Adapt existing sig fuzz harness including more algorithms

Signed-off-by: Nathaniel Brough <[email protected]>
open-quantum-safe · Oct 22, 2024 · 28e5e81 · 28e5e81
1 parent 1d92135
commit 28e5e81
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 28 deletions.
diff --git a/.github/workflows/basic.yml b/.github/workflows/basic.yml
@@ -113,7 +113,7 @@ jobs:
           cmake -LA -N .. && \
           ! (grep -i "uninitialized variable" config.log)
       - name: Build code
-        run: ninja
+        run: ninja fuzz_test_dilithium_2
         working-directory: build
 
       - name: Short fuzz check (30s)

diff --git a/docs/FUZZING.md b/docs/FUZZING.md
@@ -15,14 +15,11 @@ errors, helping developers identify and fix bugs and security loopholes.
   - [ ] ml_kem
   - [ ] ntruprime
 - [ ] sig
-  - [ ] dilithium
-    - [x] dilithium2
-    - [ ] dilithium3
-    - [ ] dilithium5
-  - [ ] falcon
-  - [ ] mayo
-  - [ ] ml_dsa
-  - [ ] sphincs
+  - [x] dilithium
+  - [x] falcon
+  - [x] mayo
+  - [x] ml_dsa
+  - [x] sphincs
 - [ ] sig_stfl
   - [ ] lms
   - [ ] sig_stfl

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -94,13 +94,65 @@ set(KEM_TESTS example_kem kat_kem test_kem test_kem_mem speed_kem vectors_kem)
 add_executable(example_sig example_sig.c)
 target_link_libraries(example_sig PRIVATE ${TEST_DEPS})
 
+set(FUZZ_SIG_ALGORITHMS 
+    dilithium_2
+    dilithium_3
+    dilithium_5
+    ml_dsa_44_ipd
+    ml_dsa_44
+    ml_dsa_65_ipd
+    ml_dsa_65
+    ml_dsa_87_ipd
+    ml_dsa_87
+    falcon_512
+    falcon_1024
+    falcon_padded_512
+    falcon_padded_1024
+    sphincs_sha2_128f_simple
+    sphincs_sha2_128s_simple
+    sphincs_sha2_192f_simple
+    sphincs_sha2_192s_simple
+    sphincs_sha2_256f_simple
+    sphincs_sha2_256s_simple
+    sphincs_shake_128f_simple
+    sphincs_shake_128s_simple
+    sphincs_shake_192f_simple
+    sphincs_shake_192s_simple
+    sphincs_shake_256f_simple
+    sphincs_shake_256s_simple
+    mayo_1
+    mayo_2
+    mayo_3
+    mayo_5
+    cross_rsdp_128_balanced
+    cross_rsdp_128_fast
+    cross_rsdp_128_small
+    cross_rsdp_192_balanced
+    cross_rsdp_192_fast
+    cross_rsdp_192_small
+    cross_rsdp_256_balanced
+    cross_rsdp_256_fast
+    cross_rsdp_256_small
+    cross_rsdpg_128_balanced
+    cross_rsdpg_128_fast
+    cross_rsdpg_128_small
+    cross_rsdpg_192_balanced
+    cross_rsdpg_192_fast
+    cross_rsdpg_192_small
+    cross_rsdpg_256_balanced
+    cross_rsdpg_256_fast
+    cross_rsdpg_256_small
+)
+
 if(OQS_BUILD_FUZZ_TESTS AND '${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
-    add_executable(fuzz_test_dilithium2 fuzz_test_dilithium2.c)
-    target_link_libraries(fuzz_test_dilithium2 PRIVATE ${TEST_DEPS})
-    set_target_properties(fuzz_test_dilithium2 PROPERTIES
-        COMPILE_FLAGS "${FUZZING_COMPILE_FLAGS}"
-        LINK_FLAGS "${FUZZING_LINK_FLAGS}"
-    )
+    foreach(FUZZ_SIG_ALGORITHM IN LISTS FUZZ_SIG_ALGORITHMS)
+        add_executable(fuzz_test_${FUZZ_SIG_ALGORITHM} fuzz_test_sig.c)
+        target_link_libraries(fuzz_test_${FUZZ_SIG_ALGORITHM} PRIVATE ${TEST_DEPS})
+        set_target_properties(fuzz_test_${FUZZ_SIG_ALGORITHM} PROPERTIES
+            COMPILE_FLAGS "${FUZZING_COMPILE_FLAGS} -DFUZZ_METHOD_NAME=OQS_SIG_alg_${FUZZ_SIG_ALGORITHM}"
+            LINK_FLAGS "${FUZZING_LINK_FLAGS}"
+        )
+    endforeach()
 endif()
 
 # Stateful SIG API tests

diff --git a/tests/fuzz_test_dilithium2.c → tests/fuzz_test_sig.c b/tests/fuzz_test_dilithium2.c → tests/fuzz_test_sig.c
@@ -14,24 +14,26 @@
 
 #include <oqs/oqs.h>
 
+// Set default target method to dilithium2
+#ifndef FUZZ_METHOD_NAME
+#define FUZZ_METHOD_NAME OQS_SIG_alg_dilithium_2
+#endif
+
 void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
                   uint8_t *signature,
                   OQS_SIG *sig);
 
-static OQS_STATUS fuzz_dilithium_2(const uint8_t *message, size_t message_len) {
-
-#ifdef OQS_ENABLE_SIG_dilithium_2
-
+static OQS_STATUS fuzz_sig(const uint8_t *message, size_t message_len) {
 	OQS_SIG *sig = NULL;
 	uint8_t *public_key = NULL;
 	uint8_t *secret_key = NULL;
 	uint8_t *signature = NULL;
 	size_t signature_len;
 	OQS_STATUS rc;
 
-	sig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
+	sig = OQS_SIG_new(FUZZ_METHOD_NAME);
 	if (sig == NULL) {
-		printf("[fuzz_test_dilithium_2]  OQS_SIG_alg_dilithium_2 was not enabled at compile-time.\n");
+		printf("%s was not enabled at compile-time.\n", FUZZ_METHOD_NAME);
 		return OQS_ERROR;
 	}
 
@@ -65,12 +67,6 @@ static OQS_STATUS fuzz_dilithium_2(const uint8_t *message, size_t message_len) {
 
 	cleanup_heap(public_key, secret_key,  signature, sig);
 	return OQS_SUCCESS; // success
-#else
-
-	printf("[fuzz_test_dilithium_2] OQS_SIG_dilithium_2 was not enabled at compile-time.\n");
-	return OQS_SUCCESS;
-
-#endif
 }
 
 void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
@@ -86,7 +82,7 @@ void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
 
 int LLVMFuzzerTestOneInput(const char *data, size_t size) {
 	OQS_init();
-	if (OQS_ERROR == fuzz_dilithium_2((const uint8_t *)data, size)) {
+	if (OQS_ERROR == fuzz_sig((const uint8_t *)data, size)) {
 		// If we get an error prune testcase from corpus.
 		return -1;
 	}