9c9027b1a4
NULL-message and LMOTS signature leak tests Signed-off-by: Raef Coles <raef.coles@arm.com>
165 lines
5.7 KiB
C
165 lines
5.7 KiB
C
/* BEGIN_HEADER */
|
|
#include "lmots.h"
|
|
#include "mbedtls/lms.h"
|
|
|
|
#if defined(MBEDTLS_TEST_HOOKS)
|
|
extern int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * );
|
|
|
|
int check_lmots_private_key_for_leak(unsigned char * sig)
|
|
{
|
|
size_t idx;
|
|
|
|
for( idx = MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(MBEDTLS_LMOTS_SHA256_N32_W8);
|
|
idx < MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
|
|
idx++ )
|
|
{
|
|
if( sig[idx] != 0x7E ) {
|
|
while(1){}
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
#endif /* defined(MBEDTLS_TEST_HOOKS) */
|
|
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_LMS_C:MBEDTLS_LMS_PRIVATE:MBEDTLS_PSA_CRYPTO_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void lmots_sign_verify_test ( data_t *msg, data_t *key_id, int leaf_id,
|
|
data_t *seed )
|
|
{
|
|
mbedtls_lmots_public_t pub_ctx;
|
|
mbedtls_lmots_private_t priv_ctx;
|
|
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
|
|
|
|
mbedtls_lmots_init_public( &pub_ctx );
|
|
mbedtls_lmots_init_private( &priv_ctx );
|
|
|
|
TEST_ASSERT( mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
|
|
key_id->x, leaf_id, seed->x, seed->len ) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
|
|
msg->x, msg->len, sig, sizeof(sig), NULL ) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_verify(&pub_ctx, msg->x, msg->len, sig, sizeof(sig)) == 0 );
|
|
|
|
exit:
|
|
mbedtls_lmots_free_public( &pub_ctx );
|
|
mbedtls_lmots_free_private( &priv_ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void lmots_sign_verify_null_msg_test ( data_t *key_id, int leaf_id, data_t *seed )
|
|
{
|
|
mbedtls_lmots_public_t pub_ctx;
|
|
mbedtls_lmots_private_t priv_ctx;
|
|
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
|
|
|
|
mbedtls_lmots_init_public( &pub_ctx );
|
|
mbedtls_lmots_init_private( &priv_ctx );
|
|
|
|
TEST_ASSERT( mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
|
|
key_id->x, leaf_id, seed->x, seed->len ) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
|
|
NULL, 0, sig, sizeof(sig), NULL ) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_verify(&pub_ctx, NULL, 0, sig, sizeof(sig)) == 0 );
|
|
|
|
exit:
|
|
mbedtls_lmots_free_public( &pub_ctx );
|
|
mbedtls_lmots_free_private( &priv_ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void lmots_verify_test ( data_t *msg, data_t *sig, data_t *pub_key,
|
|
int expected_rc )
|
|
{
|
|
mbedtls_lmots_public_t ctx;
|
|
|
|
mbedtls_lmots_init_public( &ctx );
|
|
|
|
mbedtls_lmots_import_public_key( &ctx, pub_key->x, pub_key->len );
|
|
|
|
TEST_ASSERT(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ) == expected_rc );
|
|
|
|
exit:
|
|
mbedtls_lmots_free_public( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void lmots_import_export_test ( data_t * pub_key )
|
|
{
|
|
mbedtls_lmots_public_t ctx;
|
|
uint8_t exported_pub_key[MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
|
|
size_t exported_pub_key_len;
|
|
|
|
mbedtls_lmots_init_public( &ctx );
|
|
TEST_ASSERT( mbedtls_lmots_import_public_key( &ctx, pub_key->x, pub_key->len ) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_export_public_key( &ctx, exported_pub_key,
|
|
sizeof( exported_pub_key ),
|
|
&exported_pub_key_len ) == 0 );
|
|
|
|
ASSERT_COMPARE( pub_key->x, pub_key->len,
|
|
exported_pub_key, exported_pub_key_len );
|
|
|
|
exit:
|
|
mbedtls_lmots_free_public( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void lmots_reuse_test ( data_t *msg, data_t *key_id, int leaf_id, data_t *seed )
|
|
{
|
|
mbedtls_lmots_private_t ctx;
|
|
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
|
|
|
|
mbedtls_lmots_init_private( &ctx );
|
|
TEST_ASSERT( mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
|
|
key_id->x, leaf_id, seed->x,
|
|
seed->len ) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
|
|
msg->x, msg->len, sig, sizeof( sig ), NULL ) == 0 );
|
|
|
|
/* Running another sign operation should fail, since the key should now have
|
|
* been erased.
|
|
*/
|
|
TEST_ASSERT( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
|
|
msg->x, msg->len, sig, sizeof( sig ), NULL ) != 0 );
|
|
|
|
exit:
|
|
mbedtls_lmots_free_private( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
|
|
void lmots_signature_leak_test ( data_t *msg, data_t *key_id, int leaf_id,
|
|
data_t *seed )
|
|
{
|
|
mbedtls_lmots_private_t ctx;
|
|
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
|
|
|
|
mbedtls_lmots_sign_private_key_invalidated_hook = &check_lmots_private_key_for_leak;
|
|
|
|
/* Fill with recognisable pattern */
|
|
memset( sig, 0x7E, sizeof( sig ) );
|
|
|
|
mbedtls_lmots_init_private( &ctx );
|
|
TEST_ASSERT( mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
|
|
key_id->x, leaf_id, seed->x,
|
|
seed->len ) == 0 );
|
|
TEST_ASSERT( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
|
|
msg->x, msg->len, sig, sizeof( sig ), NULL ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_lmots_free_private( &ctx );
|
|
mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
|
|
}
|
|
/* END_CASE */
|