Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Libspark fuzzing harness #1340

Merged
merged 163 commits into from
Nov 16, 2023
Merged

Libspark fuzzing harness #1340

merged 163 commits into from
Nov 16, 2023

Conversation

man2706kum
Copy link
Contributor

This PR includes fuzzing harness for libspark. The harness is inside src/fuzz/. The quick start guide can be found in src/fuzz/README.md

levonpetrosyan93 and others added 30 commits June 1, 2022 01:51
std::vector<secp_primitives::GroupElement> ge_vec;
ge_vec.resize(len);
for (int i = 0; i <= len; i++) {
ge_vec.push_back(GetGroupElement());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resize creates len number of infinity GroupElements and pushes into ge_vec, and here we push len+1 number of GroupElements, is this function suppose to work that way?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove binary files. I assume these are built from the sources

std::vector<secp_primitives::GroupElement> FuzzedSecp256k1Object::GetGroupElements(int len) {
std::vector<secp_primitives::GroupElement> ge_vec;
ge_vec.resize(len);
for (int i = 0; i < len; i++) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need this loop, as ge_vec.resize(len) does the same, or do reserve() instead of resize().

# Fuzzing libspark

## Quickstart Guide
### Dependencies
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is missing several boost and openssl dependencies that are required for the build to succeed.


2. Build firo:

Follow the instructions from https://github.com/firoorg/firo/tree/spark#readme
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This contradicts the git clone command in the next step.

* In order to fuzz `firo/src/libpark` using Honggfuzz:

```
git clone -b spark_fuzz_blog https://github.com/hashcloak/firo.git
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be changed to the upstream repository.

1. create a directory to save all the crahses.
2. Inside the directory run:
```
hongfuzz -i <path_of_input_corpora>/<filename_inputs> -- ./<filename_hfuzz> ___FILE___
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/hongfuzz/honggfuzz


example:
1. `mkdir src/fuzz/bpplus_results && cd src/fuzz/bpplus_results`
2. `hongfuzz -i ../../inputs/bpplus_inputs -- ./../../libspark/bpplus_hfuzz ___FILE___`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above, hongfuzz is a typo. Also, the relative path to the instrumented binary is incorrect.

2. `hongfuzz -i ../../inputs/bpplus_inputs -- ./../../libspark/bpplus_hfuzz ___FILE___`
3. To stop press `ctrl+c`

If there is no input corpora, empty corpora can be provided.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide a note that this means creating and passing an empty directory via -i.

@reubenyap reubenyap merged commit 92a2050 into firoorg:spark Nov 16, 2023
1 check passed
reubenyap pushed a commit that referenced this pull request Nov 21, 2023
* Squash

* Replace coin cover sets with Merkle roots for transcript purposes

* Support multiple output coins in mint transactions

* Use aggregate Schnorr proofs for multiple-output mint transactions

* Add versioning to proving system transcript labels

* Refactoring mobile api for Lelantus

* Typo fixed

* Updating getanonymityset rpc to get part of the set

* Adding getfeerate rpc

* Parsing issue fixed

* Fixing typo in getfeerate rpc

* Adding getcoinsforrecovery rpc

* Including block hash into recovery rpc

* Fixed json creation in getcoinsforrecovery rpc

* Putting tx hash instead of block hash into coin list for recovery

* Pushing sets as vector of json files

* Fixed json creation

* Returning sets separately during restoration

* getanonymityset and getusedcoinserials rpc calls refactored

* Compilation fixed

* Fixed getusedcoinserials argument number bug

* Spark address/key serialization functions implemented

* CSparkWallet and mint db functions added

* Spark mint tx creation, GetAvailableSparkCoins() implemented

* Bind serial commitments to chain context

* Use default curve generator for spend component

* Completed merge

* Use default address when auto minting

* Adding domain separators when doing hashes

* Adding version and checksum in address serialization

* Saving serial_context into CSparkMintMeta

* Moving Spark related code into separate directory

* Spark state implemented

* More state functionality implemented

* Adding Spark state into mempool

* More spark state functionality implemented

* Embed KDF derived key size into hash instantiation

* Generalize range proofs to arbitrary set sizes

* WIP: spend verification batching

* Use a key-committing AEAD construction

* Use base64 to make transferred data smaller

* Spark balance proof fixed

* Index for mobile api optimized

* Adds an encoding method for address scrambling

* Fix a typo

* Switch from hex to `bech32m` encoding

* Add tests

* SpendTransaction refactored and added serialization for it

* Review comment applied and fixed a bug in mint generation

* Spark spend creation

* Spark spend verification

* More state functionality implemented and bug fixes

* Some bug fixes and cleanup

* Bug fixes and review comments resolved

* More review comments resolved

* Adding several rpc calls for spark

* Adding more rpc calls

* Failing unittests fixed

* Devnet Spark HF block

* Version bump

* LelantusToSpark function implemented

* Refactoring of file paths

* lelantustospark rpc name refactored

* Adding check to stop lelantus on consensus level

* Fixing bug resulting batch verification fail

* Minor fixes on lelantustospark rpc

* Use new thread to recognize spark mints/spends

* Recognizing spark mints and spends during wallet scan

* Wallet spark tx scanning

* Spark limits

* Version bump

* Review fixes (#1218)

Addresses issues FLS-01, FLS-02, FLS-03, FLS-07 from the HashCloak review.

* Fix minor corner case issue

* Review fixes

* Add spark fee into gettransaction rpc

* Fixing crashes on some platforms

* Rpc tests fixed

* Rpc tests fixed

* Adding RPC tests for Spark

* Crashing issue and failing tests fixed

* Fixing unstable unittest

* Fixed remining conflict

* Adding several more unitests

* Adding one more rpc test

* Keeping some additional data in block index for mobile/light wallet

* Memo encryption fixed and test added

* Keep additional mint data for Lelantus only when -mobile passed

* Spark mobile api

* Minor inprovements

* Adding more unitests

* Minor fixes

* Add one more unittest

* Detect zero challenges

* isAddressMine implemented

* Typo fix

* Script tests fixed

* Spark state reset in  tests

* isMine() fixed

* Spark tx index

* Rpc test fix and more

* Add mint limit in tx creation

* Devnet graceful period extended

* Remove mint limit

* Version bump

* Spend limits fixed

* Using json object instead of array

* A little cleanup

* Add subtractFeeFromAmount in spark mint creation

* Spend input number limit removed

* Offloaded signing (#1237)

* Use `SHA-512` for broader hash function support

* Use pre-hashed auxiliary data for binding hash

* Simplify binding hash

* Version bump

* Spark address prefix changed

* Compile error fixed

* GetChange for spark spend

* Rpc tests fixed

* Failing unitests fixed

* Rpc test failing

* Improve GetAvailableCredit performance

* Fixed undefined behavior and compilation for macOS

* Rebase finished

* Spend conflict issue fixed

* devnet restart

* Smarter change recognition scheme implemented

* Typo fixed

* LelantusToSpark fixed

* Added anonymize all rpc for spark

* fix spendspark corner case crash

* Fix one more minor bug in spark spend verification

* Add getMintAmount function

* Fix typo in automintspark RPC call (#1253)

* Possible fix for crash on windows

* Update Spark addresses in RPC help with new format (#1256)

* Wallet refactoring

* Abandon spark transactions

* Version bump

* Recognize incoming spark mint

* Batch verification fixed

* Recognize transparent output fixed

* Anonymity set size changed

* Testnet HF blocks set

* Typo fixed

* Lelantus graceful period check in rpc calls

* spendspark rpc refactored

* Help string updated

* Include spark balance into gettotalbalance rpc result

* Fix crash for Apple's recent compiler on ARM64

* Fix for compilation with recent Apple compiler

* rpc tests fixed

* getusedcoinserials fixed

* getusedcoinstags fixed

* Add spark mempool clear

* fix RPC syntax in help (#1289)

* Locked Wallet case covered

* french typo issue fixed (#1295)

* lelantus manual-anonymize page fixed (#1293)

* spark available balance included in getprivatebalance (#1296)

* Subtract fee issue fix

* Reverting commit ddb04d8

* Add a method to request wallet unlock.

* Drop buggy TableViewLastColumnResizingFixer class. bitcoin/bitcoin@fd725c2

* fix Transaction tab resize issue

* Fixing tx not mined issue

* switcher fix

* Making conditions look better

* Fix receive detail tab size issue (#1306)

* Fix receive detail tab size issue

* Fix receive detail tab size issue

* Spark IS fixed

* ZapSparkMints

* Test for Spark IS

* Fixed broken spark state (#1307)

* Fixed broken spark state when a block with more than one spark spend fails lTag check

* Stop CSparkState::AddSpend from throwing an exception

* Adding cover set  existance check

* Failing test fixed

---------

Co-authored-by: levonpetrosyan93 <petrosyan.levon93@gmail.com>

* Bumped spark start block numbers for mainnet

* Don't throw an exception in CSparkState::RemoveBlock

* QT: Transaction tab columns size fix (#1335)

* QT: Amount column size fix

* QT: Status column size fix

* Fixed crash when -mobile passed

* Unlock screen for spark first run

* Temporarily bypass check for walletpassphrase rpc

* Depends NO_WALLET=1 setting fix (#1321)

* Spend remaining sigma coins in lelantustospark rpc

* Fix removetxmempool rpc

* Fix help strings for mint/spendspark rpc calls

* Fix for #1328

* Integrate Spark into QT (#1263)

* integrate spark

* update default of Requested payments history, combine mintspark trans, update nTxFee

* update spark address book

* fix bug for spark address book

* add default spark address into spark address book

* update migrateLelantusToSpark

* fix spendspark crash

* update typo

* integrate Anonymize All

* merge remote branch firo

* fix migrateLelantusToSpark

* remove close X of the migrate dialog

* remove close X of the private dialog

* fix the migration issues

* fix the migration issues

* update for verifying migration

* update for verifying migration

* update calculating estimated fee of spendspark

* fix mintspark/spendspark from an another wallet

* fix crash if using the existing wallet

* fix bug 1282 & 1288

* Add output spark address & amount

* Merge remote-tracking branch 'firo/spark' into spark

* remove i

* remove addresstype

* fix edit spark label, size of address col in transaction history

* Version bump

* Fix Spark address view on recieverequestdialog

* Merge conflict fixed

* Review commit resolved

* Remove sensitive data from Coin

---------

Co-authored-by: levonpetrosyan93 <petrosyan.levon93@gmail.com>
Co-authored-by: levonpetrosyan93 <45027856+levonpetrosyan93@users.noreply.github.com>

* Build fixed

* RPC tests and more fixed

* Fix Github Actions (#1355)

* Disable building libconsensus for Windows in CI

* setuptools workaround for macOS

* Fixed QT crash on startup (#1312)

* Libspark fuzzing harness (#1340)

* Spark address/key serialization functions implemented

* CSparkWallet and mint db functions added

* Spark mint tx creation, GetAvailableSparkCoins() implemented

* Bind serial commitments to chain context

* Use default curve generator for spend component

* Completed merge

* Use default address when auto minting

* Adding domain separators when doing hashes

* Adding version and checksum in address serialization

* Saving serial_context into CSparkMintMeta

* Moving Spark related code into separate directory

* Embed KDF derived key size into hash instantiation

* Generalize range proofs to arbitrary set sizes

* Spark state implemented

* More state functionality implemented

* WIP: spend verification batching

* Adding Spark state into mempool

* Use a key-committing AEAD construction

* More spark state functionality implemented

* Spark balance proof fixed

* Adds an encoding method for address scrambling

* Switch from hex to `bech32m` encoding

* Add tests

* SpendTransaction refactored and added serialization for it

* Review comment applied and fixed a bug in mint generation

* Spark spend creation

* Spark spend verification

* More state functionality implemented and bug fixes

* Some bug fixes and cleanup

* Bug fixes and review comments resolved

* More review comments resolved

* Adding several rpc calls for spark

* Adding more rpc calls

* Failing unittests fixed

* Version bump

* Devnet Spark HF block

* Added fuzz folder for persistent fuzzing libspark fuzzing

* bech32 fuzzing harness for honggfuzz added

* fix bech32_fuzz.cpp

* Added f4grumble fuzzing harness

* Forgot to add return statement to f4grumble_fuzz.cpp

* Moved libspark related fuzzing to its own folder

* Added FuzzedDataProvider.h

* Integrated FuzzedDataProvider.h in bech32_fuzz.cpp

* Fixed fuzzing enum in bech32_fuzz.cpp

* missing semicolon

* Added fuzz folder for persistent fuzzing libspark fuzzing

bech32 fuzzing harness for honggfuzz added

Added f4grumble fuzzing harness

Revert "missing semicolon"

This reverts commit 330cff6.

Fuzzing directory cleanup

Added FuzzedDataProvider.h

* Added fuzzing utilities for group elements and scalars

* Added fuzzing for aead.cpp

* Added vector versions of GetGroupElement and GetScalar in fuzzing_utilities.cpp

* Added single proof fuzz test for bpplus_fuzz

* LelantusToSpark function implemented

* Refactoring of file paths

* lelantustospark rpc name refactored

* Adding check to stop lelantus on consensus level

* Added fuzz folder for persistent fuzzing libspark fuzzing

bech32 fuzzing harness for honggfuzz added

Added f4grumble fuzzing harness

Revert "missing semicolon"

This reverts commit 330cff6.

Fuzzing directory cleanup

Added FuzzedDataProvider.h

* Added fuzzing utilities for group elements and scalars

* Added fuzzing for aead.cpp

* Added vector versions of GetGroupElement and GetScalar in fuzzing_utilities.cpp

* Added single proof fuzz test for bpplus_fuzz

* Changed relative paths of dependencies in secp256k1/src/cpp

* More relative path changes in src/secp256k1

* Changed relative paths in crypto/common.h

* Removed FuzzedSecp256k1Object deconstructor

* Addedd aead_fuzz.cpp and other utilities

Adding check to stop lelantus on consensus level

Added fuzz folder for persistent fuzzing libspark fuzzing

bech32 fuzzing harness for honggfuzz added

Added f4grumble fuzzing harness

Revert "missing semicolon"

This reverts commit 330cff6.

Fuzzing directory cleanup

Added FuzzedDataProvider.h

Added fuzzing utilities for group elements and scalars

Added fuzzing for aead.cpp

* Added vector versions of GetGroupElement and GetScalar in fuzzing_utilities.cpp

* Added single proof fuzz test for bpplus_fuzz

* Changed relative paths of dependencies in secp256k1/src/cpp

* More relative path changes in src/secp256k1

* Changed relative paths in crypto/common.h

* Removed FuzzedSecp256k1Object deconstructor

* Added batch bpplus proofs fuzzing tests

* Changed relative paths in libspark/params.h

* Fixed errors in bpplus_fuzz.cpp

* Fixed more errors

* More fixes in bpplus.cpp

* Completed bpplus_fuzz tests

Added batch bpplus proofs fuzzing tests

Changed relative paths in libspark/params.h

Fixed errors in bpplus_fuzz.cpp

Fixed more errors

More fixes in bpplus.cpp

Changed type of sizes in bpplus_fuzz.cpp

* Added chaum_fuzz.cpp

* Changed relative paths in src/wallet/crypter.h

* Changed relative path in arith_uint256.h

exit

* Completed chaum fuzz tests

Added chaum_fuzz.cpp

Changed relative paths in src/wallet/crypter.h

Changed relative path in arith_uint256.h

exit

* Added schnorr_fuzz.cpp

* Addedd grootle_fuzz.cpp

* Added length to ConsumeBytes call

* Initialized sizes vector via a loop in grootle_fuzz.cpp

* Changed relative paths in support/allocator/secure.h

* Changed relative paths in support/allocator/secure.h again

* Added mint_transaction_fuzz.cpp

* Changed type of parameter in MintTransaction in mint_transaction_fuzz.cpp

* Changed relative path in params.cpp

* Changed relative paths in consensus/params.h

* Changed relative paths in primitives/block.h

* Changed relative paths in primitives/transaction.h

* Changed relative paths in src/script/script.h

* Changed more relative paths in src/script/script.h

* Changed relative paths in crypto/MerkleTreeProof/mtp.h

* Changed relative paths in crypto/MerkleTreeProof/mtp.h. Actually this time.

* Changed relative paths in crypto/progpow.h

* Completed mint_transaction_fuzz.cpp

Added mint_transaction_fuzz.cpp

Changed type of parameter in MintTransaction in mint_transaction_fuzz.cpp

Changed relative path in params.cpp

Changed relative paths in consensus/params.h

Changed relative paths in primitives/block.h

Changed relative paths in primitives/transaction.h

Changed relative paths in src/script/script.h

Changed more relative paths in src/script/script.h

Changed relative paths in crypto/MerkleTreeProof/mtp.h

Changed relative paths in crypto/MerkleTreeProof/mtp.h. Actually this time.

Changed relative paths in crypto/progpow.h

* Added spend_transaction_fuzz.cpp

* Fixed errors in spend_transaction_fuzz.cpp

* Completed spend_transaction_fuzz.cpp

Added spend_transaction_fuzz.cpp

Fixed errors in spend_transaction_fuzz.cpp

* Updated relative paths in MultiExponent.cpp

* fuzzing and coverage of different libspark files

* makefile and code-coverage for libspark

* spend transaction modified

* coverage, input, results removed

* empty and temporary files deleted

* empty files removed

* readme for fuzzing modified

* original paths restored and conflict resolved, flags added in fuzz makefile

* path fixed and merged latest spark

* path fixed

* instructions for installing dependencies added in fuzz readme

* binary removed and loop length resized

* readme modified & vetor size reserved in fuzzing_utilities

---------

Co-authored-by: levonpetrosyan93 <petrosyan.levon93@gmail.com>
Co-authored-by: Aaron Feickert <66188213+AaronFeickert@users.noreply.github.com>
Co-authored-by: Mikerah <mikerah@hashcloak.com>
Co-authored-by: Onur İnanç <e191322@metu.edu.tr>
Co-authored-by: HashCloak <info@hashcloak.com>

* Fix getsparkanonymityset

* Fix second anonymity set bug

* Detect zero challenges in schnorr

* Verion bump

* Fix rpc help strings

* Spark mainnet HF blocks set

* Extended spork support for 1 more year

* Set lelantus graceful period 2 years

---------

Co-authored-by: Aaron Feickert <66188213+AaronFeickert@users.noreply.github.com>
Co-authored-by: Peter Shugalev <peter@shugalev.com>
Co-authored-by: justanwar <42809091+justanwar@users.noreply.github.com>
Co-authored-by: levoncrypto <95240473+levoncrypto@users.noreply.github.com>
Co-authored-by: sproxet <17163658+sproxet@users.noreply.github.com>
Co-authored-by: levoncrypto1994@gmail.com <levoncrypto1994@gmail.com>
Co-authored-by: giangnamnabka <82715242+giangnamnabka@users.noreply.github.com>
Co-authored-by: Manish Kumar <kumarmanish19963@gmail.com>
Co-authored-by: Mikerah <mikerah@hashcloak.com>
Co-authored-by: Onur İnanç <e191322@metu.edu.tr>
Co-authored-by: HashCloak <info@hashcloak.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

7 participants