Add tests for fuzzing on scalar operation #1377

pull YafeiXie1 wants to merge 2 commits into bitcoin-core:master from YafeiXie1:fuzz_test changing 1 files +208 −0
  1. YafeiXie1 commented at 8:35 pm on July 16, 2023: none
    Hello, I’m trying to develop the fuzz test using libfuzzer. This PR shows the tests about several properties of scalar operations. Could you give me some suggestions?
  2. add fuzz tests for scalar operations 3daad66f86
  3. in src/fuzz.c:4 in 3daad66f86 outdated 
    0@@ -0,0 +1,208 @@
1+#include <stdio.h>
2+#include <stdlib.h>
3+#include <string.h>
4+#include <time.h>
    sipa commented at 2:18 pm on July 17, 2023:
    I don’t think you need time.h.
  4. in src/fuzz.c:6 in 3daad66f86 outdated 
    0@@ -0,0 +1,208 @@
1+#include <stdio.h>
2+#include <stdlib.h>
3+#include <string.h>
4+#include <time.h>
5+
6+#include "scalar_impl.h"
    sipa commented at 2:19 pm on July 17, 2023:

    Instead of including all these individual files, you can just include secp256k1.c (the main implementation file includes all the necessary code from all modules).

    When you do that, you’ll also need the precomputed tables (which are in separate .c files) when compiling, as the ecmult logic needs them (even when you’re not actually testing those yet).

    For example, you’d build with

    0clang++ -g -O2 -fsanitize=undefined,address,fuzzer fuzz.c precomputed_ecmult.c precomputed_ecmult_gen.c -o fuzz

    (this is just temporary before we integrate it into the build system)

  5. in src/fuzz.c:200 in 3daad66f86 outdated 
    195+        CHECK(secp256k1_scalar_eq(&r3, &a));
196+    }    
197+}        
198+   
199+
200+/** Entry point of Libfuzzer **/
    sipa commented at 2:34 pm on July 17, 2023:

    Here is some code to decide the test based on an environment variable:

     0typedef void (*fuzz_function)(const uint8_t* data, size_t size);
 1
 2static fuzz_function selected_fuzz_function = NULL;
 3
 4int LLVMFuzzerInitialize(int *argc, char ***argv) {
 5    const char* test_name = getenv("FUZZ");
 6    if (!test_name) {
 7        fprintf(stderr, "Select a fuzz test using the FUZZ environment variable\n");
 8        assert(false);
 9    }
10    if (strcmp(test_name, "scalar_inverse") == 0) {
11        selected_fuzz_test = &fuzz_scalar_inverse;
12    } else if (strcmp(test_name, "scalar_negate") == 0) {
13        selected_fuzz_test = &fuzz_scalar_negate;
14    } else if ...
15        ...
16    } else {
17        fprintf(stderr, "Unknown fuzz test selected using FUZZ environment variable: %s\n", test_name);
18        assert(false);
19    }
20    return 0;
21}
22
23int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
24    selected_fuzz_test(data, size);
25    return 0;
26}

    (I haven’t tried to compile/run the above, there may be bugs)

    You’d then invoke the tests using

    0FUZZ=scalar_inverse ./fuzz
  6. in src/fuzz.c:19 in 3daad66f86 outdated 
    14+#include "testrand_impl.h"
15+
16+/*** Scalar Operation ***/
17+
18+/* Test commutativity of scalar addition */ 
19+static void fuzz_commutate_add(const uint8_t *data, size_t size) {
    sipa commented at 2:36 pm on July 17, 2023:
    Nit (= unimportant comment, feel free to ignore if you disagree): I find “cummutate” a bit unnatural, what about fuzz_add_commutativity for example?
  7. in src/fuzz.c:31 in 3daad66f86 outdated 
    26+        CHECK(secp256k1_scalar_eq(&r1, &r2));
27+    }
28+}
29+
30+/* Test associativity of scalar addition */
31+static void fuzz_associate_add(const uint8_t *data, size_t size) {
    sipa commented at 2:36 pm on July 17, 2023:
    Nit: fuzz_add_associativity ?
  8. in src/fuzz.c:46 in 3daad66f86 outdated 
    41+        CHECK(secp256k1_scalar_eq(&r1, &r2));
42+    }
43+}
44+
45+/* Test identity addition */ 
46+static void fuzz_zero_add(const uint8_t *data, size_t size) {
    sipa commented at 2:37 pm on July 17, 2023:
    Nit: Add scalar to the name (because we’ll probably have tests adding zero for field elements and group elements too).
  9. in src/fuzz.c:56 in 3daad66f86 outdated 
    51+        CHECK(secp256k1_scalar_eq(&r1, &a));
52+    }
53+}
54+
55+/* Test scalar addition with its complement */ 
56+static void fuzz_complement_add(const uint8_t *data, size_t size) {
    sipa commented at 2:37 pm on July 17, 2023:
    Nit: Add scalar to the name?
  10. in src/fuzz.c:67 in 3daad66f86 outdated 
    62+        CHECK(secp256k1_scalar_is_zero(&r2));
63+    }
64+}
65+
66+/* Test commutativity of scalar multiplication */
67+static void fuzz_commutate_mul(const uint8_t *data, size_t size) {
    sipa commented at 2:38 pm on July 17, 2023:
    Nit: fuzz_scalar_mul_commutativity ?
  11. in src/fuzz.c:79 in 3daad66f86 outdated 
    74+        CHECK(secp256k1_scalar_eq(&r1, &r2));
75+    }
76+}
77+
78+/* Test associativity of scalar multiplication */
79+static void fuzz_associate_mul(const uint8_t *data, size_t size) {
    sipa commented at 2:38 pm on July 17, 2023:
    Nit: fuzz_scalar_mul_associativity ?
  12. in src/fuzz.c:94 in 3daad66f86 outdated 
    89+        CHECK(secp256k1_scalar_eq(&r1, &r2));
90+    }
91+}
92+
93+/* Test distributivity of scalar multiplication */
94+static void fuzz_distri_mul(const uint8_t *data, size_t size) {
    sipa commented at 2:38 pm on July 17, 2023:
    Nit: fuzz_scalar_mul_distributivity ?
  13. in src/fuzz.c:110 in 3daad66f86 outdated 
    105+        CHECK(secp256k1_scalar_eq(&r1, &r2));
106+    }
107+}
108+
109+/* Test identity multiplication */ 
110+static void fuzz_one_mul(const uint8_t *data, size_t size) {
    sipa commented at 2:38 pm on July 17, 2023:
    Nit: fuzz_scalar_mul_one ?
  14. in src/fuzz.c:121 in 3daad66f86 outdated 
    116+    }
117+}
118+
119+
120+/* Test scalar multiplication with zero */ 
121+static void fuzz_zero_mul(const uint8_t *data, size_t size) {
    sipa commented at 2:39 pm on July 17, 2023:
    Nit: fuzz_scalar_mul_zero ?
  15. in src/fuzz.c:180 in 3daad66f86 outdated 
    175+static void fuzz_scalar_shift(const uint8_t *data, size_t size) {
176+    if (size > 31) {
177+        int bit, r1, r2;     
178+        secp256k1_scalar a;
179+        secp256k1_scalar_set_b32(&a, data, NULL);
180+        bit = 1 + secp256k1_testrand_int(15);
    sipa commented at 2:41 pm on July 17, 2023:
    You cannot use randomness in fuzz tests, because the fuzzer cannot control the randomness (coverage will be unrelated and nondeterministic, which will confuse the fuzzer’s tracking of which seeds are useful). You should get the value from the fuzzer data/size here too.
  16. in src/fuzz.c:14 in 3daad66f86 outdated 
     9+#include "ecmult_impl.h"
10+#include "ecmult_const_impl.h"
11+#include "ecmult_gen_impl.h"
12+#include "int128_impl.h"
13+#include "scratch_impl.h"
14+#include "testrand_impl.h"
    sipa commented at 2:41 pm on July 17, 2023:
    Don’t include this; you should never need randomness in fuzz tests.
  17. in src/fuzz.c:188 in 3daad66f86 outdated 
    183+        CHECK(r1 == r2);
184+    }
185+}
186+
187+/* Test r1+r2*lambda = a */
188+static void fuzz_scalar_splite_lambda(const uint8_t *data, size_t size) {
    sipa commented at 2:41 pm on July 17, 2023:
    Typo: splite -> split
  18. in src/fuzz.c:208 in 3daad66f86 outdated 
    203+    test(data,size);
204+    return 0;
205+}
206+**/   
207+        
208+
    sipa commented at 2:42 pm on July 17, 2023:
    Add a newline at the end of the file.
  19. real-or-random added the label assurance on Jul 18, 2023
  20. Merge branch 'bitcoin-core:master' into fuzz_test e48091bef9
  21. YafeiXie1 closed this on Jul 27, 2023
  22. YafeiXie1 deleted the branch on Jul 27, 2023


YafeiXie1 sipa

Labels
assurance

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 17:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me