Clean up tests
This commit is contained in:
Joost Rijneveld
parent
d340e0700d
commit
5ce8fc402b
26
.gitignore
vendored
26
.gitignore
vendored
@ -1,22 +1,4 @@
|
||||
test/test_chacha
|
||||
test/test_wots
|
||||
test/test_horst
|
||||
test/test_xmss
|
||||
test/test_xmss_core
|
||||
test/test_xmss_core_fast
|
||||
test/test_xmssmt
|
||||
test/test_xmssmt_core
|
||||
test/test_xmssmt_core_fast
|
||||
test/test_xmss_core_XMSS*
|
||||
test/test_xmss_core_fast_XMSS*
|
||||
test/test_xmssmt_core_XMSSMT*
|
||||
test/test_xmssmt_core_fast_XMSSMT*
|
||||
test/test_determinism
|
||||
test/speed
|
||||
test/gen_testvectors
|
||||
ui/xmss_keypair
|
||||
ui/xmss_open
|
||||
ui/xmss_sign
|
||||
ui/xmssmt_keypair
|
||||
ui/xmssmt_open
|
||||
ui/xmssmt_sign
|
||||
test/*
|
||||
!test/*.c
|
||||
ui/*
|
||||
!ui/*.c
|
||||
|
||||
62
Makefile
62
Makefile
@ -8,14 +8,16 @@ HEADERS = params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss.h x
|
||||
SOURCES_FAST = $(subst core,core_fast,$(SOURCES))
|
||||
HEADERS_FAST = $(subst core,core_fast,$(HEADERS))
|
||||
|
||||
TESTS = test/test_wots \
|
||||
test/test_xmss_core \
|
||||
test/test_xmss_core_fast \
|
||||
test/test_xmss \
|
||||
test/test_xmssmt_core_fast \
|
||||
test/test_xmssmt_core \
|
||||
test/test_xmssmt \
|
||||
test/test_determinism \
|
||||
TESTS = test/wots \
|
||||
test/xmss_determinism \
|
||||
test/xmss \
|
||||
test/xmssmt \
|
||||
test/xmss_core_fast \
|
||||
test/xmssmt_core_fast \
|
||||
|
||||
# These currently do not work, as xmss_core_fast does not match the xmss_core.h API
|
||||
# test/xmss_fast \
|
||||
# test/xmssmt_fast \
|
||||
|
||||
UI = ui/xmss_keypair \
|
||||
ui/xmss_sign \
|
||||
@ -24,18 +26,52 @@ UI = ui/xmss_keypair \
|
||||
ui/xmssmt_sign \
|
||||
ui/xmssmt_open \
|
||||
|
||||
all: $(TESTS) $(UI)
|
||||
# These currently do not work, as xmss_core_fast does not match the xmss_core.h API
|
||||
# ui/xmss_keypair_fast \
|
||||
# ui/xmss_sign_fast \
|
||||
# ui/xmss_open_fast \
|
||||
# ui/xmssmt_keypair_fast \
|
||||
# ui/xmssmt_sign_fast \
|
||||
# ui/xmssmt_open_fast \
|
||||
|
||||
.PHONY: clean
|
||||
all: tests ui
|
||||
|
||||
test/%_fast: test/%_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
|
||||
tests: $(TESTS)
|
||||
ui: $(UI)
|
||||
|
||||
test: $(TESTS:=.exec)
|
||||
|
||||
.PHONY: clean test
|
||||
|
||||
test/%.exec: test/%
|
||||
@$<
|
||||
|
||||
test/xmss_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
|
||||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
|
||||
|
||||
test/xmss: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS)
|
||||
$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)
|
||||
|
||||
test/xmssmt_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
|
||||
$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
|
||||
|
||||
test/xmssmt: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS)
|
||||
$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)
|
||||
|
||||
test/xmss_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
|
||||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
|
||||
|
||||
test/xmssmt_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
|
||||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
|
||||
|
||||
test/%: test/%.c $(SOURCES) $(OBJS) $(HEADERS)
|
||||
$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)
|
||||
|
||||
test/test_wots: params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss_commons.h
|
||||
$(CC) $(CFLAGS) params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c -o $@ -lcrypto
|
||||
ui/xmss_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
|
||||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
|
||||
|
||||
ui/xmssmt_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
|
||||
$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
|
||||
|
||||
ui/xmss_%: ui/%.c $(SOURCES) $(OBJS) $(HEADERS)
|
||||
$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)
|
||||
|
||||
@ -1,92 +0,0 @@
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include "../crypto_sign.h"
|
||||
|
||||
#define MAXMBYTES 2048
|
||||
|
||||
typedef uint32_t uint32;
|
||||
|
||||
static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ;
|
||||
static uint32 in[12];
|
||||
static uint32 out[8];
|
||||
static int outleft = 0;
|
||||
|
||||
#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
|
||||
#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
|
||||
|
||||
static void surf(void)
|
||||
{
|
||||
uint32 t[12]; uint32 x; uint32 sum = 0;
|
||||
int r; int i; int loop;
|
||||
|
||||
for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
|
||||
for (i = 0;i < 8;++i) out[i] = seed[24 + i];
|
||||
x = t[11];
|
||||
for (loop = 0;loop < 2;++loop) {
|
||||
for (r = 0;r < 16;++r) {
|
||||
sum += 0x9e3779b9;
|
||||
MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
|
||||
MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
|
||||
MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
|
||||
}
|
||||
for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
|
||||
}
|
||||
}
|
||||
|
||||
void randombytes(unsigned char *x,unsigned long long xlen)
|
||||
{
|
||||
while (xlen > 0) {
|
||||
if (!outleft) {
|
||||
if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
|
||||
surf();
|
||||
outleft = 8;
|
||||
}
|
||||
*x = out[--outleft];
|
||||
++x;
|
||||
--xlen;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
unsigned char pk[CRYPTO_PUBLICKEYBYTES];
|
||||
unsigned char sk[CRYPTO_SECRETKEYBYTES];
|
||||
unsigned char m[MAXMBYTES];
|
||||
unsigned char sm[MAXMBYTES+CRYPTO_BYTES];
|
||||
//unsigned char mo[MAXMBYTES+CRYPTO_BYTES];
|
||||
unsigned long long smlen;
|
||||
unsigned long long mlen;
|
||||
|
||||
int main(void)
|
||||
{
|
||||
int n,i,r;
|
||||
for(n=0;n<MAXMBYTES;n++)
|
||||
{
|
||||
crypto_sign_keypair(pk,sk);
|
||||
randombytes(m,n);
|
||||
|
||||
crypto_sign(sm, &smlen, m, n, sk);
|
||||
for(i=0;i<smlen;i++)
|
||||
printf("%02x",sm[i]);
|
||||
printf("\n");
|
||||
r = crypto_sign_open(sm, &mlen, sm, smlen, pk);
|
||||
if(r)
|
||||
{
|
||||
printf("signature verification fails\n");
|
||||
return -1;
|
||||
}
|
||||
if(mlen != n)
|
||||
{
|
||||
printf("signature verification produces wrong message length\n");
|
||||
return -1;
|
||||
}
|
||||
for(i=0;i<n;i++)
|
||||
{
|
||||
if(sm[i] != m[i])
|
||||
{
|
||||
printf("signature verification does not recover message\n");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
124
test/speed.c
124
test/speed.c
@ -1,124 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include "../crypto_sign.h"
|
||||
#include "../cpucycles.h"
|
||||
#include "../randombytes.h"
|
||||
#include "../horst.h"
|
||||
#include "../wots.h"
|
||||
#include "../hash.h"
|
||||
|
||||
|
||||
#define MLEN 59
|
||||
#define REP 1
|
||||
#define NRUNS 100
|
||||
|
||||
static int ull_cmp(const void *a, const void *b)
|
||||
{
|
||||
const unsigned long long *ia = (const unsigned long long *)a;
|
||||
const unsigned long long *ib = (const unsigned long long *)b;
|
||||
if (*ia > *ib) return 1;
|
||||
if (*ia < *ib) return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static const unsigned char seed[32] = {
|
||||
0x22, 0x26, 0xb5, 0x64, 0xbb, 0x78, 0xcc, 0xab, 0x4a, 0x4c, 0x0a, 0x64, 0xc2, 0x0b, 0x5d, 0x68,
|
||||
0x38, 0x74, 0x1a, 0xc0, 0x03, 0x17, 0xff, 0xd8, 0xe3, 0x53, 0xc8, 0x59, 0xc6, 0x23, 0x5b, 0xaa};
|
||||
|
||||
|
||||
int main()
|
||||
{
|
||||
unsigned long long t[NRUNS];
|
||||
int i,j;
|
||||
|
||||
printf("\n=== Benchmarks of signatures ===\n\n");
|
||||
unsigned char sk[CRYPTO_SECRETKEYBYTES];
|
||||
unsigned char pk[CRYPTO_PUBLICKEYBYTES];
|
||||
|
||||
unsigned char m[MLEN+CRYPTO_BYTES];
|
||||
unsigned char sm[MLEN+CRYPTO_BYTES];
|
||||
unsigned long long mlen;
|
||||
unsigned long long smlen;
|
||||
|
||||
unsigned char masks[2*HORST_LOGT*HASH_BYTES];
|
||||
randombytes(masks,N_MASKS*HASH_BYTES);
|
||||
|
||||
unsigned char msg_seed[MSGHASH_BYTES];
|
||||
randombytes(msg_seed, MSGHASH_BYTES);
|
||||
|
||||
//Benchmarking signature key generation
|
||||
for(i=0;i<NRUNS;i++)
|
||||
{
|
||||
t[i] = cpucycles();
|
||||
for(j=0;j<REP;j++)
|
||||
crypto_sign_keypair(pk, sk);
|
||||
}
|
||||
for(i=0;i<NRUNS-1;i++)
|
||||
t[i] = (t[i+1] - t[i]);
|
||||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
|
||||
printf("keypair: %13.3lf\n", (double)t[NRUNS/2-1]/REP);
|
||||
|
||||
//Benchmarking signature generation
|
||||
for(i=0;i<NRUNS;i++)
|
||||
{
|
||||
t[i] = cpucycles();
|
||||
for(j=0;j<REP;j++)
|
||||
crypto_sign(sm, &smlen, m, MLEN, sk);
|
||||
}
|
||||
for(i=0;i<NRUNS-1;i++)
|
||||
t[i] = (t[i+1] - t[i]);
|
||||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
|
||||
printf("sign: %13.3lf\n", (double)t[NRUNS/2-1]/REP);
|
||||
|
||||
//Benchmarking signature verification
|
||||
for(i=0;i<NRUNS;i++)
|
||||
{
|
||||
t[i] = cpucycles();
|
||||
for(j=0;j<REP;j++)
|
||||
crypto_sign_open(m, &mlen, sm, smlen, pk);
|
||||
}
|
||||
for(i=0;i<NRUNS-1;i++)
|
||||
t[i] = (t[i+1] - t[i]);
|
||||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
|
||||
printf("sign_open: %13.3lf\n", (double)t[NRUNS/2-1]/REP);
|
||||
|
||||
//Benchmarking WOTS pkgen
|
||||
for(i=0;i<NRUNS;i++)
|
||||
{
|
||||
t[i] = cpucycles();
|
||||
for(j=0;j<REP;j++)
|
||||
wots_pkgen(sm, seed, masks);
|
||||
}
|
||||
for(i=0;i<NRUNS-1;i++)
|
||||
t[i] = (t[i+1] - t[i]);
|
||||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
|
||||
printf("wots_pkgen: %13.3lf\n", (double)t[NRUNS/2-1]/REP);
|
||||
printf("416*wots_pkgen: %13.3lf\n", 416*(double)t[NRUNS/2-1]/REP);
|
||||
|
||||
//Benchmarking HORSt signing
|
||||
for(i=0;i<NRUNS;i++)
|
||||
{
|
||||
t[i] = cpucycles();
|
||||
for(j=0;j<REP;j++)
|
||||
horst_sign(sm, pk, &smlen, m, MLEN, seed, masks, msg_seed);
|
||||
}
|
||||
for(i=0;i<NRUNS-1;i++)
|
||||
t[i] = (t[i+1] - t[i]);
|
||||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
|
||||
printf("horst_sign: %13.3lf\n", (double)t[NRUNS/2-1]/REP);
|
||||
|
||||
//Benchmarking hash_2n_n
|
||||
for(i=0;i<NRUNS;i++)
|
||||
{
|
||||
t[i] = cpucycles();
|
||||
for(j=0;j<REP;j++)
|
||||
hash_2n_n(sm, sm);
|
||||
}
|
||||
for(i=0;i<NRUNS-1;i++)
|
||||
t[i] = (t[i+1] - t[i]);
|
||||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
|
||||
printf("hash_2n_n: %13.3lf\n", (double)t[NRUNS/2-1]/REP);
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
DIR=$(dirname $0)
|
||||
#for i in `ls $DIR/test* | grep -v \.c$ | grep -v \.sh$`;do ($i || echo 666) | bc | grep -v ^0$;done
|
||||
for i in `ls $DIR/test* | grep -v \.c$ | grep -v \.sh$`;do ($i || echo 666) ;done
|
||||
exit 0
|
||||
@ -1,57 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include "../wots.h"
|
||||
#include "../randombytes.h"
|
||||
#include "../params.h"
|
||||
|
||||
static void hexdump(unsigned char *a, size_t len)
|
||||
{
|
||||
size_t i;
|
||||
for (i = 0; i < len; i++)
|
||||
printf("%02x", a[i]);
|
||||
}
|
||||
|
||||
int main()
|
||||
{
|
||||
xmss_params params;
|
||||
// TODO test more different OIDs
|
||||
uint32_t oid = 0x01000001;
|
||||
xmssmt_parse_oid(¶ms, oid);
|
||||
|
||||
unsigned char seed[params.n];
|
||||
unsigned char pub_seed[params.n];
|
||||
|
||||
int sig_len = params.wots_len*params.n;
|
||||
|
||||
unsigned char pk1[sig_len];
|
||||
unsigned char pk2[sig_len];
|
||||
unsigned char sig[sig_len];
|
||||
uint32_t addr[8] = {1,2,3,4};
|
||||
|
||||
unsigned char msg[params.n];
|
||||
int i;
|
||||
|
||||
randombytes(seed, params.n);
|
||||
randombytes(pub_seed, params.n);
|
||||
randombytes(msg, params.n);
|
||||
//randombytes(addr, 16);
|
||||
|
||||
wots_pkgen(¶ms, pk1, seed, pub_seed, addr);
|
||||
wots_sign(¶ms, sig, msg, seed, pub_seed, addr);
|
||||
wots_pk_from_sig(¶ms, pk2, sig, msg, pub_seed, addr);
|
||||
|
||||
for (i = 0; i < sig_len; i++)
|
||||
if (pk1[i] != pk2[i]) {
|
||||
printf("pk1 != pk2 %d\n",i);
|
||||
return -1;
|
||||
}
|
||||
printf("worked great!\npk1: ");
|
||||
hexdump(pk1, sig_len);
|
||||
printf("\npk2: ");
|
||||
hexdump(pk2, sig_len);
|
||||
printf("\nsig: ");
|
||||
hexdump(sig, sig_len);
|
||||
printf("\n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
125
test/test_xmss.c
125
test/test_xmss.c
@ -1,125 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "../xmss.h"
|
||||
#include "../params.h"
|
||||
#include "../randombytes.h"
|
||||
|
||||
#define MLEN 3491
|
||||
#define SIGNATURES 5
|
||||
|
||||
unsigned char mi[MLEN];
|
||||
unsigned long long smlen;
|
||||
unsigned long long mlen;
|
||||
|
||||
int main()
|
||||
{
|
||||
xmss_params params;
|
||||
// TODO test more different OIDs
|
||||
uint32_t oid = 0x01000001;
|
||||
xmss_parse_oid(¶ms, oid);
|
||||
|
||||
int r;
|
||||
unsigned long long i, j;
|
||||
unsigned long errors = 0;
|
||||
|
||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes];
|
||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes];
|
||||
|
||||
unsigned char mo[MLEN+params.sig_bytes];
|
||||
unsigned char sm[MLEN+params.sig_bytes];
|
||||
|
||||
printf("keypair\n");
|
||||
xmss_keypair(pk, sk, oid);
|
||||
// check pub_seed in SK
|
||||
for (i = 0; i < params.n; i++) {
|
||||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
|
||||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i);
|
||||
}
|
||||
|
||||
// check index
|
||||
unsigned long idx = ((unsigned long)sk[4] << 24) | ((unsigned long)sk[5] << 16) | ((unsigned long)sk[6] << 8) | sk[7];
|
||||
if (idx) printf("\nidx != 0 %lu\n",idx);
|
||||
|
||||
for (i = 0; i < SIGNATURES; i++) {
|
||||
randombytes(mi, MLEN);
|
||||
|
||||
printf("sign\n");
|
||||
xmss_sign(sk, sm, &smlen, mi, MLEN);
|
||||
idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];
|
||||
printf("\nidx = %lu\n",idx);
|
||||
|
||||
for (j = 0; j < smlen; j++) {
|
||||
printf("%02X", sm[j]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
r = memcmp(mi, sm+params.sig_bytes,MLEN);
|
||||
printf("%d\n", r);
|
||||
|
||||
/* Test valid signature */
|
||||
printf("verify\n");
|
||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r);
|
||||
if (r != 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", r);
|
||||
printf("%llu\n", MLEN-mlen);
|
||||
|
||||
/* Test with modified message */
|
||||
sm[params.sig_bytes+10] ^= 1;
|
||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Test with modified signature */
|
||||
/* Modified index */
|
||||
sm[params.sig_bytes+10] ^= 1;
|
||||
sm[2] ^= 1;
|
||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Modified R */
|
||||
sm[2] ^= 1;
|
||||
sm[5] ^= 1;
|
||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Modified OTS sig */
|
||||
sm[5] ^= 1;
|
||||
sm[240] ^= 1;
|
||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Modified AUTH */
|
||||
sm[240] ^= 1;
|
||||
sm[params.sig_bytes - 10] ^= 1;
|
||||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
}
|
||||
|
||||
printf("#errors = %lu\n", errors);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -1,125 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "../xmss_core.h"
|
||||
#include "../params.h"
|
||||
#include "../randombytes.h"
|
||||
|
||||
#define MLEN 3491
|
||||
#define SIGNATURES 5
|
||||
|
||||
unsigned char mi[MLEN];
|
||||
unsigned long long smlen;
|
||||
unsigned long long mlen;
|
||||
|
||||
int main()
|
||||
{
|
||||
xmss_params params;
|
||||
// TODO test more different OIDs
|
||||
uint32_t oid = 0x01000001;
|
||||
xmss_parse_oid(¶ms, oid);
|
||||
|
||||
int r;
|
||||
unsigned long long i, j;
|
||||
unsigned long errors = 0;
|
||||
|
||||
unsigned char sk[4*params.n+4];
|
||||
unsigned char pk[2*params.n];
|
||||
|
||||
unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n;
|
||||
unsigned char mo[MLEN+signature_length];
|
||||
unsigned char sm[MLEN+signature_length];
|
||||
|
||||
printf("keypair\n");
|
||||
xmss_core_keypair(¶ms, pk, sk);
|
||||
// check pub_seed in SK
|
||||
for (i = 0; i < params.n; i++) {
|
||||
if (pk[params.n+i] != sk[4+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
|
||||
if (pk[i] != sk[4+3*params.n+i]) printf("pk.root != sk.root %llu",i);
|
||||
}
|
||||
|
||||
// check index
|
||||
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
|
||||
if (idx) printf("\nidx != 0 %lu\n",idx);
|
||||
|
||||
for (i = 0; i < SIGNATURES; i++) {
|
||||
randombytes(mi, MLEN);
|
||||
|
||||
printf("sign\n");
|
||||
xmss_core_sign(¶ms, sk, sm, &smlen, mi, MLEN);
|
||||
idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];
|
||||
printf("\nidx = %lu\n",idx);
|
||||
|
||||
for (j = 0; j < smlen; j++) {
|
||||
printf("%02X", sm[j]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
r = memcmp(mi, sm+signature_length,MLEN);
|
||||
printf("%d\n", r);
|
||||
|
||||
/* Test valid signature */
|
||||
printf("verify\n");
|
||||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r);
|
||||
if (r != 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", r);
|
||||
printf("%llu\n", MLEN-mlen);
|
||||
|
||||
/* Test with modified message */
|
||||
sm[signature_length+10] ^= 1;
|
||||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Test with modified signature */
|
||||
/* Modified index */
|
||||
sm[signature_length+10] ^= 1;
|
||||
sm[2] ^= 1;
|
||||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Modified R */
|
||||
sm[2] ^= 1;
|
||||
sm[5] ^= 1;
|
||||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Modified OTS sig */
|
||||
sm[5] ^= 1;
|
||||
sm[240] ^= 1;
|
||||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Modified AUTH */
|
||||
sm[240] ^= 1;
|
||||
sm[signature_length - 10] ^= 1;
|
||||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
if (r == 0) errors++;
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
}
|
||||
|
||||
printf("#errors = %lu\n", errors);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -1,97 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "../xmss.h"
|
||||
#include "../params.h"
|
||||
#include "../randombytes.h"
|
||||
|
||||
#define MLEN 3491
|
||||
#define SIGNATURES 5
|
||||
|
||||
unsigned char mi[MLEN];
|
||||
unsigned long long smlen;
|
||||
unsigned long long mlen;
|
||||
|
||||
int main()
|
||||
{
|
||||
xmss_params params;
|
||||
// TODO test more different OIDs
|
||||
uint32_t oid = 0x01000001;
|
||||
xmssmt_parse_oid(¶ms, oid);
|
||||
|
||||
int r;
|
||||
unsigned long long i,j;
|
||||
|
||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes];
|
||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes];
|
||||
|
||||
unsigned char mo[MLEN+params.sig_bytes];
|
||||
unsigned char sm[MLEN+params.sig_bytes];
|
||||
|
||||
printf("keypair\n");
|
||||
xmssmt_keypair(pk, sk, oid);
|
||||
// check pub_seed in SK
|
||||
for (i = 0; i < params.n; i++) {
|
||||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
|
||||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i);
|
||||
}
|
||||
|
||||
printf("pk checked\n");
|
||||
|
||||
// check index
|
||||
unsigned long long idx = 0;
|
||||
for (i = 0; i < params.index_bytes; i++) {
|
||||
idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_bytes - 1 - i);
|
||||
}
|
||||
|
||||
if (idx) printf("\nidx != 0: %llu\n",idx);
|
||||
|
||||
for (i = 0; i < SIGNATURES; i++) {
|
||||
randombytes(mi, MLEN);
|
||||
|
||||
printf("sign\n");
|
||||
xmssmt_sign(sk, sm, &smlen, mi, MLEN);
|
||||
idx = 0;
|
||||
for (j = 0; j < params.index_bytes; j++) {
|
||||
idx += ((unsigned long long)sm[j]) << 8*(params.index_bytes - 1 - j);
|
||||
}
|
||||
printf("\nidx = %llu\n",idx);
|
||||
r = memcmp(mi, sm+params.sig_bytes,MLEN);
|
||||
printf("%d\n", r);
|
||||
|
||||
for (j = 0; j < smlen; j++) {
|
||||
printf("%02X", sm[j]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
/* Test valid signature */
|
||||
printf("verify\n");
|
||||
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r);
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", r);
|
||||
printf("%llu\n", MLEN-mlen);
|
||||
|
||||
/* Test with modified message */
|
||||
sm[52] ^= 1;
|
||||
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Test with modified signature */
|
||||
sm[260] ^= 1;
|
||||
sm[52] ^= 1;
|
||||
sm[2] ^= 1;
|
||||
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -1,97 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "../xmss_core.h"
|
||||
#include "../params.h"
|
||||
#include "../randombytes.h"
|
||||
|
||||
#define MLEN 3491
|
||||
#define SIGNATURES 5
|
||||
|
||||
unsigned char mi[MLEN];
|
||||
unsigned long long smlen;
|
||||
unsigned long long mlen;
|
||||
|
||||
int main()
|
||||
{
|
||||
xmss_params params;
|
||||
// TODO test more different OIDs
|
||||
uint32_t oid = 0x01000001;
|
||||
xmssmt_parse_oid(¶ms, oid);
|
||||
|
||||
int r;
|
||||
unsigned long long i,j;
|
||||
|
||||
unsigned char sk[(params.index_bytes+4*params.n)];
|
||||
unsigned char pk[2*params.n];
|
||||
|
||||
unsigned long long signature_length = params.index_bytes + params.n + (params.d*params.wots_sig_bytes) + params.full_height*params.n;
|
||||
unsigned char mo[MLEN+signature_length];
|
||||
unsigned char sm[MLEN+signature_length];
|
||||
|
||||
printf("keypair\n");
|
||||
xmssmt_core_keypair(¶ms, pk, sk);
|
||||
// check pub_seed in SK
|
||||
for (i = 0; i < params.n; i++) {
|
||||
if (pk[params.n+i] != sk[params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
|
||||
if (pk[i] != sk[params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i);
|
||||
}
|
||||
printf("pk checked\n");
|
||||
|
||||
unsigned int idx_len = params.index_bytes;
|
||||
// check index
|
||||
unsigned long long idx = 0;
|
||||
for (i = 0; i < idx_len; i++) {
|
||||
idx |= ((unsigned long long)sk[i]) << 8*(idx_len - 1 - i);
|
||||
}
|
||||
|
||||
if (idx) printf("\nidx != 0: %llu\n",idx);
|
||||
|
||||
for (i = 0; i < SIGNATURES; i++) {
|
||||
randombytes(mi, MLEN);
|
||||
|
||||
printf("sign\n");
|
||||
xmssmt_core_sign(¶ms, sk, sm, &smlen, mi, MLEN);
|
||||
idx = 0;
|
||||
for (j = 0; j < idx_len; j++) {
|
||||
idx += ((unsigned long long)sm[j]) << 8*(idx_len - 1 - j);
|
||||
}
|
||||
printf("\nidx = %llu\n",idx);
|
||||
r = memcmp(mi, sm+signature_length,MLEN);
|
||||
printf("%d\n", r);
|
||||
|
||||
for (j = 0; j < smlen; j++) {
|
||||
printf("%02X", sm[j]);
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
/* Test valid signature */
|
||||
printf("verify\n");
|
||||
r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r);
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", r);
|
||||
printf("%llu\n", MLEN-mlen);
|
||||
|
||||
/* Test with modified message */
|
||||
sm[52] ^= 1;
|
||||
r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
|
||||
/* Test with modified signature */
|
||||
sm[260] ^= 1;
|
||||
sm[52] ^= 1;
|
||||
sm[2] ^= 1;
|
||||
r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk);
|
||||
printf("%d\n", r+1);
|
||||
r = memcmp(mi,mo,MLEN);
|
||||
printf("%d\n", (r!=0) - 1);
|
||||
printf("%llu\n", mlen+1);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
43
test/wots.c
Normal file
43
test/wots.c
Normal file
@ -0,0 +1,43 @@
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "../wots.h"
|
||||
#include "../randombytes.h"
|
||||
#include "../params.h"
|
||||
|
||||
int main()
|
||||
{
|
||||
xmss_params params;
|
||||
// TODO test more different OIDs
|
||||
uint32_t oid = 0x01000001;
|
||||
|
||||
/* For WOTS it doesn't matter if we use XMSS or XMSSMT. */
|
||||
xmss_parse_oid(¶ms, oid);
|
||||
|
||||
unsigned char seed[params.n];
|
||||
unsigned char pub_seed[params.n];
|
||||
unsigned char pk1[params.wots_sig_bytes];
|
||||
unsigned char pk2[params.wots_sig_bytes];
|
||||
unsigned char sig[params.wots_sig_bytes];
|
||||
unsigned char m[params.n];
|
||||
uint32_t addr[8] = {0};
|
||||
|
||||
randombytes(seed, params.n);
|
||||
randombytes(pub_seed, params.n);
|
||||
randombytes(m, params.n);
|
||||
randombytes((unsigned char *)addr, 8 * sizeof(uint32_t));
|
||||
|
||||
printf("Testing WOTS signature and PK derivation.. ");
|
||||
|
||||
wots_pkgen(¶ms, pk1, seed, pub_seed, addr);
|
||||
wots_sign(¶ms, sig, m, seed, pub_seed, addr);
|
||||
wots_pk_from_sig(¶ms, pk2, sig, m, pub_seed, addr);
|
||||
|
||||
if (memcmp(pk1, pk2, params.wots_sig_bytes)) {
|
||||
printf("failed!\n");
|
||||
return -1;
|
||||
}
|
||||
printf("successful.\n");
|
||||
return 0;
|
||||
}
|
||||
110
test/xmss.c
Normal file
110
test/xmss.c
Normal file
@ -0,0 +1,110 @@
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "../xmss.h"
|
||||
#include "../params.h"
|
||||
|
||||
#define MLEN 32
|
||||
#define SIGNATURES 16
|
||||
|
||||
#ifdef XMSSMT
|
||||
#define XMSS_PARSE_OID xmssmt_parse_oid
|
||||
#define XMSS_KEYPAIR xmssmt_keypair
|
||||
#define XMSS_SIGN xmssmt_sign
|
||||
#define XMSS_SIGN_OPEN xmssmt_sign_open
|
||||
#define XMSS_VARIANT "XMSSMT-SHA2_20/2_256"
|
||||
#else
|
||||
#define XMSS_PARSE_OID xmss_parse_oid
|
||||
#define XMSS_KEYPAIR xmss_keypair
|
||||
#define XMSS_SIGN xmss_sign
|
||||
#define XMSS_SIGN_OPEN xmss_sign_open
|
||||
#define XMSS_VARIANT "XMSS-SHA2_10_256"
|
||||
#endif
|
||||
|
||||
int main()
|
||||
{
|
||||
xmss_params params;
|
||||
// TODO test more different OIDs
|
||||
uint32_t oid = 0x01000001;
|
||||
int i, j;
|
||||
|
||||
XMSS_PARSE_OID(¶ms, oid);
|
||||
|
||||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes];
|
||||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes];
|
||||
unsigned char m[MLEN];
|
||||
unsigned char sm[params.sig_bytes + MLEN];
|
||||
unsigned char mout[params.sig_bytes + MLEN];
|
||||
unsigned long long smlen;
|
||||
unsigned long long mlen;
|
||||
|
||||
XMSS_KEYPAIR(pk, sk, oid);
|
||||
|
||||
printf("Testing %d %s signatures.. \n", SIGNATURES, XMSS_VARIANT);
|
||||
|
||||
for (i = 0; i < SIGNATURES; i++) {
|
||||
printf(" - iteration #%d:\n", i);
|
||||
|
||||
XMSS_SIGN(sk, sm, &smlen, m, MLEN);
|
||||
|
||||
if (smlen != params.sig_bytes + MLEN) {
|
||||
printf(" X smlen incorrect [%llu != %u]!.\n",
|
||||
smlen, params.sig_bytes);
|
||||
}
|
||||
else {
|
||||
printf(" smlen as expected [%llu].\n", smlen);
|
||||
}
|
||||
|
||||
/* Test if signature is valid. */
|
||||
if (XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
|
||||
printf(" X verification failed!\n");
|
||||
}
|
||||
else {
|
||||
printf(" verification succeeded.\n");
|
||||
}
|
||||
|
||||
/* Test if the correct message was recovered. */
|
||||
if (mlen != MLEN) {
|
||||
printf(" X mlen incorrect [%llu != %u]!.\n", mlen, MLEN);
|
||||
}
|
||||
else {
|
||||
printf(" mlen as expected [%llu].\n", mlen);
|
||||
}
|
||||
if (memcmp(m, mout, mlen)) {
|
||||
printf(" X output message incorrect!.\n");
|
||||
}
|
||||
else {
|
||||
printf(" output message as expected.\n");
|
||||
}
|
||||
|
||||
/* Test if flipping bits invalidates the signature (it should). */
|
||||
|
||||
/* Flip the first bit of the message. Should invalidate. */
|
||||
sm[smlen - 1] ^= 1;
|
||||
if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
|
||||
printf(" X flipping a bit of m DID NOT invalidate signature!\n");
|
||||
}
|
||||
else {
|
||||
printf(" flipping a bit of m invalidates signature.\n");
|
||||
}
|
||||
sm[smlen - 1] ^= 1;
|
||||
|
||||
/* Flip one bit per hash; the signature is almost entirely hashes.
|
||||
This also flips a bit in the index, which is also a useful test. */
|
||||
for (j = 0; j < (int)(smlen - MLEN); j += params.n) {
|
||||
sm[j] ^= 1;
|
||||
if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
|
||||
printf(" X flipping bit %d DID NOT invalidate sig + m!\n", j);
|
||||
sm[j] ^= 1;
|
||||
break;
|
||||
}
|
||||
sm[j] ^= 1;
|
||||
}
|
||||
if (j >= (int)(smlen - MLEN)) {
|
||||
printf(" changing any signature hash invalidates signature.\n");
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -12,7 +12,7 @@ int main()
|
||||
{
|
||||
xmss_params params;
|
||||
char *oidstr = "XMSS-SHA2_10_256";
|
||||
uint32_t oid = 0x01000001;
|
||||
uint32_t oid;
|
||||
unsigned int i;
|
||||
|
||||
fprintf(stderr, "Testing if XMSS-SHA2_10_256 signing is deterministic.. ");
|
||||
Loading…
Reference in New Issue
Block a user