Fix instructions and test data for pyhsslms interop tests

The test data was invalid because it had the extra 4-byte prefix for HSS.
Regenerate it (which produces completely new signatures since it is
randomized).

Rearrange the reproduction instructions for the second test case so that it
shows more clearly how to generate a second signature with the same private
key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-10-13 20:45:05 +02:00
parent 8bccc999d9
commit 2875aa7b01

View File

@ -13,7 +13,7 @@ LMS pyhsslms interop test #1
# limited amount of available test vectors for LMS. The private key is stored in
# data_files/lms_pyhsslms_sha256_m32_h5_lmots_sha256_n32_w8_prv. Note that this signature
# uses leaf key 0, so must be the first signature generated by the key if the
# signature is to be reproduced. Message data is random. Note that hash-sigs
# signature is to be reproduced. Message data is random. Note that pyhsslms
# stores public keys and signatures in HSS form, which appends a 4-byte "levels"
# word at the start of the key/sig. We strip these 4 bytes from the signature
# and the public key before including them in a the test data.
@ -27,42 +27,26 @@ LMS pyhsslms interop test #1
# import pyhsslms
#
# private_key = pyhsslms.HssLmsPrivateKey('tmp/lms')
#
# message = bytes.fromhex('60da1a17c88c59da8a730e6ca8effd37')
# public_key = private_key.hss_pub
# sig = private_key.sign(message)
# print('lms_verify_test:"{}":"{}":"{}":0'.format(message.hex(), sig.hex(), public_key.serialize().hex()))
lms_verify_test:"60da1a17c88c59da8a730e6ca8effd37":"0000000000000000000000042c85763d2abaedaecd484517ff85138e8ab7f621585a6f8f5e072c9c0851e89aa6bb116a2cef094155cb142f0bdb84dddfa3ab236dd3bd1019b2a4caa8e26c011d3f9fc8f7df57d8f475564d5b5bd92af9f62137e176cda914bac6e07a086d287d2d9e6d7b9ad768462a39930c19761905136345a0a9f2e28f5bcd288c9137cc828bc790be3020405f4e273b6749dc35d1f4bfea3eb679ca1b46fe26196dbb7ba7f0d56643e716ca3a2f0491fbe5c5aec80ab1a4f718577655e3e56ced0e562f137c7f2be6a9c4589442f23e0c51f19fed5b9e834ffb26dca160d4fe11b7e66bf4fa099bea131620e2906fcbbf5071348cedcb70c372a8a99f7e582f02858d0d7c66ea45728a11420cf20937362dce440f0b8a96fa47e6d03470044555e5a46ec758d4e86b773afe5f5b97c328990a2e4ed59e879ec5f4c59eaaec13cc6790d38a4754a5f0029e53b4461406f6e958dc7ca3a88984e675533cac7f54c00fdfb879acd13404b091e599248eb69624bb2a8f73be37e3ec9fb5d6b9cf65f738333d93d82558c7552ba39f6afce7a7bb6756083e1e61c4a02c36a501c19b08856ba9ff07de3a0e1a6a44abcd0a663643bd8dddf5949eb4ce86feb93ba59f15b18fba26098a8a3a2aa1e5ad79155728c28904a1b218426744b4897a263be0954440e0a85ec378f922a91bbdb098b07d5873667277d22218a3b3a64292648da86b4aaa6af23fd6efa6567b184781159ca9d69619da9b7c1e9c2f9cafcc1f6ca244ae6ced58d880b72cd3fa1269b1d634fd4f551815ce59701773f6454edca537138bc00540c01f0735946151747a3ecb591775b86ecdb58d24aebb67e204e1e17882563a089c13ccea1e8baa5ed3515fd3d691697d826829fbf33a234198abac4bebc6ea6e56cba0925412b8f37bc1e532012b1d1fabf99d1b5ff15ba323ac6b5ba89353a115a5619755d1481fdce82180430fbeef3466e188b6508713ec958074ab6c81a30141a6f14b7768b7f5b25712f9a2aedd0a0b9fae183472b290b51ee92a5ddbcca3994dbb7860f13b9fde81ade00c2c29a0692033d8d2a6827fcc9b50b15b94c2507636710ce681b5b2d5792ea2e0c3a8bb4e8a3c00ab0fa924c228d88a47d649e6804394767db291d2e6b0976f56209d0cf8d2804f402342e98764cb8cee65dde7df65cb241fd2af599ffd8063fd5a28ff4f105c15f7b836cc792402c78c2281302e3cdf7f5e11beacef8b5c5a41ed8a6c30d622cca1fd7075aa12e3d7d54f2c4b7375b8eac6c1be8f8b7e97c17f73b698d01d5f0fa3c644b0b225b390cd613c18ea141ecd1801ad9a4518db5c1c115360b09dda5071ff130d3bff4809e3a1ce9ab5115d86f46cf8b8733271415582d97fa479ede1393d455cf9d227a4248e7d56d280075af69fe8946ac4a98056ac5e4f89a54d813222fb76fcf700bc34e3c9e3650c16cafc83d16e6f3240c443c64e807495a482a66a77d3b552d167c0d0355a25266a3d55ba593b68eaab6c24b0264e3832f08ca0dd91cc8a711c9e23ad37b76e8e658f6b1f61d5e448787fb57f13bcbf88e6939c265d3d6c07295703000000068b991bed50319a6cb9ff040b92f1563889b3787c37145fc9737d4643f66ade33ebd85a2c29b8c64a581cff01b89d59807d6fade2d2c88872f77d0ed83d97c4b5438681d0b95feb973125e4ee70ebe11699290b831e86571e36513a71f159d48ce563f6814cc2a89851d2520c5275b34cc83614cab14c0d197166580d800ee6b9004b8fd72daac8d73c36c1623c37be93ba49a06c4efde238a3a10a05daba5d4942f7de52648af2be31f33e723b3605346282f5d5e356c5d0004eea40fe0b80abf658f6c96c56319ab53d7fefb5879e0136d1cf320973a2f47c1ee3d21554910f09d17afac4607657c4309890957a4954bf86e2a8491ba37dd88b2c3fe3c7edebd767c400bc23e40d165b27133c726b90bc26cbb2a86a6aa400c47aa7ffc538388de8490b9349afa53b814ffe2a56ff16a496e9648284193754f989f6f12aeb6e":"000000010000000600000004d96bb26744d99ef624e32161c36d3d6efcdd0484e2b17a6dd183125be4b1af1cda931a91a3acb1151877c174f7943fd9":0
#
# message1 = bytes.fromhex('60da1a17c88c59da8a730e6ca8effd37')
# sig1 = private_key.sign(message1)[4:]
# print('lms_verify_test:"{}":"{}":"{}":0'.format(message1.hex(), sig1.hex(), public_key.serialize()[4:].hex()))
lms_verify_test:"60da1a17c88c59da8a730e6ca8effd37":"000000000000000436c1e7d365851f12310f77341f4f994da12f39ad5d4cddf51563e80c98640f7edcc6ca027a76e48fe8f01f077f2733026c75e76fdb236b981e7bbe92e37527a5dc64d67449106387ab0ffffd5b5d4187165b4f03965dbdc5c652a4fc81ab83e951b24b61bf86d4d9a7e8d15206cac92c866b5bb358745306525955c56dfc925c48d0259865372043643c3b11daedd40d474c386daa36e3887bb65633cab290078eb2bc24c478a9ae18ac9fbd7c4a6e5338410b22adf02a27178c5a6e2d9ad403120d76c4dd27ec8974943b8226f86834364ac40984a96f1a1201e50eaf31c44e1c12b03a0cab40f6dcfc8acacfbd46333b48985e8b3a843c8f562a8007f69586444114adade8931adbdd636ee055423e33e4fddeff509a64b4589d25034adca9d55359c1489699cc6438c21da4b01d5403f53c2308fa28a9318235b788c15b37d359217301e9d0fa1b9a3b71ef95aca3657a976fd021ce20bbd4674d1a0cc551050b21ecd96f74a591bd84b5e9ae8b966592721a24bf0e16a44102c86999697ade9f7c937277fe8447b65573776507eda7725fbdf5ce27cdf6552d57b76e6f807a575dae1c9abaeb4667bcf0534ce78796f542b65a109bd9650b880d0ca638cf5de1ad97f6c52fa24951404cad923f649aabe664fabf318fc5910a8fecae45479b36c4961572a9d472b6de23cd601ae0d79ec98dcf9d0d5de6ebc9e71665d2b7066a8cdb93a5f65f48978fee68ed8c94a43af8759a2603321af84d22a4a37d7dfe6811f3d9b3c1bd9940214678f784658bf224a6e7efe22e30b962c7cbd18bb92df3d5e86b81493db30d761fb4775dab56a6c446f2b34d906944a72cf71f4f637f0668069f24ebb55e1c50b52c2f35b568b66fa648f5ebf10f74ff48246c3ead6cd6a5901c35f3411584760574c2db86ee5d23a094bffc16369f9845fe2570b1357315f401f1bc201ba165ee16a9afd811e4f9f34b8414134346598cd5fe76c883c5215d75106eceff18135c65473186ed1bcc45246d30aa7b1e561c46d0d1cca3da2e19cca1cfe4e89ca61de070d3cad2f96270962cd770c9154ce7bb5844171293e1a2722d3e340602895ae3c6848c83e264709af8677ff1d49580348d6084e41146410e537e6fdf91881fb8b858aaa04f064671971d082e1f7681eb9ac11da7b4776bedb0bdff6dcdab8facec17df48928e3be3603262cf39d0828ceca9230ccb610e8a6c7ea8e9a3a1d4e43d2f9c204d9327d6a2e8b4dc7b9a13838e1b08b414d9ef3495aee4f4fc05d71a5e8bd828f155a8a3b7ca6e22be59901fe627408a2e8ca8dc28458a4eda726b9e8f511c27495ea3bd3a50997d17a0de3394ccd51329e386ff39708e851cec61335e6b2bc6ad5aac9851a5467eba51cfc59804d674ca23232f8da4ad28c22f7dd54461e366e247e2ef28df07f6b3e4bc2c2e0b0233aee191c2efae467b2bd511c7cfd61dc96148b69b967b9d5eb0efe41a8b0197f8cdef88060d80ce1a2f3f649ab552b52bb1123eec2848c9dceff7ce5a1768d87e67105eda66493a017771170e3462566a08366aa01dfb2b0ca838c8018f0545000000068b991bed50319a6cb9ff040b92f1563889b3787c37145fc9737d4643f66ade33ebd85a2c29b8c64a581cff01b89d59807d6fade2d2c88872f77d0ed83d97c4b5438681d0b95feb973125e4ee70ebe11699290b831e86571e36513a71f159d48ce563f6814cc2a89851d2520c5275b34cc83614cab14c0d197166580d800ee6b9004b8fd72daac8d73c36c1623c37be93ba49a06c4efde238a3a10a05daba5d4942f7de52648af2be31f33e723b3605346282f5d5e356c5d0004eea40fe0b80abf658f6c96c56319ab53d7fefb5879e0136d1cf320973a2f47c1ee3d21554910f09d17afac4607657c4309890957a4954bf86e2a8491ba37dd88b2c3fe3c7edebd767c400bc23e40d165b27133c726b90bc26cbb2a86a6aa400c47aa7ffc538388de8490b9349afa53b814ffe2a56ff16a496e9648284193754f989f6f12aeb6e":"0000000600000004d96bb26744d99ef624e32161c36d3d6efcdd0484e2b17a6dd183125be4b1af1cda931a91a3acb1151877c174f7943fd9":0
LMS pyhsslms interop test #2
# This test uses data from https://github.com/russhousley/pyhsslms due to the
# limited amount of available test vectors for LMS. The private key is stored in
# data_files/lms_pyhsslms_sha256_m32_h5_lmots_sha256_n32_w8_prv. Note that this signature
# uses leaf key 1, so must be the second signature generated by the key if the
# signature is to be reproduced. Message data is random. Note that hash-sigs
# stores public keys and signatures in HSS form, which appends a 4-byte "levels"
# word at the start of the key/sig. We strip these 4 bytes from the signature
# and the public key before including them in a the test data.
# This test case continues from "LMS pyhsslms interop test #1".
# The signature uses leaf key 1, so must be the second signature generated by
# the key if the signature is to be reproduced.
#
# To produce another signature with this message and key (note that the actual
# signature bytes will differ due to randomization):
# * pip3 install --user pyhsslms
# * cp data_files/lms_pyhsslms_sha256_m32_h5_lmots_sha256_n32_w8_prv tmp/lms.prv
# * cp data_files/lms_pyhsslms_sha256_m32_h5_lmots_sha256_n32_w8_pub tmp/lms.pub
# signature bytes will differ due to randomization), after generating the
# first signature:
#
#import pyhsslms
#
#private_key = pyhsslms.HssLmsPrivateKey('tmp/lms')
#
#message = bytes.fromhex('60da1a17c88c59da8a730e6ca8effd37')
#public_key = private_key.hss_pub
#sig = private_key.sign(message)
#
#message = bytes.fromhex('92d036bde8c45b8bb5dea2a072560b1e29fc4bb7dc4549ce90bccee8a6e962a1')
#public_key = private_key.hss_pub
#sig = private_key.sign(message)
#print('lms_verify_test:"{}":"{}":"{}":0'.format(message.hex(), sig.hex(), public_key.serialize().hex()))
lms_verify_test:"92d036bde8c45b8bb5dea2a072560b1e29fc4bb7dc4549ce90bccee8a6e962a1":"0000000000000001000000042115dafc81fb6404f904c6037b00c970a0790ceadf0d39f93eddae43ee0daffa0088358a8f89ca5c2b2af0d55c4ecdcbdd84953ce4043d2657ada39f4344ace04e3c4ae3d72788214d28d1b5c85af7a6d3d9d85594a907a9a39b258d4385700a6c001b52923846f68a991a86ddad9b272c98064d43142d339c1cc64e833f7f5346a70b1ef77cb197c66ef68e7a41678ec1dedfe5b6d6e22746b839df8ffdf6d6830f86e47a0370a17646ada2e3f13ee68e6cfdcbb20c0b05e47c088bc27a1e4010aca6f42f2e4c92b28d4f8591fcab60c57fea248b6e8c412b6806f956e459252df4dedbbbecdbaa57f0f15e91ab9fc1c8dae1e1ba5556faa8d618bef9f977b3571b6438f13583f5a2e4036f450a89881b108d44bd8a6700c544d12e1ba48eaa9f53eed260f0dc2bf8bd630565af7d9e182539957780b0771365d4fe57d9fb0f76b2e4e7737fd3d8e8ba67d16af59c13563ceda4d632a0f7d742c98e05d29fb752ccddca2b8e8cc0bb3e57547dbe62d77fb792568cfc8218291a057fc61d94137556f17301e4b7ab3b8f33610925aa5160397665212e16bdc3fffc7ae0ce22c83eb357409bb08b38585628b1475931e09d65986dadf01aff0f7b0e7d19cce8318ea2fcf112710da63b25b3fb1f28fa387e0dc4eea17e0cd7f1e09e2a0cf0797199750f88d4b1d597c15a8694c68e6ac04564f5ee826d612839e2a26c4e7db4e4bd4919ef5ab1730a97bc5ec0c89c93dea4e8bca06426b121bf065ed43a7f2c91ee7211c53d6111de7ccff339a99203de88fb1ec592af5a4e9b2bfc437d0be7dd3aad57f5a84a4a87522cca5fc64176acf033f25f6ec10c673f38c0a3eca954c2acdad80674bac208c0c8be1ed50ed3f41e14c4edef82fe878444c4c874fbd0019e697b3401971b9ae1b73824079de84fc889f6108ea53b94fd50eaa56ccc0fa466168b6fb4322ac01d3429a109e55d6a2459ebfb0297b32bf1eea33fec4317eab77f2d415bfe5ac243e6e6ba26f9a4dccd5bf921c813218268106c129081da409b1808eedaeebf420f768935c0c91981dc48bc07926649926cf62f596582e8b3b9f9a18e0a91221a1d03913245792269ed260071dbfb27240d78a3d98945414da4bc7e4267b8a56cc18d2a8cc2fbe0206989541be84c181dc8aea74654514d894098534963449fc7e5ecd98218c93b38c925761fae62056dd7156b215fdf48ab36d230ab6feb3df3a590fa267e8c0cb78c2f2c90ab7c71dfa97e148a03c427077ec2abc08a3ec2ec7b2503a3dc988f6a9e5362e1043be819e78c71ae96646431eb83d6c9f91edbca6507c31a44f0b643c0028813559e8b5894575461d728ed633b89d660be1635e921fac6844071687b9c82b4aedfdc7cadfee07f113906cf4f78b7e8397f6be3872a53a31e15b54443753b4197e942e2512a9703d729116e683ad9a718f0fa15cf94cc2676498e6d2f207b2d3fd61dba1ad0291eb9e243c4ab771ee4f92ac782fd72b35abff18fd91198007d604b74b7d2741e36fa74c3a1732217b06f1d2e4e34d61012e83f99d03f1e83c97150dedd04f67978620da7e0e5000000063b71be980cffb4e8a8e310341d3b711ab19545ae90c3ac6adcbeb764419411a6ebd85a2c29b8c64a581cff01b89d59807d6fade2d2c88872f77d0ed83d97c4b5438681d0b95feb973125e4ee70ebe11699290b831e86571e36513a71f159d48ce563f6814cc2a89851d2520c5275b34cc83614cab14c0d197166580d800ee6b9004b8fd72daac8d73c36c1623c37be93ba49a06c4efde238a3a10a05daba5d4942f7de52648af2be31f33e723b3605346282f5d5e356c5d0004eea40fe0b80abf658f6c96c56319ab53d7fefb5879e0136d1cf320973a2f47c1ee3d21554910f09d17afac4607657c4309890957a4954bf86e2a8491ba37dd88b2c3fe3c7edebd767c400bc23e40d165b27133c726b90bc26cbb2a86a6aa400c47aa7ffc538388de8490b9349afa53b814ffe2a56ff16a496e9648284193754f989f6f12aeb6e":"000000010000000600000004d96bb26744d99ef624e32161c36d3d6efcdd0484e2b17a6dd183125be4b1af1cda931a91a3acb1151877c174f7943fd9":0
# message2 = bytes.fromhex('92d036bde8c45b8bb5dea2a072560b1e29fc4bb7dc4549ce90bccee8a6e962a1')
# sig2 = private_key.sign(message2)[4:]
# print('lms_verify_test:"{}":"{}":"{}":0'.format(message2.hex(), sig2.hex(), public_key.serialize()[4:].hex()))
lms_verify_test:"92d036bde8c45b8bb5dea2a072560b1e29fc4bb7dc4549ce90bccee8a6e962a1":"00000001000000042fd4410a9c1947c00419216c64bc236a1620bde03ca9221e67f933bd2664f065e0cfc910c6a4317de4bda8c7fc1244ee1c102e8acc281d96c6a25d1925e087623fcb4faa00219e1f04a2c191ceceee98f2acd0fb1395fd984892f893a3ad862ff6def851e81915b9111288f84fb131e14979f1df6eecc774db45054041bfe74ec0446a0e6a6e01f9b402f41e784a2fcdc0cdccf0b89c2c8a9d2ab28e95e133b33dfb631619e75ec80a9c5d8f634f1d60feec2a5d9a5d6316fa7968734c26c3f60e53613096330a6fc1f779fe501db94b2a932ddc05740a872a8ec34c6d79c6689cd2cd6620d92ea89b39a62053c0bdd7596b360ff45de04bef0cd9b985f00681875e9f3465a71e5055e202dc51bf9ab29d227e8d2b09c6089f82cd356eb1622ada2233209f096cb35086fa2415434ef3ecd660bddf328d70e204d9a8be18319df1bd5c64072b30b72ec792c0a200b29429e262435b03f7fbb6dfcd76b9a84621c91e0ef646bd7367eead3582028a8ed9b40b1fe1562863ea43af350cdf0c965dc8329131df3f00b4b8a33548d7f7f1b03e952064e0f4cd9662af5a0d25ec8dc126d9621bf4707fbd525023ce91cbe05517bf2491e6455f2273b354c9d2f4a4364c3caf44c98ad23601cf1fc9cb490d2a9b9cdb1d60f0328e40734201e9e03f7af30fe6f0d6c7437fdd13573b012cd060a1a325b35d1a3d77e94a666d3873e267223a4e5bcf0752395570ad51d1ac7480cba32fcc8bf93439b8feafd0fb3520ab76d9ae2fba3b4600afce5fd96ff07d0e62579c16f993715f363982409ba38a46d09e6b448738f2bdb4277c65c933ea4a991fdc8021e3b9bbe5d00078b94ed1a78c61ee9d1dec014f99d23905a8fff335a9cca0228e7244a2a8b461970655b8a7f0f684c3f271c5f76924d851850b74754e24abaa9828d353976509dc4c4a241a0c314b80e400aceefe234fbdfb9af60d7c65752a4a396c4cdea1fec3478c263fb5883aa009f1845c4cb3f128c5eb9b290639c7c82fe33b17bd5ddb460a68d54be472769f77c73f7b4bfead2af4a9af6322f5bec9159d234e94a7d496cb6349a4b36fc7ca4e2c42168034bff62e687089fdd27a78484c788556edb58d7c911199752ca609a7906355f226756cd7c6c167b2a2929e8913fb2ec7c46c5caf73252f06cd51c5ca979d0b552831beeb5bcc25fba8ac83c8857633e3873adab0d23f1bb326a6c960e8bb1119e2f917c3892e9ad83f8af74abe0a0beee1734fdf5fe04024a6a644c2bbf88c6019d7115b0742898e90cc2d001efbc6f8e38eeedd5e9e9c777d1ecc6a2a9cf6d67a68781d99db1bbecdfe2e40dbe9074e7a69f0fa9037aecc31c9305c67129e0dbc8a66c8de6c18ed41746d794809bb3a5cc68c17db3052fe31e390ca862be3163660a1f70c5d2f026ed7649437600e38ee08e33f05aac9bcd8b7db309f2f41c34ba44304115ef8bbdba63629607daf67e2e642a726e021f6599032a0f8f3edef2ef5b007d3618856d48aec7894e9a4b802caf9c3f0022c6e61d34c38ba2ddef3c1b0797e7dc74faacb44ac72b5ea078f1a21c2cffc46ba000000063b71be980cffb4e8a8e310341d3b711ab19545ae90c3ac6adcbeb764419411a6ebd85a2c29b8c64a581cff01b89d59807d6fade2d2c88872f77d0ed83d97c4b5438681d0b95feb973125e4ee70ebe11699290b831e86571e36513a71f159d48ce563f6814cc2a89851d2520c5275b34cc83614cab14c0d197166580d800ee6b9004b8fd72daac8d73c36c1623c37be93ba49a06c4efde238a3a10a05daba5d4942f7de52648af2be31f33e723b3605346282f5d5e356c5d0004eea40fe0b80abf658f6c96c56319ab53d7fefb5879e0136d1cf320973a2f47c1ee3d21554910f09d17afac4607657c4309890957a4954bf86e2a8491ba37dd88b2c3fe3c7edebd767c400bc23e40d165b27133c726b90bc26cbb2a86a6aa400c47aa7ffc538388de8490b9349afa53b814ffe2a56ff16a496e9648284193754f989f6f12aeb6e":"0000000600000004d96bb26744d99ef624e32161c36d3d6efcdd0484e2b17a6dd183125be4b1af1cda931a91a3acb1151877c174f7943fd9":0
LMS pyhsslms interop NULL-message test
# This test uses data from https://github.com/russhousley/pyhsslms due to the limited