kris
/
pqc
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Reference implementations of PQC
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1070 Commits
9 Branches
14 MiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
pqc/test/crypto_kem/functest.c

264 lines
7.8 KiB
Raw Permalink Blame History 

  1. #include "api.h"

  2. #include "randombytes.h"

  3. 

  4. #include <stdint.h>

  5. #include <stdio.h>

  6. #include <stdlib.h>

  7. #include <string.h>

  8. 

  9. #ifndef NTESTS

  10. #define NTESTS 5

  11. #endif

  12. 

  13. const uint8_t canary[8] = {

  14.     0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF

  15. };

  16. 

  17. /* allocate a bit more for all keys and messages and

  18.  * make sure it is not touched by the implementations.

  19.  */

  20. static void write_canary(uint8_t *d) {

  21.     for (size_t i = 0; i < 8; i++) {

  22.         d[i] = canary[i];

  23.     }

  24. }

  25. 

  26. static int check_canary(const uint8_t *d) {

  27.     for (size_t i = 0; i < 8; i++) {

  28.         if (d[i] != canary[i]) {

  29.             return -1;

  30.         }

  31.     }

  32.     return 0;

  33. }

  34. 

  35. inline static void* malloc_s(size_t size) {

  36.     void *ptr = malloc(size);

  37.     if (ptr == NULL) {

  38.         perror("Malloc failed!");

  39.         exit(1);

  40.     }

  41.     return ptr;

  42. }

  43. 

  44. // https://stackoverflow.com/a/1489985/1711232

  45. #define PASTER(x, y) x##_##y

  46. #define EVALUATOR(x, y) PASTER(x, y)

  47. #define NAMESPACE(fun) EVALUATOR(PQCLEAN_NAMESPACE, fun)

  48. 

  49. #define CRYPTO_BYTES           NAMESPACE(CRYPTO_BYTES)

  50. #define CRYPTO_PUBLICKEYBYTES  NAMESPACE(CRYPTO_PUBLICKEYBYTES)

  51. #define CRYPTO_SECRETKEYBYTES  NAMESPACE(CRYPTO_SECRETKEYBYTES)

  52. #define CRYPTO_CIPHERTEXTBYTES NAMESPACE(CRYPTO_CIPHERTEXTBYTES)

  53. #define CRYPTO_ALGNAME NAMESPACE(CRYPTO_ALGNAME)

  54. 

  55. #define crypto_kem_keypair NAMESPACE(crypto_kem_keypair)

  56. #define crypto_kem_enc NAMESPACE(crypto_kem_enc)

  57. #define crypto_kem_dec NAMESPACE(crypto_kem_dec)

  58. 

  59. #define RETURNS_ZERO(f)                           \

  60.     if ((f) != 0) {                               \

  61.         puts(#f " returned non-zero returncode"); \

  62.         res = 1;                                  \

  63.         goto end;                                 \

  64.     }

  65. 

  66. // https://stackoverflow.com/a/55243651/248065

  67. #define MY_TRUTHY_VALUE_X 1

  68. #define CAT(x,y) CAT_(x,y)

  69. #define CAT_(x,y) x##y

  70. #define HAS_NAMESPACE(x) CAT(CAT(MY_TRUTHY_VALUE_,CAT(PQCLEAN_NAMESPACE,CAT(_,x))),X)

  71. 

  72. #if !HAS_NAMESPACE(API_H)

  73. #error "namespace not properly defined for header guard"

  74. #endif

  75. 

  76. static int test_keys(void) {

  77.     /*

  78.      * This is most likely going to be aligned by the compiler.

  79.      * 16 extra bytes for canary

  80.      * 1 extra byte for unalignment

  81.      */

  82.     int res = 0;

  83. 

  84.     uint8_t *key_a_aligned = malloc_s(CRYPTO_BYTES + 16 + 1);

  85.     uint8_t *key_b_aligned = malloc_s(CRYPTO_BYTES + 16 + 1);

  86.     uint8_t *pk_aligned    = malloc_s(CRYPTO_PUBLICKEYBYTES + 16 + 1);

  87.     uint8_t *sendb_aligned = malloc_s(CRYPTO_CIPHERTEXTBYTES + 16 + 1);

  88.     uint8_t *sk_a_aligned  = malloc_s(CRYPTO_SECRETKEYBYTES + 16 + 1);

  89. 

  90.     /*

  91.      * Make sure all pointers are odd.

  92.      * This ensures that the implementation does not assume anything about the

  93.      * data alignment. For example this would catch if an implementation

  94.      * directly uses these pointers to load into vector registers using movdqa.

  95.      */

  96.     uint8_t *key_a = (uint8_t *) ((uintptr_t) key_a_aligned|(uintptr_t) 1);

  97.     uint8_t *key_b = (uint8_t *) ((uintptr_t) key_b_aligned|(uintptr_t) 1);

  98.     uint8_t *pk    = (uint8_t *) ((uintptr_t) pk_aligned|(uintptr_t) 1);

  99.     uint8_t *sendb = (uint8_t *) ((uintptr_t) sendb_aligned|(uintptr_t) 1);

  100.     uint8_t *sk_a  = (uint8_t *) ((uintptr_t) sk_a_aligned|(uintptr_t) 1);

  101. 

  102.     /*

  103.      * Write 8 byte canary before and after the actual memory regions.

  104.      * This is used to validate that the implementation does not assume

  105.      * anything about the placement of data in memory

  106.      * (e.g., assuming that the pk is always behind the sk)

  107.      */

  108.     write_canary(key_a);

  109.     write_canary(key_a + CRYPTO_BYTES + 8);

  110.     write_canary(key_b);

  111.     write_canary(key_b + CRYPTO_BYTES + 8);

  112.     write_canary(pk);

  113.     write_canary(pk +  CRYPTO_PUBLICKEYBYTES + 8);

  114.     write_canary(sendb);

  115.     write_canary(sendb + CRYPTO_CIPHERTEXTBYTES + 8);

  116.     write_canary(sk_a);

  117.     write_canary(sk_a + CRYPTO_SECRETKEYBYTES + 8);

  118. 

  119.     int i;

  120. 

  121.     for (i = 0; i < NTESTS; i++) {

  122.         // Alice generates a public key

  123.         RETURNS_ZERO(crypto_kem_keypair(pk + 8, sk_a + 8));

  124. 

  125.         // Bob derives a secret key and creates a response

  126.         RETURNS_ZERO(crypto_kem_enc(sendb + 8, key_b + 8, pk + 8));

  127. 

  128.         // Alice uses Bobs response to get her secret key

  129.         RETURNS_ZERO(crypto_kem_dec(key_a + 8, sendb + 8, sk_a + 8));

  130. 

  131.         if (memcmp(key_a + 8, key_b + 8, CRYPTO_BYTES) != 0) {

  132.             printf("ERROR KEYS\n");

  133.             res = 1;

  134.             goto end;

  135.         }

  136. 

  137.         // Validate that the implementation did not touch the canary

  138.         if (check_canary(key_a) || check_canary(key_a + CRYPTO_BYTES + 8) ||

  139.             check_canary(key_b) || check_canary(key_b + CRYPTO_BYTES + 8 ) ||

  140.             check_canary(pk) || check_canary(pk + CRYPTO_PUBLICKEYBYTES + 8 ) ||

  141.             check_canary(sendb) || check_canary(sendb + CRYPTO_CIPHERTEXTBYTES + 8 ) ||

  142.             check_canary(sk_a) || check_canary(sk_a + CRYPTO_SECRETKEYBYTES + 8 )) {

  143.             printf("ERROR canary overwritten\n");

  144.             res = 1;

  145.             goto end;

  146.         }

  147.     }

  148. 

  149. end:

  150.     free(key_a_aligned);

  151.     free(key_b_aligned);

  152.     free(pk_aligned);

  153.     free(sendb_aligned);

  154.     free(sk_a_aligned);

  155. 

  156.     return res;

  157. }

  158. 

  159. static int test_invalid_sk_a(void) {

  160.     uint8_t *sk_a  = malloc_s(CRYPTO_SECRETKEYBYTES);

  161.     uint8_t *key_a = malloc_s(CRYPTO_BYTES);

  162.     uint8_t *key_b = malloc_s(CRYPTO_BYTES);

  163.     uint8_t *pk    = malloc_s(CRYPTO_PUBLICKEYBYTES);

  164.     uint8_t *sendb = malloc_s(CRYPTO_CIPHERTEXTBYTES);

  165.     int i;

  166.     int returncode;

  167.     int res = 0;

  168. 

  169.     for (i = 0; i < NTESTS; i++) {

  170.         // Alice generates a public key

  171.         RETURNS_ZERO(crypto_kem_keypair(pk, sk_a));

  172. 

  173.         // Bob derives a secret key and creates a response

  174.         RETURNS_ZERO(crypto_kem_enc(sendb, key_b, pk));

  175. 

  176.         // Replace secret key with random values

  177.         randombytes(sk_a, CRYPTO_SECRETKEYBYTES);

  178. 

  179.         // Alice uses Bobs response to get her secret key

  180.         if ((returncode = crypto_kem_dec(key_a, sendb, sk_a)) > 0) {

  181.             printf("ERROR failing crypto_kem_dec returned %d instead of "

  182.                    "negative or zero code\n",

  183.                    returncode);

  184.             res = 1;

  185.             goto end;

  186.         }

  187. 

  188.         if (!memcmp(key_a, key_b, CRYPTO_BYTES)) {

  189.             printf("ERROR invalid sk_a\n");

  190.             res = 1;

  191.             goto end;

  192.         }

  193.     }

  194. 

  195. end:

  196.     free(sk_a);

  197.     free(key_a);

  198.     free(key_b);

  199.     free(pk);

  200.     free(sendb);

  201. 

  202.     return res;

  203. }

  204. 

  205. static int test_invalid_ciphertext(void) {

  206.     uint8_t *sk_a = malloc_s(CRYPTO_SECRETKEYBYTES);

  207.     uint8_t *key_a = malloc_s(CRYPTO_BYTES);

  208.     uint8_t *key_b = malloc_s(CRYPTO_BYTES);

  209.     uint8_t *pk = malloc_s(CRYPTO_PUBLICKEYBYTES);

  210.     uint8_t *sendb = malloc_s(CRYPTO_CIPHERTEXTBYTES);

  211.     int i;

  212.     int returncode;

  213.     int res = 0;

  214. 

  215.     for (i = 0; i < NTESTS; i++) {

  216.         // Alice generates a public key

  217.         RETURNS_ZERO(crypto_kem_keypair(pk, sk_a));

  218. 

  219.         // Bob derives a secret key and creates a response

  220.         RETURNS_ZERO(crypto_kem_enc(sendb, key_b, pk));

  221. 

  222.         // Change ciphertext to random value

  223.         randombytes(sendb, sizeof(sendb));

  224. 

  225.         // Alice uses Bobs response to get her secret key

  226.         if ((returncode = crypto_kem_dec(key_a, sendb, sk_a)) > 0) {

  227.             printf("ERROR crypto_kem_dec should either fail (negative "

  228.                    "returncode) or succeed (return 0) but returned %d\n",

  229.                    returncode);

  230.             res = 1;

  231.             goto end;

  232.         }

  233. 

  234.         if (!memcmp(key_a, key_b, CRYPTO_BYTES)) {

  235.             printf("ERROR invalid ciphertext\n");

  236.             res = 1;

  237.             goto end;

  238.         }

  239.     }

  240. end:

  241.     free(sk_a);

  242.     free(key_a);

  243.     free(key_b);

  244.     free(pk);

  245.     free(sendb);

  246. 

  247.     return res;

  248. }

  249. 

  250. int main(void) {

  251.     // Check if CRYPTO_ALGNAME is printable

  252.     puts(CRYPTO_ALGNAME);

  253. 

  254.     int result = 0;

  255.     result += test_keys();

  256.     result += test_invalid_sk_a();

  257.     result += test_invalid_ciphertext();

  258. 

  259.     if (result != 0) {

  260.         puts("Errors occurred");

  261.     }

  262.     return result;

  263. }