21786344715

Committed 07 Feb 2026 08:25PM UTC coverage: 90.068% (-0.005%) from 90.073%

Build # 21786344715

Build Type

Pull #5295

github

Committed by

web-flow

Commit Message

Merge 8d5fc3b23 into ebf8f0044

Pull Request Pull Request #5295: Reduce header dependencies in tests and cli

Run Details

102234 of 113507 relevant lines covered (90.07%)

11372278.81 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.84

/src/tests/test_hss_lms.cpp

/*
* (C) 2023 Jack Lloyd
*     2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_HSS_LMS)
   #include "test_pubkey.h"
   #include <botan/hss_lms.h>
   #include <botan/pk_algs.h>
   #include <botan/pubkey.h>
   #include <botan/internal/fmt.h>
   #include <botan/internal/hss.h>
   #include <botan/internal/loadstor.h>

namespace Botan_Tests {

namespace {

/**
 * @brief Test the correct parsing of HSS-LMS parameters
 */
std::vector<Test::Result> test_hss_lms_params_parsing() {
   return {
      CHECK("HSS Parameter Parsing",
            [&](Test::Result& result) {
               result.test_no_throw("no throw", [&] {
                  const Botan::HSS_LMS_Params hss_params("SHA-256,HW(5,1),HW(25,8)");

                  result.test_is_eq("hss levels", hss_params.L(), Botan::HSS_Level(2));
                  const auto& top_lms_params = hss_params.params_at_level(Botan::HSS_Level(0));
                  result.test_is_eq("hash name", top_lms_params.lms_params().hash_name(), std::string("SHA-256"));
                  result.test_is_eq("top level - lms type",
                                    top_lms_params.lms_params().algorithm_type(),
                                    Botan::LMS_Algorithm_Type::SHA256_M32_H5);
                  result.test_is_eq("top level - ots type",
                                    top_lms_params.lmots_params().algorithm_type(),
                                    Botan::LMOTS_Algorithm_Type::SHA256_N32_W1);

                  const auto& second_lms_params = hss_params.params_at_level(Botan::HSS_Level(1));
                  result.test_is_eq("2nd level - lms type",
                                    second_lms_params.lms_params().algorithm_type(),
                                    Botan::LMS_Algorithm_Type::SHA256_M32_H25);
                  result.test_is_eq("2nd level - ots type",
                                    second_lms_params.lmots_params().algorithm_type(),
                                    Botan::LMOTS_Algorithm_Type::SHA256_N32_W8);
               });
            }),

   };
}

/**
 * @brief Test signature generation using the raw private key bytes
 */
class HSS_LMS_Signature_Generation_Test final : public PK_Signature_Generation_Test {
   public:
      HSS_LMS_Signature_Generation_Test() :
            PK_Signature_Generation_Test("HSS-LMS", "pubkey/hss_lms_sig.vec", "Msg,PrivateKey,Signature") {}

      std::string default_padding(const VarMap& /*vars*/) const final { return ""; }

      std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) final {
         const auto sk_bytes = Botan::lock(vars.get_req_bin("PrivateKey"));
         return std::make_unique<Botan::HSS_LMS_PrivateKey>(sk_bytes);
      }
};

/**
 * @brief Test signature verification using the raw public key bytes
 */
class HSS_LMS_Signature_Verify_Tests final : public PK_Signature_Verification_Test {
   public:
      HSS_LMS_Signature_Verify_Tests() :
            PK_Signature_Verification_Test("HSS-LMS", "pubkey/hss_lms_verify.vec", "Msg,PublicKey,Signature") {}

      std::string default_padding(const VarMap& /*vars*/) const final { return ""; }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::vector<uint8_t> pk_bytes = vars.get_req_bin("PublicKey");
         return std::make_unique<Botan::HSS_LMS_PublicKey>(pk_bytes);
      }
};

/**
 * @brief Test the correct revocation of invalid signatures
 */
class HSS_LMS_Signature_Verify_Invalid_Tests final : public PK_Signature_NonVerification_Test {
   public:
      HSS_LMS_Signature_Verify_Invalid_Tests() :
            PK_Signature_NonVerification_Test(
               "HSS_LMS", "pubkey/hss_lms_invalid.vec", "Msg,PublicKey,InvalidSignature") {}

      std::string default_padding(const VarMap& /*vars*/) const override { return ""; }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::vector<uint8_t> raw_key = vars.get_req_bin("PublicKey");
         return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_key);
      }
};

/**
 * @brief Test HSS-LMS public key creation
 */
class HSS_LMS_Key_Generation_Test final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const final { return {"SHA-256,HW(10,4),HW(5,8)"}; }

      std::string algo_name() const final { return "HSS-LMS"; }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,
                                                             std::string_view /* provider */,
                                                             std::span<const uint8_t> raw_pk) const override {
         return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_pk);
      }
};

/**
 * @brief Test that for manipulated signatures and too short signatures, private keys, and public keys a DecodeError occurs.
 */
class HSS_LMS_Negative_Tests final : public Test {
      Test::Result test_flipped_signature_bits() {
         Test::Result result("HSS-LMS - flipped signature bits");

         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         Botan::PK_Signer signer(*sk, Test::rng(), "");
         Botan::PK_Verifier verifier(*sk, "");

         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};

         signer.update(mes);
         auto valid_sig = signer.signature(Test::rng());
         verifier.update(mes);
         result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));
         for(size_t idx = 0; idx < valid_sig.size(); ++idx) {
            auto bad_sig = valid_sig;
            bad_sig.at(idx) ^= 0x80;
            result.test_no_throw(Botan::fmt("Verification does not throw (byte idx {})", idx), [&]() {
               verifier.update(mes);
               const bool valid = verifier.check_signature(bad_sig);
               result.confirm(Botan::fmt("Manipulated signature is invalid (byte idx {})", idx), !valid);
            });
         }

         return result;
      }

      Test::Result test_too_short_signature() {
         Test::Result result("HSS-LMS");

         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         Botan::PK_Signer signer(*sk, Test::rng(), "");
         Botan::PK_Verifier verifier(*sk, "");

         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};

         signer.update(mes);
         auto valid_sig = signer.signature(Test::rng());
         verifier.update(mes);
         result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));
         for(size_t n = 0; n < valid_sig.size(); ++n) {
            result.test_no_throw("Verification does not throw", [&]() {
               verifier.update(mes);
               const bool valid = verifier.check_signature(valid_sig.data(), n);
               result.confirm("Too short signature is invalid", !valid);
            });
         }

         return result;
      }

      Test::Result test_too_short_private_key() {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         auto sk_bytes = sk->private_key_bits();
         result.test_no_throw("Entire private key valid", [&]() {
            const Botan::HSS_LMS_PrivateKey key(sk_bytes);
            BOTAN_UNUSED(key);
         });
         for(size_t n = 0; n < sk_bytes.size(); ++n) {
            result.test_throws<Botan::Decoding_Error>("Partial private key invalid", [&]() {
               const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};
               const Botan::HSS_LMS_PrivateKey key(partial_key);
               BOTAN_UNUSED(key);
            });
         }
         return result;
      }

      Test::Result test_too_short_public_key() {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         auto sk_bytes = sk->public_key_bits();
         result.test_no_throw("Entire public key valid", [&]() {
            const Botan::HSS_LMS_PublicKey key(sk_bytes);
            BOTAN_UNUSED(key);
         });
         for(size_t n = 0; n < sk_bytes.size(); ++n) {
            result.test_throws<Botan::Decoding_Error>("Partial public key invalid", [&]() {
               const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};
               const Botan::HSS_LMS_PublicKey key(partial_key);
               BOTAN_UNUSED(key);
            });
         }
         return result;
      }

      std::vector<Test::Result> run() final {
         return {test_flipped_signature_bits(),
                 test_too_short_signature(),
                 test_too_short_private_key(),
                 test_too_short_public_key()};
      }
};

/**
 * @brief Test the correct handling of the HSS-LMS private key's state.
 */
class HSS_LMS_Statefulness_Test final : public Test {
      Botan::HSS_LMS_PrivateKey create_private_key_with_idx(uint64_t idx) {
         auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8)");
         auto bytes = sk.private_key_bits();
         // The index is store after the level (uint32_t)
         Botan::store_be(idx, bytes.data() + sizeof(uint32_t));
         return Botan::HSS_LMS_PrivateKey(bytes);
      }

      Test::Result test_sig_changes_state() {
         Test::Result result("HSS-LMS");

         auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8),HW(5,8)");
         Botan::PK_Signer signer(sk, Test::rng(), "");
         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};
         auto sk_bytes_begin = sk.private_key_bits();

         // Tree heights: 5,5 => 2^(5+5) = 1024 signatures available
         const uint64_t expected_total = 1024;
         result.confirm("Fresh key starts with total number of remaining signatures.",
                        sk.remaining_operations() == expected_total);

         // Creating a signature should update the private key's state
         auto sig_0 = signer.sign_message(mes, Test::rng());
         result.confirm(
            "First signature uses index 0.",
            Botan::HSS_Signature::from_bytes_or_throw(sig_0).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(0));

         auto sk_bytes_after_sig = sk.private_key_bits();

         result.confirm("Signature decreases number of remaining signatures.",
                        sk.remaining_operations() == expected_total - 1);
         result.test_ne("Signature updates private key.", sk_bytes_after_sig, sk_bytes_begin);

         auto sig_1 = signer.sign_message(mes, Test::rng());
         result.confirm(
            "Next signature uses the new index.",
            Botan::HSS_Signature::from_bytes_or_throw(sig_1).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(1));

         return result;
      }

      Test::Result test_max_sig_count() {
         Test::Result result("HSS-LMS");

         const uint64_t total_sig_count = 32;
         auto sk = create_private_key_with_idx(total_sig_count - 1);

         Botan::PK_Signer signer(sk, Test::rng(), "");
         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};
         auto sk_bytes_begin = sk.private_key_bits();

         result.confirm("One remaining signature.", sk.remaining_operations() == uint64_t(1));
         result.test_no_throw("Use last signature index.", [&]() { signer.sign_message(mes, Test::rng()); });
         result.confirm("No remaining signatures.", sk.remaining_operations() == uint64_t(0));
         result.test_throws("Cannot sign with exhausted key.", [&]() { signer.sign_message(mes, Test::rng()); });
         result.confirm("Still zero remaining signatures.", sk.remaining_operations() == uint64_t(0));

         return result;
      }

      std::vector<Test::Result> run() final { return {test_sig_changes_state(), test_max_sig_count()}; }
};

/**
 * @brief Test APIs not covered by other tests.
 */
class HSS_LMS_Missing_API_Test final : public Test {
      std::vector<Test::Result> run() final {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "SHA-256,HW(10,4)");
         sk->key_length();
         result.test_gt("Public key length must be greater than the simply type information plus I",
                        sk->key_length(),
                        3 * sizeof(uint32_t) + Botan::LMS_IDENTIFIER_LEN);

         // HSS_LMS_Verification_Operation::hash_function()
         const Botan::PK_Verifier verifier(*sk, "");
         result.test_eq("PK_Verifier should report the hash of the key", verifier.hash_function(), "SHA-256");

         // HSS_LMS_PrivateKey::raw_private_key_bits()
         result.test_eq("Our BER and raw encoding is the same", sk->raw_private_key_bits(), sk->private_key_bits());

         // HSS_LMS_Signature_Operation::algorithm_identifier()
         const Botan::PK_Signer signer(*sk, Test::rng(), "");
         result.test_is_eq(signer.algorithm_identifier(), sk->algorithm_identifier());

         // HSS_LMS_Signature_Operation::hash_function()
         result.test_eq("PK_Signer should report the hash of the key", signer.hash_function(), "SHA-256");

         return {result};
      }
};

BOTAN_REGISTER_TEST_FN("pubkey", "hss_lms_params_parsing", test_hss_lms_params_parsing);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_sign", HSS_LMS_Signature_Generation_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify", HSS_LMS_Signature_Verify_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify_invalid", HSS_LMS_Signature_Verify_Invalid_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_keygen", HSS_LMS_Key_Generation_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_negative", HSS_LMS_Negative_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_state", HSS_LMS_Statefulness_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_api", HSS_LMS_Missing_API_Test);

}  // namespace

}  // namespace Botan_Tests

#endif  // BOTAN_HAS_HSS_LMS

1	/*
2	* (C) 2023 Jack Lloyd
3	* 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "tests.h"
9
10	#if defined(BOTAN_HAS_HSS_LMS)
11	#include "test_pubkey.h"
12	#include <botan/hss_lms.h>
13	#include <botan/pk_algs.h>
14	#include <botan/pubkey.h>
15	#include <botan/internal/fmt.h>
16	#include <botan/internal/hss.h>
17	#include <botan/internal/loadstor.h>
18
19	namespace Botan_Tests {
20
21	namespace {
22
23	/**
24	* @brief Test the correct parsing of HSS-LMS parameters
25	*/
26	std::vector<Test::Result> test_hss_lms_params_parsing() {	1✔
27	return {	1✔
28	CHECK("HSS Parameter Parsing",
29	[&](Test::Result& result) {	1✔
30	result.test_no_throw("no throw", [&] {	2✔
31	const Botan::HSS_LMS_Params hss_params("SHA-256,HW(5,1),HW(25,8)");	1✔
32
33	result.test_is_eq("hss levels", hss_params.L(), Botan::HSS_Level(2));	1✔
34	const auto& top_lms_params = hss_params.params_at_level(Botan::HSS_Level(0));	1✔
35	result.test_is_eq("hash name", top_lms_params.lms_params().hash_name(), std::string("SHA-256"));	2✔
36	result.test_is_eq("top level - lms type",	1✔
37	top_lms_params.lms_params().algorithm_type(),	1✔
38	Botan::LMS_Algorithm_Type::SHA256_M32_H5);	1✔
39	result.test_is_eq("top level - ots type",	1✔
40	top_lms_params.lmots_params().algorithm_type(),	1✔
41	Botan::LMOTS_Algorithm_Type::SHA256_N32_W1);	1✔
42
43	const auto& second_lms_params = hss_params.params_at_level(Botan::HSS_Level(1));	1✔
44	result.test_is_eq("2nd level - lms type",	1✔
45	second_lms_params.lms_params().algorithm_type(),	1✔
46	Botan::LMS_Algorithm_Type::SHA256_M32_H25);	1✔
47	result.test_is_eq("2nd level - ots type",	1✔
48	second_lms_params.lmots_params().algorithm_type(),	1✔
49	Botan::LMOTS_Algorithm_Type::SHA256_N32_W8);	2✔
50	});	1✔
51	}),	1✔
52
53	};	2✔
54	}	1✔
55
56	/**
57	* @brief Test signature generation using the raw private key bytes
58	*/
59	class HSS_LMS_Signature_Generation_Test final : public PK_Signature_Generation_Test {
60	public:
61	HSS_LMS_Signature_Generation_Test() :	1✔
62	PK_Signature_Generation_Test("HSS-LMS", "pubkey/hss_lms_sig.vec", "Msg,PrivateKey,Signature") {}	2✔
63
64	std::string default_padding(const VarMap& /vars/) const final { return ""; }	2✔
65
66	std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) final {	2✔
67	const auto sk_bytes = Botan::lock(vars.get_req_bin("PrivateKey"));	6✔
68	return std::make_unique<Botan::HSS_LMS_PrivateKey>(sk_bytes);	2✔
69	}	2✔
70	};
71
72	/**
73	* @brief Test signature verification using the raw public key bytes
74	*/
75	class HSS_LMS_Signature_Verify_Tests final : public PK_Signature_Verification_Test {
76	public:
77	HSS_LMS_Signature_Verify_Tests() :	1✔
78	PK_Signature_Verification_Test("HSS-LMS", "pubkey/hss_lms_verify.vec", "Msg,PublicKey,Signature") {}	2✔
79
80	std::string default_padding(const VarMap& /vars/) const final { return ""; }	5✔
81
82	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	5✔
83	const std::vector<uint8_t> pk_bytes = vars.get_req_bin("PublicKey");	5✔
84	return std::make_unique<Botan::HSS_LMS_PublicKey>(pk_bytes);	10✔
85	}	5✔
86	};
87
88	/**
89	* @brief Test the correct revocation of invalid signatures
90	*/
91	class HSS_LMS_Signature_Verify_Invalid_Tests final : public PK_Signature_NonVerification_Test {
92	public:
93	HSS_LMS_Signature_Verify_Invalid_Tests() :	1✔
94	PK_Signature_NonVerification_Test(
95	"HSS_LMS", "pubkey/hss_lms_invalid.vec", "Msg,PublicKey,InvalidSignature") {}	2✔
96
97	std::string default_padding(const VarMap& /vars/) const override { return ""; }	4✔
98
99	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	4✔
100	const std::vector<uint8_t> raw_key = vars.get_req_bin("PublicKey");	4✔
101	return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_key);	8✔
102	}	4✔
103	};
104
105	/**
106	* @brief Test HSS-LMS public key creation
107	*/
108	class HSS_LMS_Key_Generation_Test final : public PK_Key_Generation_Test {	1✔
109	public:
110	std::vector<std::string> keygen_params() const final { return {"SHA-256,HW(10,4),HW(5,8)"}; }	1✔
111
112	std::string algo_name() const final { return "HSS-LMS"; }	1✔
113
114	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,	1✔
115	std::string_view /* provider */,
116	std::span<const uint8_t> raw_pk) const override {
117	return std::make_unique<Botan::HSS_LMS_PublicKey>(raw_pk);	1✔
118	}
119	};
120
121	/**
122	* @brief Test that for manipulated signatures and too short signatures, private keys, and public keys a DecodeError occurs.
123	*/
124	class HSS_LMS_Negative_Tests final : public Test {	1✔
125	Test::Result test_flipped_signature_bits() {	1✔
126	Test::Result result("HSS-LMS - flipped signature bits");	1✔
127
128	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
129
130	Botan::PK_Signer signer(*sk, Test::rng(), "");	1✔
131	Botan::PK_Verifier verifier(*sk, "");	1✔
132
133	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
134
135	signer.update(mes);	1✔
136	auto valid_sig = signer.signature(Test::rng());	1✔
137	verifier.update(mes);	1✔
138	result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));	2✔
139	for(size_t idx = 0; idx < valid_sig.size(); ++idx) {	785✔
140	auto bad_sig = valid_sig;	784✔
141	bad_sig.at(idx) ^= 0x80;	784✔
142	result.test_no_throw(Botan::fmt("Verification does not throw (byte idx {})", idx), [&]() {	3,136✔
143	verifier.update(mes);	784✔
144	const bool valid = verifier.check_signature(bad_sig);	784✔
145	result.confirm(Botan::fmt("Manipulated signature is invalid (byte idx {})", idx), !valid);	1,568✔
146	});	784✔
147	}	784✔
148
149	return result;	1✔
150	}	3✔
151
152	Test::Result test_too_short_signature() {	1✔
153	Test::Result result("HSS-LMS");	1✔
154
155	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
156
157	Botan::PK_Signer signer(*sk, Test::rng(), "");	1✔
158	Botan::PK_Verifier verifier(*sk, "");	1✔
159
160	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
161
162	signer.update(mes);	1✔
163	auto valid_sig = signer.signature(Test::rng());	1✔
164	verifier.update(mes);	1✔
165	result.confirm("Entire signature is valid", verifier.check_signature(valid_sig.data(), valid_sig.size()));	2✔
166	for(size_t n = 0; n < valid_sig.size(); ++n) {	785✔
167	result.test_no_throw("Verification does not throw", [&]() {	2,352✔
168	verifier.update(mes);	784✔
169	const bool valid = verifier.check_signature(valid_sig.data(), n);	784✔
170	result.confirm("Too short signature is invalid", !valid);	1,568✔
171	});	784✔
172	}
173
174	return result;	1✔
175	}	3✔
176
177	Test::Result test_too_short_private_key() {	1✔
178	Test::Result result("HSS-LMS");	1✔
179
180	// HSS_LMS_PublicKey::key_length()
181	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
182
183	auto sk_bytes = sk->private_key_bits();	1✔
184	result.test_no_throw("Entire private key valid", [&]() {	1✔
185	const Botan::HSS_LMS_PrivateKey key(sk_bytes);	1✔
186	BOTAN_UNUSED(key);	1✔
187	});	1✔
188	for(size_t n = 0; n < sk_bytes.size(); ++n) {	61✔
189	result.test_throws<Botan::Decoding_Error>("Partial private key invalid", [&]() {	180✔
190	const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};	60✔
191	const Botan::HSS_LMS_PrivateKey key(partial_key);	60✔
192	BOTAN_UNUSED(key);	×
193	});	×
194	}
195	return result;	1✔
196	}	2✔
197
198	Test::Result test_too_short_public_key() {	1✔
199	Test::Result result("HSS-LMS");	1✔
200
201	// HSS_LMS_PublicKey::key_length()
202	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
203
204	auto sk_bytes = sk->public_key_bits();	1✔
205	result.test_no_throw("Entire public key valid", [&]() {	2✔
206	const Botan::HSS_LMS_PublicKey key(sk_bytes);	1✔
207	BOTAN_UNUSED(key);	1✔
208	});	1✔
209	for(size_t n = 0; n < sk_bytes.size(); ++n) {	53✔
210	result.test_throws<Botan::Decoding_Error>("Partial public key invalid", [&]() {	156✔
211	const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};	52✔
212	const Botan::HSS_LMS_PublicKey key(partial_key);	52✔
213	BOTAN_UNUSED(key);	×
214	});	×
215	}
216	return result;	1✔
217	}	2✔
218
219	std::vector<Test::Result> run() final {	1✔
220	return {test_flipped_signature_bits(),	1✔
221	test_too_short_signature(),
222	test_too_short_private_key(),
223	test_too_short_public_key()};	5✔
224	}	1✔
225	};
226
227	/**
228	* @brief Test the correct handling of the HSS-LMS private key's state.
229	*/
230	class HSS_LMS_Statefulness_Test final : public Test {	1✔
231	Botan::HSS_LMS_PrivateKey create_private_key_with_idx(uint64_t idx) {	1✔
232	auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
233	auto bytes = sk.private_key_bits();	1✔
234	// The index is store after the level (uint32_t)
235	Botan::store_be(idx, bytes.data() + sizeof(uint32_t));	1✔
236	return Botan::HSS_LMS_PrivateKey(bytes);	2✔
237	}	1✔
238
239	Test::Result test_sig_changes_state() {	1✔
240	Test::Result result("HSS-LMS");	1✔
241
242	auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8),HW(5,8)");	1✔
243	Botan::PK_Signer signer(sk, Test::rng(), "");	1✔
244	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
245	auto sk_bytes_begin = sk.private_key_bits();	1✔
246
247	// Tree heights: 5,5 => 2^(5+5) = 1024 signatures available
248	const uint64_t expected_total = 1024;	1✔
249	result.confirm("Fresh key starts with total number of remaining signatures.",	1✔
250	sk.remaining_operations() == expected_total);	2✔
251
252	// Creating a signature should update the private key's state
253	auto sig_0 = signer.sign_message(mes, Test::rng());	1✔
254	result.confirm(	2✔
255	"First signature uses index 0.",
256	Botan::HSS_Signature::from_bytes_or_throw(sig_0).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(0));	1✔
257
258	auto sk_bytes_after_sig = sk.private_key_bits();	1✔
259
260	result.confirm("Signature decreases number of remaining signatures.",	1✔
261	sk.remaining_operations() == expected_total - 1);	2✔
262	result.test_ne("Signature updates private key.", sk_bytes_after_sig, sk_bytes_begin);	2✔
263
264	auto sig_1 = signer.sign_message(mes, Test::rng());	1✔
265	result.confirm(	2✔
266	"Next signature uses the new index.",
267	Botan::HSS_Signature::from_bytes_or_throw(sig_1).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(1));	1✔
268
269	return result;	2✔
270	}	5✔
271
272	Test::Result test_max_sig_count() {	1✔
273	Test::Result result("HSS-LMS");	1✔
274
275	const uint64_t total_sig_count = 32;	1✔
276	auto sk = create_private_key_with_idx(total_sig_count - 1);	1✔
277
278	Botan::PK_Signer signer(sk, Test::rng(), "");	1✔
279	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
280	auto sk_bytes_begin = sk.private_key_bits();	1✔
281
282	result.confirm("One remaining signature.", sk.remaining_operations() == uint64_t(1));	3✔
283	result.test_no_throw("Use last signature index.", [&]() { signer.sign_message(mes, Test::rng()); });	4✔
284	result.confirm("No remaining signatures.", sk.remaining_operations() == uint64_t(0));	3✔
285	result.test_throws("Cannot sign with exhausted key.", [&]() { signer.sign_message(mes, Test::rng()); });	3✔
286	result.confirm("Still zero remaining signatures.", sk.remaining_operations() == uint64_t(0));	3✔
287
288	return result;	2✔
289	}	2✔
290
291	std::vector<Test::Result> run() final { return {test_sig_changes_state(), test_max_sig_count()}; }	3✔
292	};
293
294	/**
295	* @brief Test APIs not covered by other tests.
296	*/
297	class HSS_LMS_Missing_API_Test final : public Test {	1✔
298	std::vector<Test::Result> run() final {	1✔
299	Test::Result result("HSS-LMS");	1✔
300
301	// HSS_LMS_PublicKey::key_length()
302	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "SHA-256,HW(10,4)");	1✔
303	sk->key_length();	1✔
304	result.test_gt("Public key length must be greater than the simply type information plus I",	1✔
305	sk->key_length(),	1✔
306	3 * sizeof(uint32_t) + Botan::LMS_IDENTIFIER_LEN);
307
308	// HSS_LMS_Verification_Operation::hash_function()
309	const Botan::PK_Verifier verifier(*sk, "");	1✔
310	result.test_eq("PK_Verifier should report the hash of the key", verifier.hash_function(), "SHA-256");	2✔
311
312	// HSS_LMS_PrivateKey::raw_private_key_bits()
313	result.test_eq("Our BER and raw encoding is the same", sk->raw_private_key_bits(), sk->private_key_bits());	3✔
314
315	// HSS_LMS_Signature_Operation::algorithm_identifier()
316	const Botan::PK_Signer signer(*sk, Test::rng(), "");	1✔
317	result.test_is_eq(signer.algorithm_identifier(), sk->algorithm_identifier());	1✔
318
319	// HSS_LMS_Signature_Operation::hash_function()
320	result.test_eq("PK_Signer should report the hash of the key", signer.hash_function(), "SHA-256");	2✔
321
322	return {result};	3✔
323	}	3✔
324	};
325
326	BOTAN_REGISTER_TEST_FN("pubkey", "hss_lms_params_parsing", test_hss_lms_params_parsing);
327	BOTAN_REGISTER_TEST("pubkey", "hss_lms_sign", HSS_LMS_Signature_Generation_Test);
328	BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify", HSS_LMS_Signature_Verify_Tests);
329	BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify_invalid", HSS_LMS_Signature_Verify_Invalid_Tests);
330	BOTAN_REGISTER_TEST("pubkey", "hss_lms_keygen", HSS_LMS_Key_Generation_Test);
331	BOTAN_REGISTER_TEST("pubkey", "hss_lms_negative", HSS_LMS_Negative_Tests);
332	BOTAN_REGISTER_TEST("pubkey", "hss_lms_state", HSS_LMS_Statefulness_Test);
333	BOTAN_REGISTER_TEST("pubkey", "hss_lms_api", HSS_LMS_Missing_API_Test);
334
335	} // namespace
336
337	} // namespace Botan_Tests
338
339	#endif // BOTAN_HAS_HSS_LMS

randombit / botan / 21786344715

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous