Add tests for fuzzing on scalar operation #1377
pull YafeiXie1 wants to merge 2 commits into bitcoin-core:master from YafeiXie1:fuzz_test changing 1 files +208 −0-
YafeiXie1 commented at 8:35 pm on July 16, 2023: noneHello, I’m trying to develop the fuzz test using libfuzzer. This PR shows the tests about several properties of scalar operations. Could you give me some suggestions?
-
add fuzz tests for scalar operations 3daad66f86
-
in src/fuzz.c:4 in 3daad66f86 outdated
0@@ -0,0 +1,208 @@ 1+#include <stdio.h> 2+#include <stdlib.h> 3+#include <string.h> 4+#include <time.h>
sipa commented at 2:18 pm on July 17, 2023:I don’t think you needtime.h
.in src/fuzz.c:6 in 3daad66f86 outdated
0@@ -0,0 +1,208 @@ 1+#include <stdio.h> 2+#include <stdlib.h> 3+#include <string.h> 4+#include <time.h> 5+ 6+#include "scalar_impl.h"
sipa commented at 2:19 pm on July 17, 2023:Instead of including all these individual files, you can just include
secp256k1.c
(the main implementation file includes all the necessary code from all modules).When you do that, you’ll also need the precomputed tables (which are in separate .c files) when compiling, as the ecmult logic needs them (even when you’re not actually testing those yet).
For example, you’d build with
0clang++ -g -O2 -fsanitize=undefined,address,fuzzer fuzz.c precomputed_ecmult.c precomputed_ecmult_gen.c -o fuzz
(this is just temporary before we integrate it into the build system)
in src/fuzz.c:200 in 3daad66f86 outdated
195+ CHECK(secp256k1_scalar_eq(&r3, &a)); 196+ } 197+} 198+ 199+ 200+/** Entry point of Libfuzzer **/
sipa commented at 2:34 pm on July 17, 2023:Here is some code to decide the test based on an environment variable:
0typedef void (*fuzz_function)(const uint8_t* data, size_t size); 1 2static fuzz_function selected_fuzz_function = NULL; 3 4int LLVMFuzzerInitialize(int *argc, char ***argv) { 5 const char* test_name = getenv("FUZZ"); 6 if (!test_name) { 7 fprintf(stderr, "Select a fuzz test using the FUZZ environment variable\n"); 8 assert(false); 9 } 10 if (strcmp(test_name, "scalar_inverse") == 0) { 11 selected_fuzz_test = &fuzz_scalar_inverse; 12 } else if (strcmp(test_name, "scalar_negate") == 0) { 13 selected_fuzz_test = &fuzz_scalar_negate; 14 } else if ... 15 ... 16 } else { 17 fprintf(stderr, "Unknown fuzz test selected using FUZZ environment variable: %s\n", test_name); 18 assert(false); 19 } 20 return 0; 21} 22 23int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 24 selected_fuzz_test(data, size); 25 return 0; 26}
(I haven’t tried to compile/run the above, there may be bugs)
You’d then invoke the tests using
0FUZZ=scalar_inverse ./fuzz
in src/fuzz.c:19 in 3daad66f86 outdated
14+#include "testrand_impl.h" 15+ 16+/*** Scalar Operation ***/ 17+ 18+/* Test commutativity of scalar addition */ 19+static void fuzz_commutate_add(const uint8_t *data, size_t size) {
sipa commented at 2:36 pm on July 17, 2023:Nit (= unimportant comment, feel free to ignore if you disagree): I find “cummutate” a bit unnatural, what aboutfuzz_add_commutativity
for example?in src/fuzz.c:31 in 3daad66f86 outdated
26+ CHECK(secp256k1_scalar_eq(&r1, &r2)); 27+ } 28+} 29+ 30+/* Test associativity of scalar addition */ 31+static void fuzz_associate_add(const uint8_t *data, size_t size) {
sipa commented at 2:36 pm on July 17, 2023:Nit:fuzz_add_associativity
?in src/fuzz.c:46 in 3daad66f86 outdated
41+ CHECK(secp256k1_scalar_eq(&r1, &r2)); 42+ } 43+} 44+ 45+/* Test identity addition */ 46+static void fuzz_zero_add(const uint8_t *data, size_t size) {
sipa commented at 2:37 pm on July 17, 2023:Nit: Addscalar
to the name (because we’ll probably have tests adding zero for field elements and group elements too).in src/fuzz.c:56 in 3daad66f86 outdated
51+ CHECK(secp256k1_scalar_eq(&r1, &a)); 52+ } 53+} 54+ 55+/* Test scalar addition with its complement */ 56+static void fuzz_complement_add(const uint8_t *data, size_t size) {
sipa commented at 2:37 pm on July 17, 2023:Nit: Addscalar
to the name?in src/fuzz.c:67 in 3daad66f86 outdated
62+ CHECK(secp256k1_scalar_is_zero(&r2)); 63+ } 64+} 65+ 66+/* Test commutativity of scalar multiplication */ 67+static void fuzz_commutate_mul(const uint8_t *data, size_t size) {
sipa commented at 2:38 pm on July 17, 2023:Nit:fuzz_scalar_mul_commutativity
?in src/fuzz.c:79 in 3daad66f86 outdated
74+ CHECK(secp256k1_scalar_eq(&r1, &r2)); 75+ } 76+} 77+ 78+/* Test associativity of scalar multiplication */ 79+static void fuzz_associate_mul(const uint8_t *data, size_t size) {
sipa commented at 2:38 pm on July 17, 2023:Nit:fuzz_scalar_mul_associativity
?in src/fuzz.c:94 in 3daad66f86 outdated
89+ CHECK(secp256k1_scalar_eq(&r1, &r2)); 90+ } 91+} 92+ 93+/* Test distributivity of scalar multiplication */ 94+static void fuzz_distri_mul(const uint8_t *data, size_t size) {
sipa commented at 2:38 pm on July 17, 2023:Nit:fuzz_scalar_mul_distributivity
?in src/fuzz.c:110 in 3daad66f86 outdated
105+ CHECK(secp256k1_scalar_eq(&r1, &r2)); 106+ } 107+} 108+ 109+/* Test identity multiplication */ 110+static void fuzz_one_mul(const uint8_t *data, size_t size) {
sipa commented at 2:38 pm on July 17, 2023:Nit:fuzz_scalar_mul_one
?in src/fuzz.c:121 in 3daad66f86 outdated
116+ } 117+} 118+ 119+ 120+/* Test scalar multiplication with zero */ 121+static void fuzz_zero_mul(const uint8_t *data, size_t size) {
sipa commented at 2:39 pm on July 17, 2023:Nit:fuzz_scalar_mul_zero
?in src/fuzz.c:180 in 3daad66f86 outdated
175+static void fuzz_scalar_shift(const uint8_t *data, size_t size) { 176+ if (size > 31) { 177+ int bit, r1, r2; 178+ secp256k1_scalar a; 179+ secp256k1_scalar_set_b32(&a, data, NULL); 180+ bit = 1 + secp256k1_testrand_int(15);
sipa commented at 2:41 pm on July 17, 2023:You cannot use randomness in fuzz tests, because the fuzzer cannot control the randomness (coverage will be unrelated and nondeterministic, which will confuse the fuzzer’s tracking of which seeds are useful). You should get the value from the fuzzer data/size here too.in src/fuzz.c:14 in 3daad66f86 outdated
9+#include "ecmult_impl.h" 10+#include "ecmult_const_impl.h" 11+#include "ecmult_gen_impl.h" 12+#include "int128_impl.h" 13+#include "scratch_impl.h" 14+#include "testrand_impl.h"
sipa commented at 2:41 pm on July 17, 2023:Don’t include this; you should never need randomness in fuzz tests.in src/fuzz.c:188 in 3daad66f86 outdated
183+ CHECK(r1 == r2); 184+ } 185+} 186+ 187+/* Test r1+r2*lambda = a */ 188+static void fuzz_scalar_splite_lambda(const uint8_t *data, size_t size) {
sipa commented at 2:41 pm on July 17, 2023:Typo: splite -> splitin src/fuzz.c:208 in 3daad66f86 outdated
203+ test(data,size); 204+ return 0; 205+} 206+**/ 207+ 208+
sipa commented at 2:42 pm on July 17, 2023:Add a newline at the end of the file.real-or-random added the label assurance on Jul 18, 2023Merge branch 'bitcoin-core:master' into fuzz_test e48091bef9YafeiXie1 closed this on Jul 27, 2023
YafeiXie1 deleted the branch on Jul 27, 2023
github-metadata-mirror
This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-31 06:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me