@@ -1,22 +1,4 @@ | |||
test/test_chacha | |||
test/test_wots | |||
test/test_horst | |||
test/test_xmss | |||
test/test_xmss_core | |||
test/test_xmss_core_fast | |||
test/test_xmssmt | |||
test/test_xmssmt_core | |||
test/test_xmssmt_core_fast | |||
test/test_xmss_core_XMSS* | |||
test/test_xmss_core_fast_XMSS* | |||
test/test_xmssmt_core_XMSSMT* | |||
test/test_xmssmt_core_fast_XMSSMT* | |||
test/test_determinism | |||
test/speed | |||
test/gen_testvectors | |||
ui/xmss_keypair | |||
ui/xmss_open | |||
ui/xmss_sign | |||
ui/xmssmt_keypair | |||
ui/xmssmt_open | |||
ui/xmssmt_sign | |||
test/* | |||
!test/*.c | |||
ui/* | |||
!ui/*.c |
@@ -8,14 +8,16 @@ HEADERS = params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss.h x | |||
SOURCES_FAST = $(subst core,core_fast,$(SOURCES)) | |||
HEADERS_FAST = $(subst core,core_fast,$(HEADERS)) | |||
TESTS = test/test_wots \ | |||
test/test_xmss_core \ | |||
test/test_xmss_core_fast \ | |||
test/test_xmss \ | |||
test/test_xmssmt_core_fast \ | |||
test/test_xmssmt_core \ | |||
test/test_xmssmt \ | |||
test/test_determinism \ | |||
TESTS = test/wots \ | |||
test/xmss_determinism \ | |||
test/xmss \ | |||
test/xmssmt \ | |||
test/xmss_core_fast \ | |||
test/xmssmt_core_fast \ | |||
# These currently do not work, as xmss_core_fast does not match the xmss_core.h API | |||
# test/xmss_fast \ | |||
# test/xmssmt_fast \ | |||
UI = ui/xmss_keypair \ | |||
ui/xmss_sign \ | |||
@@ -24,18 +26,52 @@ UI = ui/xmss_keypair \ | |||
ui/xmssmt_sign \ | |||
ui/xmssmt_open \ | |||
all: $(TESTS) $(UI) | |||
# These currently do not work, as xmss_core_fast does not match the xmss_core.h API | |||
# ui/xmss_keypair_fast \ | |||
# ui/xmss_sign_fast \ | |||
# ui/xmss_open_fast \ | |||
# ui/xmssmt_keypair_fast \ | |||
# ui/xmssmt_sign_fast \ | |||
# ui/xmssmt_open_fast \ | |||
all: tests ui | |||
tests: $(TESTS) | |||
ui: $(UI) | |||
test: $(TESTS:=.exec) | |||
.PHONY: clean test | |||
test/%.exec: test/% | |||
@$< | |||
test/xmss_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) | |||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) | |||
test/xmss: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS) | |||
$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) | |||
test/xmssmt_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) | |||
$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) | |||
test/xmssmt: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS) | |||
$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) | |||
.PHONY: clean | |||
test/xmss_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) | |||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) | |||
test/%_fast: test/%_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) | |||
test/xmssmt_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) | |||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) | |||
test/%: test/%.c $(SOURCES) $(OBJS) $(HEADERS) | |||
$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) | |||
test/test_wots: params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss_commons.h | |||
$(CC) $(CFLAGS) params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c -o $@ -lcrypto | |||
ui/xmss_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) | |||
$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) | |||
ui/xmssmt_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST) | |||
$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS) | |||
ui/xmss_%: ui/%.c $(SOURCES) $(OBJS) $(HEADERS) | |||
$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) | |||
@@ -1,92 +0,0 @@ | |||
#include <stdint.h> | |||
#include <stdio.h> | |||
#include "../crypto_sign.h" | |||
#define MAXMBYTES 2048 | |||
typedef uint32_t uint32; | |||
static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ; | |||
static uint32 in[12]; | |||
static uint32 out[8]; | |||
static int outleft = 0; | |||
#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b)))) | |||
#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b)); | |||
static void surf(void) | |||
{ | |||
uint32 t[12]; uint32 x; uint32 sum = 0; | |||
int r; int i; int loop; | |||
for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i]; | |||
for (i = 0;i < 8;++i) out[i] = seed[24 + i]; | |||
x = t[11]; | |||
for (loop = 0;loop < 2;++loop) { | |||
for (r = 0;r < 16;++r) { | |||
sum += 0x9e3779b9; | |||
MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13) | |||
MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13) | |||
MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13) | |||
} | |||
for (i = 0;i < 8;++i) out[i] ^= t[i + 4]; | |||
} | |||
} | |||
void randombytes(unsigned char *x,unsigned long long xlen) | |||
{ | |||
while (xlen > 0) { | |||
if (!outleft) { | |||
if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3]; | |||
surf(); | |||
outleft = 8; | |||
} | |||
*x = out[--outleft]; | |||
++x; | |||
--xlen; | |||
} | |||
} | |||
unsigned char pk[CRYPTO_PUBLICKEYBYTES]; | |||
unsigned char sk[CRYPTO_SECRETKEYBYTES]; | |||
unsigned char m[MAXMBYTES]; | |||
unsigned char sm[MAXMBYTES+CRYPTO_BYTES]; | |||
//unsigned char mo[MAXMBYTES+CRYPTO_BYTES]; | |||
unsigned long long smlen; | |||
unsigned long long mlen; | |||
int main(void) | |||
{ | |||
int n,i,r; | |||
for(n=0;n<MAXMBYTES;n++) | |||
{ | |||
crypto_sign_keypair(pk,sk); | |||
randombytes(m,n); | |||
crypto_sign(sm, &smlen, m, n, sk); | |||
for(i=0;i<smlen;i++) | |||
printf("%02x",sm[i]); | |||
printf("\n"); | |||
r = crypto_sign_open(sm, &mlen, sm, smlen, pk); | |||
if(r) | |||
{ | |||
printf("signature verification fails\n"); | |||
return -1; | |||
} | |||
if(mlen != n) | |||
{ | |||
printf("signature verification produces wrong message length\n"); | |||
return -1; | |||
} | |||
for(i=0;i<n;i++) | |||
{ | |||
if(sm[i] != m[i]) | |||
{ | |||
printf("signature verification does not recover message\n"); | |||
return -1; | |||
} | |||
} | |||
} | |||
return 0; | |||
} |
@@ -1,124 +0,0 @@ | |||
#include <stdio.h> | |||
#include <stdlib.h> | |||
#include "../crypto_sign.h" | |||
#include "../cpucycles.h" | |||
#include "../randombytes.h" | |||
#include "../horst.h" | |||
#include "../wots.h" | |||
#include "../hash.h" | |||
#define MLEN 59 | |||
#define REP 1 | |||
#define NRUNS 100 | |||
static int ull_cmp(const void *a, const void *b) | |||
{ | |||
const unsigned long long *ia = (const unsigned long long *)a; | |||
const unsigned long long *ib = (const unsigned long long *)b; | |||
if (*ia > *ib) return 1; | |||
if (*ia < *ib) return -1; | |||
return 0; | |||
} | |||
static const unsigned char seed[32] = { | |||
0x22, 0x26, 0xb5, 0x64, 0xbb, 0x78, 0xcc, 0xab, 0x4a, 0x4c, 0x0a, 0x64, 0xc2, 0x0b, 0x5d, 0x68, | |||
0x38, 0x74, 0x1a, 0xc0, 0x03, 0x17, 0xff, 0xd8, 0xe3, 0x53, 0xc8, 0x59, 0xc6, 0x23, 0x5b, 0xaa}; | |||
int main() | |||
{ | |||
unsigned long long t[NRUNS]; | |||
int i,j; | |||
printf("\n=== Benchmarks of signatures ===\n\n"); | |||
unsigned char sk[CRYPTO_SECRETKEYBYTES]; | |||
unsigned char pk[CRYPTO_PUBLICKEYBYTES]; | |||
unsigned char m[MLEN+CRYPTO_BYTES]; | |||
unsigned char sm[MLEN+CRYPTO_BYTES]; | |||
unsigned long long mlen; | |||
unsigned long long smlen; | |||
unsigned char masks[2*HORST_LOGT*HASH_BYTES]; | |||
randombytes(masks,N_MASKS*HASH_BYTES); | |||
unsigned char msg_seed[MSGHASH_BYTES]; | |||
randombytes(msg_seed, MSGHASH_BYTES); | |||
//Benchmarking signature key generation | |||
for(i=0;i<NRUNS;i++) | |||
{ | |||
t[i] = cpucycles(); | |||
for(j=0;j<REP;j++) | |||
crypto_sign_keypair(pk, sk); | |||
} | |||
for(i=0;i<NRUNS-1;i++) | |||
t[i] = (t[i+1] - t[i]); | |||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp); | |||
printf("keypair: %13.3lf\n", (double)t[NRUNS/2-1]/REP); | |||
//Benchmarking signature generation | |||
for(i=0;i<NRUNS;i++) | |||
{ | |||
t[i] = cpucycles(); | |||
for(j=0;j<REP;j++) | |||
crypto_sign(sm, &smlen, m, MLEN, sk); | |||
} | |||
for(i=0;i<NRUNS-1;i++) | |||
t[i] = (t[i+1] - t[i]); | |||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp); | |||
printf("sign: %13.3lf\n", (double)t[NRUNS/2-1]/REP); | |||
//Benchmarking signature verification | |||
for(i=0;i<NRUNS;i++) | |||
{ | |||
t[i] = cpucycles(); | |||
for(j=0;j<REP;j++) | |||
crypto_sign_open(m, &mlen, sm, smlen, pk); | |||
} | |||
for(i=0;i<NRUNS-1;i++) | |||
t[i] = (t[i+1] - t[i]); | |||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp); | |||
printf("sign_open: %13.3lf\n", (double)t[NRUNS/2-1]/REP); | |||
//Benchmarking WOTS pkgen | |||
for(i=0;i<NRUNS;i++) | |||
{ | |||
t[i] = cpucycles(); | |||
for(j=0;j<REP;j++) | |||
wots_pkgen(sm, seed, masks); | |||
} | |||
for(i=0;i<NRUNS-1;i++) | |||
t[i] = (t[i+1] - t[i]); | |||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp); | |||
printf("wots_pkgen: %13.3lf\n", (double)t[NRUNS/2-1]/REP); | |||
printf("416*wots_pkgen: %13.3lf\n", 416*(double)t[NRUNS/2-1]/REP); | |||
//Benchmarking HORSt signing | |||
for(i=0;i<NRUNS;i++) | |||
{ | |||
t[i] = cpucycles(); | |||
for(j=0;j<REP;j++) | |||
horst_sign(sm, pk, &smlen, m, MLEN, seed, masks, msg_seed); | |||
} | |||
for(i=0;i<NRUNS-1;i++) | |||
t[i] = (t[i+1] - t[i]); | |||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp); | |||
printf("horst_sign: %13.3lf\n", (double)t[NRUNS/2-1]/REP); | |||
//Benchmarking hash_2n_n | |||
for(i=0;i<NRUNS;i++) | |||
{ | |||
t[i] = cpucycles(); | |||
for(j=0;j<REP;j++) | |||
hash_2n_n(sm, sm); | |||
} | |||
for(i=0;i<NRUNS-1;i++) | |||
t[i] = (t[i+1] - t[i]); | |||
qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp); | |||
printf("hash_2n_n: %13.3lf\n", (double)t[NRUNS/2-1]/REP); | |||
return 0; | |||
} |
@@ -1,6 +0,0 @@ | |||
#!/bin/bash | |||
DIR=$(dirname $0) | |||
#for i in `ls $DIR/test* | grep -v \.c$ | grep -v \.sh$`;do ($i || echo 666) | bc | grep -v ^0$;done | |||
for i in `ls $DIR/test* | grep -v \.c$ | grep -v \.sh$`;do ($i || echo 666) ;done | |||
exit 0 |
@@ -1,57 +0,0 @@ | |||
#include <stdio.h> | |||
#include <stdint.h> | |||
#include "../wots.h" | |||
#include "../randombytes.h" | |||
#include "../params.h" | |||
static void hexdump(unsigned char *a, size_t len) | |||
{ | |||
size_t i; | |||
for (i = 0; i < len; i++) | |||
printf("%02x", a[i]); | |||
} | |||
int main() | |||
{ | |||
xmss_params params; | |||
// TODO test more different OIDs | |||
uint32_t oid = 0x01000001; | |||
xmssmt_parse_oid(¶ms, oid); | |||
unsigned char seed[params.n]; | |||
unsigned char pub_seed[params.n]; | |||
int sig_len = params.wots_len*params.n; | |||
unsigned char pk1[sig_len]; | |||
unsigned char pk2[sig_len]; | |||
unsigned char sig[sig_len]; | |||
uint32_t addr[8] = {1,2,3,4}; | |||
unsigned char msg[params.n]; | |||
int i; | |||
randombytes(seed, params.n); | |||
randombytes(pub_seed, params.n); | |||
randombytes(msg, params.n); | |||
//randombytes(addr, 16); | |||
wots_pkgen(¶ms, pk1, seed, pub_seed, addr); | |||
wots_sign(¶ms, sig, msg, seed, pub_seed, addr); | |||
wots_pk_from_sig(¶ms, pk2, sig, msg, pub_seed, addr); | |||
for (i = 0; i < sig_len; i++) | |||
if (pk1[i] != pk2[i]) { | |||
printf("pk1 != pk2 %d\n",i); | |||
return -1; | |||
} | |||
printf("worked great!\npk1: "); | |||
hexdump(pk1, sig_len); | |||
printf("\npk2: "); | |||
hexdump(pk2, sig_len); | |||
printf("\nsig: "); | |||
hexdump(sig, sig_len); | |||
printf("\n"); | |||
return 0; | |||
} |
@@ -1,125 +0,0 @@ | |||
#include <stdio.h> | |||
#include <string.h> | |||
#include <stdint.h> | |||
#include "../xmss.h" | |||
#include "../params.h" | |||
#include "../randombytes.h" | |||
#define MLEN 3491 | |||
#define SIGNATURES 5 | |||
unsigned char mi[MLEN]; | |||
unsigned long long smlen; | |||
unsigned long long mlen; | |||
int main() | |||
{ | |||
xmss_params params; | |||
// TODO test more different OIDs | |||
uint32_t oid = 0x01000001; | |||
xmss_parse_oid(¶ms, oid); | |||
int r; | |||
unsigned long long i, j; | |||
unsigned long errors = 0; | |||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||
unsigned char mo[MLEN+params.sig_bytes]; | |||
unsigned char sm[MLEN+params.sig_bytes]; | |||
printf("keypair\n"); | |||
xmss_keypair(pk, sk, oid); | |||
// check pub_seed in SK | |||
for (i = 0; i < params.n; i++) { | |||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||
} | |||
// check index | |||
unsigned long idx = ((unsigned long)sk[4] << 24) | ((unsigned long)sk[5] << 16) | ((unsigned long)sk[6] << 8) | sk[7]; | |||
if (idx) printf("\nidx != 0 %lu\n",idx); | |||
for (i = 0; i < SIGNATURES; i++) { | |||
randombytes(mi, MLEN); | |||
printf("sign\n"); | |||
xmss_sign(sk, sm, &smlen, mi, MLEN); | |||
idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3]; | |||
printf("\nidx = %lu\n",idx); | |||
for (j = 0; j < smlen; j++) { | |||
printf("%02X", sm[j]); | |||
} | |||
printf("\n"); | |||
r = memcmp(mi, sm+params.sig_bytes,MLEN); | |||
printf("%d\n", r); | |||
/* Test valid signature */ | |||
printf("verify\n"); | |||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r); | |||
if (r != 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", r); | |||
printf("%llu\n", MLEN-mlen); | |||
/* Test with modified message */ | |||
sm[params.sig_bytes+10] ^= 1; | |||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Test with modified signature */ | |||
/* Modified index */ | |||
sm[params.sig_bytes+10] ^= 1; | |||
sm[2] ^= 1; | |||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Modified R */ | |||
sm[2] ^= 1; | |||
sm[5] ^= 1; | |||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Modified OTS sig */ | |||
sm[5] ^= 1; | |||
sm[240] ^= 1; | |||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Modified AUTH */ | |||
sm[240] ^= 1; | |||
sm[params.sig_bytes - 10] ^= 1; | |||
r = xmss_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
} | |||
printf("#errors = %lu\n", errors); | |||
return 0; | |||
} | |||
@@ -1,125 +0,0 @@ | |||
#include <stdio.h> | |||
#include <string.h> | |||
#include "../xmss_core.h" | |||
#include "../params.h" | |||
#include "../randombytes.h" | |||
#define MLEN 3491 | |||
#define SIGNATURES 5 | |||
unsigned char mi[MLEN]; | |||
unsigned long long smlen; | |||
unsigned long long mlen; | |||
int main() | |||
{ | |||
xmss_params params; | |||
// TODO test more different OIDs | |||
uint32_t oid = 0x01000001; | |||
xmss_parse_oid(¶ms, oid); | |||
int r; | |||
unsigned long long i, j; | |||
unsigned long errors = 0; | |||
unsigned char sk[4*params.n+4]; | |||
unsigned char pk[2*params.n]; | |||
unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n; | |||
unsigned char mo[MLEN+signature_length]; | |||
unsigned char sm[MLEN+signature_length]; | |||
printf("keypair\n"); | |||
xmss_core_keypair(¶ms, pk, sk); | |||
// check pub_seed in SK | |||
for (i = 0; i < params.n; i++) { | |||
if (pk[params.n+i] != sk[4+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||
if (pk[i] != sk[4+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||
} | |||
// check index | |||
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3]; | |||
if (idx) printf("\nidx != 0 %lu\n",idx); | |||
for (i = 0; i < SIGNATURES; i++) { | |||
randombytes(mi, MLEN); | |||
printf("sign\n"); | |||
xmss_core_sign(¶ms, sk, sm, &smlen, mi, MLEN); | |||
idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3]; | |||
printf("\nidx = %lu\n",idx); | |||
for (j = 0; j < smlen; j++) { | |||
printf("%02X", sm[j]); | |||
} | |||
printf("\n"); | |||
r = memcmp(mi, sm+signature_length,MLEN); | |||
printf("%d\n", r); | |||
/* Test valid signature */ | |||
printf("verify\n"); | |||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r); | |||
if (r != 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", r); | |||
printf("%llu\n", MLEN-mlen); | |||
/* Test with modified message */ | |||
sm[signature_length+10] ^= 1; | |||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Test with modified signature */ | |||
/* Modified index */ | |||
sm[signature_length+10] ^= 1; | |||
sm[2] ^= 1; | |||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Modified R */ | |||
sm[2] ^= 1; | |||
sm[5] ^= 1; | |||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Modified OTS sig */ | |||
sm[5] ^= 1; | |||
sm[240] ^= 1; | |||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Modified AUTH */ | |||
sm[240] ^= 1; | |||
sm[signature_length - 10] ^= 1; | |||
r = xmss_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
if (r == 0) errors++; | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
} | |||
printf("#errors = %lu\n", errors); | |||
return 0; | |||
} | |||
@@ -1,97 +0,0 @@ | |||
#include <stdio.h> | |||
#include <string.h> | |||
#include <stdint.h> | |||
#include "../xmss.h" | |||
#include "../params.h" | |||
#include "../randombytes.h" | |||
#define MLEN 3491 | |||
#define SIGNATURES 5 | |||
unsigned char mi[MLEN]; | |||
unsigned long long smlen; | |||
unsigned long long mlen; | |||
int main() | |||
{ | |||
xmss_params params; | |||
// TODO test more different OIDs | |||
uint32_t oid = 0x01000001; | |||
xmssmt_parse_oid(¶ms, oid); | |||
int r; | |||
unsigned long long i,j; | |||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||
unsigned char mo[MLEN+params.sig_bytes]; | |||
unsigned char sm[MLEN+params.sig_bytes]; | |||
printf("keypair\n"); | |||
xmssmt_keypair(pk, sk, oid); | |||
// check pub_seed in SK | |||
for (i = 0; i < params.n; i++) { | |||
if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||
if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||
} | |||
printf("pk checked\n"); | |||
// check index | |||
unsigned long long idx = 0; | |||
for (i = 0; i < params.index_bytes; i++) { | |||
idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_bytes - 1 - i); | |||
} | |||
if (idx) printf("\nidx != 0: %llu\n",idx); | |||
for (i = 0; i < SIGNATURES; i++) { | |||
randombytes(mi, MLEN); | |||
printf("sign\n"); | |||
xmssmt_sign(sk, sm, &smlen, mi, MLEN); | |||
idx = 0; | |||
for (j = 0; j < params.index_bytes; j++) { | |||
idx += ((unsigned long long)sm[j]) << 8*(params.index_bytes - 1 - j); | |||
} | |||
printf("\nidx = %llu\n",idx); | |||
r = memcmp(mi, sm+params.sig_bytes,MLEN); | |||
printf("%d\n", r); | |||
for (j = 0; j < smlen; j++) { | |||
printf("%02X", sm[j]); | |||
} | |||
printf("\n"); | |||
/* Test valid signature */ | |||
printf("verify\n"); | |||
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r); | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", r); | |||
printf("%llu\n", MLEN-mlen); | |||
/* Test with modified message */ | |||
sm[52] ^= 1; | |||
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Test with modified signature */ | |||
sm[260] ^= 1; | |||
sm[52] ^= 1; | |||
sm[2] ^= 1; | |||
r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
} | |||
return 0; | |||
} | |||
@@ -1,97 +0,0 @@ | |||
#include <stdio.h> | |||
#include <string.h> | |||
#include "../xmss_core.h" | |||
#include "../params.h" | |||
#include "../randombytes.h" | |||
#define MLEN 3491 | |||
#define SIGNATURES 5 | |||
unsigned char mi[MLEN]; | |||
unsigned long long smlen; | |||
unsigned long long mlen; | |||
int main() | |||
{ | |||
xmss_params params; | |||
// TODO test more different OIDs | |||
uint32_t oid = 0x01000001; | |||
xmssmt_parse_oid(¶ms, oid); | |||
int r; | |||
unsigned long long i,j; | |||
unsigned char sk[(params.index_bytes+4*params.n)]; | |||
unsigned char pk[2*params.n]; | |||
unsigned long long signature_length = params.index_bytes + params.n + (params.d*params.wots_sig_bytes) + params.full_height*params.n; | |||
unsigned char mo[MLEN+signature_length]; | |||
unsigned char sm[MLEN+signature_length]; | |||
printf("keypair\n"); | |||
xmssmt_core_keypair(¶ms, pk, sk); | |||
// check pub_seed in SK | |||
for (i = 0; i < params.n; i++) { | |||
if (pk[params.n+i] != sk[params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i); | |||
if (pk[i] != sk[params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i); | |||
} | |||
printf("pk checked\n"); | |||
unsigned int idx_len = params.index_bytes; | |||
// check index | |||
unsigned long long idx = 0; | |||
for (i = 0; i < idx_len; i++) { | |||
idx |= ((unsigned long long)sk[i]) << 8*(idx_len - 1 - i); | |||
} | |||
if (idx) printf("\nidx != 0: %llu\n",idx); | |||
for (i = 0; i < SIGNATURES; i++) { | |||
randombytes(mi, MLEN); | |||
printf("sign\n"); | |||
xmssmt_core_sign(¶ms, sk, sm, &smlen, mi, MLEN); | |||
idx = 0; | |||
for (j = 0; j < idx_len; j++) { | |||
idx += ((unsigned long long)sm[j]) << 8*(idx_len - 1 - j); | |||
} | |||
printf("\nidx = %llu\n",idx); | |||
r = memcmp(mi, sm+signature_length,MLEN); | |||
printf("%d\n", r); | |||
for (j = 0; j < smlen; j++) { | |||
printf("%02X", sm[j]); | |||
} | |||
printf("\n"); | |||
/* Test valid signature */ | |||
printf("verify\n"); | |||
r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r); | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", r); | |||
printf("%llu\n", MLEN-mlen); | |||
/* Test with modified message */ | |||
sm[52] ^= 1; | |||
r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
/* Test with modified signature */ | |||
sm[260] ^= 1; | |||
sm[52] ^= 1; | |||
sm[2] ^= 1; | |||
r = xmssmt_core_sign_open(¶ms, mo, &mlen, sm, smlen, pk); | |||
printf("%d\n", r+1); | |||
r = memcmp(mi,mo,MLEN); | |||
printf("%d\n", (r!=0) - 1); | |||
printf("%llu\n", mlen+1); | |||
} | |||
return 0; | |||
} | |||
@@ -0,0 +1,43 @@ | |||
#include <stdio.h> | |||
#include <stdint.h> | |||
#include <string.h> | |||
#include "../wots.h" | |||
#include "../randombytes.h" | |||
#include "../params.h" | |||
int main() | |||
{ | |||
xmss_params params; | |||
// TODO test more different OIDs | |||
uint32_t oid = 0x01000001; | |||
/* For WOTS it doesn't matter if we use XMSS or XMSSMT. */ | |||
xmss_parse_oid(¶ms, oid); | |||
unsigned char seed[params.n]; | |||
unsigned char pub_seed[params.n]; | |||
unsigned char pk1[params.wots_sig_bytes]; | |||
unsigned char pk2[params.wots_sig_bytes]; | |||
unsigned char sig[params.wots_sig_bytes]; | |||
unsigned char m[params.n]; | |||
uint32_t addr[8] = {0}; | |||
randombytes(seed, params.n); | |||
randombytes(pub_seed, params.n); | |||
randombytes(m, params.n); | |||
randombytes((unsigned char *)addr, 8 * sizeof(uint32_t)); | |||
printf("Testing WOTS signature and PK derivation.. "); | |||
wots_pkgen(¶ms, pk1, seed, pub_seed, addr); | |||
wots_sign(¶ms, sig, m, seed, pub_seed, addr); | |||
wots_pk_from_sig(¶ms, pk2, sig, m, pub_seed, addr); | |||
if (memcmp(pk1, pk2, params.wots_sig_bytes)) { | |||
printf("failed!\n"); | |||
return -1; | |||
} | |||
printf("successful.\n"); | |||
return 0; | |||
} |
@@ -0,0 +1,110 @@ | |||
#include <stdio.h> | |||
#include <stdint.h> | |||
#include <string.h> | |||
#include "../xmss.h" | |||
#include "../params.h" | |||
#define MLEN 32 | |||
#define SIGNATURES 16 | |||
#ifdef XMSSMT | |||
#define XMSS_PARSE_OID xmssmt_parse_oid | |||
#define XMSS_KEYPAIR xmssmt_keypair | |||
#define XMSS_SIGN xmssmt_sign | |||
#define XMSS_SIGN_OPEN xmssmt_sign_open | |||
#define XMSS_VARIANT "XMSSMT-SHA2_20/2_256" | |||
#else | |||
#define XMSS_PARSE_OID xmss_parse_oid | |||
#define XMSS_KEYPAIR xmss_keypair | |||
#define XMSS_SIGN xmss_sign | |||
#define XMSS_SIGN_OPEN xmss_sign_open | |||
#define XMSS_VARIANT "XMSS-SHA2_10_256" | |||
#endif | |||
int main() | |||
{ | |||
xmss_params params; | |||
// TODO test more different OIDs | |||
uint32_t oid = 0x01000001; | |||
int i, j; | |||
XMSS_PARSE_OID(¶ms, oid); | |||
unsigned char pk[XMSS_OID_LEN + params.pk_bytes]; | |||
unsigned char sk[XMSS_OID_LEN + params.sk_bytes]; | |||
unsigned char m[MLEN]; | |||
unsigned char sm[params.sig_bytes + MLEN]; | |||
unsigned char mout[params.sig_bytes + MLEN]; | |||
unsigned long long smlen; | |||
unsigned long long mlen; | |||
XMSS_KEYPAIR(pk, sk, oid); | |||
printf("Testing %d %s signatures.. \n", SIGNATURES, XMSS_VARIANT); | |||
for (i = 0; i < SIGNATURES; i++) { | |||
printf(" - iteration #%d:\n", i); | |||
XMSS_SIGN(sk, sm, &smlen, m, MLEN); | |||
if (smlen != params.sig_bytes + MLEN) { | |||
printf(" X smlen incorrect [%llu != %u]!.\n", | |||
smlen, params.sig_bytes); | |||
} | |||
else { | |||
printf(" smlen as expected [%llu].\n", smlen); | |||
} | |||
/* Test if signature is valid. */ | |||
if (XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) { | |||
printf(" X verification failed!\n"); | |||
} | |||
else { | |||
printf(" verification succeeded.\n"); | |||
} | |||
/* Test if the correct message was recovered. */ | |||
if (mlen != MLEN) { | |||
printf(" X mlen incorrect [%llu != %u]!.\n", mlen, MLEN); | |||
} | |||
else { | |||
printf(" mlen as expected [%llu].\n", mlen); | |||
} | |||
if (memcmp(m, mout, mlen)) { | |||
printf(" X output message incorrect!.\n"); | |||
} | |||
else { | |||
printf(" output message as expected.\n"); | |||
} | |||
/* Test if flipping bits invalidates the signature (it should). */ | |||
/* Flip the first bit of the message. Should invalidate. */ | |||
sm[smlen - 1] ^= 1; | |||
if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) { | |||
printf(" X flipping a bit of m DID NOT invalidate signature!\n"); | |||
} | |||
else { | |||
printf(" flipping a bit of m invalidates signature.\n"); | |||
} | |||
sm[smlen - 1] ^= 1; | |||
/* Flip one bit per hash; the signature is almost entirely hashes. | |||
This also flips a bit in the index, which is also a useful test. */ | |||
for (j = 0; j < (int)(smlen - MLEN); j += params.n) { | |||
sm[j] ^= 1; | |||
if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) { | |||
printf(" X flipping bit %d DID NOT invalidate sig + m!\n", j); | |||
sm[j] ^= 1; | |||
break; | |||
} | |||
sm[j] ^= 1; | |||
} | |||
if (j >= (int)(smlen - MLEN)) { | |||
printf(" changing any signature hash invalidates signature.\n"); | |||
} | |||
} | |||
return 0; | |||
} |
@@ -12,7 +12,7 @@ int main() | |||
{ | |||
xmss_params params; | |||
char *oidstr = "XMSS-SHA2_10_256"; | |||
uint32_t oid = 0x01000001; | |||
uint32_t oid; | |||
unsigned int i; | |||
fprintf(stderr, "Testing if XMSS-SHA2_10_256 signing is deterministic.. "); |