1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/experimental/pqcrypto/signature/subtle/dilithium_avx2_sign.h"
18
19 #include <memory>
20 #include <string>
21 #include <utility>
22
23 #include "gmock/gmock.h"
24 #include "testing/base/public/googletest.h"
25 #include "gtest/gtest.h"
26 #include "absl/status/status.h"
27 #include "absl/strings/str_cat.h"
28 #include "tink/config/tink_fips.h"
29 #include "tink/experimental/pqcrypto/signature/subtle/dilithium_key.h"
30 #include "tink/public_key_sign.h"
31 #include "tink/public_key_verify.h"
32 #include "tink/util/secret_data.h"
33 #include "tink/util/status.h"
34 #include "tink/util/statusor.h"
35 #include "tink/util/test_matchers.h"
36
37 extern "C" {
38 #include "third_party/pqclean/crypto_sign/dilithium2/api.h"
39 #include "third_party/pqclean/crypto_sign/dilithium2aes/api.h"
40 #include "third_party/pqclean/crypto_sign/dilithium3/api.h"
41 #include "third_party/pqclean/crypto_sign/dilithium3aes/api.h"
42 #include "third_party/pqclean/crypto_sign/dilithium5/api.h"
43 #include "third_party/pqclean/crypto_sign/dilithium5aes/api.h"
44 }
45
46 namespace crypto {
47 namespace tink {
48 namespace subtle {
49 namespace {
50
51 struct DilithiumTestCase {
52 std::string test_name;
53 int32_t key_size;
54 int32_t signature_length;
55 DilithiumSeedExpansion seed_expansion;
56 };
57
58 using ::crypto::tink::test::IsOk;
59 using ::crypto::tink::test::StatusIs;
60 using crypto::tink::util::Status;
61
62 using DilithiumAvx2SignTest = testing::TestWithParam<DilithiumTestCase>;
63
TEST(DilithiumAvx2SignTest,InvalidPrivateKeys)64 TEST(DilithiumAvx2SignTest, InvalidPrivateKeys) {
65 if (IsFipsModeEnabled()) {
66 GTEST_SKIP() << "Test assumes kOnlyUseFips is false.";
67 }
68
69 for (int keysize = 0;
70 keysize <= PQCLEAN_DILITHIUM5_CRYPTO_SECRETKEYBYTES; keysize++) {
71 if (keysize == PQCLEAN_DILITHIUM2_CRYPTO_SECRETKEYBYTES ||
72 keysize == PQCLEAN_DILITHIUM3_CRYPTO_SECRETKEYBYTES ||
73 keysize == PQCLEAN_DILITHIUM5_CRYPTO_SECRETKEYBYTES) {
74 // Valid key size.
75 continue;
76 }
77
78 util::SecretData key_data(keysize, 'x');
79 EXPECT_FALSE(
80 DilithiumAvx2Sign::New(
81 *DilithiumPrivateKeyPqclean::NewPrivateKey(
82 key_data, DilithiumSeedExpansion::SEED_EXPANSION_SHAKE))
83 .ok());
84 }
85 }
86
TEST_P(DilithiumAvx2SignTest,SignatureLength)87 TEST_P(DilithiumAvx2SignTest, SignatureLength) {
88 if (IsFipsModeEnabled()) {
89 GTEST_SKIP() << "Test assumes kOnlyUseFips is false.";
90 }
91
92 const DilithiumTestCase& test_case = GetParam();
93
94 // Generate key pair.
95 util::StatusOr<
96 std::pair<DilithiumPrivateKeyPqclean, DilithiumPublicKeyPqclean>>
97 key_pair = DilithiumPrivateKeyPqclean::GenerateKeyPair(
98 test_case.key_size, test_case.seed_expansion);
99
100 ASSERT_THAT(key_pair, IsOk());
101
102 // Create a new signer.
103 util::StatusOr<std::unique_ptr<PublicKeySign>> signer =
104 DilithiumAvx2Sign::New(key_pair->first);
105 ASSERT_THAT(signer, IsOk());
106
107 // Sign a message.
108 std::string message = "message to be signed";
109 util::StatusOr<std::string> signature = (*std::move(signer))->Sign(message);
110 ASSERT_THAT(signature, IsOk());
111
112 // Check signature size.
113 EXPECT_NE(*signature, message);
114 EXPECT_EQ((*signature).size(), test_case.signature_length);
115 }
116
TEST_P(DilithiumAvx2SignTest,Determinism)117 TEST_P(DilithiumAvx2SignTest, Determinism) {
118 if (IsFipsModeEnabled()) {
119 GTEST_SKIP() << "Test assumes kOnlyUseFips is false.";
120 }
121
122 const DilithiumTestCase& test_case = GetParam();
123
124 // Generate key pair.
125 util::StatusOr<
126 std::pair<DilithiumPrivateKeyPqclean, DilithiumPublicKeyPqclean>>
127 key_pair = DilithiumPrivateKeyPqclean::GenerateKeyPair(
128 test_case.key_size, test_case.seed_expansion);
129
130 ASSERT_THAT(key_pair, IsOk());
131
132 // Create two signers based on same private key.
133 util::StatusOr<std::unique_ptr<PublicKeySign>> first_signer =
134 DilithiumAvx2Sign::New(key_pair->first);
135 ASSERT_THAT(first_signer, IsOk());
136
137 util::StatusOr<std::unique_ptr<PublicKeySign>> second_signer =
138 DilithiumAvx2Sign::New(key_pair->first);
139 ASSERT_THAT(second_signer, IsOk());
140
141 // Sign the same message twice, using the same private key.
142 std::string message = "message to be signed";
143 util::StatusOr<std::string> first_signature =
144 (*std::move(first_signer))->Sign(message);
145 ASSERT_THAT(first_signature, IsOk());
146
147 util::StatusOr<std::string> second_signature =
148 (*std::move(second_signer))->Sign(message);
149 ASSERT_THAT(second_signature, IsOk());
150
151 // Check signatures size.
152 EXPECT_NE(*first_signature, message);
153 EXPECT_EQ((*first_signature).size(), test_case.signature_length);
154
155 EXPECT_NE(*second_signature, message);
156 EXPECT_EQ((*second_signature).size(), test_case.signature_length);
157
158 // Check if signatures are equal.
159 EXPECT_EQ(*first_signature, *second_signature);
160 }
161
TEST_P(DilithiumAvx2SignTest,FipsMode)162 TEST_P(DilithiumAvx2SignTest, FipsMode) {
163 if (!IsFipsModeEnabled()) {
164 GTEST_SKIP() << "Test assumes kOnlyUseFips.";
165 }
166
167 const DilithiumTestCase& test_case = GetParam();
168
169 // Generate key pair.
170 util::StatusOr<
171 std::pair<DilithiumPrivateKeyPqclean, DilithiumPublicKeyPqclean>>
172 key_pair = DilithiumPrivateKeyPqclean::GenerateKeyPair(
173 test_case.key_size, test_case.seed_expansion);
174
175 ASSERT_THAT(key_pair, IsOk());
176
177 // Create a new signer.
178 EXPECT_THAT(DilithiumAvx2Sign::New(key_pair->first).status(),
179 StatusIs(absl::StatusCode::kInternal));
180 }
181
182 INSTANTIATE_TEST_SUITE_P(
183 DilithiumAvx2SignTests, DilithiumAvx2SignTest,
184 testing::ValuesIn<DilithiumTestCase>({
185 {"Dilithium2", PQCLEAN_DILITHIUM2_CRYPTO_SECRETKEYBYTES,
186 PQCLEAN_DILITHIUM2_CRYPTO_BYTES,
187 DilithiumSeedExpansion::SEED_EXPANSION_SHAKE},
188 {"Dilithium3", PQCLEAN_DILITHIUM3_CRYPTO_SECRETKEYBYTES,
189 PQCLEAN_DILITHIUM3_CRYPTO_BYTES,
190 DilithiumSeedExpansion::SEED_EXPANSION_SHAKE},
191 {"Dilithium5", PQCLEAN_DILITHIUM5_CRYPTO_SECRETKEYBYTES,
192 PQCLEAN_DILITHIUM5_CRYPTO_BYTES,
193 DilithiumSeedExpansion::SEED_EXPANSION_SHAKE},
194 {"Dilithium2Aes", PQCLEAN_DILITHIUM2AES_CRYPTO_SECRETKEYBYTES,
195 PQCLEAN_DILITHIUM2AES_CRYPTO_BYTES,
196 DilithiumSeedExpansion::SEED_EXPANSION_AES},
197 {"Dilithium3Aes", PQCLEAN_DILITHIUM3AES_CRYPTO_SECRETKEYBYTES,
198 PQCLEAN_DILITHIUM3_CRYPTO_BYTES,
199 DilithiumSeedExpansion::SEED_EXPANSION_AES},
200 {"Dilithium5Aes", PQCLEAN_DILITHIUM5AES_CRYPTO_SECRETKEYBYTES,
201 PQCLEAN_DILITHIUM5AES_CRYPTO_BYTES,
202 DilithiumSeedExpansion::SEED_EXPANSION_AES},
203 }),
__anonbb94a61a0202(const testing::TestParamInfo<DilithiumAvx2SignTest::ParamType>& info) 204 [](const testing::TestParamInfo<DilithiumAvx2SignTest::ParamType>& info) {
205 return info.param.test_name;
206 });
207
208 } // namespace
209 } // namespace subtle
210 } // namespace tink
211 } // namespace crypto
212