Merge pull request #567 from pq-code-package/unaligned-test

Add test exercising top-level API with unaligned buffers

Author: mkannwischer

.github/workflows/all.yml

@@ -19,6 +19,12 @@ jobs:
       id-token: 'write'
     uses: ./.github/workflows/base.yml
     secrets: inherit
+  lint-markdown:
+    name: Lint Markdown
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    uses: ./.github/workflows/lint_markdown.yml
   nix:
     name: Nix
     permissions:

.github/workflows/base.yml

@@ -24,11 +24,6 @@ jobs:
           nix-shell: ci-linter
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           cross-prefix: "aarch64-unknown-linux-gnu-"
-  lint-markdown-link:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-    - uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 # v1.0.17
   quickcheck:
     strategy:
       fail-fast: false

.github/workflows/lint_markdown.yml

@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+
+name: Lint-Markdown
+permissions:
+  contents: read
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  lint-markdown-link:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 # v1.0.17

test/test_mldsa.c

@@ -28,33 +28,31 @@
     }                                                         \
   } while (0)
 
-static int test_sign(void)
+
+static int test_sign_core(uint8_t pk[CRYPTO_PUBLICKEYBYTES],
+                          uint8_t sk[CRYPTO_SECRETKEYBYTES],
+                          uint8_t sm[MLEN + CRYPTO_BYTES], uint8_t m[MLEN],
+                          uint8_t m2[MLEN + CRYPTO_BYTES], uint8_t ctx[CTXLEN])
 {
-  uint8_t pk[CRYPTO_PUBLICKEYBYTES];
-  uint8_t sk[CRYPTO_SECRETKEYBYTES];
-  uint8_t sm[MLEN + CRYPTO_BYTES];
-  uint8_t m[MLEN];
-  uint8_t m2[MLEN + CRYPTO_BYTES];
-  uint8_t ctx[CTXLEN];
   size_t smlen;
   size_t mlen;
   int rc;
 
 
   CHECK(crypto_sign_keypair(pk, sk) == 0);
   randombytes(ctx, CTXLEN);
-  MLD_CT_TESTING_SECRET(ctx, sizeof(ctx));
+  MLD_CT_TESTING_SECRET(ctx, CTXLEN);
   randombytes(m, MLEN);
-  MLD_CT_TESTING_SECRET(m, sizeof(m));
+  MLD_CT_TESTING_SECRET(m, MLEN);
 
   CHECK(crypto_sign(sm, &smlen, m, MLEN, ctx, CTXLEN, sk) == 0);
 
   rc = crypto_sign_open(m2, &mlen, sm, smlen, ctx, CTXLEN, pk);
 
   /* Constant time: Declassify outputs to check them. */
   MLD_CT_TESTING_DECLASSIFY(rc, sizeof(int));
-  MLD_CT_TESTING_DECLASSIFY(m, sizeof(m));
-  MLD_CT_TESTING_DECLASSIFY(m2, sizeof(m2));
+  MLD_CT_TESTING_DECLASSIFY(m, MLEN);
+  MLD_CT_TESTING_DECLASSIFY(m2, (MLEN + CRYPTO_BYTES));
 
   if (rc)
   {
@@ -83,6 +81,30 @@ static int test_sign(void)
   return 0;
 }
 
+static int test_sign(void)
+{
+  uint8_t pk[CRYPTO_PUBLICKEYBYTES];
+  uint8_t sk[CRYPTO_SECRETKEYBYTES];
+  uint8_t sm[MLEN + CRYPTO_BYTES];
+  uint8_t m[MLEN];
+  uint8_t m2[MLEN + CRYPTO_BYTES];
+  uint8_t ctx[CTXLEN];
+
+  return test_sign_core(pk, sk, sm, m, m2, ctx);
+}
+
+static int test_sign_unaligned(void)
+{
+  MLD_ALIGN uint8_t pk[CRYPTO_PUBLICKEYBYTES + 1];
+  MLD_ALIGN uint8_t sk[CRYPTO_SECRETKEYBYTES + 1];
+  MLD_ALIGN uint8_t sm[MLEN + CRYPTO_BYTES + 1];
+  MLD_ALIGN uint8_t m[MLEN + 1];
+  MLD_ALIGN uint8_t m2[MLEN + CRYPTO_BYTES + 1];
+  MLD_ALIGN uint8_t ctx[CTXLEN + 1];
+
+  return test_sign_core(pk + 1, sk + 1, sm + 1, m + 1, m2 + 1, ctx + 1);
+}
+
 static int test_wrong_pk(void)
 {
   uint8_t pk[CRYPTO_PUBLICKEYBYTES];
@@ -249,6 +271,7 @@ int main(void)
   for (i = 0; i < NTESTS; i++)
   {
     r = test_sign();
+    r |= test_sign_unaligned();
     r |= test_wrong_pk();
     r |= test_wrong_sig();
     r |= test_wrong_ctx();