commit 9fc303a99a151806d2aca629609169cfc920b3d8
author Raef Coles <raef.coles@arm.com> Wed Oct 12 10:32:15 2022 +0100
committer Raef Coles <raef.coles@arm.com> Thu Oct 13 14:30:01 2022 +0100
tree f6a523db84715549afc5c417fa781c924b614ad8
parent 71f554b48fcd562193d4a0f53beb54f3612ffa25

Add extra LMOTS import negative tests

And fix failures that are related to the new tests

Signed-off-by: Raef Coles <raef.coles@arm.com>

library/lmots.c

diff --git a/library/lmots.c b/library/lmots.c
index f198718..a172f77 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -415,7 +415,7 @@
         mbedtls_lms_network_bytes_to_unsigned_int( MBEDTLS_LMOTS_TYPE_LEN,
                 key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );
 
-    if( key_len < MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) )
+    if( key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type) )
     {
         return( MBEDTLS_ERR_LMS_BAD_INPUT_DATA );
     }

tests/suites/test_suite_lmots.data

diff --git a/tests/suites/test_suite_lmots.data b/tests/suites/test_suite_lmots.data
index 3c28df7..fdb6e43 100644
--- a/tests/suites/test_suite_lmots.data
+++ b/tests/suites/test_suite_lmots.data
@@ -107,6 +107,33 @@
 # buffer is too small.
 lmots_import_export_test:"0000000447cc5b29dd0cecd01c382434a6d1686400000001f337dde97685d008a4440b59550277390018d3f1d485fa4b8c91796032de494b":0
 
+LMOTS key import too large key test
+# This test uses the valid public key for hsslms interop test 1, add an extra
+# byte, and then imports it. This should fail.
+lmots_import_export_test:"0000000447cc5b29dd0cecd01c382434a6d1686400000001f337dde97685d008a4440b59550277390018d3f1d485fa4b8c91796032de494b00":MBEDTLS_ERR_LMS_BAD_INPUT_DATA
+
+LMOTS key import too small key test
+# This test uses the valid public key for hsslms interop test 1, removes a byte,
+# and then imports it. This should fail.
+lmots_import_export_test:"0000000447cc5b29dd0cecd01c382434a6d1686400000001f337dde97685d008a4440b59550277390018d3f1d485fa4b8c91796032de49":MBEDTLS_ERR_LMS_BAD_INPUT_DATA
+
+LMOTS key import no type test
+# This test uses the valid public key for hsslms interop test 1, cuts it down so
+# it's smaller than the LMOTS type offset, and imports it. This should fail, and
+# not attempt to read invalidly outside the buffer.
+lmots_import_export_test:"000000":MBEDTLS_ERR_LMS_BAD_INPUT_DATA
+
+LMOTS key import invalid type test #1
+# This test uses the valid public key for hsslms interop test 1, alters the
+# LMOTS type to 0x3, and imports it. This should fail.
+lmots_import_export_test:"0000000347cc5b29dd0cecd01c382434a6d1686400000001f337dde97685d008a4440b59550277390018d3f1d485fa4b8c91796032de494b":MBEDTLS_ERR_LMS_BAD_INPUT_DATA
+
+LMOTS key import invalid type test #2
+# This test uses the valid public key for hsslms interop test 1, alters the
+# LMOTS type to 0x5, and imports it. This should fail, and not attempt to read
+# invalidly outside the buffer.
+lmots_import_export_test:"0000000547cc5b29dd0cecd01c382434a6d1686400000001f337dde97685d008a4440b59550277390018d3f1d485fa4b8c91796032de494b":MBEDTLS_ERR_LMS_BAD_INPUT_DATA
+
 LMOTS key reuse test
 # This test uses a fixed message, and then generates a private key, signs the
 # message, and then attempts to sign the message again. The second signature