Skip to content

/ elliptic-curve-differential-fuzzer

Differential fuzzing for elliptic curves
C C++ Python CMake
  1. C 75.8%
  2. C++ 16.2%
  3. Python 6.0%
  4. CMake 2.0%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

Cannot retrieve the latest commit at this time.
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
corpus
modules
CMakeLists.txt
LICENSE
README.md
fail.c
fuzz_ec.c
fuzz_ec.dict
fuzz_ec.h
gencorp.py
main.c

README.md

ecfuzzer

Differential fuzzing for elliptic curves

Build

You can build a standalone binary with classic cmake commands

mkdir build
cd build
cmake ..
make

This standalone binary expects one argument, a file name, whose contents will be processed.

You can check out build.sh from oss-fuzz to build a fuzzing binary.

Architecture

List of files :

  • main.c : main function for processing one file
  • fuzz_ec.c : fuzz target, ie LLVMFuzzerTestOneInput function
  • fuzz_ec.h : common structures for modules
  • modules : directory with one file per module

Processing

The input buffer must be at least 4 bytes :

  • 2 bytes are used to reference the curve (using the reference identifiers from TLS protocol)
  • at least 1 byte for two big integers

For each module, the fuzzer will :

  • load the curve (if the module does not know the curve, it is ok)
  • do a scalar multiplication of first big integer with curve generator
  • do a second scalar multiplication of second big integer with point resulting from first multiplication
  • check the return code (abort on failure)
  • check the result (point coordinates) with the previous module (abort on first difference)
You can’t perform that action at this time.