */
-static const ntru_param_set_id_t param_sets_x9_98_speed[] = {
-       NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1
-};
-
-/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
-static const ntru_param_set_id_t param_sets_x9_98_bandwidth[] = {
-       NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2
-};
-
-/* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
-static const ntru_param_set_id_t param_sets_x9_98_balance[] = {
-       NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1
-};
-
-/**
- * Private data of an ntru_ke_t object.
- */
-struct private_ntru_ke_t {
-       /**
-        * Public ntru_ke_t interface.
-        */
-       ntru_ke_t public;
-
-       /**
-        * Diffie Hellman group number.
-        */
-       key_exchange_method_t group;
-
-       /**
-        * NTRU Parameter Set
-        */
-       const ntru_param_set_t *param_set;
-
-       /**
-        * Cryptographical strength in bits of the NTRU Parameter Set
-        */
-       uint32_t strength;
-
-       /**
-        * NTRU Public Key
-        */
-       ntru_public_key_t *pubkey;
-
-       /**
-        * NTRU Private Key
-        */
-       ntru_private_key_t *privkey;
-
-       /**
-        * NTRU encrypted shared secret
-        */
-       chunk_t ciphertext;
-
-       /**
-        * Shared secret
-        */
-       chunk_t shared_secret;
-
-       /**
-        * True if peer is responder
-        */
-       bool responder;
-
-       /**
-        * True if shared secret is computed
-        */
-       bool computed;
-
-       /**
-        * True Random Generator
-        */
-       rng_t *entropy;
-
-       /**
-        * Deterministic Random Bit Generator
-        */
-       drbg_t *drbg;
-};
-
-METHOD(key_exchange_t, get_public_key, bool,
-       private_ntru_ke_t *this, chunk_t *value)
-{
-       *value = chunk_empty;
-
-       if (this->responder)
-       {
-               if (this->ciphertext.len)
-               {
-                       *value = chunk_clone(this->ciphertext);
-               }
-       }
-       else
-       {
-               if (!this->pubkey)
-               {
-                       /* generate a random NTRU public/private key pair */
-                       this->privkey = ntru_private_key_create(this->drbg, this->param_set);
-                       if (!this->privkey)
-                       {
-                               DBG1(DBG_LIB, "NTRU key pair generation failed");
-                               return FALSE;
-                       }
-                       this->pubkey = this->privkey->get_public_key(this->privkey);
-               }
-               *value = chunk_clone(this->pubkey->get_encoding(this->pubkey));
-               DBG3(DBG_LIB, "NTRU public key: %B", value);
-       }
-       return TRUE;
-}
-
-METHOD(key_exchange_t, get_shared_secret, bool,
-       private_ntru_ke_t *this, chunk_t *secret)
-{
-       if (!this->computed || !this->shared_secret.len)
-       {
-               *secret = chunk_empty;
-               return FALSE;
-       }
-       *secret = chunk_clone(this->shared_secret);
-
-       return TRUE;
-}
-
-METHOD(key_exchange_t, set_public_key, bool,
-       private_ntru_ke_t *this, chunk_t value)
-{
-       if (this->privkey)
-       {
-               /* initiator decrypting shared secret */
-               if (value.len == 0)
-               {
-                       DBG1(DBG_LIB, "empty NTRU ciphertext");
-                       return FALSE;
-               }
-               DBG3(DBG_LIB, "NTRU ciphertext: %B", &value);
-
-               /* decrypt the shared secret */
-               if (!this->privkey->decrypt(this->privkey, value, &this->shared_secret))
-               {
-                       DBG1(DBG_LIB, "NTRU decryption of shared secret failed");
-                       return FALSE;
-               }
-               this->computed = TRUE;
-       }
-       else
-       {
-               ntru_public_key_t *pubkey;
-
-               /* responder generating and encrypting the shared secret */
-               this->responder = TRUE;
-
-               DBG3(DBG_LIB, "NTRU public key: %B", &value);
-               pubkey = ntru_public_key_create_from_data(this->drbg, value);
-               if (!pubkey)
-               {
-                       return FALSE;
-               }
-               if (pubkey->get_id(pubkey) != this->param_set->id)
-               {
-                       DBG1(DBG_LIB, "received NTRU public key with wrong OUI");
-                       pubkey->destroy(pubkey);
-                       return FALSE;
-               }
-               this->pubkey = pubkey;
-
-               /* shared secret size is chosen as twice the cryptographical strength */
-               this->shared_secret = chunk_alloc(2 * this->strength / BITS_PER_BYTE);
-
-               /* generate the random shared secret */
-               if (!this->drbg->generate(this->drbg, this->shared_secret.len,
-                                                                                         this->shared_secret.ptr))
-               {
-                       DBG1(DBG_LIB, "generation of shared secret failed");
-                       chunk_free(&this->shared_secret);
-                       return FALSE;
-               }
-               this->computed = TRUE;
-
-               /* encrypt the shared secret */
-               if (!pubkey->encrypt(pubkey, this->shared_secret, &this->ciphertext))
-               {
-                       DBG1(DBG_LIB, "NTRU encryption of shared secret failed");
-                       return FALSE;
-               }
-               DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext);
-       }
-       return this->computed;
-}
-
-METHOD(key_exchange_t, get_method, key_exchange_method_t,
-       private_ntru_ke_t *this)
-{
-       return this->group;
-}
-
-METHOD(key_exchange_t, destroy, void,
-       private_ntru_ke_t *this)
-{
-       DESTROY_IF(this->privkey);
-       DESTROY_IF(this->pubkey);
-       this->drbg->destroy(this->drbg);
-       chunk_free(&this->ciphertext);
-       chunk_clear(&this->shared_secret);
-       free(this);
-}
-
-/*
- * Described in header.
- */
-ntru_ke_t *ntru_ke_create(key_exchange_method_t group, chunk_t g, chunk_t p)
-{
-       private_ntru_ke_t *this;
-       const ntru_param_set_id_t *param_sets;
-       ntru_param_set_id_t param_set_id;
-       rng_t *entropy;
-       drbg_t *drbg;
-       char *parameter_set;
-       uint32_t strength;
-
-       parameter_set = lib->settings->get_str(lib->settings,
-                                               "%s.plugins.ntru.parameter_set", "optimum", lib->ns);
-
-       if (streq(parameter_set, "x9_98_speed"))
-       {
-               param_sets = param_sets_x9_98_speed;
-       }
-       else if (streq(parameter_set, "x9_98_bandwidth"))
-       {
-               param_sets = param_sets_x9_98_bandwidth;
-       }
-       else if (streq(parameter_set, "x9_98_balance"))
-       {
-               param_sets = param_sets_x9_98_balance;
-       }
-       else
-       {
-               param_sets = param_sets_optimum;
-       }
-
-       switch (group)
-       {
-               case NTRU_112_BIT:
-                       strength = 112;
-                       param_set_id = param_sets[0];
-                       break;
-               case NTRU_128_BIT:
-                       strength = 128;
-                       param_set_id = param_sets[1];
-                       break;
-               case NTRU_192_BIT:
-                       strength = 192;
-                       param_set_id = param_sets[2];
-                       break;
-               case NTRU_256_BIT:
-                       strength = 256;
-                       param_set_id = param_sets[3];
-                       break;
-               default:
-                       return NULL;
-       }
-       DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength,
-                                  parameter_set, ntru_param_set_id_names, param_set_id);
-
-       /* entropy will be owned by drbg */
-       entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
-       if (!entropy)
-       {
-               DBG1(DBG_LIB, "could not attach entropy source for DRBG");
-               return NULL;
-       }
-
-       drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength,
-                                                                       entropy, chunk_from_str("IKE NTRU-KE"));
-       if (!drbg)
-       {
-               DBG1(DBG_LIB, "could not instantiate DRBG at %u bit security", strength);
-               entropy->destroy(entropy);
-               return NULL;
-       }
-
-       INIT(this,
-               .public = {
-                       .ke = {
-                               .get_shared_secret = _get_shared_secret,
-                               .set_public_key = _set_public_key,
-                               .get_public_key = _get_public_key,
-                               .get_method = _get_method,
-                               .destroy = _destroy,
-                       },
-               },
-               .group = group,
-               .param_set = ntru_param_set_get_by_id(param_set_id),
-               .strength = strength,
-               .entropy = entropy,
-               .drbg = drbg,
-       );
-
-       return &this->public;
-}

diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.h b/src/libstrongswan/plugins/ntru/ntru_ke.h
deleted file mode 100644 (file)
index 2b2a667..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_ke.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_ke ntru_ke
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_KE_H_
-#define NTRU_KE_H_
-
-typedef struct ntru_ke_t ntru_ke_t;
-
-#include <library.h>
-
-/**
- * Implementation of a key exchange algorithm using NTRU encryption
- */
-struct ntru_ke_t {
-
-       /**
-        * Implements key_exchange_t interface.
-        */
-       key_exchange_t ke;
-};
-
-/**
- * Creates a new ntru_ke_t object.
- *
- * @param group                        NTRU group number to use
- * @param g                            not used
- * @param p                            not used
- * @return                             ntru_ke_t object, NULL if not supported
- */
-ntru_ke_t *ntru_ke_create(key_exchange_method_t group, chunk_t g, chunk_t p);
-
-#endif /** NTRU_KE_H_ @}*/
-

diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.c b/src/libstrongswan/plugins/ntru/ntru_param_set.c
deleted file mode 100644 (file)
index 35b5673..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_param_set.c
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) 2009-2013  Security Innovation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_param_set.h"
-
-#include <utils/test.h>
-
-ENUM(ntru_param_set_id_names, NTRU_EES401EP1, NTRU_EES743EP1,
-       "ees401ep1",
-       "ees449ep1",
-       "ees677ep1",
-       "ees1087ep2",
-       "ees541ep1",
-       "ees613ep1",
-       "ees887ep1",
-       "ees1171ep1",
-       "ees659ep1",
-       "ees761ep1",
-       "ees1087ep1",
-       "ees1499ep1",
-       "ees401ep2",
-       "ees439ep1",
-       "ees593ep1",
-       "ees743ep1"
-);
-
-/**
- * NTRU encryption parameter set definitions
- */
-static const ntru_param_set_t ntru_param_sets[] = {
-
-       /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
-    {
-        NTRU_EES401EP1,              /* parameter-set id */
-        {0x00, 0x02, 0x04},          /* OID */
-        0x22,                        /* DER id */
-        9,                           /* no. of bits in N (i.e., in an index) */
-        401,                         /* N */
-        14,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        113,                         /* df, dr */
-        133,                         /* dg */
-        60,                          /* maxMsgLenBytes */
-        113,                         /* dm0 */
-        11,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES449EP1,              /* parameter-set id */
-        {0x00, 0x03, 0x03},          /* OID */
-        0x23,                        /* DER id */
-        9,                           /* no. of bits in N (i.e., in an index) */
-        449,                         /* N */
-        16,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        134,                         /* df, dr */
-        149,                         /* dg */
-        67,                          /* maxMsgLenBytes */
-        134,                         /* dm0 */
-        9,                           /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES677EP1,              /* parameter-set id */
-        {0x00, 0x05, 0x03},          /* OID */
-        0x24,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        677,                         /* N */
-        24,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        157,                         /* df, dr */
-        225,                         /* dg */
-        101,                         /* maxMsgLenBytes */
-        157,                         /* dm0 */
-        11,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES1087EP2,             /* parameter-set id */
-        {0x00, 0x06, 0x03},          /* OID */
-        0x25,                        /* DER id */
-        11,                          /* no. of bits in N (i.e., in an index) */
-        1087,                        /* N */
-        32,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        120,                         /* df, dr */
-        362,                         /* dg */
-        170,                         /* maxMsgLenBytes */
-        120,                         /* dm0 */
-        13,                          /* c */
-        1,                           /* lLen */
-    },
-
-       /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
-    {
-        NTRU_EES541EP1,              /* parameter-set id */
-        {0x00, 0x02, 0x05},          /* OID */
-        0x26,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        541,                         /* N */
-        14,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        49,                          /* df, dr */
-        180,                         /* dg */
-        86,                          /* maxMsgLenBytes */
-        49,                          /* dm0 */
-        12,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES613EP1,              /* parameter-set id */
-        {0x00, 0x03, 0x04},          /* OID */
-        0x27,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        613,                         /* N */
-        16,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        55,                          /* df, dr */
-        204,                         /* dg */
-        97,                          /* maxMsgLenBytes */
-        55,                          /* dm0 */
-        11,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES887EP1,              /* parameter-set id */
-        {0x00, 0x05, 0x04},          /* OID */
-        0x28,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        887,                         /* N */
-        24,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        81,                          /* df, dr */
-        295,                         /* dg */
-        141,                         /* maxMsgLenBytes */
-        81,                          /* dm0 */
-        10,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES1171EP1,             /* parameter-set id */
-        {0x00, 0x06, 0x04},          /* OID */
-        0x29,                        /* DER id */
-        11,                          /* no. of bits in N (i.e., in an index) */
-        1171,                        /* N */
-        32,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        106,                         /* df, dr */
-        390,                         /* dg */
-        186,                         /* maxMsgLenBytes */
-        106,                         /* dm0 */
-        12,                          /* c */
-        1,                           /* lLen */
-    },
-
-       /* X9.98/IEEE 1363.1 parameter sets for best speed */
-    {
-        NTRU_EES659EP1,              /* parameter-set id */
-        {0x00, 0x02, 0x06},          /* OID */
-        0x2a,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        659,                         /* N */
-        14,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        38,                          /* df, dr */
-        219,                         /* dg */
-        108,                         /* maxMsgLenBytes */
-        38,                          /* dm0 */
-        11,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES761EP1,              /* parameter-set id */
-        {0x00, 0x03, 0x05},          /* OID */
-        0x2b,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        761,                         /* N */
-        16,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        42,                          /* df, dr */
-        253,                         /* dg */
-        125,                         /* maxMsgLenBytes */
-        42,                          /* dm0 */
-        12,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES1087EP1,             /* parameter-set id */
-        {0x00, 0x05, 0x05},          /* OID */
-        0x2c,                        /* DER id */
-        11,                          /* no. of bits in N (i.e., in an index) */
-        1087,                        /* N */
-        24,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        63,                          /* df, dr */
-        362,                         /* dg */
-        178,                         /* maxMsgLenBytes */
-        63,                          /* dm0 */
-        13,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES1499EP1,             /* parameter-set id */
-        {0x00, 0x06, 0x05},          /* OID */
-        0x2d,                        /* DER id */
-        11,                          /* no. of bits in N (i.e., in an index) */
-        1499,                        /* N */
-        32,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        FALSE,                       /* product form */
-        79,                          /* df, dr */
-        499,                         /* dg */
-        247,                         /* maxMsgLenBytes */
-        79,                          /* dm0 */
-        13,                          /* c */
-        1,                           /* lLen */
-    },
-
-       /* Best bandwidth and speed, no X9.98 compatibility */
-    {
-        NTRU_EES401EP2,              /* parameter-set id */
-        {0x00, 0x02, 0x10},          /* OID */
-        0x2e,                        /* DER id */
-        9,                           /* no. of bits in N (i.e., in an index) */
-        401,                         /* N */
-        14,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        TRUE,                        /* product form */
-        8 + (8 << 8) + (6 << 16),    /* df, dr */
-        133,                         /* dg */
-        60,                          /* maxMsgLenBytes */
-        136,                         /* m(1)_max */
-        11,                          /* c */
-        1,                           /* lLen */
-   },
-
-    {
-        NTRU_EES439EP1,              /* parameter-set id */
-        {0x00, 0x03, 0x10},          /* OID */
-        0x2f,                        /* DER id */
-        9,                           /* no. of bits in N (i.e., in an index) */
-        439,                         /* N */
-        16,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        TRUE,                        /* product form */
-        9 + (8 << 8) + (5 << 16),    /* df, dr */
-        146,                         /* dg */
-        65,                          /* maxMsgLenBytes */
-        126,                         /* m(1)_max */
-        9,                           /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES593EP1,              /* parameter-set id */
-        {0x00, 0x05, 0x10},          /* OID */
-        0x30,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        593,                         /* N */
-        24,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        TRUE,                        /* product form */
-        10 + (10 << 8) + (8 << 16),  /* df, dr */
-        197,                         /* dg */
-        86,                          /* maxMsgLenBytes */
-        90,                          /* m(1)_max */
-        11,                          /* c */
-        1,                           /* lLen */
-    },
-
-    {
-        NTRU_EES743EP1,              /* parameter-set id */
-        {0x00, 0x06, 0x10},          /* OID */
-        0x31,                        /* DER id */
-        10,                          /* no. of bits in N (i.e., in an index) */
-        743,                         /* N */
-        32,                          /* security strength in octets */
-        2048,                        /* q */
-        11,                          /* no. of bits in q (i.e., in a coeff) */
-        TRUE,                        /* product form */
-        11 + (11 << 8) + (15 << 16), /* df, dr */
-        247,                         /* dg */
-        106,                         /* maxMsgLenBytes */
-        60,                          /* m(1)_max */
-        13,                          /* c */
-        1,                           /* lLen */
-    },
-
-};
-
-/**
- * See header.
- */
-const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
-{
-       int i;
-
-       for (i = 0; i < countof(ntru_param_sets); i++)
-       {
-               if (ntru_param_sets[i].id == id)
-               {
-                       return &ntru_param_sets[i];
-               }
-       }
-       return NULL;
-}
-
-
-/**
- * See header.
- */
-const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid)
-{
-       int i;
-
-       for (i = 0; i < countof(ntru_param_sets); i++)
-       {
-               if (memeq(ntru_param_sets[i].oid, oid, 3))
-               {
-                       return &ntru_param_sets[i];
-               }
-       }
-       return NULL;
-}
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_param_set_get_by_id);

diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.h b/src/libstrongswan/plugins/ntru/ntru_param_set.h
deleted file mode 100644 (file)
index efd4ce0..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_param_set.h
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * Copyright (C) 2009-2013  Security Innovation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_param_set ntru_param_set
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_PARAM_SET_H_
-#define NTRU_PARAM_SET_H_
-
-typedef enum ntru_param_set_id_t ntru_param_set_id_t;
-typedef struct ntru_param_set_t ntru_param_set_t;
-
-#include <library.h>
-
-/**
- * Encoding types for NTRU encryption public/private key blobs
- */
-#define NTRU_PUBKEY_TAG           0x01
-#define NTRU_PRIVKEY_DEFAULT_TAG  0x02
-#define NTRU_PRIVKEY_TRITS_TAG    0xfe
-#define NTRU_PRIVKEY_INDICES_TAG  0xff
-
-/**
- * Size in octets of the OID designating the NTRU encryption parameter set
- */
-#define NTRU_OID_LEN   3
-
-/**
- * Packing types for NTRU encryption public/private keys
- */
-#define NTRU_KEY_PACKED_COEFFICIENTS    0x01
-#define NTRU_KEY_PACKED_INDICES         0x02
-#define NTRU_KEY_PACKED_TRITS           0x03
-
-/**
- * NTRU encryption parameter set ID list
- */
-enum ntru_param_set_id_t {
-       /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
-       NTRU_EES401EP1,
-       NTRU_EES449EP1,
-       NTRU_EES677EP1,
-       NTRU_EES1087EP2,
-       /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
-       NTRU_EES541EP1,
-       NTRU_EES613EP1,
-       NTRU_EES887EP1,
-       NTRU_EES1171EP1,
-       /* X9.98/IEEE 1363.1 parameter sets for best speed */
-       NTRU_EES659EP1,
-       NTRU_EES761EP1,
-       NTRU_EES1087EP1,
-       NTRU_EES1499EP1,
-       /* Best bandwidth and speed, no X9.98 compatibility */
-       NTRU_EES401EP2,
-       NTRU_EES439EP1,
-       NTRU_EES593EP1,
-       NTRU_EES743EP1,
-};
-
-extern enum_name_t *ntru_param_set_id_names;
-
-/**
- * NTRU encryption parameter set definitions
- */
-struct ntru_param_set_t {
-
-    /**
-        * NTRU parameter set ID
-        */
-       const ntru_param_set_id_t id;
-
-       /**
-        * pointer to OID
-        */
-       const uint8_t oid[NTRU_OID_LEN];
-
-       /**
-        * parameter-set DER id
-        */
-       const uint8_t der_id;
-
-       /**
-        * no. of bits in N (i.e. in an index
-        */
-       const uint8_t N_bits;
-
-       /**
-        * ring dimension
-        */
-       const uint16_t N;
-
-       /**
-        * no. of octets of security strength
-        */
-       const uint16_t sec_strength_len;
-
-       /**
-        * big modulus
-        */
-       const uint16_t q;
-
-       /**
-        * no. of bits in q (i.e. in a coefficient)
-        */
-       const uint8_t q_bits;
-
-       /**
-        * if product form used
-        */
-       const bool is_product_form;
-
-       /**
-        * no. of +1 or -1 coefficients in ring elements F, r
-        */
-       const uint32_t dF_r;
-
-       /**
-        * no. - 1 of +1 coefficients or no. of -1 coefficients in ring element g
-        */
-       const uint16_t dg;
-
-       /**
-        * max no. of plaintext octets
-        */
-       const uint16_t m_len_max;
-
-       /**
-        * min. message representative weight
-        */
-       const uint16_t min_msg_rep_wt;
-
-       /**
-        * no. bits in candidate for deriving an index
-        */
-       const uint8_t  c_bits;
-
-       /**
-        * no. of octets to hold mLenOctets
-        */
-       const uint8_t  m_len_len;
-};
-
-/**
- * Get NTRU encryption parameter set by NTRU parameter set ID
- *
- * @param id   NTRU parameter set ID
- * @return             NTRU parameter set
-*/
-const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id);
-
-/**
- * Get NTRU encryption parameter set by NTRU parameter set OID
- *
- * @param oid  NTRU parameter set OID
- * @return             NTRU parameter set
-*/
-const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid);
-
-#endif /** NTRU_PARAM_SET_H_ @}*/

diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c
deleted file mode 100644 (file)
index ccf888b..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_plugin.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (C) 2013-2016 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_plugin.h"
-#include "ntru_ke.h"
-
-#include <library.h>
-
-typedef struct private_ntru_plugin_t private_ntru_plugin_t;
-
-/**
- * private data of ntru_plugin
- */
-struct private_ntru_plugin_t {
-
-       /**
-        * public functions
-        */
-       ntru_plugin_t public;
-};
-
-METHOD(plugin_t, get_name, char*,
-       private_ntru_plugin_t *this)
-{
-       return "ntru";
-}
-
-METHOD(plugin_t, get_features, int,
-       private_ntru_plugin_t *this, plugin_feature_t *features[])
-{
-       static plugin_feature_t f[] = {
-               PLUGIN_REGISTER(KE, ntru_ke_create),
-                       PLUGIN_PROVIDE(KE, NTRU_112_BIT),
-                               PLUGIN_DEPENDS(RNG, RNG_TRUE),
-                               PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
-                               PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
-                       PLUGIN_PROVIDE(KE, NTRU_128_BIT),
-                               PLUGIN_DEPENDS(RNG, RNG_TRUE),
-                               PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
-                               PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
-                       PLUGIN_PROVIDE(KE, NTRU_192_BIT),
-                               PLUGIN_DEPENDS(RNG, RNG_TRUE),
-                               PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
-                               PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
-                       PLUGIN_PROVIDE(KE, NTRU_256_BIT),
-                               PLUGIN_DEPENDS(RNG, RNG_TRUE),
-                               PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
-                               PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
-       };
-       *features = f;
-
-       return countof(f);
-}
-
-METHOD(plugin_t, destroy, void,
-       private_ntru_plugin_t *this)
-{
-       free(this);
-}
-
-/*
- * see header file
- */
-plugin_t *ntru_plugin_create()
-{
-       private_ntru_plugin_t *this;
-
-       INIT(this,
-               .public = {
-                       .plugin = {
-                               .get_name = _get_name,
-                               .get_features = _get_features,
-                               .destroy = _destroy,
-                       },
-               },
-       );
-
-       return &this->public.plugin;
-}

diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.h b/src/libstrongswan/plugins/ntru/ntru_plugin.h
deleted file mode 100644 (file)
index 1765b80..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_plugin.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_p ntru
- * @ingroup plugins
- *
- * @defgroup ntru_plugin ntru_plugin
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_PLUGIN_H_
-#define NTRU_PLUGIN_H_
-
-#include <plugins/plugin.h>
-
-typedef struct ntru_plugin_t ntru_plugin_t;
-
-/**
- * Plugin implementing NTRU-base key exchange
- */
-struct ntru_plugin_t {
-
-       /**
-        * implements plugin interface
-        */
-       plugin_t plugin;
-};
-
-#endif /** NTRU_PLUGIN_H_ @}*/

diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c
deleted file mode 100644 (file)
index fe5f61c..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_poly.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) 2009-2013  Security Innovation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_poly.h"
-
-#include <crypto/xofs/xof_bitspender.h>
-#include <utils/debug.h>
-#include <utils/test.h>
-
-typedef struct private_ntru_poly_t private_ntru_poly_t;
-typedef struct indices_len_t indices_len_t;
-
-/**
- * Stores number of +1 and -1 coefficients
- */
-struct indices_len_t {
-       int p;
-       int m;
-};
-
-/**
- * Private data of an ntru_poly_t object.
- */
-struct private_ntru_poly_t {
-
-       /**
-        * Public ntru_poly_t interface.
-        */
-       ntru_poly_t public;
-
-       /**
-        * Ring dimension equal to the number of polynomial coefficients
-        */
-       uint16_t N;
-
-       /**
-        * Large modulus
-        */
-       uint16_t q;
-
-       /**
-        * Array containing the indices of the non-zero coefficients
-        */
-       uint16_t *indices;
-
-       /**
-        * Number of indices of the non-zero coefficients
-        */
-       size_t num_indices;
-
-       /**
-        * Number of sparse polynomials
-        */
-       int num_polynomials;
-
-       /**
-        * Number of nonzero coefficients for up to 3 sparse polynomials
-        */
-       indices_len_t indices_len[3];
-
-};
-
-METHOD(ntru_poly_t, get_size, size_t,
-       private_ntru_poly_t *this)
-{
-       return this->num_indices;
-}
-
-METHOD(ntru_poly_t, get_indices, uint16_t*,
-       private_ntru_poly_t *this)
-{
-       return this->indices;
-}
-
-/**
-  * Multiplication of polynomial a with a sparse polynomial b given by
-  * the indices of its +1 and -1 coefficients results in polynomial c.
-  * This is a convolution operation
-  */
-static void ring_mult_i(uint16_t *a, indices_len_t len, uint16_t *indices,
-                                                         uint16_t N, uint16_t mod_q_mask, uint16_t *t,
-                                                         uint16_t *c)
-{
-       int i, j, k;
-
-       /* initialize temporary array t */
-       for (k = 0; k < N; k++)
-       {
-               t[k] = 0;
-       }
-
-       /* t[(i+k)%N] = sum i=0 through N-1 of a[i], for b[k] = -1 */
-       for (j = len.p; j < len.p + len.m; j++)
-       {
-               k = indices[j];
-               for (i = 0; k < N; ++i, ++k)
-               {
-                       t[k] += a[i];
-               }
-               for (k = 0; i < N; ++i, ++k)
-               {
-                       t[k] += a[i];
-               }
-       }
-
-       /* t[(i+k)%N] = -(sum i=0 through N-1 of a[i] for b[k] = -1) */
-       for (k = 0; k < N; k++)
-       {
-               t[k] = -t[k];
-       }
-
-       /* t[(i+k)%N] += sum i=0 through N-1 of a[i] for b[k] = +1 */
-       for (j = 0; j < len.p; j++)
-       {
-               k = indices[j];
-               for (i = 0; k < N; ++i, ++k)
-               {
-                       t[k] += a[i];
-               }
-               for (k = 0; i < N; ++i, ++k)
-               {
-                       t[k] += a[i];
-               }
-       }
-
-       /* c = (a * b) mod q */
-       for (k = 0; k < N; k++)
-       {
-               c[k] = t[k] & mod_q_mask;
-       }
-}
-
-METHOD(ntru_poly_t, get_array, void,
-       private_ntru_poly_t *this, uint16_t *array)
-{
-       uint16_t *t, *bi;
-       uint16_t mod_q_mask = this->q - 1;
-       indices_len_t len;
-       int i;
-
-       /* form polynomial F or F1 */
-       memset(array, 0x00, this->N * sizeof(uint16_t));
-       bi = this->indices;
-       len = this->indices_len[0];
-       for (i = 0; i < len.p + len.m; i++)
-       {
-               array[bi[i]] = (i < len.p) ? 1 : mod_q_mask;
-       }
-
-       if (this->num_polynomials == 3)
-       {
-               /* allocate temporary array t */
-               t = malloc(this->N * sizeof(uint16_t));
-
-               /* form F1 * F2 */
-               bi += len.p + len.m;
-               len = this->indices_len[1];
-               ring_mult_i(array, len, bi, this->N, mod_q_mask, t, array);
-
-               /* form (F1 * F2) + F3 */
-               bi += len.p + len.m;
-               len = this->indices_len[2];
-               for (i = 0; i < len.p + len.m; i++)
-               {
-                       if (i < len.p)
-                       {
-                               array[bi[i]] += 1;
-                       }
-                       else
-                       {
-                               array[bi[i]] -= 1;
-                       }
-                       array[bi[i]] &= mod_q_mask;
-               }
-               free(t);
-       }
-}
-
-METHOD(ntru_poly_t, ring_mult, void,
-       private_ntru_poly_t *this, uint16_t *a, uint16_t *c)
-{
-       uint16_t *t1, *t2;
-       uint16_t *bi = this->indices;
-       uint16_t mod_q_mask = this->q - 1;
-       int i;
-
-       /* allocate temporary array t1 */
-       t1 = malloc(this->N * sizeof(uint16_t));
-
-       if (this->num_polynomials == 1)
-       {
-               ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, c);
-       }
-       else
-       {
-               /* allocate temporary array t2 */
-               t2 = malloc(this->N * sizeof(uint16_t));
-
-               /* t1 = a * b1 */
-               ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, t1);
-
-               /* t1 = (a * b1) * b2 */
-               bi += this->indices_len[0].p + this->indices_len[0].m;
-               ring_mult_i(t1, this->indices_len[1], bi, this->N, mod_q_mask, t2, t1);
-
-               /* t2 = a * b3 */
-               bi += this->indices_len[1].p + this->indices_len[1].m;
-               ring_mult_i(a, this->indices_len[2], bi, this->N, mod_q_mask, t2, t2);
-
-               /* c = (a * b1 * b2) + (a * b3) */
-               for (i = 0; i < this->N; i++)
-               {
-                       c[i] = (t1[i] + t2[i]) & mod_q_mask;
-               }
-               free(t2);
-       }
-       free(t1);
-}
-
-METHOD(ntru_poly_t, destroy, void,
-       private_ntru_poly_t *this)
-{
-       memwipe(this->indices, sizeof(uint16_t) * get_size(this));
-       free(this->indices);
-       free(this);
-}
-
-/**
- * Creates an empty ntru_poly_t object with space allocated for indices
- */
-static private_ntru_poly_t* ntru_poly_create(uint16_t N, uint16_t q,
-                                                                                        uint32_t indices_len_p,
-                                                                                        uint32_t indices_len_m,
-                                                                                        bool is_product_form)
-{
-       private_ntru_poly_t *this;
-       int n;
-
-       INIT(this,
-               .public = {
-                       .get_size = _get_size,
-                       .get_indices = _get_indices,
-                       .get_array = _get_array,
-                       .ring_mult = _ring_mult,
-                       .destroy = _destroy,
-               },
-               .N = N,
-               .q = q,
-       );
-
-       if (is_product_form)
-       {
-               this->num_polynomials = 3;
-               for (n = 0; n < 3; n++)
-               {
-                       this->indices_len[n].p = 0xff & indices_len_p;
-                       this->indices_len[n].m = 0xff & indices_len_m;
-                       this->num_indices += this->indices_len[n].p +
-                                                                this->indices_len[n].m;
-                       indices_len_p >>= 8;
-                       indices_len_m >>= 8;
-               }
-       }
-       else
-       {
-               this->num_polynomials = 1;
-               this->indices_len[0].p = indices_len_p;
-               this->indices_len[0].m = indices_len_m;
-               this->num_indices = indices_len_p + indices_len_m;
-       }
-       this->indices = malloc(sizeof(uint16_t) * this->num_indices);
-
-       return this;
-}
-
-/*
- * Described in header.
- */
-ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t mgf1_type,
-                                                                               chunk_t seed, uint8_t c_bits,
-                                                                               uint16_t N, uint16_t q,
-                                                                               uint32_t indices_len_p,
-                                                                               uint32_t indices_len_m,
-                                                                               bool is_product_form)
-{
-       private_ntru_poly_t *this;
-       int n, num_indices, index_i = 0;
-       uint32_t index, limit;
-       uint8_t *used;
-       xof_bitspender_t *bitspender;
-
-       bitspender = xof_bitspender_create(mgf1_type, seed, TRUE);
-       if (!bitspender)
-       {
-           return NULL;
-       }
-       this = ntru_poly_create(N, q, indices_len_p, indices_len_m, is_product_form);
-       used = malloc(N);
-       limit = N * ((1 << c_bits) / N);
-
-       /* generate indices for all polynomials */
-       for (n = 0; n < this->num_polynomials; n++)
-       {
-               memset(used, 0, N);
-               num_indices = this->indices_len[n].p + this->indices_len[n].m;
-
-               /* generate indices for a single polynomial */
-               while (num_indices)
-               {
-                       /* generate a random candidate index with a size of c_bits */
-                       do
-                       {
-                               if (!bitspender->get_bits(bitspender, c_bits, &index))
-                               {
-                                       bitspender->destroy(bitspender);
-                                       destroy(this);
-                                       free(used);
-                                       return NULL;
-                               }
-                       }
-                       while (index >= limit);
-
-                       /* form index and check if unique */
-                       index %= N;
-                       if (!used[index])
-                       {
-                               used[index] = 1;
-                               this->indices[index_i++] = index;
-                               num_indices--;
-                       }
-               }
-       }
-
-       bitspender->destroy(bitspender);
-       free(used);
-
-       return &this->public;
-}
-
-/*
- * Described in header.
- */
-ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q,
-                                                                               uint32_t indices_len_p,
-                                                                               uint32_t indices_len_m,
-                                                                               bool is_product_form)
-{
-       private_ntru_poly_t *this;
-       int i;
-
-       this = ntru_poly_create(N, q, indices_len_p, indices_len_m, is_product_form);
-
-       for (i = 0; i < this->num_indices; i++)
-       {
-               this->indices[i] = data[i];
-       }
-
-       return &this->public;
-}
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed);
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data);

diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h
deleted file mode 100644 (file)
index 7c5bc00..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_poly.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_poly ntru_poly
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_POLY_H_
-#define NTRU_POLY_H_
-
-typedef struct ntru_poly_t ntru_poly_t;
-
-#include <library.h>
-#include <crypto/xofs/xof.h>
-
-/**
- * Implements a trinary polynomial storing the indices of non-zero coefficients
- */
-struct ntru_poly_t {
-
-       /**
-        * Get the size of the indices array
-        *
-        * @return                      number of indices
-        */
-       size_t (*get_size)(ntru_poly_t *this);
-
-       /**
-        * @return                      array containing the indices of the non-zero coefficients
-        */
-       uint16_t* (*get_indices)(ntru_poly_t *this);
-
-       /**
-        * @param array         array containing all N coefficients of the polynomial
-        */
-       void (*get_array)(ntru_poly_t *this, uint16_t *array);
-
-       /**
-        * Multiply polynomial a with ntru_poly_t object b having sparse coefficients
-        * to form result polynomial c = a * b
-        *
-        * @param a                     input polynomial a
-        * @param b                     output polynomial c
-        */
-       void (*ring_mult)(ntru_poly_t *this, uint16_t *a, uint16_t *c);
-
-       /**
-        * Destroy ntru_poly_t object
-        */
-       void (*destroy)(ntru_poly_t *this);
-};
-
-/**
- * Create a trits polynomial from a seed using MGF1
- *
- * @param alg                          MGF1 algorithm used(XOF_MGF1_SHA1 or XOF_MGF_SHA256)
- * @param seed                         seed used by MGF1 to generate trits from
- * @param N                                    ring dimension, number of polynomial coefficients
- * @param q                                    large modulus
- * @param c_bits                       number of bits for candidate index
- * @param indices_len_p                number of indices for +1 coefficients
- * @param indices_len_m                number of indices for -1 coefficients
- * @param is_product_form      generate multiple polynomials
- */
-ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t alg,        chunk_t seed,
-                                                                               uint8_t c_bits, uint16_t N, uint16_t q,
-                                                                               uint32_t indices_len_p,
-                                                                               uint32_t indices_len_m,
-                                                                               bool is_product_form);
-
-/**
- * Create a trits polynomial from an array of indices of non-zero coefficients
- *
- * @param data                         array of indices of non-zero coefficients
- * @param N                                    ring dimension, number of polynomial coefficients
- * @param q                                    large modulus
- * @param indices_len_p                number of indices for +1 coefficients
- * @param indices_len_m                number of indices for -1 coefficients
- * @param is_product_form      generate multiple polynomials
- */
-ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q,
-                                                                               uint32_t indices_len_p,
-                                                                               uint32_t indices_len_m,
-                                                                               bool is_product_form);
-
-#endif /** NTRU_POLY_H_ @}*/
-

diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.c b/src/libstrongswan/plugins/ntru/ntru_private_key.c
deleted file mode 100644 (file)
index e85c0da..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_private_key.c
+++ /dev/null
@@ -1,882 +0,0 @@
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) 2009-2013  Security Innovation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_private_key.h"
-#include "ntru_trits.h"
-#include "ntru_poly.h"
-#include "ntru_convert.h"
-
-#include <utils/debug.h>
-#include <utils/test.h>
-
-typedef struct private_ntru_private_key_t private_ntru_private_key_t;
-
-/**
- * Private data of an ntru_private_key_t object.
- */
-struct private_ntru_private_key_t {
-
-       /**
-        * Public ntru_private_key_t interface.
-        */
-       ntru_private_key_t public;
-
-       /**
-        * NTRU Parameter Set
-        */
-       const ntru_param_set_t *params;
-
-       /**
-        * Polynomial F which is the private key
-        */
-       ntru_poly_t *privkey;
-
-       /**
-        * Polynomial h which is the public key
-        */
-       uint16_t *pubkey;
-
-       /**
-        * Encoding of the private key
-        */
-       chunk_t encoding;
-
-       /**
-        * Deterministic Random Bit Generator
-        */
-       drbg_t *drbg;
-
-};
-
-METHOD(ntru_private_key_t, get_id, ntru_param_set_id_t,
-       private_ntru_private_key_t *this)
-{
-       return this->params->id;
-}
-
-METHOD(ntru_private_key_t, get_public_key, ntru_public_key_t*,
-       private_ntru_private_key_t *this)
-{
-       return ntru_public_key_create(this->drbg, this->params, this->pubkey);
-}
-
-/**
- * Generate NTRU encryption private key encoding
- */
-static void generate_encoding(private_ntru_private_key_t *this)
-{
-       size_t pubkey_len, privkey_len, privkey_trits_len, privkey_indices_len;
-       int privkey_pack_type;
-       uint16_t *indices;
-       uint8_t *trits;
-       u_char *enc;
-
-       /* compute public key length encoded as packed coefficients */
-       pubkey_len =  (this->params->N * this->params->q_bits + 7) / 8;
-
-       /* compute private key length encoded as packed trits coefficients */
-       privkey_trits_len = (this->params->N + 4) / 5;
-
-       /* compute private key length encoded as packed indices */
-       privkey_indices_len = (this->privkey->get_size(this->privkey) *
-                                                  this->params->N_bits + 7) / 8;
-
-       if (this->params->is_product_form ||
-               privkey_indices_len <= privkey_trits_len)
-       {
-               privkey_pack_type = NTRU_KEY_PACKED_INDICES;
-               privkey_len = privkey_indices_len;
-       }
-       else
-       {
-               privkey_pack_type = NTRU_KEY_PACKED_TRITS;
-               privkey_len = privkey_trits_len;
-       }
-
-       /* allocate memory for private key encoding */
-       this->encoding = chunk_alloc(2 + NTRU_OID_LEN + pubkey_len + privkey_len);
-       enc = this->encoding.ptr;
-
-       /* format header and packed public key */
-       *enc++ = NTRU_PRIVKEY_DEFAULT_TAG;
-       *enc++ = NTRU_OID_LEN;
-       memcpy(enc, this->params->oid, NTRU_OID_LEN);
-       enc += NTRU_OID_LEN;
-       ntru_elements_2_octets(this->params->N, this->pubkey,
-                                                  this->params->q_bits, enc);
-       enc += pubkey_len;
-
-       /* add packed private key */
-       indices = this->privkey->get_indices(this->privkey);
-
-       if (privkey_pack_type == NTRU_KEY_PACKED_TRITS)
-       {
-               /* encode private key as packed trits */
-               trits = malloc(this->params->N);
-               ntru_indices_2_packed_trits(indices, this->params->dF_r,
-                                                       this->params->dF_r, this->params->N, trits, enc);
-               memwipe(trits, this->params->N);
-               free(trits);
-       }
-       else
-       {
-               /* encode private key as packed indices */
-               ntru_elements_2_octets(this->privkey->get_size(this->privkey),
-                                                          indices, this->params->N_bits, enc);
-       }
-}
-
-METHOD(ntru_private_key_t, get_encoding, chunk_t,
-       private_ntru_private_key_t *this)
-{
-       return this->encoding;
-}
-
-/**
- * Checks that the number of 0, +1, and -1 trinary ring elements meet or exceed
- * a minimum weight.
- *
- * @param N                    degree of polynomial
- * @param t                    array of trinary ring elements
- * @param min_wt       minimum weight
- * @return                     TRUE if minimum weight met or exceeded
- */
-bool ntru_check_min_weight(uint16_t N, uint8_t  *t, uint16_t min_wt)
-{
-       uint16_t wt[3];
-       bool success;
-       int i;
-
-       wt[0] = wt[1] = wt[2] = 0;
-
-       for (i = 0; i < N; i++)
-       {
-               ++wt[t[i]];
-       }
-       success = (wt[0] >= min_wt) && (wt[1] >= min_wt) && (wt[2] >= min_wt);
-
-       DBG2(DBG_LIB, "minimum weight = %u, so -1: %u, 0: %u, +1: %u is %sok",
-                                  min_wt, wt[2], wt[0], wt[1], success ? "" : "not ");
-
-       return success;
-}
-
-METHOD(ntru_private_key_t, decrypt, bool,
-       private_ntru_private_key_t *this, chunk_t ciphertext, chunk_t *plaintext)
-{
-       ext_out_function_t alg;
-       size_t t_len, seed1_len, seed2_len;
-       uint16_t *t1, *t2, *t = NULL;
-    uint16_t mod_q_mask, q_mod_p, cmprime_len, cm_len = 0, num_zeros;
-       uint8_t *Mtrin, *M, *cm, *mask_trits, *ptr;
-       int16_t m1 = 0;
-       chunk_t seed = chunk_empty;
-       ntru_trits_t *mask;
-       ntru_poly_t *r_poly;
-       bool msg_rep_good, success = TRUE;
-       int i;
-
-       *plaintext = chunk_empty;
-
-       if (ciphertext.len != (this->params->N * this->params->q_bits + 7) / 8)
-       {
-               DBG1(DBG_LIB, "wrong NTRU ciphertext length");
-               return FALSE;
-       }
-
-       /* allocate temporary array t */
-       t_len  = 2 * this->params->N * sizeof(uint16_t);
-       t = malloc(t_len);
-       t1 = t;
-       t2 = t + this->params->N;
-       Mtrin = (uint8_t *)t1;
-       M = Mtrin + this->params->N;
-
-       /* set MGF1 algorithm type based on security strength */
-       alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
-                                                                                                  XOF_MGF1_SHA256;
-
-       /* set constants */
-       mod_q_mask = this->params->q - 1;
-       q_mod_p = this->params->q % 3;
-
-    /* unpack the ciphertext */
-    ntru_octets_2_elements(ciphertext.len, ciphertext.ptr,
-                                                  this->params->q_bits, t2);
-
-       /* form cm':
-        *  F * e
-        *  A = e * (1 + pF) mod q = e + pFe mod q
-        *  a = A in the range [-q/2, q/2)
-        *  cm' = a mod p
-        */
-       this->privkey->ring_mult(this->privkey, t2, t1);
-
-       cmprime_len = this->params->N;
-       if (this->params->is_product_form)
-       {
-               --cmprime_len;
-               for (i = 0; i < cmprime_len; i++)
-               {
-                       t1[i] = (t2[i] + 3 * t1[i]) & mod_q_mask;
-                       if (t1[i] >= (this->params->q / 2))
-                       {
-                               t1[i] -= q_mod_p;
-                       }
-                       Mtrin[i] = (uint8_t)(t1[i] % 3);
-                       if (Mtrin[i] == 1)
-                       {
-                               ++m1;
-                       }
-                       else if (Mtrin[i] == 2)
-                       {
-                               --m1;
-                       }
-               }
-       }
-       else
-       {
-               for (i = 0; i < cmprime_len; i++)
-               {
-                       t1[i] = (t2[i] + 3 * t1[i]) & mod_q_mask;
-                       if (t1[i] >= (this->params->q / 2))
-                       {
-                               t1[i] -= q_mod_p;
-                       }
-                       Mtrin[i] = (uint8_t)(t1[i] % 3);
-               }
-       }
-
-    /**
-        * check that the candidate message representative meets
-     * minimum weight requirements
-     */
-       if (this->params->is_product_form)
-       {
-               msg_rep_good = (abs(m1) <= this->params->min_msg_rep_wt);
-       }
-       else
-       {
-               msg_rep_good = ntru_check_min_weight(cmprime_len, Mtrin,
-                                                                                        this->params->min_msg_rep_wt);
-       }
-       if (!msg_rep_good)
-       {
-               DBG1(DBG_LIB, "decryption failed due to insufficient minimum weight");
-               success = FALSE;
-       }
-
-       /* form cR = e - cm' mod q */
-       for (i = 0; i < cmprime_len; i++)
-       {
-               if (Mtrin[i] == 1)
-               {
-                       t2[i] = (t2[i] - 1) & mod_q_mask;
-               }
-               else if (Mtrin[i] == 2)
-               {
-                       t2[i] = (t2[i] + 1) & mod_q_mask;
-               }
-       }
-       if (this->params->is_product_form)
-       {
-               t2[i] = (t2[i] + m1) & mod_q_mask;
-       }
-
-       /* allocate memory for the larger of the two seeds */
-       seed1_len = (this->params->N + 3)/4;
-       seed2_len = 3 + 2*this->params->sec_strength_len + this->params->m_len_max;
-       seed = chunk_alloc(max(seed1_len, seed2_len));
-       seed.len = seed1_len;
-
-       /* form cR mod 4 */
-       ntru_coeffs_mod4_2_octets(this->params->N, t2, seed.ptr);
-
-       /* form mask */
-       mask = ntru_trits_create(this->params->N, alg, seed);
-       if (!mask)
-       {
-               DBG1(DBG_LIB, "mask creation failed");
-               success = FALSE;
-               goto err;
-       }
-
-       mask_trits = mask->get_trits(mask);
-
-       /* form cMtrin by subtracting mask from cm', mod p */
-       for (i = 0; i < cmprime_len; i++)
-       {
-               Mtrin[i] -=  mask_trits[i];
-               if (Mtrin[i] >= 3)
-               {
-                       Mtrin[i] += 3;
-               }
-       }
-       mask->destroy(mask);
-
-       if (this->params->is_product_form)
-       {
-               /* set the last trit to zero since that's what it was, and
-                * because it can't be calculated from (cm' - mask) since
-                * we don't have the correct value for the last cm' trit
-                */
-               Mtrin[i] = 0;
-       }
-
-       /* convert cMtrin to cM (Mtrin to Mbin) */
-       if (!ntru_trits_2_bits(Mtrin, this->params->N, M))
-       {
-               success = FALSE;
-               goto err;
-       }
-
-       /* skip the random padding */
-       ptr = M + this->params->sec_strength_len;
-
-       /* validate the padded message cM and copy cm to m_buf */
-       if (this->params->m_len_len == 2)
-       {
-               cm_len = (uint16_t)(*ptr++) << 16;
-       }
-       cm_len |= (uint16_t)(*ptr++);
-
-       if (cm_len > this->params->m_len_max)
-       {
-               cm_len = this->params->m_len_max;
-               DBG1(DBG_LIB, "NTRU message length is larger than maximum length");
-               success = FALSE;
-       }
-       cm = ptr;
-       ptr += cm_len;
-
-       /* check if the remaining padding consists of zeros */
-       num_zeros = this->params->m_len_max - cm_len + 1;
-       for (i = 0; i < num_zeros; i++)
-       {
-               if (ptr[i] != 0)
-               {
-                       DBG1(DBG_LIB, "non-zero trailing padding detected");
-                       success = FALSE;
-                       break;
-               }
-       }
-
-       /* form sData (OID || m || b || hTrunc) */
-       ptr = seed.ptr;
-       memcpy(ptr, this->params->oid, 3);
-       ptr += 3;
-       memcpy(ptr, cm, cm_len);
-       ptr += cm_len;
-       memcpy(ptr, M, this->params->sec_strength_len);
-       ptr += this->params->sec_strength_len;
-       memcpy(ptr, this->encoding.ptr + 2 + NTRU_OID_LEN,
-                  this->params->sec_strength_len);
-       ptr += this->params->sec_strength_len;
-       seed.len = ptr - seed.ptr;
-
-       /* generate cr */
-       DBG2(DBG_LIB, "generate polynomial r");
-       r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
-                                               this->params->N, this->params->q, this->params->dF_r,
-                                               this->params->dF_r, this->params->is_product_form);
-       if (!r_poly)
-       {
-               success = FALSE;
-               goto err;
-       }
-
-       /* output plaintext in allocated chunk */
-       *plaintext = chunk_clone(chunk_create(cm, cm_len));
-
-       /* form cR' = h * cr */
-       r_poly->ring_mult(r_poly, this->pubkey, t1);
-       r_poly->destroy(r_poly);
-
-       /* compare cR' to cR */
-       for (i = 0; i < this->params->N; i++)
-       {
-               if (t[i] != t2[i])
-               {
-                       DBG1(DBG_LIB, "cR' does not equal cR'");
-                       chunk_clear(plaintext);
-                       success = FALSE;
-                       break;
-               }
-       }
-       memwipe(t, t_len);
-
-err:
-       /* cleanup */
-       chunk_clear(&seed);
-       free(t);
-
-       return success;
-}
-
-METHOD(ntru_private_key_t, destroy, void,
-       private_ntru_private_key_t *this)
-{
-       DESTROY_IF(this->privkey);
-       this->drbg->destroy(this->drbg);
-       chunk_clear(&this->encoding);
-       free(this->pubkey);
-       free(this);
-}
-
-/**
- * Multiplies ring element (polynomial) "a" by ring element (polynomial) "b"
- * to produce ring element (polynomial) "c" in (Z/qZ)[X]/(X^N - 1).
- * This is a convolution operation.
- *
- * Ring element "b" has coefficients in the range [0,N).
- *
- * This assumes q is 2^r where 8 < r < 16, so that overflow of the sum
- * beyond 16 bits does not matter.
- *
- * @param a            polynomial a
- * @param b            polynomial b
- * @param N            no. of coefficients in a, b, c
- * @param q            large modulus
- * @param c            polynomial c = a * b
- */
-static void ring_mult_c(uint16_t *a, uint16_t *b, uint16_t N, uint16_t q,
-                                           uint16_t *c)
-{
-       uint16_t *bptr = b;
-       uint16_t mod_q_mask = q - 1;
-       int i, k;
-
-       /* c[k] = sum(a[i] * b[k-i]) mod q */
-       memset(c, 0, N * sizeof(uint16_t));
-       for (k = 0; k < N; k++)
-       {
-               i = 0;
-               while (i <= k)
-               {
-                       c[k] += a[i++] * *bptr--;
-               }
-               bptr += N;
-               while (i < N)
-               {
-                       c[k] += a[i++] * *bptr--;
-               }
-               c[k] &= mod_q_mask;
-               ++bptr;
-       }
-}
-
-/**
- * Finds the inverse of a polynomial a in (Z/2^rZ)[X]/(X^N - 1).
- *
- * This assumes q is 2^r where 8 < r < 16, so that operations mod q can
- * wait until the end, and only 16-bit arrays need to be used.
- *
- * @param a                    polynomial a
- * @param N                    no. of coefficients in a
- * @param q                    large modulus
- * @param t                    temporary buffer of size 2N elements
- * @param a_inv        polynomial for inverse of a
- */
-static bool ring_inv(uint16_t *a, uint16_t N, uint16_t q, uint16_t *t,
-                                        uint16_t *a_inv)
-{
-       uint8_t *b = (uint8_t *)t;
-       uint8_t *c = b + N;
-       uint8_t *f = c + N;
-       uint8_t *g = (uint8_t *)a_inv;
-       uint16_t *t2 = t + N;
-       uint16_t deg_b, deg_c, deg_f, deg_g;
-    bool done = FALSE;
-    int i, j, k = 0;
-
-       /* form a^-1 in (Z/2Z)[X]/X^N - 1) */
-       memset(b, 0, 2 * N);                                    /* clear to init b, c */
-
-       /* b(X) = 1 */
-       b[0] = 1;
-       deg_b = 0;
-
-       /* c(X) = 0 (cleared above) */
-       deg_c = 0;
-
-       /* f(X) = a(X) mod 2 */
-       for (i = 0; i < N; i++)
-       {
-               f[i] = (uint8_t)(a[i] & 1);
-       }
-       deg_f = N - 1;
-
-       /* g(X) = X^N - 1 */
-       g[0] = 1;
-       memset(g + 1, 0, N - 1);
-       g[N] = 1;
-       deg_g = N;
-
-       /* until f(X) = 1 */
-       while (!done)
-       {
-               /* while f[0] = 0, f(X) /= X, c(X) *= X, k++ */
-               for (i = 0; (i <= deg_f) && (f[i] == 0); ++i);
-
-               if (i > deg_f)
-               {
-                       return FALSE;
-               }
-               if (i)
-               {
-                       f = f + i;
-                       deg_f = deg_f - i;
-                       deg_c = deg_c + i;
-                       for (j = deg_c; j >= i; j--)
-                       {
-                               c[j] = c[j-i];
-                       }
-                       for (j = 0; j < i; j++)
-                       {
-                               c[j] = 0;
-                       }
-                       k = k + i;
-               }
-
-               /* adjust degree of f(X) if the highest coefficients are zero
-                * Note: f[0] = 1 from above so the loop will terminate.
-                */
-               while (f[deg_f] == 0)
-               {
-                       --deg_f;
-               }
-
-               /* if f(X) = 1, done
-                * Note: f[0] = 1 from above, so only check the x term and up
-                */
-               for (i = 1; (i <= deg_f) && (f[i] == 0); ++i);
-
-               if (i > deg_f)
-               {
-                       done = TRUE;
-                       break;
-               }
-
-               /* if deg_f < deg_g, f <-> g, b <-> c */
-               if (deg_f < deg_g)
-               {
-                       uint8_t *x;
-
-                       x = f;
-                       f = g;
-                       g = x;
-                       deg_f ^= deg_g;
-                       deg_g ^= deg_f;
-                       deg_f ^= deg_g;
-                       x = b;
-                       b = c;
-                       c = x;
-                       deg_b ^= deg_c;
-                       deg_c ^= deg_b;
-                       deg_b ^= deg_c;
-               }
-
-               /* f(X) += g(X), b(X) += c(X) */
-               for (i = 0; i <= deg_g; i++)
-               {
-                       f[i] ^= g[i];
-               }
-               if (deg_c > deg_b)
-               {
-                       deg_b = deg_c;
-               }
-               for (i = 0; i <= deg_c; i++)
-               {
-                       b[i] ^= c[i];
-               }
-       }
-
-       /* a^-1 in (Z/2Z)[X]/(X^N - 1) = b(X) shifted left k coefficients */
-       j = 0;
-       if (k >= N)
-       {
-               k = k - N;
-       }
-       for (i = k; i < N; i++)
-       {
-               a_inv[j++] = (uint16_t)(b[i]);
-       }
-       for (i = 0; i < k; i++)
-       {
-               a_inv[j++] = (uint16_t)(b[i]);
-       }
-
-       /* lift a^-1 in (Z/2Z)[X]/(X^N - 1) to a^-1 in (Z/qZ)[X]/(X^N -1) */
-    for (j = 0; j < 4; ++j)                            /* assumes 256 < q <= 65536 */
-       {
-               /* a^-1 = a^-1 * (2 - a * a^-1) mod q */
-               memcpy(t2, a_inv, N * sizeof(uint16_t));
-               ring_mult_c(a, t2, N, q, t);
-               for (i = 0; i < N; ++i)
-               {
-                       t[i] = q - t[i];
-               }
-               t[0] = t[0] + 2;
-               ring_mult_c(t2, t, N, q, a_inv);
-       }
-
-       return TRUE;
-}
-
-/*
- * Described in header.
- */
-ntru_private_key_t *ntru_private_key_create(drbg_t *drbg,
-                                                                                       const ntru_param_set_t *params)
-{
-       private_ntru_private_key_t *this;
-       size_t t_len;
-       uint16_t *t1, *t2, *t = NULL;
-       uint16_t mod_q_mask;
-    ext_out_function_t alg;
-       ntru_poly_t *g_poly;
-       chunk_t seed;
-       int i;
-
-       INIT(this,
-               .public = {
-                       .get_id = _get_id,
-                       .get_public_key = _get_public_key,
-                       .get_encoding = _get_encoding,
-                       .decrypt = _decrypt,
-                       .destroy = _destroy,
-               },
-               .params = params,
-               .pubkey = malloc(params->N * sizeof(uint16_t)),
-               .drbg = drbg->get_ref(drbg),
-       );
-
-       /* set hash algorithm and seed length based on security strength */
-       alg = (params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
-                                                                                        XOF_MGF1_SHA256;
-       seed =chunk_alloc(params->sec_strength_len + 8);
-
-       /* get random seed for generating trinary F as a list of indices */
-       if (!drbg->generate(drbg, seed.len, seed.ptr))
-       {
-               goto err;
-       }
-
-       DBG2(DBG_LIB, "generate polynomial F");
-       this->privkey = ntru_poly_create_from_seed(alg, seed, params->c_bits,
-                                                                                          params->N, params->q,
-                                                                                          params->dF_r, params->dF_r,
-                                                                                          params->is_product_form);
-       if (!this->privkey)
-       {
-               goto err;
-       }
-
-       /* allocate temporary array t */
-       t_len = 3 * params->N * sizeof(uint16_t);
-       t = malloc(t_len);
-       t1 = t + 2 * params->N;
-
-       /* extend sparse private key polynomial f to N array elements */
-       this->privkey->get_array(this->privkey, t1);
-
-       /* set mask for large modulus */
-       mod_q_mask = params->q - 1;
-
-       /* form f = 1 + pF */
-       for (i = 0; i < params->N; i++)
-       {
-               t1[i] = (t1[i] * 3) & mod_q_mask;
-       }
-       t1[0] = (t1[0] + 1) & mod_q_mask;
-
-       /* use the public key array as a temporary buffer */
-       t2 = this->pubkey;
-
-       /* find f^-1 in (Z/qZ)[X]/(X^N - 1) */
-       if (!ring_inv(t1, params->N, params->q, t, t2))
-       {
-               goto err;
-       }
-
-       /* get random seed for generating trinary g as a list of indices */
-       if (!drbg->generate(drbg, seed.len, seed.ptr))
-       {
-               goto err;
-       }
-
-       DBG2(DBG_LIB, "generate polynomial g");
-       g_poly = ntru_poly_create_from_seed(alg, seed, params->c_bits,
-                                                                               params->N, params->q, params->dg + 1,
-                                                                               params->dg, FALSE);
-       if (!g_poly)
-       {
-               goto err;
-       }
-
-       /* compute public key polynomial h = p * (f^-1 * g) mod q */
-       g_poly->ring_mult(g_poly, t2, t2);
-       g_poly->destroy(g_poly);
-
-       for (i = 0; i < params->N; i++)
-       {
-               this->pubkey[i] = (t2[i] * 3) & mod_q_mask;
-       }
-
-       /* cleanup temporary storage */
-       chunk_clear(&seed);
-       memwipe(t, t_len);
-       free(t);
-
-       /* generate private key encoding */
-       generate_encoding(this);
-
-       return &this->public;
-
-err:
-       chunk_free(&seed);
-       free(t);
-       destroy(this);
-
-       return NULL;
-}
-
-/*
- * Described in header.
- */
-ntru_private_key_t *ntru_private_key_create_from_data(drbg_t *drbg,
-                                                                                                         chunk_t data)
-{
-       private_ntru_private_key_t *this;
-       size_t header_len, pubkey_packed_len, privkey_packed_len;
-       size_t privkey_packed_trits_len, privkey_packed_indices_len;
-       uint8_t *privkey_packed, tag;
-       uint16_t *indices, dF;
-       const ntru_param_set_t *params;
-
-       header_len = 2 + NTRU_OID_LEN;
-
-       /* check the NTRU public key header format */
-       if (data.len < header_len ||
-               !(data.ptr[0] == NTRU_PRIVKEY_DEFAULT_TAG ||
-                 data.ptr[0] == NTRU_PRIVKEY_TRITS_TAG ||
-                 data.ptr[0] == NTRU_PRIVKEY_INDICES_TAG) ||
-               data.ptr[1] != NTRU_OID_LEN)
-       {
-               DBG1(DBG_LIB, "loaded NTRU private key with invalid header");
-               return NULL;
-       }
-       tag = data.ptr[0];
-       params = ntru_param_set_get_by_oid(data.ptr + 2);
-
-       if (!params)
-       {
-               DBG1(DBG_LIB, "loaded NTRU private key with unknown OID");
-               return NULL;
-       }
-
-       pubkey_packed_len = (params->N * params->q_bits + 7) / 8;
-       privkey_packed_trits_len = (params->N + 4) / 5;
-
-       /* check packing type for product-form private keys */
-       if (params->is_product_form &&  tag == NTRU_PRIVKEY_TRITS_TAG)
-       {
-               DBG1(DBG_LIB, "a product-form NTRU private key cannot be trits-encoded");
-               return NULL;
-       }
-
-       /* set packed-key length for packed indices */
-       if (params->is_product_form)
-       {
-               dF = (uint16_t)((params->dF_r & 0xff) +           /* df1 */
-                                          ((params->dF_r >>  8) & 0xff) +    /* df2 */
-                                          ((params->dF_r >> 16) & 0xff));    /* df3 */
-       }
-       else
-       {
-               dF = (uint16_t)params->dF_r;
-       }
-       privkey_packed_indices_len = (2 * dF * params->N_bits + 7) / 8;
-
-       /* set private-key packing type if defaulted */
-       if (tag == NTRU_PRIVKEY_DEFAULT_TAG)
-       {
-               if (params->is_product_form ||
-            privkey_packed_indices_len <= privkey_packed_trits_len)
-               {
-                       tag = NTRU_PRIVKEY_INDICES_TAG;
-               }
-               else
-               {
-                       tag = NTRU_PRIVKEY_TRITS_TAG;
-               }
-       }
-       privkey_packed_len = (tag == NTRU_PRIVKEY_TRITS_TAG) ?
-                                privkey_packed_trits_len : privkey_packed_indices_len;
-
-       if (data.len < header_len + pubkey_packed_len + privkey_packed_len)
-       {
-               DBG1(DBG_LIB, "loaded NTRU private key with wrong packed key size");
-               return NULL;
-       }
-
-       INIT(this,
-               .public = {
-                       .get_id = _get_id,
-                       .get_public_key = _get_public_key,
-                       .get_encoding = _get_encoding,
-                       .decrypt = _decrypt,
-                       .destroy = _destroy,
-               },
-               .params = params,
-               .pubkey = malloc(params->N * sizeof(uint16_t)),
-               .encoding = chunk_clone(data),
-               .drbg = drbg->get_ref(drbg),
-       );
-
-       /* unpack the encoded public key */
-       ntru_octets_2_elements(pubkey_packed_len, data.ptr + header_len,
-                                                  params->q_bits, this->pubkey);
-
-       /* allocate temporary memory for indices */
-       indices = malloc(2 * dF * sizeof(uint16_t));
-
-       /* unpack the private key */
-       privkey_packed = data.ptr + header_len + pubkey_packed_len;
-       if (tag == NTRU_PRIVKEY_TRITS_TAG)
-       {
-               ntru_packed_trits_2_indices(privkey_packed, params->N,
-                                                                       indices, indices + dF);
-    }
-       else
-       {
-        ntru_octets_2_elements(privkey_packed_indices_len, privkey_packed,
-                                                          params->N_bits, indices);
-    }
-       this->privkey = ntru_poly_create_from_data(indices, params->N, params->q,
-                                                                                          params->dF_r, params->dF_r,
-                                                                                          params->is_product_form);
-
-       /* cleanup */
-       memwipe(indices, 2 * dF * sizeof(uint16_t));
-       free(indices);
-
-       return &this->public;
-}
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create);
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create_from_data);

diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.h b/src/libstrongswan/plugins/ntru/ntru_private_key.h
deleted file mode 100644 (file)
index f3eee2b..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_private_key.h
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_private_key ntru_private_key
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_PRIVATE_KEY_H_
-#define NTRU_PRIVATE_KEY_H_
-
-typedef struct ntru_private_key_t ntru_private_key_t;
-
-#include "ntru_param_set.h"
-#include "ntru_public_key.h"
-
-#include <library.h>
-#include <crypto/drbgs/drbg.h>
-
-/**
- * Implements an NTRU encryption public/private key pair
- */
-struct ntru_private_key_t {
-
-       /**
-        * Returns NTRU parameter set ID of the private key
-        *
-        * @return                      NTRU parameter set ID
-        */
-       ntru_param_set_id_t (*get_id)(ntru_private_key_t *this);
-
-       /**
-        * Returns the NTRU encryption public key as an encoded binary blob
-        *
-        * @return                              NTRU encryption public key (must be freed after use)
-        */
-       ntru_public_key_t* (*get_public_key)(ntru_private_key_t *this);
-
-       /**
-        * Returns the packed encoding of the NTRU encryption private key
-        *
-        * @return                              Packed encoding of NTRU encryption private key
-        */
-       chunk_t (*get_encoding)(ntru_private_key_t *this);
-
-       /**
-        * Decrypts an NTRU ciphertext
-        *
-        * @param ciphertext    NTRU Ciphertext
-        * @param plaintext             Plaintext
-        * @return                              TRUE if decryption was successful
-        */
-       bool (*decrypt)(ntru_private_key_t *this, chunk_t ciphertext,
-                                       chunk_t *plaintext);
-
-       /**
-        * Destroy ntru_private_key_t object
-        */
-       void (*destroy)(ntru_private_key_t *this);
-};
-
-/**
- * Creates an NTRU encryption public/private key pair using a NIST DRBG
- *
- * @param drbg                 Digital Random Bit Generator used for key generation
- * @param params               NTRU encryption parameter set to be used
- */
-ntru_private_key_t *ntru_private_key_create(drbg_t *drbg,
-                                                                                       const ntru_param_set_t *params);
-
-/**
- * Creates an NTRU encryption private key from encoding
- *
- * @param drbg                 Deterministic random bit generator
- * @param data                 Encoded NTRU private key
- */
-ntru_private_key_t *ntru_private_key_create_from_data(drbg_t *drbg,
-                                                                                                         chunk_t data);
-
-#endif /** NTRU_PRIVATE_KEY_H_ @}*/
-

diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.c b/src/libstrongswan/plugins/ntru/ntru_public_key.c
deleted file mode 100644 (file)
index b78c6af..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_public_key.c
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Copyright (C) 2014-2016 Andreas Steffen
- *
- * Copyright (C) 2009-2013  Security Innovation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_public_key.h"
-#include "ntru_trits.h"
-#include "ntru_poly.h"
-#include "ntru_convert.h"
-
-#include <utils/debug.h>
-#include <utils/test.h>
-
-typedef struct private_ntru_public_key_t private_ntru_public_key_t;
-
-/**
- * Private data of an ntru_public_key_t object.
- */
-struct private_ntru_public_key_t {
-       /**
-        * Public ntru_public_key_t interface.
-        */
-       ntru_public_key_t public;
-
-       /**
-        * NTRU Parameter Set
-        */
-       const ntru_param_set_t *params;
-
-       /**
-        * Polynomial h which is the public key
-        */
-       uint16_t *pubkey;
-
-       /**
-        * Encoding of the public key
-        */
-       chunk_t encoding;
-
-       /**
-        * Deterministic Random Bit Generator
-        */
-       drbg_t *drbg;
-
-};
-
-METHOD(ntru_public_key_t, get_id, ntru_param_set_id_t,
-       private_ntru_public_key_t *this)
-{
-       return this->params->id;
-}
-
-/**
- * Generate NTRU encryption public key encoding
- */
-static void generate_encoding(private_ntru_public_key_t *this)
-{
-       size_t pubkey_len;
-       u_char *enc;
-
-       /* compute public key length encoded as packed coefficients */
-       pubkey_len =  (this->params->N * this->params->q_bits + 7) / 8;
-
-       /* allocate memory for public key encoding */
-       this->encoding = chunk_alloc(2 + NTRU_OID_LEN + pubkey_len);
-       enc = this->encoding.ptr;
-
-       /* format header and packed public key */
-       *enc++ = NTRU_PUBKEY_TAG;
-       *enc++ = NTRU_OID_LEN;
-       memcpy(enc, this->params->oid, NTRU_OID_LEN);
-       enc += NTRU_OID_LEN;
-       ntru_elements_2_octets(this->params->N, this->pubkey,
-                                                  this->params->q_bits, enc);
-}
-
-METHOD(ntru_public_key_t, get_encoding, chunk_t,
-       private_ntru_public_key_t *this)
-{
-       return this->encoding;
-}
-
-#define MAX_SEC_STRENGTH_LEN   32 /* bytes */
-
-/**
- * Shared with ntru_private_key.c
- */
-extern bool ntru_check_min_weight(uint16_t N, uint8_t  *t, uint16_t min_wt);
-
-METHOD(ntru_public_key_t, encrypt, bool,
-       private_ntru_public_key_t *this, chunk_t plaintext, chunk_t *ciphertext)
-{
-       ext_out_function_t alg;
-       size_t t_len, seed1_len, seed2_len;
-       uint16_t *t1, *t = NULL;
-       uint8_t b[MAX_SEC_STRENGTH_LEN];
-       uint8_t *t2, *Mtrin, *M, *mask_trits, *ptr;
-       uint16_t mod_q_mask, mprime_len = 0;
-       int16_t m1 = 0;
-       chunk_t seed = chunk_empty;
-       ntru_trits_t *mask;
-       ntru_poly_t *r_poly;
-       bool msg_rep_good, success = FALSE;
-       int i;
-
-       *ciphertext = chunk_empty;
-
-       if (plaintext.len > this->params->m_len_max)
-       {
-               DBG1(DBG_LIB, "plaintext exceeds maximum size");
-               return FALSE;
-       }
-
-       if (this->params->sec_strength_len > MAX_SEC_STRENGTH_LEN)
-       {
-               DBG1(DBG_LIB, "required security strength exceeds %d bits",
-                        MAX_SEC_STRENGTH_LEN * BITS_PER_BYTE);
-               return FALSE;
-       }
-
-       /* allocate temporary array t */
-       t_len  = (sizeof(uint16_t) + 3*sizeof(uint8_t)) * this->params->N;
-       t = malloc(t_len);
-       t1 = t;
-       t2 = (uint8_t *)(t1 + this->params->N);
-       Mtrin = t2 + this->params->N;
-       M = Mtrin + this->params->N;
-
-       /* set hash algorithm based on security strength */
-       alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
-                                                                                                  XOF_MGF1_SHA256;
-       /* set constants */
-       mod_q_mask = this->params->q - 1;
-
-       /* allocate memory for the larger of the two seeds */
-       seed1_len = (this->params->N + 3)/4;
-       seed2_len = 3 + 2*this->params->sec_strength_len + plaintext.len;
-       seed = chunk_alloc(max(seed1_len, seed2_len));
-
-       /* loop until a message representative with proper weight is achieved */
-       do
-       {
-               if (!this->drbg->generate(this->drbg, this->params->sec_strength_len, b))
-               {
-                       goto err;
-               }
-
-               /* form sData (OID || m || b || hTrunc) */
-               ptr = seed.ptr;
-               memcpy(ptr, this->params->oid, NTRU_OID_LEN);
-               ptr += NTRU_OID_LEN;
-               memcpy(ptr, plaintext.ptr, plaintext.len);
-               ptr += plaintext.len;
-               memcpy(ptr, b, this->params->sec_strength_len);
-               ptr += this->params->sec_strength_len;
-               memcpy(ptr, this->encoding.ptr + 2 + NTRU_OID_LEN,
-                          this->params->sec_strength_len);
-               ptr += this->params->sec_strength_len;
-               seed.len = seed2_len;
-
-               DBG2(DBG_LIB, "generate polynomial r");
-               r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
-                                                                                       this->params->N, this->params->q,
-                                                                                       this->params->dF_r, this->params->dF_r,
-                                                                                       this->params->is_product_form);
-               if (!r_poly)
-               {
-                  goto err;
-               }
-
-               /* form R = h * r */
-               r_poly->ring_mult(r_poly, this->pubkey, t1);
-               r_poly->destroy(r_poly);
-
-               /* form R mod 4 */
-               ntru_coeffs_mod4_2_octets(this->params->N, t1, seed.ptr);
-               seed.len = seed1_len;
-
-               /* form mask */
-               mask = ntru_trits_create(this->params->N, alg, seed);
-               if (!mask)
-               {
-                       DBG1(DBG_LIB, "mask creation failed");
-                       goto err;
-               }
-
-               /* form the padded message M */
-               ptr = M;
-               memcpy(ptr, b, this->params->sec_strength_len);
-               ptr += this->params->sec_strength_len;
-               if (this->params->m_len_len == 2)
-               {
-                       *ptr++ = (uint8_t)((plaintext.len >> 8) & 0xff);
-               }
-               *ptr++ = (uint8_t)(plaintext.len & 0xff);
-               memcpy(ptr, plaintext.ptr, plaintext.len);
-               ptr += plaintext.len;
-
-               /* add an extra zero byte in case without it the bit string
-                * is not a multiple of 3 bits and therefore might not be
-                * able to produce enough trits
-                */
-               memset(ptr, 0, this->params->m_len_max - plaintext.len + 2);
-
-               /* convert M to trits (Mbin to Mtrin) */
-               mprime_len = this->params->N;
-               if (this->params->is_product_form)
-               {
-                       --mprime_len;
-               }
-               ntru_bits_2_trits(M, mprime_len, Mtrin);
-               mask_trits = mask->get_trits(mask);
-
-
-               /* form the msg representative m' by adding Mtrin to mask, mod p */
-               if (this->params->is_product_form)
-               {
-                       m1 = 0;
-                       for (i = 0; i < mprime_len; i++)
-                       {
-                               t2[i] = mask_trits[i] + Mtrin[i];
-                               if (t2[i] >= 3)
-                               {
-                                       t2[i] -= 3;
-                               }
-                               if (t2[i] == 1)
-                               {
-                                       ++m1;
-                               }
-                               else if (t2[i] == 2)
-                               {
-                                       --m1;
-                               }
-                       }
-               }
-               else
-               {
-                       for (i = 0; i < mprime_len; i++)
-                       {
-                               t2[i] = mask_trits[i] + Mtrin[i];
-                               if (t2[i] >= 3)
-                               {
-                                       t2[i] -= 3;
-                               }
-                       }
-               }
-               mask->destroy(mask);
-
-               /* check that message representative meets minimum weight
-                * requirements
-                */
-               if (this->params->is_product_form)
-               {
-                       msg_rep_good = (abs(m1) <= this->params->min_msg_rep_wt);
-               }
-               else
-               {
-                       msg_rep_good = ntru_check_min_weight(mprime_len, t2,
-                                                                                                this->params->min_msg_rep_wt);
-               }
-       }
-       while (!msg_rep_good);
-
-       /* form ciphertext e by adding m' to R mod q */
-       for (i = 0; i < mprime_len; i++)
-       {
-               if (t2[i] == 1)
-               {
-                       t1[i] = (t1[i] + 1) & mod_q_mask;
-               }
-               else if (t2[i] == 2)
-               {
-                       t1[i] = (t1[i] - 1) & mod_q_mask;
-               }
-       }
-       if (this->params->is_product_form)
-       {
-               t1[i] = (t1[i] - m1) & mod_q_mask;
-       }
-
-       /* pack ciphertext */
-       *ciphertext = chunk_alloc((this->params->N * this->params->q_bits + 7) / 8);
-       ntru_elements_2_octets(this->params->N, t1, this->params->q_bits,
-                                                  ciphertext->ptr);
-
-       memwipe(t, t_len);
-       success = TRUE;
-
-err:
-       /* cleanup */
-       chunk_clear(&seed);
-       free(t);
-
-       return success;
-}
-METHOD(ntru_public_key_t, destroy, void,
-       private_ntru_public_key_t *this)
-{
-       this->drbg->destroy(this->drbg);
-       chunk_clear(&this->encoding);
-       free(this->pubkey);
-       free(this);
-}
-
-/*
- * Described in header.
- */
-ntru_public_key_t *ntru_public_key_create(drbg_t *drbg,
-                                                                                 const ntru_param_set_t *params,
-                                                                                 uint16_t *pubkey)
-{
-       private_ntru_public_key_t *this;
-       int i;
-
-       INIT(this,
-               .public = {
-                       .get_id = _get_id,
-                       .get_encoding = _get_encoding,
-                       .encrypt = _encrypt,
-                       .destroy = _destroy,
-               },
-               .params = params,
-               .pubkey = malloc(params->N * sizeof(uint16_t)),
-               .drbg = drbg->get_ref(drbg),
-       );
-
-       for (i = 0; i < params->N; i++)
-       {
-               this->pubkey[i] = pubkey[i];
-       }
-
-       /* generate public key encoding */
-       generate_encoding(this);
-
-       return &this->public;
-}
-
-/*
- * Described in header.
- */
-ntru_public_key_t *ntru_public_key_create_from_data(drbg_t *drbg,
-                                                                                                       chunk_t data)
-{
-       private_ntru_public_key_t *this;
-       size_t header_len, pubkey_packed_len;
-       const ntru_param_set_t *params;
-
-       header_len = 2 + NTRU_OID_LEN;
-
-       /* check the NTRU public key header format */
-       if (data.len < header_len ||
-               data.ptr[0] != NTRU_PUBKEY_TAG ||
-               data.ptr[1] != NTRU_OID_LEN)
-       {
-               DBG1(DBG_LIB, "received NTRU public key with invalid header");
-               return NULL;
-       }
-       params =  ntru_param_set_get_by_oid(data.ptr + 2);
-
-       if (!params)
-       {
-               DBG1(DBG_LIB, "received NTRU public key with unknown OID");
-               return NULL;
-       }
-
-       pubkey_packed_len = (params->N * params->q_bits + 7) / 8;
-
-       if (data.len < header_len + pubkey_packed_len)
-       {
-               DBG1(DBG_LIB, "received NTRU public key with wrong packed key size");
-               return NULL;
-       }
-
-       INIT(this,
-               .public = {
-                       .get_id = _get_id,
-                       .get_encoding = _get_encoding,
-                       .encrypt = _encrypt,
-                       .destroy = _destroy,
-               },
-               .params = params,
-               .pubkey = malloc(params->N * sizeof(uint16_t)),
-               .encoding = chunk_clone(data),
-               .drbg = drbg->get_ref(drbg),
-       );
-
-       /* unpack the encoded public key */
-       ntru_octets_2_elements(pubkey_packed_len, data.ptr + header_len,
-                                                  params->q_bits, this->pubkey);
-
-       return &this->public;
-}
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_public_key_create_from_data);

diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.h b/src/libstrongswan/plugins/ntru/ntru_public_key.h
deleted file mode 100644 (file)
index 5e22459..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_public_key.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_public_key ntru_public_key
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_PUBLIC_KEY_H_
-#define NTRU_PUBLIC_KEY_H_
-
-typedef struct ntru_public_key_t ntru_public_key_t;
-
-#include "ntru_param_set.h"
-
-#include <library.h>
-#include <crypto/drbgs/drbg.h>
-
-/**
- * Implements an NTRU encryption public key
- */
-struct ntru_public_key_t {
-
-       /**
-        * Returns NTRU parameter set ID of the public key
-        *
-        * @return                      NTRU parameter set ID
-        */
-       ntru_param_set_id_t (*get_id)(ntru_public_key_t *this);
-
-       /**
-        * Returns the packed encoding of the NTRU encryption public key
-        *
-        * @return                      Packed encoding of NTRU encryption public key
-        */
-       chunk_t (*get_encoding)(ntru_public_key_t *this);
-
-       /**
-        * Encrypts a plaintext with the NTRU public key
-        *
-        * @param ciphertext    Plaintext
-        * @param plaintext             Ciphertext
-        * @return                              TRUE if encryption was successful
-        */
-       bool (*encrypt)(ntru_public_key_t *this, chunk_t plaintext,
-                                       chunk_t *ciphertext);
-
-       /**
-        * Destroy ntru_public_key_t object
-        */
-       void (*destroy)(ntru_public_key_t *this);
-};
-
-/**
- * Creates an NTRU encryption public key from coefficients
- *
- * @param drbg                 Deterministic random bit generator
- * @param params               NTRU encryption parameter set to be used
- * @param pubkey               Coefficients of public key polynomial h
- */
-ntru_public_key_t *ntru_public_key_create(drbg_t *drbg,
-                                                                                 const ntru_param_set_t *params,
-                                                                                 uint16_t *pubkey);
-
-/**
- * Creates an NTRU encryption public key from encoding
- *
- * @param drbg                 Deterministic random bit generator
- * @param data                 Encoded NTRU public key
- */
-ntru_public_key_t *ntru_public_key_create_from_data(drbg_t *drbg,
-                                                                                                       chunk_t data);
-
-
-#endif /** NTRU_PUBLIC_KEY_H_ @}*/
-

diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c
deleted file mode 100644 (file)
index 525579b..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_trits.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (C) 2013-2016 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_trits.h"
-#include "ntru_convert.h"
-
-#include <crypto/xofs/xof_bitspender.h>
-#include <utils/debug.h>
-#include <utils/test.h>
-
-typedef struct private_ntru_trits_t private_ntru_trits_t;
-
-/**
- * Private data of an ntru_trits_t object.
- */
-struct private_ntru_trits_t {
-
-       /**
-        * Public ntru_trits_t interface.
-        */
-       ntru_trits_t public;
-
-       /**
-        * Size of the trits array
-        */
-       size_t trits_len;
-
-       /**
-        * Array containing a trit per octet
-        */
-       uint8_t *trits;
-
-};
-
-METHOD(ntru_trits_t, get_size, size_t,
-       private_ntru_trits_t *this)
-{
-       return this->trits_len;
-}
-
-METHOD(ntru_trits_t, get_trits, uint8_t*,
-       private_ntru_trits_t *this)
-{
-       return this->trits;
-}
-
-METHOD(ntru_trits_t, destroy, void,
-       private_ntru_trits_t *this)
-{
-       memwipe(this->trits, this->trits_len);
-       free(this->trits);
-       free(this);
-}
-
-/*
- * Described in header.
- */
-ntru_trits_t *ntru_trits_create(size_t len, ext_out_function_t alg,
-                                                               chunk_t seed)
-{
-       private_ntru_trits_t *this;
-       uint8_t octet, buf[5], *trits;
-       size_t trits_needed;
-       xof_bitspender_t *bitspender;
-
-       bitspender = xof_bitspender_create(alg, seed, TRUE);
-       if (!bitspender)
-       {
-           return NULL;
-       }
-
-       INIT(this,
-               .public = {
-                       .get_size = _get_size,
-                       .get_trits = _get_trits,
-                       .destroy = _destroy,
-               },
-               .trits_len = len,
-               .trits = malloc(len),
-       );
-
-       trits = this->trits;
-       trits_needed = this->trits_len;
-
-       while (trits_needed > 0)
-       {
-               if (!bitspender->get_byte(bitspender, &octet))
-               {
-                       bitspender->destroy(bitspender);
-                       destroy(this);
-                       return NULL;
-               }
-               if (octet < 243)  /* 243 = 3^5 */
-               {
-                       ntru_octet_2_trits(octet, (trits_needed < 5) ? buf : trits);
-                       if (trits_needed < 5)
-                       {
-                               memcpy(trits, buf, trits_needed);
-                               break;
-                       }
-                       trits += 5;
-                       trits_needed -= 5;
-               }
-       }
-       bitspender->destroy(bitspender);
-
-       return &this->public;
-}
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create);

diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.h b/src/libstrongswan/plugins/ntru/ntru_trits.h
deleted file mode 100644 (file)
index 4d3c356..0000000
--- a/src/libstrongswan/plugins/ntru/ntru_trits.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (C) 2013-2016 Andreas Steffen
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_trits ntru_trits
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_TRITS_H_
-#define NTRU_TRITS_H_
-
-typedef struct ntru_trits_t ntru_trits_t;
-
-#include <library.h>
-#include <crypto/xofs/xof.h>
-
-/**
- * Implements an array of trinary elements (trits)
- */
-struct ntru_trits_t {
-
-       /**
-        * Get the size of the trits array
-        *
-        * @return                      number of trinary elements
-        */
-       size_t (*get_size)(ntru_trits_t *this);
-
-       /**
-        * @return                      octet array containing a trit per octet
-        */
-       uint8_t* (*get_trits)(ntru_trits_t *this);
-
-       /**
-        * Destroy ntru_trits_t object
-        */
-       void (*destroy)(ntru_trits_t *this);
-};
-
-/**
- * Create a trits array from a seed using MGF1 with a base hash function
- *
- * @param size                 size of the trits array
- * @param alg                  MGF1 algorithm used (XOF_MGF1_SHA1 or XOF_MGF_SHA256)
- * @param seed                 seed used by MGF1 to generate trits from
- */
-ntru_trits_t *ntru_trits_create(size_t size, ext_out_function_t alg,
-                                                               chunk_t seed);
-
-#endif /** NTRU_TRITS_H_ @}*/
-

diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am
index 2d0ba7f7c6864f58be621f9c3ebbf567db17b408..e04a793e473f643739fea7cb008c1de1093ccc06 100644 (file)
--- a/src/libstrongswan/tests/Makefile.am
+++ b/src/libstrongswan/tests/Makefile.am
@@ -64,7 +64,6 @@ libstrongswan_tests_SOURCES = tests.h tests.c \
   suites/test_rng_tester.c \
   suites/test_mgf1.c \
   suites/test_prf_plus.c \
-  suites/test_ntru.c \
   suites/test_ed25519.c \
   suites/test_ed448.c \
   suites/test_signature_params.c \

diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c
deleted file mode 100644 (file)
index 0a9f42b..0000000
--- a/src/libstrongswan/tests/suites/test_ntru.c
+++ /dev/null
@@ -1,1039 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "test_suite.h"
-
-#include <utils/test.h>
-#include <crypto/xofs/xof.h>
-#include <crypto/drbgs/drbg.h>
-#include <crypto/rngs/rng_tester.h>
-#include <plugins/ntru/ntru_trits.h>
-#include <plugins/ntru/ntru_poly.h>
-#include <plugins/ntru/ntru_param_set.h>
-#include <plugins/ntru/ntru_private_key.h>
-
-IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
-                                                 size_t len, ext_out_function_t alg, chunk_t seed)
-
-IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
-                                                 ext_out_function_t alg, chunk_t seed, uint8_t c_bits,
-                                                 uint16_t N, uint16_t q, uint32_t indices_len_p,
-                                                 uint32_t indices_len_m, bool is_product_form)
-
-IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*,
-                                                 uint16_t *data, uint16_t N, uint16_t q,
-                                                 uint32_t indices_len_p, uint32_t indices_len_m,
-                                                 bool is_product_form)
-
-IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_param_set_get_by_id,  ntru_param_set_t* ,
-                                                 ntru_param_set_id_t id)
-
-IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create, ntru_private_key_t*,
-                                                 drbg_t *drbg, ntru_param_set_t *params)
-
-IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create_from_data, ntru_private_key_t*,
-                                                 drbg_t *drbg, chunk_t data)
-
-IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_public_key_create_from_data, ntru_public_key_t*,
-                                                 drbg_t *drbg, chunk_t data)
-
-/**
- * NTRU parameter sets to test
- */
-static struct {
-       key_exchange_method_t ke;
-       char *name;
-} params[] = {
-       { NTRU_112_BIT, "NTRU_112" },
-       { NTRU_128_BIT, "NTRU_128" },
-       { NTRU_192_BIT, "NTRU_192" },
-       { NTRU_256_BIT, "NTRU_256" }
-};
-
-/**
- * NTRU parameter set selection
- */
-char *parameter_sets[] = {
-               "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum"
-};
-
-typedef struct {
-       uint8_t c_bits;
-       uint16_t N;
-       uint16_t q;
-       bool is_product_form;
-       uint32_t indices_len;
-       uint32_t indices_size;
-       uint16_t *indices;
-} poly_test_t;
-
-typedef struct {
-       ext_out_function_t alg;
-       size_t hash_size;
-       size_t seed_len;
-       chunk_t seed;
-       chunk_t trits;
-       poly_test_t poly_test[2];
-} trits_test_t;
-
-uint16_t indices_ees439ep1[] = {
-       367, 413,  16, 214, 114, 128,  42, 268, 346, 329, 119, 303, 208, 287, 150,
-         3,  45, 321, 110, 109, 272, 430,  80, 305,  51, 381, 322, 140, 207, 315,
-       206, 186,  56,   5, 273, 177,  44, 100, 205, 210,  98, 191,   8, 336
-};
-
-uint16_t indices_ees613ep1[] = {
-       245, 391, 251, 428, 301,   2, 176, 296, 461, 224, 590, 215, 250,  91, 395,
-       363,  58, 537, 278, 291, 247,  33, 140, 447, 172, 514, 424, 412,  95,  94,
-       281, 159, 196, 302, 277,  63, 404, 150, 608, 315, 195, 334, 207, 376, 398,
-         0, 309, 486, 516,  86, 267, 139, 130,  38, 141, 258,  21, 341, 526, 388,
-       194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320,
-       186, 327, 212, 543,  82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434,
-       134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523,  32,  62, 297,
-       283, 268,  54, 539,   5
-};
-
-uint16_t indices_ees743ep1[] = {
-       285,  62, 136, 655, 460,  35, 450, 208, 340, 212,  61, 234, 454,  52, 520,
-       399, 315, 616, 496,  88, 280, 543, 508, 237, 553,  39, 214, 253, 720, 291,
-       586, 615, 635, 596,  62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683,
-       180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423,
-       197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137
-};
-
-uint16_t indices_ees1171ep1[] = {
-       514, 702, 760, 505, 262, 486, 695, 783, 533,  74, 403, 847, 170,1019, 568,
-       676,1057, 277,1021, 238, 203, 884, 124,  87,  65,  93, 131, 881,1102, 133,
-       459, 462,  92,  40,   5,1152,1158, 297, 599, 299,   7, 458, 347, 343, 173,
-   1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295,
-   1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549,
-       821,1098, 823,  96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993,
-       983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250,  37, 213,
-       929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500,
-       913, 332,1118, 753, 946, 775,  59, 809, 782, 612, 909,1090, 223, 777, 940,
-       866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487,
-       215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054,
-       400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210,
-       333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422,  80, 924,1089, 547,
-   1157, 579,   2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179,
-       536, 191
-};
-
-/**
- * Trits and Polynomial Test Vectors
- */
-static trits_test_t trits_tests[] = {
-       {       XOF_MGF1_SHA1, 20, 24,
-               chunk_from_chars(
-                                               0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
-                                               0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
-                                               0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2,
-                                               0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5,
-                                               0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20,
-                                               0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3,
-                                               0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F,
-                                               0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66,
-                                               0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72,
-                                               0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0,
-                                               0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D,
-                                               0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6,
-                                               0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB,
-                                               0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20),
-               chunk_from_chars(
-                               1, 2, 1, 0, 0,  1, 1, 1, 2, 0,  1, 0, 1, 1, 1,  0, 2, 0, 1, 1,
-                               0, 0, 0, 1, 1,  0, 2, 0, 2, 2,  1, 2, 2, 2, 1,  2, 1, 1, 0, 0,
-                               2, 0, 1, 1, 1,  0, 0, 0, 0, 1,  1, 2, 0, 0, 1,  0, 1, 0, 2, 0,
-                               0, 1, 0, 2, 1,  0, 0, 0, 2, 0,  0, 0, 1, 2, 2,  0, 0, 2, 0, 1,
-                               1, 2, 1, 1, 0,  0, 1, 1, 1, 2,  2, 1, 2, 0, 0,  2, 1, 0, 0, 1,
-                               0, 1, 1, 0, 0,  0, 1, 2, 2, 0,  1, 2, 1, 2, 0,  2, 0, 0, 0, 2,
-                               1, 2, 0, 0, 0,  2, 0, 0, 0, 2,  2, 1, 0, 2, 0,  1, 2, 0, 2, 1,
-                               0, 2, 2, 1, 0,  2, 1, 2, 2, 0,  2, 0, 2, 1, 2,  2, 0, 2, 0, 1,
-                               1, 2, 2, 2, 2,  1, 0, 1, 0, 2,  2, 0, 1, 1, 2,  2, 2, 0, 0, 1,
-                               0, 2, 0, 1, 0,  2, 1, 2, 1, 0,  1, 1, 2, 0, 0,  2, 1, 1, 2, 0,
-                               1, 2, 1, 1, 0,  1, 0, 2, 1, 1,  1, 2, 1, 0, 2,  0, 2, 0, 0, 2,
-                               2, 1, 0, 0, 2,  2, 0, 1, 1, 0,  0, 1, 1, 0, 1,  1, 2, 1, 2, 2,
-                               2, 0, 0, 0, 0,  1, 0, 0, 1, 2,  1, 2, 0, 2, 1,  1, 1, 0, 2, 2,
-                               1, 2, 2, 1, 0,  1, 0, 2, 2, 2,  1, 2, 1, 0, 0,  1, 0, 1, 1, 1,
-                               1, 1, 2, 0, 0,  2, 1, 0, 2, 1,  2, 1, 0, 2, 2,  0, 0, 1, 2, 1,
-                               2, 0, 1, 2, 1,  1, 2, 0, 2, 0,  2, 1, 1, 1, 0,  0, 0, 1, 2, 1,
-                               2, 2, 1, 2, 1,  1, 2, 1, 2, 0,  2, 2, 1, 0, 0,  1, 2, 0, 1, 1,
-                               2, 0, 0, 0, 1,  2, 2, 1, 2, 0,  0, 2, 1, 0, 2,  2, 2, 1, 1, 0,
-                               2, 1, 2, 1, 2,  2, 1, 2, 1, 1,  0, 1, 1, 1, 1,  2, 0, 2, 2, 1,
-                               0, 1, 1, 2, 1,  2, 0, 2, 1, 0,  1, 0, 1, 0, 1,  2, 0, 1, 1, 0,
-                               0, 1, 1, 2, 0,  2, 2, 0, 0, 0,  1, 1, 0, 1, 0,  1, 1, 0, 1, 1,
-                               0, 1, 2, 0, 1,  1, 0, 1, 2, 0,  0, 1, 2, 2, 0,  0, 2, 1, 2),
-               {
-                       {       9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16),
-                               countof(indices_ees439ep1), indices_ees439ep1
-                       },
-                       {       11, 613, 2048, FALSE, 55,
-                               countof(indices_ees613ep1), indices_ees613ep1
-                       }
-               }
-       },
-       {       XOF_MGF1_SHA256, 32, 40,
-               chunk_from_chars(
-                                               0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
-                                               0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
-                                               0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE,
-                                               0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42,
-                                               0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A,
-                                               0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07,
-                                               0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43,
-                                               0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC,
-                                               0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36,
-                                               0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4,
-                                               0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2,
-                                               0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58,
-                                               0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC,
-                                               0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8,
-                                               0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1,
-                                               0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46,
-                                               0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91,
-                                               0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4,
-                                               0x54, 0xEE, 0x20, 0xF0, 0x80),
-               chunk_from_chars(
-                               1, 2, 2, 2, 2,  1, 2, 2, 0, 0,  2, 0, 0, 0, 0,  1, 2, 2, 2, 0,
-                               2, 0, 0, 2, 2,  1, 2, 0, 0, 1,  2, 1, 0, 0, 0,  1, 0, 2, 2, 1,
-                               1, 2, 0, 0, 0,  1, 2, 0, 2, 2,  1, 2, 1, 0, 1,  0, 1, 2, 1, 1,
-                               1, 2, 0, 1, 0,  2, 1, 1, 0, 0,  0, 1, 2, 0, 0,  1, 2, 1, 2, 0,
-                               2, 1, 1, 1, 2,  2, 2, 2, 1, 0,  0, 2, 0, 2, 0,  1, 1, 0, 2, 2,
-                               2, 0, 1, 0, 2,  2, 1, 0, 1, 0,  1, 0, 0, 2, 2,  0, 0, 1, 2, 0,
-                               1, 1, 1, 0, 0,  2, 0, 2, 1, 2,  2, 2, 0, 0, 2,  1, 0, 2, 0, 1,
-                               0, 1, 2, 0, 1,  2, 0, 1, 0, 1,  2, 0, 2, 2, 0,  1, 2, 2, 1, 2,
-                               2, 2, 0, 2, 1,  1, 1, 0, 0, 1,  0, 2, 0, 0, 1,  0, 1, 2, 0, 0,
-                               1, 2, 1, 0, 2,  1, 1, 0, 0, 2,  1, 2, 2, 2, 1,  2, 1, 1, 2, 2,
-                               0, 2, 0, 0, 2,  0, 0, 1, 1, 2,  0, 0, 0, 1, 2,  1, 1, 1, 1, 0,
-                               0, 0, 2, 0, 2,  0, 2, 2, 1, 2,  2, 0, 0, 1, 1,  1, 0, 1, 0, 1,
-                               0, 1, 2, 2, 0,  2, 1, 1, 0, 2,  1, 2, 1, 2, 1,  0, 0, 1, 0, 0,
-                               1, 0, 1, 0, 2,  0, 2, 0, 0, 1,  2, 0, 2, 0, 1,  1, 0, 2, 0, 0,
-                               1, 2, 1, 2, 1,  2, 1, 0, 1, 1,  2, 2, 1, 1, 0,  0, 2, 1, 2, 0,
-                               1, 0, 2, 0, 0,  1, 2, 0, 2, 0,  1, 1, 2, 2, 2,  2, 0, 0, 1, 2,
-                               1, 1, 1, 0, 2,  1, 2, 2, 0, 2,  0, 1, 2, 2, 0,  1, 1, 1, 0, 0,
-                               2, 0, 1, 0, 1,  0, 2, 1, 2, 0,  2, 1, 2, 1, 2,  2, 0, 2, 1, 0,
-                               2, 1, 2, 0, 0,  2, 0, 1, 2, 1,  1, 2, 0, 0, 0,  0, 1, 2, 0, 1,
-                               2, 2, 1, 0, 0,  1, 2, 1, 2, 0,  0, 1, 1, 0, 0,  0, 1, 0, 0, 0,
-                               2, 0, 1, 2, 1,  2, 0, 0, 0, 2,  1, 0, 0, 0, 1,  2, 2, 0, 0, 0,
-                               2, 2, 1, 1, 0,  1, 0, 2, 2, 0,  2, 1, 2, 1, 0,  2, 2, 2, 0, 0,
-                               0, 1, 1, 2, 1,  0, 0, 0, 0, 1,  2, 2, 1, 2, 1,  2, 0, 2, 0, 2,
-                               1, 1, 1, 2, 1,  2, 1, 2, 1, 1,  0, 1, 0, 2, 0,  0, 0, 2, 1, 2,
-                               2, 2, 2, 0, 1,  1, 1, 0, 1, 0,  2, 0, 2, 1, 0,  1, 2, 1, 1, 0,
-                               1, 2, 1, 0, 0,  2, 1, 0, 1, 1,  2, 2, 1, 1, 1,  2, 2, 2, 1, 0,
-                               0, 0, 0, 1, 1,  0, 0, 2, 2, 2,  2, 2, 0, 1, 2,  0, 1, 2, 0, 1,
-                               1, 0, 1, 1, 2,  2, 0, 1, 1, 0,  2, 2, 1, 1, 1,  2, 1, 2, 2, 1,
-                               1, 0, 1, 0, 2,  2, 1, 0, 2, 2,  2, 2, 2, 1, 0,  2, 2, 2, 1, 2,
-                               0, 2, 0, 0, 0,  0, 0, 1, 2, 0,  1, 0, 1),
-               {
-                       {       13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16),
-                               countof(indices_ees743ep1), indices_ees743ep1
-                       },
-                       {       12, 1171, 2048, FALSE, 106,
-                               countof(indices_ees1171ep1), indices_ees1171ep1
-                       }
-               }
-       }
-};
-
-START_TEST(test_ntru_trits)
-{
-       ntru_trits_t *mask;
-       chunk_t trits;
-
-       mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
-                                                XOF_UNDEFINED, trits_tests[_i].seed);
-       ck_assert(mask == NULL);
-
-       mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
-                                                trits_tests[_i].alg, chunk_empty);
-       ck_assert(mask == NULL);
-
-       mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
-                                                trits_tests[_i].alg, trits_tests[_i].seed);
-       ck_assert(mask);
-
-       trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
-       ck_assert(chunk_equals(trits, trits_tests[_i].trits));
-       mask->destroy(mask);
-
-       /* generate a multiple of 5 trits */
-       mask = TEST_FUNCTION(ntru, ntru_trits_create, 10, trits_tests[_i].alg,
-                                                trits_tests[_i].seed);
-       ck_assert(mask);
-
-       trits = chunk_create(mask->get_trits(mask), mask->get_size(mask));
-       ck_assert(chunk_equals(trits, chunk_create(trits_tests[_i].trits.ptr, 10)));
-       mask->destroy(mask);
-}
-END_TEST
-
-START_TEST(test_ntru_poly)
-{
-       ntru_poly_t *poly;
-       uint16_t *indices;
-       chunk_t seed;
-       poly_test_t *p;
-       int j, n;
-
-       seed = trits_tests[_i].seed;
-       seed.len = trits_tests[_i].seed_len;
-
-       p = &trits_tests[_i].poly_test[0];
-       poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, XOF_UNDEFINED, seed,
-                                                p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
-                                                p->is_product_form);
-       ck_assert(poly == NULL);
-
-       for (n = 0; n < 2; n++)
-       {
-               p = &trits_tests[_i].poly_test[n];
-               poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed,
-                                                       trits_tests[_i].alg, seed, p->c_bits, p->N, p->q,
-                                                       p->indices_len, p->indices_len, p->is_product_form);
-               ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size);
-
-               indices = poly->get_indices(poly);
-               for (j = 0; j < p->indices_size; j++)
-               {
-                       ck_assert(indices[j] == p->indices[j]);
-               }
-               poly->destroy(poly);
-       }
-}
-END_TEST
-
-typedef struct {
-       uint16_t N;
-       uint16_t q;
-       bool is_product_form;
-       uint32_t indices_len_p;
-       uint32_t indices_len_m;
-       uint16_t *indices;
-       uint16_t *a;
-       uint16_t *c;
-} ring_mult_test_t;
-
-uint16_t t1_indices[] = { 1, 6, 5, 3 };
-
-uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 };
-uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 };
-
-uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 };
-uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 };
-
-uint16_t t3_a[]  = { 4, 0, 0, 0, 0, 0, 0 };
-uint16_t t3_c[]  = { 0, 4, 0, 4, 0, 4, 4 };
-
-uint16_t t4_a[]  = { 0, 6, 0, 0, 0, 0, 0 };
-uint16_t t4_c[]  = { 6, 0, 6, 0, 2, 0, 2 };
-
-uint16_t t5_a[]  = { 4, 6, 0, 0, 0, 0, 0 };
-uint16_t t5_c[]  = { 6, 4, 6, 4, 2, 4, 6 };
-
-uint16_t t6_a[]  = { 0, 0, 3, 0, 0, 0, 0 };
-uint16_t t6_c[]  = { 5, 3, 0, 3, 0, 5, 0 };
-
-uint16_t t7_a[]  = { 4, 6, 3, 0, 0, 0, 0 };
-uint16_t t7_c[]  = { 3, 7, 6, 7, 2, 1, 6 };
-
-uint16_t t8_a[]  = { 0, 0, 0, 7, 0, 0, 0 };
-uint16_t t8_c[]  = { 0, 1, 7, 0, 7, 0, 1 };
-
-uint16_t t9_a[]  = { 4, 6, 3, 7, 0, 0, 0 };
-uint16_t t9_c[]  = { 3, 0, 5, 7, 1, 1, 7 };
-
-uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 };
-uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 };
-
-uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 };
-uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 };
-
-uint16_t t2_indices[] = { 1, 6, 5, 2, 3 };
-
-uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 };
-uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 };
-uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 };
-uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 };
-uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 };
-
-uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 };
-
-uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
-uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 };
-
-ring_mult_test_t ring_mult_tests[] = {
-       {  7,     8, FALSE, 2, 2, t1_indices, t1_a,  t1_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t2_a,  t2_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t3_a,  t3_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t4_a,  t4_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t5_a,  t5_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t6_a,  t6_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t7_a,  t7_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t8_a,  t8_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t9_a,  t9_c  },
-       {  7,     8, FALSE, 2, 2, t1_indices, t10_a, t10_c },
-       {  7,     8, FALSE, 2, 2, t1_indices, t11_a, t11_c },
-       {  7,     8, FALSE, 3, 2, t2_indices, t1_a,  t12_c },
-       {  7,     8, FALSE, 2, 3, t2_indices, t1_a,  t13_c },
-       {  7,    32, FALSE, 2, 2, t1_indices, t1_a,  t14_c },
-       {  7,  2048, FALSE, 2, 2, t1_indices, t2_a,  t15_c },
-       {  7, 32768, FALSE, 2, 2, t1_indices, t2_a,  t16_c },
-       { 11,     8, TRUE, 197121, 197121, t3_indices, t17_a,  t17_c },
-};
-
-START_TEST(test_ntru_ring_mult)
-{
-       ntru_poly_t *poly;
-       ring_mult_test_t *t;
-       uint16_t *c;
-       int i;
-
-       t = &ring_mult_tests[_i];
-       poly = TEST_FUNCTION(ntru, ntru_poly_create_from_data, t->indices, t->N,
-                                                t->q, t->indices_len_p, t->indices_len_m,
-                                                t->is_product_form);
-       ck_assert(poly != NULL);
-
-       c = malloc(t->N * sizeof(uint16_t));
-       poly->ring_mult(poly, t->a, c);
-
-       for (i = 0; i < t->N; i++)
-       {
-               ck_assert(c[i] == t->c[i]);
-       }
-
-       free(c);
-       poly->destroy(poly);
-}
-END_TEST
-
-int array_tests[] = { 0, 11, 12, 16 };
-
-START_TEST(test_ntru_array)
-{
-       ntru_poly_t *poly;
-       ring_mult_test_t *t;
-       uint16_t *c;
-       int i;
-
-       t = &ring_mult_tests[array_tests[_i]];
-
-       poly = TEST_FUNCTION(ntru, ntru_poly_create_from_data, t->indices, t->N,
-                                                t->q, t->indices_len_p, t->indices_len_m,
-                                                t->is_product_form);
-       ck_assert(poly != NULL);
-
-       c = malloc(t->N * sizeof(uint16_t));
-       poly->get_array(poly, c);
-
-       for (i = 0; i < t->N; i++)
-       {
-               ck_assert(c[i] == t->c[i]);
-       }
-
-       free(c);
-       poly->destroy(poly);
-}
-END_TEST
-
-START_TEST(test_ntru_param_set)
-{
-       ck_assert(TEST_FUNCTION(ntru, ntru_param_set_get_by_id, -1) == NULL);
-       ck_assert(TEST_FUNCTION(ntru, ntru_param_set_get_by_id, 16) == NULL);
-}
-END_TEST
-
-typedef struct {
-       ntru_param_set_id_t id;
-       chunk_t entropy;
-       chunk_t encoding;
-} privkey_test_t;
-
-privkey_test_t privkey_tests[] = {
-       {
-               NTRU_EES401EP1,
-               chunk_from_chars(
-                                               0x0C, 0x2F, 0x24, 0xE1, 0xA4, 0x81, 0x26, 0xA2,
-                                               0x6C, 0xEA, 0xCD, 0x1A, 0xF3, 0xEB, 0x3D, 0xBF,
-                                               0xEA, 0xAE, 0xC3, 0x0D, 0xC1),
-               chunk_from_chars(
-                                               0x02, 0x03, 0x00, 0x02, 0x04, 0x3E, 0xF3, 0xCB,
-                                               0x7A, 0x58, 0x13, 0x75, 0xBB, 0x87, 0xF5, 0xBF,
-                                               0x2E, 0x18, 0xAE, 0x03, 0xAF, 0xB8, 0x33, 0x85,
-                                               0xD8, 0xBF, 0x8A, 0xB5, 0x8C, 0xA6, 0xDF, 0x03,
-                                               0x90, 0x1E, 0xE4, 0x83, 0xA4, 0x95, 0x40, 0xB5,
-                                               0x08, 0x92, 0x29, 0xD8, 0x83, 0xA8, 0x42, 0xB2,
-                                               0x69, 0xC2, 0x00, 0x8B, 0xAE, 0x80, 0x00, 0x4F,
-                                               0x3D, 0xDD, 0xFB, 0xDB, 0x9A, 0xD8, 0x0F, 0xFF,
-                                               0xBC, 0x21, 0xD5, 0xE6, 0x04, 0x9C, 0xDD, 0x3B,
-                                               0x2D, 0x16, 0x4B, 0xC7, 0x3D, 0xBE, 0xDE, 0xBB,
-                                               0x6F, 0xF4, 0x8A, 0x31, 0xCD, 0x23, 0x19, 0xC2,
-                                               0x3C, 0xE1, 0xE2, 0xEE, 0xE4, 0xE7, 0x2E, 0xFC,
-                                               0x5C, 0xDD, 0xAD, 0x0C, 0x9D, 0x98, 0xC5, 0x18,
-                                               0x2A, 0x80, 0x21, 0x93, 0x61, 0xC4, 0x9A, 0x16,
-                                               0xE8, 0x9B, 0xF7, 0x3B, 0x6D, 0x06, 0x91, 0x9E,
-                                               0x71, 0x59, 0xBE, 0x8E, 0x65, 0x61, 0xB2, 0x69,
-                                               0x9C, 0x82, 0x58, 0x0D, 0x63, 0x7A, 0x1F, 0x2A,
-                                               0x1C, 0x2C, 0x92, 0x8C, 0x8D, 0xCA, 0x2B, 0x45,
-                                               0x24, 0x79, 0xDB, 0x7F, 0x1D, 0x2F, 0xAB, 0x88,
-                                               0x8C, 0x1D, 0xE3, 0x15, 0x8F, 0xCD, 0x46, 0x8C,
-                                               0x45, 0x20, 0x88, 0x1C, 0x17, 0xE0, 0xE5, 0x89,
-                                               0xF4, 0x60, 0x56, 0x3C, 0x6B, 0x9F, 0x2A, 0xD9,
-                                               0xD0, 0xAE, 0x3B, 0xB6, 0xC2, 0xB7, 0x58, 0xC6,
-                                               0x6E, 0x09, 0x36, 0x21, 0x0B, 0xDD, 0xE9, 0x52,
-                                               0x33, 0x27, 0x39, 0xC8, 0x51, 0x59, 0x69, 0x25,
-                                               0xC6, 0x3D, 0x19, 0x5C, 0x5E, 0x74, 0xD0, 0x62,
-                                               0xD9, 0x26, 0x90, 0xC7, 0x64, 0x92, 0xA8, 0x72,
-                                               0xD1, 0x77, 0x1F, 0x78, 0xC5, 0x11, 0xBD, 0x5D,
-                                               0x3C, 0x1B, 0x1F, 0x8B, 0x5B, 0xE4, 0x5D, 0xA1,
-                                               0x27, 0x6D, 0x20, 0x24, 0x32, 0x53, 0xF3, 0xB0,
-                                               0xE6, 0x71, 0x61, 0xCC, 0xFC, 0x4A, 0x06, 0xDA,
-                                               0xBE, 0xD7, 0x9F, 0x2F, 0xEB, 0x44, 0xD0, 0x8A,
-                                               0x7D, 0x8E, 0x82, 0xF5, 0x84, 0xCF, 0x8E, 0xE5,
-                                               0x4B, 0xA4, 0x30, 0x77, 0xBD, 0x14, 0xB9, 0x75,
-                                               0x02, 0x68, 0xDF, 0x71, 0x89, 0x81, 0xF2, 0x95,
-                                               0xC3, 0x67, 0x6E, 0x37, 0xE4, 0xD0, 0xC9, 0x1E,
-                                               0x02, 0xDE, 0x2D, 0x79, 0x99, 0xE8, 0x7D, 0x5C,
-                                               0x99, 0xF2, 0x1A, 0xDE, 0x12, 0x9B, 0xD1, 0x83,
-                                               0x9B, 0x01, 0xD3, 0xEB, 0x2B, 0x8E, 0x9C, 0xA5,
-                                               0x19, 0xE8, 0x2E, 0xFE, 0x23, 0x6E, 0xAD, 0x8F,
-                                               0x3C, 0xAF, 0xB9, 0xE6, 0xDB, 0x07, 0xA4, 0x31,
-                                               0x02, 0x2B, 0x6A, 0xA0, 0xFB, 0x51, 0x6C, 0xD0,
-                                               0x26, 0xD5, 0xAD, 0x29, 0x65, 0x10, 0xCE, 0xF8,
-                                               0x84, 0x4D, 0x1E, 0x37, 0x92, 0xA2, 0xD1, 0xFA,
-                                               0xF6, 0xC0, 0x36, 0x4C, 0x23, 0x3A, 0x42, 0xAA,
-                                               0xB8, 0x0D, 0x4E, 0xD4, 0x40, 0x61, 0xD5, 0x36,
-                                               0x62, 0x23, 0x7C, 0x1C, 0x5E, 0xEA, 0x16, 0xAD,
-                                               0x4F, 0x30, 0xF9, 0x16, 0x99, 0xCE, 0xC5, 0x50,
-                                               0xAC, 0x8F, 0x6F, 0x98, 0xD7, 0xE3, 0x89, 0x6E,
-                                               0x3A, 0x12, 0xCE, 0xA7, 0xA4, 0x17, 0x74, 0xDC,
-                                               0xDB, 0xFA, 0xFF, 0xF9, 0x35, 0xD7, 0xF5, 0x77,
-                                               0x03, 0xF5, 0xBF, 0x81, 0x6C, 0x9F, 0x62, 0xA6,
-                                               0x8A, 0x5B, 0xA3, 0xEF, 0x9D, 0xC3, 0xF6, 0x3A,
-                                               0x6A, 0xC0, 0x42, 0x71, 0xAF, 0x90, 0xCA, 0x1D,
-                                               0x86, 0x78, 0xD7, 0x2C, 0xFE, 0xB6, 0x99, 0x15,
-                                               0x8C, 0x10, 0x42, 0x92, 0x2C, 0x05, 0x43, 0x92,
-                                               0x69, 0x05, 0x8D, 0x9E, 0xBC, 0xAB, 0x8F, 0x28,
-                                               0xAA, 0x4B, 0xFB, 0x25, 0xD9, 0xAD, 0x29, 0xFF,
-                                               0x33, 0x65, 0x14, 0xC3, 0x75, 0x1F, 0xCF, 0xFC,
-                                               0x20, 0x83, 0xBF, 0xB9, 0xA5, 0x4B, 0x7B, 0xD9,
-                                               0x07, 0x5C, 0xA1, 0xD1, 0x5A, 0x3E, 0x94, 0xF8,
-                                               0x03, 0xDE, 0xB8, 0x94, 0x11, 0x92, 0x80, 0x77,
-                                               0x57, 0x45, 0x1E, 0x6B, 0xA5, 0x15, 0xDB, 0x48,
-                                               0xB6, 0x9E, 0x02, 0xF1, 0x61, 0x4A, 0xAC, 0x1D,
-                                               0x49, 0xBC, 0xA9, 0x3F, 0x03, 0x50, 0xAC, 0x02,
-                                               0x8E, 0x84, 0xE0, 0x12, 0x37, 0x76, 0xBC, 0x4A,
-                                               0xF9, 0xC6, 0x74, 0x36, 0xFC, 0x92, 0x1D, 0x59,
-                                               0x0C, 0x04, 0xD2, 0x14, 0xB7, 0x11, 0xE9, 0xE2,
-                                               0xFE, 0x0C, 0xE1, 0xDA, 0x8B, 0xCA, 0x10, 0xA1,
-                                               0x60, 0xB6, 0x57, 0x51, 0x00, 0xD6, 0x5B, 0x55,
-                                               0x09, 0x60, 0xE8, 0x00, 0x40, 0x45, 0x56, 0xBA,
-                                               0x83, 0x1E, 0x36, 0x12, 0x59, 0x4B, 0x19, 0x00,
-                                               0x53, 0xAE, 0x62, 0xA6, 0x29, 0x39, 0xED, 0x87,
-                                               0x24, 0x37, 0x1E, 0x1B, 0xCF, 0x3F, 0x3A, 0x71,
-                                               0x31, 0xB5, 0x50, 0x8D, 0x4B, 0x53, 0x53, 0x75,
-                                               0x3F, 0x33, 0x39, 0x09, 0x2A, 0x78, 0xA8, 0x71,
-                                               0x3E, 0x63, 0xC5, 0x61, 0x73, 0xB6, 0xE1, 0x71,
-                                               0x16, 0xDA, 0x06, 0xBF, 0x3F, 0x22, 0x74, 0x89,
-                                               0x08, 0xD2, 0x05, 0x0B, 0x16, 0xC8, 0xF0, 0x17,
-                                               0x4E, 0xA2, 0x65, 0x67, 0x6D, 0x02)
-       },
-       {
-               NTRU_EES743EP1,
-               chunk_from_chars(
-                                               0x9B, 0xAB, 0x57, 0xDB, 0x2C, 0x60, 0x83, 0x48,
-                                               0x9F, 0xC9, 0x70, 0x8F, 0x69, 0xF7, 0xB4, 0xBB,
-                                               0x63, 0x5C, 0x9A, 0x63, 0x07, 0x80, 0x17, 0xD3,
-                                               0xCD, 0xB1, 0x57, 0x79, 0xFE, 0x8D, 0x81, 0x70,
-                                               0xEB, 0x50, 0xFA, 0x05, 0xFB, 0x97, 0xB2, 0xAB,
-                                               0x25, 0xED, 0xD8, 0x18, 0x1C, 0xFE, 0x96, 0x7D),
-               chunk_from_chars(
-                                               0x02, 0x03, 0x00, 0x06, 0x10, 0x14, 0x53, 0x73,
-                                               0x56, 0xF5, 0xA9, 0x34, 0xDE, 0xA6, 0x4D, 0x46,
-                                               0x05, 0x9E, 0x80, 0xAE, 0xB6, 0x74, 0x91, 0xFF,
-                                               0xFB, 0x48, 0xD3, 0x5C, 0x61, 0x12, 0x46, 0x02,
-                                               0x9F, 0x53, 0x45, 0x87, 0x47, 0xBD, 0x6B, 0x26,
-                                               0xF7, 0x36, 0xD3, 0x99, 0x1B, 0xD7, 0xEA, 0xA3,
-                                               0xA8, 0x94, 0xFF, 0x93, 0x46, 0x7C, 0x2C, 0x5F,
-                                               0x87, 0x8C, 0x38, 0xB3, 0x7B, 0xC6, 0x49, 0xE2,
-                                               0x88, 0xCA, 0x67, 0x89, 0xD0, 0x6D, 0x7C, 0xAE,
-                                               0x7C, 0x98, 0x84, 0xDA, 0x6B, 0x93, 0x92, 0xEF,
-                                               0x4A, 0xD1, 0x4A, 0xD2, 0x5B, 0x13, 0xF8, 0x59,
-                                               0x15, 0x2E, 0xBC, 0x70, 0x8D, 0x2D, 0xA9, 0x47,
-                                               0xA1, 0x99, 0x19, 0x3F, 0x67, 0xE8, 0x18, 0xA7,
-                                               0x17, 0x07, 0xB3, 0x14, 0xF6, 0x20, 0xA1, 0xD8,
-                                               0x33, 0xE8, 0x08, 0x6A, 0xC1, 0x39, 0x99, 0x08,
-                                               0xB4, 0x88, 0xEB, 0x48, 0x7D, 0xFB, 0xF5, 0xEF,
-                                               0x03, 0x0D, 0x25, 0xB7, 0x98, 0xF3, 0xF1, 0x15,
-                                               0x63, 0xE4, 0x0F, 0xFD, 0x54, 0x9F, 0x56, 0xE9,
-                                               0xD1, 0x44, 0xE5, 0x89, 0x66, 0x14, 0x91, 0x1C,
-                                               0xFD, 0xD6, 0xFD, 0x38, 0xAE, 0x39, 0xE3, 0xF7,
-                                               0xCD, 0x77, 0xC2, 0xEA, 0x2E, 0xE4, 0xB7, 0x2B,
-                                               0xBA, 0x7A, 0xD1, 0x75, 0xB8, 0x28, 0x65, 0x18,
-                                               0xF4, 0xC6, 0xBD, 0xD0, 0x17, 0x7E, 0xEA, 0x86,
-                                               0x7E, 0xFC, 0x95, 0xD6, 0x4C, 0x92, 0x01, 0xC3,
-                                               0xFF, 0x04, 0x9B, 0xF8, 0xD6, 0xB3, 0x8F, 0x72,
-                                               0xEF, 0x64, 0x09, 0x61, 0xF8, 0xE4, 0x48, 0xFC,
-                                               0x0D, 0xEE, 0xEF, 0xA2, 0x9F, 0x3A, 0x2B, 0x1A,
-                                               0xFB, 0x8B, 0xA0, 0x9C, 0x11, 0x0B, 0x97, 0x75,
-                                               0x30, 0x7C, 0xB8, 0x9F, 0xEE, 0x3B, 0x53, 0x85,
-                                               0x7D, 0xE9, 0xCB, 0xC4, 0x4D, 0xD7, 0x7F, 0x59,
-                                               0x10, 0x72, 0x19, 0x3A, 0xC9, 0x38, 0xFE, 0xE8,
-                                               0xB3, 0x06, 0x55, 0x8D, 0xA2, 0x5A, 0x3D, 0x79,
-                                               0x67, 0x0E, 0x90, 0xC9, 0x25, 0x6D, 0x45, 0x9C,
-                                               0x39, 0x79, 0x5F, 0x18, 0x35, 0x9F, 0xC1, 0x49,
-                                               0x08, 0x6F, 0x1C, 0x47, 0x09, 0x0D, 0x49, 0x7C,
-                                               0x3C, 0x7B, 0xB1, 0x09, 0x92, 0x1C, 0x4E, 0x5A,
-                                               0xDA, 0x74, 0x9E, 0xBB, 0x55, 0x9D, 0xBB, 0x1E,
-                                               0x43, 0x28, 0x62, 0xAF, 0x02, 0xB0, 0x1A, 0xEA,
-                                               0x13, 0x0A, 0x70, 0x0F, 0x60, 0x0F, 0x62, 0xA2,
-                                               0x4E, 0x1F, 0xB2, 0xEA, 0x06, 0xDD, 0x18, 0x02,
-                                               0x6C, 0xF3, 0x82, 0xF1, 0x80, 0x7F, 0xA7, 0x2F,
-                                               0xCC, 0xC6, 0x18, 0xEA, 0xFF, 0x1F, 0xAD, 0xC6,
-                                               0xBA, 0x0C, 0x0E, 0x04, 0xB2, 0x58, 0x1D, 0xB6,
-                                               0x01, 0xA3, 0x97, 0xDF, 0x7D, 0x9B, 0xB5, 0x0A,
-                                               0xAD, 0x30, 0x2B, 0xC5, 0x67, 0x40, 0x07, 0xF1,
-                                               0xD5, 0x6C, 0x11, 0x10, 0xE1, 0x69, 0x30, 0xAD,
-                                               0x90, 0x06, 0xDB, 0xF8, 0xEA, 0x92, 0x9B, 0x39,
-                                               0x57, 0x38, 0x7B, 0xE4, 0xB2, 0xA2, 0x89, 0xFD,
-                                               0xB1, 0x6D, 0x88, 0x41, 0x62, 0x4D, 0x18, 0xB6,
-                                               0x3F, 0x12, 0x81, 0xDE, 0xE6, 0xDC, 0x4A, 0x31,
-                                               0x61, 0x26, 0xB1, 0x4B, 0x95, 0xC1, 0x69, 0xDC,
-                                               0xDC, 0xAC, 0xD0, 0x15, 0xFC, 0x21, 0xC5, 0x20,
-                                               0x5F, 0x97, 0x76, 0x41, 0xC1, 0xF2, 0xD7, 0x95,
-                                               0x1D, 0x25, 0x23, 0x36, 0x86, 0xFA, 0x7E, 0xF4,
-                                               0x14, 0x9F, 0x9D, 0x9F, 0xB2, 0xBB, 0x25, 0x1D,
-                                               0xD5, 0x7A, 0x6F, 0x9E, 0xF7, 0xEF, 0x9D, 0x63,
-                                               0x1E, 0xD5, 0xDE, 0x6A, 0xE6, 0x46, 0x48, 0x1F,
-                                               0xE1, 0x0C, 0x4D, 0x82, 0xC9, 0x19, 0x3B, 0x65,
-                                               0xA4, 0x06, 0x13, 0xB7, 0x04, 0xB1, 0x62, 0xF7,
-                                               0x08, 0xAE, 0xED, 0x42, 0x6D, 0xCC, 0x6C, 0xA6,
-                                               0x06, 0x06, 0x41, 0x3E, 0x0C, 0x89, 0x4C, 0xBD,
-                                               0x00, 0x4F, 0x0E, 0xA9, 0x72, 0x06, 0x21, 0x82,
-                                               0xD2, 0xB6, 0x6C, 0xB0, 0xB0, 0x01, 0x5B, 0xDD,
-                                               0x05, 0xCE, 0x71, 0x6E, 0x00, 0x58, 0xC7, 0xA6,
-                                               0x5B, 0xF6, 0xFB, 0x6B, 0x62, 0xB1, 0xE8, 0x4D,
-                                               0xAC, 0xC0, 0x6B, 0xF4, 0x40, 0x69, 0xEE, 0x0D,
-                                               0xE7, 0x82, 0x61, 0x8D, 0x35, 0x01, 0x97, 0x4E,
-                                               0xF2, 0xCC, 0xF5, 0x7F, 0xBF, 0xE4, 0xEC, 0x9C,
-                                               0xC4, 0xD2, 0xD9, 0x65, 0x78, 0x98, 0xD8, 0xB0,
-                                               0xFA, 0xA8, 0xFB, 0xB0, 0xCE, 0x22, 0x5D, 0x0B,
-                                               0x27, 0xDF, 0x0E, 0x63, 0x42, 0xFE, 0x89, 0x13,
-                                               0x99, 0xB2, 0x02, 0x0B, 0xF6, 0x04, 0xB6, 0xAF,
-                                               0x9F, 0x8C, 0xA6, 0x17, 0x0D, 0xD9, 0x5B, 0x45,
-                                               0xE4, 0x08, 0x53, 0x51, 0xE0, 0xD5, 0x22, 0x72,
-                                               0xBE, 0xAD, 0x74, 0x69, 0xB9, 0xFB, 0x91, 0xF8,
-                                               0xC1, 0x89, 0x28, 0x71, 0x27, 0x62, 0xB1, 0xF0,
-                                               0xFD, 0x78, 0xBC, 0x82, 0xFE, 0x76, 0xBE, 0x7B,
-                                               0x47, 0x79, 0x32, 0x71, 0xAD, 0xD6, 0x76, 0x46,
-                                               0xFB, 0x32, 0xE8, 0x4B, 0x98, 0x9A, 0xC6, 0x85,
-                                               0xF2, 0xF1, 0x8A, 0xEC, 0xC2, 0x4E, 0x9B, 0x2F,
-                                               0x2D, 0x6F, 0xC9, 0x9B, 0xB6, 0x14, 0x35, 0x6D,
-                                               0xD6, 0x5B, 0xF3, 0x02, 0x5A, 0xE5, 0xBD, 0x00,
-                                               0xF7, 0x6E, 0x51, 0xA7, 0xDB, 0x19, 0xAE, 0x01,
-                                               0x01, 0x05, 0x94, 0x23, 0xF7, 0x5B, 0x07, 0x79,
-                                               0xFF, 0x39, 0x58, 0x9C, 0x2A, 0xF7, 0x7E, 0x5D,
-                                               0x81, 0xF9, 0x59, 0xFE, 0xB9, 0x9A, 0x96, 0x63,
-                                               0x1F, 0x65, 0xF6, 0xF0, 0x3D, 0xEA, 0xD7, 0xC2,
-                                               0x8A, 0xCF, 0xB5, 0x58, 0x74, 0x77, 0x23, 0xD6,
-                                               0x72, 0x58, 0xA8, 0xAE, 0x31, 0x8A, 0x59, 0xEA,
-                                               0x69, 0x14, 0x6A, 0x20, 0x78, 0x79, 0x28, 0x5A,
-                                               0xE1, 0x76, 0x6F, 0xA6, 0x1A, 0x9E, 0x47, 0xD2,
-                                               0xAF, 0x63, 0xF8, 0x06, 0xF6, 0xD8, 0xD5, 0x14,
-                                               0xA8, 0xD1, 0xEE, 0x96, 0xCE, 0xBB, 0x8E, 0x22,
-                                               0x69, 0x2F, 0x52, 0x06, 0xB6, 0x6F, 0xC8, 0x99,
-                                               0x96, 0xEA, 0xC6, 0x1D, 0x96, 0x4C, 0x69, 0x95,
-                                               0xFE, 0x74, 0x04, 0x3C, 0x55, 0xD9, 0x5F, 0xE0,
-                                               0x41, 0x21, 0x43, 0x21, 0x5A, 0x50, 0x5D, 0x8B,
-                                               0xE8, 0xB2, 0x51, 0x1B, 0x7C, 0x63, 0x50, 0xAE,
-                                               0x97, 0x4F, 0xBA, 0x7D, 0xF2, 0xB6, 0xB6, 0x16,
-                                               0x1D, 0x47, 0x9E, 0x19, 0x68, 0xD4, 0x6B, 0x2B,
-                                               0x75, 0xCD, 0xAE, 0x65, 0x33, 0x38, 0xF6, 0x6D,
-                                               0xC7, 0x3E, 0x46, 0x98, 0x9E, 0x98, 0x8B, 0x45,
-                                               0x11, 0xA7, 0x12, 0x05, 0xB0, 0x01, 0xC3, 0x51,
-                                               0xA0, 0xEE, 0x7C, 0x16, 0xD1, 0x42, 0x96, 0xC4,
-                                               0xF0, 0x7B, 0x71, 0xCD, 0x50, 0x38, 0xA4, 0xB0,
-                                               0x6E, 0x6F, 0xE0, 0xBD, 0xC4, 0xF7, 0x96, 0x2B,
-                                               0xF1, 0x6D, 0x9F, 0xF3, 0x71, 0x89, 0xFA, 0xB4,
-                                               0x44, 0xA4, 0x32, 0xDC, 0xB2, 0x55, 0x13, 0x31,
-                                               0x83, 0x29, 0x66, 0x21, 0x3E, 0x89, 0xF8, 0x78,
-                                               0x97, 0x9C, 0x64, 0xF9, 0x2C, 0x0A, 0x88, 0xBC,
-                                               0xCA, 0x6F, 0x83, 0x42, 0xF6, 0xD7, 0x00, 0xC4,
-                                               0x19, 0x52, 0xB0, 0x31, 0xA8, 0xBA, 0xE8, 0xD4,
-                                               0xAD, 0x4B, 0x5D, 0xC0, 0x01, 0x20, 0x6C, 0xBB,
-                                               0x1D, 0x9A, 0x1D, 0xD4, 0x19, 0xFD, 0x33, 0xAB,
-                                               0xA0, 0x54, 0x50, 0x91, 0xE9, 0x75, 0x5C, 0x7E,
-                                               0x7E, 0xB3, 0x24, 0x79, 0xAE, 0x10, 0x3C, 0xB4,
-                                               0xB7, 0x0A, 0x1D, 0x86, 0xAD, 0x06, 0x95, 0xCB,
-                                               0x84, 0x9B, 0x0E, 0x8B, 0x77, 0x7E, 0x3E, 0xD2,
-                                               0xA6, 0xDF, 0xAD, 0x4E, 0xFB, 0x69, 0x23, 0xAC,
-                                               0x7A, 0xCB, 0xAA, 0xB0, 0x22, 0xDD, 0xD2, 0xC6,
-                                               0xC7, 0xAD, 0xD7, 0xDE, 0xEC, 0x6F, 0x08, 0x41,
-                                               0x54, 0xD5, 0x52, 0xDC, 0x77, 0xE4, 0x72, 0xF9,
-                                               0x16, 0xB1, 0xC9, 0xAF, 0xB1, 0x3B, 0x18, 0x99,
-                                               0x20, 0x9F, 0x79, 0x63, 0x7B, 0x07, 0xC7, 0x35,
-                                               0xDF, 0xBB, 0xCE, 0x66, 0x93, 0x1B, 0xF5, 0x82,
-                                               0x25, 0x67, 0xC1, 0xF2, 0xF0, 0x89, 0x0F, 0xEF,
-                                               0x84, 0x0D, 0x63, 0xB6, 0x7B, 0xD0, 0x40, 0x8E,
-                                               0xDB, 0x94, 0xCC, 0x71, 0x3C, 0xDB, 0x36, 0x14,
-                                               0x34, 0xFD, 0xA0, 0xB0, 0xC1, 0x45, 0x31, 0xF8,
-                                               0x8D, 0xD8, 0x23, 0xB1, 0x05, 0x14, 0xA9, 0x55,
-                                               0x3A, 0x1A, 0x37, 0x48, 0x68, 0x89, 0x3F, 0x15,
-                                               0x25, 0xD4, 0x99, 0x53, 0x4C, 0x85, 0x98, 0x78,
-                                               0x1D, 0x35, 0x4A, 0x83, 0x79, 0x9A, 0x29, 0x90,
-                                               0x2B, 0x45, 0x76, 0x0C, 0x13, 0x80, 0x4A, 0xE0,
-                                               0x40, 0xED, 0x6B, 0x2E, 0x2A, 0x43, 0xA9, 0x28,
-                                               0xB0, 0x2F, 0x89, 0x01, 0x6B, 0x39, 0x8C, 0x5E,
-                                               0x80, 0x61, 0xD9, 0xEE, 0x0F, 0x41, 0x75, 0xB5,
-                                               0xAE, 0xB6, 0xC2, 0x42, 0x49, 0x8D, 0x89, 0xD8,
-                                               0xF4, 0x78, 0x1D, 0x90, 0x46, 0x26, 0x4C, 0x56,
-                                               0xB7, 0xC0, 0xD9, 0x98, 0x7B, 0x07, 0xA1, 0x20)
-       }
-};
-
-START_TEST(test_ntru_privkey)
-{
-       rng_t *entropy;
-       drbg_t *drbg;
-       ntru_private_key_t *privkey;
-       ntru_public_key_t *pubkey;
-       ntru_param_set_t *params;
-       uint32_t strength;
-       chunk_t encoding, privkey_encoding, pubkey_encoding;
-
-       params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
-                                                  privkey_tests[_i].id);
-       strength = params->sec_strength_len * BITS_PER_BYTE;
-
-       /* entropy rng will be owned by drbg */
-       entropy = rng_tester_create(privkey_tests[_i].entropy);
-       drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength,
-                                                                       entropy, chunk_from_str("IKE NTRU-KE"));
-       ck_assert(drbg != NULL);
-
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create, drbg, params);
-       ck_assert(privkey);
-       ck_assert(privkey->get_id(privkey) == privkey_tests[_i].id);
-
-       privkey_encoding = privkey->get_encoding(privkey);
-       encoding = privkey_tests[_i].encoding;
-       ck_assert(chunk_equals(privkey_encoding, encoding));
-
-       /* load private key as a packed blob */
-       privkey->destroy(privkey);
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
-                                                       drbg, chunk_empty);
-       ck_assert(privkey == NULL);
-
-       encoding = chunk_clone(encoding);
-       encoding.ptr[0] = NTRU_PUBKEY_TAG;
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
-                                                       drbg, encoding);
-       ck_assert(privkey == NULL);
-
-       encoding.ptr[0] = NTRU_PRIVKEY_TRITS_TAG;
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
-                                                       drbg, encoding);
-       if (params->is_product_form)
-       {
-               ck_assert(privkey == NULL);
-       }
-       else
-       {
-               ck_assert(privkey != NULL);
-               privkey->destroy(privkey);
-       }
-
-       encoding.ptr[0] = NTRU_PRIVKEY_INDICES_TAG;
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
-                                                       drbg, encoding);
-       if (params->is_product_form)
-       {
-               ck_assert(privkey != NULL);
-               privkey->destroy(privkey);
-       }
-       else
-       {
-               ck_assert(privkey == NULL);
-       }
-
-       encoding.ptr[0] = NTRU_PRIVKEY_DEFAULT_TAG;
-       encoding.ptr[1] = NTRU_OID_LEN - 1;
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
-                                                       drbg, encoding);
-       ck_assert(privkey == NULL);
-
-       encoding.ptr[1] = NTRU_OID_LEN;
-       encoding.ptr[2] = 0xff;
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
-                                                       drbg, encoding);
-       ck_assert(privkey == NULL);
-
-       encoding.ptr[2] = params->oid[0];
-       privkey = TEST_FUNCTION(ntru, ntru_private_key_create_from_data,
-                                                       drbg, encoding);
-       privkey_encoding = privkey->get_encoding(privkey);
-       ck_assert(chunk_equals(privkey_encoding, encoding));
-
-       pubkey = privkey->get_public_key(privkey);
-       pubkey_encoding = pubkey->get_encoding(pubkey);
-
-       encoding.ptr[0] = NTRU_PUBKEY_TAG;
-       encoding.len = pubkey_encoding.len;
-       ck_assert(chunk_equals(pubkey_encoding, encoding));
-
-       /* load public key as a packed blob */
-       pubkey->destroy(pubkey);
-       pubkey = TEST_FUNCTION(ntru, ntru_public_key_create_from_data,
-                                                  drbg, encoding);
-       pubkey_encoding = pubkey->get_encoding(pubkey);
-       ck_assert(chunk_equals(pubkey_encoding, encoding));
-
-       chunk_free(&encoding);
-       privkey->destroy(privkey);
-       pubkey->destroy(pubkey);
-       drbg->destroy(drbg);
-}
-END_TEST
-
-START_TEST(test_ntru_ke)
-{
-       chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret;
-       key_exchange_t *i_ntru, *r_ntru;
-       char buf[10];
-       int k, n, len;
-
-       k = (_i) / countof(parameter_sets);
-       n = (_i) % countof(parameter_sets);
-
-       len = snprintf(buf, sizeof(buf), "%N", key_exchange_method_names,
-                                  params[k].ke);
-       ck_assert(len == 8);
-       ck_assert(streq(buf, params[k].name));
-
-       lib->settings->set_str(lib->settings,
-                               "libstrongswan.plugins.ntru.parameter_set", parameter_sets[n]);
-
-       i_ntru = lib->crypto->create_ke(lib->crypto, params[k].ke);
-       ck_assert(i_ntru != NULL);
-       ck_assert(i_ntru->get_method(i_ntru) == params[k].ke);
-
-       ck_assert(i_ntru->get_public_key(i_ntru, &pub_key));
-       ck_assert(pub_key.len > 0);
-
-       r_ntru = lib->crypto->create_ke(lib->crypto, params[k].ke);
-       ck_assert(r_ntru != NULL);
-
-       ck_assert(r_ntru->set_public_key(r_ntru, pub_key));
-       ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
-       ck_assert(cipher_text.len > 0);
-
-       ck_assert(r_ntru->get_shared_secret(r_ntru, &r_shared_secret));
-       ck_assert(r_shared_secret.len > 0);
-
-       ck_assert(i_ntru->set_public_key(i_ntru, cipher_text));
-       ck_assert(i_ntru->get_shared_secret(i_ntru, &i_shared_secret));
-       ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
-
-       chunk_clear(&i_shared_secret);
-       chunk_clear(&r_shared_secret);
-       chunk_free(&pub_key);
-       chunk_free(&cipher_text);
-       i_ntru->destroy(i_ntru);
-       r_ntru->destroy(r_ntru);
-}
-END_TEST
-
-START_TEST(test_ntru_retransmission)
-{
-       key_exchange_t *i_ntru;
-       chunk_t pub_key1, pub_key2;
-
-       i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_256_BIT);
-       ck_assert(i_ntru->get_public_key(i_ntru, &pub_key1));
-       ck_assert(i_ntru->get_public_key(i_ntru, &pub_key2));
-       ck_assert(chunk_equals(pub_key1, pub_key2));
-
-       chunk_free(&pub_key1);
-       chunk_free(&pub_key2);
-       i_ntru->destroy(i_ntru);
-}
-END_TEST
-
-chunk_t oid_tests[] = {
-       { NULL, 0 },
-       chunk_from_chars(0x00),
-       chunk_from_chars(0x01),
-       chunk_from_chars(0x02),
-       chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10),
-       chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10),
-       chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10),
-       chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10),
-};
-
-START_TEST(test_ntru_pubkey_oid)
-{
-       key_exchange_t *r_ntru;
-       chunk_t cipher_text;
-
-       r_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
-       ck_assert(!r_ntru->set_public_key(r_ntru, oid_tests[_i]));
-       ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
-       ck_assert(cipher_text.len == 0);
-       r_ntru->destroy(r_ntru);
-}
-END_TEST
-
-START_TEST(test_ntru_wrong_set)
-{
-       key_exchange_t *i_ntru, *r_ntru;
-       chunk_t pub_key, cipher_text;
-
-       lib->settings->set_str(lib->settings,
-                                                 "libstrongswan.plugins.ntru.parameter_set",
-                                                 "x9_98_bandwidth");
-       i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_112_BIT);
-       ck_assert(i_ntru->get_public_key(i_ntru, &pub_key));
-
-       lib->settings->set_str(lib->settings,
-                                                 "libstrongswan.plugins.ntru.parameter_set",
-                                                 "optimum");
-       r_ntru = lib->crypto->create_ke(lib->crypto, NTRU_112_BIT);
-       ck_assert(!r_ntru->set_public_key(r_ntru, pub_key));
-       ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
-       ck_assert(cipher_text.len == 0);
-
-       chunk_free(&pub_key);
-       chunk_free(&cipher_text);
-       i_ntru->destroy(i_ntru);
-       r_ntru->destroy(r_ntru);
-}
-END_TEST
-
-START_TEST(test_ntru_ciphertext)
-{
-       char buf_00[604], buf_ff[604];
-
-       chunk_t test[] = {
-               chunk_empty,
-               chunk_from_chars(0x00),
-               chunk_create(buf_00, sizeof(buf_00)),
-               chunk_create(buf_ff, sizeof(buf_ff)),
-       };
-
-       key_exchange_t *i_ntru;
-       chunk_t pub_key, shared_secret;
-       int i;
-
-       memset(buf_00, 0x00, sizeof(buf_00));
-       memset(buf_ff, 0xff, sizeof(buf_ff));
-
-       for (i = 0; i < countof(test); i++)
-       {
-               i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
-               ck_assert(i_ntru->get_public_key(i_ntru, &pub_key));
-               ck_assert(!i_ntru->set_public_key(i_ntru, test[i]));
-               ck_assert(!i_ntru->get_shared_secret(i_ntru, &shared_secret));
-               ck_assert(shared_secret.len == 0);
-
-               chunk_free(&pub_key);
-               i_ntru->destroy(i_ntru);
-       }
-}
-END_TEST
-
-START_TEST(test_ntru_wrong_ciphertext)
-{
-       key_exchange_t *i_ntru, *r_ntru, *m_ntru;
-       chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret;
-
-       i_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
-       r_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
-       m_ntru = lib->crypto->create_ke(lib->crypto, NTRU_128_BIT);
-
-       ck_assert(i_ntru->get_public_key(i_ntru, &pub_key_i));
-       ck_assert(m_ntru->get_public_key(m_ntru, &pub_key_m));
-       ck_assert(r_ntru->set_public_key(r_ntru, pub_key_m));
-       ck_assert(r_ntru->get_public_key(r_ntru, &cipher_text));
-       ck_assert(!i_ntru->set_public_key(i_ntru, cipher_text));
-       ck_assert(!i_ntru->get_shared_secret(i_ntru, &shared_secret));
-       ck_assert(shared_secret.len == 0);
-
-       chunk_free(&pub_key_i);
-       chunk_free(&pub_key_m);
-       chunk_free(&cipher_text);
-       i_ntru->destroy(i_ntru);
-       m_ntru->destroy(m_ntru);
-       r_ntru->destroy(r_ntru);
-}
-END_TEST
-
-Suite *ntru_suite_create()
-{
-       Suite *s;
-       TCase *tc;
-
-       s = suite_create("ntru");
-
-       tc = tcase_create("trits");
-       tcase_add_loop_test(tc, test_ntru_trits, 0, countof(trits_tests));
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("poly");
-       tcase_add_loop_test(tc, test_ntru_poly, 0, countof(trits_tests));
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("ring_mult");
-       tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests));
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("array");
-       tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests));
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("param_set");
-       tcase_add_test(tc, test_ntru_param_set);
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("privkey");
-       tcase_add_loop_test(tc, test_ntru_privkey, 0, countof(privkey_tests));
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("ke");
-       tcase_add_loop_test(tc, test_ntru_ke, 0,
-                                               countof(params) * countof(parameter_sets));
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("retransmission");
-       tcase_add_test(tc, test_ntru_retransmission);
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("pubkey_oid");
-       tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests));
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("wrong_set");
-       tcase_add_test(tc, test_ntru_wrong_set);
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("ciphertext");
-       tcase_add_test(tc, test_ntru_ciphertext);
-       suite_add_tcase(s, tc);
-
-       tc = tcase_create("wrong_ciphertext");
-       tcase_add_test(tc, test_ntru_wrong_ciphertext);
-       suite_add_tcase(s, tc);
-       return s;
-}

diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index 1ad5d05e4bcb7f20d78305b16322e9ac4c5bd46b..9ad712d53d5bc4994bfd3dd10500db621d80f451 100644 (file)
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -60,7 +60,6 @@ TEST_SUITE(rng_tester_suite_create)
 TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
 TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
 TEST_SUITE_DEPEND(prf_plus_suite_create, KDF, KDF_PRF_PLUS)
-TEST_SUITE_DEPEND(ntru_suite_create, KE, NTRU_112_BIT)
 TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
 TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519)
 TEST_SUITE_DEPEND(ed448_suite_create, PRIVKEY_GEN, KEY_ED448)

diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index 329e765f58c78f248ed26ccba2bb99ae357b4434..b2e2e9dd6a26a3ff6af9afb4b0b4be87e19a9fd3 100644 (file)
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -99,7 +99,6 @@ CONFIG_OPTS = \
        --enable-libipsec \
        --enable-kernel-libipsec \
        --enable-tkm \
-       --enable-ntru \
        --enable-lookip \
        --enable-sha3 \
        --enable-frodo \

diff --git a/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf
index eff24b33b35cb4a0e9628a316364c5f18374281a..b041a52f95df39a1d075ad0a0e443ed84e43edf8 100644 (file)
--- a/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf
index eff24b33b35cb4a0e9628a316364c5f18374281a..b041a52f95df39a1d075ad0a0e443ed84e43edf8 100644 (file)
--- a/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf
index e7b98cc51b0b3905a34b6a2843ca4708c654de8b..1fddb373261b67f3be697213e51b1086cb633821 100644 (file)
--- a/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
 
   integrity_test = yes
 

diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
index 24c0d50dfb51dd2503ca9acb1a3b6ce0502299a2..0ebac0756208af5e374598596b10e84a77ad0661 100755 (executable)
--- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
index 24c0d50dfb51dd2503ca9acb1a3b6ce0502299a2..0ebac0756208af5e374598596b10e84a77ad0661 100755 (executable)
--- a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
index 7a6debc522535c3b2837238c2cb9429921451341..5e8955e4e90080b813a147dd636d9d9479d4cc57 100755 (executable)
--- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
 }
 
 charon-systemd {
-  load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+  load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
 
   integrity_test = yes
 

diff --git a/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf
index b61aaaa6e07f723207e8e0502e2f5f8301289e1d..1b1db762b38ac53c952275087aa62a3bb8aecc13 100644 (file)
--- a/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf
index b61aaaa6e07f723207e8e0502e2f5f8301289e1d..1b1db762b38ac53c952275087aa62a3bb8aecc13 100644 (file)
--- a/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf
index 18769b0378a3e8104a2058ede093327418531b92..e22c062f5d36ca88491a5554c79b767818418490 100644 (file)
--- a/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
 
   integrity_test = yes
   crypto_test {

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/description.txt b/testing/tests/ikev2/net2net-ntru-bandwidth/description.txt
deleted file mode 100755 (executable)
index 6fd2686..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-The key exchange is based on NTRU encryption with a security strength of 128 bits.
-The ANSI X9.98 NTRU encryption parameter set used is optimized for bandwidth.
-The authentication is based on <b>X.509 certificates</b>.
-<p/>
-Upon the successful establishment of the IPsec tunnel, the updown script automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
-pings client <b>bob</b> located behind gateway <b>sun</b>.

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat
deleted file mode 100755 (executable)
index 3907f1b..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
-sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=NTRU_128.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
deleted file mode 100755 (executable)
index 6b09ff6..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random
-}
-
-charon-systemd {
-  load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown
-
-  multiple_authentication = no
-  send_vendor_id = yes
-
-  syslog {
-    daemon {
-      ike = 4
-      lib = 4
-    }
-  }
-  plugins {
-    ntru {
-      parameter_set = x9_98_bandwidth
-    }
-  }
-}

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/swanctl/swanctl.conf
deleted file mode 100755 (executable)
index 9482930..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/swanctl/swanctl.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-connections {
-
-   gw-gw {
-      local_addrs  = 192.168.0.1
-      remote_addrs = 192.168.0.2 
-
-      local {
-         auth = pubkey
-         certs = moonCert.pem
-         id = moon.strongswan.org
-      }
-      remote {
-         auth = pubkey
-         id = sun.strongswan.org 
-      }
-      children {
-         net-net {
-            local_ts  = 10.1.0.0/16 
-            remote_ts = 10.2.0.0/16 
-
-            updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-ntru128
-         }
-      }
-      version = 2
-      mobike = no
-      proposals = aes128-sha256-ntru128
-   }
-}

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
deleted file mode 100755 (executable)
index 853fca0..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random
-}
-
-charon-systemd {
-  load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown
-
-  multiple_authentication = no
-  send_vendor_id = yes
-
-  syslog {
-    daemon {
-      ike = 4
-      lib = 4
-    }
-  }
-  plugins {
-    ntru {
-      parameter_set = x9_98_bandwidth
-    }
-  }
-}
\ No newline at end of file

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/swanctl/swanctl.conf
deleted file mode 100755 (executable)
index 215b9b9..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/swanctl/swanctl.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-connections {
-
-   gw-gw {
-      local_addrs  = 192.168.0.2
-      remote_addrs = 192.168.0.1 
-
-      local {
-         auth = pubkey
-         certs = sunCert.pem
-         id = sun.strongswan.org
-      }
-      remote {
-         auth = pubkey
-         id = moon.strongswan.org 
-      }
-      children {
-         net-net {
-            local_ts  = 10.2.0.0/16 
-            remote_ts = 10.1.0.0/16 
-
-            updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm128-ntru128
-         }
-      }
-      version = 2
-      mobike = no
-      proposals = aes128-sha256-ntru128
-   }
-}

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/posttest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/posttest.dat
deleted file mode 100755 (executable)
index 82a2de1..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::systemctl stop strongswan
-sun::systemctl stop strongswan
-moon::iptables-restore < /etc/iptables.flush
-sun::iptables-restore < /etc/iptables.flush

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat
deleted file mode 100755 (executable)
index 2d3c8c1..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-moon::iptables-restore < /etc/iptables.rules
-sun::iptables-restore < /etc/iptables.rules
-moon::systemctl start strongswan
-sun::systemctl start strongswan
-moon::expect-connection gw-gw
-sun::expect-connection gw-gw
-moon::swanctl --initiate --child net-net 2> /dev/null

diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/test.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/test.conf
deleted file mode 100755 (executable)
index 07a3b24..0000000
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/test.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
- 
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
-
-# charon controlled by swanctl
-#
-SWANCTL=1

diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 24c0d50dfb51dd2503ca9acb1a3b6ce0502299a2..0ebac0756208af5e374598596b10e84a77ad0661 100755 (executable)
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index 24c0d50dfb51dd2503ca9acb1a3b6ce0502299a2..0ebac0756208af5e374598596b10e84a77ad0661 100755 (executable)
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
 }

diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 7a6debc522535c3b2837238c2cb9429921451341..5e8955e4e90080b813a147dd636d9d9479d4cc57 100755 (executable)
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
 }
 
 charon-systemd {
-  load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+  load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
 
   integrity_test = yes
 

diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
index 24c0d50dfb51dd2503ca9acb1a3b6ce0502299a2..0ebac0756208af5e374598596b10e84a77ad0661 100755 (executable)
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+  load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp mgf1 x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
 }

diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
index c9e9e92e5679df7bb66736f1738063b01f3ff306..4f44d8b2bd2464f9127ee75ff876370442980809 100644 (file)
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -19,4 +19,4 @@ conn home
        right=PH_IP_MOON
        rightsubnet=10.1.0.0/16
        rightid=@moon.strongswan.org
-       auto=add 
+       auto=add