91e9e464fe
Co-authored-by: Marius A. Aardal <marius.andre.aardal@gmail.com> Co-authored-by: Gora Adj <gora.adj@tii.ae> Co-authored-by: Diego F. Aranha <dfaranha@cs.au.dk> Co-authored-by: Andrea Basso <sqisign@andreabasso.com> Co-authored-by: Isaac Andrés Canales Martínez <icanalesm0500@gmail.com> Co-authored-by: Jorge Chávez-Saab <jorgechavezsaab@gmail.com> Co-authored-by: Maria Corte-Real Santos <mariascrsantos98@gmail.com> Co-authored-by: Luca De Feo <github@defeo.lu> Co-authored-by: Max Duparc <max.duparc@epfl.ch> Co-authored-by: Jonathan Komada Eriksen <jonathan.eriksen97@gmail.com> Co-authored-by: Décio Luiz Gazzoni Filho <decio@decpp.net> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Co-authored-by: Antonin Leroux <antonin.leroux@polytechnique.org> Co-authored-by: Patrick Longa <plonga@microsoft.com> Co-authored-by: Luciano Maino <mainoluciano.96@gmail.com> Co-authored-by: Michael Meyer <michael@random-oracles.org> Co-authored-by: Hiroshi Onuki <onuki@mist.i.u-tokyo.ac.jp> Co-authored-by: Lorenz Panny <lorenz@yx7.cc> Co-authored-by: Giacomo Pope <giacomopope@gmail.com> Co-authored-by: Krijn Reijnders <reijnderskrijn@gmail.com> Co-authored-by: Damien Robert <damien.robert@inria.fr> Co-authored-by: Francisco Rodríguez-Henriquez <francisco.rodriguez@tii.ae> Co-authored-by: Sina Schaeffler <sschaeffle@student.ethz.ch> Co-authored-by: Benjamin Wesolowski <benjamin.wesolowski@ens-lyon.fr>
169 lines
3.8 KiB
C
169 lines
3.8 KiB
C
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
/**
|
|
* An example to demonstrate how to use SQIsign with the NIST API.
|
|
*/
|
|
|
|
#include <inttypes.h>
|
|
#include <mem.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <stdint.h>
|
|
#include <time.h>
|
|
|
|
#include <api.h>
|
|
#include <rng.h>
|
|
#include <bench_test_arguments.h>
|
|
#if defined(TARGET_BIG_ENDIAN)
|
|
#include <tutil.h>
|
|
#endif
|
|
|
|
static uint32_t rand_u32()
|
|
{
|
|
unsigned char buf[4];
|
|
if (randombytes(buf, sizeof(buf)))
|
|
abort();
|
|
return ((uint32_t) buf[3] << 24)
|
|
| ((uint32_t) buf[2] << 16)
|
|
| ((uint32_t) buf[1] << 8)
|
|
| ((uint32_t) buf[0] << 0);
|
|
}
|
|
|
|
/**
|
|
* Example for SQIsign variant:
|
|
* - crypto_sign_keypair
|
|
* - crypto_sign
|
|
* - crypto_sign_open
|
|
*
|
|
* @return int return code
|
|
*/
|
|
static int
|
|
example_sqisign(void)
|
|
{
|
|
|
|
unsigned long long msglen = rand_u32() % 100;
|
|
unsigned long long smlen = CRYPTO_BYTES + msglen;
|
|
|
|
unsigned char *sk = calloc(CRYPTO_SECRETKEYBYTES, 1);
|
|
unsigned char *pk = calloc(CRYPTO_PUBLICKEYBYTES, 1);
|
|
|
|
unsigned char *sm = calloc(smlen, 1);
|
|
|
|
unsigned char msg[msglen], msg2[msglen];
|
|
|
|
printf("Example with %s\n", CRYPTO_ALGNAME);
|
|
|
|
printf("crypto_sign_keypair -> ");
|
|
int res = crypto_sign_keypair(pk, sk);
|
|
if (res) {
|
|
printf("FAIL\n");
|
|
goto err;
|
|
} else {
|
|
printf("OK\n");
|
|
}
|
|
|
|
// choose a random message
|
|
for (size_t i = 0; i < msglen; ++i)
|
|
msg[i] = rand_u32();
|
|
|
|
printf("crypto_sign -> ");
|
|
res = crypto_sign(sm, &smlen, msg, msglen, sk);
|
|
if (res) {
|
|
printf("FAIL\n");
|
|
goto err;
|
|
} else {
|
|
printf("OK\n");
|
|
}
|
|
|
|
printf("crypto_sign_open (with correct signature) -> ");
|
|
res = crypto_sign_open(msg2, &msglen, sm, smlen, pk);
|
|
if (res || msglen != sizeof(msg) || memcmp(msg, msg2, msglen)) {
|
|
printf("FAIL\n"); // signature was not accepted!?
|
|
goto err;
|
|
} else {
|
|
printf("OK\n");
|
|
}
|
|
|
|
|
|
// fill with random bytes
|
|
for (size_t i = 0; i < msglen; ++i)
|
|
msg2[i] = rand_u32();
|
|
|
|
// let's try a single bit flip
|
|
size_t pos = rand_u32() % smlen;
|
|
sm[pos / 8] ^= 1 << pos % 8;
|
|
|
|
res = crypto_sign_open(msg2, &msglen, sm, smlen, pk);
|
|
|
|
printf("crypto_sign_open (with altered signature) -> ");
|
|
if (!res) {
|
|
printf("FAIL\n"); // signature was accepted anyway!?
|
|
res = -1;
|
|
goto err;
|
|
}
|
|
else {
|
|
printf("OK\n");
|
|
res = 0;
|
|
|
|
if (msglen)
|
|
printf("WARNING: verification failed but the message length was returned nonzero; misuse-prone API\n");
|
|
|
|
unsigned char any = 0;
|
|
for (size_t i = 0; i < msglen; ++i)
|
|
any |= msg2[i];
|
|
if (any)
|
|
printf("WARNING: verification failed but the message buffer was not zeroed out; misuse-prone API\n");
|
|
}
|
|
|
|
err:
|
|
sqisign_secure_free(sk, CRYPTO_SECRETKEYBYTES);
|
|
free(pk);
|
|
free(sm);
|
|
|
|
return res;
|
|
}
|
|
|
|
int
|
|
main(int argc, char *argv[])
|
|
{
|
|
uint32_t seed[12] = { 0 };
|
|
int help = 0;
|
|
int seed_set = 0;
|
|
|
|
for (int i = 1; i < argc; i++) {
|
|
if (!help && strcmp(argv[i], "--help") == 0) {
|
|
help = 1;
|
|
continue;
|
|
}
|
|
|
|
if (!seed_set && !parse_seed(argv[i], seed)) {
|
|
seed_set = 1;
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (help) {
|
|
printf("Usage: %s [--seed=<seed>]\n", argv[0]);
|
|
printf("Where <seed> is the random seed to be used; if not present, a random seed is "
|
|
"generated\n");
|
|
return 1;
|
|
}
|
|
|
|
if (!seed_set) {
|
|
randombytes_select((unsigned char *)seed, sizeof(seed));
|
|
}
|
|
|
|
print_seed(seed);
|
|
|
|
#if defined(TARGET_BIG_ENDIAN)
|
|
for (int i = 0; i < 12; i++) {
|
|
seed[i] = BSWAP32(seed[i]);
|
|
}
|
|
#endif
|
|
|
|
randombytes_init((unsigned char *)seed, NULL, 256);
|
|
|
|
return example_sqisign();
|
|
}
|