From 5ce8fc402b92d8a9a4db5be4cf033fc2676e7686 Mon Sep 17 00:00:00 2001 From: Joost Rijneveld Date: Thu, 26 Oct 2017 15:50:33 +0200 Subject: [PATCH] Clean up tests --- .gitignore | 26 +--- Makefile | 62 +++++++-- test/gen_testvectors.c | 92 ------------- test/speed.c | 124 ----------------- test/test.sh | 6 - test/test_wots.c | 57 -------- test/test_xmss.c | 125 ------------------ test/test_xmss_core.c | 125 ------------------ test/test_xmssmt.c | 97 -------------- test/test_xmssmt_core.c | 97 -------------- test/wots.c | 43 ++++++ test/xmss.c | 110 +++++++++++++++ ...test_xmss_core_fast.c => xmss_core_fast.c} | 0 ...{test_determinism.c => xmss_determinism.c} | 2 +- ..._xmssmt_core_fast.c => xmssmt_core_fast.c} | 0 15 files changed, 207 insertions(+), 759 deletions(-) delete mode 100644 test/gen_testvectors.c delete mode 100644 test/speed.c delete mode 100755 test/test.sh delete mode 100644 test/test_wots.c delete mode 100644 test/test_xmss.c delete mode 100644 test/test_xmss_core.c delete mode 100644 test/test_xmssmt.c delete mode 100644 test/test_xmssmt_core.c create mode 100644 test/wots.c create mode 100644 test/xmss.c rename test/{test_xmss_core_fast.c => xmss_core_fast.c} (100%) rename test/{test_determinism.c => xmss_determinism.c} (97%) rename test/{test_xmssmt_core_fast.c => xmssmt_core_fast.c} (100%) diff --git a/.gitignore b/.gitignore index 9d350c0..e49ad9c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,22 +1,4 @@ -test/test_chacha -test/test_wots -test/test_horst -test/test_xmss -test/test_xmss_core -test/test_xmss_core_fast -test/test_xmssmt -test/test_xmssmt_core -test/test_xmssmt_core_fast -test/test_xmss_core_XMSS* -test/test_xmss_core_fast_XMSS* -test/test_xmssmt_core_XMSSMT* -test/test_xmssmt_core_fast_XMSSMT* -test/test_determinism -test/speed -test/gen_testvectors -ui/xmss_keypair -ui/xmss_open -ui/xmss_sign -ui/xmssmt_keypair -ui/xmssmt_open -ui/xmssmt_sign +test/* +!test/*.c +ui/* +!ui/*.c diff --git a/Makefile b/Makefile index eaa4342..2d96093 100644 --- a/Makefile +++ b/Makefile @@ -8,14 +8,16 @@ HEADERS = params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss.h x SOURCES_FAST = $(subst core,core_fast,$(SOURCES)) HEADERS_FAST = $(subst core,core_fast,$(HEADERS)) -TESTS = test/test_wots \ - test/test_xmss_core \ - test/test_xmss_core_fast \ - test/test_xmss \ - test/test_xmssmt_core_fast \ - test/test_xmssmt_core \ - test/test_xmssmt \ - test/test_determinism \ +TESTS = test/wots \ + test/xmss_determinism \ + test/xmss \ + test/xmssmt \ + test/xmss_core_fast \ + test/xmssmt_core_fast \ + +# These currently do not work, as xmss_core_fast does not match the xmss_core.h API +# test/xmss_fast \ +# test/xmssmt_fast \ UI = ui/xmss_keypair \ ui/xmss_sign \ @@ -24,18 +26,52 @@ UI = ui/xmss_keypair \ ui/xmssmt_sign \ ui/xmssmt_open \ -all: $(TESTS) $(UI) +# These currently do not work, as xmss_core_fast does not match the xmss_core.h API +# ui/xmss_keypair_fast \ +# ui/xmss_sign_fast \ +# ui/xmss_open_fast \ +# ui/xmssmt_keypair_fast \ +# ui/xmssmt_sign_fast \ +# ui/xmssmt_open_fast \ + +all: tests ui + +tests: $(TESTS) +ui: $(UI) + +test: $(TESTS:=.exec) + +.PHONY: clean test + +test/%.exec: test/% + @$< + +test/xmss_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) + $(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) + +test/xmss: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS) + $(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) + +test/xmssmt_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) + $(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) + +test/xmssmt: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS) + $(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) -.PHONY: clean +test/xmss_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) + $(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) -test/%_fast: test/%_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) +test/xmssmt_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) $(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) test/%: test/%.c $(SOURCES) $(OBJS) $(HEADERS) $(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) -test/test_wots: params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss_commons.h - $(CC) $(CFLAGS) params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c -o $@ -lcrypto +ui/xmss_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) + $(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) + +ui/xmssmt_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) + $(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) ui/xmss_%: ui/%.c $(SOURCES) $(OBJS) $(HEADERS) $(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) diff --git a/test/gen_testvectors.c b/test/gen_testvectors.c deleted file mode 100644 index 3b59df7..0000000 --- a/test/gen_testvectors.c +++ /dev/null @@ -1,92 +0,0 @@ -#include -#include -#include "../crypto_sign.h" - -#define MAXMBYTES 2048 - -typedef uint32_t uint32; - -static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ; -static uint32 in[12]; -static uint32 out[8]; -static int outleft = 0; - -#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) -#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); - -static void surf(void) -{ - uint32 t[12]; uint32 x; uint32 sum = 0; - int r; int i; int loop; - - for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; - for (i = 0;i < 8;++i) out[i] = seed[24 + i]; - x = t[11]; - for (loop = 0;loop < 2;++loop) { - for (r = 0;r < 16;++r) { - sum += 0x9e3779b9; - MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) - MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) - MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) - } - for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; - } -} - -void randombytes(unsigned char *x,unsigned long long xlen) -{ - while (xlen > 0) { - if (!outleft) { - if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; - surf(); - outleft = 8; - } - *x = out[--outleft]; - ++x; - --xlen; - } -} - - -unsigned char pk[CRYPTO_PUBLICKEYBYTES]; -unsigned char sk[CRYPTO_SECRETKEYBYTES]; -unsigned char m[MAXMBYTES]; -unsigned char sm[MAXMBYTES+CRYPTO_BYTES]; -//unsigned char mo[MAXMBYTES+CRYPTO_BYTES]; -unsigned long long smlen; -unsigned long long mlen; - -int main(void) -{ - int n,i,r; - for(n=0;n -#include -#include "../crypto_sign.h" -#include "../cpucycles.h" -#include "../randombytes.h" -#include "../horst.h" -#include "../wots.h" -#include "../hash.h" - - -#define MLEN 59 -#define REP 1 -#define NRUNS 100 - -static int ull_cmp(const void *a, const void *b) -{ - const unsigned long long *ia = (const unsigned long long *)a; - const unsigned long long *ib = (const unsigned long long *)b; - if (*ia > *ib) return 1; - if (*ia < *ib) return -1; - return 0; -} - -static const unsigned char seed[32] = { - 0x22, 0x26, 0xb5, 0x64, 0xbb, 0x78, 0xcc, 0xab, 0x4a, 0x4c, 0x0a, 0x64, 0xc2, 0x0b, 0x5d, 0x68, - 0x38, 0x74, 0x1a, 0xc0, 0x03, 0x17, 0xff, 0xd8, 0xe3, 0x53, 0xc8, 0x59, 0xc6, 0x23, 0x5b, 0xaa}; - - -int main() -{ - unsigned long long t[NRUNS]; - int i,j; - - printf("\n=== Benchmarks of signatures ===\n\n"); - unsigned char sk[CRYPTO_SECRETKEYBYTES]; - unsigned char pk[CRYPTO_PUBLICKEYBYTES]; - - unsigned char m[MLEN+CRYPTO_BYTES]; - unsigned char sm[MLEN+CRYPTO_BYTES]; - unsigned long long mlen; - unsigned long long smlen; - - unsigned char masks[2*HORST_LOGT*HASH_BYTES]; - randombytes(masks,N_MASKS*HASH_BYTES); - - unsigned char msg_seed[MSGHASH_BYTES]; - randombytes(msg_seed, MSGHASH_BYTES); - - //Benchmarking signature key generation - for(i=0;i -#include -#include "../wots.h" -#include "../randombytes.h" -#include "../params.h" - -static void hexdump(unsigned char *a, size_t len) -{ - size_t i; - for (i = 0; i < len; i++) - printf("%02x", a[i]); -} - -int main() -{ - xmss_params params; - // TODO test more different OIDs - uint32_t oid = 0x01000001; - xmssmt_parse_oid(¶ms, oid); - - unsigned char seed[params.n]; - unsigned char pub_seed[params.n]; - - int sig_len = params.wots_len*params.n; - - unsigned char pk1[sig_len]; - unsigned char pk2[sig_len]; - unsigned char sig[sig_len]; - uint32_t addr[8] = {1,2,3,4}; - - unsigned char msg[params.n]; - int i; - - randombytes(seed, params.n); - randombytes(pub_seed, params.n); - randombytes(msg, params.n); - //randombytes(addr, 16); - - wots_pkgen(¶ms, pk1, seed, pub_seed, addr); - wots_sign(¶ms, sig, msg, seed, pub_seed, addr); - wots_pk_from_sig(¶ms, pk2, sig, msg, pub_seed, addr); - - for (i = 0; i < sig_len; i++) - if (pk1[i] != pk2[i]) { - printf("pk1 != pk2 %d\n",i); - return -1; - } - printf("worked great!\npk1: "); - hexdump(pk1, sig_len); - printf("\npk2: "); - hexdump(pk2, sig_len); - printf("\nsig: "); - hexdump(sig, sig_len); - printf("\n"); - - return 0; -} diff --git a/test/test_xmss.c b/test/test_xmss.c deleted file mode 100644 index 1159824..0000000 --- a/test/test_xmss.c +++ /dev/null @@ -1,125 +0,0 @@ -#include -#include -#include - -#include "../xmss.h" -#include "../params.h" -#include "../randombytes.h" - -#define MLEN 3491 -#define SIGNATURES 5 - -unsigned char mi[MLEN]; -unsigned long long smlen; -unsigned long long mlen; - -int main() -{ - xmss_params params; - // TODO test more different OIDs - uint32_t oid = 0x01000001; - xmss_parse_oid(¶ms, oid); - - int r; - unsigned long long i, j; - unsigned long errors = 0; - - unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; - unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; - - unsigned char mo[MLEN+params.sig_bytes]; - unsigned char sm[MLEN+params.sig_bytes]; - - printf("keypair\n"); - xmss_keypair(pk, sk, oid); - // check pub_seed in SK - for (i = 0; i < params.n; i++) { - if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); - } - - // check index - unsigned long idx = ((unsigned long)sk[4] << 24) | ((unsigned long)sk[5] << 16) | ((unsigned long)sk[6] << 8) | sk[7]; - if (idx) printf("\nidx != 0 %lu\n",idx); - - for (i = 0; i < SIGNATURES; i++) { - randombytes(mi, MLEN); - - printf("sign\n"); - xmss_sign(sk, sm, &smlen, mi, MLEN); - idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3]; - printf("\nidx = %lu\n",idx); - - for (j = 0; j < smlen; j++) { - printf("%02X", sm[j]); - } - printf("\n"); - - r = memcmp(mi, sm+params.sig_bytes,MLEN); - printf("%d\n", r); - - /* Test valid signature */ - printf("verify\n"); - r = xmss_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r); - if (r != 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", r); - printf("%llu\n", MLEN-mlen); - - /* Test with modified message */ - sm[params.sig_bytes+10] ^= 1; - r = xmss_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Test with modified signature */ - /* Modified index */ - sm[params.sig_bytes+10] ^= 1; - sm[2] ^= 1; - r = xmss_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Modified R */ - sm[2] ^= 1; - sm[5] ^= 1; - r = xmss_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Modified OTS sig */ - sm[5] ^= 1; - sm[240] ^= 1; - r = xmss_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Modified AUTH */ - sm[240] ^= 1; - sm[params.sig_bytes - 10] ^= 1; - r = xmss_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - } - - printf("#errors = %lu\n", errors); - return 0; -} - - diff --git a/test/test_xmss_core.c b/test/test_xmss_core.c deleted file mode 100644 index f5c211d..0000000 --- a/test/test_xmss_core.c +++ /dev/null @@ -1,125 +0,0 @@ -#include -#include - -#include "../xmss_core.h" -#include "../params.h" -#include "../randombytes.h" - -#define MLEN 3491 -#define SIGNATURES 5 - -unsigned char mi[MLEN]; -unsigned long long smlen; -unsigned long long mlen; - -int main() -{ - xmss_params params; - // TODO test more different OIDs - uint32_t oid = 0x01000001; - xmss_parse_oid(¶ms, oid); - - int r; - unsigned long long i, j; - unsigned long errors = 0; - - unsigned char sk[4*params.n+4]; - unsigned char pk[2*params.n]; - - unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n; - unsigned char mo[MLEN+signature_length]; - unsigned char sm[MLEN+signature_length]; - - printf("keypair\n"); - xmss_core_keypair(¶ms, pk, sk); - // check pub_seed in SK - for (i = 0; i < params.n; i++) { - if (pk[params.n+i] != sk[4+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[i] != sk[4+3*params.n+i]) printf("pk.root != sk.root %llu",i); - } - - // check index - unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3]; - if (idx) printf("\nidx != 0 %lu\n",idx); - - for (i = 0; i < SIGNATURES; i++) { - randombytes(mi, MLEN); - - printf("sign\n"); - xmss_core_sign(¶ms, sk, sm, &smlen, mi, MLEN); - idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3]; - printf("\nidx = %lu\n",idx); - - for (j = 0; j < smlen; j++) { - printf("%02X", sm[j]); - } - printf("\n"); - - r = memcmp(mi, sm+signature_length,MLEN); - printf("%d\n", r); - - /* Test valid signature */ - printf("verify\n"); - r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r); - if (r != 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", r); - printf("%llu\n", MLEN-mlen); - - /* Test with modified message */ - sm[signature_length+10] ^= 1; - r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Test with modified signature */ - /* Modified index */ - sm[signature_length+10] ^= 1; - sm[2] ^= 1; - r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Modified R */ - sm[2] ^= 1; - sm[5] ^= 1; - r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Modified OTS sig */ - sm[5] ^= 1; - sm[240] ^= 1; - r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Modified AUTH */ - sm[240] ^= 1; - sm[signature_length - 10] ^= 1; - r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - if (r == 0) errors++; - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - } - - printf("#errors = %lu\n", errors); - return 0; -} - - diff --git a/test/test_xmssmt.c b/test/test_xmssmt.c deleted file mode 100644 index cc677b4..0000000 --- a/test/test_xmssmt.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include -#include - -#include "../xmss.h" -#include "../params.h" -#include "../randombytes.h" - -#define MLEN 3491 -#define SIGNATURES 5 - -unsigned char mi[MLEN]; -unsigned long long smlen; -unsigned long long mlen; - -int main() -{ - xmss_params params; - // TODO test more different OIDs - uint32_t oid = 0x01000001; - xmssmt_parse_oid(¶ms, oid); - - int r; - unsigned long long i,j; - - unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; - unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; - - unsigned char mo[MLEN+params.sig_bytes]; - unsigned char sm[MLEN+params.sig_bytes]; - - printf("keypair\n"); - xmssmt_keypair(pk, sk, oid); - // check pub_seed in SK - for (i = 0; i < params.n; i++) { - if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); - } - - printf("pk checked\n"); - - // check index - unsigned long long idx = 0; - for (i = 0; i < params.index_bytes; i++) { - idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_bytes - 1 - i); - } - - if (idx) printf("\nidx != 0: %llu\n",idx); - - for (i = 0; i < SIGNATURES; i++) { - randombytes(mi, MLEN); - - printf("sign\n"); - xmssmt_sign(sk, sm, &smlen, mi, MLEN); - idx = 0; - for (j = 0; j < params.index_bytes; j++) { - idx += ((unsigned long long)sm[j]) << 8*(params.index_bytes - 1 - j); - } - printf("\nidx = %llu\n",idx); - r = memcmp(mi, sm+params.sig_bytes,MLEN); - printf("%d\n", r); - - for (j = 0; j < smlen; j++) { - printf("%02X", sm[j]); - } - printf("\n"); - - /* Test valid signature */ - printf("verify\n"); - r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r); - r = memcmp(mi,mo,MLEN); - printf("%d\n", r); - printf("%llu\n", MLEN-mlen); - - /* Test with modified message */ - sm[52] ^= 1; - r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Test with modified signature */ - sm[260] ^= 1; - sm[52] ^= 1; - sm[2] ^= 1; - r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - } - return 0; -} - - diff --git a/test/test_xmssmt_core.c b/test/test_xmssmt_core.c deleted file mode 100644 index 9f32cfc..0000000 --- a/test/test_xmssmt_core.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include - -#include "../xmss_core.h" -#include "../params.h" -#include "../randombytes.h" - -#define MLEN 3491 -#define SIGNATURES 5 - -unsigned char mi[MLEN]; -unsigned long long smlen; -unsigned long long mlen; - -int main() -{ - xmss_params params; - // TODO test more different OIDs - uint32_t oid = 0x01000001; - xmssmt_parse_oid(¶ms, oid); - - int r; - unsigned long long i,j; - - unsigned char sk[(params.index_bytes+4*params.n)]; - unsigned char pk[2*params.n]; - - unsigned long long signature_length = params.index_bytes + params.n + (params.d*params.wots_sig_bytes) + params.full_height*params.n; - unsigned char mo[MLEN+signature_length]; - unsigned char sm[MLEN+signature_length]; - - printf("keypair\n"); - xmssmt_core_keypair(¶ms, pk, sk); - // check pub_seed in SK - for (i = 0; i < params.n; i++) { - if (pk[params.n+i] != sk[params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); - if (pk[i] != sk[params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); - } - printf("pk checked\n"); - - unsigned int idx_len = params.index_bytes; - // check index - unsigned long long idx = 0; - for (i = 0; i < idx_len; i++) { - idx |= ((unsigned long long)sk[i]) << 8*(idx_len - 1 - i); - } - - if (idx) printf("\nidx != 0: %llu\n",idx); - - for (i = 0; i < SIGNATURES; i++) { - randombytes(mi, MLEN); - - printf("sign\n"); - xmssmt_core_sign(¶ms, sk, sm, &smlen, mi, MLEN); - idx = 0; - for (j = 0; j < idx_len; j++) { - idx += ((unsigned long long)sm[j]) << 8*(idx_len - 1 - j); - } - printf("\nidx = %llu\n",idx); - r = memcmp(mi, sm+signature_length,MLEN); - printf("%d\n", r); - - for (j = 0; j < smlen; j++) { - printf("%02X", sm[j]); - } - printf("\n"); - - /* Test valid signature */ - printf("verify\n"); - r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r); - r = memcmp(mi,mo,MLEN); - printf("%d\n", r); - printf("%llu\n", MLEN-mlen); - - /* Test with modified message */ - sm[52] ^= 1; - r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - - /* Test with modified signature */ - sm[260] ^= 1; - sm[52] ^= 1; - sm[2] ^= 1; - r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); - printf("%d\n", r+1); - r = memcmp(mi,mo,MLEN); - printf("%d\n", (r!=0) - 1); - printf("%llu\n", mlen+1); - } - return 0; -} - - diff --git a/test/wots.c b/test/wots.c new file mode 100644 index 0000000..6fa8ff5 --- /dev/null +++ b/test/wots.c @@ -0,0 +1,43 @@ +#include +#include +#include + +#include "../wots.h" +#include "../randombytes.h" +#include "../params.h" + +int main() +{ + xmss_params params; + // TODO test more different OIDs + uint32_t oid = 0x01000001; + + /* For WOTS it doesn't matter if we use XMSS or XMSSMT. */ + xmss_parse_oid(¶ms, oid); + + unsigned char seed[params.n]; + unsigned char pub_seed[params.n]; + unsigned char pk1[params.wots_sig_bytes]; + unsigned char pk2[params.wots_sig_bytes]; + unsigned char sig[params.wots_sig_bytes]; + unsigned char m[params.n]; + uint32_t addr[8] = {0}; + + randombytes(seed, params.n); + randombytes(pub_seed, params.n); + randombytes(m, params.n); + randombytes((unsigned char *)addr, 8 * sizeof(uint32_t)); + + printf("Testing WOTS signature and PK derivation.. "); + + wots_pkgen(¶ms, pk1, seed, pub_seed, addr); + wots_sign(¶ms, sig, m, seed, pub_seed, addr); + wots_pk_from_sig(¶ms, pk2, sig, m, pub_seed, addr); + + if (memcmp(pk1, pk2, params.wots_sig_bytes)) { + printf("failed!\n"); + return -1; + } + printf("successful.\n"); + return 0; +} diff --git a/test/xmss.c b/test/xmss.c new file mode 100644 index 0000000..66bd196 --- /dev/null +++ b/test/xmss.c @@ -0,0 +1,110 @@ +#include +#include +#include + +#include "../xmss.h" +#include "../params.h" + +#define MLEN 32 +#define SIGNATURES 16 + +#ifdef XMSSMT + #define XMSS_PARSE_OID xmssmt_parse_oid + #define XMSS_KEYPAIR xmssmt_keypair + #define XMSS_SIGN xmssmt_sign + #define XMSS_SIGN_OPEN xmssmt_sign_open + #define XMSS_VARIANT "XMSSMT-SHA2_20/2_256" +#else + #define XMSS_PARSE_OID xmss_parse_oid + #define XMSS_KEYPAIR xmss_keypair + #define XMSS_SIGN xmss_sign + #define XMSS_SIGN_OPEN xmss_sign_open + #define XMSS_VARIANT "XMSS-SHA2_10_256" +#endif + +int main() +{ + xmss_params params; + // TODO test more different OIDs + uint32_t oid = 0x01000001; + int i, j; + + XMSS_PARSE_OID(¶ms, oid); + + unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; + unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; + unsigned char m[MLEN]; + unsigned char sm[params.sig_bytes + MLEN]; + unsigned char mout[params.sig_bytes + MLEN]; + unsigned long long smlen; + unsigned long long mlen; + + XMSS_KEYPAIR(pk, sk, oid); + + printf("Testing %d %s signatures.. \n", SIGNATURES, XMSS_VARIANT); + + for (i = 0; i < SIGNATURES; i++) { + printf(" - iteration #%d:\n", i); + + XMSS_SIGN(sk, sm, &smlen, m, MLEN); + + if (smlen != params.sig_bytes + MLEN) { + printf(" X smlen incorrect [%llu != %u]!.\n", + smlen, params.sig_bytes); + } + else { + printf(" smlen as expected [%llu].\n", smlen); + } + + /* Test if signature is valid. */ + if (XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) { + printf(" X verification failed!\n"); + } + else { + printf(" verification succeeded.\n"); + } + + /* Test if the correct message was recovered. */ + if (mlen != MLEN) { + printf(" X mlen incorrect [%llu != %u]!.\n", mlen, MLEN); + } + else { + printf(" mlen as expected [%llu].\n", mlen); + } + if (memcmp(m, mout, mlen)) { + printf(" X output message incorrect!.\n"); + } + else { + printf(" output message as expected.\n"); + } + + /* Test if flipping bits invalidates the signature (it should). */ + + /* Flip the first bit of the message. Should invalidate. */ + sm[smlen - 1] ^= 1; + if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) { + printf(" X flipping a bit of m DID NOT invalidate signature!\n"); + } + else { + printf(" flipping a bit of m invalidates signature.\n"); + } + sm[smlen - 1] ^= 1; + + /* Flip one bit per hash; the signature is almost entirely hashes. + This also flips a bit in the index, which is also a useful test. */ + for (j = 0; j < (int)(smlen - MLEN); j += params.n) { + sm[j] ^= 1; + if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) { + printf(" X flipping bit %d DID NOT invalidate sig + m!\n", j); + sm[j] ^= 1; + break; + } + sm[j] ^= 1; + } + if (j >= (int)(smlen - MLEN)) { + printf(" changing any signature hash invalidates signature.\n"); + } + } + + return 0; +} diff --git a/test/test_xmss_core_fast.c b/test/xmss_core_fast.c similarity index 100% rename from test/test_xmss_core_fast.c rename to test/xmss_core_fast.c diff --git a/test/test_determinism.c b/test/xmss_determinism.c similarity index 97% rename from test/test_determinism.c rename to test/xmss_determinism.c index c772c8d..49629f8 100644 --- a/test/test_determinism.c +++ b/test/xmss_determinism.c @@ -12,7 +12,7 @@ int main() { xmss_params params; char *oidstr = "XMSS-SHA2_10_256"; - uint32_t oid = 0x01000001; + uint32_t oid; unsigned int i; fprintf(stderr, "Testing if XMSS-SHA2_10_256 signing is deterministic.. "); diff --git a/test/test_xmssmt_core_fast.c b/test/xmssmt_core_fast.c similarity index 100% rename from test/test_xmssmt_core_fast.c rename to test/xmssmt_core_fast.c