ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-11-04 11:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b13370ac0d207217354f1fc1c29aef87769fb8a1
rippled/external/ed25519-donna/fuzz/README.md
Bart b13370ac0d chore: Reverts formatting changes to external files, adds formatting changes to proto files (#5711) 
This change reverts the formatting applied to external files and adds formatting of proto files.

As clang-format will complain if a proto file is modified or moved, since the .clang-format file does not explicitly contain a section for proto files, the change has been included in this PR as well.
2025-08-21 15:22:25 -04:00

5.6 KiB
Raw Blame History

This code fuzzes ed25519-donna (and optionally ed25519-donna-sse2) against the ref10 implementations of curve25519 and ed25519.

Curve25519 tests that generating a public key from a secret key

Building

*nix + PHP

php build-nix.php (required parameters) (optional parameters)

Required parameters:

  • --function=[curve25519,ed25519]
  • --bits=[32,64]

Optional parameters:

  • --with-sse2

    Also fuzz against ed25519-donna-sse2

  • --with-openssl

    Build with OpenSSL's SHA-512.

    Default: Reference SHA-512 implementation (slow!)

  • --compiler=[gcc,clang,icc]

    Default: gcc

  • --no-asm

    Do not use platform specific assembler

example:

php build-nix.php --bits=64 --function=ed25519 --with-sse2 --compiler=icc

Windows

Create a project with access to the ed25519 files.

If you are not using OpenSSL, add the ED25519_REFHASH define to the projects "Properties/Preprocessor/Preprocessor Definitions" option

Add the following files to the project:

  • fuzz/curve25519-ref10.c
  • fuzz/ed25519-ref10.c
  • fuzz/ed25519-donna.c
  • fuzz/ed25519-donna-sse2.c (optional)
  • fuzz-[curve25519/ed25519].c (depending on which you want to fuzz)

If you are also fuzzing against ed25519-donna-sse2, add the ED25519_SSE2 define for fuzz-[curve25519/ed25519].c under its "Properties/Preprocessor/Preprocessor Definitions" option.

Running

If everything agrees, the program will only output occasional status dots (every 0x1000 passes) and a 64bit progress count (every 0x20000 passes):

fuzzing:  ref10 curved25519 curved25519-sse2

................................ [0000000000020000]
................................ [0000000000040000]
................................ [0000000000060000]
................................ [0000000000080000]
................................ [00000000000a0000]
................................ [00000000000c0000]

If any of the implementations do not agree with the ref10 implementation, the program will dump the random data that was used, the data generated by the ref10 implementation, and diffs of the ed25519-donna data against the ref10 data.

Example errors

These are example error dumps (with intentionally introduced errors).

Ed25519

Random data:

  • sk, or Secret Key
  • m, or Message

Generated data:

  • pk, or Public Key
  • sig, or Signature
  • valid, or if the signature of the message is valid with the public key

Dump:

sk:
0x3b,0xb7,0x17,0x7a,0x66,0xdc,0xb7,0x9a,0x90,0x25,0x07,0x99,0x96,0xf3,0x92,0xef,
0x78,0xf8,0xad,0x6c,0x35,0x87,0x81,0x67,0x03,0xe6,0x95,0xba,0x06,0x18,0x7c,0x9c,

m:
0x7c,0x8d,0x3d,0xe1,0x92,0xee,0x7a,0xb8,0x4d,0xc9,0xfb,0x02,0x34,0x1e,0x5a,0x91,
0xee,0x01,0xa6,0xb8,0xab,0x37,0x3f,0x3d,0x6d,0xa2,0x47,0xe3,0x27,0x93,0x7c,0xb7,
0x77,0x07,0xb6,0x88,0x41,0x22,0xf3,0x3f,0xce,0xcb,0x6b,0x3e,0x2b,0x23,0x68,0x7f,
0x5b,0xb9,0xda,0x04,0xbb,0xae,0x42,0x50,0xf5,0xe9,0xc5,0x11,0xbd,0x52,0x76,0x98,
0xf1,0x87,0x09,0xb9,0x89,0x0a,0x52,0x69,0x01,0xce,0xe0,0x4a,0xa6,0x46,0x5a,0xe1,
0x63,0x14,0xe0,0x81,0x52,0xec,0xcd,0xcf,0x70,0x54,0x7d,0xa3,0x49,0x8b,0xf0,0x89,
0x70,0x07,0x12,0x2a,0xd9,0xaa,0x16,0x01,0xb2,0x16,0x3a,0xbb,0xfc,0xfa,0x13,0x5b,
0x69,0x83,0x92,0x70,0x95,0x76,0xa0,0x8e,0x16,0x79,0xcc,0xaa,0xb5,0x7c,0xf8,0x7a,

ref10:
pk:
0x71,0xb0,0x5e,0x62,0x1b,0xe3,0xe7,0x36,0x91,0x8b,0xc0,0x13,0x36,0x0c,0xc9,0x04,
0x16,0xf5,0xff,0x48,0x0c,0x83,0x6b,0x88,0x53,0xa2,0xc6,0x0f,0xf7,0xac,0x42,0x04,

sig:
0x3e,0x05,0xc5,0x37,0x16,0x0b,0x29,0x30,0x89,0xa3,0xe7,0x83,0x08,0x16,0xdd,0x96,
0x02,0xfa,0x0d,0x44,0x2c,0x43,0xaa,0x80,0x93,0x04,0x58,0x22,0x09,0xbf,0x11,0xa5,
0xcc,0xa5,0x3c,0x9f,0xa0,0xa4,0x64,0x5a,0x4a,0xdb,0x20,0xfb,0xc7,0x9b,0xfd,0x3f,
0x08,0xae,0xc4,0x3c,0x1e,0xd8,0xb6,0xb4,0xd2,0x6d,0x80,0x92,0xcb,0x71,0xf3,0x02,

valid: yes

ed25519-donna:
pk diff:
____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,
____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,

sig diff:
0x2c,0xb9,0x25,0x14,0xd0,0x94,0xeb,0xfe,0x46,0x02,0xc2,0xe8,0xa3,0xeb,0xbf,0xb5,
0x72,0x84,0xbf,0xc1,0x8a,0x32,0x30,0x99,0xf7,0x58,0xfe,0x06,0xa8,0xdc,0xdc,0xab,
0xb5,0x57,0x03,0x33,0x87,0xce,0x54,0x55,0x6a,0x69,0x8a,0xc4,0xb7,0x2a,0xed,0x97,
0xb4,0x68,0xe7,0x52,0x7a,0x07,0x55,0x3b,0xa2,0x94,0xd6,0x5e,0xa1,0x61,0x80,0x08,

valid: no

In this case, the generated public key matches, but the generated signature is completely different and does not validate.

Curve25519

Random data:

  • sk, or Secret Key

Generated data:

  • pk, or Public Key

Dump:

sk:
0x44,0xec,0x0b,0x0e,0xa2,0x0e,0x9c,0x5b,0x8c,0xce,0x7b,0x1d,0x68,0xae,0x0f,0x9e,
0x81,0xe2,0x04,0x76,0xda,0x87,0xa4,0x9e,0xc9,0x4f,0x3b,0xf9,0xc3,0x89,0x63,0x70,


ref10:
0x24,0x55,0x55,0xc0,0xf9,0x80,0xaf,0x02,0x43,0xee,0x8c,0x7f,0xc1,0xad,0x90,0x95,
0x57,0x91,0x14,0x2e,0xf2,0x14,0x22,0x80,0xdd,0x4e,0x3c,0x85,0x71,0x84,0x8c,0x62,


curved25519 diff:
0x12,0xd1,0x61,0x2b,0x16,0xb3,0xd8,0x29,0xf8,0xa3,0xba,0x70,0x4e,0x49,0x4f,0x43,
0xa1,0x3c,0x6b,0x42,0x11,0x61,0xcc,0x30,0x87,0x73,0x46,0xfb,0x85,0xc7,0x9a,0x35,


curved25519-sse2 diff:
____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,
____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,____,

In this case, curved25519 is totally wrong, while curved25519-sse2 matches the reference implementation.