Reduce cryptography usage in --cfg=fuzzing #282
Conversation
TheBlueMatt
force-pushed
the
2021-02-redo-fuzz
branch
from
528e41f
to
1772608
Compare
TheBlueMatt
force-pushed
the
2021-02-redo-fuzz
branch
from
32767e0
to
0cf6e0c
Compare
TheBlueMatt
force-pushed
the
2021-02-redo-fuzz
branch
from
0cf6e0c
to
2cac64c
Compare
|
Rebased on latest upstream with no changes. |
TheBlueMatt
force-pushed
the
2021-02-redo-fuzz
branch
from
2cac64c
to
fb59e0b
Compare
TheBlueMatt
force-pushed
the
2021-02-redo-fuzz
branch
from
fb59e0b
to
f1e34bf
Compare
|
Rebased on latest upstream with no changes. |
|
needs rebase now |
In the next commit the secret->public key derivation in fuzzing cfg is changed to be simpler, as well as the validity rules of public keys relaxed. This adds a new test to ensure random keys can be added, not just the hard-coded keys test that exists today.
This reduces the usage of real cryptography in --cfg=fuzzing, specifically replacing the secret->public key derivation with a simple copy and ECDH with XOR of the public and private parts (plus a stream of 1s to make a test pass that expected non-0 output). It leaves secret tweak addition/multiplication as-is. It also changes the context creation to over-allocate and store the context flags at the end of the context buffer, allowing us to easily test context flags in each function. While it would be nice to have something fancier (eg XOR-based), its not immediately obvious how to accomplish this, and better to fix the issues I have than spend too much time on it. Fixes rust-bitcoin#271. This partially reverts b811ec1
TheBlueMatt
force-pushed
the
2021-02-redo-fuzz
branch
from
f1e34bf
to
79119e8
Compare
|
Rebased, was just a super-trivial new test method that was at the same spot as one that is added here. |
|
@TheBlueMatt rust-miniscript fuzz tests are now failing because public keys do not round-trip |
|
if you parse then print it you get |
|
(I think this is straightforward to fix, we just need to tighten up the parsing a bit, I can open a PR later today or maybe @sanket1729 can) |
|
Grrr sorry about that, I guess I hardly tested full public key parsing instead of just the compressed public keys. Indeed, just storing more info seems like a good solution. |
|
I tried to fix this. But I think it is impossible to solve this in the current framework. We use byte 32 in public key to overwrite whether the key was compressed or not. But when doing this, we lose the corresponding information for uncompressed pubkeys. And we would need a call to libsecp again to construct the Looking for more input on this issue. @TheBlueMatt @apoelstra |
|
One solution I can think of is to encode If the parsers look at the code and then choose the data inputs/control paths, I think this solution will also crash. |
This reduces the usage of real cryptography in --cfg=fuzzing,
specifically replacing the secret->public key derivation with a
simple copy and ECDH with XOR of the public and private parts
(plus a stream of 1s to make a test pass that expected non-0
output).
It leaves secret tweak addition/multiplication as-is.
It also changes the context creation to over-allocate and store
the context flags at the end of the context buffer, allowing us
to easily test context flags in each function.
While it would be nice to have something fancier (eg XOR-based),
its not immediately obvious how to accomplish this, and better to
fix the issues I have than spend too much time on it.
Fixes #271.
This partially reverts b811ec1