Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

135 строки
3.8 KiB

  1. #include <stdio.h>
  2. #include <stdint.h>
  3. #include <string.h>
  4. #include <stdlib.h>
  5. #include "../xmss.h"
  6. #include "../params.h"
  7. #include "../randombytes.h"
  8. #define XMSS_MLEN 32
  9. #ifndef XMSS_SIGNATURES
  10. #define XMSS_SIGNATURES 16
  11. #endif
  12. #ifdef XMSSMT
  13. #define XMSS_PARSE_OID xmssmt_parse_oid
  14. #define XMSS_STR_TO_OID xmssmt_str_to_oid
  15. #define XMSS_KEYPAIR xmssmt_keypair
  16. #define XMSS_SIGN xmssmt_sign
  17. #define XMSS_SIGN_OPEN xmssmt_sign_open
  18. #define XMSS_VARIANT "XMSSMT-SHA2_20/2_256"
  19. #else
  20. #define XMSS_PARSE_OID xmss_parse_oid
  21. #define XMSS_STR_TO_OID xmss_str_to_oid
  22. #define XMSS_KEYPAIR xmss_keypair
  23. #define XMSS_SIGN xmss_sign
  24. #define XMSS_SIGN_OPEN xmss_sign_open
  25. #define XMSS_VARIANT "XMSS-SHA2_10_256"
  26. #endif
  27. int main()
  28. {
  29. xmss_params params;
  30. uint32_t oid;
  31. int ret = 0;
  32. int i;
  33. // TODO test more different variants
  34. XMSS_STR_TO_OID(&oid, XMSS_VARIANT);
  35. XMSS_PARSE_OID(&params, oid);
  36. unsigned char pk[XMSS_OID_LEN + params.pk_bytes];
  37. unsigned char sk[XMSS_OID_LEN + params.sk_bytes];
  38. unsigned char *m = malloc(XMSS_MLEN);
  39. unsigned char *sm = malloc(params.sig_bytes + XMSS_MLEN);
  40. unsigned char *mout = malloc(params.sig_bytes + XMSS_MLEN);
  41. unsigned long long smlen;
  42. unsigned long long mlen;
  43. randombytes(m, XMSS_MLEN);
  44. XMSS_KEYPAIR(pk, sk, oid);
  45. printf("Testing %d %s signatures.. \n", XMSS_SIGNATURES, XMSS_VARIANT);
  46. for (i = 0; i < XMSS_SIGNATURES; i++) {
  47. printf(" - iteration #%d:\n", i);
  48. XMSS_SIGN(sk, sm, &smlen, m, XMSS_MLEN);
  49. if (smlen != params.sig_bytes + XMSS_MLEN) {
  50. printf(" X smlen incorrect [%llu != %u]!\n",
  51. smlen, params.sig_bytes);
  52. ret = -1;
  53. }
  54. else {
  55. printf(" smlen as expected [%llu].\n", smlen);
  56. }
  57. /* Test if signature is valid. */
  58. if (XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
  59. printf(" X verification failed!\n");
  60. ret = -1;
  61. }
  62. else {
  63. printf(" verification succeeded.\n");
  64. }
  65. /* Test if the correct message was recovered. */
  66. if (mlen != XMSS_MLEN) {
  67. printf(" X mlen incorrect [%llu != %u]!\n", mlen, XMSS_MLEN);
  68. ret = -1;
  69. }
  70. else {
  71. printf(" mlen as expected [%llu].\n", mlen);
  72. }
  73. if (memcmp(m, mout, XMSS_MLEN)) {
  74. printf(" X output message incorrect!\n");
  75. ret = -1;
  76. }
  77. else {
  78. printf(" output message as expected.\n");
  79. }
  80. /* Test if flipping bits invalidates the signature (it should). */
  81. /* Flip the first bit of the message. Should invalidate. */
  82. sm[smlen - 1] ^= 1;
  83. if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
  84. printf(" X flipping a bit of m DID NOT invalidate signature!\n");
  85. ret = -1;
  86. }
  87. else {
  88. printf(" flipping a bit of m invalidates signature.\n");
  89. }
  90. sm[smlen - 1] ^= 1;
  91. #ifdef XMSS_TEST_INVALIDSIG
  92. int j;
  93. /* Flip one bit per hash; the signature is almost entirely hashes.
  94. This also flips a bit in the index, which is also a useful test. */
  95. for (j = 0; j < (int)(smlen - XMSS_MLEN); j += params.n) {
  96. sm[j] ^= 1;
  97. if (!XMSS_SIGN_OPEN(mout, &mlen, sm, smlen, pk)) {
  98. printf(" X flipping bit %d DID NOT invalidate sig + m!\n", j);
  99. sm[j] ^= 1;
  100. ret = -1;
  101. break;
  102. }
  103. sm[j] ^= 1;
  104. }
  105. if (j >= (int)(smlen - XMSS_MLEN)) {
  106. printf(" changing any signature hash invalidates signature.\n");
  107. }
  108. #endif
  109. }
  110. free(m);
  111. free(sm);
  112. free(mout);
  113. return ret;
  114. }