private void IsValid()
{
// test valid key pairs
NtruSign ntru = null;
SignatureKeyPair kp = null;
SignatureParameters[] paramSets = new SignatureParameters[] { SignatureParameters.TEST157, SignatureParameters.TEST157_PROD };
foreach (SignatureParameters param in paramSets)
{
ntru = new NtruSign(param);
kp = ntru.generateKeyPair();
Assert.True(kp.isValid());
}
// test an invalid key pair
int q = kp.pub.q;
kp.pub.h.Multiply(101); // make h invalid
kp.pub.h.ModPositive(q);
Assert.False(kp.isValid());
int inv101 = IntEuclidean.Calculate(101, q).X;
kp.pub.h.Multiply(inv101); // restore h
kp.pub.h.ModPositive(q);
IntegerPolynomial f = kp.priv.getBasis(0).f.ToIntegerPolynomial();
f.Multiply(3); // make f invalid
kp.priv.getBasis(0).f = f;
Assert.False(kp.isValid());
}
private void LoadSave(SignatureParameters param)
{
MemoryStream os = new MemoryStream();
param.writeTo(os);
MemoryStream ins = new MemoryStream(os.ToArray());
Assert.Equals(param, new SignatureParameters(ins));
}
/**
* Constructs a private key that contains no bases
*/
public SignaturePrivateKey(SignatureParameters param)
{
N = param.N;
q = param.q;
sparse = param.sparse;
polyType = param.polyType;
basisType = param.basisType;
keyNormBoundSq = param.keyNormBoundSq;
bases = new List <Basis>();
}
/**
* Constructs a private key that contains no bases
*/
public SignaturePrivateKey(SignatureParameters param)
{
N = param.N;
q = param.q;
sparse = param.sparse;
polyType = param.polyType;
basisType = param.basisType;
keyNormBoundSq = param.keyNormBoundSq;
bases = new List<Basis>();
}
private void CreateBasis(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
FGBasis basis = (FGBasis)ntru.generateBoundedBasis();
Assert.True(EqualsQ(basis.f, basis.fPrime, basis.F, basis.G, param.q, param.N));
// test KeyGenAlg.FLOAT (default=RESULTANT)
param.keyGenAlg = KeyGenAlg.FLOAT;
ntru = new NtruSign(param);
basis = (FGBasis)ntru.generateBoundedBasis();
Assert.True(EqualsQ(basis.f, basis.fPrime, basis.F, basis.G, param.q, param.N));
}
private void EqualsHashCode(SignatureParameters param)
{
MemoryStream os = new MemoryStream();
param.writeTo(os);
MemoryStream ins = new MemoryStream(os.ToArray());
SignatureParameters params2 = new SignatureParameters(ins);
Assert.Equals(param, params2);
Assert.Equals(param.GetHashCode(), params2.GetHashCode());
param.N += 1;
Assert.False(param.Equals(params2));
Assert.False(param.Equals(params2));
Assert.False(param.GetHashCode() == params2.GetHashCode());
}
private void Encode(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
// encode to byte[] and reconstruct
byte[] pub = kp.pub.getEncoded();
byte[] priv = kp.priv.getEncoded();
SignatureKeyPair kp2 = new SignatureKeyPair(new SignaturePrivateKey(priv), new SignaturePublicKey(pub));
Assert.Equals(kp.pub, kp2.pub);
Assert.Equals(kp.priv, kp2.priv);
// encode to OutputStream and reconstruct
MemoryStream bos1 = new MemoryStream();
MemoryStream bos2 = new MemoryStream();
kp.priv.writeTo(bos1);
kp.pub.writeTo(bos2);
MemoryStream bis1 = new MemoryStream(bos1.ToArray());
MemoryStream bis2 = new MemoryStream(bos2.ToArray());
SignatureKeyPair kp3 = new SignatureKeyPair(new SignaturePrivateKey(bis1), new SignaturePublicKey(bis2));
Assert.Equals(kp.pub, kp3.pub);
Assert.Equals(kp.priv, kp3.priv);
// Assert.assertNull(kp3.priv.getBasis(0).h); ToDo: why?
}
private void GetOutputLength()
{
SignatureParameters[] paramSets = new SignatureParameters[] { SignatureParameters.TEST157, SignatureParameters.TEST157_PROD, SignatureParameters.APR2011_439_PROD };
byte[] msg = ArrayUtils.ToBytes("test message 12345");
foreach (SignatureParameters param in paramSets)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
byte[] s = ntru.sign(msg, kp);
Assert.Equals(param.getOutputLength(), s.Length);
}
}
private void CreateMsgRep(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
byte[] msgHash = ArrayUtils.ToBytes("adfsadfsdfs23234234");
// verify that the message representative is reproducible
IntegerPolynomial i1 = ntru.createMsgRep(msgHash, 1);
IntegerPolynomial i2 = ntru.createMsgRep(msgHash, 1);
Assert.ArrayEquals(i1.Coeffs, i2.Coeffs);
i1 = ntru.createMsgRep(msgHash, 5);
i2 = ntru.createMsgRep(msgHash, 5);
Assert.ArrayEquals(i1.Coeffs, i2.Coeffs);
i1 = ntru.createMsgRep(msgHash, 2);
i2 = ntru.createMsgRep(msgHash, 3);
Assert.False(Compare.AreEqual(i1.Coeffs, i2.Coeffs));
}
private void InitUpdateSign(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
Random rng = new Random();
byte[] msg = new byte[10 + rng.Next(1000)];
rng.NextBytes(msg);
// sign and verify a message in two pieces each
ntru.initSign(kp);
int splitIdx = rng.Next(msg.Length);
ntru.update(ArrayUtils.CopyOf(msg, splitIdx)); // part 1 of msg
byte[] s = ntru.sign(ArrayUtils.CopyOfRange(msg, splitIdx, msg.Length)); // part 2 of msg
ntru.initVerify(kp.pub);
splitIdx = rng.Next(msg.Length);
ntru.update(ArrayUtils.CopyOf(msg, splitIdx)); // part 1 of msg
ntru.update(ArrayUtils.CopyOfRange(msg, splitIdx, msg.Length)); // part 2 of msg
bool valid = ntru.verify(s);
Assert.True(valid);
// verify the same signature with the one-step method
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// sign using the one-step method and verify using the multi-step method
s = ntru.sign(msg, kp);
ntru.initVerify(kp.pub);
splitIdx = rng.Next(msg.Length);
ntru.update(ArrayUtils.CopyOf(msg, splitIdx)); // part 1 of msg
ntru.update(ArrayUtils.CopyOfRange(msg, splitIdx, msg.Length)); // part 2 of msg
valid = ntru.verify(s);
Assert.True(valid);
}
private void SignVerify(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
Assert.Equals(param.B + 1, kp.priv.getNumBases());
Random rng = new Random();
byte[] msg = new byte[10 + rng.Next(1000)];
rng.NextBytes(msg);
// sign and verify
byte[] s = ntru.sign(msg, kp);
bool valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// altering the signature should make it invalid
s[rng.Next(param.N)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// test that a random signature fails
rng.NextBytes(s);
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// encode, decode keypair, test
SignaturePrivateKey priv = new SignaturePrivateKey(kp.priv.getEncoded());
SignaturePublicKey pub = new SignaturePublicKey(kp.pub.getEncoded());
kp = new SignatureKeyPair(priv, pub);
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// altering the signature should make it invalid
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
// sparse/dense
param.sparse = !param.sparse;
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
param.sparse = !param.sparse;
// decrease NormBound to force multiple signing attempts
SignatureParameters params2 = param.Clone();
params2.normBoundSq *= (float)4.0 / 9; // works for APR2011_439_PROD but may need to be increased for different params
params2.signFailTolerance = 10000;
ntru = new NtruSign(params2);
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
// test KeyGenAlg.FLOAT (default=RESULTANT)
params2 = param.Clone();
param.keyGenAlg = KeyGenAlg.FLOAT;
ntru = new NtruSign(param);
kp = ntru.generateKeyPair();
s = ntru.sign(msg, kp);
valid = ntru.verify(msg, s, kp.pub);
Assert.True(valid);
s[rng.Next(s.Length)] += 1;
valid = ntru.verify(msg, s, kp.pub);
Assert.False(valid);
}
/**
* Constructs a new instance with a set of signature parameters.
* @param params signature parameters
* @deprecated the NtruSign algorithm is broken
*/
public NtruSign(SignatureParameters param)
{
this.param = param;
}
/**
* Constructs a new instance with a set of signature parameters.
* @param params signature parameters
* @deprecated the NtruSign algorithm is broken
*/
public NtruSign(SignatureParameters param)
{
this.param = param;
}
private void Encode(SignatureParameters param)
{
NtruSign ntru = new NtruSign(param);
SignatureKeyPair kp = ntru.generateKeyPair();
// encode to byte[] and reconstruct
byte[] enc = kp.getEncoded();
SignatureKeyPair kp2 = new SignatureKeyPair(enc);
Assert.Equals(kp, kp2);
// encode to OutputStream and reconstruct
MemoryStream bos = new MemoryStream();
kp.writeTo(bos);
MemoryStream bis = new MemoryStream(bos.ToArray());
SignatureKeyPair kp3 = new SignatureKeyPair(bis);
Assert.Equals(kp, kp3);
}
private void Encode()
{
SignatureParameters[] paramSets = new SignatureParameters[] { SignatureParameters.TEST157, SignatureParameters.TEST157_PROD };
foreach (SignatureParameters param in paramSets)
Encode(param);
}
//@Override
public override bool Equals(Object obj)
{
if (this == obj)
{
return(true);
}
if (obj == null)
{
return(false);
}
if (!(obj.GetType().IsAssignableFrom(typeof(SignatureParameters))))
{
return(false);
}
SignatureParameters other = (SignatureParameters)obj;
if (B != other.B)
{
return(false);
}
if (N != other.N)
{
return(false);
}
if (basisType == null)
{
if (other.basisType != null)
{
return(false);
}
}
else if (!basisType.Equals(other.basisType))
{
return(false);
}
if (IntUtils.floatToIntBits(beta) != IntUtils.floatToIntBits(other.beta))
{
return(false);
}
if (IntUtils.floatToIntBits(betaSq) != IntUtils.floatToIntBits(other.betaSq))
{
return(false);
}
if (bitsF != other.bitsF)
{
return(false);
}
if (d != other.d)
{
return(false);
}
if (d1 != other.d1)
{
return(false);
}
if (d2 != other.d2)
{
return(false);
}
if (d3 != other.d3)
{
return(false);
}
if (hashAlg == null)
{
if (other.hashAlg != null)
{
return(false);
}
}
else if (!hashAlg.Equals(other.hashAlg))
{
return(false);
}
if (keyGenAlg == null)
{
if (other.keyGenAlg != null)
{
return(false);
}
}
else if (!keyGenAlg.Equals(other.keyGenAlg))
{
return(false);
}
if (IntUtils.floatToIntBits(keyNormBound) != IntUtils.floatToIntBits(other.keyNormBound))
{
return(false);
}
if (IntUtils.floatToIntBits(keyNormBoundSq) != IntUtils.floatToIntBits(other.keyNormBoundSq))
{
return(false);
}
if (IntUtils.floatToIntBits(normBound) != IntUtils.floatToIntBits(other.normBound))
{
return(false);
}
if (IntUtils.floatToIntBits(normBoundSq) != IntUtils.floatToIntBits(other.normBoundSq))
{
return(false);
}
if (polyType == null)
{
if (other.polyType != null)
{
return(false);
}
}
else if (!polyType.Equals(other.polyType))
{
return(false);
}
if (primeCheck != other.primeCheck)
{
return(false);
}
if (q != other.q)
{
return(false);
}
if (signFailTolerance != other.signFailTolerance)
{
return(false);
}
if (sparse != other.sparse)
{
return(false);
}
return(true);
}
