Skip to content

catenacyber/elliptic-curve-differential-fuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
corpus
corpus
 
 
modules
modules
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fuzz_ec.c
fuzz_ec.c
 
 
fuzz_ec.dict
fuzz_ec.dict
 
 
fuzz_ec.h
fuzz_ec.h
 
 
gencorp.py
gencorp.py
 
 
main.c
main.c
 
 

Repository files navigation

ecfuzzer

Differential fuzzing for elliptic curves

Build

You can build a standalone binary with classic cmake commands

mkdir build
cd build
cmake ..
make

This standalone binary expects one argument, a file name, whose contents will be processed.

You can check out build.sh from oss-fuzz to build a fuzzing binary.

Architecture

List of files :

  • main.c : main function for processing one file
  • fuzz_ec.c : fuzz target, ie LLVMFuzzerTestOneInput function
  • fuzz_ec.h : common structures for modules
  • modules : directory with one file per module

Processing

The input buffer must be at least 4 bytes :

  • 2 bytes are used to reference the curve (using the reference identifiers from TLS protocol)
  • at least 1 byte for two big integers

For each module, the fuzzer will :

  • load the curve (if the module does not know the curve, it is ok)
  • do a scalar multiplication of first big integer with curve generator
  • do a second scalar multiplication of second big integer with point resulting from first multiplication
  • check the return code (abort on failure)
  • check the result (point coordinates) with the previous module (abort on first difference)

About

Differential fuzzing for elliptic curves

Resources

Readme

License

GPL-3.0 license
Activity

Stars

23 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages