LCOV - code coverage report
Current view: top level - library/spdm_crypt_lib/fips - libspdm_selftest_mldsa.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 100.0 % 3 3
Test Date: 2026-02-22 08:11:49 Functions: 100.0 % 1 1 

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2025-2026 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "internal/libspdm_crypt_lib.h"
       8              : #include "internal/libspdm_common_lib.h"
       9              : #include "internal/libspdm_fips_lib.h"
      10              : 
      11              : #if LIBSPDM_FIPS_MODE
      12              : 
      13            1 : bool libspdm_fips_selftest_mldsa(void *fips_selftest_context)
      14              : {
      15            1 :     bool result = true;
      16              : 
      17              : #if LIBSPDM_ML_DSA_SUPPORT
      18              :     libspdm_fips_selftest_context_t *context = fips_selftest_context;
      19              :     LIBSPDM_ASSERT(fips_selftest_context != NULL);
      20              : 
      21              :     /* any test fail cause the FIPS fail*/
      22              :     if (context->tested_algo != context->self_test_result) {
      23              :         return false;
      24              :     }
      25              : 
      26              :     /* check if run before.*/
      27              :     if ((context->tested_algo & LIBSPDM_FIPS_SELF_TEST_ML_DSA) != 0) {
      28              :         return true;
      29              :     }
      30              : 
      31              :     uint8_t *signature;
      32              :     size_t sig_size;
      33              :     void *dsa_context;
      34              : 
      35              :     sig_size = 4627;
      36              :     LIBSPDM_ASSERT(context->selftest_buffer_size >= sig_size);
      37              :     LIBSPDM_ASSERT(context->selftest_buffer != NULL);
      38              :     libspdm_zero_mem(context->selftest_buffer, context->selftest_buffer_size);
      39              :     signature = context->selftest_buffer;
      40              : 
      41              :     /* KAT Vectors */
      42              :     extern const uint8_t message_hash_mldsa_87[94];
      43              :     extern const uint8_t priv_key_mldsa_87[4896];
      44              :     extern const uint8_t public_key_mldsa_87[2592];
      45              :     extern const uint8_t sign_context_mldsa_87[208];
      46              :     extern const uint8_t expected_signature_mldsa_87[4627];
      47              : 
      48              :     dsa_context = libspdm_mldsa_new(LIBSPDM_CRYPTO_NID_ML_DSA_87);
      49              :     if (dsa_context == NULL) {
      50              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context new failed \n"));
      51              :         result = false;
      52              :         goto update;
      53              :     }
      54              : 
      55              :     result = libspdm_mldsa_set_pubkey(dsa_context, public_key_mldsa_87, sizeof(public_key_mldsa_87));
      56              :     if (!result) {
      57              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set public_key failed \n"));
      58              :         libspdm_mldsa_free(dsa_context);
      59              :         result = false;
      60              :         goto update;
      61              :     }
      62              : 
      63              :     result = libspdm_mldsa_set_privkey(dsa_context, priv_key_mldsa_87, sizeof(priv_key_mldsa_87));
      64              :     if (!result) {
      65              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set priv_key failed \n"));
      66              :         libspdm_mldsa_free(dsa_context);
      67              :         result = false;
      68              :         goto update;
      69              :     }
      70              : 
      71              :     /*mldsa KAT test*/
      72              :     result = libspdm_mldsa_sign_ex(dsa_context,
      73              :                                    sign_context_mldsa_87, sizeof(sign_context_mldsa_87),
      74              :                                    message_hash_mldsa_87, sizeof(message_hash_mldsa_87),
      75              :                                    signature, &sig_size,
      76              :                                    true);
      77              :     if (!result) {
      78              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 sign failed \n"));
      79              :         libspdm_mldsa_free(dsa_context);
      80              :         result = false;
      81              :         goto update;
      82              :     }
      83              : 
      84              :     if (sig_size != sizeof(expected_signature_mldsa_87)) {
      85              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 KAT failed \n"));
      86              :         libspdm_mldsa_free(dsa_context);
      87              :         result = false;
      88              :         goto update;
      89              :     }
      90              : 
      91              :     if (!libspdm_consttime_is_mem_equal(signature, expected_signature_mldsa_87,
      92              :                                         sizeof(expected_signature_mldsa_87))) {
      93              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 KAT failed \n"));
      94              :         libspdm_mldsa_free(dsa_context);
      95              :         result = false;
      96              :         goto update;
      97              :     }
      98              : 
      99              :     result = libspdm_mldsa_verify(dsa_context,
     100              :                                   sign_context_mldsa_87, sizeof(sign_context_mldsa_87),
     101              :                                   message_hash_mldsa_87, sizeof(message_hash_mldsa_87),
     102              :                                   signature, sig_size);
     103              :     if (!result) {
     104              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ML-DSA-87 selftest failed \n"));
     105              :         libspdm_mldsa_free(dsa_context);
     106              :         result = false;
     107              :         goto update;
     108              :     }
     109              : 
     110              :     libspdm_mldsa_free(dsa_context);
     111              : 
     112              : update:
     113              :     /* mark it as tested*/
     114              :     context->tested_algo |= LIBSPDM_FIPS_SELF_TEST_ML_DSA;
     115              : 
     116              :     /* record test result*/
     117              :     if (result) {
     118              :         context->self_test_result |= LIBSPDM_FIPS_SELF_TEST_ML_DSA;
     119              :     } else {
     120              :         context->self_test_result &= ~LIBSPDM_FIPS_SELF_TEST_ML_DSA;
     121              :     }
     122              : 
     123              : #endif/*LIBSPDM_ML_DSA_SUPPORT*/
     124              : 
     125            1 :     return result;
     126              : }
     127              : 
     128              : #endif/*LIBSPDM_FIPS_MODE*/

Generated by: LCOV version 2.0-1