26995937053

Committed 04 Jun 2026 09:38PM UTC coverage: 89.394% (-2.3%) from 91.672%

Build # 26995937053

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5642 from randombit/jack/prefetch-in-ks

Improve prefetching for table based implementations

Coverage Stats

110588 of 123708 relevant lines covered (89.39%)

11056434.37 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.83

/src/tests/test_hss_lms.cpp

/*
* (C) 2023 Jack Lloyd
*     2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "tests.h"

#if defined(BOTAN_HAS_HSS_LMS)
   #include "test_arb_eq.h"
   #include "test_pubkey.h"
   #include <botan/asn1_obj.h>
   #include <botan/hss_lms.h>
   #include <botan/pk_algs.h>
   #include <botan/pubkey.h>
   #include <botan/internal/fmt.h>
   #include <botan/internal/hss.h>
   #include <botan/internal/loadstor.h>

namespace Botan_Tests {

namespace {

/**
 * @brief Test the correct parsing of HSS-LMS parameters
 */
std::vector<Test::Result> test_hss_lms_params_parsing() {
   return {
      CHECK("HSS Parameter Parsing",
            [&](Test::Result& result) {
               result.test_no_throw("no throw", [&] {
                  const Botan::HSS_LMS_Params hss_params("SHA-256,HW(5,1),HW(25,8)");

                  test_arb_eq(result, "hss levels", hss_params.L(), Botan::HSS_Level(2));
                  const auto& top_lms_params = hss_params.params_at_level(Botan::HSS_Level(0));
                  result.test_str_eq("hash name", top_lms_params.lms_params().hash_name(), std::string("SHA-256"));
                  result.test_enum_eq("top level - lms type",
                                      top_lms_params.lms_params().algorithm_type(),
                                      Botan::LMS_Algorithm_Type::SHA256_M32_H5);
                  result.test_enum_eq("top level - ots type",
                                      top_lms_params.lmots_params().algorithm_type(),
                                      Botan::LMOTS_Algorithm_Type::SHA256_N32_W1);

                  const auto& second_lms_params = hss_params.params_at_level(Botan::HSS_Level(1));
                  result.test_enum_eq("2nd level - lms type",
                                      second_lms_params.lms_params().algorithm_type(),
                                      Botan::LMS_Algorithm_Type::SHA256_M32_H25);
                  result.test_enum_eq("2nd level - ots type",
                                      second_lms_params.lmots_params().algorithm_type(),
                                      Botan::LMOTS_Algorithm_Type::SHA256_N32_W8);
               });
            }),

   };
}

/**
 * @brief Test signature generation using the raw private key bytes
 */
class HSS_LMS_Signature_Generation_Test final : public PK_Signature_Generation_Test {
   public:
      HSS_LMS_Signature_Generation_Test() :
            PK_Signature_Generation_Test("HSS-LMS", "pubkey/hss_lms_sig.vec", "Msg,PrivateKey,Signature") {}

      std::string default_padding(const VarMap& /*vars*/) const final { return ""; }

      std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) final {
         const auto sk_bytes = vars.get_req_bin("PrivateKey");
         return std::make_unique<Botan::HSS_LMS_PrivateKey>(Botan::AlgorithmIdentifier(), sk_bytes);
      }
};

/**
 * @brief Test signature verification using the raw public key bytes
 */
class HSS_LMS_Signature_Verify_Tests final : public PK_Signature_Verification_Test {
   public:
      HSS_LMS_Signature_Verify_Tests() :
            PK_Signature_Verification_Test("HSS-LMS", "pubkey/hss_lms_verify.vec", "Msg,PublicKey,Signature") {}

      std::string default_padding(const VarMap& /*vars*/) const final { return ""; }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::vector<uint8_t> pk_bytes = vars.get_req_bin("PublicKey");
         return std::make_unique<Botan::HSS_LMS_PublicKey>(Botan::AlgorithmIdentifier(), pk_bytes);
      }
};

/**
 * @brief Test the correct revocation of invalid signatures
 */
class HSS_LMS_Signature_Verify_Invalid_Tests final : public PK_Signature_NonVerification_Test {
   public:
      HSS_LMS_Signature_Verify_Invalid_Tests() :
            PK_Signature_NonVerification_Test(
               "HSS_LMS", "pubkey/hss_lms_invalid.vec", "Msg,PublicKey,InvalidSignature") {}

      std::string default_padding(const VarMap& /*vars*/) const override { return ""; }

      std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {
         const std::vector<uint8_t> raw_key = vars.get_req_bin("PublicKey");
         return std::make_unique<Botan::HSS_LMS_PublicKey>(Botan::AlgorithmIdentifier(), raw_key);
      }
};

/**
 * @brief Test HSS-LMS public key creation
 */
class HSS_LMS_Key_Generation_Test final : public PK_Key_Generation_Test {
   public:
      std::vector<std::string> keygen_params() const final { return {"SHA-256,HW(10,4),HW(5,8)"}; }

      std::string algo_name() const final { return "HSS-LMS"; }

      std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,
                                                             std::string_view /* provider */,
                                                             std::span<const uint8_t> raw_pk) const override {
         return std::make_unique<Botan::HSS_LMS_PublicKey>(Botan::AlgorithmIdentifier(), raw_pk);
      }
};

/**
 * @brief Test that for manipulated signatures and too short signatures, private keys, and public keys a DecodeError occurs.
 */
class HSS_LMS_Negative_Tests final : public Test {
      Test::Result test_flipped_signature_bits() {
         Test::Result result("HSS-LMS - flipped signature bits");

         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         Botan::PK_Signer signer(*sk, Test::rng(), "");
         Botan::PK_Verifier verifier(*sk, "");

         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};

         signer.update(mes);
         auto valid_sig = signer.signature(Test::rng());
         verifier.update(mes);
         result.test_is_true("Entire signature is valid", verifier.check_signature(valid_sig));
         for(size_t idx = 0; idx < valid_sig.size(); ++idx) {
            auto bad_sig = valid_sig;
            bad_sig.at(idx) ^= 0x80;
            result.test_no_throw(Botan::fmt("Verification does not throw (byte idx {})", idx), [&]() {
               verifier.update(mes);
               const bool valid = verifier.check_signature(bad_sig);
               result.test_is_true(Botan::fmt("Manipulated signature is invalid (byte idx {})", idx), !valid);
            });
         }

         return result;
      }

      Test::Result test_too_short_signature() {
         Test::Result result("HSS-LMS");

         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         Botan::PK_Signer signer(*sk, Test::rng(), "");
         Botan::PK_Verifier verifier(*sk, "");

         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};

         signer.update(mes);
         auto valid_sig = signer.signature(Test::rng());
         verifier.update(mes);
         result.test_is_true("Entire signature is valid", verifier.check_signature(valid_sig));
         for(size_t n = 0; n < valid_sig.size(); ++n) {
            result.test_no_throw("Verification does not throw", [&]() {
               verifier.update(mes);
               const bool valid = verifier.check_signature(valid_sig.data(), n);
               result.test_is_true("Too short signature is invalid", !valid);
            });
         }

         return result;
      }

      Test::Result test_too_short_private_key() {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         auto sk_bytes = sk->private_key_bits();
         result.test_no_throw("Entire private key valid", [&]() {
            const Botan::HSS_LMS_PrivateKey key(sk_bytes);
            BOTAN_UNUSED(key);
         });
         for(size_t n = 0; n < sk_bytes.size(); ++n) {
            result.test_throws<Botan::Decoding_Error>("Partial private key invalid", [&]() {
               const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};
               const Botan::HSS_LMS_PrivateKey key(partial_key);
               BOTAN_UNUSED(key);
            });
         }
         return result;
      }

      Test::Result test_too_short_public_key() {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");

         auto sk_bytes = sk->public_key_bits();
         result.test_no_throw("Entire public key valid", [&]() {
            const Botan::HSS_LMS_PublicKey key(sk_bytes);
            BOTAN_UNUSED(key);
         });
         for(size_t n = 0; n < sk_bytes.size(); ++n) {
            result.test_throws<Botan::Decoding_Error>("Partial public key invalid", [&]() {
               const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};
               const Botan::HSS_LMS_PublicKey key(partial_key);
               BOTAN_UNUSED(key);
            });
         }
         return result;
      }

      std::vector<Test::Result> run() final {
         return {test_flipped_signature_bits(),
                 test_too_short_signature(),
                 test_too_short_private_key(),
                 test_too_short_public_key()};
      }
};

/**
 * @brief Test the correct handling of the HSS-LMS private key's state.
 */
class HSS_LMS_Statefulness_Test final : public Test {
      Botan::HSS_LMS_PrivateKey create_private_key_with_idx(uint64_t idx) {
         auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8)");
         auto bytes = sk.private_key_bits();
         // The index is store after the level (uint32_t)
         Botan::store_be(idx, bytes.data() + sizeof(uint32_t));
         return Botan::HSS_LMS_PrivateKey(Botan::AlgorithmIdentifier(), bytes);
      }

      Test::Result test_sig_changes_state() {
         Test::Result result("HSS-LMS");

         auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8),HW(5,8)");
         Botan::PK_Signer signer(sk, Test::rng(), "");
         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};
         auto sk_bytes_begin = sk.private_key_bits();

         // Tree heights: 5,5 => 2^(5+5) = 1024 signatures available
         const uint64_t expected_total = 1024;
         result.test_opt_u64_eq(
            "Fresh key starts with total number of remaining signatures.", sk.remaining_operations(), expected_total);

         // Creating a signature should update the private key's state
         auto sig_0 = signer.sign_message(mes, Test::rng());
         result.test_is_true(
            "First signature uses index 0.",
            Botan::HSS_Signature::from_bytes_or_throw(sig_0).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(0));

         auto sk_bytes_after_sig = sk.private_key_bits();

         result.test_opt_u64_eq(
            "Signature decreases number of remaining signatures.", sk.remaining_operations(), expected_total - 1);
         result.test_bin_ne("Signature updates private key.", sk_bytes_after_sig, sk_bytes_begin);

         auto sig_1 = signer.sign_message(mes, Test::rng());
         result.test_is_true(
            "Next signature uses the new index.",
            Botan::HSS_Signature::from_bytes_or_throw(sig_1).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(1));

         return result;
      }

      Test::Result test_max_sig_count() {
         Test::Result result("HSS-LMS");

         const uint64_t total_sig_count = 32;
         auto sk = create_private_key_with_idx(total_sig_count - 1);

         Botan::PK_Signer signer(sk, Test::rng(), "");
         std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};
         auto sk_bytes_begin = sk.private_key_bits();

         result.test_opt_u64_eq("One remaining signature.", sk.remaining_operations(), 1);
         result.test_no_throw("Use last signature index.", [&]() { signer.sign_message(mes, Test::rng()); });
         result.test_opt_u64_eq("No remaining signatures.", sk.remaining_operations(), 0);
         result.test_throws("Cannot sign with exhausted key.", [&]() { signer.sign_message(mes, Test::rng()); });
         result.test_opt_u64_eq("Still zero remaining signatures.", sk.remaining_operations(), 0);

         return result;
      }

      std::vector<Test::Result> run() final { return {test_sig_changes_state(), test_max_sig_count()}; }
};

/**
 * @brief Test APIs not covered by other tests.
 */
class HSS_LMS_Missing_API_Test final : public Test {
      std::vector<Test::Result> run() final {
         Test::Result result("HSS-LMS");

         // HSS_LMS_PublicKey::key_length()
         auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "SHA-256,HW(10,4)");
         sk->key_length();
         result.test_sz_gt("Public key length must be greater than the simply type information plus I",
                           sk->key_length(),
                           3 * sizeof(uint32_t) + Botan::LMS_IDENTIFIER_LEN);

         // HSS_LMS_Verification_Operation::hash_function()
         const Botan::PK_Verifier verifier(*sk, "");
         result.test_str_eq("PK_Verifier should report the hash of the key", verifier.hash_function(), "SHA-256");

         // HSS_LMS_PrivateKey::raw_private_key_bits()
         result.test_bin_eq("Our BER and raw encoding is the same", sk->raw_private_key_bits(), sk->private_key_bits());

         // HSS_LMS_Signature_Operation::algorithm_identifier()
         const Botan::PK_Signer signer(*sk, Test::rng(), "");
         result.test_is_true("signature algorithm", signer.algorithm_identifier() == sk->algorithm_identifier());

         // HSS_LMS_Signature_Operation::hash_function()
         result.test_str_eq("PK_Signer should report the hash of the key", signer.hash_function(), "SHA-256");

         return {result};
      }
};

BOTAN_REGISTER_TEST_FN("pubkey", "hss_lms_params_parsing", test_hss_lms_params_parsing);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_sign", HSS_LMS_Signature_Generation_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify", HSS_LMS_Signature_Verify_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify_invalid", HSS_LMS_Signature_Verify_Invalid_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_keygen", HSS_LMS_Key_Generation_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_negative", HSS_LMS_Negative_Tests);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_state", HSS_LMS_Statefulness_Test);
BOTAN_REGISTER_TEST("pubkey", "hss_lms_api", HSS_LMS_Missing_API_Test);

}  // namespace

}  // namespace Botan_Tests

#endif  // BOTAN_HAS_HSS_LMS

1	/*
2	* (C) 2023 Jack Lloyd
3	* 2023 Fabian Albert, Philippe Lieser - Rohde & Schwarz Cybersecurity
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include "tests.h"
9
10	#if defined(BOTAN_HAS_HSS_LMS)
11	#include "test_arb_eq.h"
12	#include "test_pubkey.h"
13	#include <botan/asn1_obj.h>
14	#include <botan/hss_lms.h>
15	#include <botan/pk_algs.h>
16	#include <botan/pubkey.h>
17	#include <botan/internal/fmt.h>
18	#include <botan/internal/hss.h>
19	#include <botan/internal/loadstor.h>
20
21	namespace Botan_Tests {
22
23	namespace {
24
25	/**
26	* @brief Test the correct parsing of HSS-LMS parameters
27	*/
28	std::vector<Test::Result> test_hss_lms_params_parsing() {	1✔
29	return {	1✔
30	CHECK("HSS Parameter Parsing",
31	[&](Test::Result& result) {	1✔
32	result.test_no_throw("no throw", [&] {	1✔
33	const Botan::HSS_LMS_Params hss_params("SHA-256,HW(5,1),HW(25,8)");	1✔
34
35	test_arb_eq(result, "hss levels", hss_params.L(), Botan::HSS_Level(2));	1✔
36	const auto& top_lms_params = hss_params.params_at_level(Botan::HSS_Level(0));	1✔
37	result.test_str_eq("hash name", top_lms_params.lms_params().hash_name(), std::string("SHA-256"));	1✔
38	result.test_enum_eq("top level - lms type",	2✔
39	top_lms_params.lms_params().algorithm_type(),	1✔
40	Botan::LMS_Algorithm_Type::SHA256_M32_H5);	1✔
41	result.test_enum_eq("top level - ots type",	2✔
42	top_lms_params.lmots_params().algorithm_type(),	1✔
43	Botan::LMOTS_Algorithm_Type::SHA256_N32_W1);	1✔
44
45	const auto& second_lms_params = hss_params.params_at_level(Botan::HSS_Level(1));	1✔
46	result.test_enum_eq("2nd level - lms type",	2✔
47	second_lms_params.lms_params().algorithm_type(),	1✔
48	Botan::LMS_Algorithm_Type::SHA256_M32_H25);	1✔
49	result.test_enum_eq("2nd level - ots type",	2✔
50	second_lms_params.lmots_params().algorithm_type(),	1✔
51	Botan::LMOTS_Algorithm_Type::SHA256_N32_W8);	1✔
52	});	3✔
53	}),	1✔
54
55	};	2✔
56	}	1✔
57
58	/**
59	* @brief Test signature generation using the raw private key bytes
60	*/
61	class HSS_LMS_Signature_Generation_Test final : public PK_Signature_Generation_Test {
62	public:
63	HSS_LMS_Signature_Generation_Test() :	1✔
64	PK_Signature_Generation_Test("HSS-LMS", "pubkey/hss_lms_sig.vec", "Msg,PrivateKey,Signature") {}	2✔
65
66	std::string default_padding(const VarMap& /vars/) const final { return ""; }	2✔
67
68	std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) final {	2✔
69	const auto sk_bytes = vars.get_req_bin("PrivateKey");	2✔
70	return std::make_unique<Botan::HSS_LMS_PrivateKey>(Botan::AlgorithmIdentifier(), sk_bytes);	2✔
71	}	2✔
72	};
73
74	/**
75	* @brief Test signature verification using the raw public key bytes
76	*/
77	class HSS_LMS_Signature_Verify_Tests final : public PK_Signature_Verification_Test {
78	public:
79	HSS_LMS_Signature_Verify_Tests() :	1✔
80	PK_Signature_Verification_Test("HSS-LMS", "pubkey/hss_lms_verify.vec", "Msg,PublicKey,Signature") {}	2✔
81
82	std::string default_padding(const VarMap& /vars/) const final { return ""; }	5✔
83
84	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	5✔
85	const std::vector<uint8_t> pk_bytes = vars.get_req_bin("PublicKey");	5✔
86	return std::make_unique<Botan::HSS_LMS_PublicKey>(Botan::AlgorithmIdentifier(), pk_bytes);	10✔
87	}	5✔
88	};
89
90	/**
91	* @brief Test the correct revocation of invalid signatures
92	*/
93	class HSS_LMS_Signature_Verify_Invalid_Tests final : public PK_Signature_NonVerification_Test {
94	public:
95	HSS_LMS_Signature_Verify_Invalid_Tests() :	1✔
96	PK_Signature_NonVerification_Test(
97	"HSS_LMS", "pubkey/hss_lms_invalid.vec", "Msg,PublicKey,InvalidSignature") {}	2✔
98
99	std::string default_padding(const VarMap& /vars/) const override { return ""; }	4✔
100
101	std::unique_ptr<Botan::Public_Key> load_public_key(const VarMap& vars) override {	4✔
102	const std::vector<uint8_t> raw_key = vars.get_req_bin("PublicKey");	4✔
103	return std::make_unique<Botan::HSS_LMS_PublicKey>(Botan::AlgorithmIdentifier(), raw_key);	8✔
104	}	4✔
105	};
106
107	/**
108	* @brief Test HSS-LMS public key creation
109	*/
110	class HSS_LMS_Key_Generation_Test final : public PK_Key_Generation_Test {	1✔
111	public:
112	std::vector<std::string> keygen_params() const final { return {"SHA-256,HW(10,4),HW(5,8)"}; }	1✔
113
114	std::string algo_name() const final { return "HSS-LMS"; }	1✔
115
116	std::unique_ptr<Botan::Public_Key> public_key_from_raw(std::string_view /* keygen_params */,	1✔
117	std::string_view /* provider */,
118	std::span<const uint8_t> raw_pk) const override {
119	return std::make_unique<Botan::HSS_LMS_PublicKey>(Botan::AlgorithmIdentifier(), raw_pk);	2✔
120	}
121	};
122
123	/**
124	* @brief Test that for manipulated signatures and too short signatures, private keys, and public keys a DecodeError occurs.
125	*/
126	class HSS_LMS_Negative_Tests final : public Test {	1✔
127	Test::Result test_flipped_signature_bits() {	1✔
128	Test::Result result("HSS-LMS - flipped signature bits");	1✔
129
130	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
131
132	Botan::PK_Signer signer(*sk, Test::rng(), "");	1✔
133	Botan::PK_Verifier verifier(*sk, "");	1✔
134
135	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
136
137	signer.update(mes);	1✔
138	auto valid_sig = signer.signature(Test::rng());	1✔
139	verifier.update(mes);	1✔
140	result.test_is_true("Entire signature is valid", verifier.check_signature(valid_sig));	1✔
141	for(size_t idx = 0; idx < valid_sig.size(); ++idx) {	785✔
142	auto bad_sig = valid_sig;	784✔
143	bad_sig.at(idx) ^= 0x80;	784✔
144	result.test_no_throw(Botan::fmt("Verification does not throw (byte idx {})", idx), [&]() {	1,568✔
145	verifier.update(mes);	784✔
146	const bool valid = verifier.check_signature(bad_sig);	784✔
147	result.test_is_true(Botan::fmt("Manipulated signature is invalid (byte idx {})", idx), !valid);	784✔
148	});	784✔
149	}	784✔
150
151	return result;	1✔
152	}	3✔
153
154	Test::Result test_too_short_signature() {	1✔
155	Test::Result result("HSS-LMS");	1✔
156
157	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
158
159	Botan::PK_Signer signer(*sk, Test::rng(), "");	1✔
160	Botan::PK_Verifier verifier(*sk, "");	1✔
161
162	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
163
164	signer.update(mes);	1✔
165	auto valid_sig = signer.signature(Test::rng());	1✔
166	verifier.update(mes);	1✔
167	result.test_is_true("Entire signature is valid", verifier.check_signature(valid_sig));	1✔
168	for(size_t n = 0; n < valid_sig.size(); ++n) {	785✔
169	result.test_no_throw("Verification does not throw", [&]() {	784✔
170	verifier.update(mes);	784✔
171	const bool valid = verifier.check_signature(valid_sig.data(), n);	784✔
172	result.test_is_true("Too short signature is invalid", !valid);	784✔
173	});	784✔
174	}
175
176	return result;	1✔
177	}	3✔
178
179	Test::Result test_too_short_private_key() {	1✔
180	Test::Result result("HSS-LMS");	1✔
181
182	// HSS_LMS_PublicKey::key_length()
183	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
184
185	auto sk_bytes = sk->private_key_bits();	1✔
186	result.test_no_throw("Entire private key valid", [&]() {	1✔
187	const Botan::HSS_LMS_PrivateKey key(sk_bytes);	1✔
188	BOTAN_UNUSED(key);	1✔
189	});	1✔
190	for(size_t n = 0; n < sk_bytes.size(); ++n) {	61✔
191	result.test_throws<Botan::Decoding_Error>("Partial private key invalid", [&]() {	60✔
192	const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};	60✔
193	const Botan::HSS_LMS_PrivateKey key(partial_key);	60✔
194	BOTAN_UNUSED(key);	×
195	});	×
196	}
197	return result;	1✔
198	}	2✔
199
200	Test::Result test_too_short_public_key() {	1✔
201	Test::Result result("HSS-LMS");	1✔
202
203	// HSS_LMS_PublicKey::key_length()
204	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
205
206	auto sk_bytes = sk->public_key_bits();	1✔
207	result.test_no_throw("Entire public key valid", [&]() {	1✔
208	const Botan::HSS_LMS_PublicKey key(sk_bytes);	1✔
209	BOTAN_UNUSED(key);	1✔
210	});	1✔
211	for(size_t n = 0; n < sk_bytes.size(); ++n) {	53✔
212	result.test_throws<Botan::Decoding_Error>("Partial public key invalid", [&]() {	52✔
213	const std::span<const uint8_t> partial_key = {sk_bytes.data(), n};	52✔
214	const Botan::HSS_LMS_PublicKey key(partial_key);	52✔
215	BOTAN_UNUSED(key);	×
216	});	×
217	}
218	return result;	1✔
219	}	2✔
220
221	std::vector<Test::Result> run() final {	1✔
222	return {test_flipped_signature_bits(),	1✔
223	test_too_short_signature(),
224	test_too_short_private_key(),
225	test_too_short_public_key()};	5✔
226	}	1✔
227	};
228
229	/**
230	* @brief Test the correct handling of the HSS-LMS private key's state.
231	*/
232	class HSS_LMS_Statefulness_Test final : public Test {	1✔
233	Botan::HSS_LMS_PrivateKey create_private_key_with_idx(uint64_t idx) {	1✔
234	auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8)");	1✔
235	auto bytes = sk.private_key_bits();	1✔
236	// The index is store after the level (uint32_t)
237	Botan::store_be(idx, bytes.data() + sizeof(uint32_t));	1✔
238	return Botan::HSS_LMS_PrivateKey(Botan::AlgorithmIdentifier(), bytes);	2✔
239	}	1✔
240
241	Test::Result test_sig_changes_state() {	1✔
242	Test::Result result("HSS-LMS");	1✔
243
244	auto sk = Botan::HSS_LMS_PrivateKey(Test::rng(), "Truncated(SHA-256,192),HW(5,8),HW(5,8)");	1✔
245	Botan::PK_Signer signer(sk, Test::rng(), "");	1✔
246	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
247	auto sk_bytes_begin = sk.private_key_bits();	1✔
248
249	// Tree heights: 5,5 => 2^(5+5) = 1024 signatures available
250	const uint64_t expected_total = 1024;	1✔
251	result.test_opt_u64_eq(	1✔
252	"Fresh key starts with total number of remaining signatures.", sk.remaining_operations(), expected_total);
253
254	// Creating a signature should update the private key's state
255	auto sig_0 = signer.sign_message(mes, Test::rng());	1✔
256	result.test_is_true(	1✔
257	"First signature uses index 0.",
258	Botan::HSS_Signature::from_bytes_or_throw(sig_0).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(0));	1✔
259
260	auto sk_bytes_after_sig = sk.private_key_bits();	1✔
261
262	result.test_opt_u64_eq(	1✔
263	"Signature decreases number of remaining signatures.", sk.remaining_operations(), expected_total - 1);	1✔
264	result.test_bin_ne("Signature updates private key.", sk_bytes_after_sig, sk_bytes_begin);	1✔
265
266	auto sig_1 = signer.sign_message(mes, Test::rng());	1✔
267	result.test_is_true(	1✔
268	"Next signature uses the new index.",
269	Botan::HSS_Signature::from_bytes_or_throw(sig_1).bottom_sig().q() == Botan::LMS_Tree_Node_Idx(1));	1✔
270
271	return result;	2✔
272	}	5✔
273
274	Test::Result test_max_sig_count() {	1✔
275	Test::Result result("HSS-LMS");	1✔
276
277	const uint64_t total_sig_count = 32;	1✔
278	auto sk = create_private_key_with_idx(total_sig_count - 1);	1✔
279
280	Botan::PK_Signer signer(sk, Test::rng(), "");	1✔
281	std::vector<uint8_t> mes = {0xde, 0xad, 0xbe, 0xef};	1✔
282	auto sk_bytes_begin = sk.private_key_bits();	1✔
283
284	result.test_opt_u64_eq("One remaining signature.", sk.remaining_operations(), 1);	1✔
285	result.test_no_throw("Use last signature index.", [&]() { signer.sign_message(mes, Test::rng()); });	3✔
286	result.test_opt_u64_eq("No remaining signatures.", sk.remaining_operations(), 0);	1✔
287	result.test_throws("Cannot sign with exhausted key.", [&]() { signer.sign_message(mes, Test::rng()); });	2✔
288	result.test_opt_u64_eq("Still zero remaining signatures.", sk.remaining_operations(), 0);	1✔
289
290	return result;	2✔
291	}	2✔
292
293	std::vector<Test::Result> run() final { return {test_sig_changes_state(), test_max_sig_count()}; }	3✔
294	};
295
296	/**
297	* @brief Test APIs not covered by other tests.
298	*/
299	class HSS_LMS_Missing_API_Test final : public Test {	1✔
300	std::vector<Test::Result> run() final {	1✔
301	Test::Result result("HSS-LMS");	1✔
302
303	// HSS_LMS_PublicKey::key_length()
304	auto sk = Botan::create_private_key("HSS-LMS", Test::rng(), "SHA-256,HW(10,4)");	1✔
305	sk->key_length();	1✔
306	result.test_sz_gt("Public key length must be greater than the simply type information plus I",	1✔
307	sk->key_length(),	1✔
308	3 * sizeof(uint32_t) + Botan::LMS_IDENTIFIER_LEN);
309
310	// HSS_LMS_Verification_Operation::hash_function()
311	const Botan::PK_Verifier verifier(*sk, "");	1✔
312	result.test_str_eq("PK_Verifier should report the hash of the key", verifier.hash_function(), "SHA-256");	1✔
313
314	// HSS_LMS_PrivateKey::raw_private_key_bits()
315	result.test_bin_eq("Our BER and raw encoding is the same", sk->raw_private_key_bits(), sk->private_key_bits());	2✔
316
317	// HSS_LMS_Signature_Operation::algorithm_identifier()
318	const Botan::PK_Signer signer(*sk, Test::rng(), "");	1✔
319	result.test_is_true("signature algorithm", signer.algorithm_identifier() == sk->algorithm_identifier());	1✔
320
321	// HSS_LMS_Signature_Operation::hash_function()
322	result.test_str_eq("PK_Signer should report the hash of the key", signer.hash_function(), "SHA-256");	1✔
323
324	return {result};	3✔
325	}	3✔
326	};
327
328	BOTAN_REGISTER_TEST_FN("pubkey", "hss_lms_params_parsing", test_hss_lms_params_parsing);
329	BOTAN_REGISTER_TEST("pubkey", "hss_lms_sign", HSS_LMS_Signature_Generation_Test);
330	BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify", HSS_LMS_Signature_Verify_Tests);
331	BOTAN_REGISTER_TEST("pubkey", "hss_lms_verify_invalid", HSS_LMS_Signature_Verify_Invalid_Tests);
332	BOTAN_REGISTER_TEST("pubkey", "hss_lms_keygen", HSS_LMS_Key_Generation_Test);
333	BOTAN_REGISTER_TEST("pubkey", "hss_lms_negative", HSS_LMS_Negative_Tests);
334	BOTAN_REGISTER_TEST("pubkey", "hss_lms_state", HSS_LMS_Statefulness_Test);
335	BOTAN_REGISTER_TEST("pubkey", "hss_lms_api", HSS_LMS_Missing_API_Test);
336
337	} // namespace
338
339	} // namespace Botan_Tests
340
341	#endif // BOTAN_HAS_HSS_LMS

randombit / botan / 26995937053

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous