LCOV - code coverage report
Current view: top level - library/spdm_crypt_lib/fips - libspdm_selftest_slhdsa.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 100.0 % 3 3
Test Date: 2026-02-22 08:11:49 Functions: 100.0 % 1 1 

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2025-2026 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "internal/libspdm_crypt_lib.h"
       8              : #include "internal/libspdm_common_lib.h"
       9              : #include "internal/libspdm_fips_lib.h"
      10              : 
      11              : #if LIBSPDM_FIPS_MODE
      12              : 
      13            1 : bool libspdm_fips_selftest_slhdsa(void *fips_selftest_context)
      14              : {
      15            1 :     bool result = true;
      16              : 
      17              : #if LIBSPDM_SLH_DSA_SUPPORT
      18              :     libspdm_fips_selftest_context_t *context = fips_selftest_context;
      19              :     LIBSPDM_ASSERT(fips_selftest_context != NULL);
      20              : 
      21              :     /* any test fail cause the FIPS fail*/
      22              :     if (context->tested_algo != context->self_test_result) {
      23              :         return false;
      24              :     }
      25              : 
      26              :     /* check if run before.*/
      27              :     if ((context->tested_algo & LIBSPDM_FIPS_SELF_TEST_SLH_DSA) != 0) {
      28              :         return true;
      29              :     }
      30              : 
      31              :     uint8_t *signature;
      32              :     size_t sig_size;
      33              :     void *dsa_context;
      34              : 
      35              :     sig_size = 7856;
      36              :     LIBSPDM_ASSERT(context->selftest_buffer_size >= sig_size);
      37              :     LIBSPDM_ASSERT(context->selftest_buffer != NULL);
      38              :     libspdm_zero_mem(context->selftest_buffer, context->selftest_buffer_size);
      39              :     signature = context->selftest_buffer;
      40              : 
      41              :     /* KAT Vectors */
      42              :     extern const uint8_t message_hash_sha2_128s[262];
      43              :     extern const uint8_t priv_key_sha2_128s[64];
      44              :     extern const uint8_t public_key_sha2_128s[32];
      45              :     extern const uint8_t sign_context_sha2_128s[158];
      46              :     extern const uint8_t expected_signature_sha2_128s[7856];
      47              : 
      48              :     dsa_context = libspdm_slhdsa_new(LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_128S);
      49              :     if (dsa_context == NULL) {
      50              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context new failed \n"));
      51              :         result = false;
      52              :         goto update;
      53              :     }
      54              : 
      55              :     result = libspdm_slhdsa_set_pubkey(dsa_context, public_key_sha2_128s, sizeof(public_key_sha2_128s));
      56              :     if (!result) {
      57              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set public_key failed \n"));
      58              :         libspdm_slhdsa_free(dsa_context);
      59              :         result = false;
      60              :         goto update;
      61              :     }
      62              : 
      63              :     result = libspdm_slhdsa_set_privkey(dsa_context, priv_key_sha2_128s, sizeof(priv_key_sha2_128s));
      64              :     if (!result) {
      65              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set priv_key failed \n"));
      66              :         libspdm_slhdsa_free(dsa_context);
      67              :         result = false;
      68              :         goto update;
      69              :     }
      70              : 
      71              :     /*mldsa KAT test*/
      72              :     result = libspdm_slhdsa_sign_ex(dsa_context,
      73              :                                     sign_context_sha2_128s, sizeof(sign_context_sha2_128s),
      74              :                                     message_hash_sha2_128s, sizeof(message_hash_sha2_128s),
      75              :                                     signature, &sig_size,
      76              :                                     true);
      77              :     if (!result) {
      78              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S sign failed \n"));
      79              :         libspdm_slhdsa_free(dsa_context);
      80              :         result = false;
      81              :         goto update;
      82              :     }
      83              : 
      84              :     if (sig_size != sizeof(expected_signature_sha2_128s)) {
      85              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S KAT failed \n"));
      86              :         libspdm_slhdsa_free(dsa_context);
      87              :         result = false;
      88              :         goto update;
      89              :     }
      90              : 
      91              :     if (!libspdm_consttime_is_mem_equal(signature, expected_signature_sha2_128s,
      92              :                                         sizeof(expected_signature_sha2_128s))) {
      93              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S KAT failed \n"));
      94              :         libspdm_slhdsa_free(dsa_context);
      95              :         result = false;
      96              :         goto update;
      97              :     }
      98              : 
      99              :     result = libspdm_slhdsa_verify(dsa_context,
     100              :                                    sign_context_sha2_128s, sizeof(sign_context_sha2_128s),
     101              :                                    message_hash_sha2_128s, sizeof(message_hash_sha2_128s),
     102              :                                    signature, sig_size);
     103              :     if (!result) {
     104              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S selftest failed \n"));
     105              :         libspdm_slhdsa_free(dsa_context);
     106              :         result = false;
     107              :         goto update;
     108              :     }
     109              : 
     110              :     libspdm_slhdsa_free(dsa_context);
     111              : update:
     112              :     /* mark it as tested*/
     113              :     context->tested_algo |= LIBSPDM_FIPS_SELF_TEST_SLH_DSA;
     114              : 
     115              :     /* record test result*/
     116              :     if (result) {
     117              :         context->self_test_result |= LIBSPDM_FIPS_SELF_TEST_SLH_DSA;
     118              :     } else {
     119              :         context->self_test_result &= ~LIBSPDM_FIPS_SELF_TEST_SLH_DSA;
     120              :     }
     121              : 
     122              : #endif/*LIBSPDM_SLH_DSA_SUPPORT*/
     123              : 
     124            1 :     return result;
     125              : }
     126              : 
     127              : #endif/*LIBSPDM_FIPS_MODE*/

Generated by: LCOV version 2.0-1