feat(crypto): improve fuzzer secp256k1-zkp integration, add build workaround and sanitizer optimization, minor renaming

crypto/Makefile

@@ -2,6 +2,13 @@ ifeq ($(FUZZER),1)
 CC       ?= clang
 LD       ?= $(CC)
 SANFLAGS += -fsanitize=fuzzer
+CFLAGS   += -fsanitize-ignorelist=fuzzer/sanitizer_ignorelist.txt
+
+# this works around clang optimization issues in relation with -fsanitize=undefined
+# TODO is there a better solution, for example by disabling a specific optimization technique?
+blake2b.o: OPTFLAGS += -O0
+blake2s.o: OPTFLAGS += -O0
+
 else ifeq ($(ADDRESS_SANITIZER),1)
 SANFLAGS += -fsanitize=address,undefined
 endif

crypto/fuzzer/README.md

@@ -30,6 +30,8 @@ Examples:
   * `OPTFLAGS="-O0 -ggdb3"`
   * `OPTFLAGS="-O3 -march=native"`
 
+To be determined: use of `-fsanitize-ignorelist` to reduce sanitizer overhead on hot functions
+
 ### Other Flags
 
 To be determined:

crypto/fuzzer/fuzzer.c

@@ -381,19 +381,19 @@ int fuzz_nem_validate_address(void) {
 }
 
 int fuzz_nem_get_address(void) {
-  unsigned char ed25519_public_key[32] = {0};
+  unsigned char ed25519_public_key_fuzz[32] = {0};
   uint32_t network = 0;
 
-  if (fuzzer_length != (sizeof(ed25519_public_key) + sizeof(network))) {
+  if (fuzzer_length != (sizeof(ed25519_public_key_fuzz) + sizeof(network))) {
     return 0;
   }
 
   char address[NEM_ADDRESS_SIZE + 1] = {0};
 
-  memcpy(ed25519_public_key, fuzzer_input(32), 32);
+  memcpy(ed25519_public_key_fuzz, fuzzer_input(32), 32);
   memcpy(&network, fuzzer_input(4), 4);
 
-  nem_get_address(ed25519_public_key, network, address);
+  nem_get_address(ed25519_public_key_fuzz, network, address);
 
 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
@@ -616,15 +616,15 @@ int fuzz_slip39_word_completion_mask(void) {
 }
 
 int fuzz_mnemonic_to_bits(void) {
-  // length chosen somewhat arbitrarily
-#define MAX_MNEMONIC_LENGTH 256
+  // regular MAX_MNEMONIC_LEN is 240, try some extra bytes
+#define MAX_MNEMONIC_FUZZ_LENGTH 256
 
-  if (fuzzer_length < MAX_MNEMONIC_LENGTH) {
+  if (fuzzer_length < MAX_MNEMONIC_FUZZ_LENGTH) {
     return 0;
   }
 
-  char mnemonic[MAX_MNEMONIC_LENGTH + 1] = {0};
-  memcpy(&mnemonic, fuzzer_ptr, MAX_MNEMONIC_LENGTH);
+  char mnemonic[MAX_MNEMONIC_FUZZ_LENGTH + 1] = {0};
+  memcpy(&mnemonic, fuzzer_ptr, MAX_MNEMONIC_FUZZ_LENGTH);
   uint8_t mnemonic_bits[32 + 1] = {0};
 
   mnemonic_to_bits((const char *)&mnemonic, mnemonic_bits);

crypto/fuzzer/sanitizer_ignorelist.txt

@@ -0,0 +1,21 @@
+# ignore bignum math operations and other hot crypto primitives
+
+fun:*sha256_Update*
+fun:*sha256_Raw*
+fun:*sha256_Transform*
+fun:*sha512_Transform*
+fun:*pbkdf2_hmac_sha512_Update*
+fun:*pbkdf2_*
+fun:*hmac_*
+fun:*sha256_*
+# TODO this is very broad
+fun:*bn_*
+fun:*bn_inverse*
+fun:*bn_multiply*
+fun:*bn_multiply_long*
+fun:*bn_multiply_reduce_step*
+fun:*bn_multiply_step*
+fun:*curve25519_mul*
+fun:*point_multiply*
+fun:*point_jacobian_add*
+fun:*scalar_multiply*