chore: add deserialization tests with corrupted inputs

Author: nsarlin-zama

…flows/aws_tfhe_backward_compat_tests.yml .github/workflows/aws_data_tests.yml.github/workflows/aws_tfhe_backward_compat_tests.yml renamed to .github/workflows/aws_data_tests.yml .github/workflows/aws_tfhe_backward_compat_tests.yml renamed to .github/workflows/aws_data_tests.yml

@@ -1,5 +1,5 @@
-# Run backward compatibility tests
-name: aws_tfhe_backward_compat_tests
+# Run data related tests
+name: aws_data_tests
 
 env:
   CARGO_TERM_COLOR: always
@@ -30,8 +30,8 @@ permissions:
 # zizmor: ignore[concurrency-limits] concurrency is managed after instance setup to ensure safe provisioning
 
 jobs:
-  backward-compat-tests:
-    name: aws_tfhe_backward_compat_tests/backward-compat-tests (bpr)
+  data-tests:
+    name: aws_data_tests/data-tests (bpr)
     if: (github.event_name == 'push' && github.repository == 'zama-ai/tfhe-rs') ||
       github.event_name != 'push'
     runs-on: "runs-on=${{ github.run_id }}/runner=cpu-small"
@@ -49,7 +49,7 @@ jobs:
       - name: Get LFS data sha
         id: hash-lfs-data
         run: |
-          SHA=$(git lfs ls-files -l -I utils/tfhe-backward-compat-data | sha256sum | cut -d' ' -f1)
+          SHA=$(git lfs ls-files -l -I utils/tfhe-backward-compat-data,tests/corrupted_inputs_deserialization | sha256sum | cut -d' ' -f1)
           echo "sha=${SHA}" >> "${GITHUB_OUTPUT}"
 
       - name: Retrieve data from cache
@@ -59,12 +59,14 @@ jobs:
           path: |
             utils/tfhe-backward-compat-data/**/*.cbor
             utils/tfhe-backward-compat-data/**/*.bcode
+            tests/corrupted_inputs_deserialization/**/*.bcode
           key: ${{ steps.hash-lfs-data.outputs.sha }}
 
       - name: Pull test data
         if: steps.retrieve-data-cache.outputs.cache-hit != 'true'
         run: |
           make pull_backward_compat_data
+          make pull_corrupted_inputs_data
 
       # Pull token was stored by action/checkout to be used by lfs, we don't need it anymore
       - name: Remove git credentials
@@ -80,6 +82,10 @@ jobs:
         run: |
           make test_backward_compatibility_ci
 
+      - name: Run corrupted inputs deserialization tests
+        run: |
+          make test_corrupted_inputs_ci
+
       - name: Store data in cache
         if: steps.retrieve-data-cache.outputs.cache-hit != 'true'
         continue-on-error: true
@@ -88,6 +94,7 @@ jobs:
           path: |
             utils/tfhe-backward-compat-data/**/*.cbor
             utils/tfhe-backward-compat-data/**/*.bcode
+            tests/corrupted_inputs_deserialization/**/*.bcode
           key: ${{ steps.hash-lfs-data.outputs.sha }}
 
       - name: Set pull-request URL

.linelint.yml

@@ -11,6 +11,7 @@ ignore:
   - coverage
   - utils/tfhe-lints/tests/*/main.stderr
   - utils/tfhe-backward-compat-data/**/*.ron # ron files are autogenerated
+  - tests/corrupted_inputs_deserialization/data/proven_compact_list/**/metadata.txt
 
 rules:
   # checks if file ends in a newline character

Makefile

@@ -26,6 +26,7 @@ BENCH_CUSTOM_COMMAND:=
 NODE_VERSION=24.12
 BACKWARD_COMPAT_DATA_DIR=utils/tfhe-backward-compat-data
 BACKWARD_COMPAT_DATA_GEN_VERSION:=$(TFHE_VERSION)
+CORRUPTED_INPUTS_TEST=tests/corrupted_inputs_deserialization
 TEST_VECTORS_DIR=apps/test-vectors
 CURRENT_TFHE_VERSION:=$(shell grep '^version[[:space:]]*=' tfhe/Cargo.toml | cut -d '=' -f 2 | xargs)
 WASM_PACK_VERSION="0.13.1"
@@ -498,7 +499,7 @@ clippy_trivium: install_rs_check_toolchain
 .PHONY: clippy_ws_tests # Run clippy on the workspace level tests
 clippy_ws_tests: install_rs_check_toolchain
 	RUSTFLAGS="$(RUSTFLAGS)" cargo "$(CARGO_RS_CHECK_TOOLCHAIN)" clippy --tests \
-		-p tests --features=shortint,integer,zk-pok -- --no-deps -D warnings
+		-p tests --features=shortint,integer,zk-pok,strings -- --no-deps -D warnings
 
 .PHONY: clippy_all_targets # Run clippy lints on all targets (benches, examples, etc.)
 clippy_all_targets: install_rs_check_toolchain
@@ -1253,11 +1254,19 @@ new_backward_compat_crate:
 .PHONY: test_backward_compatibility_ci
 test_backward_compatibility_ci:
 	TFHE_BACKWARD_COMPAT_DATA_DIR="../$(BACKWARD_COMPAT_DATA_DIR)" RUSTFLAGS="$(RUSTFLAGS)" cargo test --profile $(CARGO_PROFILE) \
-		--features=shortint,integer,zk-pok -p tests test_backward_compatibility -- --nocapture
+		--features=shortint,integer,zk-pok,strings -p tests test_backward_compatibility -- --nocapture
 
 .PHONY: test_backward_compatibility # Same as test_backward_compatibility_ci but tries to clone the data repo first if needed
 test_backward_compatibility: pull_backward_compat_data test_backward_compatibility_ci
 
+.PHONY: test_corrupted_inputs_ci
+test_corrupted_inputs_ci:
+	RUSTFLAGS="$(RUSTFLAGS)" cargo test --profile $(CARGO_PROFILE) \
+		--features=integer,zk-pok,strings -p tests test_corrupted_inputs_deserialization -- --nocapture
+
+.PHONY: test_corrupted_inputs # Same as test_corrupted_inputs_ci but pulls data first
+test_corrupted_inputs: pull_corrupted_inputs_data test_corrupted_inputs_ci
+
 # Generate the test vectors and update the hash file
 .PHONY: gen_test_vectors
 gen_test_vectors:
@@ -2041,6 +2050,10 @@ write_params_to_file: install_rs_check_toolchain
 pull_backward_compat_data:
 	./scripts/pull_lfs_data.sh $(BACKWARD_COMPAT_DATA_DIR)
 
+.PHONY: pull_corrupted_inputs_data # Pull the data files needed for corrupted inputs deserialization tests
+pull_corrupted_inputs_data:
+	./scripts/pull_lfs_data.sh $(CORRUPTED_INPUTS_TEST)
+
 .PHONY: pull_hpu_files # Pull the hpu files
 pull_hpu_files:
 	./scripts/pull_lfs_data.sh backends/tfhe-hpu-backend/

tests/Cargo.toml

@@ -16,7 +16,12 @@ cargo_toml = "0.22"
 name = "backward_compatibility_tests"
 path = "backward_compatibility_tests.rs"
 
+[[test]]
+name = "corrupted_inputs_deserialization"
+path = "corrupted_inputs_deserialization.rs"
+
 [features]
 shortint = ["tfhe/shortint"]
 integer = ["shortint", "tfhe/integer"]
 zk-pok = ["tfhe/zk-pok"]
+strings = ["integer", "tfhe/strings"]

tests/corrupted_inputs_deserialization.rs

@@ -0,0 +1,260 @@
+//! This test tries to load various kind of corrupted serialized inputs and see that they are
+//! handled without crashes.
+
+use std::fs::File;
+use std::io::Read;
+use std::ops::{Add, Mul, Sub};
+use std::path::Path;
+
+use tfhe::conformance::ListSizeConstraint;
+use tfhe::integer::ciphertext::IntegerProvenCompactCiphertextListConformanceParams;
+use tfhe::prelude::{CiphertextList, Tagged};
+use tfhe::safe_serialization::{safe_deserialize, safe_deserialize_conformant};
+use tfhe::zk::CompactPkeCrs;
+use tfhe::{
+    set_server_key, CompactCiphertextList, CompactCiphertextListConformanceParams,
+    CompactCiphertextListExpander, CompactPublicKey, FheAsciiString, HlExpandable,
+    ProvenCompactCiphertextList, ServerKey,
+};
+
+const DATA_DIR: &str = "./corrupted_inputs_deserialization/data";
+const AUX_DIR: &str = "aux_data";
+const GIGA: u64 = 1024 * 1024 * 1024;
+
+fn load_server_key(aux_dir: &Path) -> ServerKey {
+    let path = aux_dir.join("server_key.bcode");
+    let f = File::open(&path).unwrap_or_else(|e| panic!("failed to open {}: {e}", path.display()));
+    safe_deserialize(f, 4 * GIGA).unwrap()
+}
+
+fn load_crs(aux_dir: &Path) -> CompactPkeCrs {
+    let path = aux_dir.join("crs.bcode");
+    let f = File::open(&path).unwrap_or_else(|e| panic!("failed to open {}: {e}", path.display()));
+    safe_deserialize(f, 4 * GIGA).unwrap()
+}
+
+fn load_public_key(aux_dir: &Path) -> CompactPublicKey {
+    let path = aux_dir.join("pubkey.bcode");
+    let f = File::open(&path).unwrap_or_else(|e| panic!("failed to open {}: {e}", path.display()));
+    safe_deserialize(f, 4 * GIGA).unwrap()
+}
+
+fn load_metadata(aux_dir: &Path) -> Vec<u8> {
+    let path = aux_dir.join("metadata.txt");
+    std::fs::read(&path).unwrap_or_else(|e| panic!("failed to open {}: {e}", path.display()))
+}
+
+fn list_subdirs(dir: &Path) -> Vec<std::path::PathBuf> {
+    std::fs::read_dir(dir)
+        .unwrap_or_else(|e| panic!("failed to read {}: {e}", dir.display()))
+        .filter_map(|entry| {
+            let entry = entry.unwrap();
+            entry.file_type().unwrap().is_dir().then(|| entry.path())
+        })
+        .collect()
+}
+
+/// Read all .bcode files in `dir` and call `handler` on each file.
+fn process_inputs(dir: &Path, mut handler: impl FnMut(&[u8])) -> u64 {
+    let mut total_tests = 0;
+    let entries =
+        std::fs::read_dir(dir).unwrap_or_else(|e| panic!("failed to read {}: {e}", dir.display()));
+
+    for entry in entries {
+        let path = entry.unwrap().path();
+        if path.extension().and_then(|e| e.to_str()) == Some("bcode") {
+            println!("Processing {}", path.display());
+            total_tests += 1;
+            let input = std::fs::read(&path)
+                .unwrap_or_else(|e| panic!("failed to read {}: {e}", path.display()));
+            handler(&input);
+        }
+    }
+
+    total_tests
+}
+
+fn test_integer<FheType>(exp: &CompactCiphertextListExpander, i: usize)
+where
+    FheType: HlExpandable
+        + Tagged
+        + Clone
+        + Add<FheType, Output = FheType>
+        + Sub<FheType, Output = FheType>
+        + Mul<FheType, Output = FheType>,
+{
+    let ct = match exp.get::<FheType>(i) {
+        Ok(Some(ct)) => ct,
+        Ok(None) => {
+            println!("No ct found at idx {}\n", i);
+            return;
+        }
+        Err(e) => {
+            println!("Error caught while trying to get ct at idx {}:\n{e}\n", i);
+            return;
+        }
+    };
+    let res = ct.clone() + ct.clone();
+    let res = res * ct.clone();
+    let _ = std::hint::black_box(res - ct);
+}
+
+fn test_string(exp: &CompactCiphertextListExpander, i: usize) {
+    let ct = match exp.get::<FheAsciiString>(i) {
+        Ok(Some(ct)) => ct,
+        Ok(None) => {
+            println!("No ct found at idx {i}\n");
+            return;
+        }
+        Err(e) => {
+            println!("Error caught while trying to get ct at idx {i}:\n{e}\n");
+            return;
+        }
+    };
+
+    let _ = std::hint::black_box(ct.len());
+}
+
+/// Try to expand each element and perform some operations, dispatching on the
+/// actual type reported by the expander.
+fn use_list(exp: &CompactCiphertextListExpander) {
+    for i in 0..exp.len() {
+        let Some(kind) = exp.get_kind_of(i) else {
+            println!("No metadata for ct at idx {i}\n");
+            return;
+        };
+
+        match kind {
+            FheTypes::Uint8 => test_integer(exp, i),
+            FheTypes::Uint16 => test_integer(exp, i),
+            FheTypes::Uint32 => test_integer(exp, i),
+            FheTypes::Uint64 => test_integer(exp, i),
+            FheTypes::Int8 => test_integer(exp, i),
+            FheTypes::Int16 => test_integer(exp, i),
+            FheTypes::Int32 => test_integer(exp, i),
+            FheTypes::Int64 => test_integer(exp, i),
+            FheTypes::AsciiString => test_string(exp, i),
+            other => panic!(
+                "unsupported FheTypes variant {other:?} at index {i}, \
+                 this test should be updated to handle it"
+            ),
+        }
+    }
+}
+
+fn handle_ct_list(input: &[u8], conformance_params: &CompactCiphertextListConformanceParams) {
+    let ct_list: CompactCiphertextList = match safe_deserialize_conformant::<CompactCiphertextList>(
+        input,
+        4 * GIGA,
+        conformance_params,
+    ) {
+        Ok(ct_list) => ct_list,
+        Err(e) => {
+            println!("Error caught during deserialization:\n{e}\n");
+            return;
+        }
+    };
+
+    let exp = match ct_list.expand() {
+        Ok(exp) => exp,
+        Err(e) => {
+            println!("Error caught during expand:\n{e}\n");
+            return;
+        }
+    };
+
+    use_list(&exp);
+    println!("List used without error\n")
+}
+
+fn handle_proven_ct_list(
+    input: &[u8],
+    conformance_params: &IntegerProvenCompactCiphertextListConformanceParams,
+    crs: &CompactPkeCrs,
+    public_key: &CompactPublicKey,
+    metadata: &[u8],
+) {
+    let ct_list: ProvenCompactCiphertextList = match safe_deserialize_conformant::<
+        ProvenCompactCiphertextList,
+    >(input, 4 * GIGA, conformance_params)
+    {
+        Ok(ct_list) => ct_list,
+        Err(e) => {
+            println!("Error caught during deserialization:\n{e}\n");
+            return;
+        }
+    };
+
+    let exp = match ct_list.verify_and_expand(crs, public_key, metadata) {
+        Ok(exp) => exp,
+        Err(e) => {
+            println!("Error caught during verify_and_expand:\n{e}\n");
+            return;
+        }
+    };
+
+    use_list(&exp);
+    println!("List used without error\n")
+}
+
+#[test]
+fn test_corrupted_inputs_deserialization() {
+    let mut total_tests = 0;
+    let data_dir = Path::new(DATA_DIR);
+
+    let compact_list_dir = data_dir.join("compact_list");
+    for group_dir in list_subdirs(&compact_list_dir) {
+        println!("compact_list group: {}", group_dir.display());
+        let aux_dir = group_dir.join(AUX_DIR);
+
+        let server_key = load_server_key(&aux_dir);
+        let pubkey = load_public_key(&aux_dir);
+
+        let cpk_conformance_params =
+            CompactCiphertextListConformanceParams::from_parameters_and_size_constraint(
+                pubkey.parameters(),
+                ListSizeConstraint::try_size_in_range(4, usize::MAX).unwrap(),
+            )
+            .allow_unpacked();
+
+        set_server_key(server_key);
+
+        total_tests += process_inputs(&group_dir, |input| {
+            handle_ct_list(input, &cpk_conformance_params);
+        });
+    }
+
+    let proven_compact_list_dir = data_dir.join("proven_compact_list");
+    for group_dir in list_subdirs(&proven_compact_list_dir) {
+        println!("proven_compact_list group: {}", group_dir.display());
+        let aux_dir = group_dir.join(AUX_DIR);
+
+        let server_key = load_server_key(&aux_dir);
+        let pubkey = load_public_key(&aux_dir);
+        let crs = load_crs(&aux_dir);
+        let metadata = load_metadata(&aux_dir);
+
+        let proven_cpk_conformance_params =
+            IntegerProvenCompactCiphertextListConformanceParams::from_public_key_encryption_parameters_and_crs_parameters(
+                pubkey.parameters(),
+                &crs,
+            )
+            .allow_unpacked();
+
+        set_server_key(server_key);
+
+        total_tests += process_inputs(&group_dir, |input| {
+            handle_proven_ct_list(
+                input,
+                &proven_cpk_conformance_params,
+                &crs,
+                &pubkey,
+                &metadata,
+            );
+        });
+    }
+
+    println!("Executed {} tests", total_tests);
+    // If we ran 0 test, it is likely that something wrong happened
+    assert!(total_tests != 0);
+}

tests/corrupted_inputs_deserialization/data/compact_list/202512/aux_data/pubkey.bcode

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:59a6aeba2a010e1b7f6aa57d9a1dd5b40716e01ec4c5a2b0aa35710657ba77c5
+size 762