Skip to content

catenacyber/elliptic-curve-differential-fuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits

corpus

corpus

 
 

modules

modules

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

fuzz_ec.c

fuzz_ec.c

 
 

fuzz_ec.dict

fuzz_ec.dict

 
 

fuzz_ec.h

fuzz_ec.h

 
 

gencorp.py

gencorp.py

 
 

main.c

main.c

 
 

Repository files navigation

ecfuzzer

Differential fuzzing for elliptic curves

Build

You can build a standalone binary with classic cmake commands

mkdir build
cd build
cmake ..
make

This standalone binary expects one argument, a file name, whose contents will be processed.

You can check out build.sh from oss-fuzz to build a fuzzing binary.

Architecture

List of files :

  • main.c : main function for processing one file
  • fuzz_ec.c : fuzz target, ie LLVMFuzzerTestOneInput function
  • fuzz_ec.h : common structures for modules
  • modules : directory with one file per module

Processing

The input buffer must be at least 4 bytes :

  • 2 bytes are used to reference the curve (using the reference identifiers from TLS protocol)
  • at least 1 byte for two big integers

For each module, the fuzzer will :

  • load the curve (if the module does not know the curve, it is ok)
  • do a scalar multiplication of first big integer with curve generator
  • do a second scalar multiplication of second big integer with point resulting from first multiplication
  • check the return code (abort on failure)
  • check the result (point coordinates) with the previous module (abort on first difference)

About

Differential fuzzing for elliptic curves

Resources

Readme

License

GPL-3.0 license
Activity

Stars

21 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages