Add tests for signature API with ctx #575

mkannwischer · 2024-10-15T02:26:12Z

FIPS204 and FIPS205 added an extra argument to the signing API named ctx:

Note that there was an API change introduced in FIPS204 addings a context string:

int crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
int crypto_sign_signature(uint8_t *sig, size_t *siglen,
                                         const uint8_t *m, size_t mlen,
                                         const uint8_t *ctx, size_t ctxlen,
                                         const uint8_t *sk);
 
int crypto_sign(uint8_t *sm, size_t *smlen,
                               const uint8_t *m, size_t mlen,
                               const uint8_t *ctx, size_t ctxlen,
                               const uint8_t *sk);
 
int crypto_sign_verify(const uint8_t *sig, size_t siglen,
                                      const uint8_t *m, size_t mlen,
                                      const uint8_t *ctx, size_t ctxlen,
                                      const uint8_t *pk);
 
int crypto_sign_open(uint8_t *m, size_t *mlen,
                                    const uint8_t *sm, size_t smlen,
                                    const uint8_t *ctx, size_t ctxlen,
                                    const uint8_t *pk);

#574 implemented this API in addition to the regular API - liboqs is planning the same API, btw:

int crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
int crypto_sign_signature_ctx(uint8_t *sig, size_t *siglen,
                                         const uint8_t *m, size_t mlen,
                                         const uint8_t *ctx, size_t ctxlen,
                                         const uint8_t *sk);
 
int crypto_sign_ctx(uint8_t *sm, size_t *smlen,
                               const uint8_t *m, size_t mlen,
                               const uint8_t *ctx, size_t ctxlen,
                               const uint8_t *sk);
 
int crypto_sign_verify_ctx(const uint8_t *sig, size_t siglen,
                                      const uint8_t *m, size_t mlen,
                                      const uint8_t *ctx, size_t ctxlen,
                                      const uint8_t *pk);
 
int crypto_sign_open_ctx(uint8_t *m, size_t *mlen,
                                    const uint8_t *sm, size_t smlen,
                                    const uint8_t *ctx, size_t ctxlen,
                                    const uint8_t *pk);

#define crypto_sign_signature(sig, siglen, m, mlen, sk) crypto_sign_signature_ctx(sig, siglen, m, mlen, NULL, 0, sk)
#define crypto_sign(sm, smlen, m, mlen, sk) crypto_sign_ctx(sm, smlen, m, mlen, NULL, 0, sk)
#define crypto_sign_verify(sig, siglen, m, mlen, pk) crypto_sign_verify_ctx(sig, siglen, m, mlen, NULL, 0, pk)
#define crypto_sign_open(m, mlen, sm, smlen, pk) crypto_sign_open_ctx(m, mlen, sm, smlen, NULL, 0, pk)

Right now the tests are unchanged, i.e., they only test the default case where ctx is empty.
We should add tests to properly test this API when implemented. Obvious tests are:

Signing should yield a different signed message in case a different ctx is passed
Verification should fail if different ctx is passed than used in signing
Signing and verification should fail if ctxlen > 255

mkannwischer · 2024-10-15T02:27:58Z

Could also add testvectors with a different ctx.

mkannwischer mentioned this issue Oct 15, 2024

Update to FIPS204 and rename Dilithium to ML-DSA #574

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add tests for signature API with ctx #575

Add tests for signature API with ctx #575

Add tests for signature API with ctx #575

Add tests for signature API with ctx #575

Comments