Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0344c602eadc0802776b65ff90f0a02c856cf53c / . / tests / suites / test_suite_lmots.function
blob: 293287aab9aead45cf474e62834b50fcb5394253 [file] [log] [blame]
Tom Rini0344c602024-10-08 13:56:50 -0600[diff] [blame^]1/* BEGIN_HEADER */
2#include "lmots.h"
3#include "mbedtls/lms.h"
4
5#if defined(MBEDTLS_TEST_HOOKS)
6int check_lmots_private_key_for_leak(unsigned char *sig)
7{
8 size_t idx;
9
10 for (idx = MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(MBEDTLS_LMOTS_SHA256_N32_W8);
11 idx < MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
12 idx++) {
13 TEST_EQUAL(sig[idx], 0x7E);
14 }
15
16 return 0;
17
18exit:
19 return -1;
20}
21#endif /* defined(MBEDTLS_TEST_HOOKS) */
22
23/* END_HEADER */
24
25/* BEGIN_DEPENDENCIES
26 * depends_on:MBEDTLS_LMS_C
27 * END_DEPENDENCIES
28 */
29
30/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
31void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id,
32 data_t *seed)
33{
34 mbedtls_lmots_public_t pub_ctx;
35 mbedtls_lmots_private_t priv_ctx;
36 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
37
38 mbedtls_lmots_public_init(&pub_ctx);
39 mbedtls_lmots_private_init(&priv_ctx);
40
41 TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
42 key_id->x, leaf_id, seed->x, seed->len), 0);
43 TEST_EQUAL(mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx), 0);
44 TEST_EQUAL(mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
45 msg->x, msg->len, sig, sizeof(sig), NULL), 0);
46 TEST_EQUAL(mbedtls_lmots_verify(&pub_ctx, msg->x, msg->len, sig, sizeof(sig)), 0);
47
48exit:
49 mbedtls_lmots_public_free(&pub_ctx);
50 mbedtls_lmots_private_free(&priv_ctx);
51}
52/* END_CASE */
53
54/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
55void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed)
56{
57 mbedtls_lmots_public_t pub_ctx;
58 mbedtls_lmots_private_t priv_ctx;
59 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
60
61 mbedtls_lmots_public_init(&pub_ctx);
62 mbedtls_lmots_private_init(&priv_ctx);
63
64 TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
65 key_id->x, leaf_id, seed->x, seed->len), 0);
66 TEST_EQUAL(mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx), 0);
67 TEST_EQUAL(mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
68 NULL, 0, sig, sizeof(sig), NULL), 0);
69 TEST_EQUAL(mbedtls_lmots_verify(&pub_ctx, NULL, 0, sig, sizeof(sig)), 0);
70
71exit:
72 mbedtls_lmots_public_free(&pub_ctx);
73 mbedtls_lmots_private_free(&priv_ctx);
74}
75/* END_CASE */
76
77/* BEGIN_CASE */
78void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
79 int expected_rc)
80{
81 mbedtls_lmots_public_t ctx;
82 unsigned int size;
83 unsigned char *tmp_sig = NULL;
84
85 mbedtls_lmots_public_init(&ctx);
86
87 TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
88
89 TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len), expected_rc);
90
91 /* Test negative cases if the input data is valid */
92 if (expected_rc == 0) {
93 if (msg->len >= 1) {
94 /* Altering first message byte must cause verification failure */
95 msg->x[0] ^= 1;
96 TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
97 MBEDTLS_ERR_LMS_VERIFY_FAILED);
98 msg->x[0] ^= 1;
99
100 /* Altering last message byte must cause verification failure */
101 msg->x[msg->len - 1] ^= 1;
102 TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
103 MBEDTLS_ERR_LMS_VERIFY_FAILED);
104 msg->x[msg->len - 1] ^= 1;
105 }
106
107 /* Altering first signature byte must cause verification failure */
108 sig->x[0] ^= 1;
109 TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
110 MBEDTLS_ERR_LMS_VERIFY_FAILED);
111 sig->x[0] ^= 1;
112
113 /* Altering last signature byte must cause verification failure */
114 sig->x[sig->len - 1] ^= 1;
115 TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
116 MBEDTLS_ERR_LMS_VERIFY_FAILED);
117 sig->x[sig->len - 1] ^= 1;
118
119 /* Signatures of all sizes must not verify, whether shorter or longer */
120 for (size = 0; size < sig->len; size++) {
121 if (size == sig->len) {
122 continue;
123 }
124
125 TEST_CALLOC(tmp_sig, size);
126 if (tmp_sig != NULL) {
127 memcpy(tmp_sig, sig->x, MIN(size, sig->len));
128 }
129
130 TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, tmp_sig, size),
131 MBEDTLS_ERR_LMS_VERIFY_FAILED);
132 mbedtls_free(tmp_sig);
133 tmp_sig = NULL;
134 }
135 }
136
137exit:
138 mbedtls_free(tmp_sig);
139 mbedtls_lmots_public_free(&ctx);
140}
141/* END_CASE */
142
143/* BEGIN_CASE */
144void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
145{
146 mbedtls_lmots_public_t ctx;
147 unsigned char *exported_pub_key = NULL;
148 size_t exported_pub_key_buf_size;
149 size_t exported_pub_key_size;
150
151 mbedtls_lmots_public_init(&ctx);
152 TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len),
153 expected_import_rc);
154
155 if (expected_import_rc == 0) {
156 exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
157 TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
158
159 TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
160 exported_pub_key_buf_size,
161 &exported_pub_key_size), 0);
162
163 TEST_EQUAL(exported_pub_key_size,
164 MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8));
165 TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
166 exported_pub_key, exported_pub_key_size);
167 mbedtls_free(exported_pub_key);
168 exported_pub_key = NULL;
169
170 /* Export into too-small buffer should fail */
171 exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) - 1;
172 TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
173 TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
174 exported_pub_key_buf_size, NULL),
175 MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL);
176 mbedtls_free(exported_pub_key);
177 exported_pub_key = NULL;
178
179 /* Export into too-large buffer should succeed */
180 exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) + 1;
181 TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
182 TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
183 exported_pub_key_buf_size,
184 &exported_pub_key_size),
185 0);
186 TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
187 exported_pub_key, exported_pub_key_size);
188 mbedtls_free(exported_pub_key);
189 exported_pub_key = NULL;
190 }
191
192exit:
193 mbedtls_lmots_public_free(&ctx);
194 mbedtls_free(exported_pub_key);
195}
196/* END_CASE */
197
198/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
199void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed)
200{
201 mbedtls_lmots_private_t ctx;
202 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
203
204 mbedtls_lmots_private_init(&ctx);
205 TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
206 key_id->x, leaf_id, seed->x,
207 seed->len), 0);
208 TEST_EQUAL(mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
209 msg->x, msg->len, sig, sizeof(sig), NULL), 0);
210
211 /* Running another sign operation should fail, since the key should now have
212 * been erased.
213 */
214 TEST_EQUAL(mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
215 msg->x, msg->len, sig, sizeof(sig), NULL),
216 MBEDTLS_ERR_LMS_BAD_INPUT_DATA);
217
218exit:
219 mbedtls_lmots_private_free(&ctx);
220}
221/* END_CASE */
222
223/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_LMS_PRIVATE */
224void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id,
225 data_t *seed)
226{
227 mbedtls_lmots_private_t ctx;
228 unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
229
230 mbedtls_lmots_sign_private_key_invalidated_hook = &check_lmots_private_key_for_leak;
231
232 /* Fill with recognisable pattern */
233 memset(sig, 0x7E, sizeof(sig));
234
235 mbedtls_lmots_private_init(&ctx);
236 TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
237 key_id->x, leaf_id, seed->x,
238 seed->len), 0);
239 TEST_EQUAL(mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
240 msg->x, msg->len, sig, sizeof(sig), NULL), 0);
241
242exit:
243 mbedtls_lmots_private_free(&ctx);
244 mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
245}
246/* END_CASE */