mbedtls/tests/suites/test_suite_lmots.function
Raef Coles 66edf6a833
Use hsslms data for LMOTS import/export test
Also, test that export fails when the buffer is too small.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:58 +01:00

237 lines
8.7 KiB
C

/* BEGIN_HEADER */
#include "lmots.h"
#include "mbedtls/lms.h"
#if defined(MBEDTLS_TEST_HOOKS)
int check_lmots_private_key_for_leak(unsigned char * sig)
{
size_t idx;
for( idx = MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(MBEDTLS_LMOTS_SHA256_N32_W8);
idx < MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
idx++ )
{
if( sig[idx] != 0x7E ) {
return 1;
}
}
return 0;
}
#endif /* defined(MBEDTLS_TEST_HOOKS) */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_LMS_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
void lmots_sign_verify_test ( data_t *msg, data_t *key_id, int leaf_id,
data_t *seed )
{
mbedtls_lmots_public_t pub_ctx;
mbedtls_lmots_private_t priv_ctx;
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_public_init( &pub_ctx );
mbedtls_lmots_private_init( &priv_ctx );
TEST_EQUAL( mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len ), 0 );
TEST_EQUAL( mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx), 0 );
TEST_EQUAL( mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
msg->x, msg->len, sig, sizeof(sig), NULL ), 0 );
TEST_EQUAL( mbedtls_lmots_verify(&pub_ctx, msg->x, msg->len, sig, sizeof(sig)), 0 );
exit:
mbedtls_lmots_public_free( &pub_ctx );
mbedtls_lmots_private_free( &priv_ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
void lmots_sign_verify_null_msg_test ( data_t *key_id, int leaf_id, data_t *seed )
{
mbedtls_lmots_public_t pub_ctx;
mbedtls_lmots_private_t priv_ctx;
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_public_init( &pub_ctx );
mbedtls_lmots_private_init( &priv_ctx );
TEST_EQUAL( mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len ), 0 );
TEST_EQUAL( mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx), 0 );
TEST_EQUAL( mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
NULL, 0, sig, sizeof(sig), NULL ), 0 );
TEST_EQUAL( mbedtls_lmots_verify(&pub_ctx, NULL, 0, sig, sizeof(sig)), 0 );
exit:
mbedtls_lmots_public_free( &pub_ctx );
mbedtls_lmots_private_free( &priv_ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void lmots_verify_test ( data_t *msg, data_t *sig, data_t *pub_key,
int expected_rc )
{
mbedtls_lmots_public_t ctx;
unsigned int size;
unsigned char *tmp_sig = NULL;
mbedtls_lmots_public_init( &ctx );
TEST_EQUAL(mbedtls_lmots_import_public_key( &ctx, pub_key->x, pub_key->len ), 0);
TEST_EQUAL(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ), expected_rc);
/* Test negative cases if the input data is valid */
if( expected_rc == 0 )
{
if( msg->len >= 1 )
{
/* Altering first message byte must cause verification failure */
msg->x[0] ^= 1;
TEST_EQUAL(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ),
MBEDTLS_ERR_LMS_VERIFY_FAILED);
msg->x[0] ^= 1;
/* Altering last message byte must cause verification failure */
msg->x[msg->len - 1] ^= 1;
TEST_EQUAL(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ),
MBEDTLS_ERR_LMS_VERIFY_FAILED);
msg->x[msg->len - 1] ^= 1;
}
/* Altering first signature byte must cause verification failure */
sig->x[0] ^= 1;
TEST_EQUAL(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ),
MBEDTLS_ERR_LMS_VERIFY_FAILED);
sig->x[0] ^= 1;
/* Altering first signature byte must cause verification failure */
sig->x[0] ^= 1;
TEST_EQUAL(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ),
MBEDTLS_ERR_LMS_VERIFY_FAILED);
sig->x[0] ^= 1;
/* Altering last signature byte must cause verification failure */
sig->x[sig->len - 1] ^= 1;
TEST_EQUAL(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ),
MBEDTLS_ERR_LMS_VERIFY_FAILED);
sig->x[sig->len - 1] ^= 1;
/* Signatures of all sizes must not verify, whether shorter or longer */
for( size = 0; size < sig->len; size++ ) {
if( size == sig->len )
continue;
ASSERT_ALLOC( tmp_sig, size );
if( tmp_sig != NULL )
memcpy( tmp_sig, sig->x, MIN(size, sig->len) );
TEST_EQUAL(mbedtls_lmots_verify( &ctx, msg->x, msg->len, tmp_sig, size ),
MBEDTLS_ERR_LMS_VERIFY_FAILED);
mbedtls_free( tmp_sig );
tmp_sig = NULL;
}
}
exit:
mbedtls_lmots_public_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void lmots_import_export_test ( data_t * pub_key, int expected_import_rc )
{
mbedtls_lmots_public_t ctx;
unsigned char *exported_pub_key = NULL;
size_t exported_pub_key_buf_size;
size_t exported_pub_key_size;
mbedtls_lmots_public_init( &ctx );
TEST_EQUAL( mbedtls_lmots_import_public_key( &ctx, pub_key->x, pub_key->len ),
expected_import_rc );
if( expected_import_rc == 0 )
{
exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
ASSERT_ALLOC( exported_pub_key, exported_pub_key_buf_size );
TEST_EQUAL( mbedtls_lmots_export_public_key( &ctx, exported_pub_key,
exported_pub_key_buf_size,
&exported_pub_key_size ), 0 );
TEST_EQUAL( exported_pub_key_buf_size, exported_pub_key_size );
ASSERT_COMPARE( pub_key->x, MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8),
exported_pub_key, MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) );
mbedtls_free(exported_pub_key);
exported_pub_key = NULL;
/* Export into too-small buffer should fail */
exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) - 1;
ASSERT_ALLOC( exported_pub_key, exported_pub_key_buf_size);
TEST_EQUAL( mbedtls_lmots_export_public_key( &ctx, exported_pub_key,
exported_pub_key_buf_size, NULL ),
MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL );
mbedtls_free(exported_pub_key);
exported_pub_key = NULL;
}
exit:
mbedtls_lmots_public_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
void lmots_reuse_test ( data_t *msg, data_t *key_id, int leaf_id, data_t *seed )
{
mbedtls_lmots_private_t ctx;
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_private_init( &ctx );
TEST_EQUAL( mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len ), 0 );
TEST_EQUAL( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
msg->x, msg->len, sig, sizeof( sig ), NULL ), 0 );
/* Running another sign operation should fail, since the key should now have
* been erased.
*/
TEST_EQUAL( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
msg->x, msg->len, sig, sizeof( sig ), NULL ), MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
exit:
mbedtls_lmots_private_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
void lmots_signature_leak_test ( data_t *msg, data_t *key_id, int leaf_id,
data_t *seed )
{
mbedtls_lmots_private_t ctx;
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_sign_private_key_invalidated_hook = &check_lmots_private_key_for_leak;
/* Fill with recognisable pattern */
memset( sig, 0x7E, sizeof( sig ) );
mbedtls_lmots_private_init( &ctx );
TEST_EQUAL( mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len ), 0 );
TEST_EQUAL( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
msg->x, msg->len, sig, sizeof( sig ), NULL ), 0 );
exit:
mbedtls_lmots_private_free( &ctx );
mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
}
/* END_CASE */