16581714815

Committed 28 Jul 2025 10:25PM UTC coverage: 90.475% (-0.2%) from 90.685%

Build # 16581714815

Build Type

Pull #5021

github

Committed by

web-flow

Commit Message

Merge 072983077 into 1eacc5b05

Pull Request Pull Request #5021: Add PK_Signature_Options

Run Details

99366 of 109827 relevant lines covered (90.48%)

12349417.34 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.68

/src/tests/test_hss_lms.cpp

/*
* (C) 2023 Jack Lloyd
*     2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "test_pubkey.h"
#include "tests.h"

#if defined(BOTAN_HAS_HSS_LMS)

   #include <botan/hss_lms.h>
   #include <botan/pk_algs.h>
   #include <botan/internal/fmt.h>
   #include <botan/internal/hss.h>
   #include <botan/internal/loadstor.h>
   #include <botan/internal/pk_options.h>

namespace Botan_Tests {

namespace {

/**
 * @brief Test the correct parsing of HSS-LMS parameters
 */
std::vector<Test::Result> test_hss_lms_params_parsing() {
   return {
      CHECK("HSS Parameter Parsing",
            [&](Test::Result& result) {
               result.test_no_throw("no throw", [&] {
                  Botan::HSS_LMS_Params hss_params("SHA-256,HW(5,1),HW(25,8)");

                  result.test_is_eq("hss levels", hss_params.L(), Botan::HSS_Level(2));
                  const auto& top_lms_params = hss_params.params_at_level(Botan::HSS_Level(0));
                  result.test_is_eq("hash name", top_lms_params.lms_params().hash_name(), std::string("SHA-256"));
                  result.test_is_eq("top level - lms type",
                                    top_lms_params.lms_params().algorithm_type(),
                                    Botan::LMS_Algorithm_Type::SHA256_M32_H5);
                  result.test_is_eq("top level - ots type",
                                    top_lms_params.lmots_params().algorithm_type(),
                                    Botan::LMOTS_Algorithm_Type::SHA256_N32_W1);

                  const auto& second_lms_params = hss_params.params_at_level(Botan::HSS_Level(1));
                  result.test_is_eq("2nd level - lms type",
                                    second_lms_params.lms_params().algorithm_type(),
                                    Botan::LMS_Algorithm_Type::SHA256_M32_H25);
                  result.test_is_eq("2nd level - ots type",
                                    second_lms_params.lmots_params().algorithm_type(),
                                    Botan::LMOTS_Algorithm_Type::SHA256_N32_W8);
               });
            }),

   };
}

/**
 * @brief Test signature generation using the raw private key bytes
 */
class HSS_LMS_Signature_Generation_Test final : public PK_Signature_Generation_Test {
   public:
      HSS_LMS_Signature_Generation_Test() :
            PK_Signature_Generation_Test("HSS-LMS", "pubkey/hss_lms_sig.vec", "Msg,PrivateKey,Signature") {}

      std::string default_padding(const VarMap& /*vars*/) const final { return ""; }

      std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) final {
         const auto sk_bytes = Botan::lock(vars.get_req_bin("PrivateKey"));
         return std::make_unique<Botan::HSS_LMS_PrivateKey>(sk_bytes);
      }
};

/**
 * @brief Test signature verification using the raw public key bytes
 */
class HSS_LMS_Signature_Verify_Tests final : public PK_Signature_Verification_Test {
   public:
      HSS_LMS_Signature_Verify_Tests() :
            PK_Signature_Verification_Test("HSS-LMS", "pubkey/hss_lms_verify.vec", "Msg,PublicKey,Signature") {}

      std::string default_padding(const VarMap& /*vars*/) const final { return ""; }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::vector<uint8_t> pk_bytes = vars.get_req_bin("PublicKey");
         return std::make_unique<Botan::HSS_LMS_PublicKey>(pk_bytes);
      }
};

/**
 * @brief Test the correct revocation of invalid signatures
 */
class HSS_LMS_Signature_Verify_Invalid_Tests final : public PK_Signature_NonVerification_Test {
   public:
      HSS_LMS_Signature_Verify_Invalid_Tests() :
            PK_Signature_NonVerification_Test(
               "HSS_LMS", "pubkey/hss_lms_invalid.vec", "Msg,PublicKey,InvalidSignature") {}

      std::string default_padding(const VarMap& /*vars*/) const override { return ""; }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::vector<uint8_t> raw_key = vars.get_req_bin("PublicKey");
         return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_key);
      }
};

/**
 * @brief Test HSS-LMS public key creation
 */
class HSS_LMS_Key_Generation_Test final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const final { return {"SHA-256,HW(10,4),HW(5,8)"}; }

      std::string algo_name() const final { return "HSS-LMS"; }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,
                                                             std::string_view /* provider */,
                                                             std::span<const uint8_t> raw_pk) const override {
         return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_pk);
      }
};

/**
 * @brief Test that for manipulated signatures and too short signatures, private keys, and public keys a DecodeError occurs.
 */
class HSS_LMS_Negative_Tests final : public Test {
      Test::Result test_flipped_signature_bits() {
         Test::Result result("HSS-LMS - flipped signature bits");

         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         Botan::PK_Signer signer(*sk, Test::rng(), Botan::PK_Signature_Options());
         Botan::PK_Verifier verifier(*sk, Botan::PK_Signature_Options());

         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};

         signer.update(mes);
         auto valid_sig = signer.signature(Test::rng());
         verifier.update(mes);
         result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));
         for(size_t idx = 0; idx < valid_sig.size(); ++idx) {
            auto bad_sig = valid_sig;
            bad_sig.at(idx) ^= 0x80;
            result.test_no_throw(Botan::fmt("Verification does not throw (byte idx {})", idx), [&]() {
               verifier.update(mes);
               bool valid = verifier.check_signature(bad_sig);
               result.confirm(Botan::fmt("Manipulated signature is invalid (byte idx {})", idx), !valid);
            });
         }

         return result;
      }

      Test::Result test_too_short_signature() {
         Test::Result result("HSS-LMS");

         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         Botan::PK_Signer signer(*sk, Test::rng(), Botan::PK_Signature_Options());
         Botan::PK_Verifier verifier(*sk, Botan::PK_Signature_Options());

         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};

         signer.update(mes);
         auto valid_sig = signer.signature(Test::rng());
         verifier.update(mes);
         result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));
         for(size_t n = 0; n < valid_sig.size(); ++n) {
            result.test_no_throw("Verification does not throw", [&]() {
               verifier.update(mes);
               bool valid = verifier.check_signature(valid_sig.data(), n);
               result.confirm("Too short signature is invalid", !valid);
            });
         }

         return result;
      }

      Test::Result test_too_short_private_key() {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         auto sk_bytes = sk->private_key_bits();
         result.test_no_throw("Entire private key valid", [&]() {
            Botan::HSS_LMS_PrivateKey key(sk_bytes);
            BOTAN_UNUSED(key);
         });
         for(size_t n = 0; n < sk_bytes.size(); ++n) {
            result.test_throws<Botan::Decoding_Error>("Partial private key invalid", [&]() {
               std::span<const uint8_t> partial_key = {sk_bytes.data(), n};
               Botan::HSS_LMS_PrivateKey key(partial_key);
               BOTAN_UNUSED(key);
            });
         }
         return result;
      }

      Test::Result test_too_short_public_key() {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         auto sk_bytes = sk->public_key_bits();
         result.test_no_throw("Entire public key valid", [&]() {
            Botan::HSS_LMS_PublicKey key(sk_bytes);
            BOTAN_UNUSED(key);
         });
         for(size_t n = 0; n < sk_bytes.size(); ++n) {
            result.test_throws<Botan::Decoding_Error>("Partial public key invalid", [&]() {
               std::span<const uint8_t> partial_key = {sk_bytes.data(), n};
               Botan::HSS_LMS_PublicKey key(partial_key);
               BOTAN_UNUSED(key);
            });
         }
         return result;
      }

      std::vector<Test::Result> run() final {
         return {test_flipped_signature_bits(),
                 test_too_short_signature(),
                 test_too_short_private_key(),
                 test_too_short_public_key()};
      }
};

/**
 * @brief Test the correct handling of the HSS-LMS private key's state.
 */
class HSS_LMS_Statefulness_Test final : public Test {
      Botan::HSS_LMS_PrivateKey create_private_key_with_idx(uint64_t idx) {
         auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8)");
         auto bytes = sk.private_key_bits();
         // The index is store after the level (uint32_t)
         Botan::store_be(idx, bytes.data() + sizeof(uint32_t));
         return Botan::HSS_LMS_PrivateKey(bytes);
      }

      Test::Result test_sig_changes_state() {
         Test::Result result("HSS-LMS");

         auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8),HW(5,8)");
         Botan::PK_Signer signer(sk, Test::rng(), Botan::PK_Signature_Options());
         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};
         auto sk_bytes_begin = sk.private_key_bits();

         // Tree hights: 5,5 => 2^(5+5) = 1024 signatures available
         const uint64_t expected_total = 1024;
         result.confirm("Fresh key starts with total number of remaining signatures.",
                        sk.remaining_operations() == expected_total);

         // Creating a signature should update the private key's state
         auto sig_0 = signer.sign_message(mes, Test::rng());
         result.confirm(
            "First signature uses index 0.",
            Botan::HSS_Signature::from_bytes_or_throw(sig_0).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(0));

         auto sk_bytes_after_sig = sk.private_key_bits();

         result.confirm("Signature decreases number of remaining signatures.",
                        sk.remaining_operations() == expected_total - 1);
         result.test_ne("Signature updates private key.", sk_bytes_after_sig, sk_bytes_begin);

         auto sig_1 = signer.sign_message(mes, Test::rng());
         result.confirm(
            "Next signature uses the new index.",
            Botan::HSS_Signature::from_bytes_or_throw(sig_1).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(1));

         return result;
      }

      Test::Result test_max_sig_count() {
         Test::Result result("HSS-LMS");

         uint64_t total_sig_count = 32;
         auto sk = create_private_key_with_idx(total_sig_count - 1);

         Botan::PK_Signer signer(sk, Test::rng(), Botan::PK_Signature_Options());
         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};
         auto sk_bytes_begin = sk.private_key_bits();

         result.confirm("One remaining signature.", sk.remaining_operations() == uint64_t(1));
         result.test_no_throw("Use last signature index.", [&]() { signer.sign_message(mes, Test::rng()); });
         result.confirm("No remaining signatures.", sk.remaining_operations() == uint64_t(0));
         result.test_throws("Cannot sign with exhausted key.", [&]() { signer.sign_message(mes, Test::rng()); });
         result.confirm("Still zero remaining signatures.", sk.remaining_operations() == uint64_t(0));

         return result;
      }

      std::vector<Test::Result> run() final { return {test_sig_changes_state(), test_max_sig_count()}; }
};

/**
 * @brief Test APIs not covered by other tests.
 */
class HSS_LMS_Missing_API_Test final : public Test {
      std::vector<Test::Result> run() final {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "SHA-256,HW(10,4)");
         sk->key_length();
         result.test_gt("Public key length must be greater than the simply type information plus I",
                        sk->key_length(),
                        3 * sizeof(uint32_t) + Botan::LMS_IDENTIFIER_LEN);

         // HSS_LMS_Verification_Operation::hash_function()
         Botan::PK_Verifier verifier(*sk, Botan::PK_Signature_Options());
         result.test_eq("PK_Verifier should report the hash of the key", verifier.hash_function(), "SHA-256");

         // HSS_LMS_PrivateKey::raw_private_key_bits()
         result.test_eq("Our BER and raw encoding is the same", sk->raw_private_key_bits(), sk->private_key_bits());

         // HSS_LMS_Signature_Operation::algorithm_identifier()
         Botan::PK_Signer signer(*sk, Test::rng(), Botan::PK_Signature_Options());
         result.test_is_eq(signer.algorithm_identifier(), sk->algorithm_identifier());

         // HSS_LMS_Signature_Operation::hash_function()
         result.test_eq("PK_Signer should report the hash of the key", signer.hash_function(), "SHA-256");

         return {result};
      }
};

BOTAN_REGISTER_TEST_FN("pubkey", "hss_lms_params_parsing", test_hss_lms_params_parsing);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_sign", HSS_LMS_Signature_Generation_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify", HSS_LMS_Signature_Verify_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify_invalid", HSS_LMS_Signature_Verify_Invalid_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_keygen", HSS_LMS_Key_Generation_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_negative", HSS_LMS_Negative_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_state", HSS_LMS_Statefulness_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_api", HSS_LMS_Missing_API_Test);

}  // namespace

}  // namespace Botan_Tests

#endif  // BOTAN_HAS_HSS_LMS

1	/*
2	* (C) 2023 Jack Lloyd
3	* 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "test_pubkey.h"
9	#include "tests.h"
10
11	#if defined(BOTAN_HAS_HSS_LMS)
12
13	#include <botan/hss_lms.h>
14	#include <botan/pk_algs.h>
15	#include <botan/internal/fmt.h>
16	#include <botan/internal/hss.h>
17	#include <botan/internal/loadstor.h>
18	#include <botan/internal/pk_options.h>
19
20	namespace Botan_Tests {
21
22	namespace {
23
24	/**
25	* @brief Test the correct parsing of HSS-LMS parameters
26	*/
27	std::vector<Test::Result> test_hss_lms_params_parsing() {	1✔
28	return {	1✔
29	CHECK("HSS Parameter Parsing",
30	[&](Test::Result& result) {	1✔
31	result.test_no_throw("no throw", [&] {	2✔
32	Botan::HSS_LMS_Params hss_params("SHA-256,HW(5,1),HW(25,8)");	1✔
33
34	result.test_is_eq("hss levels", hss_params.L(), Botan::HSS_Level(2));	1✔
35	const auto& top_lms_params = hss_params.params_at_level(Botan::HSS_Level(0));	1✔
36	result.test_is_eq("hash name", top_lms_params.lms_params().hash_name(), std::string("SHA-256"));	2✔
37	result.test_is_eq("top level - lms type",	1✔
38	top_lms_params.lms_params().algorithm_type(),	1✔
39	Botan::LMS_Algorithm_Type::SHA256_M32_H5);	1✔
40	result.test_is_eq("top level - ots type",	1✔
41	top_lms_params.lmots_params().algorithm_type(),	1✔
42	Botan::LMOTS_Algorithm_Type::SHA256_N32_W1);	1✔
43
44	const auto& second_lms_params = hss_params.params_at_level(Botan::HSS_Level(1));	1✔
45	result.test_is_eq("2nd level - lms type",	1✔
46	second_lms_params.lms_params().algorithm_type(),	1✔
47	Botan::LMS_Algorithm_Type::SHA256_M32_H25);	1✔
48	result.test_is_eq("2nd level - ots type",	1✔
49	second_lms_params.lmots_params().algorithm_type(),	1✔
50	Botan::LMOTS_Algorithm_Type::SHA256_N32_W8);	2✔
51	});	1✔
52	}),	1✔
53
54	};	2✔
55	}	1✔
56
57	/**
58	* @brief Test signature generation using the raw private key bytes
59	*/
60	class HSS_LMS_Signature_Generation_Test final : public PK_Signature_Generation_Test {
61	public:
62	HSS_LMS_Signature_Generation_Test() :	1✔
63	PK_Signature_Generation_Test("HSS-LMS", "pubkey/hss_lms_sig.vec", "Msg,PrivateKey,Signature") {}	2✔
64
65	std::string default_padding(const VarMap& /vars/) const final { return ""; }	2✔
66
67	std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) final {	2✔
68	const auto sk_bytes = Botan::lock(vars.get_req_bin("PrivateKey"));	6✔
69	return std::make_unique<Botan::HSS_LMS_PrivateKey>(sk_bytes);	2✔
70	}	2✔
71	};
72
73	/**
74	* @brief Test signature verification using the raw public key bytes
75	*/
76	class HSS_LMS_Signature_Verify_Tests final : public PK_Signature_Verification_Test {
77	public:
78	HSS_LMS_Signature_Verify_Tests() :	1✔
79	PK_Signature_Verification_Test("HSS-LMS", "pubkey/hss_lms_verify.vec", "Msg,PublicKey,Signature") {}	2✔
80
81	std::string default_padding(const VarMap& /vars/) const final { return ""; }	5✔
82
83	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	5✔
84	const std::vector<uint8_t> pk_bytes = vars.get_req_bin("PublicKey");	5✔
85	return std::make_unique<Botan::HSS_LMS_PublicKey>(pk_bytes);	10✔
86	}	5✔
87	};
88
89	/**
90	* @brief Test the correct revocation of invalid signatures
91	*/
92	class HSS_LMS_Signature_Verify_Invalid_Tests final : public PK_Signature_NonVerification_Test {
93	public:
94	HSS_LMS_Signature_Verify_Invalid_Tests() :	1✔
95	PK_Signature_NonVerification_Test(
96	"HSS_LMS", "pubkey/hss_lms_invalid.vec", "Msg,PublicKey,InvalidSignature") {}	2✔
97
98	std::string default_padding(const VarMap& /vars/) const override { return ""; }	4✔
99
100	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	4✔
101	const std::vector<uint8_t> raw_key = vars.get_req_bin("PublicKey");	4✔
102	return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_key);	8✔
103	}	4✔
104	};
105
106	/**
107	* @brief Test HSS-LMS public key creation
108	*/
109	class HSS_LMS_Key_Generation_Test final : public PK_Key_Generation_Test {	×
110	public:
111	std::vector<std::string> keygen_params() const final { return {"SHA-256,HW(10,4),HW(5,8)"}; }	1✔
112
113	std::string algo_name() const final { return "HSS-LMS"; }	1✔
114
115	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,	1✔
116	std::string_view /* provider */,
117	std::span<const uint8_t> raw_pk) const override {
118	return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_pk);	1✔
119	}
120	};
121
122	/**
123	* @brief Test that for manipulated signatures and too short signatures, private keys, and public keys a DecodeError occurs.
124	*/
125	class HSS_LMS_Negative_Tests final : public Test {	×
126	Test::Result test_flipped_signature_bits() {	1✔
127	Test::Result result("HSS-LMS - flipped signature bits");	1✔
128
129	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
130
131	Botan::PK_Signer signer(*sk, Test::rng(), Botan::PK_Signature_Options());	1✔
132	Botan::PK_Verifier verifier(*sk, Botan::PK_Signature_Options());	1✔
133
134	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
135
136	signer.update(mes);	1✔
137	auto valid_sig = signer.signature(Test::rng());	1✔
138	verifier.update(mes);	1✔
139	result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));	2✔
140	for(size_t idx = 0; idx < valid_sig.size(); ++idx) {	785✔
141	auto bad_sig = valid_sig;	784✔
142	bad_sig.at(idx) ^= 0x80;	784✔
143	result.test_no_throw(Botan::fmt("Verification does not throw (byte idx {})", idx), [&]() {	2,352✔
144	verifier.update(mes);	784✔
145	bool valid = verifier.check_signature(bad_sig);	784✔
146	result.confirm(Botan::fmt("Manipulated signature is invalid (byte idx {})", idx), !valid);	1,568✔
147	});	784✔
148	}	784✔
149
150	return result;	1✔
151	}	3✔
152
153	Test::Result test_too_short_signature() {	1✔
154	Test::Result result("HSS-LMS");	1✔
155
156	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
157
158	Botan::PK_Signer signer(*sk, Test::rng(), Botan::PK_Signature_Options());	1✔
159	Botan::PK_Verifier verifier(*sk, Botan::PK_Signature_Options());	1✔
160
161	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
162
163	signer.update(mes);	1✔
164	auto valid_sig = signer.signature(Test::rng());	1✔
165	verifier.update(mes);	1✔
166	result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));	2✔
167	for(size_t n = 0; n < valid_sig.size(); ++n) {	785✔
168	result.test_no_throw("Verification does not throw", [&]() {	2,352✔
169	verifier.update(mes);	784✔
170	bool valid = verifier.check_signature(valid_sig.data(), n);	784✔
171	result.confirm("Too short signature is invalid", !valid);	1,568✔
172	});	784✔
173	}
174
175	return result;	1✔
176	}	3✔
177
178	Test::Result test_too_short_private_key() {	1✔
179	Test::Result result("HSS-LMS");	1✔
180
181	// HSS_LMS_PublicKey::key_length()
182	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
183
184	auto sk_bytes = sk->private_key_bits();	1✔
185	result.test_no_throw("Entire private key valid", [&]() {	2✔
186	Botan::HSS_LMS_PrivateKey key(sk_bytes);	1✔
187	BOTAN_UNUSED(key);	1✔
188	});	1✔
189	for(size_t n = 0; n < sk_bytes.size(); ++n) {	61✔
190	result.test_throws<Botan::Decoding_Error>("Partial private key invalid", [&]() {	180✔
191	std::span<const uint8_t> partial_key = {sk_bytes.data(), n};	60✔
192	Botan::HSS_LMS_PrivateKey key(partial_key);	60✔
193	BOTAN_UNUSED(key);	×
194	});	×
195	}
196	return result;	1✔
197	}	2✔
198
199	Test::Result test_too_short_public_key() {	1✔
200	Test::Result result("HSS-LMS");	1✔
201
202	// HSS_LMS_PublicKey::key_length()
203	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
204
205	auto sk_bytes = sk->public_key_bits();	1✔
206	result.test_no_throw("Entire public key valid", [&]() {	2✔
207	Botan::HSS_LMS_PublicKey key(sk_bytes);	1✔
208	BOTAN_UNUSED(key);	1✔
209	});	1✔
210	for(size_t n = 0; n < sk_bytes.size(); ++n) {	53✔
211	result.test_throws<Botan::Decoding_Error>("Partial public key invalid", [&]() {	156✔
212	std::span<const uint8_t> partial_key = {sk_bytes.data(), n};	52✔
213	Botan::HSS_LMS_PublicKey key(partial_key);	52✔
214	BOTAN_UNUSED(key);	×
215	});	×
216	}
217	return result;	1✔
218	}	2✔
219
220	std::vector<Test::Result> run() final {	1✔
221	return {test_flipped_signature_bits(),	1✔
222	test_too_short_signature(),
223	test_too_short_private_key(),
224	test_too_short_public_key()};	5✔
225	}	1✔
226	};
227
228	/**
229	* @brief Test the correct handling of the HSS-LMS private key's state.
230	*/
231	class HSS_LMS_Statefulness_Test final : public Test {	×
232	Botan::HSS_LMS_PrivateKey create_private_key_with_idx(uint64_t idx) {	1✔
233	auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
234	auto bytes = sk.private_key_bits();	1✔
235	// The index is store after the level (uint32_t)
236	Botan::store_be(idx, bytes.data() + sizeof(uint32_t));	1✔
237	return Botan::HSS_LMS_PrivateKey(bytes);	2✔
238	}	1✔
239
240	Test::Result test_sig_changes_state() {	1✔
241	Test::Result result("HSS-LMS");	1✔
242
243	auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8),HW(5,8)");	1✔
244	Botan::PK_Signer signer(sk, Test::rng(), Botan::PK_Signature_Options());	1✔
245	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
246	auto sk_bytes_begin = sk.private_key_bits();	1✔
247
248	// Tree hights: 5,5 => 2^(5+5) = 1024 signatures available
249	const uint64_t expected_total = 1024;	1✔
250	result.confirm("Fresh key starts with total number of remaining signatures.",	1✔
251	sk.remaining_operations() == expected_total);	2✔
252
253	// Creating a signature should update the private key's state
254	auto sig_0 = signer.sign_message(mes, Test::rng());	1✔
255	result.confirm(	2✔
256	"First signature uses index 0.",
257	Botan::HSS_Signature::from_bytes_or_throw(sig_0).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(0));	1✔
258
259	auto sk_bytes_after_sig = sk.private_key_bits();	1✔
260
261	result.confirm("Signature decreases number of remaining signatures.",	1✔
262	sk.remaining_operations() == expected_total - 1);	2✔
263	result.test_ne("Signature updates private key.", sk_bytes_after_sig, sk_bytes_begin);	2✔
264
265	auto sig_1 = signer.sign_message(mes, Test::rng());	1✔
266	result.confirm(	2✔
267	"Next signature uses the new index.",
268	Botan::HSS_Signature::from_bytes_or_throw(sig_1).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(1));	1✔
269
270	return result;	2✔
271	}	5✔
272
273	Test::Result test_max_sig_count() {	1✔
274	Test::Result result("HSS-LMS");	1✔
275
276	uint64_t total_sig_count = 32;	1✔
277	auto sk = create_private_key_with_idx(total_sig_count - 1);	1✔
278
279	Botan::PK_Signer signer(sk, Test::rng(), Botan::PK_Signature_Options());	1✔
280	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
281	auto sk_bytes_begin = sk.private_key_bits();	1✔
282
283	result.confirm("One remaining signature.", sk.remaining_operations() == uint64_t(1));	3✔
284	result.test_no_throw("Use last signature index.", [&]() { signer.sign_message(mes, Test::rng()); });	4✔
285	result.confirm("No remaining signatures.", sk.remaining_operations() == uint64_t(0));	3✔
286	result.test_throws("Cannot sign with exhausted key.", [&]() { signer.sign_message(mes, Test::rng()); });	3✔
287	result.confirm("Still zero remaining signatures.", sk.remaining_operations() == uint64_t(0));	3✔
288
289	return result;	2✔
290	}	2✔
291
292	std::vector<Test::Result> run() final { return {test_sig_changes_state(), test_max_sig_count()}; }	3✔
293	};
294
295	/**
296	* @brief Test APIs not covered by other tests.
297	*/
298	class HSS_LMS_Missing_API_Test final : public Test {	×
299	std::vector<Test::Result> run() final {	1✔
300	Test::Result result("HSS-LMS");	1✔
301
302	// HSS_LMS_PublicKey::key_length()
303	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "SHA-256,HW(10,4)");	1✔
304	sk->key_length();	1✔
305	result.test_gt("Public key length must be greater than the simply type information plus I",	1✔
306	sk->key_length(),	1✔
307	3 * sizeof(uint32_t) + Botan::LMS_IDENTIFIER_LEN);
308
309	// HSS_LMS_Verification_Operation::hash_function()
310	Botan::PK_Verifier verifier(*sk, Botan::PK_Signature_Options());	1✔
311	result.test_eq("PK_Verifier should report the hash of the key", verifier.hash_function(), "SHA-256");	2✔
312
313	// HSS_LMS_PrivateKey::raw_private_key_bits()
314	result.test_eq("Our BER and raw encoding is the same", sk->raw_private_key_bits(), sk->private_key_bits());	3✔
315
316	// HSS_LMS_Signature_Operation::algorithm_identifier()
317	Botan::PK_Signer signer(*sk, Test::rng(), Botan::PK_Signature_Options());	1✔
318	result.test_is_eq(signer.algorithm_identifier(), sk->algorithm_identifier());	1✔
319
320	// HSS_LMS_Signature_Operation::hash_function()
321	result.test_eq("PK_Signer should report the hash of the key", signer.hash_function(), "SHA-256");	2✔
322
323	return {result};	3✔
324	}	3✔
325	};
326
327	BOTAN_REGISTER_TEST_FN("pubkey", "hss_lms_params_parsing", test_hss_lms_params_parsing);
328	BOTAN_REGISTER_TEST("pubkey", "hss_lms_sign", HSS_LMS_Signature_Generation_Test);
329	BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify", HSS_LMS_Signature_Verify_Tests);
330	BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify_invalid", HSS_LMS_Signature_Verify_Invalid_Tests);
331	BOTAN_REGISTER_TEST("pubkey", "hss_lms_keygen", HSS_LMS_Key_Generation_Test);
332	BOTAN_REGISTER_TEST("pubkey", "hss_lms_negative", HSS_LMS_Negative_Tests);
333	BOTAN_REGISTER_TEST("pubkey", "hss_lms_state", HSS_LMS_Statefulness_Test);
334	BOTAN_REGISTER_TEST("pubkey", "hss_lms_api", HSS_LMS_Missing_API_Test);
335
336	} // namespace
337
338	} // namespace Botan_Tests
339
340	#endif // BOTAN_HAS_HSS_LMS

randombit / botan / 16581714815

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous