Clean up tests

.gitignore

@@ -1,22 +1,4 @@
-test/test_chacha
-test/test_wots
-test/test_horst
-test/test_xmss
-test/test_xmss_core
-test/test_xmss_core_fast
-test/test_xmssmt
-test/test_xmssmt_core
-test/test_xmssmt_core_fast
-test/test_xmss_core_XMSS*
-test/test_xmss_core_fast_XMSS*
-test/test_xmssmt_core_XMSSMT*
-test/test_xmssmt_core_fast_XMSSMT*
-test/test_determinism
-test/speed
-test/gen_testvectors
-ui/xmss_keypair
-ui/xmss_open
-ui/xmss_sign
-ui/xmssmt_keypair
-ui/xmssmt_open
-ui/xmssmt_sign
+test/*
+!test/*.c
+ui/*
+!ui/*.c

Makefile

@@ -8,14 +8,16 @@ HEADERS = params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss.h x
 SOURCES_FAST = $(subst core,core_fast,$(SOURCES))
 HEADERS_FAST = $(subst core,core_fast,$(HEADERS))
 
-TESTS = test/test_wots \
-		test/test_xmss_core \
-		test/test_xmss_core_fast \
-		test/test_xmss \
-		test/test_xmssmt_core_fast \
-		test/test_xmssmt_core \
-		test/test_xmssmt \
-		test/test_determinism \
+TESTS = test/wots \
+		test/xmss_determinism \
+		test/xmss \
+		test/xmssmt \
+		test/xmss_core_fast \
+		test/xmssmt_core_fast \
+
+# These currently do not work, as xmss_core_fast does not match the xmss_core.h API
+#		test/xmss_fast \
+#		test/xmssmt_fast \
 
 UI = ui/xmss_keypair \
 	 ui/xmss_sign \
@@ -24,18 +26,52 @@ UI = ui/xmss_keypair \
 	 ui/xmssmt_sign \
 	 ui/xmssmt_open \
 
-all: $(TESTS) $(UI)
+# These currently do not work, as xmss_core_fast does not match the xmss_core.h API
+#	 ui/xmss_keypair_fast \
+#	 ui/xmss_sign_fast \
+#	 ui/xmss_open_fast \
+#	 ui/xmssmt_keypair_fast \
+#	 ui/xmssmt_sign_fast \
+#	 ui/xmssmt_open_fast \
+
+all: tests ui
+
+tests: $(TESTS)
+ui: $(UI)
+
+test: $(TESTS:=.exec)
+
+.PHONY: clean test
+
+test/%.exec: test/%
+	@$<
+
+test/xmss_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
+	$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
+
+test/xmss: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS)
+	$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)
+
+test/xmssmt_fast: test/xmss.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
+	$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
+
+test/xmssmt: test/xmss.c $(SOURCES) $(OBJS) $(HEADERS)
+	$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)
 
-.PHONY: clean
+test/xmss_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
+	$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
 
-test/%_fast: test/%_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
+test/xmssmt_core_fast: test/xmss_core_fast.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
 	$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
 
 test/%: test/%.c $(SOURCES) $(OBJS) $(HEADERS)
 	$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)
 
-test/test_wots: params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c params.h hash.h fips202.h hash_address.h randombytes.h wots.h xmss_commons.h
-	$(CC) $(CFLAGS) params.c hash.c fips202.c hash_address.c randombytes.c wots.c xmss_commons.c test/test_wots.c -o $@ -lcrypto
+ui/xmss_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
+	$(CC) $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
+
+ui/xmssmt_%_fast: ui/%.c $(SOURCES_FAST) $(OBJS) $(HEADERS_FAST)
+	$(CC) -DXMSSMT $(CFLAGS) -o $@ $(SOURCES_FAST) $< $(LDLIBS)
 
 ui/xmss_%: ui/%.c $(SOURCES) $(OBJS) $(HEADERS)
 	$(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS)

test/gen_testvectors.c

@@ -1,92 +0,0 @@
-#include <stdint.h>
-#include <stdio.h>
-#include "../crypto_sign.h"
-
-#define MAXMBYTES 2048
-
-typedef uint32_t uint32;
-
-static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ;
-static uint32 in[12];
-static uint32 out[8];
-static int outleft = 0;
-
-#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
-#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
-
-static void surf(void)
-{
-  uint32 t[12]; uint32 x; uint32 sum = 0;
-  int r; int i; int loop;
-
-  for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
-  for (i = 0;i < 8;++i) out[i] = seed[24 + i];
-  x = t[11];
-  for (loop = 0;loop < 2;++loop) {
-    for (r = 0;r < 16;++r) {
-      sum += 0x9e3779b9;
-      MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
-      MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
-      MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
-    }
-    for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
-  }
-}
-
-void randombytes(unsigned char *x,unsigned long long xlen)
-{
-  while (xlen > 0) {
-    if (!outleft) {
-      if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
-      surf();
-      outleft = 8;
-    }
-    *x = out[--outleft];
-    ++x;
-    --xlen;
-  }
-}
-
-
-unsigned char pk[CRYPTO_PUBLICKEYBYTES];
-unsigned char sk[CRYPTO_SECRETKEYBYTES];
-unsigned char m[MAXMBYTES];
-unsigned char sm[MAXMBYTES+CRYPTO_BYTES];
-//unsigned char mo[MAXMBYTES+CRYPTO_BYTES];
-unsigned long long smlen;
-unsigned long long mlen;
-
-int main(void)
-{
-  int n,i,r;
-  for(n=0;n<MAXMBYTES;n++)
-  {
-    crypto_sign_keypair(pk,sk);
-    randombytes(m,n);
-
-    crypto_sign(sm, &smlen, m, n, sk);
-    for(i=0;i<smlen;i++)
-      printf("%02x",sm[i]);
-    printf("\n");
-    r = crypto_sign_open(sm, &mlen, sm, smlen, pk);
-    if(r)
-    {
-      printf("signature verification fails\n");
-      return -1;
-    }
-    if(mlen != n)
-    {
-      printf("signature verification produces wrong message length\n");
-      return -1;
-    }
-    for(i=0;i<n;i++)
-    {
-      if(sm[i] != m[i])
-      {
-        printf("signature verification does not recover message\n");
-        return -1;
-      }
-    }
-  }
-  return 0;
-}

test/speed.c

@@ -1,124 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include "../crypto_sign.h"
-#include "../cpucycles.h"
-#include "../randombytes.h"
-#include "../horst.h"
-#include "../wots.h"
-#include "../hash.h"
-
-
-#define MLEN 59
-#define REP 1
-#define NRUNS 100
-
-static int ull_cmp(const void *a, const void *b) 
-{ 
-  const unsigned long long *ia = (const unsigned long long *)a; 
-  const unsigned long long *ib = (const unsigned long long *)b;
-  if (*ia > *ib) return 1;
-  if (*ia < *ib) return -1;
-  return 0;
-} 
-
-static const unsigned char seed[32] = {
-  0x22, 0x26, 0xb5, 0x64, 0xbb, 0x78, 0xcc, 0xab, 0x4a, 0x4c, 0x0a, 0x64, 0xc2, 0x0b, 0x5d, 0x68, 
-  0x38, 0x74, 0x1a, 0xc0, 0x03, 0x17, 0xff, 0xd8, 0xe3, 0x53, 0xc8, 0x59, 0xc6, 0x23, 0x5b, 0xaa};
-
-
-int main()
-{
-  unsigned long long t[NRUNS];
-  int i,j;
-
-  printf("\n=== Benchmarks of signatures ===\n\n");
-  unsigned char sk[CRYPTO_SECRETKEYBYTES];
-  unsigned char pk[CRYPTO_PUBLICKEYBYTES];
-
-  unsigned char m[MLEN+CRYPTO_BYTES];
-  unsigned char sm[MLEN+CRYPTO_BYTES];
-  unsigned long long mlen;
-  unsigned long long smlen;
- 
-  unsigned char masks[2*HORST_LOGT*HASH_BYTES];
-  randombytes(masks,N_MASKS*HASH_BYTES);
-
-  unsigned char msg_seed[MSGHASH_BYTES];
-  randombytes(msg_seed, MSGHASH_BYTES);
-
-  //Benchmarking signature key generation
-  for(i=0;i<NRUNS;i++)
-  {
-    t[i] = cpucycles();
-    for(j=0;j<REP;j++)
-      crypto_sign_keypair(pk, sk);
-  }
-  for(i=0;i<NRUNS-1;i++)
-    t[i] = (t[i+1] - t[i]);
-  qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
-  printf("keypair:           %13.3lf\n", (double)t[NRUNS/2-1]/REP);
-
-  //Benchmarking signature generation
-  for(i=0;i<NRUNS;i++)
-  {
-    t[i] = cpucycles();
-    for(j=0;j<REP;j++)
-      crypto_sign(sm, &smlen, m, MLEN, sk);
-  }
-  for(i=0;i<NRUNS-1;i++)
-    t[i] = (t[i+1] - t[i]);
-  qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
-  printf("sign:              %13.3lf\n", (double)t[NRUNS/2-1]/REP);
-
-  //Benchmarking signature verification
-  for(i=0;i<NRUNS;i++)
-  {
-    t[i] = cpucycles();
-    for(j=0;j<REP;j++)
-      crypto_sign_open(m, &mlen, sm, smlen, pk);
-  }
-  for(i=0;i<NRUNS-1;i++)
-    t[i] = (t[i+1] - t[i]);
-  qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
-  printf("sign_open:         %13.3lf\n", (double)t[NRUNS/2-1]/REP);
-
-  //Benchmarking WOTS pkgen
-  for(i=0;i<NRUNS;i++)
-  {
-    t[i] = cpucycles();
-    for(j=0;j<REP;j++)
-      wots_pkgen(sm, seed, masks);
-  }
-  for(i=0;i<NRUNS-1;i++)
-    t[i] = (t[i+1] - t[i]);
-  qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
-  printf("wots_pkgen:        %13.3lf\n", (double)t[NRUNS/2-1]/REP);
-  printf("416*wots_pkgen:    %13.3lf\n", 416*(double)t[NRUNS/2-1]/REP);
-
-  //Benchmarking HORSt signing
-  for(i=0;i<NRUNS;i++)
-  {
-    t[i] = cpucycles();
-    for(j=0;j<REP;j++)
-      horst_sign(sm, pk, &smlen, m, MLEN, seed, masks, msg_seed);
-  }
-  for(i=0;i<NRUNS-1;i++)
-    t[i] = (t[i+1] - t[i]);
-  qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
-  printf("horst_sign:        %13.3lf\n", (double)t[NRUNS/2-1]/REP);
-
-  //Benchmarking hash_2n_n
-  for(i=0;i<NRUNS;i++)
-  {
-    t[i] = cpucycles();
-    for(j=0;j<REP;j++)
-      hash_2n_n(sm, sm);
-  }
-  for(i=0;i<NRUNS-1;i++)
-    t[i] = (t[i+1] - t[i]);
-  qsort(t, NRUNS-1, sizeof(unsigned long long), ull_cmp);
-  printf("hash_2n_n:         %13.3lf\n", (double)t[NRUNS/2-1]/REP);
-
-
-  return 0;
-}

test/test.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-DIR=$(dirname $0)
-#for i in `ls $DIR/test* | grep -v \.c$ | grep -v \.sh$`;do ($i || echo 666) | bc | grep -v ^0$;done 
-for i in `ls $DIR/test* | grep -v \.c$ | grep -v \.sh$`;do ($i || echo 666) ;done 
-exit 0

test/test_wots.c

@@ -1,57 +0,0 @@
-#include <stdio.h>
-#include <stdint.h>
-#include "../wots.h"
-#include "../randombytes.h"
-#include "../params.h"
-
-static void hexdump(unsigned char *a, size_t len)
-{
-  size_t i;
-  for (i = 0; i < len; i++)
-    printf("%02x", a[i]);
-}
-
-int main()
-{
-  xmss_params params;
-  // TODO test more different OIDs
-  uint32_t oid = 0x01000001;
-  xmssmt_parse_oid(&params, oid);
-
-  unsigned char seed[params.n];
-  unsigned char pub_seed[params.n];
-
-  int sig_len = params.wots_len*params.n;
-
-  unsigned char pk1[sig_len];
-  unsigned char pk2[sig_len];
-  unsigned char sig[sig_len];
-  uint32_t addr[8] = {1,2,3,4};
-
-  unsigned char msg[params.n];
-  int i;
-
-  randombytes(seed, params.n);
-  randombytes(pub_seed, params.n);
-  randombytes(msg, params.n);
-  //randombytes(addr, 16);
-
-  wots_pkgen(&params, pk1, seed, pub_seed, addr);
-  wots_sign(&params, sig, msg, seed, pub_seed, addr);
-  wots_pk_from_sig(&params, pk2, sig, msg, pub_seed, addr);
-
-  for (i = 0; i < sig_len; i++)
-    if (pk1[i] != pk2[i]) {
-      printf("pk1 != pk2 %d\n",i);
-      return -1;
-    }
-  printf("worked great!\npk1: ");
-  hexdump(pk1, sig_len);
-  printf("\npk2: ");
-  hexdump(pk2, sig_len);
-  printf("\nsig: ");
-  hexdump(sig, sig_len);
-  printf("\n");
-
-  return 0;
-}

test/test_xmss.c

@@ -1,125 +0,0 @@
-#include <stdio.h>
-#include <string.h>
-#include <stdint.h>
-
-#include "../xmss.h"
-#include "../params.h"
-#include "../randombytes.h"
-
-#define MLEN 3491
-#define SIGNATURES 5
-
-unsigned char mi[MLEN];
-unsigned long long smlen;
-unsigned long long mlen;
-
-int main()
-{
-  xmss_params params;
-  // TODO test more different OIDs
-  uint32_t oid = 0x01000001;
-  xmss_parse_oid(&params, oid);
-
-  int r;
-  unsigned long long i, j;
-  unsigned long errors = 0;
-
-  unsigned char sk[XMSS_OID_LEN + params.sk_bytes];
-  unsigned char pk[XMSS_OID_LEN + params.pk_bytes];
-
-  unsigned char mo[MLEN+params.sig_bytes];
-  unsigned char sm[MLEN+params.sig_bytes];
-
-  printf("keypair\n");
-  xmss_keypair(pk, sk, oid);
-  // check pub_seed in SK
-  for (i = 0; i < params.n; i++) {
-    if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
-    if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i);
-  }
-
-  // check index
-  unsigned long idx = ((unsigned long)sk[4] << 24) | ((unsigned long)sk[5] << 16) | ((unsigned long)sk[6] << 8) | sk[7];
-  if (idx) printf("\nidx != 0 %lu\n",idx);
-
-  for (i = 0; i < SIGNATURES; i++) {
-    randombytes(mi, MLEN);
-
-    printf("sign\n");
-    xmss_sign(sk, sm, &smlen, mi, MLEN);
-    idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];
-    printf("\nidx = %lu\n",idx);
-
-    for (j = 0; j < smlen; j++) {
-      printf("%02X", sm[j]);
-    }
-    printf("\n");
-
-    r = memcmp(mi, sm+params.sig_bytes,MLEN);
-    printf("%d\n", r);
-
-    /* Test valid signature */
-    printf("verify\n");
-    r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r);
-    if (r != 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", r);
-    printf("%llu\n", MLEN-mlen);
-
-    /* Test with modified message */
-    sm[params.sig_bytes+10] ^= 1;
-    r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Test with modified signature */
-    /* Modified index */
-    sm[params.sig_bytes+10] ^= 1;
-    sm[2] ^= 1;
-    r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Modified R */
-    sm[2] ^= 1;
-    sm[5] ^= 1;
-    r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Modified OTS sig */
-    sm[5] ^= 1;
-    sm[240] ^= 1;
-    r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Modified AUTH */
-    sm[240] ^= 1;
-    sm[params.sig_bytes - 10] ^= 1;
-    r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-  }
-
-  printf("#errors = %lu\n", errors);
-  return 0;
-}
-
-

test/test_xmss_core.c

@@ -1,125 +0,0 @@
-#include <stdio.h>
-#include <string.h>
-
-#include "../xmss_core.h"
-#include "../params.h"
-#include "../randombytes.h"
-
-#define MLEN 3491
-#define SIGNATURES 5
-
-unsigned char mi[MLEN];
-unsigned long long smlen;
-unsigned long long mlen;
-
-int main()
-{
-  xmss_params params;
-  // TODO test more different OIDs
-  uint32_t oid = 0x01000001;
-  xmss_parse_oid(&params, oid);
-
-  int r;
-  unsigned long long i, j;
-  unsigned long errors = 0;
-
-  unsigned char sk[4*params.n+4];
-  unsigned char pk[2*params.n];
-
-  unsigned long long signature_length = 4+params.n+params.wots_sig_bytes+params.tree_height*params.n;
-  unsigned char mo[MLEN+signature_length];
-  unsigned char sm[MLEN+signature_length];
-
-  printf("keypair\n");
-  xmss_core_keypair(&params, pk, sk);
-  // check pub_seed in SK
-  for (i = 0; i < params.n; i++) {
-    if (pk[params.n+i] != sk[4+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
-    if (pk[i] != sk[4+3*params.n+i]) printf("pk.root != sk.root %llu",i);
-  }
-
-  // check index
-  unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
-  if (idx) printf("\nidx != 0 %lu\n",idx);
-
-  for (i = 0; i < SIGNATURES; i++) {
-    randombytes(mi, MLEN);
-
-    printf("sign\n");
-    xmss_core_sign(&params, sk, sm, &smlen, mi, MLEN);
-    idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];
-    printf("\nidx = %lu\n",idx);
-
-    for (j = 0; j < smlen; j++) {
-      printf("%02X", sm[j]);
-    }
-    printf("\n");
-
-    r = memcmp(mi, sm+signature_length,MLEN);
-    printf("%d\n", r);
-
-    /* Test valid signature */
-    printf("verify\n");
-    r = xmss_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r);
-    if (r != 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", r);
-    printf("%llu\n", MLEN-mlen);
-
-    /* Test with modified message */
-    sm[signature_length+10] ^= 1;
-    r = xmss_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Test with modified signature */
-    /* Modified index */
-    sm[signature_length+10] ^= 1;
-    sm[2] ^= 1;
-    r = xmss_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Modified R */
-    sm[2] ^= 1;
-    sm[5] ^= 1;
-    r = xmss_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Modified OTS sig */
-    sm[5] ^= 1;
-    sm[240] ^= 1;
-    r = xmss_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Modified AUTH */
-    sm[240] ^= 1;
-    sm[signature_length - 10] ^= 1;
-    r = xmss_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    if (r == 0) errors++;
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-  }
-
-  printf("#errors = %lu\n", errors);
-  return 0;
-}
-
-

test/test_xmssmt.c

@@ -1,97 +0,0 @@
-#include <stdio.h>
-#include <string.h>
-#include <stdint.h>
-
-#include "../xmss.h"
-#include "../params.h"
-#include "../randombytes.h"
-
-#define MLEN 3491
-#define SIGNATURES 5
-
-unsigned char mi[MLEN];
-unsigned long long smlen;
-unsigned long long mlen;
-
-int main()
-{
-  xmss_params params;
-  // TODO test more different OIDs
-  uint32_t oid = 0x01000001;
-  xmssmt_parse_oid(&params, oid);
-
-  int r;
-  unsigned long long i,j;
-
-  unsigned char sk[XMSS_OID_LEN + params.sk_bytes];
-  unsigned char pk[XMSS_OID_LEN + params.pk_bytes];
-
-  unsigned char mo[MLEN+params.sig_bytes];
-  unsigned char sm[MLEN+params.sig_bytes];
-
-  printf("keypair\n");
-  xmssmt_keypair(pk, sk, oid);
-  // check pub_seed in SK
-  for (i = 0; i < params.n; i++) {
-    if (pk[XMSS_OID_LEN+params.n+i] != sk[XMSS_OID_LEN+params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
-    if (pk[XMSS_OID_LEN+i] != sk[XMSS_OID_LEN+params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i);
-  }
-
-  printf("pk checked\n");
-
-  // check index
-  unsigned long long idx = 0;
-  for (i = 0; i < params.index_bytes; i++) {
-    idx |= ((unsigned long long)sk[i + XMSS_OID_LEN]) << 8*(params.index_bytes - 1 - i);
-  }
-
-  if (idx) printf("\nidx != 0: %llu\n",idx);
-
-  for (i = 0; i < SIGNATURES; i++) {
-    randombytes(mi, MLEN);
-
-    printf("sign\n");
-    xmssmt_sign(sk, sm, &smlen, mi, MLEN);
-    idx = 0;
-    for (j = 0; j < params.index_bytes; j++) {
-      idx += ((unsigned long long)sm[j]) << 8*(params.index_bytes - 1 - j);
-    }
-    printf("\nidx = %llu\n",idx);
-    r = memcmp(mi, sm+params.sig_bytes,MLEN);
-    printf("%d\n", r);
-
-    for (j = 0; j < smlen; j++) {
-      printf("%02X", sm[j]);
-    }
-    printf("\n");
-
-    /* Test valid signature */
-    printf("verify\n");
-    r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r);
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", r);
-    printf("%llu\n", MLEN-mlen);
-
-    /* Test with modified message */
-    sm[52] ^= 1;
-    r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Test with modified signature */
-    sm[260] ^= 1;
-    sm[52] ^= 1;
-    sm[2] ^= 1;
-    r = xmssmt_sign_open(mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-  }
-  return 0;
-}
-
-

test/test_xmssmt_core.c

@@ -1,97 +0,0 @@
-#include <stdio.h>
-#include <string.h>
-
-#include "../xmss_core.h"
-#include "../params.h"
-#include "../randombytes.h"
-
-#define MLEN 3491
-#define SIGNATURES 5
-
-unsigned char mi[MLEN];
-unsigned long long smlen;
-unsigned long long mlen;
-
-int main()
-{
-  xmss_params params;
-  // TODO test more different OIDs
-  uint32_t oid = 0x01000001;
-  xmssmt_parse_oid(&params, oid);
-
-  int r;
-  unsigned long long i,j;
-
-  unsigned char sk[(params.index_bytes+4*params.n)];
-  unsigned char pk[2*params.n];
-
-  unsigned long long signature_length = params.index_bytes + params.n + (params.d*params.wots_sig_bytes) + params.full_height*params.n;
-  unsigned char mo[MLEN+signature_length];
-  unsigned char sm[MLEN+signature_length];
-
-  printf("keypair\n");
-  xmssmt_core_keypair(&params, pk, sk);
-  // check pub_seed in SK
-  for (i = 0; i < params.n; i++) {
-    if (pk[params.n+i] != sk[params.index_bytes+2*params.n+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
-    if (pk[i] != sk[params.index_bytes+3*params.n+i]) printf("pk.root != sk.root %llu",i);
-  }
-  printf("pk checked\n");
-
-  unsigned int idx_len = params.index_bytes;
-  // check index
-  unsigned long long idx = 0;
-  for (i = 0; i < idx_len; i++) {
-    idx |= ((unsigned long long)sk[i]) << 8*(idx_len - 1 - i);
-  }
-
-  if (idx) printf("\nidx != 0: %llu\n",idx);
-
-  for (i = 0; i < SIGNATURES; i++) {
-    randombytes(mi, MLEN);
-
-    printf("sign\n");
-    xmssmt_core_sign(&params, sk, sm, &smlen, mi, MLEN);
-    idx = 0;
-    for (j = 0; j < idx_len; j++) {
-      idx += ((unsigned long long)sm[j]) << 8*(idx_len - 1 - j);
-    }
-    printf("\nidx = %llu\n",idx);
-    r = memcmp(mi, sm+signature_length,MLEN);
-    printf("%d\n", r);
-
-    for (j = 0; j < smlen; j++) {
-      printf("%02X", sm[j]);
-    }
-    printf("\n");
-
-    /* Test valid signature */
-    printf("verify\n");
-    r = xmssmt_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r);
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", r);
-    printf("%llu\n", MLEN-mlen);
-
-    /* Test with modified message */
-    sm[52] ^= 1;
-    r = xmssmt_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-
-    /* Test with modified signature */
-    sm[260] ^= 1;
-    sm[52] ^= 1;
-    sm[2] ^= 1;
-    r = xmssmt_core_sign_open(&params, mo, &mlen, sm, smlen, pk);
-    printf("%d\n", r+1);
-    r = memcmp(mi,mo,MLEN);
-    printf("%d\n", (r!=0) - 1);
-    printf("%llu\n", mlen+1);
-  }
-  return 0;
-}
-
-

test/wots.c

@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "../wots.h"
+#include "../randombytes.h"
+#include "../params.h"
+
+int main()
+{
+    xmss_params params;
+    // TODO test more different OIDs
+    uint32_t oid = 0x01000001;
+
+    /* For WOTS it doesn't matter if we use XMSS or XMSSMT. */
+    xmss_parse_oid(&params, oid);
+
+    unsigned char seed[params.n];
+    unsigned char pub_seed[params.n];
+    unsigned char pk1[params.wots_sig_bytes];
+    unsigned char pk2[params.wots_sig_bytes];
+    unsigned char sig[params.wots_sig_bytes];
+    unsigned char m[params.n];
+    uint32_t addr[8] = {0};
+
+    randombytes(seed, params.n);
+    randombytes(pub_seed, params.n);
+    randombytes(m, params.n);
+    randombytes((unsigned char *)addr, 8 * sizeof(uint32_t));
+
+    printf("Testing WOTS signature and PK derivation.. ");
+
+    wots_pkgen(&params, pk1, seed, pub_seed, addr);
+    wots_sign(&params, sig, m, seed, pub_seed, addr);
+    wots_pk_from_sig(&params, pk2, sig, m, pub_seed, addr);
+
+    if (memcmp(pk1, pk2, params.wots_sig_bytes)) {
+        printf("failed!\n");
+        return -1;
+    }
+    printf("successful.\n");
+    return 0;
+}

test/xmss.c

@@ -0,0 +1,110 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "../xmss.h"
+#include "../params.h"
+
+#define MLEN 32
+#define SIGNATURES 16
+
+#ifdef XMSSMT
+    #define XMSS_PARSE_OID xmssmt_parse_oid
+    #define XMSS_KEYPAIR xmssmt_keypair
+    #define XMSS_SIGN xmssmt_sign
+    #define XMSS_SIGN_OPEN xmssmt_sign_open
+    #define XMSS_VARIANT "XMSSMT-SHA2_20/2_256"
+#else
+    #define XMSS_PARSE_OID xmss_parse_oid
+    #define XMSS_KEYPAIR xmss_keypair
+    #define XMSS_SIGN xmss_sign
+    #define XMSS_SIGN_OPEN xmss_sign_open
+    #define XMSS_VARIANT "XMSS-SHA2_10_256"
+#endif
+
+int main()
+{
+    xmss_params params;
+    // TODO test more different OIDs
+    uint32_t oid = 0x01000001;
+    int i, j;
+
+    XMSS_PARSE_OID(&params, oid);
+
+    unsigned char pk[XMSS_OID_LEN + params.pk_bytes];
+    unsigned char sk[XMSS_OID_LEN + params.sk_bytes];
+    unsigned char m[MLEN];
+    unsigned char sm[params.sig_bytes + MLEN];
+    unsigned char mout[params.sig_bytes + MLEN];
+    unsigned long long smlen;
+    unsigned long long mlen;
+
+    XMSS_KEYPAIR(pk, sk, oid);
+
+    printf("Testing %d %s signatures.. \n", SIGNATURES, XMSS_VARIANT);
+
+    for (i = 0; i < SIGNATURES; i++) {
+        printf("  - iteration #%d:\n", i);
+
+        XMSS_SIGN(sk, sm, &smlen, m, MLEN);
+
+        if (smlen != params.sig_bytes + MLEN) {
+            printf("  X smlen incorrect [%llu != %u]!.\n",
+                   smlen, params.sig_bytes);
+        }
+        else {
+            printf("    smlen as expected [%llu].\n", smlen);
+        }
+
+        /* Test if signature is valid. */
+        if (XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
+            printf("  X verification failed!\n");
+        }
+        else {
+            printf("    verification succeeded.\n");
+        }
+
+        /* Test if the correct message was recovered. */
+        if (mlen != MLEN) {
+            printf("  X mlen incorrect [%llu != %u]!.\n", mlen, MLEN);
+        }
+        else {
+            printf("    mlen as expected [%llu].\n", mlen);
+        }
+        if (memcmp(m, mout, mlen)) {
+            printf("  X output message incorrect!.\n");
+        }
+        else {
+            printf("    output message as expected.\n");
+        }
+
+        /* Test if flipping bits invalidates the signature (it should). */
+
+        /* Flip the first bit of the message. Should invalidate. */
+        sm[smlen - 1] ^= 1;
+        if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
+            printf("  X flipping a bit of m DID NOT invalidate signature!\n");
+        }
+        else {
+            printf("    flipping a bit of m invalidates signature.\n");
+        }
+        sm[smlen - 1] ^= 1;
+
+        /* Flip one bit per hash; the signature is almost entirely hashes.
+           This also flips a bit in the index, which is also a useful test. */
+        for (j = 0; j < (int)(smlen - MLEN); j += params.n) {
+            sm[j] ^= 1;
+            if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
+                printf("  X flipping bit %d DID NOT invalidate sig + m!\n", j);
+                sm[j] ^= 1;
+                break;
+            }
+            sm[j] ^= 1;
+        }
+        if (j >= (int)(smlen - MLEN)) {
+            printf("    changing any signature hash invalidates signature.\n");
+        }
+    }
+
+    return 0;
+}

test/test_determinism.c → test/xmss_determinism.c

@@ -12,7 +12,7 @@ int main()
 {
     xmss_params params;
     char *oidstr = "XMSS-SHA2_10_256";
-    uint32_t oid = 0x01000001;
+    uint32_t oid;
     unsigned int i;
 
     fprintf(stderr, "Testing if XMSS-SHA2_10_256 signing is deterministic.. ");