second-round version of SQIsign

Co-authored-by: Marius A. Aardal <marius.andre.aardal@gmail.com> Co-authored-by: Gora Adj <gora.adj@tii.ae> Co-authored-by: Diego F. Aranha <dfaranha@cs.au.dk> Co-authored-by: Andrea Basso <sqisign@andreabasso.com> Co-authored-by: Isaac Andrés Canales Martínez <icanalesm0500@gmail.com> Co-authored-by: Jorge Chávez-Saab <jorgechavezsaab@gmail.com> Co-authored-by: Maria Corte-Real Santos <mariascrsantos98@gmail.com> Co-authored-by: Luca De Feo <github@defeo.lu> Co-authored-by: Max Duparc <max.duparc@epfl.ch> Co-authored-by: Jonathan Komada Eriksen <jonathan.eriksen97@gmail.com> Co-authored-by: Décio Luiz Gazzoni Filho <decio@decpp.net> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Co-authored-by: Antonin Leroux <antonin.leroux@polytechnique.org> Co-authored-by: Patrick Longa <plonga@microsoft.com> Co-authored-by: Luciano Maino <mainoluciano.96@gmail.com> Co-authored-by: Michael Meyer <michael@random-oracles.org> Co-authored-by: Hiroshi Onuki <onuki@mist.i.u-tokyo.ac.jp> Co-authored-by: Lorenz Panny <lorenz@yx7.cc> Co-authored-by: Giacomo Pope <giacomopope@gmail.com> Co-authored-by: Krijn Reijnders <reijnderskrijn@gmail.com> Co-authored-by: Damien Robert <damien.robert@inria.fr> Co-authored-by: Francisco Rodríguez-Henriquez <francisco.rodriguez@tii.ae> Co-authored-by: Sina Schaeffler <sschaeffle@student.ethz.ch> Co-authored-by: Benjamin Wesolowski <benjamin.wesolowski@ens-lyon.fr>
2025-02-06 00:00:00 +00:00
parent ff34a8cd18
commit 91e9e464fe
481 changed files with 80785 additions and 55963 deletions
--- a/apps/fuzz_verify.c
+++ b/apps/fuzz_verify.c
@@ -0,0 +1,117 @@
+// SPDX-License-Identifier: Apache-2.0
+
+#include <mem.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <api.h>
+#include <rng.h>
+
+#include "encoded_sizes.h"
+
+typedef struct {
+  unsigned char pk[CRYPTO_PUBLICKEYBYTES];
+  unsigned char sm[CRYPTO_BYTES + 64];
+} signature_t;
+
+static void crash() {
+  int *p = 0;
+  *p = 0;
+}
+
+static int load_signature(signature_t *sig, int iter) {
+  char filename[sizeof("testcases/SQIsign_lvl1/signature000000.bin")];
+  snprintf(filename, sizeof(filename), "testcases/%s/signature%06d.bin", CRYPTO_ALGNAME, iter);
+  FILE *f = fopen(filename, "rb");
+
+  if (!f) {
+    fprintf(stderr, "Can't open file: %s\n", filename);
+    return 1;
+  }
+
+  if (fread(sig->pk, CRYPTO_PUBLICKEYBYTES, 1, f) != 1) {
+    fprintf(stderr, "Can't read public key from file: %s\n", filename);
+    fclose(f);
+    return 1;
+  }
+
+  if (fread(sig->sm, CRYPTO_BYTES + 64, 1, f) != 1) {
+    fprintf(stderr, "Can't read signature from file: %s\n", filename);
+    fclose(f);
+    return 1;
+  }
+
+  fclose(f);
+
+  return 0;
+}
+
+static void verify_signature(signature_t corpus[], int testcases) {
+  unsigned long long msglen = 64;
+  unsigned long long smlen = CRYPTO_BYTES + msglen;
+
+  unsigned char *pk = calloc(CRYPTO_PUBLICKEYBYTES, 1);
+  unsigned char *sm = calloc(smlen, 1);
+
+  unsigned char msg[msglen];
+
+  if (fread(pk, CRYPTO_PUBLICKEYBYTES, 1, stdin) != 1) {
+    fprintf(stderr, "Error reading public key from stdin\n");
+    free(pk);
+    free(sm);
+    return;
+  }
+  if (fread(sm, smlen, 1, stdin) != 1) {
+    fprintf(stderr, "Error reading signature from stdin\n");
+    free(pk);
+    free(sm);
+    return;
+  }
+
+  int res = crypto_sign_open(msg, &msglen, sm, smlen, pk);
+  if (res || msglen != sizeof(msg) || memcmp(msg, sm + SIGNATURE_BYTES, msglen)) {
+    // Signature was not accepted -- check if it was in the corpus and, in that case, crash
+    for (int i = 0; i < testcases; ++i)
+      if (!memcmp(pk, corpus[i].pk, CRYPTO_PUBLICKEYBYTES) || !memcmp(sm, corpus[i].sm, smlen))
+        crash();
+  } else {
+    // Signature was accepted -- check if it was not in the corpus and, in that case, crash
+    int in_corpus = 0;
+    for (int i = 0; i < testcases; ++i)
+      if (!memcmp(pk, corpus[i].pk, CRYPTO_PUBLICKEYBYTES) || !memcmp(sm, corpus[i].sm, smlen)) {
+        in_corpus = 1;
+        break;
+      }
+
+    if (!in_corpus)
+      crash();
+  }
+
+  free(pk);
+  free(sm);
+}
+
+int
+main(int argc, char *argv[]) {
+  int testcases = 10;
+
+  if (argc == 2) {
+    sscanf(argv[1], "--testcases=%d", &testcases);
+  }
+
+  signature_t corpus[testcases];
+  for (int i = 0; i < testcases; ++i)
+    if (!load_signature(&corpus[i], i))
+      return 1;
+
+#ifdef __AFL_LOOP
+  while (__AFL_LOOP(1000))
+    verify_signature(corpus, testcases);
+#else
+  verify_signature(corpus, testcases);
+#endif
+
+  return 0;
+}