diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Makefile | 16 | ||||
-rwxr-xr-x | tests/parallel-signatures.py | 63 | ||||
-rw-r--r-- | tests/test-rpc_hashsig.c | 524 | ||||
-rw-r--r-- | tests/test-xdr.c | 4 |
4 files changed, 367 insertions, 240 deletions
diff --git a/tests/Makefile b/tests/Makefile index d186000..515c662 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,4 +1,4 @@ -# Copyright (c) 2015, NORDUnet A/S +# Copyright (c) 2015-2018, NORDUnet A/S # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -27,15 +27,9 @@ # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -ifndef CRYPTECH_ROOT - CRYPTECH_ROOT := $(abspath ../../..) -endif - -LIBTFM_SRC ?= ${CRYPTECH_ROOT}/sw/thirdparty/libtfm -LIBTFM_BLD ?= ${LIBTFM_SRC} - -LIBHAL_SRC ?= ${CRYPTECH_ROOT}/sw/libhal +LIBHAL_SRC ?= .. LIBHAL_BLD ?= ${LIBHAL_SRC} +LIBTFM_BLD ?= ../../thirdparty/libtfm LIBS = ${LIBHAL_BLD}/libhal.a ${LIBTFM_BLD}/libtfm.a @@ -63,8 +57,6 @@ else endif -$(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} KS=${KS} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE}) - all: ${BIN} test: all @@ -76,7 +68,7 @@ clean distclean: ${BIN}: %: %.o ${LIBS} ${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS} -%.o: %.c ${LBHAL_SRC}/*.h ${LIBTFM_BLD}/tfm.h +%.o: %.c ${LIBHAL_SRC}/*.h ${LIBTFM_BLD}/tfm.h ${CC} ${CFLAGS} -c -o $@ $< test-rpc_hashsig.o: test-hashsig.h diff --git a/tests/parallel-signatures.py b/tests/parallel-signatures.py index 8d98460..980f759 100755 --- a/tests/parallel-signatures.py +++ b/tests/parallel-signatures.py @@ -64,6 +64,12 @@ from Crypto.Hash.SHA256 import SHA256Hash as SHA256 from Crypto.Hash.SHA384 import SHA384Hash as SHA384 from Crypto.Hash.SHA512 import SHA512Hash as SHA512 +try: + import statistics + statistics_loaded = True +except ImportError: + statistics_loaded = False + logger = logging.getLogger(__name__) @@ -254,6 +260,8 @@ class Result(object): self.args = args self.name = name self.sum = datetime.timedelta(seconds = 0) + if statistics_loaded: + self.readings = [None] * args.iterations self.t0 = None self.t1 = None self.n = 0 @@ -264,14 +272,32 @@ class Result(object): self.t1 = t1 delta = t1 - t0 self.sum += delta + if statistics_loaded: + self.readings[self.n] = delta.total_seconds() self.n += 1 if not self.args.quiet: sys.stdout.write("\r{:4d} {}".format(self.n, delta)) sys.stdout.flush() - @property - def mean(self): - return self.sum / self.n + if statistics_loaded: + + @property + def mean(self): + return statistics.mean(self.readings) + + @property + def median(self): + return statistics.median(self.readings) + + @property + def stdev(self): + return statistics.pstdev(self.readings) + + else: + + @property + def mean(self): + return self.sum / self.n @property def secs_per_sig(self): @@ -286,15 +312,28 @@ class Result(object): return self.sum.total_seconds() / (self.t1 - self.t0).total_seconds() def report(self): - sys.stdout.write(("\r{0.name} " - "sigs/sec {0.sigs_per_sec} " - "secs/sig {0.secs_per_sig} " - "mean {0.mean} " - "speedup {0.speedup} " - "(n {0.n}, " - "c {0.args.clients} " - "t0 {0.t0} " - "t1 {0.t1})\n").format(self)) + if statistics_loaded: + sys.stdout.write(("\r{0.name} " + "sigs/sec {0.sigs_per_sec} " + "secs/sig {0.secs_per_sig} " + "mean {0.mean} " + "median {0.median} " + "stdev {0.stdev} " + "speedup {0.speedup} " + "(n {0.n}, " + "c {0.args.clients} " + "t0 {0.t0} " + "t1 {0.t1})\n").format(self)) + else: + sys.stdout.write(("\r{0.name} " + "sigs/sec {0.sigs_per_sec} " + "secs/sig {0.secs_per_sig} " + "mean {0.mean} " + "speedup {0.speedup} " + "(n {0.n}, " + "c {0.args.clients} " + "t0 {0.t0} " + "t1 {0.t1})\n").format(self)) sys.stdout.flush() diff --git a/tests/test-rpc_hashsig.c b/tests/test-rpc_hashsig.c index 00728c3..1c5765b 100644 --- a/tests/test-rpc_hashsig.c +++ b/tests/test-rpc_hashsig.c @@ -48,26 +48,22 @@ #include <unistd.h> #include <hal.h> -#include <hashsig.h> #include "test-hashsig.h" #include <sys/time.h> -/* not included in my glibc, sigh... */ -void timersub(struct timeval *a, struct timeval *b, struct timeval *res) -{ - res->tv_sec = a->tv_sec - b->tv_sec; - res->tv_usec = a->tv_usec - b->tv_usec; - if (res->tv_usec < 0) { - res->tv_usec += 1000000; - --res->tv_sec; - } - if (res->tv_usec > 1000000) { - res->tv_usec -= 1000000; - ++res->tv_sec; - } -} -static int debug = 0; +#ifndef timersub +#define timersub(a, b, res) \ + do { \ + (res)->tv_sec = (a)->tv_sec - (b)->tv_sec; \ + (res)->tv_usec = (a)->tv_usec - (b)->tv_usec; \ + if ((res)->tv_usec < 0) { \ + (res)->tv_usec += 1000000; \ + --(res)->tv_sec; \ + } \ + } while (0) +#endif + static int info = 0; #define lose(...) do { printf(__VA_ARGS__); goto fail; } while (0) @@ -86,10 +82,10 @@ static int test_hashsig_testvec_local(const hashsig_tc_t * const tc, hal_key_fla if ((err = hal_hashsig_key_load_public_xdr(&tc_key, tc_keybuf, sizeof(tc_keybuf), tc->key.val, tc->key.len)) != HAL_OK) - lose("Could not load public key from test vector: %s\n", hal_error_string(err)); + lose("Error loading public key from test vector: %s\n", hal_error_string(err)); if ((err = hal_hashsig_verify(NULL, tc_key, tc->msg.val, tc->msg.len, tc->sig.val, tc->sig.len)) != HAL_OK) - lose("Verify failed: %s\n", hal_error_string(err)); + lose("Error verifying: %s\n", hal_error_string(err)); printf("OK\n"); return 1; @@ -119,27 +115,27 @@ static int test_hashsig_testvec_remote(const hashsig_tc_t * const tc, hal_key_fl if ((err = hal_hashsig_key_load_public_xdr(&tc_key, tc_keybuf, sizeof(tc_keybuf), tc->key.val, tc->key.len)) != HAL_OK) - lose("Could not load public key from test vector: %s\n", hal_error_string(err)); + lose("Error loading public key from test vector: %s\n", hal_error_string(err)); hal_uuid_t public_name; uint8_t public_der[hal_hashsig_public_key_to_der_len(tc_key)]; if ((err = hal_hashsig_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK) - lose("Could not DER encode public key from test vector: %s\n", hal_error_string(err)); + lose("Error DER encoding public key from test vector: %s\n", hal_error_string(err)); assert(len == sizeof(public_der)); if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) - lose("Could not load public key into RPC: %s\n", hal_error_string(err)); + lose("Error loading public key: %s\n", hal_error_string(err)); if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, tc->msg.val, tc->msg.len, tc->sig.val, tc->sig.len)) != HAL_OK) - lose("Could not verify: %s\n", hal_error_string(err)); + lose("Error verifying: %s\n", hal_error_string(err)); if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - lose("Could not delete public key: %s\n", hal_error_string(err)); + goto fail_out; printf("OK\n"); return 1; @@ -148,7 +144,8 @@ static int test_hashsig_testvec_remote(const hashsig_tc_t * const tc, hal_key_fl fail: if (public_key.handle != HAL_HANDLE_NONE && (err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - printf("Warning: could not delete public key: %s\n", hal_error_string(err)); + fail_out: + printf("Error deleting public key: %s\n", hal_error_string(err)); return 0; } @@ -169,36 +166,36 @@ static void hexdump(const char * const label, const uint8_t * const buf, const s printf("\n"); } -static inline size_t lms_type_to_h(const lms_algorithm_t lms_type) +static inline size_t lms_type_to_h(const hal_lms_algorithm_t lms_type) { switch (lms_type) { - case lms_sha256_n32_h5: return 5; - case lms_sha256_n32_h10: return 10; - case lms_sha256_n32_h15: return 15; - case lms_sha256_n32_h20: return 20; - case lms_sha256_n32_h25: return 25; + case HAL_LMS_SHA256_N32_H5: return 5; + case HAL_LMS_SHA256_N32_H10: return 10; + case HAL_LMS_SHA256_N32_H15: return 15; + case HAL_LMS_SHA256_N32_H20: return 20; + case HAL_LMS_SHA256_N32_H25: return 25; default: return 0; } } -static inline size_t lmots_type_to_w(const lmots_algorithm_t lmots_type) +static inline size_t lmots_type_to_w(const hal_lmots_algorithm_t lmots_type) { switch (lmots_type) { - case lmots_sha256_n32_w1: return 1; - case lmots_sha256_n32_w2: return 2; - case lmots_sha256_n32_w4: return 4; - case lmots_sha256_n32_w8: return 8; + case HAL_LMOTS_SHA256_N32_W1: return 1; + case HAL_LMOTS_SHA256_N32_W2: return 2; + case HAL_LMOTS_SHA256_N32_W4: return 4; + case HAL_LMOTS_SHA256_N32_W8: return 8; default: return 0; } } -static inline size_t lmots_type_to_p(const lmots_algorithm_t lmots_type) +static inline size_t lmots_type_to_p(const hal_lmots_algorithm_t lmots_type) { switch (lmots_type) { - case lmots_sha256_n32_w1: return 265; - case lmots_sha256_n32_w2: return 133; - case lmots_sha256_n32_w4: return 67; - case lmots_sha256_n32_w8: return 34; + case HAL_LMOTS_SHA256_N32_W1: return 265; + case HAL_LMOTS_SHA256_N32_W2: return 133; + case HAL_LMOTS_SHA256_N32_W4: return 67; + case HAL_LMOTS_SHA256_N32_W8: return 34; default: return 0; } } @@ -224,7 +221,7 @@ static hal_error_t dump_hss_signature(const uint8_t * const sig, const size_t le uint32_t lmots_type; if ((err = hal_xdr_decode_int(&sigptr, siglim, &lmots_type)) != HAL_OK) return err; hexdump("C", sigptr, 32); sigptr += 32; - size_t p = lmots_type_to_p((const lmots_algorithm_t)lmots_type); + size_t p = lmots_type_to_p((const hal_lmots_algorithm_t)lmots_type); for (size_t j = 0; j < p; ++j) { char label[16]; sprintf(label, "y[%lu]", j); @@ -235,7 +232,7 @@ static hal_error_t dump_hss_signature(const uint8_t * const sig, const size_t le hexdump("lms type", sigptr, 4); uint32_t lms_type; if ((err = hal_xdr_decode_int(&sigptr, siglim, &lms_type)) != HAL_OK) return err; - size_t h = lms_type_to_h((const lms_algorithm_t)lms_type); + size_t h = lms_type_to_h((const hal_lms_algorithm_t)lms_type); for (size_t j = 0; j < h; ++j) { char label[16]; sprintf(label, "path[%lu]", j); @@ -260,166 +257,176 @@ static hal_error_t dump_hss_signature(const uint8_t * const sig, const size_t le return HAL_OK; } -static int test_hashsig_sign(const size_t L, - const lms_algorithm_t lms_type, - const lmots_algorithm_t lmots_type, - size_t iterations, - int save, int keep) +static int test_hashsig_generate(const size_t L, + const hal_lms_algorithm_t lms_type, + const hal_lmots_algorithm_t lmots_type, + hal_key_flags_t flags, + const int keep, + hal_pkey_handle_t *handle) { const hal_client_handle_t client = {HAL_HANDLE_NONE}; const hal_session_handle_t session = {HAL_HANDLE_NONE}; hal_pkey_handle_t private_key = {HAL_HANDLE_NONE}; - hal_pkey_handle_t public_key = {HAL_HANDLE_NONE}; hal_error_t err; - size_t len; - - { - char save_name[16]; - if (save) { - sprintf(save_name, "L%d.lms%d.ots%d", (int)L, (int)lms_type, (int)lmots_type); - FILE *fp; - if ((fp = fopen(save_name, "wb")) == NULL) - lose("Error opening %s: %s\n", save_name, strerror(errno)); - size_t len1; - if ((len1 = fwrite(tc1_msg, 1, sizeof(tc1_msg), fp)) != sizeof(tc1_msg)) - lose("Wrote %lu bytes to %s, expected %lu\n", len1, save_name, sizeof(tc1_msg)); - if (fclose(fp) != 0) - lose("Error closing %s: %s\n", save_name, strerror(errno)); - } + hal_uuid_t private_name; + struct timeval tv_start, tv_end, tv_diff; + + if (info) { + printf("Info: signature length %lu, lmots private key length %lu\n", + hal_hashsig_signature_len(L, lms_type, lmots_type), + hal_hashsig_lmots_private_key_len(lmots_type)); + gettimeofday(&tv_start, NULL); + } - hal_key_flags_t flags = HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE | HAL_KEY_FLAG_TOKEN; - - printf("Starting hashsig key test: L %lu, lms type %u (h=%lu), lmots type %u (w=%lu)\n", - L, lms_type, lms_type_to_h(lms_type), lmots_type, lmots_type_to_w(lmots_type)); - - if (info) - printf("Info: signature length %lu, lmots private key length %lu\n", - hal_hashsig_signature_len(L, lms_type, lmots_type), - hal_hashsig_lmots_private_key_len(lmots_type)); - - hal_uuid_t private_name, public_name; - struct timeval tv_start, tv_end, tv_diff; - - size_t h = lms_type_to_h(lms_type); - - if (info) - gettimeofday(&tv_start, NULL); - if ((err = hal_rpc_pkey_generate_hashsig(client, session, &private_key, &private_name, - L, lms_type, lmots_type, flags)) != HAL_OK) - lose("Could not generate hashsig private key: %s\n", hal_error_string(err)); - if (info) { - gettimeofday(&tv_end, NULL); - timersub(&tv_end, &tv_start, &tv_diff); - long per_key = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / (L * (1 << h)); - printf("Info: %ldm%ld.%03lds to generate key (%ld.%03lds per lmots key)\n", - tv_diff.tv_sec / 60, tv_diff.tv_sec % 60, tv_diff.tv_usec / 1000, - per_key / 1000000, (per_key % 1000000) / 1000); - } + if ((err = hal_rpc_pkey_generate_hashsig(client, session, &private_key, &private_name, + L, lms_type, lmots_type, flags)) != HAL_OK) + lose("Error generating private key: %s\n", hal_error_string(err)); + + if (info) { + gettimeofday(&tv_end, NULL); + timersub(&tv_end, &tv_start, &tv_diff); + long per_key = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / (L * (1 << lms_type_to_h(lms_type))); + printf("Info: %ldm%ld.%03lds to generate key (%ld.%03lds per lmots key)\n", + (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, + (long)per_key / 1000000, ((long)per_key % 1000000) / 1000); + } - uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)]; + if (keep) { + char name_str[HAL_UUID_TEXT_SIZE]; + if ((err = hal_uuid_format(&private_name, name_str, sizeof(name_str))) != HAL_OK) + lose("Error formatting private key name: %s\n", hal_error_string(err)); + printf("Private key name: %s\n", name_str); + } - if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &len, sizeof(public_der))) != HAL_OK) - lose("Could not DER encode public key from private key: %s\n", hal_error_string(err)); + *handle = private_key; + printf("OK\n"); + return 1; - assert(len == sizeof(public_der)); +fail: + if (private_key.handle != HAL_HANDLE_NONE && + (err = hal_rpc_pkey_delete(private_key)) != HAL_OK) + printf("Error deleting private key: %s\n", hal_error_string(err)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name, - public_der, sizeof(public_der), flags)) != HAL_OK) - lose("Could not load public key into RPC: %s\n", hal_error_string(err)); + handle->handle = HAL_HANDLE_NONE; + return 0; +} - if (save) { - char fn[strlen(save_name) + 5]; - sprintf(fn, "%s.pub", save_name); - FILE *fp; - if ((fp = fopen(fn, "wb")) == NULL) - lose("Error opening %s: %s\n", fn, strerror(errno)); - uint8_t pub[60]; - if ((err = hal_hashsig_public_key_der_to_xdr(public_der, sizeof(public_der), pub, &len, sizeof(pub))) != HAL_OK) - lose("Could not XDR encode public key: %s\n", hal_error_string(err)); - size_t len1; - if ((len1 = fwrite(pub, 1, len, fp)) != len) - lose("Wrote %lu bytes to %s, expected %lu\n", len1, fn, len); - if (fclose(fp) != 0) - lose("Error closing %s: %s\n", fn, strerror(errno)); +static int test_hashsig_sign(const hal_pkey_handle_t private_key, + const uint8_t * const msg, const size_t msg_len, + const size_t iterations, + const char * const save_name, + uint8_t *sig, size_t *sig_len, const size_t sig_max) +{ + hal_error_t err; + struct timeval tv_start, tv_end, tv_diff; + int i; + + if (info) + gettimeofday(&tv_start, NULL); + + for (i = 0; i < iterations; ++i) { + if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none, + msg, msg_len, + sig, sig_len, sig_max)) != HAL_OK) { + if (i > 0 && err == HAL_ERROR_HASHSIG_KEY_EXHAUSTED) + break; + else + lose("Error signing (%d): %s\n", i, hal_error_string(err)); } + } - if (iterations > 0) { - uint8_t sig[hal_hashsig_signature_len(L, lms_type, lmots_type)]; - - if (info) - gettimeofday(&tv_start, NULL); - int i; - for (i = 0; i < iterations; ++i) { - if ((err = hal_rpc_pkey_sign(private_key, hal_hash_handle_none, - tc1_msg, sizeof(tc1_msg), sig, &len, sizeof(sig))) == HAL_OK) { - assert(len == sizeof(sig)); - if (debug) { - printf("Debug: received signature:\n"); - dump_hss_signature(sig, len); - } - } - else { - if (i == (1 << (L * h)) && err == HAL_ERROR_HASHSIG_KEY_EXHAUSTED) - break; - else - lose("Could not sign (%d): %s\n", i, hal_error_string(err)); - } - if (save) { - char fn[strlen(save_name) + 16]; - sprintf(fn, "%s.%d.sig", save_name, i); - FILE *fp; - if ((fp = fopen(fn, "wb")) == NULL) - lose("Error opening %s: %s\n", fn, strerror(errno)); - size_t len1; - if ((len1 = fwrite(sig, 1, len, fp)) != len) - lose("Wrote %lu bytes to %s, expected %lu\n", len1, fn, len); - if (fclose(fp) != 0) - lose("Error closing %s: %s\n", fn, strerror(errno)); - } - } - if (info) { - gettimeofday(&tv_end, NULL); - timersub(&tv_end, &tv_start, &tv_diff); - long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i; - printf("Info: %ldm%ld.%03lds to generate %d signatures (%ld.%03lds per signature)\n", - tv_diff.tv_sec / 60, tv_diff.tv_sec % 60, tv_diff.tv_usec / 1000, i, - per_sig / 1000000, (per_sig % 1000000) / 1000); - } + if (info) { + gettimeofday(&tv_end, NULL); + timersub(&tv_end, &tv_start, &tv_diff); + long per_sig = (tv_diff.tv_sec * 1000000 + tv_diff.tv_usec) / i; + printf("Info: %ldm%ld.%03lds to generate %d signatures (%ld.%03lds per signature)\n", + (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000, i, + (long)per_sig / 1000000, ((long)per_sig % 1000000) / 1000); + } - if (info) - gettimeofday(&tv_start, NULL); - if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, - tc1_msg, sizeof(tc1_msg), sig, len)) != HAL_OK) - lose("Could not verify: %s\n", hal_error_string(err)); - if (info) { - gettimeofday(&tv_end, NULL); - timersub(&tv_end, &tv_start, &tv_diff); - printf("Info: %ldm%ld.%03lds to verify 1 signature\n", - tv_diff.tv_sec / 60, tv_diff.tv_sec % 60, tv_diff.tv_usec / 1000); - } - } + if (*save_name) { + /* save the signature for interop verification */ + char fn[strlen(save_name) + 5]; + sprintf(fn, "%s.sig", save_name); + FILE *fp; + if ((fp = fopen(fn, "wb")) == NULL) + lose("Error opening %s: %s\n", fn, strerror(errno)); + size_t len; + if ((len = fwrite(sig, 1, *sig_len, fp)) != *sig_len) + lose("Error: wrote %lu bytes to %s, expected %lu\n", len, fn, *sig_len); + if (fclose(fp) != 0) + lose("Error closing %s: %s\n", fn, strerror(errno)); + } - if (!keep) { - if ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK) - lose("Could not delete private key: %s\n", hal_error_string(err)); - } + printf("OK\n"); + return 1; - if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - lose("Could not delete public key: %s\n", hal_error_string(err)); +fail: + return 0; +} - printf("OK\n"); - return 1; +static int test_hashsig_verify(const hal_pkey_handle_t private_key, + const uint8_t * const msg, const size_t msg_len, + const char * const save_name, + uint8_t *sig, size_t sig_len) +{ + const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const hal_session_handle_t session = {HAL_HANDLE_NONE}; + hal_error_t err; + + hal_pkey_handle_t public_key = {HAL_HANDLE_NONE}; + hal_uuid_t public_name; + uint8_t public_der[hal_rpc_pkey_get_public_key_len(private_key)]; + size_t der_len; + + if ((err = hal_rpc_pkey_get_public_key(private_key, public_der, &der_len, sizeof(public_der))) != HAL_OK) + lose("Error DER encoding public key from private key: %s\n", hal_error_string(err)); + assert(der_len == sizeof(public_der)); + + if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name, + public_der, sizeof(public_der), HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)) != HAL_OK) + lose("Error loading public key: %s\n", hal_error_string(err)); + + if (*save_name) { + /* save the public key for interop verification */ + char fn[strlen(save_name) + 5]; + sprintf(fn, "%s.pub", save_name); + FILE *fp; + if ((fp = fopen(fn, "wb")) == NULL) + lose("Error opening %s: %s\n", fn, strerror(errno)); + uint8_t pub[60]; + size_t xdr_len; + if ((err = hal_hashsig_public_key_der_to_xdr(public_der, sizeof(public_der), pub, &xdr_len, sizeof(pub))) != HAL_OK) + lose("Error XDR encoding public key: %s\n", hal_error_string(err)); + size_t write_len; + if ((write_len = fwrite(pub, 1, xdr_len, fp)) != xdr_len) + lose("Wrote %lu bytes to %s, expected %lu\n", write_len, fn, xdr_len); + if (fclose(fp) != 0) + lose("Error closing %s: %s\n", fn, strerror(errno)); } -fail: - if (private_key.handle != HAL_HANDLE_NONE && - (err = hal_rpc_pkey_delete(private_key)) != HAL_OK) - printf("Warning: could not delete private key: %s\n", hal_error_string(err)); + struct timeval tv_start, tv_end, tv_diff; + if (info) + gettimeofday(&tv_start, NULL); - if (public_key.handle != HAL_HANDLE_NONE && - (err = hal_rpc_pkey_delete(public_key)) != HAL_OK) - printf("Warning: could not delete public key: %s\n", hal_error_string(err)); + if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, + msg, msg_len, sig, sig_len)) != HAL_OK) + lose("Error verifying: %s\n", hal_error_string(err)); + + if (info) { + gettimeofday(&tv_end, NULL); + timersub(&tv_end, &tv_start, &tv_diff); + printf("Info: %ldm%ld.%03lds to verify 1 signature\n", + (long)tv_diff.tv_sec / 60, (long)tv_diff.tv_sec % 60, (long)tv_diff.tv_usec / 1000); + } + if ((err = hal_rpc_pkey_delete(public_key)) != HAL_OK) + lose("Error deleting public key: %s\n", hal_error_string(err)); + + printf("OK\n"); + return 1; + +fail: return 0; } @@ -437,7 +444,7 @@ static int read_sig(char *fn) uint8_t sig[statbuf.st_size]; size_t len; if ((len = fread(sig, 1, sizeof(sig), fp)) != sizeof(sig)) - lose("Read %lu bytes from %s, expected %lu\n", len, fn, sizeof(sig)); + lose("Error: read %lu bytes from %s, expected %lu\n", len, fn, sizeof(sig)); if (fclose(fp) != 0) lose("Error closing %s: %s\n", fn, strerror(errno)); @@ -455,21 +462,24 @@ fail: int main(int argc, char *argv[]) { const hal_client_handle_t client = {HAL_HANDLE_NONE}; + const hal_session_handle_t session = {HAL_HANDLE_NONE}; char *pin = "fnord"; - int do_default = 1; int do_testvec = 0; - size_t iterations = 1; + size_t iterations = 0; size_t L_lo = 0, L_hi = 0; size_t lms_lo = 5, lms_hi = 0; size_t lmots_lo = 3, lmots_hi = 0; - int save = 0, keep = 0; + int save = 0, keep = 0, verify = 0; + char *name = NULL; + hal_key_flags_t flags = HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE | HAL_KEY_FLAG_TOKEN; char *p; hal_error_t err; int ok = 1; + uint8_t *msg = tc1_msg; + size_t msg_len = sizeof(tc1_msg); char usage[] = "\ -Usage: %s [-d] [-i] [-p pin] [-t] [-L n] [-l n] [-o n] [-n n] [-s] [-r file]\n\ - -d: enable debugging - hexdump signatures\n\ +Usage: %s [-i] [-p pin] [-t] [-L #] [-l #] [-o #] [-n #] [-s] [-r file] [-m file] [-x] [-v]\n\ -i: enable informational messages - runtimes and signature lengths\n\ -p: user PIN\n\ -t: verify test vectors\n\ @@ -477,23 +487,23 @@ Usage: %s [-d] [-i] [-p pin] [-t] [-L n] [-l n] [-o n] [-n n] [-s] [-r file]\n\ -l: LMS type (5..9)\n\ -o: LM-OTS type (1..4)\n\ -n: number of signatures to generate (0..'max')\n\ - -s: save generated public key and signatures\n\ -k: keep (don't delete) the generated keys on the hsm\n\ + -K: use named key for signing (don't generate)\n\ + -s: save generated public key and signatures for interop verification\n\ -r: read and pretty-print a saved signature file\n\ + -m: use file as message to be signed\n\ + -x: mark key as exportable\n\ + -v: verify generated signature\n\ Numeric arguments can be a single number or a range, e.g. '1..4'\n"; int opt; - while ((opt = getopt(argc, argv, "ditp:L:l:o:n:skr:h?")) != -1) { + while ((opt = getopt(argc, argv, "itp:L:l:o:n:skK:r:xvm:h?")) != -1) { switch (opt) { - case 'd': - debug = 1; - break; case 'i': info = 1; break; case 't': do_testvec = 1; - do_default = 0; break; case 'p': pin = optarg; @@ -503,28 +513,24 @@ Numeric arguments can be a single number or a range, e.g. '1..4'\n"; iterations = (size_t)-1; else iterations = (size_t)atoi(optarg); - do_default = 0; break; case 'L': if ((p = strtok(optarg, ".")) != NULL) L_lo = (size_t)atoi(p); if ((p = strtok(NULL, ".")) != NULL) L_hi = (size_t)atoi(p); - do_default = 0; break; case 'l': if ((p = strtok(optarg, ".")) != NULL) lms_lo = (size_t)atoi(p); if ((p = strtok(NULL, ".")) != NULL) lms_hi = (size_t)atoi(p); - do_default = 0; break; case 'o': if ((p = strtok(optarg, ".")) != NULL) lmots_lo = (size_t)atoi(p); if ((p = strtok(NULL, ".")) != NULL) lmots_hi = (size_t)atoi(p); - do_default = 0; break; case's': save = 1; @@ -532,34 +538,57 @@ Numeric arguments can be a single number or a range, e.g. '1..4'\n"; case 'k': keep = 1; break; + case 'K': + name = optarg; + break; case 'r': ok &= read_sig(optarg); - do_default = 0; break; + case 'x': + flags |= HAL_KEY_FLAG_EXPORTABLE; + break; + case 'v': + verify = 1; + if (iterations == 0) + iterations = 1; + break; + case 'm': + { + FILE *fp; + struct stat statbuf; + if (stat(optarg, &statbuf) != 0) + lose("Error statting %s: %s\n", optarg, strerror(errno)); + msg_len = statbuf.st_size; + if ((msg = malloc(msg_len)) == NULL) + lose("Error allocating message buffer: %s\n", strerror(errno)); + if ((fp = fopen(optarg, "rb")) == NULL) + lose("Error opening %s: %s\n", optarg, strerror(errno)); + size_t len; + if ((len = fread(msg, 1, msg_len, fp)) != msg_len) + lose("Error: read %lu bytes from %s, expected %lu\n", len, optarg, msg_len); + if (fclose(fp) != 0) + lose("Error closing %s: %s\n", optarg, strerror(errno)); + break; + } case 'h': case '?': fprintf(stdout, usage, argv[0]); - exit(EXIT_SUCCESS); + return EXIT_SUCCESS; default: fprintf(stderr, usage, argv[0]); - exit(EXIT_FAILURE); + return EXIT_FAILURE; } } - if (do_default) { - do_testvec = 1; - L_lo = 1; - } - if (L_hi < L_lo) L_hi = L_lo; if (lms_hi < lms_lo) lms_hi = lms_lo; if (lmots_hi < lmots_lo) lmots_hi = lmots_lo; if ((err = hal_rpc_client_init()) != HAL_OK) - printf("Warning: Trouble initializing RPC client: %s\n", hal_error_string(err)); + lose("Error initializing RPC client: %s\n", hal_error_string(err)); if ((err = hal_rpc_login(client, HAL_USER_NORMAL, pin, strlen(pin))) != HAL_OK) - printf("Warning: Trouble logging into HSM: %s\n", hal_error_string(err)); + lose("Error logging into HSM: %s\n", hal_error_string(err)); if (do_testvec) { for (int i = 0; i < (sizeof(hashsig_tc)/sizeof(*hashsig_tc)); i++) @@ -574,21 +603,88 @@ Numeric arguments can be a single number or a range, e.g. '1..4'\n"; /* A single test would be of the form '-L 2 -l 5 -o 3 -n 1' */ /* A range test of just keygen would be of the form '-o 1..4 -n 0' */ /* A test to key exhaustion would be of the form '-n max' */ - if (L_lo > 0) { - for (size_t L = L_lo; L <= L_hi; ++L) { - for (lms_algorithm_t lms_type = lms_lo; lms_type <= lms_hi; ++lms_type) { - for (lmots_algorithm_t lmots_type = lmots_lo; lmots_type <= lmots_hi; ++lmots_type) { - ok &= test_hashsig_sign(L, lms_type, lmots_type, iterations, save, keep); + + if (name != NULL) { + hal_uuid_t uuid; + hal_pkey_handle_t private_key = {HAL_HANDLE_NONE}; + + if ((err = hal_uuid_parse(&uuid, name)) != HAL_OK) + lose("Error parsing private key name: %s\n", hal_error_string(err)); + + else if ((err = hal_rpc_pkey_open(client, session, &private_key, &uuid)) != HAL_OK) + lose("Error opening private key: %s\n", hal_error_string(err)); + + if (save) { + /* save the message for interop verification */ + FILE *fp; + if ((fp = fopen(name, "wb")) == NULL) + lose("Error opening %s: %s\n", name, strerror(errno)); + size_t write_len; + if ((write_len = fwrite(msg, 1, msg_len, fp)) != msg_len) + lose("Error: wrote %lu bytes to %s, expected %lu\n", write_len, name, msg_len); + if (fclose(fp) != 0) + lose("Error closing %s: %s\n", name, strerror(errno)); + } + + uint8_t sig[16000]; + size_t sig_len; + if (iterations > 0) + ok &= test_hashsig_sign(private_key, msg, msg_len, iterations, + save ? name : "", sig, &sig_len, sizeof(sig)); + + if (ok && verify) + ok &= test_hashsig_verify(private_key, msg, msg_len, save ? name : "", sig, sig_len); + + /* implicitly keep the key */ + } + + else { + if (L_lo) { + for (size_t L = L_lo; L <= L_hi; ++L) { + for (hal_lms_algorithm_t lms_type = lms_lo; lms_type <= lms_hi; ++lms_type) { + for (hal_lmots_algorithm_t lmots_type = lmots_lo; lmots_type <= lmots_hi; ++lmots_type) { + printf("Starting hashsig key test: L %lu, lms type %u (h=%lu), lmots type %u (w=%lu)\n", + L, lms_type, lms_type_to_h(lms_type), lmots_type, lmots_type_to_w(lmots_type)); + + char save_name[16] = ""; + if (save) { + /* save the message for interop verification */ + sprintf(save_name, "L%d.lms%d.ots%d", (int)L, (int)lms_type, (int)lmots_type); + FILE *fp; + if ((fp = fopen(save_name, "wb")) == NULL) + lose("Error opening %s: %s\n", save_name, strerror(errno)); + size_t write_len; + if ((write_len = fwrite(msg, 1, msg_len, fp)) != msg_len) + lose("Error: wrote %lu bytes to %s, expected %lu\n", write_len, save_name, msg_len); + if (fclose(fp) != 0) + lose("Error closing %s: %s\n", save_name, strerror(errno)); + } + + hal_pkey_handle_t private_key = {HAL_HANDLE_NONE}; + ok &= test_hashsig_generate(L, lms_type, lmots_type, flags, keep, &private_key); + + uint8_t sig[hal_hashsig_signature_len(L, lms_type, lmots_type)]; + size_t sig_len; + if (ok && iterations > 0) + ok &= test_hashsig_sign(private_key, msg, msg_len, iterations, save_name, sig, &sig_len, sizeof(sig)); + + if (ok && verify) + ok &= test_hashsig_verify(private_key, msg, msg_len, save_name, sig, sig_len); + + if (!keep && ((err = hal_rpc_pkey_delete(private_key)) != HAL_OK)) + lose("Error deleting private key: %s\n", hal_error_string(err)); + } } } } } if ((err = hal_rpc_logout(client)) != HAL_OK) - printf("Warning: Trouble logging out of HSM: %s\n", hal_error_string(err)); + lose("Error logging out of HSM: %s\n", hal_error_string(err)); if ((err = hal_rpc_client_close()) != HAL_OK) - printf("Warning: Trouble shutting down RPC client: %s\n", hal_error_string(err)); + lose("Error shutting down RPC client: %s\n", hal_error_string(err)); +fail: return !ok; } diff --git a/tests/test-xdr.c b/tests/test-xdr.c index eedf48d..f084e01 100644 --- a/tests/test-xdr.c +++ b/tests/test-xdr.c @@ -95,8 +95,8 @@ int main(int argc, char *argv[]) printf("\nhal_xdr_decode_variable_opaque:\n"); readptr = buf; while (readptr < bufptr) { - size_t len = bufptr - readptr; - if ((ret = hal_xdr_decode_variable_opaque(&readptr, limit, readbuf, &len)) != HAL_OK) { + size_t len; + if ((ret = hal_xdr_decode_variable_opaque(&readptr, limit, readbuf, &len, bufptr - readptr)) != HAL_OK) { printf("%s\n", hal_error_string(ret)); break; } |