sqisign/apps/fuzz_verify.c

// SPDX-License-Identifier: Apache-2.0

#include <mem.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <api.h>
#include <rng.h>

#include "encoded_sizes.h"

typedef struct {
  unsigned char pk[CRYPTO_PUBLICKEYBYTES];
  unsigned char sm[CRYPTO_BYTES + 64];
} signature_t;

static void crash() {
  int *p = 0;
  *p = 0;
}

static int load_signature(signature_t *sig, int iter) {
  char filename[sizeof("testcases/SQIsign_lvl1/signature000000.bin")];
  snprintf(filename, sizeof(filename), "testcases/%s/signature%06d.bin", CRYPTO_ALGNAME, iter);
  FILE *f = fopen(filename, "rb");

  if (!f) {
    fprintf(stderr, "Can't open file: %s\n", filename);
    return 1;
  }

  if (fread(sig->pk, CRYPTO_PUBLICKEYBYTES, 1, f) != 1) {
    fprintf(stderr, "Can't read public key from file: %s\n", filename);
    fclose(f);
    return 1;
  }

  if (fread(sig->sm, CRYPTO_BYTES + 64, 1, f) != 1) {
    fprintf(stderr, "Can't read signature from file: %s\n", filename);
    fclose(f);
    return 1;
  }

  fclose(f);

  return 0;
}

static void verify_signature(signature_t corpus[], int testcases) {
  unsigned long long msglen = 64;
  unsigned long long smlen = CRYPTO_BYTES + msglen;

  unsigned char *pk = calloc(CRYPTO_PUBLICKEYBYTES, 1);
  unsigned char *sm = calloc(smlen, 1);

  unsigned char msg[msglen];

  if (fread(pk, CRYPTO_PUBLICKEYBYTES, 1, stdin) != 1) {
    fprintf(stderr, "Error reading public key from stdin\n");
    free(pk);
    free(sm);
    return;
  }
  if (fread(sm, smlen, 1, stdin) != 1) {
    fprintf(stderr, "Error reading signature from stdin\n");
    free(pk);
    free(sm);
    return;
  }

  int res = crypto_sign_open(msg, &msglen, sm, smlen, pk);
  if (res || msglen != sizeof(msg) || memcmp(msg, sm + SIGNATURE_BYTES, msglen)) {
    // Signature was not accepted -- check if it was in the corpus and, in that case, crash
    for (int i = 0; i < testcases; ++i)
      if (!memcmp(pk, corpus[i].pk, CRYPTO_PUBLICKEYBYTES) || !memcmp(sm, corpus[i].sm, smlen))
        crash();
  } else {
    // Signature was accepted -- check if it was not in the corpus and, in that case, crash
    int in_corpus = 0;
    for (int i = 0; i < testcases; ++i)
      if (!memcmp(pk, corpus[i].pk, CRYPTO_PUBLICKEYBYTES) || !memcmp(sm, corpus[i].sm, smlen)) {
        in_corpus = 1;
        break;
      }

    if (!in_corpus)
      crash();
  }

  free(pk);
  free(sm);
}

int
main(int argc, char *argv[]) {
  int testcases = 10;

  if (argc == 2) {
    sscanf(argv[1], "--testcases=%d", &testcases);
  }

  signature_t corpus[testcases];
  for (int i = 0; i < testcases; ++i)
    if (!load_signature(&corpus[i], i))
      return 1;

#ifdef __AFL_LOOP
  while (__AFL_LOOP(1000))
    verify_signature(corpus, testcases);
#else
  verify_signature(corpus, testcases);
#endif

  return 0;
}
second-round version of SQIsign Co-authored-by: Marius A. Aardal <marius.andre.aardal@gmail.com> Co-authored-by: Gora Adj <gora.adj@tii.ae> Co-authored-by: Diego F. Aranha <dfaranha@cs.au.dk> Co-authored-by: Andrea Basso <sqisign@andreabasso.com> Co-authored-by: Isaac Andrés Canales Martínez <icanalesm0500@gmail.com> Co-authored-by: Jorge Chávez-Saab <jorgechavezsaab@gmail.com> Co-authored-by: Maria Corte-Real Santos <mariascrsantos98@gmail.com> Co-authored-by: Luca De Feo <github@defeo.lu> Co-authored-by: Max Duparc <max.duparc@epfl.ch> Co-authored-by: Jonathan Komada Eriksen <jonathan.eriksen97@gmail.com> Co-authored-by: Décio Luiz Gazzoni Filho <decio@decpp.net> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Co-authored-by: Antonin Leroux <antonin.leroux@polytechnique.org> Co-authored-by: Patrick Longa <plonga@microsoft.com> Co-authored-by: Luciano Maino <mainoluciano.96@gmail.com> Co-authored-by: Michael Meyer <michael@random-oracles.org> Co-authored-by: Hiroshi Onuki <onuki@mist.i.u-tokyo.ac.jp> Co-authored-by: Lorenz Panny <lorenz@yx7.cc> Co-authored-by: Giacomo Pope <giacomopope@gmail.com> Co-authored-by: Krijn Reijnders <reijnderskrijn@gmail.com> Co-authored-by: Damien Robert <damien.robert@inria.fr> Co-authored-by: Francisco Rodríguez-Henriquez <francisco.rodriguez@tii.ae> Co-authored-by: Sina Schaeffler <sschaeffle@student.ethz.ch> Co-authored-by: Benjamin Wesolowski <benjamin.wesolowski@ens-lyon.fr> 2025-02-06 00:00:00 +00:00			`// SPDX-License-Identifier: Apache-2.0`

			`#include <mem.h>`
			`#include <stdint.h>`
			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <string.h>`

			`#include <api.h>`
			`#include <rng.h>`

			`#include "encoded_sizes.h"`

			`typedef struct {`
			`unsigned char pk[CRYPTO_PUBLICKEYBYTES];`
			`unsigned char sm[CRYPTO_BYTES + 64];`
			`} signature_t;`

			`static void crash() {`
			`int *p = 0;`
			`*p = 0;`
			`}`

			`static int load_signature(signature_t *sig, int iter) {`
			`char filename[sizeof("testcases/SQIsign_lvl1/signature000000.bin")];`
			`snprintf(filename, sizeof(filename), "testcases/%s/signature%06d.bin", CRYPTO_ALGNAME, iter);`
			`FILE *f = fopen(filename, "rb");`

			`if (!f) {`
			`fprintf(stderr, "Can't open file: %s\n", filename);`
			`return 1;`
			`}`

			`if (fread(sig->pk, CRYPTO_PUBLICKEYBYTES, 1, f) != 1) {`
			`fprintf(stderr, "Can't read public key from file: %s\n", filename);`
			`fclose(f);`
			`return 1;`
			`}`

			`if (fread(sig->sm, CRYPTO_BYTES + 64, 1, f) != 1) {`
			`fprintf(stderr, "Can't read signature from file: %s\n", filename);`
			`fclose(f);`
			`return 1;`
			`}`

			`fclose(f);`

			`return 0;`
			`}`

			`static void verify_signature(signature_t corpus[], int testcases) {`
			`unsigned long long msglen = 64;`
			`unsigned long long smlen = CRYPTO_BYTES + msglen;`

			`unsigned char *pk = calloc(CRYPTO_PUBLICKEYBYTES, 1);`
			`unsigned char *sm = calloc(smlen, 1);`

			`unsigned char msg[msglen];`

			`if (fread(pk, CRYPTO_PUBLICKEYBYTES, 1, stdin) != 1) {`
			`fprintf(stderr, "Error reading public key from stdin\n");`
			`free(pk);`
			`free(sm);`
			`return;`
			`}`
			`if (fread(sm, smlen, 1, stdin) != 1) {`
			`fprintf(stderr, "Error reading signature from stdin\n");`
			`free(pk);`
			`free(sm);`
			`return;`
			`}`

			`int res = crypto_sign_open(msg, &msglen, sm, smlen, pk);`
			`if (res \|\| msglen != sizeof(msg) \|\| memcmp(msg, sm + SIGNATURE_BYTES, msglen)) {`
			`// Signature was not accepted -- check if it was in the corpus and, in that case, crash`
			`for (int i = 0; i < testcases; ++i)`
			`if (!memcmp(pk, corpus[i].pk, CRYPTO_PUBLICKEYBYTES) \|\| !memcmp(sm, corpus[i].sm, smlen))`
			`crash();`
			`} else {`
			`// Signature was accepted -- check if it was not in the corpus and, in that case, crash`
			`int in_corpus = 0;`
			`for (int i = 0; i < testcases; ++i)`
			`if (!memcmp(pk, corpus[i].pk, CRYPTO_PUBLICKEYBYTES) \|\| !memcmp(sm, corpus[i].sm, smlen)) {`
			`in_corpus = 1;`
			`break;`
			`}`

			`if (!in_corpus)`
			`crash();`
			`}`

			`free(pk);`
			`free(sm);`
			`}`

			`int`
			`main(int argc, char *argv[]) {`
			`int testcases = 10;`

			`if (argc == 2) {`
			`sscanf(argv[1], "--testcases=%d", &testcases);`
			`}`

			`signature_t corpus[testcases];`
			`for (int i = 0; i < testcases; ++i)`
			`if (!load_signature(&corpus[i], i))`
			`return 1;`

			`#ifdef __AFL_LOOP`
			`while (__AFL_LOOP(1000))`
			`verify_signature(corpus, testcases);`
			`#else`
			`verify_signature(corpus, testcases);`
			`#endif`

			`return 0;`
			`}`