kris
/
pqc
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Reference implementations of PQC
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
693 Commits
9 Branches
14 MiB
 
 
 
 
Tree: 78a65d6ec9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '78a65d6ec9'
${ noResults }
pqc/test/crypto_sign/functest.c

255 lines
8.1 KiB
Raw Blame History 

  1. #include "api.h"

  2. #include "randombytes.h"

  3. #include <stddef.h>

  4. #include <stdint.h>

  5. #include <stdio.h>

  6. #include <string.h>

  7. 

  8. #ifndef NTESTS

  9. #define NTESTS 5

  10. #endif

  11. 

  12. #define MLEN 32

  13. 

  14. const uint8_t canary[8] = {

  15.     0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF

  16. };

  17. 

  18. /* allocate a bit more for all keys and messages and

  19.  * make sure it is not touched by the implementations.

  20.  */

  21. static void write_canary(uint8_t *d) {

  22.     for (size_t i = 0; i < 8; i++) {

  23.         d[i] = canary[i];

  24.     }

  25. }

  26. 

  27. static int check_canary(const uint8_t *d) {

  28.     for (size_t i = 0; i < 8; i++) {

  29.         if (d[i] != canary[i]) {

  30.             return -1;

  31.         }

  32.     }

  33.     return 0;

  34. }

  35. 

  36. // https://stackoverflow.com/a/1489985/1711232

  37. #define PASTER(x, y) x##_##y

  38. #define EVALUATOR(x, y) PASTER(x, y)

  39. #define NAMESPACE(fun) EVALUATOR(PQCLEAN_NAMESPACE, fun)

  40. 

  41. #define CRYPTO_PUBLICKEYBYTES NAMESPACE(CRYPTO_PUBLICKEYBYTES)

  42. #define CRYPTO_SECRETKEYBYTES NAMESPACE(CRYPTO_SECRETKEYBYTES)

  43. #define CRYPTO_BYTES          NAMESPACE(CRYPTO_BYTES)

  44. #define CRYPTO_ALGNAME        NAMESPACE(CRYPTO_ALGNAME)

  45. 

  46. #define crypto_sign_keypair NAMESPACE(crypto_sign_keypair)

  47. #define crypto_sign NAMESPACE(crypto_sign)

  48. #define crypto_sign_open NAMESPACE(crypto_sign_open)

  49. #define crypto_sign_signature NAMESPACE(crypto_sign_signature)

  50. #define crypto_sign_verify NAMESPACE(crypto_sign_verify)

  51. 

  52. #define RETURNS_ZERO(f)                           \

  53.     if ((f) != 0) {                               \

  54.         puts("(f) returned non-zero returncode"); \

  55.         return -1;                                \

  56.     }

  57. 

  58. // https://stackoverflow.com/a/55243651/248065

  59. #define MY_TRUTHY_VALUE_X 1

  60. #define CAT(x,y) CAT_(x,y)

  61. #define CAT_(x,y) x##y

  62. #define HAS_NAMESPACE(x) CAT(CAT(MY_TRUTHY_VALUE_,CAT(PQCLEAN_NAMESPACE,CAT(_,x))),X)

  63. 

  64. #if !HAS_NAMESPACE(API_H)

  65. #error "namespace not properly defined for header guard"

  66. #endif

  67. 

  68. 

  69. static int test_sign(void) {

  70.     /*

  71.      * This is most likely going to be aligned by the compiler.

  72.      * 16 extra bytes for canary

  73.      * 1 extra byte for unalignment

  74.      */

  75.     uint8_t pk_aligned[CRYPTO_PUBLICKEYBYTES + 16 + 1];

  76.     uint8_t sk_aligned[CRYPTO_SECRETKEYBYTES + 16 + 1];

  77.     uint8_t sm_aligned[MLEN + CRYPTO_BYTES + 16 + 1];

  78.     uint8_t m_aligned[MLEN + 16 + 1];

  79. 

  80.     /*

  81.      * Make sure all pointers are odd.

  82.      * This ensures that the implementation does not assume anything about the

  83.      * data alignment. For example this would catch if an implementation

  84.      * directly uses these pointers to load into vector registers using movdqa.

  85.      */

  86.     uint8_t *pk = (uint8_t *) ((uintptr_t) pk_aligned|(uintptr_t) 1);

  87.     uint8_t *sk = (uint8_t *) ((uintptr_t) sk_aligned|(uintptr_t) 1);

  88.     uint8_t *sm = (uint8_t *) ((uintptr_t) sm_aligned|(uintptr_t) 1);

  89.     uint8_t *m  = (uint8_t *) ((uintptr_t) m_aligned|(uintptr_t) 1);

  90. 

  91.     size_t mlen;

  92.     size_t smlen;

  93.     int returncode;

  94. 

  95.     int i;

  96.     /*

  97.      * Write 8 byte canary before and after the actual memory regions.

  98.      * This is used to validate that the implementation does not assume

  99.      * anything about the placement of data in memory

  100.      * (e.g., assuming that the pk is always behind the sk)

  101.      */

  102.     write_canary(pk);

  103.     write_canary(pk + CRYPTO_PUBLICKEYBYTES + 8);

  104.     write_canary(sk);

  105.     write_canary(sk + CRYPTO_SECRETKEYBYTES + 8);

  106.     write_canary(sm);

  107.     write_canary(sm + MLEN + CRYPTO_BYTES + 8);

  108.     write_canary(m);

  109.     write_canary(m + MLEN + 8);

  110. 

  111.     for (i = 0; i < NTESTS; i++) {

  112.         RETURNS_ZERO(crypto_sign_keypair(pk + 8, sk + 8));

  113. 

  114.         randombytes(m + 8, MLEN);

  115.         RETURNS_ZERO(crypto_sign(sm + 8, &smlen, m + 8, MLEN, sk + 8));

  116. 

  117.         // By relying on m == sm we prevent having to allocate CRYPTO_BYTES

  118.         // twice

  119.         if ((returncode =

  120.                  crypto_sign_open(sm + 8, &mlen, sm + 8, smlen, pk + 8)) != 0) {

  121.             fprintf(stderr, "ERROR Signature did not verify correctly!\n");

  122.             if (returncode > 0) {

  123.                 fprintf(stderr, "ERROR return code should be < 0 on failure");

  124.             }

  125.             return 1;

  126.         }

  127.         // Validate that the implementation did not touch the canary

  128.         if (check_canary(pk) || check_canary(pk + CRYPTO_PUBLICKEYBYTES + 8) ||

  129.             check_canary(sk) || check_canary(sk + CRYPTO_SECRETKEYBYTES + 8) ||

  130.             check_canary(sm) || check_canary(sm + MLEN + CRYPTO_BYTES + 8) ||

  131.             check_canary(m) || check_canary(m + MLEN + 8)) {

  132.             fprintf(stderr, "ERROR canary overwritten\n");

  133.             return 1;

  134.         }

  135.     }

  136. 

  137.     return 0;

  138. }

  139. 

  140. static int test_sign_detached(void) {

  141.     /*

  142.      * This is most likely going to be aligned by the compiler.

  143.      * 16 extra bytes for canary

  144.      * 1 extra byte for unalignment

  145.      */

  146.     uint8_t pk_aligned[CRYPTO_PUBLICKEYBYTES + 16 + 1];

  147.     uint8_t sk_aligned[CRYPTO_SECRETKEYBYTES + 16 + 1];

  148.     uint8_t sig_aligned[CRYPTO_BYTES + 16 + 1];

  149.     uint8_t m_aligned[MLEN + 16 + 1];

  150. 

  151.     /*

  152.      * Make sure all pointers are odd.

  153.      * This ensures that the implementation does not assume anything about the

  154.      * data alignment. For example this would catch if an implementation

  155.      * directly uses these pointers to load into vector registers using movdqa.

  156.      */

  157.     uint8_t *pk = (uint8_t *) ((uintptr_t) pk_aligned|(uintptr_t) 1);

  158.     uint8_t *sk = (uint8_t *) ((uintptr_t) sk_aligned|(uintptr_t) 1);

  159.     uint8_t *sig = (uint8_t *) ((uintptr_t) sig_aligned|(uintptr_t) 1);

  160.     uint8_t *m  = (uint8_t *) ((uintptr_t) m_aligned|(uintptr_t) 1);

  161. 

  162.     size_t siglen;

  163.     int returncode;

  164. 

  165.     int i;

  166.     /*

  167.      * Write 8 byte canary before and after the actual memory regions.

  168.      * This is used to validate that the implementation does not assume

  169.      * anything about the placement of data in memory

  170.      * (e.g., assuming that the pk is always behind the sk)

  171.      */

  172.     write_canary(pk);

  173.     write_canary(pk + CRYPTO_PUBLICKEYBYTES + 8);

  174.     write_canary(sk);

  175.     write_canary(sk + CRYPTO_SECRETKEYBYTES + 8);

  176.     write_canary(sig);

  177.     write_canary(sig + CRYPTO_BYTES + 8);

  178.     write_canary(m);

  179.     write_canary(m + MLEN + 8);

  180. 

  181.     for (i = 0; i < NTESTS; i++) {

  182.         RETURNS_ZERO(crypto_sign_keypair(pk + 8, sk + 8));

  183. 

  184.         randombytes(m + 8, MLEN);

  185.         RETURNS_ZERO(crypto_sign_signature(sig + 8, &siglen, m + 8, MLEN, sk + 8));

  186. 

  187.         if ((returncode =

  188.                 crypto_sign_verify(sig + 8, siglen, m + 8, MLEN, pk + 8)) != 0) {

  189.             fprintf(stderr, "ERROR Signature did not verify correctly!\n");

  190.             if (returncode > 0) {

  191.                 fprintf(stderr, "ERROR return code should be < 0 on failure");

  192.             }

  193.             return 1;

  194.         }

  195.         // Validate that the implementation did not touch the canary

  196.         if (check_canary(pk) || check_canary(pk + CRYPTO_PUBLICKEYBYTES + 8) ||

  197.             check_canary(sk) || check_canary(sk + CRYPTO_SECRETKEYBYTES + 8) ||

  198.             check_canary(sig) || check_canary(sig + CRYPTO_BYTES + 8) ||

  199.             check_canary(m) || check_canary(m + MLEN + 8)) {

  200.             fprintf(stderr, "ERROR canary overwritten\n");

  201.             return 1;

  202.         }

  203.     }

  204. 

  205.     return 0;

  206. }

  207. 

  208. static int test_wrong_pk(void) {

  209.     uint8_t pk[CRYPTO_PUBLICKEYBYTES];

  210.     uint8_t pk2[CRYPTO_PUBLICKEYBYTES];

  211.     uint8_t sk[CRYPTO_SECRETKEYBYTES];

  212.     uint8_t sm[MLEN + CRYPTO_BYTES];

  213.     uint8_t m[MLEN];

  214. 

  215.     size_t mlen;

  216.     size_t smlen;

  217. 

  218.     int returncode;

  219. 

  220.     int i;

  221. 

  222.     for (i = 0; i < NTESTS; i++) {

  223.         RETURNS_ZERO(crypto_sign_keypair(pk2, sk));

  224. 

  225.         RETURNS_ZERO(crypto_sign_keypair(pk, sk));

  226. 

  227.         randombytes(m, MLEN);

  228.         RETURNS_ZERO(crypto_sign(sm, &smlen, m, MLEN, sk));

  229. 

  230.         // By relying on m == sm we prevent having to allocate CRYPTO_BYTES

  231.         // twice

  232.         returncode = crypto_sign_open(sm, &mlen, sm, smlen, pk2);

  233.         if (!returncode) {

  234.             fprintf(stderr, "ERROR Signature did verify correctly under wrong public key!\n");

  235.             if (returncode > 0) {

  236.                 fprintf(stderr, "ERROR return code should be < 0");

  237.             }

  238.             return 1;

  239.         }

  240.     }

  241. 

  242.     return 0;

  243. }

  244. 

  245. int main(void) {

  246.     // check if CRYPTO_ALGNAME is printable

  247.     puts(CRYPTO_ALGNAME);

  248.     int result = 0;

  249.     result += test_sign();

  250.     result += test_sign_detached();

  251.     result += test_wrong_pk();

  252. 

  253.     return result;

  254. }