private void IsValid()
{
// test valid key pairs
NtruSign ntru = null;
SignatureKeyPair kp = null;
SignatureParameters[] paramSets = new SignatureParameters[] { SignatureParameters.TEST157, SignatureParameters.TEST157_PROD };
foreach (SignatureParameters param in paramSets)
{
ntru = new NtruSign(param);
kp = ntru.generateKeyPair();
Assert.True(kp.isValid());
}
// test an invalid key pair
int q = kp.pub.q;
kp.pub.h.Multiply(101); // make h invalid
kp.pub.h.ModPositive(q);
Assert.False(kp.isValid());
int inv101 = IntEuclidean.Calculate(101, q).X;
kp.pub.h.Multiply(inv101); // restore h
kp.pub.h.ModPositive(q);
IntegerPolynomial f = kp.priv.getBasis(0).f.ToIntegerPolynomial();
f.Multiply(3); // make f invalid
kp.priv.getBasis(0).f = f;
Assert.False(kp.isValid());
}
private void CreateBasis(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
FGBasis basis = (FGBasis)ntru.generateBoundedBasis();
Assert.True(EqualsQ(basis.f, basis.fPrime, basis.F, basis.G, param.q, param.N));
// test KeyGenAlg.FLOAT (default=RESULTANT)
param.keyGenAlg = KeyGenAlg.FLOAT;
ntru = new NtruSign(param);
basis = (FGBasis)ntru.generateBoundedBasis();
Assert.True(EqualsQ(basis.f, basis.fPrime, basis.F, basis.G, param.q, param.N));
}
private void Encode(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
// encode to byte[] and reconstruct
byte[] pub = kp.pub.getEncoded();
byte[] priv = kp.priv.getEncoded();
SignatureKeyPair kp2 = new SignatureKeyPair(new SignaturePrivateKey(priv), new SignaturePublicKey(pub));
Assert.Equals(kp.pub, kp2.pub);
Assert.Equals(kp.priv, kp2.priv);
// encode to OutputStream and reconstruct
MemoryStream bos1 = new MemoryStream();
MemoryStream bos2 = new MemoryStream();
kp.priv.writeTo(bos1);
kp.pub.writeTo(bos2);
MemoryStream bis1 = new MemoryStream(bos1.ToArray());
MemoryStream bis2 = new MemoryStream(bos2.ToArray());
SignatureKeyPair kp3 = new SignatureKeyPair(new SignaturePrivateKey(bis1), new SignaturePublicKey(bis2));
Assert.Equals(kp.pub, kp3.pub);
Assert.Equals(kp.priv, kp3.priv);
// Assert.assertNull(kp3.priv.getBasis(0).h); ToDo: why?
}
private void GetOutputLength()
{
SignatureParameters[] paramSets = new SignatureParameters[] { SignatureParameters.TEST157, SignatureParameters.TEST157_PROD, SignatureParameters.APR2011_439_PROD };
byte[] msg = ArrayUtils.ToBytes("test message 12345");
foreach (SignatureParameters param in paramSets)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
byte[] s = ntru.sign(msg, kp);
Assert.Equals(param.getOutputLength(), s.Length);
}
}
private void CreateMsgRep(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
byte[] msgHash = ArrayUtils.ToBytes("adfsadfsdfs23234234");
// verify that the message representative is reproducible
IntegerPolynomial i1 = ntru.createMsgRep(msgHash, 1);
IntegerPolynomial i2 = ntru.createMsgRep(msgHash, 1);
Assert.ArrayEquals(i1.Coeffs, i2.Coeffs);
i1 = ntru.createMsgRep(msgHash, 5);
i2 = ntru.createMsgRep(msgHash, 5);
Assert.ArrayEquals(i1.Coeffs, i2.Coeffs);
i1 = ntru.createMsgRep(msgHash, 2);
i2 = ntru.createMsgRep(msgHash, 3);
Assert.False(Compare.AreEqual(i1.Coeffs, i2.Coeffs));
}
private void InitUpdateSign(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
Random rng = new Random();
byte[] msg = new byte[10 + rng.Next(1000)];
rng.NextBytes(msg);
// sign and verify a message in two pieces each
ntru.initSign(kp);
int splitIdx = rng.Next(msg.Length);
ntru.update(ArrayUtils.CopyOf(msg, splitIdx)); // part 1 of msg
byte[] s = ntru.sign(ArrayUtils.CopyOfRange(msg, splitIdx, msg.Length)); // part 2 of msg
ntru.initVerify(kp.pub);
splitIdx = rng.Next(msg.Length);
ntru.update(ArrayUtils.CopyOf(msg, splitIdx)); // part 1 of msg
ntru.update(ArrayUtils.CopyOfRange(msg, splitIdx, msg.Length)); // part 2 of msg
bool valid = ntru.verify(s);
Assert.True(valid);
// verify the same signature with the one-step method
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// sign using the one-step method and verify using the multi-step method
s = ntru.sign(msg, kp);
ntru.initVerify(kp.pub);
splitIdx = rng.Next(msg.Length);
ntru.update(ArrayUtils.CopyOf(msg, splitIdx)); // part 1 of msg
ntru.update(ArrayUtils.CopyOfRange(msg, splitIdx, msg.Length)); // part 2 of msg
valid = ntru.verify(s);
Assert.True(valid);
}
private void SignVerify(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
Assert.Equals(param.B + 1, kp.priv.getNumBases());
Random rng = new Random();
byte[] msg = new byte[10 + rng.Next(1000)];
rng.NextBytes(msg);
// sign and verify
byte[] s = ntru.sign(msg, kp);
bool valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// altering the signature should make it invalid
s[rng.Next(param.N)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// test that a random signature fails
rng.NextBytes(s);
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// encode, decode keypair, test
SignaturePrivateKey priv = new SignaturePrivateKey(kp.priv.getEncoded());
SignaturePublicKey pub = new SignaturePublicKey(kp.pub.getEncoded());
kp = new SignatureKeyPair(priv, pub);
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// altering the signature should make it invalid
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// sparse/dense
param.sparse = !param.sparse;
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
param.sparse = !param.sparse;
// decrease NormBound to force multiple signing attempts
SignatureParameters params2 = param.Clone();
params2.normBoundSq *= (float)4.0 / 9; // works for APR2011_439_PROD but may need to be increased for different params
params2.signFailTolerance = 10000;
ntru = new NtruSign(params2);
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// test KeyGenAlg.FLOAT (default=RESULTANT)
params2 = param.Clone();
param.keyGenAlg = KeyGenAlg.FLOAT;
ntru = new NtruSign(param);
kp = ntru.generateKeyPair();
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
}
private void Encode(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
// encode to byte[] and reconstruct
byte[] enc = kp.getEncoded();
SignatureKeyPair kp2 = new SignatureKeyPair(enc);
Assert.Equals(kp, kp2);
// encode to OutputStream and reconstruct
MemoryStream bos = new MemoryStream();
kp.writeTo(bos);
MemoryStream bis = new MemoryStream(bos.ToArray());
SignatureKeyPair kp3 = new SignatureKeyPair(bis);
Assert.Equals(kp, kp3);
}
