[!] Crystal Dilithium signature check fixed

6d5a3b7f · Dmitriy A. Gerasimov · b1e0a61a · 6d5a3b7f · 6d5a3b7f · 6d5a3b7f
Commit 6d5a3b7f authored 4 years ago by Dmitriy A. Gerasimov
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,7 @@ project(cellframe-sdk C)
 cmake_minimum_required(VERSION 2.8)

 set(CMAKE_C_STANDARD 11)
-set(CELLFRAME_SDK_NATIVE_VERSION "2.6-100")
+set(CELLFRAME_SDK_NATIVE_VERSION "2.6-101")
 add_definitions ("-DCELLFRAME_SDK_VERSION=\"${CELLFRAME_SDK_NATIVE_VERSION}\"")
 set(DAPSDK_MODULES "")


--- a/dap-sdk/crypto/src/dap_enc_dilithium.c
+++ b/dap-sdk/crypto/src/dap_enc_dilithium.c
@@ -84,8 +84,9 @@ size_t dap_enc_sig_dilithium_verify_sign(struct dap_enc_key * key, const void *
        log_it(L_ERROR, "bad signature size");
        return 0;
    }
-
-    return (dilithium_crypto_sign_open( (unsigned char *) msg, msg_size, (dilithium_signature_t *) signature, key->pub_key_data));
+    int l_ret = dilithium_crypto_sign_open( (unsigned char *) msg, msg_size, (dilithium_signature_t *) signature, key->pub_key_data);
+    log_it(L_WARNING,"Wrong signature, can't open with code %d", l_ret);
+    return l_ret>0? l_ret : 0;
 }

 void dap_enc_sig_dilithium_key_delete(struct dap_enc_key * key)

--- a/dap-sdk/crypto/src/sig_dilithium/dilithium_sign.c
+++ b/dap-sdk/crypto/src/sig_dilithium/dilithium_sign.c
@@ -318,17 +318,18 @@ int dilithium_crypto_sign( dilithium_signature_t *sig, const unsigned char *m, u
 /*************************************************/
 int dilithium_crypto_sign_open( unsigned char *m, unsigned long long mlen, dilithium_signature_t *sig, const dilithium_public_key_t * public_key)
 {
-    assert(public_key->kind == sig->kind);
+    if(public_key->kind != sig->kind)
+        return -1;

    dilithium_param_t *p = malloc(sizeof(dilithium_param_t));
    if (! dilithium_params_init( p, public_key->kind)) {
        free(p);
-        return -1;
+        return -2;
    }

    if (sig->sig_len < p->CRYPTO_BYTES ) {
        free(p);
-        return -1;
+        return -3;
    }

    unsigned long long i;
@@ -340,18 +341,18 @@ int dilithium_crypto_sign_open( unsigned char *m, unsigned long long mlen, dilit

    if((sig->sig_len - p->CRYPTO_BYTES) != mlen) {
        free(p);
-        return -1;
+        return -4;
    }

    dilithium_unpack_pk(rho, &t1, public_key->data, p);
    if(dilithium_unpack_sig(&z, &h, &c, sig->sig_data, p)) {
        free(p);
-        return -1;
+        return -5;
    }

    if(polyvecl_chknorm(&z, GAMMA1 - p->PARAM_BETA, p)) {
        free(p);
-        return -1;
+        return -6;
    }

    unsigned char *tmp_m = malloc(CRHBYTES + mlen);
@@ -388,7 +389,7 @@ int dilithium_crypto_sign_open( unsigned char *m, unsigned long long mlen, dilit
    for(i = 0; i < NN; ++i)
        if(c.coeffs[i] != cp.coeffs[i]) {
            free(p);
-            return -1;
+            return -7;
        }

    return 0;