test_suite_lmots.function - quickjs-tart - quickjs-based runtime for wallet-core logic

test_suite_lmots.function (9387B)
      1 /* BEGIN_HEADER */
      2 #include "lmots.h"
      3 #include "mbedtls/lms.h"
      4 
      5 #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_LMS_PRIVATE)
      6 static int check_lmots_private_key_for_leak(unsigned char *sig)
      7 {
      8     size_t idx;
      9 
     10     for (idx = MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(MBEDTLS_LMOTS_SHA256_N32_W8);
     11          idx < MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
     12          idx++) {
     13         TEST_EQUAL(sig[idx], 0x7E);
     14     }
     15 
     16     return 0;
     17 
     18 exit:
     19     return -1;
     20 }
     21 #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_LMS_PRIVATE */
     22 
     23 /* END_HEADER */
     24 
     25 /* BEGIN_DEPENDENCIES
     26  * depends_on:MBEDTLS_LMS_C
     27  * END_DEPENDENCIES
     28  */
     29 
     30 /* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
     31 void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id,
     32                             data_t *seed)
     33 {
     34     mbedtls_lmots_public_t pub_ctx;
     35     mbedtls_lmots_private_t priv_ctx;
     36     unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
     37 
     38     mbedtls_lmots_public_init(&pub_ctx);
     39     mbedtls_lmots_private_init(&priv_ctx);
     40 
     41     TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
     42                                                   key_id->x, leaf_id, seed->x, seed->len), 0);
     43     TEST_EQUAL(mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx), 0);
     44     TEST_EQUAL(mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
     45                                   msg->x, msg->len, sig, sizeof(sig), NULL), 0);
     46     TEST_EQUAL(mbedtls_lmots_verify(&pub_ctx, msg->x, msg->len, sig, sizeof(sig)), 0);
     47 
     48 exit:
     49     mbedtls_lmots_public_free(&pub_ctx);
     50     mbedtls_lmots_private_free(&priv_ctx);
     51 }
     52 /* END_CASE */
     53 
     54 /* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
     55 void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed)
     56 {
     57     mbedtls_lmots_public_t pub_ctx;
     58     mbedtls_lmots_private_t priv_ctx;
     59     unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
     60 
     61     mbedtls_lmots_public_init(&pub_ctx);
     62     mbedtls_lmots_private_init(&priv_ctx);
     63 
     64     TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
     65                                                   key_id->x, leaf_id, seed->x, seed->len), 0);
     66     TEST_EQUAL(mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx), 0);
     67     TEST_EQUAL(mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
     68                                   NULL, 0, sig, sizeof(sig), NULL), 0);
     69     TEST_EQUAL(mbedtls_lmots_verify(&pub_ctx, NULL, 0, sig, sizeof(sig)), 0);
     70 
     71 exit:
     72     mbedtls_lmots_public_free(&pub_ctx);
     73     mbedtls_lmots_private_free(&priv_ctx);
     74 }
     75 /* END_CASE */
     76 
     77 /* BEGIN_CASE */
     78 void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
     79                        int expected_rc)
     80 {
     81     mbedtls_lmots_public_t ctx;
     82     unsigned int size;
     83     unsigned char *tmp_sig = NULL;
     84 
     85     mbedtls_lmots_public_init(&ctx);
     86 
     87     TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
     88 
     89     TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len), expected_rc);
     90 
     91     /* Test negative cases if the input data is valid */
     92     if (expected_rc == 0) {
     93         if (msg->len >= 1) {
     94             /* Altering first message byte must cause verification failure */
     95             msg->x[0] ^= 1;
     96             TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
     97                        MBEDTLS_ERR_LMS_VERIFY_FAILED);
     98             msg->x[0] ^= 1;
     99 
    100             /* Altering last message byte must cause verification failure */
    101             msg->x[msg->len - 1] ^= 1;
    102             TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
    103                        MBEDTLS_ERR_LMS_VERIFY_FAILED);
    104             msg->x[msg->len - 1] ^= 1;
    105         }
    106 
    107         /* Altering first signature byte must cause verification failure */
    108         sig->x[0] ^= 1;
    109         TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
    110                    MBEDTLS_ERR_LMS_VERIFY_FAILED);
    111         sig->x[0] ^= 1;
    112 
    113         /* Altering last signature byte must cause verification failure */
    114         sig->x[sig->len - 1] ^= 1;
    115         TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
    116                    MBEDTLS_ERR_LMS_VERIFY_FAILED);
    117         sig->x[sig->len - 1] ^= 1;
    118 
    119         /* Signatures of all sizes must not verify, whether shorter or longer */
    120         for (size = 0; size < sig->len; size++) {
    121             if (size == sig->len) {
    122                 continue;
    123             }
    124 
    125             TEST_CALLOC(tmp_sig, size);
    126             if (tmp_sig != NULL) {
    127                 memcpy(tmp_sig, sig->x, MIN(size, sig->len));
    128             }
    129 
    130             TEST_EQUAL(mbedtls_lmots_verify(&ctx, msg->x, msg->len, tmp_sig, size),
    131                        MBEDTLS_ERR_LMS_VERIFY_FAILED);
    132             mbedtls_free(tmp_sig);
    133             tmp_sig = NULL;
    134         }
    135     }
    136 
    137 exit:
    138     mbedtls_free(tmp_sig);
    139     mbedtls_lmots_public_free(&ctx);
    140 }
    141 /* END_CASE */
    142 
    143 /* BEGIN_CASE */
    144 void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
    145 {
    146     mbedtls_lmots_public_t ctx;
    147     unsigned char *exported_pub_key = NULL;
    148     size_t exported_pub_key_buf_size;
    149     size_t exported_pub_key_size;
    150 
    151     mbedtls_lmots_public_init(&ctx);
    152     TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len),
    153                expected_import_rc);
    154 
    155     if (expected_import_rc == 0) {
    156         exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
    157         TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
    158 
    159         TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
    160                                                    exported_pub_key_buf_size,
    161                                                    &exported_pub_key_size), 0);
    162 
    163         TEST_EQUAL(exported_pub_key_size,
    164                    MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8));
    165         TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
    166                             exported_pub_key, exported_pub_key_size);
    167         mbedtls_free(exported_pub_key);
    168         exported_pub_key = NULL;
    169 
    170         /* Export into too-small buffer should fail */
    171         exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) - 1;
    172         TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
    173         TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
    174                                                    exported_pub_key_buf_size, NULL),
    175                    MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL);
    176         mbedtls_free(exported_pub_key);
    177         exported_pub_key = NULL;
    178 
    179         /* Export into too-large buffer should succeed */
    180         exported_pub_key_buf_size = MBEDTLS_LMOTS_PUBLIC_KEY_LEN(MBEDTLS_LMOTS_SHA256_N32_W8) + 1;
    181         TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
    182         TEST_EQUAL(mbedtls_lmots_export_public_key(&ctx, exported_pub_key,
    183                                                    exported_pub_key_buf_size,
    184                                                    &exported_pub_key_size),
    185                    0);
    186         TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
    187                             exported_pub_key, exported_pub_key_size);
    188         mbedtls_free(exported_pub_key);
    189         exported_pub_key = NULL;
    190     }
    191 
    192 exit:
    193     mbedtls_lmots_public_free(&ctx);
    194     mbedtls_free(exported_pub_key);
    195 }
    196 /* END_CASE */
    197 
    198 /* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
    199 void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed)
    200 {
    201     mbedtls_lmots_private_t ctx;
    202     unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
    203 
    204     mbedtls_lmots_private_init(&ctx);
    205     TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
    206                                                   key_id->x, leaf_id, seed->x,
    207                                                   seed->len), 0);
    208     TEST_EQUAL(mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
    209                                   msg->x, msg->len, sig, sizeof(sig), NULL), 0);
    210 
    211     /* Running another sign operation should fail, since the key should now have
    212      * been erased.
    213      */
    214     TEST_EQUAL(mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
    215                                   msg->x, msg->len, sig, sizeof(sig), NULL),
    216                MBEDTLS_ERR_LMS_BAD_INPUT_DATA);
    217 
    218 exit:
    219     mbedtls_lmots_private_free(&ctx);
    220 }
    221 /* END_CASE */
    222 
    223 /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_LMS_PRIVATE */
    224 void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id,
    225                                data_t *seed)
    226 {
    227     mbedtls_lmots_private_t ctx;
    228     unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
    229 
    230     mbedtls_lmots_sign_private_key_invalidated_hook = &check_lmots_private_key_for_leak;
    231 
    232     /* Fill with recognisable pattern */
    233     memset(sig, 0x7E, sizeof(sig));
    234 
    235     mbedtls_lmots_private_init(&ctx);
    236     TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
    237                                                   key_id->x, leaf_id, seed->x,
    238                                                   seed->len), 0);
    239     TEST_EQUAL(mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
    240                                   msg->x, msg->len, sig, sizeof(sig), NULL), 0);
    241 
    242 exit:
    243     mbedtls_lmots_private_free(&ctx);
    244     mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
    245 }
    246 /* END_CASE */
	quickjs-tart quickjs-based runtime for wallet-core logic
	Log \| Files \| Refs \| README \| LICENSE