kris/xmss-KAT-generator
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add test to check deterministic signatures

Browse Source 
Wrote this to find what turned out to be an external error when
using the interfacing programs, but felt like it might as well be added.

Under the same key and message, the signature is expected to be identical.
However, as the index changes, this case will not happen in real use.
This commit is contained in:
Joost Rijneveld 2017-10-23 14:52:33 +02:00
parent 305bd614bb
commit c4d4e93bbd
No known key found for this signature in database
GPG Key ID: A4FE39CF49CBC553
3 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -11,6 +11,7 @@ test/test_xmss_core_XMSS*
test/test_xmss_core_fast_XMSS* test/test_xmss_core_fast_XMSS*
test/test_xmssmt_core_XMSSMT* test/test_xmssmt_core_XMSSMT*
test/test_xmssmt_core_fast_XMSSMT* test/test_xmssmt_core_fast_XMSSMT*
test/test_determinism
test/speed test/speed
test/gen_testvectors test/gen_testvectors
test/xmss_keypair test/xmss_keypair

1
Makefile
View File

@ -15,6 +15,7 @@ TESTS = test/test_wots \
test/test_xmssmt_core_fast \ test/test_xmssmt_core_fast \
test/test_xmssmt_core \ test/test_xmssmt_core \
test/test_xmssmt \ test/test_xmssmt \
test/test_determinism \
UI = test/xmss_keypair \ UI = test/xmss_keypair \
test/xmss_sign \ test/xmss_sign \

57
test/test_determinism.c Normal file
View File

@ -0,0 +1,57 @@
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include "../params.h"
#include "../xmss.h"
#include "../randombytes.h"
#define MLEN 32
int main()
{
xmss_params params;
char *oidstr = "XMSS-SHA2_10_256";
uint32_t oid = 0x01000001;
unsigned int i;
fprintf(stderr, "Testing if XMSS-SHA2_10_256 signing is deterministic.. ");
xmss_str_to_oid(&oid, oidstr);
xmss_parse_oid(&params, oid);
unsigned char pk[XMSS_OID_LEN + params.publickey_bytes];
unsigned char sk[XMSS_OID_LEN + params.privatekey_bytes];
unsigned char sk2[XMSS_OID_LEN + params.privatekey_bytes];
unsigned char m[MLEN];
unsigned char sm[params.bytes + MLEN];
unsigned char sm2[params.bytes + MLEN];
unsigned long long smlen;
xmss_keypair(pk, sk, oid);
/* Duplicate the key, because the original will be modified. */
memcpy(sk2, sk, XMSS_OID_LEN + params.privatekey_bytes);
/* Sign a random message (but twice the same one). */
randombytes(m, MLEN);
xmss_sign(sk, sm, &smlen, m, MLEN);
xmss_sign(sk2, sm2, &smlen, m, MLEN);
/* Compare signature, and, if applicable, print the differences. */
if (memcmp(sm, sm2, params.bytes + MLEN)) {
fprintf(stderr, "signatures differ!\n");
for (i = 0; i < params.bytes + MLEN; i++) {
fprintf(stderr, (sm[i] != sm2[i] ? "x" : "."));
}
fprintf(stderr, "\n");
return -1;
}
else {
fprintf(stderr, "signatures are identical.\n");
}
return 0;
}