parallel-sphincsplus/test_keygen.cpp at main · sphincs/parallel-sphincsplus · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
#include <cstdio>
#include <stdbool.h>
#include <string.h>
#include <exception>
#include "api.h"
#include "test_sphincs.h"

//
// This tests out the key generation process
// There isn't a great deal to check out (do we generate valid
// public/private keypairs?  Do the various APIs work as intended?), but we
// do what we can...

typedef bool (*random_function)( void *target, size_t num_bytes );

//
// This is an 'RNG' that always gives a fixed pattern
static bool fixed_rng( void *target, size_t num_bytes ) {
    unsigned char *p = (unsigned char *)target;
    while (num_bytes) {
        *p++ = num_bytes--;
    }
    return true;
}

//
// This is an RNG that fails
static bool bad_rng( void *target, size_t num_bytes ) {
    (void)target;
    (void)num_bytes;
    return false;
}

//
// This is an 'RNG' that always a different pattern each time
// This uses CRC-16; not exactly cryptographicall secure
// especially since we advance the CRC only once for each
// byte output), but good enough for our purposes
static bool good_rng( void *target, size_t num_bytes ) {
    unsigned char *p = (unsigned char *)target;
    static uint32_t seed = 0x01;
    while (num_bytes--) {
        *p++ = seed & 0xff;
	uint32_t feedback = (1&(seed >> 15)) * 0x12F15;
	seed = (seed << 1) ^ feedback;
    }
    return true;
}

class keygen_test {
    bool fast_flag;
    enum noise_level level;
public:
    keygen_test( bool flg, enum noise_level lev ) {
        fast_flag = flg;
        level = lev;
    }
    bool run( slh_dsa::key& k, const char *name, bool always );
};

bool keygen_test::run( slh_dsa::key& k,
                       const char* parameter_set_name, bool always ) {
        // If we're running in fast mode, skip any parameter set that is not
        // marked as always
    if (fast_flag && !always) return true;

    if (level == loud) {
        printf( " Checking %s\n", parameter_set_name);
    }

    unsigned len_pub = k.len_public_key();
    unsigned len_priv = k.len_private_key();
    std::unique_ptr<unsigned char[]>pub_k( new unsigned char[len_pub] );
    unsigned char *pub_key = pub_k.get();
    std::unique_ptr<unsigned char[]>priv_k( new unsigned char[len_priv] );
    unsigned char *priv_key = priv_k.get();

        // Make sure that attempting to generate a key with no random
	// source doesn't work
    if (k.generate_key_pair(0)) {
        printf( "*** KEY GENERATION WITH NO ENTROPY WORKED\n" );
        return false;
    }

        // Make sure that attempting to generate a key with a random
	// source that fails doesn't work
    if (k.generate_key_pair(bad_rng)) {
        printf( "*** KEY GENERATION WITH NO ENTROPY WORKED\n" );
        return false;
    }

        // Make sure tht attempting to generate a key with the default
	// random source does work
    if (!k.generate_key_pair()) {
        printf( "*** KEY GENERATION WITH DEFAULT ENTROPY DIDN'T WORK\n" );
        return false;
    }

        // Same the public and private keys and try again
    memcpy( pub_key, k.get_public_key(), len_pub );
    memcpy( priv_key, k.get_private_key(), len_priv );
    if (!k.generate_key_pair()) {
        printf( "*** KEY GENERATION WITH DEFAULT ENTROPY DIDN'T WORK\n" );
        return false;
    }
        // Make sure that it generated different keys
    if (0 == memcmp( pub_key, k.get_public_key(), len_pub) ||
        0 == memcmp( priv_key, k.get_private_key(), len_priv)) {
        printf( "*** KEY GENERATION WITH DEFAULT ENTROPY REPEATED KEYS\n" );
        return false;
    }

        // Make sure tht attempting to generate a key with a good
	// random source does work
    if (!k.generate_key_pair(good_rng)) {
        printf( "*** KEY GENERATION WITH GOOD ENTROPY DIDN'T WORK\n" );
        return false;
    }

        // Same the public and private keys and try again
    memcpy( pub_key, k.get_public_key(), len_pub );
    memcpy( priv_key, k.get_private_key(), len_priv );
    if (!k.generate_key_pair(good_rng)) {
        printf( "*** KEY GENERATION WITH GOOD ENTROPY DIDN'T WORK\n" );
        return false;
    }
        // Make sure that it generated different keys
    if (0 == memcmp( pub_key, k.get_public_key(), len_pub) ||
        0 == memcmp( priv_key, k.get_private_key(), len_priv)) {
        printf( "*** KEY GENERATION WITH GOOD ENTROPY REPEATED KEYS\n" );
        return false;
    }

        // Make sure tht attempting to generate a key with a fixed
	// random source does work
    if (!k.generate_key_pair(fixed_rng)) {
        printf( "*** KEY GENERATION WITH FIXED ENTROPY DIDN'T WORK\n" );
        return false;
    }

        // Save the public and private keys and try again
    memcpy( pub_key, k.get_public_key(), len_pub );
    memcpy( priv_key, k.get_private_key(), len_priv );
    if (!k.generate_key_pair(fixed_rng)) {
        printf( "*** KEY GENERATION WITH FIXED ENTROPY DIDN'T WORK\n" );
        return false;
    }
        // Make sure that it generated the same keys
    if (0 != memcmp( pub_key, k.get_public_key(), len_pub) ||
        0 != memcmp( priv_key, k.get_private_key(), len_priv)) {
        printf( "*** KEY GENERATION WITH FIXED ENTROPY GENERATED DIFFERENT KEYS\n" );
        return false;
    }

    return true;
}

#define CONCAT( A, B ) A##B
#define RUN_TEST(PARM_SET, always) {                                \
    CONCAT( slh_dsa::key_, PARM_SET) k;                             \
    if (!s.run( k, #PARM_SET, always )) {                           \
        return false;                                               \
    }                                                               \
}

bool test_keygen(bool fast_flag, enum noise_level level) {
    keygen_test s( fast_flag, level );

    // By default, we check all the 'F' parameter sets (they're fast)
    // and selected 'S' parameter sets

    // L1 parameter sets
    RUN_TEST( sha2_128s, true );
    RUN_TEST( sha2_128f, true );
    RUN_TEST( shake_128s, true );
    RUN_TEST( shake_128f, true );

    // L3 parameter sets
    RUN_TEST( sha2_192s, false );
    RUN_TEST( sha2_192f, true );
    RUN_TEST( shake_192s, false );
    RUN_TEST( shake_192f, true );

    // L5 parameter sets
    RUN_TEST( sha2_256s, false );
    RUN_TEST( sha2_256f, true );
    RUN_TEST( shake_256s, false );
    RUN_TEST( shake_256f, true );

    return true;
}