TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4829459c9067bf924aae9a0049a8534eaaf1f92b / . / tests / suites / test_suite_lmots.function
blob: 1b8315c1769055df5618f07aa01d6f439ce54743 [file] [log] [blame]
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]1/* BEGIN_HEADER */
Raef Coles7dce69a2022-08-24 14:07:06 +0100[diff] [blame]2#include "lmots.h"
3#include "mbedtls/lms.h"
4
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]5#if defined(MBEDTLS_TEST_HOOKS)
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]6int check_lmots_private_key_for_leak(unsigned char * sig)
7{
8 size_t idx;
9
10 for( idx = MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(MBEDTLS_LMOTS_SHA256_N32_W8);
11 idx < MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
12 idx++ )
13 {
14 if( sig[idx] != 0x7E ) {
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]15 return 1;
16 }
17 }
18
19 return 0;
20}
21#endif /* defined(MBEDTLS_TEST_HOOKS) */
22
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]23/* END_HEADER */
24
25/* BEGIN_DEPENDENCIES
Raef Coles5127e852022-10-07 10:35:56 +0100[diff] [blame]26 * depends_on:MBEDTLS_LMS_C
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]27 * END_DEPENDENCIES
28 */
29
Raef Coles5127e852022-10-07 10:35:56 +0100[diff] [blame]30/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]31void lmots_sign_verify_test ( data_t *msg, data_t *key_id, int leaf_id,
32 data_t *seed )
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]33{
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]34 mbedtls_lmots_public_t pub_ctx;
35 mbedtls_lmots_private_t priv_ctx;
Raef Colese9479a02022-09-01 16:06:35 +0100[diff] [blame]36 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]37
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]38 mbedtls_lmots_public_init( &pub_ctx );
39 mbedtls_lmots_private_init( &priv_ctx );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]40
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]41 TEST_ASSERT( mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]42 key_id->x, leaf_id, seed->x, seed->len ) == 0 );
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]43 TEST_ASSERT( mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx) == 0 );
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]44 TEST_ASSERT( mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]45 msg->x, msg->len, sig, sizeof(sig), NULL ) == 0 );
46 TEST_ASSERT( mbedtls_lmots_verify(&pub_ctx, msg->x, msg->len, sig, sizeof(sig)) == 0 );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]47
48exit:
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]49 mbedtls_lmots_public_free( &pub_ctx );
50 mbedtls_lmots_private_free( &priv_ctx );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]51}
52/* END_CASE */
53
Raef Coles5127e852022-10-07 10:35:56 +0100[diff] [blame]54/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]55void lmots_sign_verify_null_msg_test ( data_t *key_id, int leaf_id, data_t *seed )
56{
57 mbedtls_lmots_public_t pub_ctx;
58 mbedtls_lmots_private_t priv_ctx;
59 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
60
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]61 mbedtls_lmots_public_init( &pub_ctx );
62 mbedtls_lmots_private_init( &priv_ctx );
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]63
64 TEST_ASSERT( mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
65 key_id->x, leaf_id, seed->x, seed->len ) == 0 );
66 TEST_ASSERT( mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx) == 0 );
67 TEST_ASSERT( mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
68 NULL, 0, sig, sizeof(sig), NULL ) == 0 );
69 TEST_ASSERT( mbedtls_lmots_verify(&pub_ctx, NULL, 0, sig, sizeof(sig)) == 0 );
70
71exit:
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]72 mbedtls_lmots_public_free( &pub_ctx );
73 mbedtls_lmots_private_free( &priv_ctx );
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]74}
75/* END_CASE */
76
77/* BEGIN_CASE */
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]78void lmots_verify_test ( data_t *msg, data_t *sig, data_t *pub_key,
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]79 int expected_rc )
80{
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]81 mbedtls_lmots_public_t ctx;
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]82
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]83 mbedtls_lmots_public_init( &ctx );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]84
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]85 mbedtls_lmots_import_public_key( &ctx, pub_key->x, pub_key->len );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]86
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]87 TEST_ASSERT(mbedtls_lmots_verify( &ctx, msg->x, msg->len, sig->x, sig->len ) == expected_rc );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]88
89exit:
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]90 mbedtls_lmots_public_free( &ctx );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]91}
92/* END_CASE */
93
Raef Coles370cc432022-10-07 16:07:33 +0100[diff] [blame]94/* BEGIN_CASE */
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]95void lmots_import_export_test ( data_t * pub_key )
96{
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]97 mbedtls_lmots_public_t ctx;
Raef Colese9479a02022-09-01 16:06:35 +0100[diff] [blame]98 uint8_t exported_pub_key[MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]99 size_t exported_pub_key_len;
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]100
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]101 mbedtls_lmots_public_init( &ctx );
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]102 TEST_ASSERT( mbedtls_lmots_import_public_key( &ctx, pub_key->x, pub_key->len ) == 0 );
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]103 TEST_ASSERT( mbedtls_lmots_export_public_key( &ctx, exported_pub_key,
104 sizeof( exported_pub_key ),
105 &exported_pub_key_len ) == 0 );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]106
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]107 ASSERT_COMPARE( pub_key->x, pub_key->len,
108 exported_pub_key, exported_pub_key_len );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]109
110exit:
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]111 mbedtls_lmots_public_free( &ctx );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]112}
113/* END_CASE */
114
Raef Coles5127e852022-10-07 10:35:56 +0100[diff] [blame]115/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]116void lmots_reuse_test ( data_t *msg, data_t *key_id, int leaf_id, data_t *seed )
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]117{
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]118 mbedtls_lmots_private_t ctx;
Raef Colese9479a02022-09-01 16:06:35 +0100[diff] [blame]119 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]120
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]121 mbedtls_lmots_private_init( &ctx );
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]122 TEST_ASSERT( mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]123 key_id->x, leaf_id, seed->x,
124 seed->len ) == 0 );
125 TEST_ASSERT( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]126 msg->x, msg->len, sig, sizeof( sig ), NULL ) == 0 );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]127
128 /* Running another sign operation should fail, since the key should now have
129 * been erased.
130 */
Raef Colesf5919e22022-09-02 16:05:10 +0100[diff] [blame]131 TEST_ASSERT( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
Raef Coles01c71a12022-08-31 15:55:00 +0100[diff] [blame]132 msg->x, msg->len, sig, sizeof( sig ), NULL ) != 0 );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]133
134exit:
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]135 mbedtls_lmots_private_free( &ctx );
Raef Coles8ff6df52021-07-21 12:42:15 +0100[diff] [blame]136}
137/* END_CASE */
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]138
139/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
140void lmots_signature_leak_test ( data_t *msg, data_t *key_id, int leaf_id,
141 data_t *seed )
142{
143 mbedtls_lmots_private_t ctx;
144 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
145
146 mbedtls_lmots_sign_private_key_invalidated_hook = &check_lmots_private_key_for_leak;
147
148 /* Fill with recognisable pattern */
149 memset( sig, 0x7E, sizeof( sig ) );
150
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]151 mbedtls_lmots_private_init( &ctx );
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]152 TEST_ASSERT( mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
153 key_id->x, leaf_id, seed->x,
154 seed->len ) == 0 );
155 TEST_ASSERT( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
156 msg->x, msg->len, sig, sizeof( sig ), NULL ) == 0 );
157
158exit:
Raef Colesbe3bdd82022-10-07 12:04:24 +0100[diff] [blame]159 mbedtls_lmots_private_free( &ctx );
Raef Coles9c9027b2022-09-02 18:26:31 +0100[diff] [blame]160 mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
161}
162/* END_CASE */