commit 9c9027b1a47f64ac16ceeaf61bc261bdc9f5c90b
author Raef Coles <raef.coles@arm.com> Fri Sep 02 18:26:31 2022 +0100
committer Raef Coles <raef.coles@arm.com> Thu Oct 13 14:28:50 2022 +0100
tree 5ec4cd3f6ddbacfeee1fdcf33f2e875043125beb
parent fa24f9d6ea4be3aa5f91a0e9c5a13753022a6fd0

Add extra LMS and LMOTS tests

NULL-message and LMOTS signature leak tests

Signed-off-by: Raef Coles <raef.coles@arm.com>

tests/suites/test_suite_lmots.function

diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function
index 2a9ea54..d7067df 100644
--- a/tests/suites/test_suite_lmots.function
+++ b/tests/suites/test_suite_lmots.function
@@ -2,6 +2,27 @@
 #include "lmots.h"
 #include "mbedtls/lms.h"
 
+#if defined(MBEDTLS_TEST_HOOKS)
+extern int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * );
+
+int check_lmots_private_key_for_leak(unsigned char * sig)
+{
+    size_t idx;
+
+    for( idx = MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(MBEDTLS_LMOTS_SHA256_N32_W8);
+         idx < MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8);
+         idx++ )
+    {
+        if( sig[idx] != 0x7E ) {
+        while(1){}
+            return 1;
+        }
+    }
+
+    return 0;
+}
+#endif /* defined(MBEDTLS_TEST_HOOKS) */
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -34,6 +55,29 @@
 /* END_CASE */
 
 /* BEGIN_CASE */
+void lmots_sign_verify_null_msg_test ( data_t *key_id, int leaf_id, data_t *seed )
+{
+    mbedtls_lmots_public_t pub_ctx;
+    mbedtls_lmots_private_t priv_ctx;
+    unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
+
+    mbedtls_lmots_init_public( &pub_ctx );
+    mbedtls_lmots_init_private( &priv_ctx );
+
+    TEST_ASSERT( mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
+                 key_id->x, leaf_id, seed->x, seed->len ) == 0 );
+    TEST_ASSERT( mbedtls_lmots_calculate_public_key(&pub_ctx, &priv_ctx) == 0 );
+    TEST_ASSERT( mbedtls_lmots_sign(&priv_ctx, &mbedtls_test_rnd_std_rand, NULL,
+                 NULL, 0, sig, sizeof(sig), NULL ) == 0 );
+    TEST_ASSERT( mbedtls_lmots_verify(&pub_ctx, NULL, 0, sig, sizeof(sig)) == 0 );
+
+exit:
+    mbedtls_lmots_free_public( &pub_ctx );
+    mbedtls_lmots_free_private( &priv_ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
 void lmots_verify_test ( data_t *msg, data_t *sig, data_t *pub_key,
                           int expected_rc )
 {
@@ -94,3 +138,28 @@
     mbedtls_lmots_free_private( &ctx );
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void lmots_signature_leak_test ( data_t *msg, data_t *key_id, int leaf_id,
+                                 data_t *seed )
+{
+    mbedtls_lmots_private_t ctx;
+    unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
+
+    mbedtls_lmots_sign_private_key_invalidated_hook = &check_lmots_private_key_for_leak;
+
+    /* Fill with recognisable pattern */
+    memset( sig, 0x7E, sizeof( sig ) );
+
+    mbedtls_lmots_init_private( &ctx );
+    TEST_ASSERT( mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
+                                                    key_id->x, leaf_id, seed->x,
+                                                    seed->len ) == 0 );
+    TEST_ASSERT( mbedtls_lmots_sign(&ctx, mbedtls_test_rnd_std_rand, NULL,
+                                    msg->x, msg->len, sig, sizeof( sig ), NULL ) == 0 );
+
+exit:
+    mbedtls_lmots_free_private( &ctx );
+    mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
+}
+/* END_CASE */