diff options
Diffstat (limited to 'src/ext/ed25519/donna/fuzz/README.md')
| -rw-r--r-- | src/ext/ed25519/donna/fuzz/README.md | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/src/ext/ed25519/donna/fuzz/README.md b/src/ext/ed25519/donna/fuzz/README.md new file mode 100644 index 0000000000..306ddfe08c --- /dev/null +++ b/src/ext/ed25519/donna/fuzz/README.md @@ -0,0 +1,173 @@ +This code fuzzes ed25519-donna (and optionally ed25519-donna-sse2) against the ref10 implementations of +[curve25519](https://github.com/floodyberry/supercop/tree/master/crypto_scalarmult/curve25519/ref10) and +[ed25519](https://github.com/floodyberry/supercop/tree/master/crypto_sign/ed25519/ref10). + +Curve25519 tests that generating a public key from a secret key + +# Building + +## *nix + PHP + +`php build-nix.php (required parameters) (optional parameters)` + +Required parameters: + +* `--function=[curve25519,ed25519]` +* `--bits=[32,64]` + +Optional parameters: + +* `--with-sse2` + + Also fuzz against ed25519-donna-sse2 +* `--with-openssl` + + Build with OpenSSL's SHA-512. + + Default: Reference SHA-512 implementation (slow!) + +* `--compiler=[gcc,clang,icc]` + + Default: gcc + +* `--no-asm` + + Do not use platform specific assembler + + +example: + + php build-nix.php --bits=64 --function=ed25519 --with-sse2 --compiler=icc + +## Windows + +Create a project with access to the ed25519 files. + +If you are not using OpenSSL, add the `ED25519_REFHASH` define to the projects +"Properties/Preprocessor/Preprocessor Definitions" option + +Add the following files to the project: + +* `fuzz/curve25519-ref10.c` +* `fuzz/ed25519-ref10.c` +* `fuzz/ed25519-donna.c` +* `fuzz/ed25519-donna-sse2.c` (optional) +* `fuzz-[curve25519/ed25519].c` (depending on which you want to fuzz) + +If you are also fuzzing against ed25519-donna-sse2, add the `ED25519_SSE2` define for `fuzz-[curve25519/ed25519].c` under +its "Properties/Preprocessor/Preprocessor Definitions" option. + +# Running + +If everything agrees, the program will only output occasional status dots (every 0x1000 passes) +and a 64bit progress count (every 0x20000 passes): + + fuzzing: ref10 curved25519 curved25519-sse2 + + ................................ [0000000000020000] + ................................ [0000000000040000] + ................................ [0000000000060000] + ................................ [0000000000080000] + ................................ [00000000000a0000] + ................................ [00000000000c0000] + +If any of the implementations do not agree with the ref10 implementation, the program will dump +the random data that was used, the data generated by the ref10 implementation, and diffs of the +ed25519-donna data against the ref10 data. + +## Example errors + +These are example error dumps (with intentionally introduced errors). + +### Ed25519 + +Random data: + +* sk, or Secret Key +* m, or Message + +Generated data: + +* pk, or Public Key +* sig, or Signature +* valid, or if the signature of the message is valid with the public key + +Dump: + + sk: + 0x3b,0xb7,0x17,0x7a,0x66,0xdc,0xb7,0x9a,0x90,0x25,0x07,0x99,0x96,0xf3,0x92,0xef, + 0x78,0xf8,0xad,0x6c,0x35,0x87,0x81,0x67,0x03,0xe6,0x95,0xba,0x06,0x18,0x7c,0x9c, + + m: + 0x7c,0x8d,0x3d,0xe1,0x92,0xee,0x7a,0xb8,0x4d,0xc9,0xfb,0x02,0x34,0x1e,0x5a,0x91, + 0xee,0x01,0xa6,0xb8,0xab,0x37,0x3f,0x3d,0x6d,0xa2,0x47,0xe3,0x27,0x93,0x7c,0xb7, + 0x77,0x07,0xb6,0x88,0x41,0x22,0xf3,0x3f,0xce,0xcb,0x6b,0x3e,0x2b,0x23,0x68,0x7f, + 0x5b,0xb9,0xda,0x04,0xbb,0xae,0x42,0x50,0xf5,0xe9,0xc5,0x11,0xbd,0x52,0x76,0x98, + 0xf1,0x87,0x09,0xb9,0x89,0x0a,0x52,0x69,0x01,0xce,0xe0,0x4a,0xa6,0x46,0x5a,0xe1, + 0x63,0x14,0xe0,0x81,0x52,0xec,0xcd,0xcf,0x70,0x54,0x7d,0xa3,0x49,0x8b,0xf0,0x89, + 0x70,0x07,0x12,0x2a,0xd9,0xaa,0x16,0x01,0xb2,0x16,0x3a,0xbb,0xfc,0xfa,0x13,0x5b, + 0x69,0x83,0x92,0x70,0x95,0x76,0xa0,0x8e,0x16,0x79,0xcc,0xaa,0xb5,0x7c,0xf8,0x7a, + + ref10: + pk: + 0x71,0xb0,0x5e,0x62,0x1b,0xe3,0xe7,0x36,0x91,0x8b,0xc0,0x13,0x36,0x0c,0xc9,0x04, + 0x16,0xf5,0xff,0x48,0x0c,0x83,0x6b,0x88,0x53,0xa2,0xc6,0x0f,0xf7,0xac,0x42,0x04, + + sig: + 0x3e,0x05,0xc5,0x37,0x16,0x0b,0x29,0x30,0x89,0xa3,0xe7,0x83,0x08,0x16,0xdd,0x96, + 0x02,0xfa,0x0d,0x44,0x2c,0x43,0xaa,0x80,0x93,0x04,0x58,0x22,0x09,0xbf,0x11,0xa5, + 0xcc,0xa5,0x3c,0x9f,0xa0,0xa4,0x64,0x5a,0x4a,0xdb,0x20,0xfb,0xc7,0x9b,0xfd,0x3f, + 0x08,0xae,0xc4,0x3c,0x1e,0xd8,0xb6,0xb4,0xd2,0x6d,0x80,0x92,0xcb,0x71,0xf3,0x02, + + valid: yes + + ed25519-donna: + pk diff: + ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____, + ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____, + + sig diff: + 0x2c,0xb9,0x25,0x14,0xd0,0x94,0xeb,0xfe,0x46,0x02,0xc2,0xe8,0xa3,0xeb,0xbf,0xb5, + 0x72,0x84,0xbf,0xc1,0x8a,0x32,0x30,0x99,0xf7,0x58,0xfe,0x06,0xa8,0xdc,0xdc,0xab, + 0xb5,0x57,0x03,0x33,0x87,0xce,0x54,0x55,0x6a,0x69,0x8a,0xc4,0xb7,0x2a,0xed,0x97, + 0xb4,0x68,0xe7,0x52,0x7a,0x07,0x55,0x3b,0xa2,0x94,0xd6,0x5e,0xa1,0x61,0x80,0x08, + + valid: no + +In this case, the generated public key matches, but the generated signature is completely +different and does not validate. + +### Curve25519 + +Random data: + +* sk, or Secret Key + +Generated data: + +* pk, or Public Key + +Dump: + + sk: + 0x44,0xec,0x0b,0x0e,0xa2,0x0e,0x9c,0x5b,0x8c,0xce,0x7b,0x1d,0x68,0xae,0x0f,0x9e, + 0x81,0xe2,0x04,0x76,0xda,0x87,0xa4,0x9e,0xc9,0x4f,0x3b,0xf9,0xc3,0x89,0x63,0x70, + + + ref10: + 0x24,0x55,0x55,0xc0,0xf9,0x80,0xaf,0x02,0x43,0xee,0x8c,0x7f,0xc1,0xad,0x90,0x95, + 0x57,0x91,0x14,0x2e,0xf2,0x14,0x22,0x80,0xdd,0x4e,0x3c,0x85,0x71,0x84,0x8c,0x62, + + + curved25519 diff: + 0x12,0xd1,0x61,0x2b,0x16,0xb3,0xd8,0x29,0xf8,0xa3,0xba,0x70,0x4e,0x49,0x4f,0x43, + 0xa1,0x3c,0x6b,0x42,0x11,0x61,0xcc,0x30,0x87,0x73,0x46,0xfb,0x85,0xc7,0x9a,0x35, + + + curved25519-sse2 diff: + ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____, + ____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____, + + +In this case, curved25519 is totally wrong, while curved25519-sse2 matches the reference +implementation.
\ No newline at end of file |