Reject malformed ML-DSA signing inputs#1241
Open
tob-joe wants to merge 2 commits into
Open
Conversation
9f8843a to
7e15a5b
Compare
Contributor
CBMC Results (ML-DSA-44, REDUCE-RAM)Full Results (205 proofs)
|
Contributor
CBMC Results (ML-DSA-44)Full Results (205 proofs)
|
Contributor
CBMC Results (ML-DSA-65, REDUCE-RAM)Full Results (205 proofs)
|
Contributor
CBMC Results (ML-DSA-87, REDUCE-RAM)Full Results (205 proofs)
|
Contributor
CBMC Results (ML-DSA-65)Full Results (205 proofs)
|
Contributor
CBMC Results (ML-DSA-87)
Full Results (205 proofs)
|
752bcdd to
d60b5bd
Compare
Reject short external-mu inputs before copying mu in internal signing and verification, and reject nonzero context length with a NULL context pointer at the domain-separation prefix boundary. Add focused unit regression tests for the malformed external-mu and domain-prefix cases without bundling unrelated SHAKE/output-cleanup tests. Verification: - pre-fix `make run_unit_44` failed after adding the targeted malformed-input regression test - make run_unit_44 - make run_unit - make run_func Co-authored-by: Codex <[email protected]> Signed-off-by: Joe Doyle <[email protected]>
Keep the signing-side short external-mu unit regression test enabled when the build exposes keygen and sign APIs but compiles out verification. Guard only the verify-side malformed external-mu assertion so reduced-api keygen+sign builds do not reference verify_internal. Verification: - pre-fix focused reduced-api unit check failed with an implicit declaration of verify_internal under MLD_CONFIG_NO_VERIFY_API - focused reduced-api unit check passed for keygen+sign/no-verify - focused reduced-api-reduce-ram unit check passed for keygen+sign/no-verify - nix develop .#ci -c lint Co-authored-by: Codex <[email protected]> Signed-off-by: Joe Doyle <[email protected]>
d60b5bd to
83c27aa
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reject malformed ML-DSA signing inputs
Summary
muin internal signing and verification.Verification
make run_unit_44failed after adding the targeted malformed-input regression test.make run_unit_44make run_unitmake run_funcNote: the focused regression test and broader unit/functional runs above were collected on the tidy pre-replay patch commit. This PR branch was then cleanly replayed onto current upstream
main; post-replaygit diff --checkpasses, but the tests have not been rerun on the replayed commit yet.Co-authored-by: Codex [email protected]
This work was completed by Trail of Bits as part of the Patch The Planet project in collaboration with OpenAI. The issue was identified primarily by the Codex coding agent, and manually reviewed before submission.