uint8_t ntru_encrypt(uint8_t *msg, uint16_t msg_len, NtruEncPubKey *pub, const NtruEncParams *params, NtruRandContext *rand_ctx, uint8_t *enc) {
uint16_t N = params->N;
uint16_t q = params->q;
uint16_t db = params->db;
uint16_t max_len_bytes = ntru_max_msg_len(params);
uint16_t dm0 = params->dm0;
if (max_len_bytes > 255)
return NTRU_ERR_INVALID_MAX_LEN;
if (msg_len > max_len_bytes)
return NTRU_ERR_MSG_TOO_LONG;
for (;;) {
/* M = b|octL|msg|p0 */
uint8_t b[db/8];
if (ntru_rand_generate(b, db/8, rand_ctx) != NTRU_SUCCESS)
return NTRU_ERR_PRNG;
uint16_t M_len = db/8 + 1 + max_len_bytes + 1;
uint8_t M[M_len];
memcpy(&M, &b, db/8);
uint8_t *M_head = (uint8_t*)&M + db/8;
*M_head = msg_len;
M_head++;
memcpy(M_head, msg, msg_len);
M_head += msg_len;
memset(M_head, 0, max_len_bytes+1-msg_len);
NtruIntPoly mtrin;
ntru_from_sves((uint8_t*)&M, M_len, N, &mtrin);
uint16_t blen = params->db / 8;
uint16_t sdata_len = sizeof(params->oid) + msg_len + blen + blen;
uint8_t sdata[sdata_len];
ntru_get_seed(msg, msg_len, &pub->h, (uint8_t*)&b, params, (uint8_t*)&sdata);
NtruIntPoly R;
NtruPrivPoly r;
ntru_gen_blind_poly((uint8_t*)&sdata, sdata_len, params, &r);
ntru_mult_priv(&r, &pub->h, &R, q);
uint16_t oR4_len = (N*2+7) / 8;
uint8_t oR4[oR4_len];
ntru_to_arr4(&R, (uint8_t*)&oR4);
NtruIntPoly mask;
ntru_MGF((uint8_t*)&oR4, oR4_len, params, &mask);
ntru_add_int(&mtrin, &mask);
ntru_mod3(&mtrin);
if (!ntru_check_rep_weight(&mtrin, dm0))
continue;
ntru_add_int(&R, &mtrin);
ntru_to_arr(&R, q, enc);
return NTRU_SUCCESS;
}
}
void ntru_decrypt_poly(NtruIntPoly *e, NtruEncPrivKey *priv, uint16_t q, NtruIntPoly *d) {
ntru_mult_priv(&priv->t, e, d, q);
ntru_mult_fac(d, 3);
ntru_add_int(d, e);
ntru_mod_center(d, q);
ntru_mod3(d);
}
void decrypt_poly(NtruIntPoly *e, NtruEncPrivKey *priv, NtruIntPoly *d, uint16_t modulus) {
#ifndef NTRU_AVOID_HAMMING_WT_PATENT
if (priv->t.prod_flag)
ntru_mult_prod(e, &priv->t.poly.prod, d, modulus-1);
else
#endif /* NTRU_AVOID_HAMMING_WT_PATENT */
ntru_mult_tern(e, &priv->t.poly.tern, d, modulus-1);
ntru_mod_mask(d, modulus-1);
ntru_mult_fac(d, 3);
ntru_add_int(d, e);
ntru_mod_center(d, modulus);
ntru_mod3(d);
uint16_t i;
for (i=0; i<d->N; i++)
if (d->coeffs[i] == 2)
d->coeffs[i] = -1;
}
void encrypt_poly(NtruIntPoly *m, NtruTernPoly *r, NtruIntPoly *h, NtruIntPoly *e, uint16_t q) {
ntru_mult_tern(h, r, e, q);
ntru_add_int(e, m);
ntru_mod_mask(e, q-1);
}
