From: Andreas Steffen Date: Wed, 19 Feb 2014 19:18:18 +0000 (+0100) Subject: index limit can be easily computed X-Git-Tag: 5.1.2~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e80014f1e82788ffee5fc1a9c178729480adbee7;p=thirdparty%2Fstrongswan.git index limit can be easily computed --- diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c index 56236b590a..7fae3736ac 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c @@ -229,8 +229,7 @@ ntru_crypto_ntru_encrypt( DBG2(DBG_LIB, "generate polynomial r"); seed = chunk_create(tmp_buf, ptr - tmp_buf); - r_poly = ntru_poly_create(hash_algid, seed, - params->c_bits, params->no_bias_limit, + r_poly = ntru_poly_create(hash_algid, seed, params->c_bits, params->N, 2 * params->dF_r, params->is_product_form); if (!r_poly) @@ -459,8 +458,8 @@ ntru_crypto_ntru_decrypt( ntru_trits_t *mask; uint8_t *mask_trits; chunk_t seed; - ntru_poly_t *i_poly; - uint16_t *i_indices; + ntru_poly_t *r_poly; + uint16_t *r_indices; /* check for bad parameters */ if (!privkey_blob || !ct || !pt_len) @@ -709,14 +708,13 @@ ntru_crypto_ntru_decrypt( ptr += params->sec_strength_len; /* generate cr */ - DBG2(DBG_LIB, "generate polynomial i"); + DBG2(DBG_LIB, "generate polynomial r"); seed = chunk_create(tmp_buf, ptr - tmp_buf); - i_poly = ntru_poly_create(hash_algid, seed, - params->c_bits, params->no_bias_limit, + r_poly = ntru_poly_create(hash_algid, seed, params->c_bits, params->N, 2 * params->dF_r, params->is_product_form); - if (!i_poly) + if (!r_poly) { result = NTRU_MGF1_FAIL; } @@ -735,21 +733,21 @@ ntru_crypto_ntru_decrypt( } /* form cR' = h * cr */ - i_indices = i_poly->get_indices(i_poly); + r_indices = r_poly->get_indices(r_poly); if (params->is_product_form) { ntru_ring_mult_product_indices(ringel_buf1, (uint16_t)dF_r1, (uint16_t)dF_r2, (uint16_t)dF_r3, - i_indices, params->N, params->q, + r_indices, params->N, params->q, scratch_buf, ringel_buf1); } else { ntru_ring_mult_indices(ringel_buf1, (uint16_t)dF_r, (uint16_t)dF_r, - i_indices, params->N, params->q, + r_indices, params->N, params->q, scratch_buf, ringel_buf1); } - i_poly->destroy(i_poly); + r_poly->destroy(r_poly); /* compare cR' to cR */ for (i = 0; i < params->N; i++) @@ -960,8 +958,7 @@ ntru_crypto_ntru_encrypt_keygen( DBG2(DBG_LIB, "generate polynomial F"); seed = chunk_create(tmp_buf, seed_len); - F_poly = ntru_poly_create(hash_algid, seed, - params->c_bits, params->no_bias_limit, + F_poly = ntru_poly_create(hash_algid, seed, params->c_bits, params->N, 2 * params->dF_r, params->is_product_form); if (!F_poly) @@ -1057,8 +1054,7 @@ ntru_crypto_ntru_encrypt_keygen( DBG2(DBG_LIB, "generate polynomial g"); seed = chunk_create(tmp_buf, seed_len); - g_poly = ntru_poly_create(hash_algid, seed, - params->c_bits, params->no_bias_limit, + g_poly = ntru_poly_create(hash_algid, seed, params->c_bits, params->N, 2*params->dg + 1, FALSE); if (!g_poly) { diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c index 05ee538c6a..5ddf91d2a7 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c @@ -53,7 +53,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 133, /* dg */ 60, /* maxMsgLenBytes */ 113, /* dm0 */ - 2005, /* 2^c - (2^c mod N) */ 11, /* c */ 1, /* lLen */ }, @@ -72,7 +71,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 149, /* dg */ 67, /* maxMsgLenBytes */ 134, /* dm0 */ - 449, /* 2^c - (2^c mod N) */ 9, /* c */ 1, /* lLen */ }, @@ -91,7 +89,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 225, /* dg */ 101, /* maxMsgLenBytes */ 157, /* dm0 */ - 2031, /* 2^c - (2^c mod N) */ 11, /* c */ 1, /* lLen */ }, @@ -110,7 +107,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 362, /* dg */ 170, /* maxMsgLenBytes */ 120, /* dm0 */ - 7609, /* 2^c - (2^c mod N) */ 13, /* c */ 1, /* lLen */ }, @@ -129,7 +125,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 180, /* dg */ 86, /* maxMsgLenBytes */ 49, /* dm0 */ - 3787, /* 2^c - (2^c mod N) */ 12, /* c */ 1, /* lLen */ }, @@ -148,7 +143,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 204, /* dg */ 97, /* maxMsgLenBytes */ 55, /* dm0 */ - 1839, /* 2^c - (2^c mod N) */ 11, /* c */ 1, /* lLen */ }, @@ -167,7 +161,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 295, /* dg */ 141, /* maxMsgLenBytes */ 81, /* dm0 */ - 887, /* 2^c - (2^c mod N) */ 10, /* c */ 1, /* lLen */ }, @@ -186,7 +179,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 390, /* dg */ 186, /* maxMsgLenBytes */ 106, /* dm0 */ - 3513, /* 2^c - (2^c mod N) */ 12, /* c */ 1, /* lLen */ }, @@ -205,7 +197,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 219, /* dg */ 108, /* maxMsgLenBytes */ 38, /* dm0 */ - 1977, /* 2^c - (2^c mod N) */ 11, /* c */ 1, /* lLen */ }, @@ -224,7 +215,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 253, /* dg */ 125, /* maxMsgLenBytes */ 42, /* dm0 */ - 3805, /* 2^c - (2^c mod N) */ 12, /* c */ 1, /* lLen */ }, @@ -243,7 +233,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 362, /* dg */ 178, /* maxMsgLenBytes */ 63, /* dm0 */ - 7609, /* 2^c - (2^c mod N) */ 13, /* c */ 1, /* lLen */ }, @@ -262,7 +251,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 499, /* dg */ 247, /* maxMsgLenBytes */ 79, /* dm0 */ - 7495, /* 2^c - (2^c mod N) */ 13, /* c */ 1, /* lLen */ }, @@ -281,7 +269,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 133, /* dg */ 60, /* maxMsgLenBytes */ 136, /* m(1)_max */ - 2005, /* 2^c - (2^c mod N) */ 11, /* c */ 1, /* lLen */ }, @@ -300,7 +287,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 146, /* dg */ 65, /* maxMsgLenBytes */ 126, /* m(1)_max */ - 439, /* 2^c - (2^c mod N) */ 9, /* c */ 1, /* lLen */ }, @@ -319,7 +305,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 197, /* dg */ 86, /* maxMsgLenBytes */ 90, /* m(1)_max */ - 1779, /* 2^c - (2^c mod N) */ 11, /* c */ 1, /* lLen */ }, @@ -338,7 +323,6 @@ static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { 247, /* dg */ 106, /* maxMsgLenBytes */ 60, /* m(1)_max */ - 8173, /* 2^c - (2^c mod N) */ 13, /* c */ 1, /* lLen */ }, diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h index 731bd36252..e5e977a0ed 100644 --- a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h @@ -59,8 +59,6 @@ typedef struct _NTRU_ENCRYPT_PARAM_SET { octets */ uint16_t min_msg_rep_wt; /* min. message representative weight */ - uint16_t no_bias_limit; /* limit for no bias in - IGF-2 */ uint8_t c_bits; /* no. bits in candidate for deriving an index in IGF-2 */ diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c index a021ace217..f893d4dc4a 100644 --- a/src/libstrongswan/plugins/ntru/ntru_poly.c +++ b/src/libstrongswan/plugins/ntru/ntru_poly.c @@ -69,14 +69,13 @@ METHOD(ntru_poly_t, destroy, void, * Described in header. */ ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed, - uint8_t c_bits, uint16_t limit, - uint16_t poly_len, uint32_t indices_count, - bool is_product_form) + uint8_t c_bits, uint16_t poly_len, + uint32_t indices_count, bool is_product_form) { private_ntru_poly_t *this; size_t hash_len, octet_count = 0, i, num_polys, num_indices[3], indices_len; uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed; - uint16_t index, left = 0; + uint16_t index, limit, left = 0; int poly_i = 0, index_i = 0; ntru_mgf1_t *mgf1; @@ -103,6 +102,7 @@ ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed, indices_len = indices_count; } used = malloc(poly_len); + limit = poly_len * ((1 << c_bits) / poly_len); INIT(this, .public = { diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h index 85bc34128f..92becb122a 100644 --- a/src/libstrongswan/plugins/ntru/ntru_poly.h +++ b/src/libstrongswan/plugins/ntru/ntru_poly.h @@ -55,14 +55,12 @@ struct ntru_poly_t { * @param seed seed used by MGF1 to generate trits from * @param poly_len size of the trits polynomial * @param c_bits number of bits for candidate index - * @param limit conversion to index limit * @param indices_count number of non-zero indices * @param is_product_form generate multiple polynomials */ ntru_poly_t *ntru_poly_create(hash_algorithm_t alg, chunk_t seed, - uint8_t c_bits, uint16_t limit, - uint16_t poly_len, uint32_t indices_count, - bool is_product_form); + uint8_t c_bits, uint16_t poly_len, + uint32_t indices_count, bool is_product_form); #endif /** NTRU_POLY_H_ @}*/ diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c index 23ce695156..e42bb8e96b 100644 --- a/src/libstrongswan/tests/suites/test_ntru.c +++ b/src/libstrongswan/tests/suites/test_ntru.c @@ -33,8 +33,8 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*, IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create, ntru_poly_t*, hash_algorithm_t alg, chunk_t seed, uint8_t c_bits, - uint16_t limit, uint16_t poly_len, - uint32_t indices_count, bool is_product_form) + uint16_t poly_len, uint32_t indices_count, + bool is_product_form) /** * NTRU parameter sets to test @@ -302,7 +302,6 @@ END_TEST typedef struct { uint8_t c_bits; - uint16_t limit; uint16_t poly_len; bool is_product_form; uint32_t indices_count; @@ -428,10 +427,10 @@ mgf1_test_t mgf1_tests[] = { 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2), { - { 9, 439, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)), + { 9, 439, TRUE, 2*(9 + (8 << 8) + (5 << 16)), countof(indices_ees439ep1), indices_ees439ep1 }, - { 11, 1839, 613, FALSE, 2*55, + { 11, 613, FALSE, 2*55, countof(indices_ees613ep1), indices_ees613ep1 } } @@ -515,10 +514,10 @@ mgf1_test_t mgf1_tests[] = { 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2, 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1), { - { 13, 8173, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)), + { 13, 743, TRUE, 2*(11 + (11 << 8) + (15 << 16)), countof(indices_ees743ep1), indices_ees743ep1 }, - { 12, 3513, 1171, FALSE, 2*106, + { 12, 1171, FALSE, 2*106, countof(indices_ees1171ep1), indices_ees1171ep1 } } @@ -633,16 +632,15 @@ START_TEST(test_ntru_poly) seed.len = mgf1_tests[_i].seed_len; p = &mgf1_tests[_i].poly_test[0]; - poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->limit, - p->poly_len, p->indices_count, p->is_product_form); + poly = ntru_poly_create(HASH_UNKNOWN, seed, p->c_bits, p->poly_len, + p->indices_count, p->is_product_form); ck_assert(poly == NULL); for (n = 0; n < 2; n++) { p = &mgf1_tests[_i].poly_test[n]; - poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->limit, - p->poly_len, p->indices_count, - p->is_product_form); + poly = ntru_poly_create(mgf1_tests[_i].alg, seed, p->c_bits, p->poly_len, + p->indices_count, p->is_product_form); ck_assert(poly != NULL && poly->get_size(poly) == p->indices_len); indices = poly->get_indices(poly);