LCOV - code coverage report
Current view: top level - library/spdm_crypt_lib/fips - libspdm_selftest_mldsa.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 100.0 % 3 3
Test Date: 2025-11-02 08:10:32 Functions: 100.0 % 1 1 

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "internal/libspdm_crypt_lib.h"
       8              : #include "internal/libspdm_common_lib.h"
       9              : #include "internal/libspdm_fips_lib.h"
      10              : 
      11              : #if LIBSPDM_FIPS_MODE
      12              : 
      13              : /**
      14              :  * mldsa self_test
      15              :  **/
      16            1 : bool libspdm_fips_selftest_mldsa(void *fips_selftest_context)
      17              : {
      18            1 :     bool result = true;
      19              : 
      20              : #if LIBSPDM_ML_DSA_SUPPORT
      21              :     libspdm_fips_selftest_context_t *context = fips_selftest_context;
      22              :     LIBSPDM_ASSERT(fips_selftest_context != NULL);
      23              : 
      24              :     /* any test fail cause the FIPS fail*/
      25              :     if (context->tested_algo != context->self_test_result) {
      26              :         return false;
      27              :     }
      28              : 
      29              :     /* check if run before.*/
      30              :     if ((context->tested_algo & LIBSPDM_FIPS_SELF_TEST_ML_DSA) != 0) {
      31              :         return true;
      32              :     }
      33              : 
      34              :     uint8_t *signature;
      35              :     size_t sig_size;
      36              :     void *dsa_context;
      37              : 
      38              :     sig_size = 4627;
      39              :     LIBSPDM_ASSERT(context->selftest_buffer_size >= sig_size);
      40              :     LIBSPDM_ASSERT(context->selftest_buffer != NULL);
      41              :     libspdm_zero_mem(context->selftest_buffer, context->selftest_buffer_size);
      42              :     signature = context->selftest_buffer;
      43              : 
      44              :     /* KAT Vectors */
      45              :     extern const uint8_t message_hash_mldsa_87[94];
      46              :     extern const uint8_t priv_key_mldsa_87[4896];
      47              :     extern const uint8_t public_key_mldsa_87[2592];
      48              :     extern const uint8_t sign_context_mldsa_87[208];
      49              :     extern const uint8_t expected_signature_mldsa_87[4627];
      50              : 
      51              :     dsa_context = libspdm_mldsa_new(LIBSPDM_CRYPTO_NID_ML_DSA_87);
      52              :     if (dsa_context == NULL) {
      53              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context new failed \n"));
      54              :         result = false;
      55              :         goto update;
      56              :     }
      57              : 
      58              :     result = libspdm_mldsa_set_pubkey(dsa_context, public_key_mldsa_87, sizeof(public_key_mldsa_87));
      59              :     if (!result) {
      60              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set public_key failed \n"));
      61              :         libspdm_mldsa_free(dsa_context);
      62              :         result = false;
      63              :         goto update;
      64              :     }
      65              : 
      66              :     result = libspdm_mldsa_set_privkey(dsa_context, priv_key_mldsa_87, sizeof(priv_key_mldsa_87));
      67              :     if (!result) {
      68              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set priv_key failed \n"));
      69              :         libspdm_mldsa_free(dsa_context);
      70              :         result = false;
      71              :         goto update;
      72              :     }
      73              : 
      74              :     /*mldsa KAT test*/
      75              :     result = libspdm_mldsa_sign_ex(dsa_context,
      76              :                                    sign_context_mldsa_87, sizeof(sign_context_mldsa_87),
      77              :                                    message_hash_mldsa_87, sizeof(message_hash_mldsa_87),
      78              :                                    signature, &sig_size,
      79              :                                    true);
      80              :     if (!result) {
      81              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 sign failed \n"));
      82              :         libspdm_mldsa_free(dsa_context);
      83              :         result = false;
      84              :         goto update;
      85              :     }
      86              : 
      87              :     if (sig_size != sizeof(expected_signature_mldsa_87)) {
      88              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 KAT failed \n"));
      89              :         libspdm_mldsa_free(dsa_context);
      90              :         result = false;
      91              :         goto update;
      92              :     }
      93              : 
      94              :     if (!libspdm_consttime_is_mem_equal(signature, expected_signature_mldsa_87,
      95              :                                         sizeof(expected_signature_mldsa_87))) {
      96              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 KAT failed \n"));
      97              :         libspdm_mldsa_free(dsa_context);
      98              :         result = false;
      99              :         goto update;
     100              :     }
     101              : 
     102              :     result = libspdm_mldsa_verify(dsa_context,
     103              :                                   sign_context_mldsa_87, sizeof(sign_context_mldsa_87),
     104              :                                   message_hash_mldsa_87, sizeof(message_hash_mldsa_87),
     105              :                                   signature, sig_size);
     106              :     if (!result) {
     107              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 selftest failed \n"));
     108              :         libspdm_mldsa_free(dsa_context);
     109              :         result = false;
     110              :         goto update;
     111              :     }
     112              : 
     113              :     libspdm_mldsa_free(dsa_context);
     114              : 
     115              : update:
     116              :     /* mark it as tested*/
     117              :     context->tested_algo |= LIBSPDM_FIPS_SELF_TEST_ML_DSA;
     118              : 
     119              :     /* record test result*/
     120              :     if (result) {
     121              :         context->self_test_result |= LIBSPDM_FIPS_SELF_TEST_ML_DSA;
     122              :     } else {
     123              :         context->self_test_result &= ~LIBSPDM_FIPS_SELF_TEST_ML_DSA;
     124              :     }
     125              : 
     126              : #endif/*LIBSPDM_ML_DSA_SUPPORT*/
     127              : 
     128            1 :     return result;
     129              : }
     130              : 
     131              : #endif/*LIBSPDM_FIPS_MODE*/

Generated by: LCOV version 2.0-1