Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix fuzzing cfg rtt bug for uncompressed keys #322

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

sanket1729
Copy link
Member

@sanket1729 sanket1729 commented Jul 15, 2021

I did not investigate too much into trying to figure out how the
encoding for simple crypto works. I made some simple changes(basically
disabled the checks for uncompressed keys) and at least it works for
uncompressed keys roundtrip.

#282 (comment)

This broke the rust-miniscript fuzzing downstream.

@@ -816,8 +816,7 @@ mod fuzz_dummy {
0
} else {
ptr::copy(input.offset(1), (*pk).0.as_mut_ptr(), 64);
test_cleanup_pk(pk);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we instead just drop this line and keep the test_pk_validate and have it work?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to change how keys are stored and the function test_cleanup_pk was basically an empty function. See the comment on the top module for exact implementation,

@sanket1729 sanket1729 closed this Jul 20, 2021
@sanket1729 sanket1729 deleted the cfg_fuzzing_fix branch July 20, 2021 20:38
@sanket1729 sanket1729 restored the cfg_fuzzing_fix branch July 20, 2021 20:39
@sanket1729 sanket1729 reopened this Jul 20, 2021
@sanket1729 sanket1729 requested a review from TheBlueMatt July 20, 2021 20:57
@sanket1729 sanket1729 changed the title Fix cfg fuzz Fix fuzzing cfg rtt bug for uncompressed keys Jul 20, 2021
/// If pk is created from from slice:
/// - 0x02||pk_bytes -> pk_bytes||[0xaa;32]
/// - 0x03||pk_bytes -> pk_bytes||[0xbb;32]
/// - 0x04||pk_bytes -> pk_bytes
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These types of patterns are exactly the kind of things fuzzers are good at finding. Why not just store an extra byte in memory?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is exceeding the 64 bytes and using space beyond the 64 bytes a good idea?
Because we need all of 64 bytes to support full roundtrip of uncompressed keys.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had another related question, why do you need to serialize/parse functions for fuzzing anyway? Can we just not use regular logic for it.

For forging signatures, the keys are anyways created by secp256k1_ec_pubkey_create

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we cannot switch to requiring public keys be valid according to standard rules. Not only does it break the RL fuzzers (see #271) but its also really slow, which can make fuzzers untenable.

/// - 0x02||pk_bytes -> pk_bytes||[0xaa;32]
/// - 0x03||pk_bytes -> pk_bytes||[0xbb;32]
/// - 0x04||pk_bytes -> pk_bytes
/// This leaves the room for collision between compressed and uncompressed pks,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, maybe I'm confused by this. What is the collision here and why would it ever be an issue?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Never mind, this is not an issue. But what I meant by collision is the following

let pk = PublicKey::from_str("0x04<32bytes><0xaa;32>"); // Should be considered uncompressed, but is considered as compressed. 

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Public keys don't, themselves, have any concept of "compressed" or not? That's purely a serialization-time difference, no?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants