Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cryptofuzz): expose all cryptofuzz tested primitives in lowlevel_* #432

Merged
merged 1 commit into from
Jul 15, 2024
Merged

fix(cryptofuzz): expose all cryptofuzz tested primitives in lowlevel_* #432

merged 1 commit into from
Jul 15, 2024

Conversation

mratsim
Copy link
Owner

@mratsim mratsim commented Jul 15, 2024

Constantine is continuously fuzzed on Google OSS-Fuzz through CryptoFuzz.

The test harness is https://github.com/guidovranken/cryptofuzz/blob/042cac0727b99a39dfecfd61d994f5972e2e7e3d/modules/constantine/constantine_harness.nim and has been broken by refactoring preceding the v0.1.0 release:

This PR:

  • exposes everything cryptofuzz tests in the lowlevel_*.nim files so that it doesn't depend on internal folder structure.
  • remove the new CastSizes warning when raw casting between integer of different size for allocation.
  • exposes new pow/pow_vartime by a finite field and out-of-place using ^ and ~^

It also fails to enable creating a generic version of https://github.com/guidovranken/cryptofuzz/blob/042cac0727b99a39dfecfd61d994f5972e2e7e3d/modules/constantine/constantine_harness.nim#L67-L89

proc loadScalar_BN254_Snarks(
       dst: var matchingOrderBigInt(BN254_Snarks),
       src: openarray[byte]) =
    const maxBits = 8 * roundNextMultipleOf(BN254_Snarks.getCurveOrderBitwidth(), 8)
    var tmp{.noinit.}: BigInt[maxBits]
    tmp.unmarshal(src, bigEndian)
    dst.reduce(tmp, BN254_Snarks.getCurveOrder())

proc loadScalar_BLS12_381(
       dst: var matchingOrderBigInt(BLS12_381),
       src: openarray[byte]) =
    const maxBits = 8 * roundNextMultipleOf(BLS12_381.getCurveOrderBitwidth(), 8)
    var tmp{.noinit.}: BigInt[maxBits]
    tmp.unmarshal(src, bigEndian)
    dst.reduce(tmp, BLS12_381.getCurveOrder())

proc loadScalar_BLS12_377(
       dst: var matchingOrderBigInt(BLS12_377),
       src: openarray[byte]) =
    const maxBits = 8 * roundNextMultipleOf(BLS12_377.getCurveOrderBitwidth(), 8)
    var tmp{.noinit.}: BigInt[maxBits]
    tmp.unmarshal(src, bigEndian)
    dst.reduce(tmp, BLS12_377.getCurveOrder())

When replacing by a generic:
matchingOrderBigInt(curve) and curve.getCurveOrder() fail to match types.

Changing to curve.getBigInt(kScalarField) doesn't work either, and changing the internal impl of getBigInt to use typeof(CurveOrder) triggers a compiler crash
image

@mratsim mratsim mentioned this pull request Jul 15, 2024
Merged
@mratsim mratsim merged commit 9a2d23b into master Jul 15, 2024
24 checks passed
@mratsim mratsim deleted the cryptofuzz-for-v0.1.0 branch July 15, 2024 23:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
correctness 🛂 ergonomics 💯 install / build process 👷‍♂️ refactoring 🚂 testing 🛂
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mratsim