* Removed upstream `name: pqcrystals-dilithium` and signature `name: dilithium` from `copy_from_upstream.yml`. Removed everything under `src/sig/dilithium` Re-run `copy_from_upstream.py -d copy`, which produced downstream changes to various build files. Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * remove Dilithium entries from kats.json Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * remove Dilithium entries from constant_time tests Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed dilithium.yml and dilithium.md. Re-run copy_from_upstream.py, which also updated README.md and cbom.json Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed Dilithium from FUZZING.md Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * removed license information about pqclean Dilithium and pqcrystals-dilithium from README.md. README.md still mentions Dilithium but only to say that it has been excluded Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Upgraded CONFIGURE.md minimal build example to ML-KEM-768 and ML-DSA-44 Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Upgraded C++ sig linking test to ML-DSA-44; also added option to make the test fail hard if the algorithm is not enabled Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * remove Dilithium from GitHub action workflows Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * removed Dilithium from zephyr configuration and examples Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed scripts/copy_from_upstream/patches/pqclean-dilithium-arm-randomized-signing.patch Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed dilithium from upstream.name==pqclean.ignore Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> * Removed orphaned patches Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca> --------- Signed-off-by: Ganyu (Bruce) Xu <g66xu@uwaterloo.ca>
2.1 KiB
Fuzzing
Fuzz testing is an automated software testing method that injects invalid, malformed, or unexpected inputs to reveal defects and vulnerabilities. A fuzzing tool monitors the system for exceptions like crashes, information leakage, or errors, helping developers identify and fix bugs and security loopholes.
Current state of fuzzing in liboqs
- kem
- bike
- classic_mceliece
- frodokem
- hqc
- kyber
- ml_kem
- ntruprime
- sig
- falcon
- mayo
- ml_dsa
- sphincs
- sig_stfl
- lms
- sig_stfl
- xmss
Building and running fuzz tests
Building fuzz tests is very similar to building normally with some optional steps to target different types of bugs. The most basic ways to build the fuzz tests is as follows;
mkdir build && cd build
cmake -GNinja -DOQS_BUILD_FUZZ_TESTS=ON ..
ninja
OQS_BUILD_FUZZ_TESTS
will build two test binaries: tests/fuzz_test_sig
and tests/fuzz_test_kem
.
The fuzzer will run indefinitely or;
- until it finds a bug and crashes,
- you manually stop the fuzzer i.e. CTRL-C
- you set a timeout using the command line.
For more details on the available command line args please consult the libfuzzer docs.
Sanitizers
It is a common pattern to combine fuzzing with various sanitizers to catch different bugs. One of the simpler sanitizers is the fuzzing sanitizer, which will instrument the code for coverage driven fuzzing. To enable this simply add this to your environment variables before configuring cmake;
export CFLAGS=-fsanitize=fuzzer-no-link
It is common to combine the fuzzer sanitizer with either the address or the undefined behaviour sanitizer. To add these simply add the relevant flags to BOTH the CFLAGS and LDFLAGS e.g.
export CFLAGS=-fsanitize=fuzzer-no-link,address
export LDFLAGS=-fsanitize=address
Then rerun cmake as normal i.e.
mkdir build && cd build
cmake -GNinja .. -DOQS_BUILD_FUZZ_TESTS=ON
ninja -j$(nproc)