From c4d4e93bbd1c5751ae154f5ad4f533ffa1d851ba Mon Sep 17 00:00:00 2001
From: Joost Rijneveld <joost@joostrijneveld.nl>
Date: Mon, 23 Oct 2017 14:52:33 +0200
Subject: [PATCH] Add test to check deterministic signatures

Wrote this to find what turned out to be an external error when
using the interfacing programs, but felt like it might as well be added.

Under the same key and message, the signature is expected to be identical.
However, as the index changes, this case will not happen in real use.
---
 .gitignore              |  1 +
 Makefile                |  1 +
 test/test_determinism.c | 57 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+)
 create mode 100644 test/test_determinism.c

diff --git a/.gitignore b/.gitignore
index f77ab37..03519f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,7 @@ test/test_xmss_core_XMSS*
 test/test_xmss_core_fast_XMSS*
 test/test_xmssmt_core_XMSSMT*
 test/test_xmssmt_core_fast_XMSSMT*
+test/test_determinism
 test/speed
 test/gen_testvectors
 test/xmss_keypair
diff --git a/Makefile b/Makefile
index 45e8d62..993e53c 100644
--- a/Makefile
+++ b/Makefile
@@ -15,6 +15,7 @@ TESTS = test/test_wots \
 		test/test_xmssmt_core_fast \
 		test/test_xmssmt_core \
 		test/test_xmssmt \
+		test/test_determinism \
 
 UI = test/xmss_keypair \
 	 test/xmss_sign \
diff --git a/test/test_determinism.c b/test/test_determinism.c
new file mode 100644
index 0000000..a54d5c5
--- /dev/null
+++ b/test/test_determinism.c
@@ -0,0 +1,57 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "../params.h"
+#include "../xmss.h"
+#include "../randombytes.h"
+
+#define MLEN 32
+
+int main()
+{
+    xmss_params params;
+    char *oidstr = "XMSS-SHA2_10_256";
+    uint32_t oid = 0x01000001;
+    unsigned int i;
+
+    fprintf(stderr, "Testing if XMSS-SHA2_10_256 signing is deterministic.. ");
+
+    xmss_str_to_oid(&oid, oidstr);
+    xmss_parse_oid(&params, oid);
+
+    unsigned char pk[XMSS_OID_LEN + params.publickey_bytes];
+    unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes];
+    unsigned char sk2[XMSS_OID_LEN + params.privatekey_bytes];
+
+    unsigned char m[MLEN];
+    unsigned char sm[params.bytes + MLEN];
+    unsigned char sm2[params.bytes + MLEN];
+    unsigned long long smlen;
+
+    xmss_keypair(pk, sk, oid);
+
+    /* Duplicate the key, because the original will be modified. */
+    memcpy(sk2, sk, XMSS_OID_LEN + params.privatekey_bytes);
+
+    /* Sign a random message (but twice the same one). */
+    randombytes(m, MLEN);
+
+    xmss_sign(sk, sm, &smlen, m, MLEN);
+    xmss_sign(sk2, sm2, &smlen, m, MLEN);
+
+    /* Compare signature, and, if applicable, print the differences. */
+    if (memcmp(sm, sm2, params.bytes + MLEN)) {
+        fprintf(stderr, "signatures differ!\n");
+        for (i = 0; i < params.bytes + MLEN; i++) {
+            fprintf(stderr, (sm[i] != sm2[i] ? "x" : "."));
+        }
+        fprintf(stderr, "\n");
+        return -1;
+    }
+    else {
+        fprintf(stderr, "signatures are identical.\n");
+    }
+
+    return 0;
+}