wolfcrypt/test/test.c:

* in slhdsa_keygen_kat() and slhdsa_id_label_test(), pass devId to wc_SlhDsaKey_Init*()
* in cryptocb_test(), inhibit the callback verification check for SLHDSA if FIPS (no crypto callbacks in FIPS-wrapped calls).
This commit is contained in:
Daniel Pouzzner
2026-06-27 14:14:31 -05:00
parent 5ae99fb03b
commit 4d46e1eb74
+22 -17
View File
@@ -57790,7 +57790,7 @@ static wc_test_ret_t slhdsa_keygen_kat(enum SlhDsaParam param,
DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E));
XMEMSET(key, 0, sizeof(*key));
ret = wc_SlhDsaKey_Init(key, param, NULL, INVALID_DEVID);
ret = wc_SlhDsaKey_Init(key, param, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
@@ -58073,30 +58073,30 @@ static wc_test_ret_t slhdsa_id_label_test(void)
/* NULL key rejected. */
ret = wc_SlhDsaKey_Init_id(NULL, param, id, (int)sizeof(id), HEAP_HINT,
INVALID_DEVID);
devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* (id == NULL, len > 0) is the silent-contradiction case the original
* review flagged; must be rejected. */
ret = wc_SlhDsaKey_Init_id(&key, param, NULL, 8, HEAP_HINT, INVALID_DEVID);
ret = wc_SlhDsaKey_Init_id(&key, param, NULL, 8, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Length over the cap rejected with BUFFER_E. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, SLHDSA_MAX_ID_LEN + 1,
HEAP_HINT, INVALID_DEVID);
HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Negative length rejected. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, -1, HEAP_HINT, INVALID_DEVID);
ret = wc_SlhDsaKey_Init_id(&key, param, id, -1, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Successful init copies the id and stores its length. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, (int)sizeof(id), HEAP_HINT,
INVALID_DEVID);
devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.idLen != (int)sizeof(id))
@@ -58109,7 +58109,7 @@ static wc_test_ret_t slhdsa_id_label_test(void)
XMEMSET(&key, 0, sizeof(key));
/* (id != NULL, len == 0) is accepted as a no-op. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, 0, HEAP_HINT, INVALID_DEVID);
ret = wc_SlhDsaKey_Init_id(&key, param, id, 0, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.idLen != 0)
@@ -58127,7 +58127,7 @@ static wc_test_ret_t slhdsa_id_label_test(void)
for (i = 0; i < SLHDSA_MAX_ID_LEN; i++)
id_max[i] = (unsigned char)(0x40 + i);
ret = wc_SlhDsaKey_Init_id(&key, param, id_max, SLHDSA_MAX_ID_LEN,
HEAP_HINT, INVALID_DEVID);
HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.idLen != SLHDSA_MAX_ID_LEN)
@@ -58143,22 +58143,22 @@ static wc_test_ret_t slhdsa_id_label_test(void)
/* Init_label: NULL label / NULL key rejected. */
ret = wc_SlhDsaKey_Init_label(NULL, param, label, HEAP_HINT,
INVALID_DEVID);
devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SlhDsaKey_Init_label(&key, param, NULL, HEAP_HINT,
INVALID_DEVID);
devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Empty label is rejected. */
ret = wc_SlhDsaKey_Init_label(&key, param, "", HEAP_HINT, INVALID_DEVID);
ret = wc_SlhDsaKey_Init_label(&key, param, "", HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Successful init copies the label and stores its length. */
ret = wc_SlhDsaKey_Init_label(&key, param, label, HEAP_HINT,
INVALID_DEVID);
devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.labelLen != (int)XSTRLEN(label))
@@ -58182,7 +58182,7 @@ static wc_test_ret_t slhdsa_id_label_test(void)
label_max[i] = 'L';
label_max[SLHDSA_MAX_LABEL_LEN] = '\0';
ret = wc_SlhDsaKey_Init_label(&key, param, label_max, HEAP_HINT,
INVALID_DEVID);
devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.labelLen != SLHDSA_MAX_LABEL_LEN)
@@ -59249,7 +59249,7 @@ wc_test_ret_t slhdsa_test(void)
#endif
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
ret = wc_SlhDsaKey_Init(key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID);
ret = wc_SlhDsaKey_Init(key, SLHDSA_SHAKE128S, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
@@ -74929,11 +74929,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
*
* Only enforce when slhdsa_test() actually runs a cb-routed op:
* !VERIFY_ONLY runs slhdsa_test_param (uses devId), or
* PARAM_128S enables the in-tree KAT verify (also uses devId). */
* PARAM_128S enables the in-tree KAT verify (also uses devId).
*
* The FIPS wrappers force the devId to FIPS_INVALID_DEVID, so we skip
* the check for FIPS.
*/
int baseline = myCtx.exampleVar;
ret = slhdsa_test();
#if !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || \
defined(WOLFSSL_SLHDSA_PARAM_128S)
#if (!defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || \
defined(WOLFSSL_SLHDSA_PARAM_128S)) && \
!defined(HAVE_FIPS)
if ((ret == 0) && (myCtx.exampleVar == baseline))
ret = WC_TEST_RET_ENC_NC;
#endif