uint8_t ntru_encrypt(uint8_t *msg, uint16_t msg_len, NtruEncPubKey *pub, const NtruEncParams *params, NtruRandContext *rand_ctx, uint8_t *enc) {
uint16_t N = params->N;
uint16_t q = params->q;
uint16_t db = params->db;
uint16_t max_len_bytes = ntru_max_msg_len(params);
uint16_t dm0 = params->dm0;
if (max_len_bytes > 255)
return NTRU_ERR_INVALID_MAX_LEN;
if (msg_len > max_len_bytes)
return NTRU_ERR_MSG_TOO_LONG;
for (;;) {
/* M = b|octL|msg|p0 */
uint8_t b[db/8];
if (ntru_rand_generate(b, db/8, rand_ctx) != NTRU_SUCCESS)
return NTRU_ERR_PRNG;
uint16_t M_len = db/8 + 1 + max_len_bytes + 1;
uint8_t M[M_len];
memcpy(&M, &b, db/8);
uint8_t *M_head = (uint8_t*)&M + db/8;
*M_head = msg_len;
M_head++;
memcpy(M_head, msg, msg_len);
M_head += msg_len;
memset(M_head, 0, max_len_bytes+1-msg_len);
NtruIntPoly mtrin;
ntru_from_sves((uint8_t*)&M, M_len, N, &mtrin);
uint16_t blen = params->db / 8;
uint16_t sdata_len = sizeof(params->oid) + msg_len + blen + blen;
uint8_t sdata[sdata_len];
ntru_get_seed(msg, msg_len, &pub->h, (uint8_t*)&b, params, (uint8_t*)&sdata);
NtruIntPoly R;
NtruPrivPoly r;
ntru_gen_blind_poly((uint8_t*)&sdata, sdata_len, params, &r);
ntru_mult_priv(&r, &pub->h, &R, q);
uint16_t oR4_len = (N*2+7) / 8;
uint8_t oR4[oR4_len];
ntru_to_arr4(&R, (uint8_t*)&oR4);
NtruIntPoly mask;
ntru_MGF((uint8_t*)&oR4, oR4_len, params, &mask);
ntru_add_int(&mtrin, &mask);
ntru_mod3(&mtrin);
if (!ntru_check_rep_weight(&mtrin, dm0))
continue;
ntru_add_int(&R, &mtrin);
ntru_to_arr(&R, q, enc);
return NTRU_SUCCESS;
}
}
/* tests ntru_encrypt() with a non-deterministic RNG */
uint8_t test_encr_decr_nondet(NtruEncParams *params) {
NtruEncKeyPair kp;
NtruRandGen rng = NTRU_RNG_DEFAULT;
NtruRandContext rand_ctx;
uint8_t valid = ntru_rand_init(&rand_ctx, &rng) == NTRU_SUCCESS;
valid &= ntru_gen_key_pair(params, &kp, &rand_ctx) == NTRU_SUCCESS;
uint16_t max_len = ntru_max_msg_len(params);
uint8_t plain[max_len];
valid &= ntru_rand_generate(plain, max_len, &rand_ctx) == NTRU_SUCCESS;
uint16_t enc_len = ntru_enc_len(params);
uint8_t encrypted[enc_len];
uint8_t decrypted[max_len];
uint16_t plain_len;
for (plain_len=0; plain_len<=max_len; plain_len++) {
valid &= ntru_encrypt((uint8_t*)&plain, plain_len, &kp.pub, params, &rand_ctx, (uint8_t*)&encrypted) == NTRU_SUCCESS;
uint16_t dec_len;
valid &= ntru_decrypt((uint8_t*)&encrypted, &kp, params, (uint8_t*)&decrypted, &dec_len) == NTRU_SUCCESS;
valid &= equals_arr((uint8_t*)&plain, (uint8_t*)&decrypted, plain_len);
}
valid &= ntru_rand_release(&rand_ctx) == NTRU_SUCCESS;
return valid;
}
/* tests ntru_encrypt() with a deterministic RNG */
uint8_t test_encr_decr_det(NtruEncParams *params, uint8_t *digest_expected) {
NtruEncKeyPair kp;
uint8_t valid = gen_key_pair("seed value for key generation", params, &kp) == NTRU_SUCCESS;
uint8_t pub_arr[ntru_pub_len(params)];
ntru_export_pub(&kp.pub, pub_arr);
NtruEncPubKey pub2;
ntru_import_pub(pub_arr, &pub2);
valid &= ntru_equals_int(&kp.pub.h, &pub2.h);
NtruRandContext rand_ctx_plaintext;
uint16_t max_len = ntru_max_msg_len(params);
uint8_t plain[max_len];
NtruRandGen rng_plaintext = NTRU_RNG_IGF2;
char plain_seed_char[25];
strcpy(plain_seed_char, "seed value for plaintext");
uint8_t plain_seed[25];
str_to_uint8(plain_seed_char, plain_seed);
valid &= ntru_rand_init_det(&rand_ctx_plaintext, &rng_plaintext, plain_seed, strlen(plain_seed_char)) == NTRU_SUCCESS;
valid &= ntru_rand_generate(plain, max_len, &rand_ctx_plaintext) == NTRU_SUCCESS;
valid &= ntru_rand_release(&rand_ctx_plaintext) == NTRU_SUCCESS;
uint8_t plain2[max_len];
memcpy(plain2, plain, max_len);
uint16_t enc_len = ntru_enc_len(params);
uint8_t encrypted[enc_len];
uint8_t encrypted2[enc_len];
char seed_char[11];
strcpy(seed_char, "seed value");
uint8_t seed[11];
str_to_uint8(seed_char, seed);
char seed2_char[11];
strcpy(seed2_char, "seed value");
uint8_t seed2[11];
str_to_uint8(seed2_char, seed2);
NtruRandContext rand_ctx;
NtruRandGen rng = NTRU_RNG_IGF2;
valid &= ntru_rand_init_det(&rand_ctx, &rng, seed, strlen(seed_char)) == NTRU_SUCCESS;
NtruRandContext rand_ctx2;
NtruRandGen rng2 = NTRU_RNG_IGF2;
valid &= ntru_rand_init_det(&rand_ctx2, &rng2, seed2, strlen(seed2_char)) == NTRU_SUCCESS;
uint8_t decrypted[max_len];
uint16_t plain_len;
uint16_t dec_len;
for (plain_len=0; plain_len<=max_len; plain_len++) {
valid &= ntru_encrypt((uint8_t*)&plain, plain_len, &kp.pub, params, &rand_ctx, (uint8_t*)&encrypted) == NTRU_SUCCESS;
valid &= ntru_encrypt((uint8_t*)&plain2, plain_len, &pub2, params, &rand_ctx2, (uint8_t*)&encrypted2) == NTRU_SUCCESS;
valid &= memcmp(encrypted, encrypted2, enc_len) == 0;
valid &= ntru_decrypt((uint8_t*)&encrypted, &kp, params, (uint8_t*)&decrypted, &dec_len) == NTRU_SUCCESS;
valid &= equals_arr((uint8_t*)&plain, (uint8_t*)&decrypted, plain_len);
}
uint8_t digest[20];
ntru_sha1(encrypted, enc_len, digest);
valid &= memcmp(digest, digest_expected, 20) == 0;
valid &= ntru_rand_release(&rand_ctx) == NTRU_SUCCESS;
valid &= ntru_rand_release(&rand_ctx2) == NTRU_SUCCESS;
return valid;
}
uint8_t ntru_decrypt(uint8_t *enc, NtruEncKeyPair *kp, const NtruEncParams *params, uint8_t *dec, uint16_t *dec_len) {
ntru_set_optimized_impl();
uint16_t N = params->N;
uint16_t q = params->q;
uint16_t db = params->db;
uint16_t max_len_bytes = ntru_max_msg_len(params);
uint16_t dm0 = params->dm0;
if (q & (q-1)) /* check that modulus is a power of 2 */
return NTRU_ERR_INVALID_PARAM;
if (max_len_bytes > 255)
return NTRU_ERR_INVALID_MAX_LEN;
uint16_t blen = db / 8;
uint8_t retcode = NTRU_SUCCESS;
NtruIntPoly e;
ntru_from_arr(enc, N, q, &e);
NtruIntPoly ci;
ntru_decrypt_poly(&e, &kp->priv, q, &ci);
if (!ntru_check_rep_weight(&ci, dm0) && retcode==NTRU_SUCCESS)
retcode = NTRU_ERR_DM0_VIOLATION;
NtruIntPoly cR = e;
ntru_sub(&cR, &ci);
ntru_mod_mask(&cR, q-1);
uint16_t coR4_len = (N*2+7) / 8;
uint8_t coR4[coR4_len];
ntru_to_arr4(&cR, (uint8_t*)&coR4);
NtruIntPoly mask;
ntru_MGF((uint8_t*)&coR4, coR4_len, params, &mask);
NtruIntPoly cmtrin = ci;
ntru_sub(&cmtrin, &mask);
ntru_mod3(&cmtrin);
uint16_t cM_len_bits = (N*3+1) / 2;
uint16_t cM_len_bytes = (cM_len_bits+7) / 8;
uint8_t cM[cM_len_bytes+3]; /* 3 extra bytes for ntru_to_sves() */
if (!ntru_to_sves(&cmtrin, (uint8_t*)&cM) && retcode==NTRU_SUCCESS)
retcode = NTRU_ERR_INVALID_ENCODING;
uint8_t cb[blen];
uint8_t *cM_head = cM;
memcpy(cb, cM_head, blen);
cM_head += blen;
uint8_t cl = *cM_head; /* llen=1, so read one byte */
cM_head++;
if (cl > max_len_bytes) {
if (retcode == NTRU_SUCCESS)
retcode = NTRU_ERR_MSG_TOO_LONG;
cl = max_len_bytes; /* prevent buffer overrun in memcpy below */
}
memcpy(dec, cM_head, cl);
cM_head += cl;
uint8_t *i;
for (i=cM_head; i<cM+cM_len_bytes; i++)
if (*i && retcode==NTRU_SUCCESS)
retcode = NTRU_ERR_NO_ZERO_PAD;
uint16_t sdata_len = sizeof(params->oid) + cl + blen + db/8;
uint8_t sdata[sdata_len];
ntru_get_seed(dec, cl, &kp->pub.h, (uint8_t*)&cb, params, (uint8_t*)&sdata);
NtruPrivPoly cr;
ntru_gen_blind_poly((uint8_t*)&sdata, sdata_len, params, &cr);
NtruIntPoly cR_prime;
ntru_mult_priv(&cr, &kp->pub.h, &cR_prime, q-1);
if (!ntru_equals_int(&cR_prime, &cR) && retcode==NTRU_SUCCESS)
retcode = NTRU_ERR_INVALID_ENCODING;
*dec_len = cl;
return retcode;
}
int main(int argc, const char * argv[]) {
// printf("The argument supplied is %s\n", argv[1]);
struct NtruEncParams params = NTRU_DEFAULT_PARAMS_128_BITS; /*see encparams.h for more*/
NtruRandGen rng_def = NTRU_RNG_DEFAULT;
NtruRandContext rand_ctx_def;
if (ntru_rand_init(&rand_ctx_def, &rng_def) != NTRU_SUCCESS)
printf("rng fail\n");
NtruEncKeyPair kp;
if (ntru_gen_key_pair(¶ms, &kp, &rand_ctx_def) != NTRU_SUCCESS)
printf("keygen fail\n");
/* deterministic key generation from password */
// uint8_t seed[sizeof(argv[1])];
// strcpy(seed, argv[1]);
uint8_t seed[sizeof("testttsdsdfsfdfsdfsrrttrwwerwerwer34536")];
strcpy(seed, "testttsdsdfsfdfsdfsrrttrwwerwerwer34536");
NtruRandGen rng_igf2 = NTRU_RNG_IGF2;
NtruRandContext rand_ctx_igf2;
if (ntru_rand_init_det(&rand_ctx_igf2, &rng_igf2, seed, strlen(seed)) != NTRU_SUCCESS)
printf("rng fail\n");
if (ntru_gen_key_pair(¶ms, &kp, &rand_ctx_igf2) != NTRU_SUCCESS)
printf("keygen fail\n");
uint16_t pub_len=ntru_pub_len(¶ms);
uint16_t priv_len=ntru_priv_len(¶ms);
printf("pub len: %i\n",pub_len);
printf("priv len: %i\n",priv_len);
uint8_t pubK[pub_len];
uint8_t privK[priv_len];
//
ntru_export_pub(&kp.pub, pubK);
ntru_export_priv(&kp.priv, privK);
// printf("----------------------------\n");
// pubK[0];
// printf("%u\n",pubK[0]);
// printf("%u\n",privK[1]);
// printf("%u\n",pubK[2]);
// printf("----------------------------\n");
/* encryption */
uint8_t msg[60];
strcpy(msg, "whateverr12345whateverr12345whateverr12345whateverr12345");
uint8_t enc[ntru_enc_len(¶ms)];
if (ntru_encrypt(msg, strlen(msg), &kp.pub, ¶ms, &rand_ctx_def, enc) != NTRU_SUCCESS)
printf("encrypt fail\n");
// printf(enc);
/* release RNG resources */
if (ntru_rand_release(&rand_ctx_def) != NTRU_SUCCESS)
printf("rng fail\n");
if (ntru_rand_release(&rand_ctx_igf2) != NTRU_SUCCESS)
printf("rng fail\n");
/* decryption */
uint8_t dec[ntru_max_msg_len(¶ms)];
uint16_t dec_len;
if (ntru_decrypt((uint8_t*)&enc, &kp, ¶ms, (uint8_t*)&dec, &dec_len) != NTRU_SUCCESS)
printf("decrypt fail\n");
//
// /* export key to uint8_t array */
// uint8_t pub_arr[ntru_pub_len(¶ms)];
// ntru_export_pub(&kp.pub, pub_arr);
//
// /* import key from uint8_t array */
// NtruEncPubKey pub;
// ntru_import_pub(pub_arr, &pub);
FILE *privFile = fopen("priv.key", "w");
for(int i;i<priv_len;i++){
fprintf(privFile, "%d", privK[i]);
}
fclose(privFile);
FILE *pubFile = fopen("pub.key", "w");
for(int i;i<pub_len;i++){
fprintf(pubFile, "%d", pubK[i]);
}
fclose(pubFile);
return 0;
}
