xref: /aosp_15_r20/external/mbedtls/tests/suites/test_suite_lms.function (revision 62c56f9862f102b96d72393aff6076c951fb8148) 
1/* BEGIN_HEADER */
2#include "mbedtls/lms.h"
3
4/* END_HEADER */
5
6/* BEGIN_DEPENDENCIES
7 * depends_on:MBEDTLS_LMS_C
8 * END_DEPENDENCIES
9 */
10
11/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
12void lms_sign_verify_test(data_t *msg, data_t *seed)
13{
14    mbedtls_lms_public_t pub_ctx;
15    mbedtls_lms_private_t priv_ctx;
16    unsigned char sig[MBEDTLS_LMS_SIG_LEN(MBEDTLS_LMS_SHA256_M32_H10, MBEDTLS_LMOTS_SHA256_N32_W8)];
17
18    mbedtls_lms_public_init(&pub_ctx);
19    mbedtls_lms_private_init(&priv_ctx);
20
21    /* Allocation failure isn't a test failure, since it likely just means
22     * there's not enough memory to run the test.
23     */
24    TEST_EQUAL(mbedtls_lms_generate_private_key(&priv_ctx, MBEDTLS_LMS_SHA256_M32_H10,
25                                                MBEDTLS_LMOTS_SHA256_N32_W8,
26                                                mbedtls_test_rnd_std_rand, NULL,
27                                                seed->x, seed->len), 0);
28
29    TEST_EQUAL(mbedtls_lms_calculate_public_key(&pub_ctx, &priv_ctx), 0);
30
31    TEST_EQUAL(mbedtls_lms_sign(&priv_ctx, mbedtls_test_rnd_std_rand, NULL,
32                                msg->x, msg->len, sig, sizeof(sig),
33                                NULL), 0);
34
35    TEST_EQUAL(mbedtls_lms_verify(&pub_ctx, msg->x, msg->len, sig,
36                                  sizeof(sig)), 0);
37
38exit:
39    mbedtls_lms_public_free(&pub_ctx);
40    mbedtls_lms_private_free(&priv_ctx);
41}
42/* END_CASE */
43
44/* BEGIN_CASE depends_on:MBEDTLS_LMS_PRIVATE */
45void lms_sign_verify_null_msg_test(data_t *seed)
46{
47    mbedtls_lms_public_t pub_ctx;
48    mbedtls_lms_private_t priv_ctx;
49    unsigned char sig[MBEDTLS_LMS_SIG_LEN(MBEDTLS_LMS_SHA256_M32_H10, MBEDTLS_LMOTS_SHA256_N32_W8)];
50
51    mbedtls_lms_public_init(&pub_ctx);
52    mbedtls_lms_private_init(&priv_ctx);
53
54    /* Allocation failure isn't a test failure, since it likely just means
55     * there's not enough memory to run the test.
56     */
57    TEST_EQUAL(mbedtls_lms_generate_private_key(&priv_ctx, MBEDTLS_LMS_SHA256_M32_H10,
58                                                MBEDTLS_LMOTS_SHA256_N32_W8,
59                                                mbedtls_test_rnd_std_rand, NULL,
60                                                seed->x, seed->len), 0);
61
62    TEST_EQUAL(mbedtls_lms_calculate_public_key(&pub_ctx, &priv_ctx), 0);
63
64    TEST_EQUAL(mbedtls_lms_sign(&priv_ctx, mbedtls_test_rnd_std_rand, NULL,
65                                NULL, 0, sig, sizeof(sig),
66                                NULL), 0);
67
68    TEST_EQUAL(mbedtls_lms_verify(&pub_ctx, NULL, 0, sig,
69                                  sizeof(sig)), 0);
70
71exit:
72    mbedtls_lms_public_free(&pub_ctx);
73    mbedtls_lms_private_free(&priv_ctx);
74}
75/* END_CASE */
76
77/* BEGIN_CASE */
78void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
79                     int expected_rc)
80{
81    mbedtls_lms_public_t ctx;
82    unsigned int size;
83    unsigned char *tmp_sig = NULL;
84
85    mbedtls_lms_public_init(&ctx);
86
87    TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
88
89    TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len), expected_rc);
90
91    /* Test negative cases if the input data is valid */
92    if (expected_rc == 0) {
93        if (msg->len >= 1) {
94            /* Altering first message byte must cause verification failure */
95            msg->x[0] ^= 1;
96            TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
97                       MBEDTLS_ERR_LMS_VERIFY_FAILED);
98            msg->x[0] ^= 1;
99
100            /* Altering last message byte must cause verification failure */
101            msg->x[msg->len - 1] ^= 1;
102            TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
103                       MBEDTLS_ERR_LMS_VERIFY_FAILED);
104            msg->x[msg->len - 1] ^= 1;
105        }
106
107        if (sig->len >= 1) {
108            /* Altering first signature byte must cause verification failure */
109            sig->x[0] ^= 1;
110            TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
111                       MBEDTLS_ERR_LMS_VERIFY_FAILED);
112            sig->x[0] ^= 1;
113
114            /* Altering last signature byte must cause verification failure */
115            sig->x[sig->len - 1] ^= 1;
116            TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, sig->x, sig->len),
117                       MBEDTLS_ERR_LMS_VERIFY_FAILED);
118            sig->x[sig->len - 1] ^= 1;
119        }
120
121        /* Signatures of all sizes must not verify, whether shorter or longer */
122        for (size = 0; size < sig->len; size++) {
123            if (size == sig->len) {
124                continue;
125            }
126
127            TEST_CALLOC(tmp_sig, size);
128            if (tmp_sig != NULL) {
129                memcpy(tmp_sig, sig->x, MIN(size, sig->len));
130            }
131
132            TEST_EQUAL(mbedtls_lms_verify(&ctx, msg->x, msg->len, tmp_sig, size),
133                       MBEDTLS_ERR_LMS_VERIFY_FAILED);
134            mbedtls_free(tmp_sig);
135            tmp_sig = NULL;
136        }
137    }
138
139exit:
140    mbedtls_free(tmp_sig);
141    mbedtls_lms_public_free(&ctx);
142}
143/* END_CASE */
144
145/* BEGIN_CASE */
146void lms_import_export_test(data_t *pub_key, int expected_import_rc)
147{
148    mbedtls_lms_public_t ctx;
149    size_t exported_pub_key_buf_size = 0;
150    size_t exported_pub_key_size = 0;
151    unsigned char *exported_pub_key = NULL;
152
153    mbedtls_lms_public_init(&ctx);
154    TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len),
155               expected_import_rc);
156
157    if (expected_import_rc == 0) {
158        exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10);
159        TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
160
161        TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key,
162                                                 exported_pub_key_buf_size,
163                                                 &exported_pub_key_size), 0);
164
165        TEST_EQUAL(exported_pub_key_size,
166                   MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10));
167        TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
168                            exported_pub_key, exported_pub_key_size);
169        mbedtls_free(exported_pub_key);
170        exported_pub_key = NULL;
171
172        /* Export into too-small buffer should fail */
173        exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) - 1;
174        TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
175        TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key,
176                                                 exported_pub_key_buf_size, NULL),
177                   MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL);
178        mbedtls_free(exported_pub_key);
179        exported_pub_key = NULL;
180
181        /* Export into too-large buffer should succeed */
182        exported_pub_key_buf_size = MBEDTLS_LMS_PUBLIC_KEY_LEN(MBEDTLS_LMS_SHA256_M32_H10) + 1;
183        TEST_CALLOC(exported_pub_key, exported_pub_key_buf_size);
184        TEST_EQUAL(mbedtls_lms_export_public_key(&ctx, exported_pub_key,
185                                                 exported_pub_key_buf_size,
186                                                 &exported_pub_key_size),
187                   0);
188        TEST_MEMORY_COMPARE(pub_key->x, pub_key->len,
189                            exported_pub_key, exported_pub_key_size);
190        mbedtls_free(exported_pub_key);
191        exported_pub_key = NULL;
192    }
193
194exit:
195    mbedtls_free(exported_pub_key);
196    mbedtls_lms_public_free(&ctx);
197}
198/* END_CASE */
199