From 6e43a56a1807a7bb21ab520fdad31e36fe307edb Mon Sep 17 00:00:00 2001
From: Nathaniel Brough <nathaniel.brough@gmail.com>
Date: Tue, 22 Oct 2024 11:50:15 +1000
Subject: [PATCH] Adapt existing sig fuzz harness including more algorithms

Signed-off-by: Nathaniel Brough <nathaniel.brough@gmail.com>
---
 .github/workflows/basic.yml                   |  4 +--
 docs/FUZZING.md                               | 13 +++----
 tests/CMakeLists.txt                          |  6 ++--
 ...fuzz_test_dilithium2.c => fuzz_test_sig.c} | 34 ++++++++++++-------
 4 files changed, 31 insertions(+), 26 deletions(-)
 rename tests/{fuzz_test_dilithium2.c => fuzz_test_sig.c} (75%)

diff --git a/.github/workflows/basic.yml b/.github/workflows/basic.yml
index 69061e21d..b0696e63c 100644
--- a/.github/workflows/basic.yml
+++ b/.github/workflows/basic.yml
@@ -113,9 +113,9 @@ jobs:
           cmake -LA -N .. && \
           ! (grep -i "uninitialized variable" config.log)
       - name: Build code
-        run: ninja
+        run: ninja fuzz_test_dilithium_2
         working-directory: build
 
       - name: Short fuzz check (30s)
-        run: ./tests/fuzz_test_dilithium2 -max_total_time=30
+        run: ./tests/fuzz_test_dilithium_2 -max_total_time=30
         working-directory: build
diff --git a/docs/FUZZING.md b/docs/FUZZING.md
index 8f58626ec..4eecbd34f 100644
--- a/docs/FUZZING.md
+++ b/docs/FUZZING.md
@@ -15,14 +15,11 @@ errors, helping developers identify and fix bugs and security loopholes.
   - [ ] ml_kem
   - [ ] ntruprime
 - [ ] sig
-  - [ ] dilithium
-    - [x] dilithium2
-    - [ ] dilithium3
-    - [ ] dilithium5
-  - [ ] falcon
-  - [ ] mayo
-  - [ ] ml_dsa
-  - [ ] sphincs
+  - [x] dilithium
+  - [x] falcon
+  - [x] mayo
+  - [x] ml_dsa
+  - [x] sphincs
 - [ ] sig_stfl
   - [ ] lms
   - [ ] sig_stfl
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index a03e784d3..fadb293b9 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -95,9 +95,9 @@ add_executable(example_sig example_sig.c)
 target_link_libraries(example_sig PRIVATE ${TEST_DEPS})
 
 if(OQS_BUILD_FUZZ_TESTS AND '${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
-    add_executable(fuzz_test_dilithium2 fuzz_test_dilithium2.c)
-    target_link_libraries(fuzz_test_dilithium2 PRIVATE ${TEST_DEPS})
-    set_target_properties(fuzz_test_dilithium2 PROPERTIES
+    add_executable(fuzz_test_sig fuzz_test_sig.c)
+    target_link_libraries(fuzz_test_sig PRIVATE ${TEST_DEPS})
+    set_target_properties(fuzz_test_sig PROPERTIES
         COMPILE_FLAGS "${FUZZING_COMPILE_FLAGS}"
         LINK_FLAGS "${FUZZING_LINK_FLAGS}"
     )
diff --git a/tests/fuzz_test_dilithium2.c b/tests/fuzz_test_sig.c
similarity index 75%
rename from tests/fuzz_test_dilithium2.c
rename to tests/fuzz_test_sig.c
index cc87bc38b..d8ab222d4 100644
--- a/tests/fuzz_test_dilithium2.c
+++ b/tests/fuzz_test_sig.c
@@ -6,6 +6,7 @@
  * SPDX-License-Identifier: MIT
  */
 
+#include "oqs/sig.h"
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -18,10 +19,7 @@ void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
                   uint8_t *signature,
                   OQS_SIG *sig);
 
-static OQS_STATUS fuzz_dilithium_2(const uint8_t *message, size_t message_len) {
-
-#ifdef OQS_ENABLE_SIG_dilithium_2
-
+static OQS_STATUS fuzz_sig(const uint8_t *data, size_t data_len) {
 	OQS_SIG *sig = NULL;
 	uint8_t *public_key = NULL;
 	uint8_t *secret_key = NULL;
@@ -29,9 +27,25 @@ static OQS_STATUS fuzz_dilithium_2(const uint8_t *message, size_t message_len) {
 	size_t signature_len;
 	OQS_STATUS rc;
 
-	sig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
+	// Select algorithm based on fuzzed data.
+	size_t algorithm_index = 0;
+	const uint8_t *message = NULL;
+	size_t message_len = 0;
+	if (data_len > sizeof(size_t)) {
+		memcpy(&algorithm_index, data, sizeof(size_t));
+		message = data + sizeof(size_t);
+		message_len = data_len - sizeof(size_t);
+
+		algorithm_index %= OQS_SIG_algs_length;
+	} else {
+		message = data;
+		message_len = data_len;
+	}
+	const char *algorithm = OQS_SIG_alg_identifier(algorithm_index);
+
+	sig = OQS_SIG_new(algorithm);
 	if (sig == NULL) {
-		printf("[fuzz_test_dilithium_2]  OQS_SIG_alg_dilithium_2 was not enabled at compile-time.\n");
+		printf("%s was not enabled at compile-time.\n", algorithm);
 		return OQS_ERROR;
 	}
 
@@ -65,12 +79,6 @@ static OQS_STATUS fuzz_dilithium_2(const uint8_t *message, size_t message_len) {
 
 	cleanup_heap(public_key, secret_key,  signature, sig);
 	return OQS_SUCCESS; // success
-#else
-
-	printf("[fuzz_test_dilithium_2] OQS_SIG_dilithium_2 was not enabled at compile-time.\n");
-	return OQS_SUCCESS;
-
-#endif
 }
 
 void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
@@ -86,7 +94,7 @@ void cleanup_heap(uint8_t *public_key, uint8_t *secret_key,
 
 int LLVMFuzzerTestOneInput(const char *data, size_t size) {
 	OQS_init();
-	if (OQS_ERROR == fuzz_dilithium_2((const uint8_t *)data, size)) {
+	if (OQS_ERROR == fuzz_sig((const uint8_t *)data, size)) {
 		// If we get an error prune testcase from corpus.
 		return -1;
 	}