Add bitflip test for trivial SUF-CMA forgeries

docs/algorithms/sig/cross.md

@@ -7,32 +7,32 @@
 - **Authors' website**: https://www.cross-crypto.com/
 - **Specification version**: 2.0 + PQClean and OQS patches.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
+  - **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/01f2486523f352a7eb1809a246c8fe466772642c
   - **Implementation license (SPDX-Identifier)**: CC0-1.0
 
 
 ## Parameter set summary
 
 |      Parameter set       | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
-| cross-rsdp-128-balanced  | NA                    | EUF-CMA          |                    1 |                        77 |                        32 |                    13152 |
-|   cross-rsdp-128-fast    | NA                    | EUF-CMA          |                    1 |                        77 |                        32 |                    18432 |
-|   cross-rsdp-128-small   | NA                    | EUF-CMA          |                    1 |                        77 |                        32 |                    12432 |
-| cross-rsdp-192-balanced  | NA                    | EUF-CMA          |                    3 |                       115 |                        48 |                    29853 |
-|   cross-rsdp-192-fast    | NA                    | EUF-CMA          |                    3 |                       115 |                        48 |                    41406 |
-|   cross-rsdp-192-small   | NA                    | EUF-CMA          |                    3 |                       115 |                        48 |                    28391 |
-| cross-rsdp-256-balanced  | NA                    | EUF-CMA          |                    5 |                       153 |                        64 |                    53527 |
-|   cross-rsdp-256-fast    | NA                    | EUF-CMA          |                    5 |                       153 |                        64 |                    74590 |
-|   cross-rsdp-256-small   | NA                    | EUF-CMA          |                    5 |                       153 |                        64 |                    50818 |
-| cross-rsdpg-128-balanced | NA                    | EUF-CMA          |                    1 |                        54 |                        32 |                     9120 |
-|   cross-rsdpg-128-fast   | NA                    | EUF-CMA          |                    1 |                        54 |                        32 |                    11980 |
-|  cross-rsdpg-128-small   | NA                    | EUF-CMA          |                    1 |                        54 |                        32 |                     8960 |
-| cross-rsdpg-192-balanced | NA                    | EUF-CMA          |                    3 |                        83 |                        48 |                    22464 |
-|   cross-rsdpg-192-fast   | NA                    | EUF-CMA          |                    3 |                        83 |                        48 |                    26772 |
-|  cross-rsdpg-192-small   | NA                    | EUF-CMA          |                    3 |                        83 |                        48 |                    20452 |
-| cross-rsdpg-256-balanced | NA                    | EUF-CMA          |                    5 |                       106 |                        64 |                    40100 |
-|   cross-rsdpg-256-fast   | NA                    | EUF-CMA          |                    5 |                       106 |                        64 |                    48102 |
-|  cross-rsdpg-256-small   | NA                    | EUF-CMA          |                    5 |                       106 |                        64 |                    36454 |
+| cross-rsdp-128-balanced  | NA                    | SUF-CMA          |                    1 |                        77 |                        32 |                    13152 |
+|   cross-rsdp-128-fast    | NA                    | SUF-CMA          |                    1 |                        77 |                        32 |                    18432 |
+|   cross-rsdp-128-small   | NA                    | SUF-CMA          |                    1 |                        77 |                        32 |                    12432 |
+| cross-rsdp-192-balanced  | NA                    | SUF-CMA          |                    3 |                       115 |                        48 |                    29853 |
+|   cross-rsdp-192-fast    | NA                    | SUF-CMA          |                    3 |                       115 |                        48 |                    41406 |
+|   cross-rsdp-192-small   | NA                    | SUF-CMA          |                    3 |                       115 |                        48 |                    28391 |
+| cross-rsdp-256-balanced  | NA                    | SUF-CMA          |                    5 |                       153 |                        64 |                    53527 |
+|   cross-rsdp-256-fast    | NA                    | SUF-CMA          |                    5 |                       153 |                        64 |                    74590 |
+|   cross-rsdp-256-small   | NA                    | SUF-CMA          |                    5 |                       153 |                        64 |                    50818 |
+| cross-rsdpg-128-balanced | NA                    | SUF-CMA          |                    1 |                        54 |                        32 |                     9120 |
+|   cross-rsdpg-128-fast   | NA                    | SUF-CMA          |                    1 |                        54 |                        32 |                    11980 |
+|  cross-rsdpg-128-small   | NA                    | SUF-CMA          |                    1 |                        54 |                        32 |                     8960 |
+| cross-rsdpg-192-balanced | NA                    | SUF-CMA          |                    3 |                        83 |                        48 |                    22464 |
+|   cross-rsdpg-192-fast   | NA                    | SUF-CMA          |                    3 |                        83 |                        48 |                    26772 |
+|  cross-rsdpg-192-small   | NA                    | SUF-CMA          |                    3 |                        83 |                        48 |                    20452 |
+| cross-rsdpg-256-balanced | NA                    | SUF-CMA          |                    5 |                       106 |                        64 |                    40100 |
+|   cross-rsdpg-256-fast   | NA                    | SUF-CMA          |                    5 |                       106 |                        64 |                    48102 |
+|  cross-rsdpg-256-small   | NA                    | SUF-CMA          |                    5 |                       106 |                        64 |                    36454 |
 
 ## cross-rsdp-128-balanced implementation characteristics
 

docs/algorithms/sig/cross.yml

@@ -23,13 +23,13 @@ website: https://www.cross-crypto.com/
 nist-round: 2
 spec-version: 2.0 + PQClean and OQS patches
 primary-upstream:
-  source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
+  source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/01f2486523f352a7eb1809a246c8fe466772642c
   spdx-license-identifier: CC0-1.0
 parameter-sets:
 - name: cross-rsdp-128-balanced
   oqs_alg: OQS_SIG_alg_cross_rsdp_128_balanced
   claimed-nist-level: 1
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 77
   length-secret-key: 32
   length-signature: 13152
@@ -57,7 +57,7 @@ parameter-sets:
 - name: cross-rsdp-128-fast
   oqs_alg: OQS_SIG_alg_cross_rsdp_128_fast
   claimed-nist-level: 1
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 77
   length-secret-key: 32
   length-signature: 18432
@@ -85,7 +85,7 @@ parameter-sets:
 - name: cross-rsdp-128-small
   oqs_alg: OQS_SIG_alg_cross_rsdp_128_small
   claimed-nist-level: 1
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 77
   length-secret-key: 32
   length-signature: 12432
@@ -113,7 +113,7 @@ parameter-sets:
 - name: cross-rsdp-192-balanced
   oqs_alg: OQS_SIG_alg_cross_rsdp_192_balanced
   claimed-nist-level: 3
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 115
   length-secret-key: 48
   length-signature: 29853
@@ -141,7 +141,7 @@ parameter-sets:
 - name: cross-rsdp-192-fast
   oqs_alg: OQS_SIG_alg_cross_rsdp_192_fast
   claimed-nist-level: 3
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 115
   length-secret-key: 48
   length-signature: 41406
@@ -169,7 +169,7 @@ parameter-sets:
 - name: cross-rsdp-192-small
   oqs_alg: OQS_SIG_alg_cross_rsdp_192_small
   claimed-nist-level: 3
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 115
   length-secret-key: 48
   length-signature: 28391
@@ -197,7 +197,7 @@ parameter-sets:
 - name: cross-rsdp-256-balanced
   oqs_alg: OQS_SIG_alg_cross_rsdp_256_balanced
   claimed-nist-level: 5
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 153
   length-secret-key: 64
   length-signature: 53527
@@ -225,7 +225,7 @@ parameter-sets:
 - name: cross-rsdp-256-fast
   oqs_alg: OQS_SIG_alg_cross_rsdp_256_fast
   claimed-nist-level: 5
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 153
   length-secret-key: 64
   length-signature: 74590
@@ -253,7 +253,7 @@ parameter-sets:
 - name: cross-rsdp-256-small
   oqs_alg: OQS_SIG_alg_cross_rsdp_256_small
   claimed-nist-level: 5
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 153
   length-secret-key: 64
   length-signature: 50818
@@ -281,7 +281,7 @@ parameter-sets:
 - name: cross-rsdpg-128-balanced
   oqs_alg: OQS_SIG_alg_cross_rsdpg_128_balanced
   claimed-nist-level: 1
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 54
   length-secret-key: 32
   length-signature: 9120
@@ -309,7 +309,7 @@ parameter-sets:
 - name: cross-rsdpg-128-fast
   oqs_alg: OQS_SIG_alg_cross_rsdpg_128_fast
   claimed-nist-level: 1
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 54
   length-secret-key: 32
   length-signature: 11980
@@ -337,7 +337,7 @@ parameter-sets:
 - name: cross-rsdpg-128-small
   oqs_alg: OQS_SIG_alg_cross_rsdpg_128_small
   claimed-nist-level: 1
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 54
   length-secret-key: 32
   length-signature: 8960
@@ -365,7 +365,7 @@ parameter-sets:
 - name: cross-rsdpg-192-balanced
   oqs_alg: OQS_SIG_alg_cross_rsdpg_192_balanced
   claimed-nist-level: 3
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 83
   length-secret-key: 48
   length-signature: 22464
@@ -393,7 +393,7 @@ parameter-sets:
 - name: cross-rsdpg-192-fast
   oqs_alg: OQS_SIG_alg_cross_rsdpg_192_fast
   claimed-nist-level: 3
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 83
   length-secret-key: 48
   length-signature: 26772
@@ -421,7 +421,7 @@ parameter-sets:
 - name: cross-rsdpg-192-small
   oqs_alg: OQS_SIG_alg_cross_rsdpg_192_small
   claimed-nist-level: 3
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 83
   length-secret-key: 48
   length-signature: 20452
@@ -449,7 +449,7 @@ parameter-sets:
 - name: cross-rsdpg-256-balanced
   oqs_alg: OQS_SIG_alg_cross_rsdpg_256_balanced
   claimed-nist-level: 5
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 106
   length-secret-key: 64
   length-signature: 40100
@@ -477,7 +477,7 @@ parameter-sets:
 - name: cross-rsdpg-256-fast
   oqs_alg: OQS_SIG_alg_cross_rsdpg_256_fast
   claimed-nist-level: 5
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 106
   length-secret-key: 64
   length-signature: 48102
@@ -505,7 +505,7 @@ parameter-sets:
 - name: cross-rsdpg-256-small
   oqs_alg: OQS_SIG_alg_cross_rsdpg_256_small
   claimed-nist-level: 5
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
   length-public-key: 106
   length-secret-key: 64
   length-signature: 36454

scripts/copy_from_upstream/copy_from_upstream.py

@@ -368,7 +368,12 @@ def load_instructions(file='copy_from_upstream.yml'):
                             raise RuntimeError("Found duplicate arch {} in scheme {}".format(arch, scheme))
                         scheme['scheme_paths'][arch] = (os.path.join('repos', location,
                                                                     upstreams[location]['sig_scheme_path'].format_map(scheme)))
+            # assume EUF-CMA for schemes that don't specify a security classification
             scheme['metadata']['euf_cma'] = 'true'
+            scheme['metadata']['suf_cma'] = 'false'
+            if 'claimed-security' in metadata:
+                if metadata['claimed-security'] == "SUF-CMA":
+                    scheme['metadata']['suf_cma'] = 'true'
             scheme['pqclean_scheme_c'] = scheme['pqclean_scheme'].replace('-', '')
             scheme['scheme_c'] = scheme['scheme'].replace('-', '')
             scheme['default_implementation'] = family['default_implementation']

scripts/copy_from_upstream/copy_from_upstream.yml

@@ -75,7 +75,7 @@ upstreams:
     name: upcross
     git_url: https://github.com/CROSS-signature/CROSS-lib-oqs.git
     git_branch: master
-    git_commit: efd17279e75308b000bda7c7f58866620d652bc1
+    git_commit: 01f2486523f352a7eb1809a246c8fe466772642c
     sig_meta_path: 'generate/crypto_sign/{pqclean_scheme}/META.yml'
     sig_scheme_path: 'generate/crypto_sign/{pqclean_scheme}'
 kems:

scripts/copy_from_upstream/src/sig/family/sig_scheme.c

@@ -21,6 +21,7 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) {
 
 	sig->claimed_nist_level = {{ scheme['metadata']['claimed-nist-level'] }};
 	sig->euf_cma = {{ scheme['metadata']['euf_cma'] }};
+	sig->suf_cma = {{ scheme['metadata']['suf_cma'] }};
 	{%- if 'api-with-context-string' in default_impl and default_impl['api-with-context-string'] %}
 	sig->sig_with_ctx_support = true;
 	{%- else %}
@@ -58,6 +59,7 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) {
 
 	sig->claimed_nist_level = {{ scheme['metadata']['claimed-nist-level'] }};
 	sig->euf_cma = {{ scheme['metadata']['euf_cma'] }};
+	sig->suf_cma = {{ scheme['metadata']['suf_cma'] }};
 
 	sig->length_public_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_public_key;
 	sig->length_secret_key = OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_length_secret_key;

src/sig/cross/sig_cross_rsdp_128_balanced.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_balanced_new(void) {
 
 	sig->claimed_nist_level = 1;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_128_balanced_length_public_key;

src/sig/cross/sig_cross_rsdp_128_fast.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_fast_new(void) {
 
 	sig->claimed_nist_level = 1;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_128_fast_length_public_key;

src/sig/cross/sig_cross_rsdp_128_small.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_128_small_new(void) {
 
 	sig->claimed_nist_level = 1;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_128_small_length_public_key;

src/sig/cross/sig_cross_rsdp_192_balanced.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_balanced_new(void) {
 
 	sig->claimed_nist_level = 3;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_192_balanced_length_public_key;

src/sig/cross/sig_cross_rsdp_192_fast.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_fast_new(void) {
 
 	sig->claimed_nist_level = 3;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_192_fast_length_public_key;

src/sig/cross/sig_cross_rsdp_192_small.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_192_small_new(void) {
 
 	sig->claimed_nist_level = 3;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_192_small_length_public_key;

src/sig/cross/sig_cross_rsdp_256_balanced.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_balanced_new(void) {
 
 	sig->claimed_nist_level = 5;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_256_balanced_length_public_key;

src/sig/cross/sig_cross_rsdp_256_fast.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_fast_new(void) {
 
 	sig->claimed_nist_level = 5;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_256_fast_length_public_key;

src/sig/cross/sig_cross_rsdp_256_small.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdp_256_small_new(void) {
 
 	sig->claimed_nist_level = 5;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdp_256_small_length_public_key;

src/sig/cross/sig_cross_rsdpg_128_balanced.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_balanced_new(void) {
 
 	sig->claimed_nist_level = 1;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_128_balanced_length_public_key;

src/sig/cross/sig_cross_rsdpg_128_fast.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_fast_new(void) {
 
 	sig->claimed_nist_level = 1;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_128_fast_length_public_key;

src/sig/cross/sig_cross_rsdpg_128_small.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_128_small_new(void) {
 
 	sig->claimed_nist_level = 1;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_128_small_length_public_key;

src/sig/cross/sig_cross_rsdpg_192_balanced.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_balanced_new(void) {
 
 	sig->claimed_nist_level = 3;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_192_balanced_length_public_key;

src/sig/cross/sig_cross_rsdpg_192_fast.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_fast_new(void) {
 
 	sig->claimed_nist_level = 3;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_192_fast_length_public_key;

src/sig/cross/sig_cross_rsdpg_192_small.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_192_small_new(void) {
 
 	sig->claimed_nist_level = 3;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_192_small_length_public_key;

src/sig/cross/sig_cross_rsdpg_256_balanced.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_balanced_new(void) {
 
 	sig->claimed_nist_level = 5;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_256_balanced_length_public_key;

src/sig/cross/sig_cross_rsdpg_256_fast.c

@@ -16,6 +16,7 @@ OQS_SIG *OQS_SIG_cross_rsdpg_256_fast_new(void) {
 
 	sig->claimed_nist_level = 5;
 	sig->euf_cma = true;
+	sig->suf_cma = true;
 	sig->sig_with_ctx_support = false;
 
 	sig->length_public_key = OQS_SIG_cross_rsdpg_256_fast_length_public_key;