Skip to content

Commit 4f79018

Browse files
FrauschiFrauschi
committed
Add more test coverage for ML-KEM and ML-DSA
* C_CopyObject: ML-DSA * pkcs11str: ML-KEM & ML-DSA * pkcs11mtt: ML-KEM & ML-DSA
1 parent d171b10 commit 4f79018

4 files changed

Lines changed: 618 additions & 3 deletions

File tree

tests/pkcs11mtt.c

Lines changed: 277 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,8 @@ static int soPinLen = 14;
6565
static byte* userPin = (byte*)"wolfpkcs11-test";
6666
static int userPinLen;
6767

68-
#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DH)
68+
#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DH) || \
69+
defined(WOLFPKCS11_MLDSA) || defined(WOLFPKCS11_MLKEM)
6970
static CK_OBJECT_CLASS pubKeyClass = CKO_PUBLIC_KEY;
7071
#endif
7172
static CK_OBJECT_CLASS privKeyClass = CKO_PRIVATE_KEY;
@@ -89,6 +90,12 @@ static CK_KEY_TYPE dhKeyType = CKK_DH;
8990
static CK_KEY_TYPE aesKeyType = CKK_AES;
9091
#endif
9192
static CK_KEY_TYPE genericKeyType = CKK_GENERIC_SECRET;
93+
#ifdef WOLFPKCS11_MLDSA
94+
static CK_KEY_TYPE mldsaKeyType = CKK_ML_DSA;
95+
#endif
96+
#ifdef WOLFPKCS11_MLKEM
97+
static CK_KEY_TYPE mlkemKeyType = CKK_ML_KEM;
98+
#endif
9299

93100

94101
static CK_RV test_session(void* args)
@@ -6367,6 +6374,269 @@ static CK_RV test_hmac_sha512_fail(void* args)
63676374
#endif
63686375
#endif
63696376

6377+
#ifdef WOLFPKCS11_MLDSA
6378+
static CK_RV gen_mldsa_keys(CK_SESSION_HANDLE session,
6379+
CK_ML_DSA_PARAMETER_SET_TYPE paramSet,
6380+
CK_OBJECT_HANDLE* pubKey,
6381+
CK_OBJECT_HANDLE* privKey,
6382+
unsigned char* privId, int privIdLen,
6383+
unsigned char* pubId, int pubIdLen, int onToken)
6384+
{
6385+
CK_RV ret = CKR_OK;
6386+
CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
6387+
CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE;
6388+
CK_MECHANISM mech;
6389+
CK_BBOOL token = (CK_BBOOL)onToken;
6390+
CK_ATTRIBUTE pubKeyTmpl[] = {
6391+
{ CKA_PARAMETER_SET, &paramSet, sizeof(paramSet) },
6392+
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
6393+
{ CKA_TOKEN, &token, sizeof(token) },
6394+
{ CKA_ID, pubId, pubIdLen },
6395+
};
6396+
int pubTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl);
6397+
CK_ATTRIBUTE privKeyTmpl[] = {
6398+
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
6399+
{ CKA_TOKEN, &token, sizeof(token) },
6400+
{ CKA_ID, privId, privIdLen },
6401+
};
6402+
int privTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl);
6403+
6404+
if (pubId == NULL)
6405+
pubTmplCnt--;
6406+
if (privId == NULL)
6407+
privTmplCnt--;
6408+
6409+
mech.mechanism = CKM_ML_DSA_KEY_PAIR_GEN;
6410+
mech.pParameter = NULL;
6411+
mech.ulParameterLen = 0;
6412+
6413+
ret = funcList->C_GenerateKeyPair(session, &mech, pubKeyTmpl, pubTmplCnt,
6414+
privKeyTmpl, privTmplCnt, &pub, &priv);
6415+
CHECK_CKR(ret, "ML-DSA Key Generation");
6416+
if (ret == CKR_OK && pubKey != NULL)
6417+
*pubKey = pub;
6418+
if (ret == CKR_OK && privKey != NULL)
6419+
*privKey = priv;
6420+
6421+
return ret;
6422+
}
6423+
6424+
static CK_RV find_mldsa_priv_key(CK_SESSION_HANDLE session,
6425+
CK_OBJECT_HANDLE* key, unsigned char* id, int idLen)
6426+
{
6427+
CK_RV ret;
6428+
CK_ATTRIBUTE tmpl[] = {
6429+
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
6430+
{ CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) },
6431+
{ CKA_ID, id, idLen },
6432+
};
6433+
CK_ULONG count;
6434+
6435+
ret = funcList->C_FindObjectsInit(session, tmpl,
6436+
sizeof(tmpl) / sizeof(*tmpl));
6437+
CHECK_CKR(ret, "ML-DSA Find Priv Objects Init");
6438+
if (ret == CKR_OK) {
6439+
ret = funcList->C_FindObjects(session, key, 1, &count);
6440+
CHECK_CKR(ret, "ML-DSA Find Priv Objects");
6441+
}
6442+
if (ret == CKR_OK) {
6443+
ret = funcList->C_FindObjectsFinal(session);
6444+
CHECK_CKR(ret, "ML-DSA Find Priv Objects Final");
6445+
}
6446+
if (ret == CKR_OK && count == 0) {
6447+
ret = -1;
6448+
CHECK_CKR(ret, "ML-DSA Find Priv Objects Count");
6449+
}
6450+
6451+
return ret;
6452+
}
6453+
6454+
static CK_RV mldsa_sign_verify(CK_SESSION_HANDLE session,
6455+
CK_OBJECT_HANDLE privKey, CK_OBJECT_HANDLE pubKey)
6456+
{
6457+
CK_RV ret;
6458+
CK_MECHANISM mech;
6459+
CK_SIGN_ADDITIONAL_CONTEXT signCtx;
6460+
byte data[64];
6461+
byte sig[4672]; /* ML-DSA-44 max sig size */
6462+
CK_ULONG sigSz;
6463+
6464+
XMEMSET(data, 0x5A, sizeof(data));
6465+
XMEMSET(&signCtx, 0, sizeof(signCtx));
6466+
signCtx.hedgeVariant = CKH_HEDGE_REQUIRED;
6467+
signCtx.pContext = NULL;
6468+
signCtx.ulContextLen = 0;
6469+
6470+
mech.mechanism = CKM_ML_DSA;
6471+
mech.pParameter = &signCtx;
6472+
mech.ulParameterLen = sizeof(signCtx);
6473+
6474+
ret = funcList->C_SignInit(session, &mech, privKey);
6475+
CHECK_CKR(ret, "ML-DSA Sign Init");
6476+
if (ret == CKR_OK) {
6477+
sigSz = sizeof(sig);
6478+
ret = funcList->C_Sign(session, data, sizeof(data), sig, &sigSz);
6479+
CHECK_CKR(ret, "ML-DSA Sign");
6480+
}
6481+
if (ret == CKR_OK) {
6482+
ret = funcList->C_VerifyInit(session, &mech, pubKey);
6483+
CHECK_CKR(ret, "ML-DSA Verify Init");
6484+
}
6485+
if (ret == CKR_OK) {
6486+
ret = funcList->C_Verify(session, data, sizeof(data), sig, sigSz);
6487+
CHECK_CKR(ret, "ML-DSA Verify");
6488+
}
6489+
6490+
return ret;
6491+
}
6492+
6493+
static CK_RV test_mldsa_gen_keys(void* args)
6494+
{
6495+
CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
6496+
CK_RV ret;
6497+
CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
6498+
CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE;
6499+
unsigned char* privId = (unsigned char*)"123mldsamttpriv";
6500+
int privIdLen = (int)strlen((char*)privId);
6501+
6502+
/* Generate and sign/verify */
6503+
ret = gen_mldsa_keys(session, CKP_ML_DSA_44, &pub, &priv, NULL, 0,
6504+
NULL, 0, 0);
6505+
if (ret == CKR_OK)
6506+
ret = mldsa_sign_verify(session, priv, pub);
6507+
6508+
funcList->C_DestroyObject(session, pub);
6509+
funcList->C_DestroyObject(session, priv);
6510+
pub = CK_INVALID_HANDLE;
6511+
priv = CK_INVALID_HANDLE;
6512+
6513+
/* Generate with ID and find */
6514+
if (ret == CKR_OK) {
6515+
ret = gen_mldsa_keys(session, CKP_ML_DSA_44, &pub, NULL, privId,
6516+
privIdLen, NULL, 0, 0);
6517+
}
6518+
if (ret == CKR_OK)
6519+
ret = find_mldsa_priv_key(session, &priv, privId, privIdLen);
6520+
if (ret == CKR_OK)
6521+
ret = mldsa_sign_verify(session, priv, pub);
6522+
6523+
funcList->C_DestroyObject(session, pub);
6524+
funcList->C_DestroyObject(session, priv);
6525+
6526+
return ret;
6527+
}
6528+
#endif /* WOLFPKCS11_MLDSA */
6529+
6530+
#ifdef WOLFPKCS11_MLKEM
6531+
static CK_RV gen_mlkem_keys(CK_SESSION_HANDLE session,
6532+
CK_ML_KEM_PARAMETER_SET_TYPE paramSet,
6533+
CK_OBJECT_HANDLE* pubKey,
6534+
CK_OBJECT_HANDLE* privKey,
6535+
unsigned char* privId, int privIdLen,
6536+
unsigned char* pubId, int pubIdLen, int onToken)
6537+
{
6538+
CK_RV ret = CKR_OK;
6539+
CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
6540+
CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE;
6541+
CK_MECHANISM mech;
6542+
CK_BBOOL token = (CK_BBOOL)onToken;
6543+
CK_ATTRIBUTE pubKeyTmpl[] = {
6544+
{ CKA_PARAMETER_SET, &paramSet, sizeof(paramSet) },
6545+
{ CKA_ENCAPSULATE, &ckTrue, sizeof(ckTrue) },
6546+
{ CKA_TOKEN, &token, sizeof(token) },
6547+
{ CKA_ID, pubId, pubIdLen },
6548+
};
6549+
int pubTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl);
6550+
CK_ATTRIBUTE privKeyTmpl[] = {
6551+
{ CKA_DECAPSULATE, &ckTrue, sizeof(ckTrue) },
6552+
{ CKA_TOKEN, &token, sizeof(token) },
6553+
{ CKA_ID, privId, privIdLen },
6554+
};
6555+
int privTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl);
6556+
6557+
if (pubId == NULL)
6558+
pubTmplCnt--;
6559+
if (privId == NULL)
6560+
privTmplCnt--;
6561+
6562+
mech.mechanism = CKM_ML_KEM_KEY_PAIR_GEN;
6563+
mech.pParameter = NULL;
6564+
mech.ulParameterLen = 0;
6565+
6566+
ret = funcList->C_GenerateKeyPair(session, &mech, pubKeyTmpl, pubTmplCnt,
6567+
privKeyTmpl, privTmplCnt, &pub, &priv);
6568+
CHECK_CKR(ret, "ML-KEM Key Generation");
6569+
if (ret == CKR_OK && pubKey != NULL)
6570+
*pubKey = pub;
6571+
if (ret == CKR_OK && privKey != NULL)
6572+
*privKey = priv;
6573+
6574+
return ret;
6575+
}
6576+
6577+
static CK_RV find_mlkem_priv_key(CK_SESSION_HANDLE session,
6578+
CK_OBJECT_HANDLE* key, unsigned char* id, int idLen)
6579+
{
6580+
CK_RV ret;
6581+
CK_ATTRIBUTE tmpl[] = {
6582+
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
6583+
{ CKA_KEY_TYPE, &mlkemKeyType, sizeof(mlkemKeyType) },
6584+
{ CKA_ID, id, idLen },
6585+
};
6586+
CK_ULONG count;
6587+
6588+
ret = funcList->C_FindObjectsInit(session, tmpl,
6589+
sizeof(tmpl) / sizeof(*tmpl));
6590+
CHECK_CKR(ret, "ML-KEM Find Priv Objects Init");
6591+
if (ret == CKR_OK) {
6592+
ret = funcList->C_FindObjects(session, key, 1, &count);
6593+
CHECK_CKR(ret, "ML-KEM Find Priv Objects");
6594+
}
6595+
if (ret == CKR_OK) {
6596+
ret = funcList->C_FindObjectsFinal(session);
6597+
CHECK_CKR(ret, "ML-KEM Find Priv Objects Final");
6598+
}
6599+
if (ret == CKR_OK && count == 0) {
6600+
ret = -1;
6601+
CHECK_CKR(ret, "ML-KEM Find Priv Objects Count");
6602+
}
6603+
6604+
return ret;
6605+
}
6606+
6607+
static CK_RV test_mlkem_gen_keys(void* args)
6608+
{
6609+
CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
6610+
CK_RV ret;
6611+
CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
6612+
CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE;
6613+
unsigned char* privId = (unsigned char*)"123mlkemmttpriv";
6614+
int privIdLen = (int)strlen((char*)privId);
6615+
6616+
/* Generate key pair */
6617+
ret = gen_mlkem_keys(session, CKP_ML_KEM_512, &pub, &priv, NULL, 0,
6618+
NULL, 0, 0);
6619+
6620+
funcList->C_DestroyObject(session, pub);
6621+
funcList->C_DestroyObject(session, priv);
6622+
pub = CK_INVALID_HANDLE;
6623+
priv = CK_INVALID_HANDLE;
6624+
6625+
/* Generate with ID and find */
6626+
if (ret == CKR_OK) {
6627+
ret = gen_mlkem_keys(session, CKP_ML_KEM_512, &pub, NULL, privId,
6628+
privIdLen, NULL, 0, 0);
6629+
}
6630+
if (ret == CKR_OK)
6631+
ret = find_mlkem_priv_key(session, &priv, privId, privIdLen);
6632+
6633+
funcList->C_DestroyObject(session, pub);
6634+
funcList->C_DestroyObject(session, priv);
6635+
6636+
return ret;
6637+
}
6638+
#endif /* WOLFPKCS11_MLKEM */
6639+
63706640
static CK_RV test_random(void* args)
63716641
{
63726642
CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
@@ -6660,6 +6930,12 @@ static TEST_FUNC testFunc[] = {
66606930
PKCS11MTT_CASE(test_hmac_sha512),
66616931
PKCS11MTT_CASE(test_hmac_sha512_fail),
66626932
#endif
6933+
#endif
6934+
#ifdef WOLFPKCS11_MLDSA
6935+
PKCS11MTT_CASE(test_mldsa_gen_keys),
6936+
#endif
6937+
#ifdef WOLFPKCS11_MLKEM
6938+
PKCS11MTT_CASE(test_mlkem_gen_keys),
66636939
#endif
66646940
PKCS11MTT_CASE(test_random),
66656941
};

0 commit comments

Comments
 (0)