From 56e6ab1e41f3bc41062365f1913f83e449040fa0 Mon Sep 17 00:00:00 2001 From: rtjk <47841774+rtjk@users.noreply.github.com> Date: Thu, 27 Feb 2025 11:49:48 +0100 Subject: [PATCH 1/7] add bitflip test to test_sig.c Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --- tests/test_sig.c | 77 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 53 insertions(+), 24 deletions(-) diff --git a/tests/test_sig.c b/tests/test_sig.c index cc3e83c5c..9421742be 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -29,6 +29,17 @@ typedef struct magic_s { uint8_t val[31]; } magic_t; +static OQS_STATUS flip_bit(uint8_t *array, uint64_t array_length, uint64_t bit_position) { + uint64_t byte_index = bit_position / 8; + uint8_t bit_index = bit_position % 8; + if (byte_index >= array_length) { + fprintf(stderr, "ERROR: bit index is out of bounds!\n"); + return OQS_ERROR; + } + array[byte_index] ^= (1 << bit_index); + return OQS_SUCCESS; +} + static OQS_STATUS sig_test_correctness(const char *method_name) { OQS_SIG *sig = NULL; @@ -110,14 +121,20 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { goto err; } - /* modify the signature to invalidate it */ - OQS_randombytes(signature, signature_len); - OQS_TEST_CT_DECLASSIFY(signature, signature_len); - rc = OQS_SIG_verify(sig, message, message_len, signature, signature_len, public_key); - OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); - if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify should have failed!\n"); - goto err; + /* for every bit of the signature, flip it and check if the verification fails */ + for(uint64_t bit_index=0; bit_index<(signature_len*8); bit_index++){ + rc = flip_bit(signature, signature_len, bit_index); + if (rc != OQS_SUCCESS) { + goto err; + } + rc = OQS_SIG_verify(sig, message, message_len, signature, signature_len, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify should have failed!\n"); + goto err; + } + /* flip back the bit */ + flip_bit(signature, signature_len, bit_index); } /* testing signing with context, if supported */ @@ -140,14 +157,20 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { goto err; } - /* modify the signature to invalidate it */ - OQS_randombytes(signature, signature_len); - OQS_TEST_CT_DECLASSIFY(signature, signature_len); - rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); - OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); - if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); - goto err; + /* for every bit of the signature, flip it and check if the verification fails */ + for(uint64_t bit_index=0; bit_index<(signature_len*8); bit_index++){ + rc = flip_bit(signature, signature_len, bit_index); + if (rc != OQS_SUCCESS) { + goto err; + } + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); + goto err; + } + /* flip back the bit */ + flip_bit(signature, signature_len, bit_index); } } @@ -180,14 +203,20 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { goto err; } - /* modify the signature to invalidate it */ - OQS_randombytes(signature, signature_len); - OQS_TEST_CT_DECLASSIFY(signature, signature_len); - rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); - OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); - if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); - goto err; + /* for every bit of the signature, flip it and check if the verification fails */ + for(uint64_t bit_index=0; bit_index<(signature_len*8); bit_index++){ + rc = flip_bit(signature, signature_len, bit_index); + if (rc != OQS_SUCCESS) { + goto err; + } + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); + goto err; + } + /* flip back the bit */ + flip_bit(signature, signature_len, bit_index); } #ifndef OQS_ENABLE_TEST_CONSTANT_TIME From fb8835ca299f2e2d31474aac2b3d49c57e658c3a Mon Sep 17 00:00:00 2001 From: rtjk <47841774+rtjk@users.noreply.github.com> Date: Thu, 27 Feb 2025 13:59:52 +0100 Subject: [PATCH 2/7] format code Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --- tests/test_sig.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_sig.c b/tests/test_sig.c index 9421742be..2cb65cdea 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -122,7 +122,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { } /* for every bit of the signature, flip it and check if the verification fails */ - for(uint64_t bit_index=0; bit_index<(signature_len*8); bit_index++){ + for (uint64_t bit_index = 0; bit_index < (signature_len * 8); bit_index++) { rc = flip_bit(signature, signature_len, bit_index); if (rc != OQS_SUCCESS) { goto err; @@ -158,7 +158,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { } /* for every bit of the signature, flip it and check if the verification fails */ - for(uint64_t bit_index=0; bit_index<(signature_len*8); bit_index++){ + for (uint64_t bit_index = 0; bit_index < (signature_len * 8); bit_index++) { rc = flip_bit(signature, signature_len, bit_index); if (rc != OQS_SUCCESS) { goto err; @@ -204,7 +204,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { } /* for every bit of the signature, flip it and check if the verification fails */ - for(uint64_t bit_index=0; bit_index<(signature_len*8); bit_index++){ + for (uint64_t bit_index = 0; bit_index < (signature_len * 8); bit_index++) { rc = flip_bit(signature, signature_len, bit_index); if (rc != OQS_SUCCESS) { goto err; From c0daec53b51bad9602b11463261661b5500c9eeb Mon Sep 17 00:00:00 2001 From: rtjk <47841774+rtjk@users.noreply.github.com> Date: Mon, 3 Mar 2025 18:58:27 +0100 Subject: [PATCH 3/7] - add sig->suf_cma - add command-line argument to test_sig.c (the number of bitflips) - update CROSS upstream to SUF-CMA Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --- docs/algorithms/sig/cross.md | 38 ++--- docs/algorithms/sig/cross.yml | 38 ++--- .../copy_from_upstream/copy_from_upstream.py | 5 + .../copy_from_upstream/copy_from_upstream.yml | 2 +- .../src/sig/family/sig_scheme.c | 2 + src/sig/cross/sig_cross_rsdp_128_balanced.c | 1 + src/sig/cross/sig_cross_rsdp_128_fast.c | 1 + src/sig/cross/sig_cross_rsdp_128_small.c | 1 + src/sig/cross/sig_cross_rsdp_192_balanced.c | 1 + src/sig/cross/sig_cross_rsdp_192_fast.c | 1 + src/sig/cross/sig_cross_rsdp_192_small.c | 1 + src/sig/cross/sig_cross_rsdp_256_balanced.c | 1 + src/sig/cross/sig_cross_rsdp_256_fast.c | 1 + src/sig/cross/sig_cross_rsdp_256_small.c | 1 + src/sig/cross/sig_cross_rsdpg_128_balanced.c | 1 + src/sig/cross/sig_cross_rsdpg_128_fast.c | 1 + src/sig/cross/sig_cross_rsdpg_128_small.c | 1 + src/sig/cross/sig_cross_rsdpg_192_balanced.c | 1 + src/sig/cross/sig_cross_rsdpg_192_fast.c | 1 + src/sig/cross/sig_cross_rsdpg_192_small.c | 1 + src/sig/cross/sig_cross_rsdpg_256_balanced.c | 1 + src/sig/cross/sig_cross_rsdpg_256_fast.c | 1 + src/sig/cross/sig_cross_rsdpg_256_small.c | 1 + src/sig/dilithium/sig_dilithium_2.c | 1 + src/sig/dilithium/sig_dilithium_3.c | 1 + src/sig/dilithium/sig_dilithium_5.c | 1 + src/sig/falcon/sig_falcon_1024.c | 1 + src/sig/falcon/sig_falcon_512.c | 1 + src/sig/falcon/sig_falcon_padded_1024.c | 1 + src/sig/falcon/sig_falcon_padded_512.c | 1 + src/sig/mayo/sig_mayo_1.c | 1 + src/sig/mayo/sig_mayo_2.c | 1 + src/sig/mayo/sig_mayo_3.c | 1 + src/sig/mayo/sig_mayo_5.c | 1 + src/sig/ml_dsa/sig_ml_dsa_44.c | 1 + src/sig/ml_dsa/sig_ml_dsa_65.c | 1 + src/sig/ml_dsa/sig_ml_dsa_87.c | 1 + src/sig/sig.h | 3 + .../sphincs/sig_sphincs_sha2_128f_simple.c | 1 + .../sphincs/sig_sphincs_sha2_128s_simple.c | 1 + .../sphincs/sig_sphincs_sha2_192f_simple.c | 1 + .../sphincs/sig_sphincs_sha2_192s_simple.c | 1 + .../sphincs/sig_sphincs_sha2_256f_simple.c | 1 + .../sphincs/sig_sphincs_sha2_256s_simple.c | 1 + .../sphincs/sig_sphincs_shake_128f_simple.c | 1 + .../sphincs/sig_sphincs_shake_128s_simple.c | 1 + .../sphincs/sig_sphincs_shake_192f_simple.c | 1 + .../sphincs/sig_sphincs_shake_192s_simple.c | 1 + .../sphincs/sig_sphincs_shake_256f_simple.c | 1 + .../sphincs/sig_sphincs_shake_256s_simple.c | 1 + src/sig_stfl/sig_stfl.h | 3 + tests/dump_alg_info.c | 4 +- tests/test_sig.c | 135 ++++++++++++------ 53 files changed, 188 insertions(+), 86 deletions(-) diff --git a/docs/algorithms/sig/cross.md b/docs/algorithms/sig/cross.md index 988a932f9..bb87fb241 100644 --- a/docs/algorithms/sig/cross.md +++ b/docs/algorithms/sig/cross.md @@ -7,7 +7,7 @@ - **Authors' website**: https://www.cross-crypto.com/ - **Specification version**: 2.0 + PQClean and OQS patches. - **Primary Source**: - - **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1 + - **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/01f2486523f352a7eb1809a246c8fe466772642c - **Implementation license (SPDX-Identifier)**: CC0-1.0 @@ -15,24 +15,24 @@ | Parameter set | Parameter set alias | Security model | Claimed NIST Level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) | |:------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:| -| cross-rsdp-128-balanced | NA | EUF-CMA | 1 | 77 | 32 | 13152 | -| cross-rsdp-128-fast | NA | EUF-CMA | 1 | 77 | 32 | 18432 | -| cross-rsdp-128-small | NA | EUF-CMA | 1 | 77 | 32 | 12432 | -| cross-rsdp-192-balanced | NA | EUF-CMA | 3 | 115 | 48 | 29853 | -| cross-rsdp-192-fast | NA | EUF-CMA | 3 | 115 | 48 | 41406 | -| cross-rsdp-192-small | NA | EUF-CMA | 3 | 115 | 48 | 28391 | -| cross-rsdp-256-balanced | NA | EUF-CMA | 5 | 153 | 64 | 53527 | -| cross-rsdp-256-fast | NA | EUF-CMA | 5 | 153 | 64 | 74590 | -| cross-rsdp-256-small | NA | EUF-CMA | 5 | 153 | 64 | 50818 | -| cross-rsdpg-128-balanced | NA | EUF-CMA | 1 | 54 | 32 | 9120 | -| cross-rsdpg-128-fast | NA | EUF-CMA | 1 | 54 | 32 | 11980 | -| cross-rsdpg-128-small | NA | EUF-CMA | 1 | 54 | 32 | 8960 | -| cross-rsdpg-192-balanced | NA | EUF-CMA | 3 | 83 | 48 | 22464 | -| cross-rsdpg-192-fast | NA | EUF-CMA | 3 | 83 | 48 | 26772 | -| cross-rsdpg-192-small | NA | EUF-CMA | 3 | 83 | 48 | 20452 | -| cross-rsdpg-256-balanced | NA | EUF-CMA | 5 | 106 | 64 | 40100 | -| cross-rsdpg-256-fast | NA | EUF-CMA | 5 | 106 | 64 | 48102 | -| cross-rsdpg-256-small | NA | EUF-CMA | 5 | 106 | 64 | 36454 | +| cross-rsdp-128-balanced | NA | SUF-CMA | 1 | 77 | 32 | 13152 | +| cross-rsdp-128-fast | NA | SUF-CMA | 1 | 77 | 32 | 18432 | +| cross-rsdp-128-small | NA | SUF-CMA | 1 | 77 | 32 | 12432 | +| cross-rsdp-192-balanced | NA | SUF-CMA | 3 | 115 | 48 | 29853 | +| cross-rsdp-192-fast | NA | SUF-CMA | 3 | 115 | 48 | 41406 | +| cross-rsdp-192-small | NA | SUF-CMA | 3 | 115 | 48 | 28391 | +| cross-rsdp-256-balanced | NA | SUF-CMA | 5 | 153 | 64 | 53527 | +| cross-rsdp-256-fast | NA | SUF-CMA | 5 | 153 | 64 | 74590 | +| cross-rsdp-256-small | NA | SUF-CMA | 5 | 153 | 64 | 50818 | +| cross-rsdpg-128-balanced | NA | SUF-CMA | 1 | 54 | 32 | 9120 | +| cross-rsdpg-128-fast | NA | SUF-CMA | 1 | 54 | 32 | 11980 | +| cross-rsdpg-128-small | NA | SUF-CMA | 1 | 54 | 32 | 8960 | +| cross-rsdpg-192-balanced | NA | SUF-CMA | 3 | 83 | 48 | 22464 | +| cross-rsdpg-192-fast | NA | SUF-CMA | 3 | 83 | 48 | 26772 | +| cross-rsdpg-192-small | NA | SUF-CMA | 3 | 83 | 48 | 20452 | +| cross-rsdpg-256-balanced | NA | SUF-CMA | 5 | 106 | 64 | 40100 | +| cross-rsdpg-256-fast | NA | SUF-CMA | 5 | 106 | 64 | 48102 | +| cross-rsdpg-256-small | NA | SUF-CMA | 5 | 106 | 64 | 36454 | ## cross-rsdp-128-balanced implementation characteristics diff --git a/docs/algorithms/sig/cross.yml b/docs/algorithms/sig/cross.yml index 6bc3785b8..3fe825ddb 100644 --- a/docs/algorithms/sig/cross.yml +++ b/docs/algorithms/sig/cross.yml @@ -23,13 +23,13 @@ website: https://www.cross-crypto.com/ nist-round: 2 spec-version: 2.0 + PQClean and OQS patches primary-upstream: - source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1 + source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/01f2486523f352a7eb1809a246c8fe466772642c spdx-license-identifier: CC0-1.0 parameter-sets: - name: cross-rsdp-128-balanced oqs_alg: OQS_SIG_alg_cross_rsdp_128_balanced claimed-nist-level: 1 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 77 length-secret-key: 32 length-signature: 13152 @@ -57,7 +57,7 @@ parameter-sets: - name: cross-rsdp-128-fast oqs_alg: OQS_SIG_alg_cross_rsdp_128_fast claimed-nist-level: 1 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 77 length-secret-key: 32 length-signature: 18432 @@ -85,7 +85,7 @@ parameter-sets: - name: cross-rsdp-128-small oqs_alg: OQS_SIG_alg_cross_rsdp_128_small claimed-nist-level: 1 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 77 length-secret-key: 32 length-signature: 12432 @@ -113,7 +113,7 @@ parameter-sets: - name: cross-rsdp-192-balanced oqs_alg: OQS_SIG_alg_cross_rsdp_192_balanced claimed-nist-level: 3 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 115 length-secret-key: 48 length-signature: 29853 @@ -141,7 +141,7 @@ parameter-sets: - name: cross-rsdp-192-fast oqs_alg: OQS_SIG_alg_cross_rsdp_192_fast claimed-nist-level: 3 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 115 length-secret-key: 48 length-signature: 41406 @@ -169,7 +169,7 @@ parameter-sets: - name: cross-rsdp-192-small oqs_alg: OQS_SIG_alg_cross_rsdp_192_small claimed-nist-level: 3 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 115 length-secret-key: 48 length-signature: 28391 @@ -197,7 +197,7 @@ parameter-sets: - name: cross-rsdp-256-balanced oqs_alg: OQS_SIG_alg_cross_rsdp_256_balanced claimed-nist-level: 5 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 153 length-secret-key: 64 length-signature: 53527 @@ -225,7 +225,7 @@ parameter-sets: - name: cross-rsdp-256-fast oqs_alg: OQS_SIG_alg_cross_rsdp_256_fast claimed-nist-level: 5 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 153 length-secret-key: 64 length-signature: 74590 @@ -253,7 +253,7 @@ parameter-sets: - name: cross-rsdp-256-small oqs_alg: OQS_SIG_alg_cross_rsdp_256_small claimed-nist-level: 5 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 153 length-secret-key: 64 length-signature: 50818 @@ -281,7 +281,7 @@ parameter-sets: - name: cross-rsdpg-128-balanced oqs_alg: OQS_SIG_alg_cross_rsdpg_128_balanced claimed-nist-level: 1 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 54 length-secret-key: 32 length-signature: 9120 @@ -309,7 +309,7 @@ parameter-sets: - name: cross-rsdpg-128-fast oqs_alg: OQS_SIG_alg_cross_rsdpg_128_fast claimed-nist-level: 1 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 54 length-secret-key: 32 length-signature: 11980 @@ -337,7 +337,7 @@ parameter-sets: - name: cross-rsdpg-128-small oqs_alg: OQS_SIG_alg_cross_rsdpg_128_small claimed-nist-level: 1 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 54 length-secret-key: 32 length-signature: 8960 @@ -365,7 +365,7 @@ parameter-sets: - name: cross-rsdpg-192-balanced oqs_alg: OQS_SIG_alg_cross_rsdpg_192_balanced claimed-nist-level: 3 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 83 length-secret-key: 48 length-signature: 22464 @@ -393,7 +393,7 @@ parameter-sets: - name: cross-rsdpg-192-fast oqs_alg: OQS_SIG_alg_cross_rsdpg_192_fast claimed-nist-level: 3 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 83 length-secret-key: 48 length-signature: 26772 @@ -421,7 +421,7 @@ parameter-sets: - name: cross-rsdpg-192-small oqs_alg: OQS_SIG_alg_cross_rsdpg_192_small claimed-nist-level: 3 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 83 length-secret-key: 48 length-signature: 20452 @@ -449,7 +449,7 @@ parameter-sets: - name: cross-rsdpg-256-balanced oqs_alg: OQS_SIG_alg_cross_rsdpg_256_balanced claimed-nist-level: 5 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 106 length-secret-key: 64 length-signature: 40100 @@ -477,7 +477,7 @@ parameter-sets: - name: cross-rsdpg-256-fast oqs_alg: OQS_SIG_alg_cross_rsdpg_256_fast claimed-nist-level: 5 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 106 length-secret-key: 64 length-signature: 48102 @@ -505,7 +505,7 @@ parameter-sets: - name: cross-rsdpg-256-small oqs_alg: OQS_SIG_alg_cross_rsdpg_256_small claimed-nist-level: 5 - claimed-security: EUF-CMA + claimed-security: SUF-CMA length-public-key: 106 length-secret-key: 64 length-signature: 36454 diff --git a/scripts/copy_from_upstream/copy_from_upstream.py b/scripts/copy_from_upstream/copy_from_upstream.py index 4f69380ba..e5c7cc30b 100755 --- a/scripts/copy_from_upstream/copy_from_upstream.py +++ b/scripts/copy_from_upstream/copy_from_upstream.py @@ -368,7 +368,12 @@ def load_instructions(file='copy_from_upstream.yml'): raise RuntimeError("Found duplicate arch {} in scheme {}".format(arch, scheme)) scheme['scheme_paths'][arch] = (os.path.join('repos', location, upstreams[location]['sig_scheme_path'].format_map(scheme))) + # assume EUF-CMA for schemes that don't specify a security classification scheme['metadata']['euf_cma'] = 'true' + scheme['metadata']['suf_cma'] = 'false' + if 'claimed-security' in metadata: + if metadata['claimed-security'] == "SUF-CMA": + scheme['metadata']['suf_cma'] = 'true' scheme['pqclean_scheme_c'] = scheme['pqclean_scheme'].replace('-', '') scheme['scheme_c'] = scheme['scheme'].replace('-', '') scheme['default_implementation'] = family['default_implementation'] diff --git a/scripts/copy_from_upstream/copy_from_upstream.yml b/scripts/copy_from_upstream/copy_from_upstream.yml index ac1fddc32..e94e7843b 100644 --- a/scripts/copy_from_upstream/copy_from_upstream.yml +++ b/scripts/copy_from_upstream/copy_from_upstream.yml @@ -75,7 +75,7 @@ upstreams: name: upcross git_url: https://github.com/CROSS-signature/CROSS-lib-oqs.git git_branch: master - git_commit: efd17279e75308b000bda7c7f58866620d652bc1 + git_commit: 01f2486523f352a7eb1809a246c8fe466772642c sig_meta_path: 'generate/crypto_sign/{pqclean_scheme}/META.yml' sig_scheme_path: 'generate/crypto_sign/{pqclean_scheme}' kems: diff --git a/scripts/copy_from_upstream/src/sig/family/sig_scheme.c b/scripts/copy_from_upstream/src/sig/family/sig_scheme.c index e32d4fec6..d91a09da0 100644 --- a/scripts/copy_from_upstream/src/sig/family/sig_scheme.c +++ b/scripts/copy_from_upstream/src/sig/family/sig_scheme.c @@ -21,6 +21,7 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) { sig->claimed_nist_level = {{ scheme['metadata']['claimed-nist-level'] }}; sig->euf_cma = {{ scheme['metadata']['euf_cma'] }}; + sig->suf_cma = {{ scheme['metadata']['suf_cma'] }}; {%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} sig->sig_with_ctx_support = true; {%- else %} @@ -58,6 +59,7 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) { sig->claimed_nist_level = {{ scheme['metadata']['claimed-nist-level'] }}; sig->euf_cma = {{ scheme['metadata']['euf_cma'] }}; + sig->suf_cma = {{ scheme['metadata']['suf_cma'] }}; sig->length_public_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_public_key; sig->length_secret_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_secret_key; diff --git a/src/sig/cross/sig_cross_rsdp_128_balanced.c b/src/sig/cross/sig_cross_rsdp_128_balanced.c index 58eecf621..b3cd7b3e3 100644 --- a/src/sig/cross/sig_cross_rsdp_128_balanced.c +++ b/src/sig/cross/sig_cross_rsdp_128_balanced.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_balanced_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_128_balanced_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_128_fast.c b/src/sig/cross/sig_cross_rsdp_128_fast.c index e4a754e4a..b3346bd5a 100644 --- a/src/sig/cross/sig_cross_rsdp_128_fast.c +++ b/src/sig/cross/sig_cross_rsdp_128_fast.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_fast_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_128_fast_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_128_small.c b/src/sig/cross/sig_cross_rsdp_128_small.c index d576afeb0..fdc8aa3a5 100644 --- a/src/sig/cross/sig_cross_rsdp_128_small.c +++ b/src/sig/cross/sig_cross_rsdp_128_small.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_small_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_128_small_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_192_balanced.c b/src/sig/cross/sig_cross_rsdp_192_balanced.c index 9b16d25e0..f9cb993cd 100644 --- a/src/sig/cross/sig_cross_rsdp_192_balanced.c +++ b/src/sig/cross/sig_cross_rsdp_192_balanced.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_balanced_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_192_balanced_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_192_fast.c b/src/sig/cross/sig_cross_rsdp_192_fast.c index f21b66e0c..af2370246 100644 --- a/src/sig/cross/sig_cross_rsdp_192_fast.c +++ b/src/sig/cross/sig_cross_rsdp_192_fast.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_fast_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_192_fast_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_192_small.c b/src/sig/cross/sig_cross_rsdp_192_small.c index 8a657eebf..705b66287 100644 --- a/src/sig/cross/sig_cross_rsdp_192_small.c +++ b/src/sig/cross/sig_cross_rsdp_192_small.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_small_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_192_small_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_256_balanced.c b/src/sig/cross/sig_cross_rsdp_256_balanced.c index 3775a931f..949835528 100644 --- a/src/sig/cross/sig_cross_rsdp_256_balanced.c +++ b/src/sig/cross/sig_cross_rsdp_256_balanced.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_balanced_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_256_balanced_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_256_fast.c b/src/sig/cross/sig_cross_rsdp_256_fast.c index 8c59f58f9..9da0cab4f 100644 --- a/src/sig/cross/sig_cross_rsdp_256_fast.c +++ b/src/sig/cross/sig_cross_rsdp_256_fast.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_fast_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_256_fast_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdp_256_small.c b/src/sig/cross/sig_cross_rsdp_256_small.c index 68f7f248c..712c4b199 100644 --- a/src/sig/cross/sig_cross_rsdp_256_small.c +++ b/src/sig/cross/sig_cross_rsdp_256_small.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_small_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdp_256_small_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_128_balanced.c b/src/sig/cross/sig_cross_rsdpg_128_balanced.c index 8fd6d0564..15db86968 100644 --- a/src/sig/cross/sig_cross_rsdpg_128_balanced.c +++ b/src/sig/cross/sig_cross_rsdpg_128_balanced.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_balanced_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_128_balanced_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_128_fast.c b/src/sig/cross/sig_cross_rsdpg_128_fast.c index f878903c5..af9679237 100644 --- a/src/sig/cross/sig_cross_rsdpg_128_fast.c +++ b/src/sig/cross/sig_cross_rsdpg_128_fast.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_fast_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_128_fast_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_128_small.c b/src/sig/cross/sig_cross_rsdpg_128_small.c index 06dd61202..75c03720c 100644 --- a/src/sig/cross/sig_cross_rsdpg_128_small.c +++ b/src/sig/cross/sig_cross_rsdpg_128_small.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_small_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_128_small_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_192_balanced.c b/src/sig/cross/sig_cross_rsdpg_192_balanced.c index db9efe3c9..fbbc40207 100644 --- a/src/sig/cross/sig_cross_rsdpg_192_balanced.c +++ b/src/sig/cross/sig_cross_rsdpg_192_balanced.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_balanced_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_192_balanced_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_192_fast.c b/src/sig/cross/sig_cross_rsdpg_192_fast.c index 19b7ea03a..6c8545297 100644 --- a/src/sig/cross/sig_cross_rsdpg_192_fast.c +++ b/src/sig/cross/sig_cross_rsdpg_192_fast.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_fast_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_192_fast_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_192_small.c b/src/sig/cross/sig_cross_rsdpg_192_small.c index d4fac3404..82efb330b 100644 --- a/src/sig/cross/sig_cross_rsdpg_192_small.c +++ b/src/sig/cross/sig_cross_rsdpg_192_small.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_small_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_192_small_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_256_balanced.c b/src/sig/cross/sig_cross_rsdpg_256_balanced.c index 1e44eea83..7b6d9aa47 100644 --- a/src/sig/cross/sig_cross_rsdpg_256_balanced.c +++ b/src/sig/cross/sig_cross_rsdpg_256_balanced.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_balanced_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_256_balanced_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_256_fast.c b/src/sig/cross/sig_cross_rsdpg_256_fast.c index 88b12a179..ae11bc856 100644 --- a/src/sig/cross/sig_cross_rsdpg_256_fast.c +++ b/src/sig/cross/sig_cross_rsdpg_256_fast.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_fast_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_256_fast_length_public_key; diff --git a/src/sig/cross/sig_cross_rsdpg_256_small.c b/src/sig/cross/sig_cross_rsdpg_256_small.c index 4d1c19d43..3902bd601 100644 --- a/src/sig/cross/sig_cross_rsdpg_256_small.c +++ b/src/sig/cross/sig_cross_rsdpg_256_small.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_small_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = true; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_cross_rsdpg_256_small_length_public_key; diff --git a/src/sig/dilithium/sig_dilithium_2.c b/src/sig/dilithium/sig_dilithium_2.c index 06abc8d19..5784e5161 100644 --- a/src/sig/dilithium/sig_dilithium_2.c +++ b/src/sig/dilithium/sig_dilithium_2.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_dilithium_2_new(void) { sig->claimed_nist_level = 2; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_dilithium_2_length_public_key; diff --git a/src/sig/dilithium/sig_dilithium_3.c b/src/sig/dilithium/sig_dilithium_3.c index 3257588fc..5d506abe4 100644 --- a/src/sig/dilithium/sig_dilithium_3.c +++ b/src/sig/dilithium/sig_dilithium_3.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_dilithium_3_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_dilithium_3_length_public_key; diff --git a/src/sig/dilithium/sig_dilithium_5.c b/src/sig/dilithium/sig_dilithium_5.c index 79a0bb471..1ea23d085 100644 --- a/src/sig/dilithium/sig_dilithium_5.c +++ b/src/sig/dilithium/sig_dilithium_5.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_dilithium_5_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_dilithium_5_length_public_key; diff --git a/src/sig/falcon/sig_falcon_1024.c b/src/sig/falcon/sig_falcon_1024.c index e6048fc73..cf9e75db2 100644 --- a/src/sig/falcon/sig_falcon_1024.c +++ b/src/sig/falcon/sig_falcon_1024.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_1024_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_1024_length_public_key; diff --git a/src/sig/falcon/sig_falcon_512.c b/src/sig/falcon/sig_falcon_512.c index aec1bc614..6b2491e5f 100644 --- a/src/sig/falcon/sig_falcon_512.c +++ b/src/sig/falcon/sig_falcon_512.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_512_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_512_length_public_key; diff --git a/src/sig/falcon/sig_falcon_padded_1024.c b/src/sig/falcon/sig_falcon_padded_1024.c index b2a777272..b726f8915 100644 --- a/src/sig/falcon/sig_falcon_padded_1024.c +++ b/src/sig/falcon/sig_falcon_padded_1024.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_padded_1024_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_padded_1024_length_public_key; diff --git a/src/sig/falcon/sig_falcon_padded_512.c b/src/sig/falcon/sig_falcon_padded_512.c index 382607433..eac6933a2 100644 --- a/src/sig/falcon/sig_falcon_padded_512.c +++ b/src/sig/falcon/sig_falcon_padded_512.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_falcon_padded_512_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_falcon_padded_512_length_public_key; diff --git a/src/sig/mayo/sig_mayo_1.c b/src/sig/mayo/sig_mayo_1.c index be70917db..4b66f409b 100644 --- a/src/sig/mayo/sig_mayo_1.c +++ b/src/sig/mayo/sig_mayo_1.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_1_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_1_length_public_key; diff --git a/src/sig/mayo/sig_mayo_2.c b/src/sig/mayo/sig_mayo_2.c index 3a4e0dfd7..219b09b86 100644 --- a/src/sig/mayo/sig_mayo_2.c +++ b/src/sig/mayo/sig_mayo_2.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_2_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_2_length_public_key; diff --git a/src/sig/mayo/sig_mayo_3.c b/src/sig/mayo/sig_mayo_3.c index d91210757..37fe2cc3c 100644 --- a/src/sig/mayo/sig_mayo_3.c +++ b/src/sig/mayo/sig_mayo_3.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_3_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_3_length_public_key; diff --git a/src/sig/mayo/sig_mayo_5.c b/src/sig/mayo/sig_mayo_5.c index 812e0f100..93e1f70d0 100644 --- a/src/sig/mayo/sig_mayo_5.c +++ b/src/sig/mayo/sig_mayo_5.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_mayo_5_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_mayo_5_length_public_key; diff --git a/src/sig/ml_dsa/sig_ml_dsa_44.c b/src/sig/ml_dsa/sig_ml_dsa_44.c index 1a786ae85..a54ac595b 100644 --- a/src/sig/ml_dsa/sig_ml_dsa_44.c +++ b/src/sig/ml_dsa/sig_ml_dsa_44.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_ml_dsa_44_new(void) { sig->claimed_nist_level = 2; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = true; sig->length_public_key = OQS_SIG_ml_dsa_44_length_public_key; diff --git a/src/sig/ml_dsa/sig_ml_dsa_65.c b/src/sig/ml_dsa/sig_ml_dsa_65.c index 094878d4c..edffb48fa 100644 --- a/src/sig/ml_dsa/sig_ml_dsa_65.c +++ b/src/sig/ml_dsa/sig_ml_dsa_65.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_ml_dsa_65_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = true; sig->length_public_key = OQS_SIG_ml_dsa_65_length_public_key; diff --git a/src/sig/ml_dsa/sig_ml_dsa_87.c b/src/sig/ml_dsa/sig_ml_dsa_87.c index 689690aa6..d5c974ab0 100644 --- a/src/sig/ml_dsa/sig_ml_dsa_87.c +++ b/src/sig/ml_dsa/sig_ml_dsa_87.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_ml_dsa_87_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = true; sig->length_public_key = OQS_SIG_ml_dsa_87_length_public_key; diff --git a/src/sig/sig.h b/src/sig/sig.h index 0ba9da9d2..877cee743 100644 --- a/src/sig/sig.h +++ b/src/sig/sig.h @@ -179,6 +179,9 @@ typedef struct OQS_SIG { /** Whether the signature offers EUF-CMA security (TRUE) or not (FALSE). */ bool euf_cma; + /** Whether the signature offers SUF-CMA security (TRUE) or not (FALSE). */ + bool suf_cma; + /** Whether the signature supports signing with a context string (TRUE) or not (FALSE). */ bool sig_with_ctx_support; diff --git a/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c b/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c index cc2f9dc23..fec03e4c5 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_128f_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128f_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_128f_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c b/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c index 6098fd6f9..9f042c75a 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_128s_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_128s_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_128s_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c b/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c index 3d74bb4fa..d8822ecf8 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_192f_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192f_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_192f_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c b/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c index 13b219a27..9f604d5e7 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_192s_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_192s_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_192s_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c b/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c index 25851e4b6..ed4be23ae 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_256f_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256f_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_256f_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c b/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c index 6f564cd8b..7f3711b98 100644 --- a/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c +++ b/src/sig/sphincs/sig_sphincs_sha2_256s_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_sha2_256s_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_sha2_256s_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_shake_128f_simple.c b/src/sig/sphincs/sig_sphincs_shake_128f_simple.c index e66ec651b..94fce8a6a 100644 --- a/src/sig/sphincs/sig_sphincs_shake_128f_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_128f_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_128f_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_128f_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_shake_128s_simple.c b/src/sig/sphincs/sig_sphincs_shake_128s_simple.c index 34ae16c29..57ee291f9 100644 --- a/src/sig/sphincs/sig_sphincs_shake_128s_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_128s_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_128s_simple_new(void) { sig->claimed_nist_level = 1; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_128s_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_shake_192f_simple.c b/src/sig/sphincs/sig_sphincs_shake_192f_simple.c index d99bc1590..d3d123ccc 100644 --- a/src/sig/sphincs/sig_sphincs_shake_192f_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_192f_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_192f_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_192f_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_shake_192s_simple.c b/src/sig/sphincs/sig_sphincs_shake_192s_simple.c index 3645bc5a9..8780f10c8 100644 --- a/src/sig/sphincs/sig_sphincs_shake_192s_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_192s_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_192s_simple_new(void) { sig->claimed_nist_level = 3; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_192s_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_shake_256f_simple.c b/src/sig/sphincs/sig_sphincs_shake_256f_simple.c index 25bc38f43..b46f1ffc8 100644 --- a/src/sig/sphincs/sig_sphincs_shake_256f_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_256f_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_256f_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_256f_simple_length_public_key; diff --git a/src/sig/sphincs/sig_sphincs_shake_256s_simple.c b/src/sig/sphincs/sig_sphincs_shake_256s_simple.c index 3075ba228..921ec898d 100644 --- a/src/sig/sphincs/sig_sphincs_shake_256s_simple.c +++ b/src/sig/sphincs/sig_sphincs_shake_256s_simple.c @@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_sphincs_shake_256s_simple_new(void) { sig->claimed_nist_level = 5; sig->euf_cma = true; + sig->suf_cma = false; sig->sig_with_ctx_support = false; sig->length_public_key = OQS_SIG_sphincs_shake_256s_simple_length_public_key; diff --git a/src/sig_stfl/sig_stfl.h b/src/sig_stfl/sig_stfl.h index 3e391c3db..8e81df4d5 100644 --- a/src/sig_stfl/sig_stfl.h +++ b/src/sig_stfl/sig_stfl.h @@ -287,6 +287,9 @@ typedef struct OQS_SIG_STFL { /** Whether the signature offers EUF-CMA security (TRUE) or not (FALSE). */ bool euf_cma; + /** Whether the signature offers SUF-CMA security (TRUE) or not (FALSE). */ + bool suf_cma; + /** The (maximum) length, in bytes, of public keys for this signature scheme. */ size_t length_public_key; /** The (maximum) length, in bytes, of secret keys for this signature scheme. */ diff --git a/tests/dump_alg_info.c b/tests/dump_alg_info.c index 3bee2d273..c08babcbb 100644 --- a/tests/dump_alg_info.c +++ b/tests/dump_alg_info.c @@ -48,7 +48,7 @@ int main(void) { } printf(" isnull: false\n"); printf(" claimed-nist-level: %d\n", sig->claimed_nist_level); - printf(" claimed-security: %s\n", sig->euf_cma ? "EUF-CMA" : "none"); + printf(" claimed-security: %s\n", sig->suf_cma ? "SUF-CMA" : (sig->euf_cma ? "EUF-CMA" : "none")); printf(" length-public-key: %zu\n", sig->length_public_key); printf(" length-secret-key: %zu\n", sig->length_secret_key); printf(" length-signature: %zu\n", sig->length_signature); @@ -66,7 +66,7 @@ int main(void) { continue; } printf(" isnull: false\n"); - printf(" claimed-security: %s\n", sig->euf_cma ? "EUF-CMA" : "none"); + printf(" claimed-security: %s\n", sig->suf_cma ? "SUF-CMA" : (sig->euf_cma ? "EUF-CMA" : "none")); printf(" length-public-key: %zu\n", sig->length_public_key); printf(" length-secret-key: %zu\n", sig->length_secret_key); printf(" length-signature: %zu\n", sig->length_signature); diff --git a/tests/test_sig.c b/tests/test_sig.c index 2cb65cdea..ed3dbf7d2 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -40,7 +40,7 @@ static OQS_STATUS flip_bit(uint8_t *array, uint64_t array_length, uint64_t bit_p return OQS_SUCCESS; } -static OQS_STATUS sig_test_correctness(const char *method_name) { +static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_all, size_t bitflips) { OQS_SIG *sig = NULL; uint8_t *public_key = NULL; @@ -65,6 +65,14 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { printf("================================================================================\n"); printf("Sample computation for signature %s\n", sig->method_name); + if (sig->suf_cma) { + printf("Testing SUF-CMA by flipping N random bits of the signature "); + if (bitflips_all) { + printf("(N = all)\n"); + } else { + printf("(N = %d)\n", bitflips); + } + } printf("Version source: %s\n", sig->alg_version); printf("================================================================================\n"); @@ -121,20 +129,27 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { goto err; } - /* for every bit of the signature, flip it and check if the verification fails */ - for (uint64_t bit_index = 0; bit_index < (signature_len * 8); bit_index++) { - rc = flip_bit(signature, signature_len, bit_index); - if (rc != OQS_SUCCESS) { - goto err; - } - rc = OQS_SIG_verify(sig, message, message_len, signature, signature_len, public_key); - OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); - if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify should have failed!\n"); - goto err; + /* flip random bits of the signature and check if the verification fails */ + if (sig->suf_cma) { + bitflips = bitflips_all ? signature_len * 8 : bitflips; + for (uint64_t bitflip = 0; bitflip < bitflips; bitflip ++) { + uint64_t random_bit_index; + OQS_randombytes((uint8_t *)&random_bit_index, sizeof(bitflip)); + random_bit_index = random_bit_index % (signature_len * 8); + uint64_t bit_index = bitflips_all ? bitflip : random_bit_index; + rc = flip_bit(signature, signature_len, bit_index); + if (rc != OQS_SUCCESS) { + goto err; + } + rc = OQS_SIG_verify(sig, message, message_len, signature, signature_len, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify should have failed after flipping bit %lu of the signature!\n", bit_index); + goto err; + } + /* flip back the bit */ + flip_bit(signature, signature_len, bit_index); } - /* flip back the bit */ - flip_bit(signature, signature_len, bit_index); } /* testing signing with context, if supported */ @@ -157,20 +172,27 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { goto err; } - /* for every bit of the signature, flip it and check if the verification fails */ - for (uint64_t bit_index = 0; bit_index < (signature_len * 8); bit_index++) { - rc = flip_bit(signature, signature_len, bit_index); - if (rc != OQS_SUCCESS) { - goto err; - } - rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); - OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); - if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); - goto err; + /* flip random bits of the signature and check if the verification fails */ + if (sig->suf_cma) { + bitflips = bitflips_all ? signature_len * 8 : bitflips; + for (uint64_t bitflip = 0; bitflip < bitflips; bitflip ++) { + uint64_t random_bit_index; + OQS_randombytes((uint8_t *)&random_bit_index, sizeof(bitflip)); + random_bit_index = random_bit_index % (signature_len * 8); + uint64_t bit_index = bitflips_all ? bitflip : random_bit_index; + rc = flip_bit(signature, signature_len, bit_index); + if (rc != OQS_SUCCESS) { + goto err; + } + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %lu of the signature!\n", bit_index); + goto err; + } + /* flip back the bit */ + flip_bit(signature, signature_len, bit_index); } - /* flip back the bit */ - flip_bit(signature, signature_len, bit_index); } } @@ -203,20 +225,27 @@ static OQS_STATUS sig_test_correctness(const char *method_name) { goto err; } - /* for every bit of the signature, flip it and check if the verification fails */ - for (uint64_t bit_index = 0; bit_index < (signature_len * 8); bit_index++) { - rc = flip_bit(signature, signature_len, bit_index); - if (rc != OQS_SUCCESS) { - goto err; - } - rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); - OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); - if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed!\n"); - goto err; + /* flip random bits of the signature and check if the verification fails */ + if (sig->suf_cma) { + bitflips = bitflips_all ? signature_len * 8 : bitflips; + for (uint64_t bitflip = 0; bitflip < bitflips; bitflip ++) { + uint64_t random_bit_index; + OQS_randombytes((uint8_t *)&random_bit_index, sizeof(bitflip)); + random_bit_index = random_bit_index % (signature_len * 8); + uint64_t bit_index = bitflips_all ? bitflip : random_bit_index; + rc = flip_bit(signature, signature_len, bit_index); + if (rc != OQS_SUCCESS) { + goto err; + } + rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); + OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); + if (rc != OQS_ERROR) { + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %lu of the signature!\n", bit_index); + goto err; + } + /* flip back the bit */ + flip_bit(signature, signature_len, bit_index); } - /* flip back the bit */ - flip_bit(signature, signature_len, bit_index); } #ifndef OQS_ENABLE_TEST_CONSTANT_TIME @@ -278,12 +307,14 @@ static void TEST_SIG_randombytes(uint8_t *random_array, size_t bytes_to_read) { #if OQS_USE_PTHREADS struct thread_data { char *alg_name; + bool bitflips_all; + size_t bitflips; OQS_STATUS rc; }; void *test_wrapper(void *arg) { struct thread_data *td = arg; - td->rc = sig_test_correctness(td->alg_name); + td->rc = sig_test_correctness(td->alg_name, td->bitflips_all, td->bitflips); OQS_thread_stop(); return NULL; } @@ -294,8 +325,8 @@ int main(int argc, char **argv) { printf("Testing signature algorithms using liboqs version %s\n", OQS_version()); - if (argc != 2) { - fprintf(stderr, "Usage: test_sig algname\n"); + if (argc != 2 && argc != 3) { + fprintf(stderr, "Usage: test_sig algname [bitflips]\n"); fprintf(stderr, " algname: "); for (size_t i = 0; i < OQS_SIG_algs_length; i++) { if (i > 0) { @@ -304,6 +335,7 @@ int main(int argc, char **argv) { fprintf(stderr, "%s", OQS_SIG_alg_identifier(i)); } fprintf(stderr, "\n"); + fprintf(stderr, " bitflips: the number of random bitflips to perform for each SUF-CMA signature (\"all\" to flip every bit)\n"); OQS_destroy(); return EXIT_FAILURE; } @@ -317,6 +349,17 @@ int main(int argc, char **argv) { return EXIT_FAILURE; } + /* by default, flip 100 random bits of the signature */ + bool bitflips_all = false; + size_t bitflips = 100; + if (argc == 3) { + if (strcmp(argv[2], "all") == 0) { + bitflips_all = true; + } else { + bitflips = atoi(argv[2]); + } + } + #ifdef OQS_ENABLE_TEST_CONSTANT_TIME OQS_randombytes_custom_algorithm(&TEST_SIG_randombytes); #else @@ -339,6 +382,8 @@ int main(int argc, char **argv) { pthread_t thread; struct thread_data td; td.alg_name = alg_name; + td.bitflips_all = bitflips_all; + td.bitflips = bitflips; int trc = pthread_create(&thread, NULL, test_wrapper, &td); if (trc) { fprintf(stderr, "ERROR: Creating pthread\n"); @@ -348,10 +393,10 @@ int main(int argc, char **argv) { pthread_join(thread, NULL); rc = td.rc; } else { - rc = sig_test_correctness(alg_name); + rc = sig_test_correctness(alg_name, bitflips_all, bitflips); } #else - rc = sig_test_correctness(alg_name); + rc = sig_test_correctness(alg_name, bitflips_all, bitflips); #endif if (rc != OQS_SUCCESS) { OQS_destroy(); From e937e3bb0f4c310ae244583b15212703ef286aba Mon Sep 17 00:00:00 2001 From: rtjk <47841774+rtjk@users.noreply.github.com> Date: Tue, 4 Mar 2025 08:31:00 +0100 Subject: [PATCH 4/7] %d to %ld for size_t bitflips Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --- scripts/copy_from_upstream/src/sig/family/sig_scheme.c | 4 ++-- tests/test_sig.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/copy_from_upstream/src/sig/family/sig_scheme.c b/scripts/copy_from_upstream/src/sig/family/sig_scheme.c index d91a09da0..5b3fa9458 100644 --- a/scripts/copy_from_upstream/src/sig/family/sig_scheme.c +++ b/scripts/copy_from_upstream/src/sig/family/sig_scheme.c @@ -21,7 +21,7 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) { sig->claimed_nist_level = {{ scheme['metadata']['claimed-nist-level'] }}; sig->euf_cma = {{ scheme['metadata']['euf_cma'] }}; - sig->suf_cma = {{ scheme['metadata']['suf_cma'] }}; + sig->suf_cma = {{ scheme['metadata']['suf_cma'] }}; {%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %} sig->sig_with_ctx_support = true; {%- else %} @@ -59,7 +59,7 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) { sig->claimed_nist_level = {{ scheme['metadata']['claimed-nist-level'] }}; sig->euf_cma = {{ scheme['metadata']['euf_cma'] }}; - sig->suf_cma = {{ scheme['metadata']['suf_cma'] }}; + sig->suf_cma = {{ scheme['metadata']['suf_cma'] }}; sig->length_public_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_public_key; sig->length_secret_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_secret_key; diff --git a/tests/test_sig.c b/tests/test_sig.c index ed3dbf7d2..b0f248609 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -70,7 +70,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_al if (bitflips_all) { printf("(N = all)\n"); } else { - printf("(N = %d)\n", bitflips); + printf("(N = %ld)\n", bitflips); } } printf("Version source: %s\n", sig->alg_version); From af9ceb9907601bada3c4978a0df4c3e239967798 Mon Sep 17 00:00:00 2001 From: rtjk <47841774+rtjk@users.noreply.github.com> Date: Tue, 4 Mar 2025 09:01:08 +0100 Subject: [PATCH 5/7] cast argument bitflips to size_t Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --- tests/test_sig.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/test_sig.c b/tests/test_sig.c index b0f248609..09469da8e 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -144,7 +144,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_al rc = OQS_SIG_verify(sig, message, message_len, signature, signature_len, public_key); OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify should have failed after flipping bit %lu of the signature!\n", bit_index); + fprintf(stderr, "ERROR: OQS_SIG_verify should have failed after flipping bit %llu of the signature!\n", bit_index); goto err; } /* flip back the bit */ @@ -187,7 +187,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_al rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %lu of the signature!\n", bit_index); + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %llu of the signature!\n", bit_index); goto err; } /* flip back the bit */ @@ -240,7 +240,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_al rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %lu of the signature!\n", bit_index); + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %llu of the signature!\n", bit_index); goto err; } /* flip back the bit */ @@ -356,7 +356,7 @@ int main(int argc, char **argv) { if (strcmp(argv[2], "all") == 0) { bitflips_all = true; } else { - bitflips = atoi(argv[2]); + bitflips = (size_t)atoi(argv[2]); } } From 3e5c6479d6138f55e507ce0f0f03656531969d5e Mon Sep 17 00:00:00 2001 From: rtjk <47841774+rtjk@users.noreply.github.com> Date: Tue, 4 Mar 2025 09:06:49 +0100 Subject: [PATCH 6/7] replace atoi() with strtol() Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --- tests/test_sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_sig.c b/tests/test_sig.c index 09469da8e..bc411fea5 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -356,7 +356,7 @@ int main(int argc, char **argv) { if (strcmp(argv[2], "all") == 0) { bitflips_all = true; } else { - bitflips = (size_t)atoi(argv[2]); + bitflips = (size_t)strtol(argv[2], NULL, 10); } } From b0e32bac7c6b2bd8bbd96afe89026ff7bc2b4b2f Mon Sep 17 00:00:00 2001 From: rtjk <47841774+rtjk@users.noreply.github.com> Date: Tue, 4 Mar 2025 09:13:25 +0100 Subject: [PATCH 7/7] cast bit_index to %llu Signed-off-by: rtjk <47841774+rtjk@users.noreply.github.com> --- tests/test_sig.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_sig.c b/tests/test_sig.c index bc411fea5..6644ff071 100644 --- a/tests/test_sig.c +++ b/tests/test_sig.c @@ -144,7 +144,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_al rc = OQS_SIG_verify(sig, message, message_len, signature, signature_len, public_key); OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify should have failed after flipping bit %llu of the signature!\n", bit_index); + fprintf(stderr, "ERROR: OQS_SIG_verify should have failed after flipping bit %llu of the signature!\n", (unsigned long long)bit_index); goto err; } /* flip back the bit */ @@ -187,7 +187,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_al rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, ctx, i, public_key); OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %llu of the signature!\n", bit_index); + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %llu of the signature!\n", (unsigned long long)bit_index); goto err; } /* flip back the bit */ @@ -240,7 +240,7 @@ static OQS_STATUS sig_test_correctness(const char *method_name, bool bitflips_al rc = OQS_SIG_verify_with_ctx_str(sig, message, message_len, signature, signature_len, NULL, 0, public_key); OQS_TEST_CT_DECLASSIFY(&rc, sizeof rc); if (rc != OQS_ERROR) { - fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %llu of the signature!\n", bit_index); + fprintf(stderr, "ERROR: OQS_SIG_verify_with_ctx_str should have failed after flipping bit %llu of the signature!\n", (unsigned long long)bit_index); goto err; } /* flip back the bit */