xmss-KAT-generator/test/test_xmss.c
Joost Rijneveld 1e00c92c18
Refactor to use compile-time parameter sets
This starts a cleanup / refactor, but there is still some low-hanging fruit.
2017-06-02 14:10:24 +02:00

121 строка
3.0 KiB
C

#include <stdio.h>
#include <string.h>
#include "../xmss.h"
#include "../params.h"
#include "../randombytes.h"
#define MLEN 3491
#define SIGNATURES 50
unsigned char mi[MLEN];
unsigned long long smlen;
unsigned long long mlen;
int main()
{
int r;
unsigned long long i, j;
unsigned long errors = 0;
unsigned char sk[4*XMSS_N+4];
unsigned char pk[2*XMSS_N];
unsigned long long signature_length = 4+XMSS_N+XMSS_WOTS_KEYSIZE+XMSS_TREEHEIGHT*XMSS_N;
unsigned char mo[MLEN+signature_length];
unsigned char sm[MLEN+signature_length];
printf("keypair\n");
xmss_keypair(pk, sk);
// check pub_seed in SK
for (i = 0; i < XMSS_N; i++) {
if (pk[XMSS_N+i] != sk[4+2*XMSS_N+i]) printf("pk.pub_seed != sk.pub_seed %llu",i);
if (pk[i] != sk[4+3*XMSS_N+i]) printf("pk.root != sk.root %llu",i);
}
// check index
unsigned long idx = ((unsigned long)sk[0] << 24) | ((unsigned long)sk[1] << 16) | ((unsigned long)sk[2] << 8) | sk[3];
if (idx) printf("\nidx != 0 %lu\n",idx);
for (i = 0; i < SIGNATURES; i++) {
randombytes(mi, MLEN);
printf("sign\n");
xmss_sign(sk, sm, &smlen, mi, MLEN);
idx = ((unsigned long)sm[0] << 24) | ((unsigned long)sm[1] << 16) | ((unsigned long)sm[2] << 8) | sm[3];
printf("\nidx = %lu\n",idx);
for (j = 0; j < smlen; j++) {
printf("%02X", sm[j]);
}
printf("\n");
r = memcmp(mi, sm+signature_length,MLEN);
printf("%d\n", r);
/* Test valid signature */
printf("verify\n");
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
printf("%d\n", r);
if (r != 0) errors++;
r = memcmp(mi,mo,MLEN);
printf("%d\n", r);
printf("%llu\n", MLEN-mlen);
/* Test with modified message */
sm[signature_length+10] ^= 1;
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
printf("%d\n", r+1);
if (r == 0) errors++;
r = memcmp(mi,mo,MLEN);
printf("%d\n", (r!=0) - 1);
printf("%llu\n", mlen+1);
/* Test with modified signature */
/* Modified index */
sm[signature_length+10] ^= 1;
sm[2] ^= 1;
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
printf("%d\n", r+1);
if (r == 0) errors++;
r = memcmp(mi,mo,MLEN);
printf("%d\n", (r!=0) - 1);
printf("%llu\n", mlen+1);
/* Modified R */
sm[2] ^= 1;
sm[5] ^= 1;
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
printf("%d\n", r+1);
if (r == 0) errors++;
r = memcmp(mi,mo,MLEN);
printf("%d\n", (r!=0) - 1);
printf("%llu\n", mlen+1);
/* Modified OTS sig */
sm[5] ^= 1;
sm[240] ^= 1;
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
printf("%d\n", r+1);
if (r == 0) errors++;
r = memcmp(mi,mo,MLEN);
printf("%d\n", (r!=0) - 1);
printf("%llu\n", mlen+1);
/* Modified AUTH */
sm[240] ^= 1;
sm[signature_length - 10] ^= 1;
r = xmss_sign_open(mo, &mlen, sm, smlen, pk);
printf("%d\n", r+1);
if (r == 0) errors++;
r = memcmp(mi,mo,MLEN);
printf("%d\n", (r!=0) - 1);
printf("%llu\n", mlen+1);
}
printf("#errors = %lu\n", errors);
return 0;
}