feat(crypto): improve fuzzer secp256k1-zkp integration, add build workaround and sanitizer optimization, minor renaming

3 years ago · 5564251920
parent aee864c7ee
commit 5564251920
4 changed files with 39 additions and 9 deletions
--- a/crypto/Makefile
+++ b/crypto/Makefile
@ -2,6 +2,13 @@ ifeq ($(FUZZER),1)
 CC       ?= clang
 LD       ?= $(CC)
 SANFLAGS += -fsanitize=fuzzer
+CFLAGS   += -fsanitize-ignorelist=fuzzer/sanitizer_ignorelist.txt
+
+# this works around clang optimization issues in relation with -fsanitize=undefined
+# TODO is there a better solution, for example by disabling a specific optimization technique?
+blake2b.o: OPTFLAGS += -O0
+blake2s.o: OPTFLAGS += -O0
+
 else ifeq ($(ADDRESS_SANITIZER),1)
 SANFLAGS += -fsanitize=address,undefined
 endif
--- a/crypto/fuzzer/README.md
+++ b/crypto/fuzzer/README.md
@ -30,6 +30,8 @@ Examples:
  * `OPTFLAGS="-O0 -ggdb3"`
  * `OPTFLAGS="-O3 -march=native"`

+To be determined: use of `-fsanitize-ignorelist` to reduce sanitizer overhead on hot functions
+
 ### Other Flags

 To be determined:
--- a/crypto/fuzzer/fuzzer.c
+++ b/crypto/fuzzer/fuzzer.c
@ -381,19 +381,19 @@ int fuzz_nem_validate_address(void) {
 }

 int fuzz_nem_get_address(void) {
-  unsigned char ed25519_public_key[32] = {0};
+  unsigned char ed25519_public_key_fuzz[32] = {0};
  uint32_t network = 0;

-  if (fuzzer_length != (sizeof(ed25519_public_key) + sizeof(network))) {
+  if (fuzzer_length != (sizeof(ed25519_public_key_fuzz) + sizeof(network))) {
    return 0;
  }

  char address[NEM_ADDRESS_SIZE + 1] = {0};

-  memcpy(ed25519_public_key, fuzzer_input(32), 32);
+  memcpy(ed25519_public_key_fuzz, fuzzer_input(32), 32);
  memcpy(&network, fuzzer_input(4), 4);

-  nem_get_address(ed25519_public_key, network, address);
+  nem_get_address(ed25519_public_key_fuzz, network, address);

 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
@ -616,15 +616,15 @@ int fuzz_slip39_word_completion_mask(void) {
 }

 int fuzz_mnemonic_to_bits(void) {
-  // length chosen somewhat arbitrarily
-#define MAX_MNEMONIC_LENGTH 256
+  // regular MAX_MNEMONIC_LEN is 240, try some extra bytes
+#define MAX_MNEMONIC_FUZZ_LENGTH 256

-  if (fuzzer_length < MAX_MNEMONIC_LENGTH) {
+  if (fuzzer_length < MAX_MNEMONIC_FUZZ_LENGTH) {
    return 0;
  }

-  char mnemonic[MAX_MNEMONIC_LENGTH + 1] = {0};
-  memcpy(&mnemonic, fuzzer_ptr, MAX_MNEMONIC_LENGTH);
+  char mnemonic[MAX_MNEMONIC_FUZZ_LENGTH + 1] = {0};
+  memcpy(&mnemonic, fuzzer_ptr, MAX_MNEMONIC_FUZZ_LENGTH);
  uint8_t mnemonic_bits[32 + 1] = {0};

  mnemonic_to_bits((const char *)&mnemonic, mnemonic_bits);
--- a/crypto/fuzzer/sanitizer_ignorelist.txt
+++ b/crypto/fuzzer/sanitizer_ignorelist.txt
@ -0,0 +1,21 @@
+# ignore bignum math operations and other hot crypto primitives
+
+fun:*sha256_Update*
+fun:*sha256_Raw*
+fun:*sha256_Transform*
+fun:*sha512_Transform*
+fun:*pbkdf2_hmac_sha512_Update*
+fun:*pbkdf2_*
+fun:*hmac_*
+fun:*sha256_*
+# TODO this is very broad
+fun:*bn_*
+fun:*bn_inverse*
+fun:*bn_multiply*
+fun:*bn_multiply_long*
+fun:*bn_multiply_reduce_step*
+fun:*bn_multiply_step*
+fun:*curve25519_mul*
+fun:*point_multiply*
+fun:*point_jacobian_add*
+fun:*scalar_multiply*