1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/lms.h" 3a8e1175bSopenharmony_ci 4a8e1175bSopenharmony_ci/* END_HEADER */ 5a8e1175bSopenharmony_ci 6a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 7a8e1175bSopenharmony_ci * depends_on:MBEDTLS_LMS_C 8a8e1175bSopenharmony_ci * END_DEPENDENCIES 9a8e1175bSopenharmony_ci */ 10a8e1175bSopenharmony_ci 11a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */ 12a8e1175bSopenharmony_civoid lms_sign_verify_test(data_t *msg, data_t *seed) 13a8e1175bSopenharmony_ci{ 14a8e1175bSopenharmony_ci mbedtls_lms_public_t pub_ctx; 15a8e1175bSopenharmony_ci mbedtls_lms_private_t priv_ctx; 16a8e1175bSopenharmony_ci unsigned char sig[MBEDTLS_LMS_SIG_LEN(MBEDTLS_LMS_SHA256_M32_H10, MBEDTLS_LMOTS_SHA256_N32_W8)]; 17a8e1175bSopenharmony_ci 18a8e1175bSopenharmony_ci mbedtls_lms_public_init(&pub_ctx); 19a8e1175bSopenharmony_ci mbedtls_lms_private_init(&priv_ctx); 20a8e1175bSopenharmony_ci 21a8e1175bSopenharmony_ci /* Allocation failure isn't a test failure, since it likely just means 22a8e1175bSopenharmony_ci * there's not enough memory to run the test. 23a8e1175bSopenharmony_ci */ 24a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_generate_private_key(&priv_ctx, MBEDTLS_LMS_SHA256_M32_H10, 25a8e1175bSopenharmony_ci MBEDTLS_LMOTS_SHA256_N32_W8, 26a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 27a8e1175bSopenharmony_ci seed->x, seed->len), 0); 28a8e1175bSopenharmony_ci 29a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_calculate_public_key(&pub_ctx, &priv_ctx), 0); 30a8e1175bSopenharmony_ci 31a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_sign(&priv_ctx, mbedtls_test_rnd_std_rand, NULL, 32a8e1175bSopenharmony_ci msg->x, msg->len, sig, sizeof(sig), 33a8e1175bSopenharmony_ci NULL), 0); 34a8e1175bSopenharmony_ci 35a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&pub_ctx, msg->x, msg->len, sig, 36a8e1175bSopenharmony_ci sizeof(sig)), 0); 37a8e1175bSopenharmony_ci 38a8e1175bSopenharmony_ciexit: 39a8e1175bSopenharmony_ci mbedtls_lms_public_free(&pub_ctx); 40a8e1175bSopenharmony_ci mbedtls_lms_private_free(&priv_ctx); 41a8e1175bSopenharmony_ci} 42a8e1175bSopenharmony_ci/* END_CASE */ 43a8e1175bSopenharmony_ci 44a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */ 45a8e1175bSopenharmony_civoid lms_sign_verify_null_msg_test(data_t *seed) 46a8e1175bSopenharmony_ci{ 47a8e1175bSopenharmony_ci mbedtls_lms_public_t pub_ctx; 48a8e1175bSopenharmony_ci mbedtls_lms_private_t priv_ctx; 49a8e1175bSopenharmony_ci unsigned char sig[MBEDTLS_LMS_SIG_LEN(MBEDTLS_LMS_SHA256_M32_H10, MBEDTLS_LMOTS_SHA256_N32_W8)]; 50a8e1175bSopenharmony_ci 51a8e1175bSopenharmony_ci mbedtls_lms_public_init(&pub_ctx); 52a8e1175bSopenharmony_ci mbedtls_lms_private_init(&priv_ctx); 53a8e1175bSopenharmony_ci 54a8e1175bSopenharmony_ci /* Allocation failure isn't a test failure, since it likely just means 55a8e1175bSopenharmony_ci * there's not enough memory to run the test. 56a8e1175bSopenharmony_ci */ 57a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_generate_private_key(&priv_ctx, MBEDTLS_LMS_SHA256_M32_H10, 58a8e1175bSopenharmony_ci MBEDTLS_LMOTS_SHA256_N32_W8, 59a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 60a8e1175bSopenharmony_ci seed->x, seed->len), 0); 61a8e1175bSopenharmony_ci 62a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_calculate_public_key(&pub_ctx, &priv_ctx), 0); 63a8e1175bSopenharmony_ci 64a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_sign(&priv_ctx, mbedtls_test_rnd_std_rand, NULL, 65a8e1175bSopenharmony_ci NULL, 0, sig, sizeof(sig), 66a8e1175bSopenharmony_ci NULL), 0); 67a8e1175bSopenharmony_ci 68a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&pub_ctx, NULL, 0, sig, 69a8e1175bSopenharmony_ci sizeof(sig)), 0); 70a8e1175bSopenharmony_ci 71a8e1175bSopenharmony_ciexit: 72a8e1175bSopenharmony_ci mbedtls_lms_public_free(&pub_ctx); 73a8e1175bSopenharmony_ci mbedtls_lms_private_free(&priv_ctx); 74a8e1175bSopenharmony_ci} 75a8e1175bSopenharmony_ci/* END_CASE */ 76a8e1175bSopenharmony_ci 77a8e1175bSopenharmony_ci/* BEGIN_CASE */ 78a8e1175bSopenharmony_civoid lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key, 79a8e1175bSopenharmony_ci int expected_rc) 80a8e1175bSopenharmony_ci{ 81a8e1175bSopenharmony_ci mbedtls_lms_public_t ctx; 82a8e1175bSopenharmony_ci unsigned int size; 83a8e1175bSopenharmony_ci unsigned char *tmp_sig = NULL; 84a8e1175bSopenharmony_ci 85a8e1175bSopenharmony_ci mbedtls_lms_public_init(&ctx); 86a8e1175bSopenharmony_ci 87a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0); 88a8e1175bSopenharmony_ci 89a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len), expected_rc); 90a8e1175bSopenharmony_ci 91a8e1175bSopenharmony_ci /* Test negative cases if the input data is valid */ 92a8e1175bSopenharmony_ci if (expected_rc == 0) { 93a8e1175bSopenharmony_ci if (msg->len >= 1) { 94a8e1175bSopenharmony_ci /* Altering first message byte must cause verification failure */ 95a8e1175bSopenharmony_ci msg->x[0] ^= 1; 96a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len), 97a8e1175bSopenharmony_ci MBEDTLS_ERR_LMS_VERIFY_FAILED); 98a8e1175bSopenharmony_ci msg->x[0] ^= 1; 99a8e1175bSopenharmony_ci 100a8e1175bSopenharmony_ci /* Altering last message byte must cause verification failure */ 101a8e1175bSopenharmony_ci msg->x[msg->len - 1] ^= 1; 102a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len), 103a8e1175bSopenharmony_ci MBEDTLS_ERR_LMS_VERIFY_FAILED); 104a8e1175bSopenharmony_ci msg->x[msg->len - 1] ^= 1; 105a8e1175bSopenharmony_ci } 106a8e1175bSopenharmony_ci 107a8e1175bSopenharmony_ci if (sig->len >= 1) { 108a8e1175bSopenharmony_ci /* Altering first signature byte must cause verification failure */ 109a8e1175bSopenharmony_ci sig->x[0] ^= 1; 110a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len), 111a8e1175bSopenharmony_ci MBEDTLS_ERR_LMS_VERIFY_FAILED); 112a8e1175bSopenharmony_ci sig->x[0] ^= 1; 113a8e1175bSopenharmony_ci 114a8e1175bSopenharmony_ci /* Altering last signature byte must cause verification failure */ 115a8e1175bSopenharmony_ci sig->x[sig->len - 1] ^= 1; 116a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len), 117a8e1175bSopenharmony_ci MBEDTLS_ERR_LMS_VERIFY_FAILED); 118a8e1175bSopenharmony_ci sig->x[sig->len - 1] ^= 1; 119a8e1175bSopenharmony_ci } 120a8e1175bSopenharmony_ci 121a8e1175bSopenharmony_ci /* Signatures of all sizes must not verify, whether shorter or longer */ 122a8e1175bSopenharmony_ci for (size = 0; size < sig->len; size++) { 123a8e1175bSopenharmony_ci if (size == sig->len) { 124a8e1175bSopenharmony_ci continue; 125a8e1175bSopenharmony_ci } 126a8e1175bSopenharmony_ci 127a8e1175bSopenharmony_ci TEST_CALLOC(tmp_sig, size); 128a8e1175bSopenharmony_ci if (tmp_sig != NULL) { 129a8e1175bSopenharmony_ci memcpy(tmp_sig, sig->x, MIN(size, sig->len)); 130a8e1175bSopenharmony_ci } 131a8e1175bSopenharmony_ci 132a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, tmp_sig, size), 133a8e1175bSopenharmony_ci MBEDTLS_ERR_LMS_VERIFY_FAILED); 134a8e1175bSopenharmony_ci mbedtls_free(tmp_sig); 135a8e1175bSopenharmony_ci tmp_sig = NULL; 136a8e1175bSopenharmony_ci } 137a8e1175bSopenharmony_ci } 138a8e1175bSopenharmony_ci 139a8e1175bSopenharmony_ciexit: 140a8e1175bSopenharmony_ci mbedtls_free(tmp_sig); 141a8e1175bSopenharmony_ci mbedtls_lms_public_free(&ctx); 142a8e1175bSopenharmony_ci} 143a8e1175bSopenharmony_ci/* END_CASE */ 144a8e1175bSopenharmony_ci 145a8e1175bSopenharmony_ci/* BEGIN_CASE */ 146a8e1175bSopenharmony_civoid lms_import_export_test(data_t *pub_key, int expected_import_rc) 147a8e1175bSopenharmony_ci{ 148a8e1175bSopenharmony_ci mbedtls_lms_public_t ctx; 149a8e1175bSopenharmony_ci size_t exported_pub_key_buf_size = 0; 150a8e1175bSopenharmony_ci size_t exported_pub_key_size = 0; 151a8e1175bSopenharmony_ci unsigned char *exported_pub_key = NULL; 152a8e1175bSopenharmony_ci 153a8e1175bSopenharmony_ci mbedtls_lms_public_init(&ctx); 154a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 155a8e1175bSopenharmony_ci expected_import_rc); 156a8e1175bSopenharmony_ci 157a8e1175bSopenharmony_ci if (expected_import_rc == 0) { 158a8e1175bSopenharmony_ci exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10); 159a8e1175bSopenharmony_ci TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); 160a8e1175bSopenharmony_ci 161a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, 162a8e1175bSopenharmony_ci exported_pub_key_buf_size, 163a8e1175bSopenharmony_ci &exported_pub_key_size), 0); 164a8e1175bSopenharmony_ci 165a8e1175bSopenharmony_ci TEST_EQUAL(exported_pub_key_size, 166a8e1175bSopenharmony_ci MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10)); 167a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, 168a8e1175bSopenharmony_ci exported_pub_key, exported_pub_key_size); 169a8e1175bSopenharmony_ci mbedtls_free(exported_pub_key); 170a8e1175bSopenharmony_ci exported_pub_key = NULL; 171a8e1175bSopenharmony_ci 172a8e1175bSopenharmony_ci /* Export into too-small buffer should fail */ 173a8e1175bSopenharmony_ci exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) - 1; 174a8e1175bSopenharmony_ci TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); 175a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, 176a8e1175bSopenharmony_ci exported_pub_key_buf_size, NULL), 177a8e1175bSopenharmony_ci MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL); 178a8e1175bSopenharmony_ci mbedtls_free(exported_pub_key); 179a8e1175bSopenharmony_ci exported_pub_key = NULL; 180a8e1175bSopenharmony_ci 181a8e1175bSopenharmony_ci /* Export into too-large buffer should succeed */ 182a8e1175bSopenharmony_ci exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) + 1; 183a8e1175bSopenharmony_ci TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size); 184a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key, 185a8e1175bSopenharmony_ci exported_pub_key_buf_size, 186a8e1175bSopenharmony_ci &exported_pub_key_size), 187a8e1175bSopenharmony_ci 0); 188a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(pub_key->x, pub_key->len, 189a8e1175bSopenharmony_ci exported_pub_key, exported_pub_key_size); 190a8e1175bSopenharmony_ci mbedtls_free(exported_pub_key); 191a8e1175bSopenharmony_ci exported_pub_key = NULL; 192a8e1175bSopenharmony_ci } 193a8e1175bSopenharmony_ci 194a8e1175bSopenharmony_ciexit: 195a8e1175bSopenharmony_ci mbedtls_free(exported_pub_key); 196a8e1175bSopenharmony_ci mbedtls_lms_public_free(&ctx); 197a8e1175bSopenharmony_ci} 198a8e1175bSopenharmony_ci/* END_CASE */ 199