From 05b0f6d9cc027283a85e66afd7354117369145b5 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Tue, 19 Mar 2019 13:28:15 +0000 Subject: [PATCH 1/4] Namespace the #define constants. --- crypto_kem/kyber768/clean/api.h | 10 +++++----- crypto_sign/dilithium-iii/clean/api.h | 8 ++++---- test/crypto_kem/functest.c | 7 +++++++ test/crypto_kem/testvectors.c | 5 +++++ test/crypto_sign/functest.c | 6 ++++++ test/crypto_sign/testvectors.c | 4 ++++ 6 files changed, 31 insertions(+), 9 deletions(-) diff --git a/crypto_kem/kyber768/clean/api.h b/crypto_kem/kyber768/clean/api.h index ee269c8b..737a208e 100644 --- a/crypto_kem/kyber768/clean/api.h +++ b/crypto_kem/kyber768/clean/api.h @@ -5,12 +5,12 @@ #include "params.h" -#define CRYPTO_SECRETKEYBYTES KYBER_SECRETKEYBYTES -#define CRYPTO_PUBLICKEYBYTES KYBER_PUBLICKEYBYTES -#define CRYPTO_CIPHERTEXTBYTES KYBER_CIPHERTEXTBYTES -#define CRYPTO_BYTES KYBER_SYMBYTES +#define PQCLEAN_KYBER768_CLEAN_CRYPTO_SECRETKEYBYTES KYBER_SECRETKEYBYTES +#define PQCLEAN_KYBER768_CLEAN_CRYPTO_PUBLICKEYBYTES KYBER_PUBLICKEYBYTES +#define PQCLEAN_KYBER768_CLEAN_CRYPTO_CIPHERTEXTBYTES KYBER_CIPHERTEXTBYTES +#define PQCLEAN_KYBER768_CLEAN_CRYPTO_BYTES KYBER_SYMBYTES -#define CRYPTO_ALGNAME "Kyber768" +#define PQCLEAN_KYBER768_CLEAN_CRYPTO_ALGNAME "Kyber768" int PQCLEAN_KYBER768_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk); diff --git a/crypto_sign/dilithium-iii/clean/api.h b/crypto_sign/dilithium-iii/clean/api.h index c6e80d95..c9c15380 100644 --- a/crypto_sign/dilithium-iii/clean/api.h +++ b/crypto_sign/dilithium-iii/clean/api.h @@ -7,11 +7,11 @@ #define MODE 2 -#define CRYPTO_PUBLICKEYBYTES 1472U -#define CRYPTO_SECRETKEYBYTES 3504U -#define CRYPTO_BYTES 2701U +#define PQCLEAN_DILITHIUMIII_CLEAN_CRYPTO_PUBLICKEYBYTES 1472U +#define PQCLEAN_DILITHIUMIII_CLEAN_CRYPTO_SECRETKEYBYTES 3504U +#define PQCLEAN_DILITHIUMIII_CLEAN_CRYPTO_BYTES 2701U -#define CRYPTO_ALGNAME "Dilithium-III" +#define PQCLEAN_DILITHIUMIII_CLEAN_CRYPTO_ALGNAME "Dilithium-III" int PQCLEAN_DILITHIUMIII_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); diff --git a/test/crypto_kem/functest.c b/test/crypto_kem/functest.c index 88e2764b..5a513810 100644 --- a/test/crypto_kem/functest.c +++ b/test/crypto_kem/functest.c @@ -34,6 +34,12 @@ static int check_canary(const uint8_t *d) { #define EVALUATOR(x, y) PASTER(x, y) #define NAMESPACE(fun) EVALUATOR(PQCLEAN_NAMESPACE, fun) +#define CRYPTO_BYTES NAMESPACE(CRYPTO_BYTES) +#define CRYPTO_PUBLICKEYBYTES NAMESPACE(CRYPTO_PUBLICKEYBYTES) +#define CRYPTO_SECRETKEYBYTES NAMESPACE(CRYPTO_SECRETKEYBYTES) +#define CRYPTO_CIPHERTEXTBYTES NAMESPACE(CRYPTO_CIPHERTEXTBYTES) +#define CRYPTO_ALGNAME NAMESPACE(CRYPTO_ALGNAME) + #define crypto_kem_keypair NAMESPACE(crypto_kem_keypair) #define crypto_kem_enc NAMESPACE(crypto_kem_enc) #define crypto_kem_dec NAMESPACE(crypto_kem_dec) @@ -190,6 +196,7 @@ static int test_invalid_ciphertext(void) { } int main(void) { + puts(CRYPTO_ALGNAME); int result = 0; result += test_keys(); result += test_invalid_sk_a(); diff --git a/test/crypto_kem/testvectors.c b/test/crypto_kem/testvectors.c index 6fbdc880..516b5886 100644 --- a/test/crypto_kem/testvectors.c +++ b/test/crypto_kem/testvectors.c @@ -21,6 +21,11 @@ static void printbytes(const uint8_t *x, size_t xlen) { #define EVALUATOR(x, y) PASTER(x, y) #define NAMESPACE(fun) EVALUATOR(PQCLEAN_NAMESPACE, fun) +#define CRYPTO_BYTES NAMESPACE(CRYPTO_BYTES) +#define CRYPTO_PUBLICKEYBYTES NAMESPACE(CRYPTO_PUBLICKEYBYTES) +#define CRYPTO_SECRETKEYBYTES NAMESPACE(CRYPTO_SECRETKEYBYTES) +#define CRYPTO_CIPHERTEXTBYTES NAMESPACE(CRYPTO_CIPHERTEXTBYTES) + #define crypto_kem_keypair NAMESPACE(crypto_kem_keypair) #define crypto_kem_enc NAMESPACE(crypto_kem_enc) #define crypto_kem_dec NAMESPACE(crypto_kem_dec) diff --git a/test/crypto_sign/functest.c b/test/crypto_sign/functest.c index 42a73cf6..11938648 100644 --- a/test/crypto_sign/functest.c +++ b/test/crypto_sign/functest.c @@ -36,6 +36,11 @@ static int check_canary(const uint8_t *d) { #define EVALUATOR(x, y) PASTER(x, y) #define NAMESPACE(fun) EVALUATOR(PQCLEAN_NAMESPACE, fun) +#define CRYPTO_PUBLICKEYBYTES NAMESPACE(CRYPTO_PUBLICKEYBYTES) +#define CRYPTO_SECRETKEYBYTES NAMESPACE(CRYPTO_SECRETKEYBYTES) +#define CRYPTO_BYTES NAMESPACE(CRYPTO_BYTES) +#define CRYPTO_ALGNAME NAMESPACE(CRYPTO_ALGNAME) + #define crypto_sign_keypair NAMESPACE(crypto_sign_keypair) #define crypto_sign NAMESPACE(crypto_sign) #define crypto_sign_open NAMESPACE(crypto_sign_open) @@ -155,6 +160,7 @@ static int test_wrong_pk(void) { } int main(void) { + puts(CRYPTO_ALGNAME); int result = 0; result += test_sign(); result += test_wrong_pk(); diff --git a/test/crypto_sign/testvectors.c b/test/crypto_sign/testvectors.c index dcbc4e38..7cf87cf3 100644 --- a/test/crypto_sign/testvectors.c +++ b/test/crypto_sign/testvectors.c @@ -22,6 +22,10 @@ static void printbytes(const uint8_t *x, size_t xlen) { #define EVALUATOR(x, y) PASTER(x, y) #define NAMESPACE(fun) EVALUATOR(PQCLEAN_NAMESPACE, fun) +#define CRYPTO_PUBLICKEYBYTES NAMESPACE(CRYPTO_PUBLICKEYBYTES) +#define CRYPTO_SECRETKEYBYTES NAMESPACE(CRYPTO_SECRETKEYBYTES) +#define CRYPTO_BYTES NAMESPACE(CRYPTO_BYTES) + #define crypto_sign_keypair NAMESPACE(crypto_sign_keypair) #define crypto_sign NAMESPACE(crypto_sign) #define crypto_sign_open NAMESPACE(crypto_sign_open) From 6558773b21b662e2ef1da8b76734aa330b7251d1 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Tue, 19 Mar 2019 14:03:24 +0000 Subject: [PATCH 2/4] Check if header guard is defined properly Does this slightly uglily, but it should work. --- crypto_kem/kyber768/clean/api.h | 4 ++-- crypto_sign/dilithium-iii/clean/api.h | 5 ++--- test/Makefile | 2 +- test/crypto_kem/functest.c | 7 +++++++ test/crypto_sign/functest.c | 6 ++++++ 5 files changed, 18 insertions(+), 6 deletions(-) diff --git a/crypto_kem/kyber768/clean/api.h b/crypto_kem/kyber768/clean/api.h index 737a208e..35b6978c 100644 --- a/crypto_kem/kyber768/clean/api.h +++ b/crypto_kem/kyber768/clean/api.h @@ -1,5 +1,5 @@ -#ifndef API_H -#define API_H +#ifndef PQCLEAN_KYBER768_CLEAN_API_H +#define PQCLEAN_KYBER768_CLEAN_API_H #include diff --git a/crypto_sign/dilithium-iii/clean/api.h b/crypto_sign/dilithium-iii/clean/api.h index c9c15380..7edbe671 100644 --- a/crypto_sign/dilithium-iii/clean/api.h +++ b/crypto_sign/dilithium-iii/clean/api.h @@ -1,6 +1,5 @@ -#ifndef API_H -#include -#define API_H +#ifndef PQCLEAN_DILITHIUMIII_API_H +#define PQCLEAN_DILITHIUMIII_API_H #include #include diff --git a/test/Makefile b/test/Makefile index a21545e3..add8a886 100644 --- a/test/Makefile +++ b/test/Makefile @@ -15,7 +15,7 @@ COMMON_HEADERS=$(COMMON_DIR)/fips202.h $(COMMON_DIR)/randombytes.h $(COMMON_DIR) DEST_DIR=../bin # This -Wall was supported by the European Commission through the ERC Starting Grant 805031 (EPOQUE) -CFLAGS=-Wall -Wextra -Wpedantic -Werror -std=c99 -I$(COMMON_DIR) $(EXTRAFLAGS) +CFLAGS=-Wall -Wextra -Wpedantic -Werror -Wundef -std=c99 -I$(COMMON_DIR) $(EXTRAFLAGS) all: $(DEST_DIR)/functest_$(SCHEME)_$(IMPLEMENTATION) $(DEST_DIR)/testvectors_$(SCHEME)_$(IMPLEMENTATION) diff --git a/test/crypto_kem/functest.c b/test/crypto_kem/functest.c index 5a513810..a2721e86 100644 --- a/test/crypto_kem/functest.c +++ b/test/crypto_kem/functest.c @@ -50,12 +50,16 @@ static int check_canary(const uint8_t *d) { return -1; \ } +#define DEFER(x) x +#define NAMESPACE_CHECK DEFER(NAMESPACE(API_H)) + static int test_keys(void) { /* * This is most likely going to be aligned by the compiler. * 16 extra bytes for canary * 1 extra byte for unalignment */ + uint8_t key_a_aligned[CRYPTO_BYTES + 16 + 1]; uint8_t key_b_aligned[CRYPTO_BYTES + 16 + 1]; uint8_t pk_aligned[CRYPTO_PUBLICKEYBYTES + 16 + 1]; @@ -196,7 +200,10 @@ static int test_invalid_ciphertext(void) { } int main(void) { + // these two will trigger compiler errors puts(CRYPTO_ALGNAME); + NAMESPACE_CHECK; + int result = 0; result += test_keys(); result += test_invalid_sk_a(); diff --git a/test/crypto_sign/functest.c b/test/crypto_sign/functest.c index 11938648..2eaf8f5c 100644 --- a/test/crypto_sign/functest.c +++ b/test/crypto_sign/functest.c @@ -51,6 +51,9 @@ static int check_canary(const uint8_t *d) { return -1; \ } +#define DEFER(x) x +#define NAMESPACE_CHECK DEFER(NAMESPACE(API_H)) + static int test_sign(void) { /* * This is most likely going to be aligned by the compiler. @@ -160,7 +163,10 @@ static int test_wrong_pk(void) { } int main(void) { + // these two will generate compile errors puts(CRYPTO_ALGNAME); + NAMESPACE_CHECK; + int result = 0; result += test_sign(); result += test_wrong_pk(); From 8eacafb3c9bf4f772684f66124fb036479f597ce Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Tue, 19 Mar 2019 15:12:23 +0000 Subject: [PATCH 3/4] Fix dilithium header guard --- crypto_sign/dilithium-iii/clean/api.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto_sign/dilithium-iii/clean/api.h b/crypto_sign/dilithium-iii/clean/api.h index 7edbe671..73f9ca9f 100644 --- a/crypto_sign/dilithium-iii/clean/api.h +++ b/crypto_sign/dilithium-iii/clean/api.h @@ -1,5 +1,5 @@ -#ifndef PQCLEAN_DILITHIUMIII_API_H -#define PQCLEAN_DILITHIUMIII_API_H +#ifndef PQCLEAN_DILITHIUMIII_CLEAN_API_H +#define PQCLEAN_DILITHIUMIII_CLEAN_API_H #include #include From e811376a95174f0a99aa42f7e9d75dc16843780f Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Tue, 19 Mar 2019 15:20:59 +0000 Subject: [PATCH 4/4] Do the test more properly --- test/crypto_kem/functest.c | 14 ++++++++++---- test/crypto_sign/functest.c | 16 +++++++++++----- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/test/crypto_kem/functest.c b/test/crypto_kem/functest.c index a2721e86..74cef3f6 100644 --- a/test/crypto_kem/functest.c +++ b/test/crypto_kem/functest.c @@ -50,8 +50,15 @@ static int check_canary(const uint8_t *d) { return -1; \ } -#define DEFER(x) x -#define NAMESPACE_CHECK DEFER(NAMESPACE(API_H)) +// https://stackoverflow.com/a/55243651/248065 +#define MY_TRUTHY_VALUE_X 1 +#define CAT(x,y) CAT_(x,y) +#define CAT_(x,y) x##y +#define HAS_NAMESPACE(x) CAT(CAT(MY_TRUTHY_VALUE_,CAT(PQCLEAN_NAMESPACE,CAT(_,x))),X) + +#if !HAS_NAMESPACE(API_H) +#error "namespace not properly defined for header guard" +#endif static int test_keys(void) { /* @@ -200,9 +207,8 @@ static int test_invalid_ciphertext(void) { } int main(void) { - // these two will trigger compiler errors + // Check if CRYPTO_ALGNAME is printable puts(CRYPTO_ALGNAME); - NAMESPACE_CHECK; int result = 0; result += test_keys(); diff --git a/test/crypto_sign/functest.c b/test/crypto_sign/functest.c index 2eaf8f5c..57e9e0da 100644 --- a/test/crypto_sign/functest.c +++ b/test/crypto_sign/functest.c @@ -51,8 +51,16 @@ static int check_canary(const uint8_t *d) { return -1; \ } -#define DEFER(x) x -#define NAMESPACE_CHECK DEFER(NAMESPACE(API_H)) +// https://stackoverflow.com/a/55243651/248065 +#define MY_TRUTHY_VALUE_X 1 +#define CAT(x,y) CAT_(x,y) +#define CAT_(x,y) x##y +#define HAS_NAMESPACE(x) CAT(CAT(MY_TRUTHY_VALUE_,CAT(PQCLEAN_NAMESPACE,CAT(_,x))),X) + +#if !HAS_NAMESPACE(API_H) +#error "namespace not properly defined for header guard" +#endif + static int test_sign(void) { /* @@ -163,10 +171,8 @@ static int test_wrong_pk(void) { } int main(void) { - // these two will generate compile errors + // check if CRYPTO_ALGNAME is printable puts(CRYPTO_ALGNAME); - NAMESPACE_CHECK; - int result = 0; result += test_sign(); result += test_wrong_pk();