LCOV - code coverage report
Current view: top level - library/spdm_crypt_lib/fips - libspdm_selftest_slhdsa.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 100.0 % 3 3
Test Date: 2025-11-02 08:10:32 Functions: 100.0 % 1 1 

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "internal/libspdm_crypt_lib.h"
       8              : #include "internal/libspdm_common_lib.h"
       9              : #include "internal/libspdm_fips_lib.h"
      10              : 
      11              : #if LIBSPDM_FIPS_MODE
      12              : 
      13              : /**
      14              :  * slhdsa self_test
      15              :  **/
      16            1 : bool libspdm_fips_selftest_slhdsa(void *fips_selftest_context)
      17              : {
      18            1 :     bool result = true;
      19              : 
      20              : #if LIBSPDM_SLH_DSA_SUPPORT
      21              :     libspdm_fips_selftest_context_t *context = fips_selftest_context;
      22              :     LIBSPDM_ASSERT(fips_selftest_context != NULL);
      23              : 
      24              :     /* any test fail cause the FIPS fail*/
      25              :     if (context->tested_algo != context->self_test_result) {
      26              :         return false;
      27              :     }
      28              : 
      29              :     /* check if run before.*/
      30              :     if ((context->tested_algo & LIBSPDM_FIPS_SELF_TEST_SLH_DSA) != 0) {
      31              :         return true;
      32              :     }
      33              : 
      34              :     uint8_t *signature;
      35              :     size_t sig_size;
      36              :     void *dsa_context;
      37              : 
      38              :     sig_size = 7856;
      39              :     LIBSPDM_ASSERT(context->selftest_buffer_size >= sig_size);
      40              :     LIBSPDM_ASSERT(context->selftest_buffer != NULL);
      41              :     libspdm_zero_mem(context->selftest_buffer, context->selftest_buffer_size);
      42              :     signature = context->selftest_buffer;
      43              : 
      44              :     /* KAT Vectors */
      45              :     extern const uint8_t message_hash_sha2_128s[262];
      46              :     extern const uint8_t priv_key_sha2_128s[64];
      47              :     extern const uint8_t public_key_sha2_128s[32];
      48              :     extern const uint8_t sign_context_sha2_128s[158];
      49              :     extern const uint8_t expected_signature_sha2_128s[7856];
      50              : 
      51              :     dsa_context = libspdm_slhdsa_new(LIBSPDM_CRYPTO_NID_SLH_DSA_SHA2_128S);
      52              :     if (dsa_context == NULL) {
      53              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context new failed \n"));
      54              :         result = false;
      55              :         goto update;
      56              :     }
      57              : 
      58              :     result = libspdm_slhdsa_set_pubkey(dsa_context, public_key_sha2_128s, sizeof(public_key_sha2_128s));
      59              :     if (!result) {
      60              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set public_key failed \n"));
      61              :         libspdm_slhdsa_free(dsa_context);
      62              :         result = false;
      63              :         goto update;
      64              :     }
      65              : 
      66              :     result = libspdm_slhdsa_set_privkey(dsa_context, priv_key_sha2_128s, sizeof(priv_key_sha2_128s));
      67              :     if (!result) {
      68              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "dsa_context set priv_key failed \n"));
      69              :         libspdm_slhdsa_free(dsa_context);
      70              :         result = false;
      71              :         goto update;
      72              :     }
      73              : 
      74              :     /*mldsa KAT test*/
      75              :     result = libspdm_slhdsa_sign_ex(dsa_context,
      76              :                                     sign_context_sha2_128s, sizeof(sign_context_sha2_128s),
      77              :                                     message_hash_sha2_128s, sizeof(message_hash_sha2_128s),
      78              :                                     signature, &sig_size,
      79              :                                     true);
      80              :     if (!result) {
      81              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S sign failed \n"));
      82              :         libspdm_slhdsa_free(dsa_context);
      83              :         result = false;
      84              :         goto update;
      85              :     }
      86              : 
      87              :     if (sig_size != sizeof(expected_signature_sha2_128s)) {
      88              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S KAT failed \n"));
      89              :         libspdm_slhdsa_free(dsa_context);
      90              :         result = false;
      91              :         goto update;
      92              :     }
      93              : 
      94              :     if (!libspdm_consttime_is_mem_equal(signature, expected_signature_sha2_128s,
      95              :                                         sizeof(expected_signature_sha2_128s))) {
      96              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S KAT failed \n"));
      97              :         libspdm_slhdsa_free(dsa_context);
      98              :         result = false;
      99              :         goto update;
     100              :     }
     101              : 
     102              :     result = libspdm_slhdsa_verify(dsa_context,
     103              :                                    sign_context_sha2_128s, sizeof(sign_context_sha2_128s),
     104              :                                    message_hash_sha2_128s, sizeof(message_hash_sha2_128s),
     105              :                                    signature, sig_size);
     106              :     if (!result) {
     107              :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "SLH-DSA-SHA2-128S selftest failed \n"));
     108              :         libspdm_slhdsa_free(dsa_context);
     109              :         result = false;
     110              :         goto update;
     111              :     }
     112              : 
     113              :     libspdm_slhdsa_free(dsa_context);
     114              : update:
     115              :     /* mark it as tested*/
     116              :     context->tested_algo |= LIBSPDM_FIPS_SELF_TEST_SLH_DSA;
     117              : 
     118              :     /* record test result*/
     119              :     if (result) {
     120              :         context->self_test_result |= LIBSPDM_FIPS_SELF_TEST_SLH_DSA;
     121              :     } else {
     122              :         context->self_test_result &= ~LIBSPDM_FIPS_SELF_TEST_SLH_DSA;
     123              :     }
     124              : 
     125              : #endif/*LIBSPDM_SLH_DSA_SUPPORT*/
     126              : 
     127            1 :     return result;
     128              : }
     129              : 
     130              : #endif/*LIBSPDM_FIPS_MODE*/

Generated by: LCOV version 2.0-1