StarsAC/sqisign
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

second-round version of SQIsign

Browse Source 
Co-authored-by: Marius A. Aardal <marius.andre.aardal@gmail.com>
Co-authored-by: Gora Adj <gora.adj@tii.ae>
Co-authored-by: Diego F. Aranha <dfaranha@cs.au.dk>
Co-authored-by: Andrea Basso <sqisign@andreabasso.com>
Co-authored-by: Isaac Andrés Canales Martínez <icanalesm0500@gmail.com>
Co-authored-by: Jorge Chávez-Saab <jorgechavezsaab@gmail.com>
Co-authored-by: Maria Corte-Real Santos <mariascrsantos98@gmail.com>
Co-authored-by: Luca De Feo <github@defeo.lu>
Co-authored-by: Max Duparc <max.duparc@epfl.ch>
Co-authored-by: Jonathan Komada Eriksen <jonathan.eriksen97@gmail.com>
Co-authored-by: Décio Luiz Gazzoni Filho <decio@decpp.net>
Co-authored-by: Basil Hess <bhe@zurich.ibm.com>
Co-authored-by: Antonin Leroux <antonin.leroux@polytechnique.org>
Co-authored-by: Patrick Longa <plonga@microsoft.com>
Co-authored-by: Luciano Maino <mainoluciano.96@gmail.com>
Co-authored-by: Michael Meyer <michael@random-oracles.org>
Co-authored-by: Hiroshi Onuki <onuki@mist.i.u-tokyo.ac.jp>
Co-authored-by: Lorenz Panny <lorenz@yx7.cc>
Co-authored-by: Giacomo Pope <giacomopope@gmail.com>
Co-authored-by: Krijn Reijnders <reijnderskrijn@gmail.com>
Co-authored-by: Damien Robert <damien.robert@inria.fr>
Co-authored-by: Francisco Rodríguez-Henriquez <francisco.rodriguez@tii.ae>
Co-authored-by: Sina Schaeffler <sschaeffle@student.ethz.ch>
Co-authored-by: Benjamin Wesolowski <benjamin.wesolowski@ens-lyon.fr>
This commit is contained in:
SQIsign team
2025-02-06 00:00:00 +00:00
committed by Lorenz Panny
parent ff34a8cd18
commit 91e9e464fe
481 changed files with 80785 additions and 55963 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
apps/example_nistapi.c
View File

@@ -4,32 +4,53 @@
* An example to demonstrate how to use SQIsign with the NIST API.
*/
#include <api.h>
#include <inttypes.h>
#include <mem.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <time.h>
#include <api.h>
#include <rng.h>
#include <bench_test_arguments.h>
#if defined(TARGET_BIG_ENDIAN)
#include <tutil.h>
#endif
static uint32_t rand_u32()
{
unsigned char buf[4];
if (randombytes(buf, sizeof(buf)))
abort();
return ((uint32_t) buf[3] << 24)
| ((uint32_t) buf[2] << 16)
| ((uint32_t) buf[1] << 8)
| ((uint32_t) buf[0] << 0);
}
/**
* Example for SQIsign variant:
* - crypto_sign_keypair
* - crypto_sign
* - crypto_sign_open
*
*
* @return int return code
*/
static int example_sqisign(void) {
static int
example_sqisign(void)
{
unsigned long long msglen = 32;
unsigned long long msglen = rand_u32() % 100;
unsigned long long smlen = CRYPTO_BYTES + msglen;
unsigned char *pk = calloc(CRYPTO_PUBLICKEYBYTES, 1);
unsigned char *sk = calloc(CRYPTO_SECRETKEYBYTES, 1);
unsigned char *sk = calloc(CRYPTO_SECRETKEYBYTES, 1);
unsigned char *pk = calloc(CRYPTO_PUBLICKEYBYTES, 1);
unsigned char *sig = calloc(smlen, 1);
unsigned char *sm = calloc(smlen, 1);
unsigned char msg[32] = { 0xe };
unsigned char msg2[32] = { 0 };
unsigned char msg[msglen], msg2[msglen];
printf("Example with %s\n", CRYPTO_ALGNAME);
@@ -37,53 +58,111 @@ static int example_sqisign(void) {
int res = crypto_sign_keypair(pk, sk);
if (res) {
printf("FAIL\n");
res = -1;
goto err;
} else {
printf("OK\n");
}
// choose a random message
for (size_t i = 0; i < msglen; ++i)
msg[i] = rand_u32();
printf("crypto_sign -> ");
res = crypto_sign(sig, &smlen, msg, msglen, sk);
res = crypto_sign(sm, &smlen, msg, msglen, sk);
if (res) {
printf("FAIL\n");
res = -1;
goto err;
} else {
printf("OK\n");
}
printf("crypto_sign_open (with correct signature) -> ");
res = crypto_sign_open(msg2, &msglen, sig, smlen, pk);
if (res || memcmp(msg, msg2, msglen)) {
printf("FAIL\n");
res = -1;
res = crypto_sign_open(msg2, &msglen, sm, smlen, pk);
if (res || msglen != sizeof(msg) || memcmp(msg, msg2, msglen)) {
printf("FAIL\n"); // signature was not accepted!?
goto err;
} else {
res = 0;
printf("OK\n");
}
// fill with random bytes
for (size_t i = 0; i < msglen; ++i)
msg2[i] = rand_u32();
// let's try a single bit flip
size_t pos = rand_u32() % smlen;
sm[pos / 8] ^= 1 << pos % 8;
res = crypto_sign_open(msg2, &msglen, sm, smlen, pk);
printf("crypto_sign_open (with altered signature) -> ");
sig[0] = ~sig[0];
memset(msg2, 0, msglen);
res = crypto_sign_open(msg2, &msglen, sig, smlen, pk);
if (!res || !memcmp(msg, msg2, msglen)) {
printf("FAIL\n");
if (!res) {
printf("FAIL\n"); // signature was accepted anyway!?
res = -1;
goto err;
} else {
res = 0;
}
else {
printf("OK\n");
res = 0;
if (msglen)
printf("WARNING: verification failed but the message length was returned nonzero; misuse-prone API\n");
unsigned char any = 0;
for (size_t i = 0; i < msglen; ++i)
any |= msg2[i];
if (any)
printf("WARNING: verification failed but the message buffer was not zeroed out; misuse-prone API\n");
}
err:
free(pk);
sqisign_secure_free(sk, CRYPTO_SECRETKEYBYTES);
free(sig);
free(pk);
free(sm);
return res;
}
int main(void) {
int
main(int argc, char *argv[])
{
uint32_t seed[12] = { 0 };
int help = 0;
int seed_set = 0;
for (int i = 1; i < argc; i++) {
if (!help && strcmp(argv[i], "--help") == 0) {
help = 1;
continue;
}
if (!seed_set && !parse_seed(argv[i], seed)) {
seed_set = 1;
continue;
}
}
if (help) {
printf("Usage: %s [--seed=<seed>]\n", argv[0]);
printf("Where <seed> is the random seed to be used; if not present, a random seed is "
"generated\n");
return 1;
}
if (!seed_set) {
randombytes_select((unsigned char *)seed, sizeof(seed));
}
print_seed(seed);
#if defined(TARGET_BIG_ENDIAN)
for (int i = 0; i < 12; i++) {
seed[i] = BSWAP32(seed[i]);
}
#endif
randombytes_init((unsigned char *)seed, NULL, 256);
return example_sqisign();
}