Adapt existing sig fuzz harness including more algorithms (#1955)

Signed-off-by: Nathaniel Brough <[email protected]>

Author: nathaniel-brough

.github/workflows/basic.yml

@@ -113,9 +113,9 @@ jobs:
           cmake -LA -N .. && \
           ! (grep -i "uninitialized variable" config.log)
       - name: Build code
-        run: ninja
+        run: ninja fuzz_test_sig
         working-directory: build
 
       - name: Short fuzz check (30s)
-        run: ./tests/fuzz_test_dilithium2 -max_total_time=30
+        run: ./tests/fuzz_test_sig -max_total_time=30
         working-directory: build

docs/FUZZING.md

@@ -15,14 +15,11 @@ errors, helping developers identify and fix bugs and security loopholes.
   - [ ] ml_kem
   - [ ] ntruprime
 - [ ] sig
-  - [ ] dilithium
-    - [x] dilithium2
-    - [ ] dilithium3
-    - [ ] dilithium5
-  - [ ] falcon
-  - [ ] mayo
-  - [ ] ml_dsa
-  - [ ] sphincs
+  - [x] dilithium
+  - [x] falcon
+  - [x] mayo
+  - [x] ml_dsa
+  - [x] sphincs
 - [ ] sig_stfl
   - [ ] lms
   - [ ] sig_stfl

tests/CMakeLists.txt

@@ -95,9 +95,9 @@ add_executable(example_sig example_sig.c)
 target_link_libraries(example_sig PRIVATE ${TEST_DEPS})
 
 if(OQS_BUILD_FUZZ_TESTS AND '${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
-    add_executable(fuzz_test_dilithium2 fuzz_test_dilithium2.c)
-    target_link_libraries(fuzz_test_dilithium2 PRIVATE ${TEST_DEPS})
-    set_target_properties(fuzz_test_dilithium2 PROPERTIES
+    add_executable(fuzz_test_sig fuzz_test_sig.c)
+    target_link_libraries(fuzz_test_sig PRIVATE ${TEST_DEPS})
+    set_target_properties(fuzz_test_sig PROPERTIES
         COMPILE_FLAGS "${FUZZING_COMPILE_FLAGS}"
         LINK_FLAGS "${FUZZING_LINK_FLAGS}"
     )

tests/fuzz_test_dilithium2.c tests/fuzz_test_sig.ctests/fuzz_test_dilithium2.c renamed to tests/fuzz_test_sig.c

@@ -6,6 +6,7 @@
  * SPDX-License-Identifier: MIT
  */
 
+#include "oqs/sig.h"
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -18,20 +19,33 @@ void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
                   uint8_t *signature,
                   OQS_SIG *sig);
 
-static OQS_STATUS fuzz_dilithium_2(const uint8_t *message, size_t message_len) {
-
-#ifdef OQS_ENABLE_SIG_dilithium_2
-
+static OQS_STATUS fuzz_sig(const uint8_t *data, size_t data_len) {
 	OQS_SIG *sig = NULL;
 	uint8_t *public_key = NULL;
 	uint8_t *secret_key = NULL;
 	uint8_t *signature = NULL;
 	size_t signature_len;
 	OQS_STATUS rc;
 
-	sig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
+	// Select algorithm based on fuzzed data.
+	size_t algorithm_index = 0;
+	const uint8_t *message = NULL;
+	size_t message_len = 0;
+	if (data_len > sizeof(size_t)) {
+		memcpy(&algorithm_index, data, sizeof(size_t));
+		message = data + sizeof(size_t);
+		message_len = data_len - sizeof(size_t);
+
+		algorithm_index %= OQS_SIG_algs_length;
+	} else {
+		message = data;
+		message_len = data_len;
+	}
+	const char *algorithm = OQS_SIG_alg_identifier(algorithm_index);
+
+	sig = OQS_SIG_new(algorithm);
 	if (sig == NULL) {
-		printf("[fuzz_test_dilithium_2]  OQS_SIG_alg_dilithium_2 was not enabled at compile-time.\n");
+		printf("%s was not enabled at compile-time.\n", algorithm);
 		return OQS_ERROR;
 	}
 
@@ -65,12 +79,6 @@ static OQS_STATUS fuzz_dilithium_2(const uint8_t *message, size_t message_len) {
 
 	cleanup_heap(public_key, secret_key,  signature, sig);
 	return OQS_SUCCESS; // success
-#else
-
-	printf("[fuzz_test_dilithium_2] OQS_SIG_dilithium_2 was not enabled at compile-time.\n");
-	return OQS_SUCCESS;
-
-#endif
 }
 
 void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
@@ -86,7 +94,7 @@ void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
 
 int LLVMFuzzerTestOneInput(const char *data, size_t size) {
 	OQS_init();
-	if (OQS_ERROR == fuzz_dilithium_2((const uint8_t *)data, size)) {
+	if (OQS_ERROR == fuzz_sig((const uint8_t *)data, size)) {
 		// If we get an error prune testcase from corpus.
 		return -1;
 	}