From: Andreas Steffen Date: Thu, 10 Oct 2019 10:50:08 +0000 (+0200) Subject: ntru: Replaced ntru_drbg by drbg X-Git-Tag: 5.8.2dr1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d3a743d90d45d545ff003560203d79a95eb6d08;p=thirdparty%2Fstrongswan.git ntru: Replaced ntru_drbg by drbg --- diff --git a/conf/plugins/ntru.opt b/conf/plugins/ntru.opt index 8e1bebd874..afed5637b7 100644 --- a/conf/plugins/ntru.opt +++ b/conf/plugins/ntru.opt @@ -1,7 +1,3 @@ -charon.plugins.ntru.max_drbg_requests = 4294967294 - Number of pseudo-random bit requests from the DRBG before an automatic - reseeding occurs. - charon.plugins.ntru.parameter_set = optimum The following parameter sets are available: **x9_98_speed**, **x9_98_bandwidth**, **x9_98_balance** and **optimum**, the last set not diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am index 4045544d4c..b46afe1c62 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.am +++ b/src/libstrongswan/plugins/ntru/Makefile.am @@ -13,7 +13,6 @@ endif libstrongswan_ntru_la_SOURCES = \ ntru_plugin.h ntru_plugin.c \ ntru_convert.h ntru_convert.c \ - ntru_drbg.h ntru_drbg.c \ ntru_ke.h ntru_ke.c \ ntru_param_set.h ntru_param_set.c \ ntru_poly.h ntru_poly.c \ diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c deleted file mode 100644 index b7a951d001..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "ntru_drbg.h" - -#include -#include - -#define MAX_STRENGTH_BITS 256 -#define MAX_DRBG_REQUESTS 0xfffffffe - -typedef struct private_ntru_drbg_t private_ntru_drbg_t; - -/** - * Private data of an ntru_drbg_t object. - */ -struct private_ntru_drbg_t { - /** - * Public ntru_drbg_t interface. - */ - ntru_drbg_t public; - - /** - * Security strength in bits of the DRBG - */ - uint32_t strength; - - /** - * Number of requests for pseudorandom bits - */ - uint32_t reseed_counter; - - /** - * Maximum number of requests for pseudorandom bits - */ - uint32_t max_requests; - - /** - * True entropy source - */ - rng_t *entropy; - - /** - * HMAC-SHA256 - */ - signer_t *hmac; - - /** - * Internal state of HMAC-SHA256: key - */ - chunk_t key; - - /** - * Internal state of HMAC-SHA256: value - */ - chunk_t value; - - /** - * reference count - */ - refcount_t ref; -}; - -/** - * Update the internal state of the HMAC_DRBG - */ -static bool update(private_ntru_drbg_t *this, chunk_t data) -{ - chunk_t ch_00 = chunk_from_chars(0x00); - chunk_t ch_01 = chunk_from_chars(0x01); - - if (!this->hmac->set_key(this->hmac, this->key) || - !this->hmac->get_signature(this->hmac, this->value, NULL) || - !this->hmac->get_signature(this->hmac, ch_00, NULL) || - !this->hmac->get_signature(this->hmac, data, this->key.ptr) || - !this->hmac->set_key(this->hmac, this->key) || - !this->hmac->get_signature(this->hmac, this->value, - this->value.ptr)) - { - return FALSE; - } - - if (data.len > 0) - { - if (!this->hmac->set_key(this->hmac, this->key) || - !this->hmac->get_signature(this->hmac, this->value, NULL) || - !this->hmac->get_signature(this->hmac, ch_01, NULL) || - !this->hmac->get_signature(this->hmac, data, this->key.ptr) || - !this->hmac->set_key(this->hmac, this->key) || - !this->hmac->get_signature(this->hmac, this->value, - this->value.ptr)) - { - return FALSE; - } - } - DBG4(DBG_LIB, "HMAC_DRBG V: %B", &this->value); - DBG4(DBG_LIB, "HMAC_DRBG K: %B", &this->key); - - return TRUE; -} - -METHOD(ntru_drbg_t, get_strength, uint32_t, - private_ntru_drbg_t *this) -{ - return this->strength; -} - -METHOD(ntru_drbg_t, reseed, bool, - private_ntru_drbg_t *this) -{ - chunk_t seed; - - seed = chunk_alloc(this->strength / BITS_PER_BYTE); - DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len); - - if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr)) - { - chunk_free(&seed); - return FALSE; - } - if (!update(this, seed)) - { - chunk_free(&seed); - return FALSE; - } - chunk_clear(&seed); - this->reseed_counter = 1; - - return TRUE; -} - -METHOD(ntru_drbg_t, generate, bool, - private_ntru_drbg_t *this, uint32_t strength, uint32_t len, uint8_t *out) -{ - size_t delta; - chunk_t output; - - DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len); - if (!out || len == 0) - { - return FALSE; - } - output = chunk_create(out, len); - - if (this->reseed_counter > this->max_requests) - { - if (!reseed(this)) - { - return FALSE; - } - } - while (len) - { - if (!this->hmac->get_signature(this->hmac, this->value, - this->value.ptr)) - { - return FALSE; - } - delta = min(len, this->value.len); - memcpy(out, this->value.ptr, delta); - len -= delta; - out += delta; - } - DBG4(DBG_LIB, "HMAC_DRBG Out: %B", &output); - - if (!update(this, chunk_empty)) - { - return FALSE; - } - this->reseed_counter++; - - return TRUE; -} - -METHOD(ntru_drbg_t, get_ref, ntru_drbg_t*, - private_ntru_drbg_t *this) -{ - ref_get(&this->ref); - return &this->public; -} - -METHOD(ntru_drbg_t, destroy, void, - private_ntru_drbg_t *this) -{ - if (ref_put(&this->ref)) - { - this->hmac->destroy(this->hmac); - chunk_clear(&this->key); - chunk_clear(&this->value); - free(this); - } -} - -/* - * Described in header. - */ -ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str, - rng_t *entropy) -{ - private_ntru_drbg_t *this; - chunk_t seed; - signer_t *hmac; - size_t entropy_len; - uint32_t max_requests; - - if (strength > MAX_STRENGTH_BITS) - { - return NULL; - } - if (strength <= 112) - { - strength = 112; - } - else if (strength <= 128) - { - strength = 128; - } - else if (strength <= 192) - { - strength = 192; - } - else - { - strength = 256; - } - - hmac = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA2_256_256); - if (!hmac) - { - DBG1(DBG_LIB, "could not instantiate HMAC-SHA256"); - return NULL; - } - - max_requests = lib->settings->get_int(lib->settings, - "%s.plugins.ntru.max_drbg_requests", - MAX_DRBG_REQUESTS, lib->ns); - - INIT(this, - .public = { - .get_strength = _get_strength, - .reseed = _reseed, - .generate = _generate, - .get_ref = _get_ref, - .destroy = _destroy, - }, - .strength = strength, - .entropy = entropy, - .hmac = hmac, - .key = chunk_alloc(hmac->get_key_size(hmac)), - .value = chunk_alloc(hmac->get_block_size(hmac)), - .max_requests = max_requests, - .reseed_counter = 1, - .ref = 1, - ); - - memset(this->key.ptr, 0x00, this->key.len); - memset(this->value.ptr, 0x01, this->value.len); - - entropy_len = (strength + strength/2) / BITS_PER_BYTE; - seed = chunk_alloc(entropy_len + pers_str.len); - DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len); - - if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr)) - { - chunk_free(&seed); - destroy(this); - return NULL; - } - memcpy(seed.ptr + entropy_len, pers_str.ptr, pers_str.len); - DBG4(DBG_LIB, "seed: %B", &seed); - - if (!update(this, seed)) - { - chunk_free(&seed); - destroy(this); - return NULL; - } - chunk_clear(&seed); - - return &this->public; -} - -EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create); diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h deleted file mode 100644 index 31c12e42c6..0000000000 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (C) 2013 Andreas Steffen - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup ntru_drbg ntru_drbg - * @{ @ingroup ntru_p - */ - -#ifndef NTRU_DRBG_H_ -#define NTRU_DRBG_H_ - -typedef struct ntru_drbg_t ntru_drbg_t; - -#include - -/** - * Implements a HMAC Deterministic Random Bit Generator (HMAC_DRBG) - * compliant with NIST SP 800-90A - */ -struct ntru_drbg_t { - - /** - * Reseed the instantiated DRBG - * - * @return configured security strength in bits - */ - uint32_t (*get_strength)(ntru_drbg_t *this); - - /** - * Reseed the instantiated DRBG - * - * @return TRUE if successful - */ - bool (*reseed)(ntru_drbg_t *this); - - /** - * Generate pseudorandom bytes. - * If the maximum number of requests has been reached, reseeding occurs - * - * @param strength requested security strength in bits - * @param len number of octets to generate - * @param out address of output buffer - * @return TRUE if successful - */ - bool (*generate)(ntru_drbg_t *this, uint32_t strength, uint32_t len, - uint8_t *out); - - /** - * Get a reference on an ntru_drbg_t object increasing the count by one - * - * @return reference to the ntru_drbg_t object - */ - ntru_drbg_t* (*get_ref)(ntru_drbg_t *this); - - /** - * Uninstantiate and destroy the DRBG object - */ - void (*destroy)(ntru_drbg_t *this); -}; - -/** - * Create and instantiate a new DRBG object. - * - * @param strength security strength in bits - * @param pers_str personalization string - * @param entropy entropy source to use - */ -ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str, - rng_t *entropy); - -#endif /** NTRU_DRBG_H_ @}*/ - diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c index 17309b149b..7fb443983a 100644 --- a/src/libstrongswan/plugins/ntru/ntru_ke.c +++ b/src/libstrongswan/plugins/ntru/ntru_ke.c @@ -14,12 +14,12 @@ */ #include "ntru_ke.h" -#include "ntru_drbg.h" #include "ntru_param_set.h" #include "ntru_private_key.h" #include "ntru_public_key.h" #include +#include #include typedef struct private_ntru_ke_t private_ntru_ke_t; @@ -106,7 +106,7 @@ struct private_ntru_ke_t { /** * Deterministic Random Bit Generator */ - ntru_drbg_t *drbg; + drbg_t *drbg; }; METHOD(diffie_hellman_t, get_my_public_value, bool, @@ -199,8 +199,8 @@ METHOD(diffie_hellman_t, set_other_public_value, bool, this->shared_secret = chunk_alloc(2 * this->strength / BITS_PER_BYTE); /* generate the random shared secret */ - if (!this->drbg->generate(this->drbg, this->strength, - this->shared_secret.len, this->shared_secret.ptr)) + if (!this->drbg->generate(this->drbg, this->shared_secret.len, + this->shared_secret.ptr)) { DBG1(DBG_LIB, "generation of shared secret failed"); chunk_free(&this->shared_secret); @@ -246,7 +246,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) const ntru_param_set_id_t *param_sets; ntru_param_set_id_t param_set_id; rng_t *entropy; - ntru_drbg_t *drbg; + drbg_t *drbg; char *parameter_set; uint32_t strength; @@ -301,7 +301,8 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) return NULL; } - drbg = ntru_drbg_create(strength, chunk_from_str("IKE NTRU-KE"), entropy); + drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength, + entropy, chunk_from_str("IKE NTRU-KE")); if (!drbg) { DBG1(DBG_LIB, "could not instantiate DRBG at %u bit security", strength); diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.c b/src/libstrongswan/plugins/ntru/ntru_private_key.c index 1acab3b15d..c86044a8a5 100644 --- a/src/libstrongswan/plugins/ntru/ntru_private_key.c +++ b/src/libstrongswan/plugins/ntru/ntru_private_key.c @@ -58,7 +58,7 @@ struct private_ntru_private_key_t { /** * Deterministic Random Bit Generator */ - ntru_drbg_t *drbg; + drbg_t *drbg; }; @@ -640,7 +640,7 @@ static bool ring_inv(uint16_t *a, uint16_t N, uint16_t q, uint16_t *t, /* * Described in header. */ -ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, +ntru_private_key_t *ntru_private_key_create(drbg_t *drbg, const ntru_param_set_t *params) { private_ntru_private_key_t *this; @@ -671,8 +671,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, seed =chunk_alloc(params->sec_strength_len + 8); /* get random seed for generating trinary F as a list of indices */ - if (!drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE, - seed.len, seed.ptr)) + if (!drbg->generate(drbg, seed.len, seed.ptr)) { goto err; } @@ -715,8 +714,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, } /* get random seed for generating trinary g as a list of indices */ - if (!drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE, - seed.len, seed.ptr)) + if (!drbg->generate(drbg, seed.len, seed.ptr)) { goto err; } @@ -760,7 +758,7 @@ err: /* * Described in header. */ -ntru_private_key_t *ntru_private_key_create_from_data(ntru_drbg_t *drbg, +ntru_private_key_t *ntru_private_key_create_from_data(drbg_t *drbg, chunk_t data) { private_ntru_private_key_t *this; diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.h b/src/libstrongswan/plugins/ntru/ntru_private_key.h index ced806d7a8..69a7c06d01 100644 --- a/src/libstrongswan/plugins/ntru/ntru_private_key.h +++ b/src/libstrongswan/plugins/ntru/ntru_private_key.h @@ -23,11 +23,11 @@ typedef struct ntru_private_key_t ntru_private_key_t; -#include "ntru_drbg.h" #include "ntru_param_set.h" #include "ntru_public_key.h" #include +#include /** * Implements an NTRU encryption public/private key pair @@ -77,7 +77,7 @@ struct ntru_private_key_t { * @param drbg Digital Random Bit Generator used for key generation * @param params NTRU encryption parameter set to be used */ -ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, +ntru_private_key_t *ntru_private_key_create(drbg_t *drbg, const ntru_param_set_t *params); /** @@ -86,7 +86,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, * @param drbg Deterministic random bit generator * @param data Encoded NTRU private key */ -ntru_private_key_t *ntru_private_key_create_from_data(ntru_drbg_t *drbg, +ntru_private_key_t *ntru_private_key_create_from_data(drbg_t *drbg, chunk_t data); #endif /** NTRU_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.c b/src/libstrongswan/plugins/ntru/ntru_public_key.c index 36d9abf0ae..3d70e23d6b 100644 --- a/src/libstrongswan/plugins/ntru/ntru_public_key.c +++ b/src/libstrongswan/plugins/ntru/ntru_public_key.c @@ -52,7 +52,7 @@ struct private_ntru_public_key_t { /** * Deterministic Random Bit Generator */ - ntru_drbg_t *drbg; + drbg_t *drbg; }; @@ -152,9 +152,7 @@ METHOD(ntru_public_key_t, encrypt, bool, /* loop until a message representative with proper weight is achieved */ do { - if (!this->drbg->generate(this->drbg, - this->params->sec_strength_len * BITS_PER_BYTE, - this->params->sec_strength_len, b)) + if (!this->drbg->generate(this->drbg, this->params->sec_strength_len, b)) { goto err; } @@ -319,7 +317,7 @@ METHOD(ntru_public_key_t, destroy, void, /* * Described in header. */ -ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg, +ntru_public_key_t *ntru_public_key_create(drbg_t *drbg, const ntru_param_set_t *params, uint16_t *pubkey) { @@ -352,7 +350,7 @@ ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg, /* * Described in header. */ -ntru_public_key_t *ntru_public_key_create_from_data(ntru_drbg_t *drbg, +ntru_public_key_t *ntru_public_key_create_from_data(drbg_t *drbg, chunk_t data) { private_ntru_public_key_t *this; diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.h b/src/libstrongswan/plugins/ntru/ntru_public_key.h index 4f098f28cf..9803211514 100644 --- a/src/libstrongswan/plugins/ntru/ntru_public_key.h +++ b/src/libstrongswan/plugins/ntru/ntru_public_key.h @@ -24,9 +24,9 @@ typedef struct ntru_public_key_t ntru_public_key_t; #include "ntru_param_set.h" -#include "ntru_drbg.h" #include +#include /** * Implements an NTRU encryption public key @@ -70,7 +70,7 @@ struct ntru_public_key_t { * @param params NTRU encryption parameter set to be used * @param pubkey Coefficients of public key polynomial h */ -ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg, +ntru_public_key_t *ntru_public_key_create(drbg_t *drbg, const ntru_param_set_t *params, uint16_t *pubkey); @@ -80,7 +80,7 @@ ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg, * @param drbg Deterministic random bit generator * @param data Encoded NTRU public key */ -ntru_public_key_t *ntru_public_key_create_from_data(ntru_drbg_t *drbg, +ntru_public_key_t *ntru_public_key_create_from_data(drbg_t *drbg, chunk_t data); diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c index 0b432e24ce..1867639c4f 100644 --- a/src/libstrongswan/tests/suites/test_ntru.c +++ b/src/libstrongswan/tests/suites/test_ntru.c @@ -15,18 +15,15 @@ #include "test_suite.h" -#include #include #include -#include +#include +#include #include #include #include #include -IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*, - uint32_t strength, chunk_t pers_str, rng_t *entropy) - IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*, size_t len, ext_out_function_t alg, chunk_t seed) @@ -44,13 +41,13 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_param_set_get_by_id, ntru_param_set_t* , ntru_param_set_id_t id) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create, ntru_private_key_t*, - ntru_drbg_t *drbg, ntru_param_set_t *params) + drbg_t *drbg, ntru_param_set_t *params) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_private_key_create_from_data, ntru_private_key_t*, - ntru_drbg_t *drbg, chunk_t data) + drbg_t *drbg, chunk_t data) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_public_key_create_from_data, ntru_public_key_t*, - ntru_drbg_t *drbg, chunk_t data) + drbg_t *drbg, chunk_t data) /** * NTRU parameter sets to test @@ -72,252 +69,6 @@ char *parameter_sets[] = { "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum" }; -typedef struct { - uint32_t requested; - uint32_t standard; -}strength_t; - -strength_t strengths[] = { - { 80, 112 }, - { 112, 112 }, - { 120, 128 }, - { 128, 128 }, - { 150, 192 }, - { 192, 192 }, - { 200, 256 }, - { 256, 256 }, - { 512, 0 } -}; - -START_TEST(test_ntru_drbg_strength) -{ - ntru_drbg_t *drbg; - rng_t *entropy; - - entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG); - ck_assert(entropy != NULL); - - drbg = TEST_FUNCTION(ntru, ntru_drbg_create, strengths[_i].requested, - chunk_empty, entropy); - if (strengths[_i].standard) - { - ck_assert(drbg != NULL); - ck_assert(drbg->get_strength(drbg) == strengths[_i].standard); - drbg->destroy(drbg); - } - else - { - ck_assert(drbg == NULL); - } - entropy->destroy(entropy); -} -END_TEST - -typedef struct { - chunk_t pers_str; - chunk_t entropy; - chunk_t out; -} drbg_test_t; - -/** - * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS) - */ -drbg_test_t drbg_tests[] = { - /* SHA-256 test case 1 - count 0 */ - { { NULL, 0 }, - chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39, - 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11, - 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf, - 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d, - 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a, - 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf, - 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8, - 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7, - 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0, - 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52), - chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc, - 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a, - 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb, - 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb, - 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20, - 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51, - 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23, - 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42, - 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e, - 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0, - 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f, - 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54, - 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b, - 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6, - 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e, - 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24) - }, - /* SHA-256 test case 3 - count 0 */ - { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59, - 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31, - 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa, - 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c), - chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90, - 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64, - 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6, - 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40, - 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb, - 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5, - 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa, - 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f, - 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41, - 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6), - chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20, - 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a, - 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a, - 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b, - 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02, - 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c, - 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40, - 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93, - 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f, - 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8, - 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb, - 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0, - 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6, - 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed, - 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42, - 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe) - }, - /* SHA-256 test case 5 - count 0 */ - { { NULL, 0 }, - chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47, - 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a, - 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85, - 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a, - 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19, - 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b, - 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44, - 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16, - 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b, - 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89), - chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2, - 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4, - 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b, - 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77, - 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47, - 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00, - 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a, - 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78, - 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b, - 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1, - 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d, - 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf, - 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38, - 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5, - 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32, - 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74) - }, - /* SHA-256 test case 7 - count 0 */ - { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0, - 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d, - 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46, - 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2), - chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8, - 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00, - 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08, - 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5, - 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55, - 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4, - 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc, - 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96, - 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d, - 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86), - chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea, - 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53, - 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52, - 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a, - 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b, - 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae, - 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6, - 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53, - 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91, - 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a, - 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98, - 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca, - 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39, - 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57, - 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a, - 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25) - } -}; - -START_TEST(test_ntru_drbg) -{ - ntru_drbg_t *drbg; - rng_t *entropy; - chunk_t out; - - out = chunk_alloc(128); - entropy = test_rng_create(drbg_tests[_i].entropy); - drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, drbg_tests[_i].pers_str, - entropy); - ck_assert(drbg != NULL); - ck_assert(drbg->reseed(drbg)); - ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); - ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); - ck_assert(chunk_equals(out, drbg_tests[_i].out)); - drbg->destroy(drbg); - entropy->destroy(entropy); - chunk_free(&out); -} -END_TEST - -START_TEST(test_ntru_drbg_reseed) -{ - ntru_drbg_t *drbg; - rng_t *entropy; - chunk_t out; - - lib->settings->set_int(lib->settings, - "libstrongswan.plugins.ntru.max_drbg_requests", 2); - out = chunk_alloc(128); - entropy = test_rng_create(drbg_tests[0].entropy); - drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy); - - /* bad output parameters */ - ck_assert(!drbg->generate(drbg, 256, 0, out.ptr)); - ck_assert(!drbg->generate(drbg, 256, 128, NULL)); - - /* no reseeding occurs */ - ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); - ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); - - /* consuming remaining entropy */ - ck_assert(entropy->get_bytes(entropy, 32, out.ptr)); - - /* no entropy available for automatic reseeding */ - ck_assert(!drbg->generate(drbg, 256, 128, out.ptr)); - drbg->destroy(drbg); - - /* no entropy available for DRBG instantiation */ - drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy); - ck_assert(drbg == NULL); - entropy->destroy(entropy); - - /* one automatic reseeding occurs */ - entropy = test_rng_create(drbg_tests[0].entropy); - drbg = TEST_FUNCTION(ntru, ntru_drbg_create, 256, chunk_empty, entropy); - ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); - ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); - ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); - - /* no entropy left */ - ck_assert(!entropy->get_bytes(entropy, 32, out.ptr)); - - drbg->destroy(drbg); - entropy->destroy(entropy); - chunk_free(&out); - lib->settings->set_int(lib->settings, - "libstrongswan.plugins.ntru.max_drbg_requests", 2000); -} -END_TEST - typedef struct { uint8_t c_bits; uint16_t N; @@ -954,7 +705,7 @@ privkey_test_t privkey_tests[] = { START_TEST(test_ntru_privkey) { rng_t *entropy; - ntru_drbg_t *drbg; + drbg_t *drbg; ntru_private_key_t *privkey; ntru_public_key_t *pubkey; ntru_param_set_t *params; @@ -964,9 +715,9 @@ START_TEST(test_ntru_privkey) params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id, privkey_tests[_i].id); strength = params->sec_strength_len * BITS_PER_BYTE; - entropy = test_rng_create(privkey_tests[_i].entropy); - drbg = TEST_FUNCTION(ntru, ntru_drbg_create, strength, - chunk_from_str("IKE NTRU-KE"), entropy); + entropy = rng_tester_create(privkey_tests[_i].entropy); + drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength, + entropy, chunk_from_str("IKE NTRU-KE")); ck_assert(drbg != NULL); privkey = TEST_FUNCTION(ntru, ntru_private_key_create, drbg, params); @@ -1234,18 +985,6 @@ Suite *ntru_suite_create() s = suite_create("ntru"); - tc = tcase_create("drbg_strength"); - tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths)); - suite_add_tcase(s, tc); - - tc = tcase_create("drbg"); - tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests)); - suite_add_tcase(s, tc); - - tc = tcase_create("drgb_reseed"); - tcase_add_test(tc, test_ntru_drbg_reseed); - suite_add_tcase(s, tc); - tc = tcase_create("trits"); tcase_add_loop_test(tc, test_ntru_trits, 0, countof(trits_tests)); suite_add_tcase(s, tc);