Add extra LMS and LMOTS tests

NULL-message and LMOTS signature leak tests Signed-off-by: Raef Coles <raef.coles@arm.com>
2025-07-29 11:41:15 +03:00 · 2022-09-02 18:26:31 +01:00
parent fa24f9d6ea
commit 9c9027b1a4
6 changed files with 142 additions and 5 deletions
--- a/library/lmots.c
+++ b/library/lmots.c
@ -44,11 +44,6 @@

 #include "psa/crypto.h"

-#define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + \
-                                           MBEDTLS_LMOTS_TYPE_LEN)
-#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(type) (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + \
-                                                  MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type))
-
 #define MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET     (0)
 #define MBEDTLS_LMOTS_PUBLIC_KEY_I_KEY_ID_OFFSET (MBEDTLS_LMOTS_PUBLIC_KEY_TYPE_OFFSET + \
                                                  MBEDTLS_LMOTS_TYPE_LEN)
@ -74,6 +69,10 @@
 static const unsigned char D_PUBLIC_CONSTANT_BYTES[D_CONST_LEN] = {0x80, 0x80};
 static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = {0x81, 0x81};

+#if defined(MBEDTLS_TEST_HOOKS)
+int( *mbedtls_lmots_sign_private_key_invalidated_hook )( unsigned char * ) = NULL;
+#endif /* defined(MBEDTLS_TEST_HOOKS) */
+
 void unsigned_int_to_network_bytes( unsigned int val, size_t len,
                                    unsigned char *bytes )
 {
@ -815,6 +814,18 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
                                   MBEDTLS_LMOTS_TYPE_LEN,
                                   sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET );

+    /* Test hook to check if sig is being written to before we invalidate the
+     * private key.
+     */
+#if defined(MBEDTLS_TEST_HOOKS)
+    if( mbedtls_lmots_sign_private_key_invalidated_hook != NULL )
+    {
+        ret = ( *mbedtls_lmots_sign_private_key_invalidated_hook )( sig );
+        if( ret != 0 )
+            return( ret );
+    }
+#endif /* defined(MBEDTLS_TEST_HOOKS) */
+
    /* We've got a valid signature now, so it's time to make sure the private
     * key can't be reused.
     */
--- a/library/lmots.h
+++ b/library/lmots.h
@ -54,6 +54,10 @@
                                            MBEDTLS_LMOTS_N_HASH_LEN(type))

 #define MBEDTLS_LMOTS_SIG_TYPE_OFFSET       (0)
+#define MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET (MBEDTLS_LMOTS_SIG_TYPE_OFFSET + \
+                                           MBEDTLS_LMOTS_TYPE_LEN)
+#define MBEDTLS_LMOTS_SIG_SIGNATURE_OFFSET(type) (MBEDTLS_LMOTS_SIG_C_RANDOM_OFFSET + \
+                                                  MBEDTLS_LMOTS_C_RANDOM_VALUE_LEN(type))

 #ifdef __cplusplus
 extern "C" {