From 35cc81a473f2deca5e585ed1a2c54c616b34802e Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Fri, 25 Jun 2021 18:04:12 +0200 Subject: [PATCH] [cryptofuzz] Add Noble libraries (#5966) --- projects/cryptofuzz/Dockerfile | 7 ++- projects/cryptofuzz/build.sh | 101 ++++++++++++++++++++++++--------- 2 files changed, 81 insertions(+), 27 deletions(-) diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile index 94dd75c21..3fad02d42 100644 --- a/projects/cryptofuzz/Dockerfile +++ b/projects/cryptofuzz/Dockerfile @@ -42,7 +42,6 @@ RUN hg clone https://hg.mozilla.org/projects/nss RUN git clone --depth 1 https://github.com/jedisct1/libsodium.git RUN git clone --depth 1 https://github.com/libtom/libtomcrypt.git RUN git clone --depth 1 https://github.com/microsoft/SymCrypt.git -RUN git clone --depth 1 https://git.lysator.liu.se/nettle/nettle RUN hg clone https://gmplib.org/repo/gmp/ libgmp/ RUN wget https://www.bytereef.org/software/mpdecimal/releases/mpdecimal-2.5.1.tar.gz RUN git clone --depth 1 https://github.com/indutny/bn.js.git @@ -52,8 +51,14 @@ RUN git clone --depth 1 https://github.com/brix/crypto-js.git RUN git clone --depth 1 https://github.com/LoupVaillant/Monocypher.git RUN git clone --depth 1 https://github.com/trezor/trezor-firmware.git RUN git clone --depth 1 https://github.com/Cyan4973/xxHash.git +RUN git clone --depth 1 https://github.com/paulmillr/noble-ed25519.git +RUN git clone --depth 1 https://github.com/paulmillr/noble-bls12-381.git +RUN git clone --depth 1 https://github.com/paulmillr/noble-secp256k1.git +RUN git clone --depth 1 https://github.com/supranational/blst.git +RUN git clone --depth 1 https://github.com/bitcoin-core/secp256k1.git RUN apt-get remove -y libunwind8 RUN apt-get install -y libssl-dev RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 +RUN wget https://nodejs.org/dist/v14.17.1/node-v14.17.1-linux-x64.tar.xz COPY build.sh xxd.c $SRC/ diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh index 433c47a3e..9bab0b79f 100755 --- a/projects/cryptofuzz/build.sh +++ b/projects/cryptofuzz/build.sh @@ -20,6 +20,15 @@ export GO111MODULE=off +if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]] +then + # Install nodejs/npm + # It is required for building noble-bls12-381 + cd $SRC/ + tar Jxf node-v14.17.1-linux-x64.tar.xz + export PATH="$PATH:$SRC/node-v14.17.1-linux-x64/bin/" +fi + # Compile xxd $CC $SRC/xxd.c -o /usr/bin/xxd @@ -138,6 +147,72 @@ then make -B fi +# Build blst +cd $SRC/blst/ +# Patch to disable assembly +# This is to prevent false positives, see: +# https://github.com/google/oss-fuzz/issues/5914 +touch new_no_asm.h +echo "#if LIMB_T_BITS==32" >>new_no_asm.h +echo "typedef unsigned long long llimb_t;" >>new_no_asm.h +echo "#else" >>new_no_asm.h +echo "typedef __uint128_t llimb_t;" >>new_no_asm.h +echo "#endif" >>new_no_asm.h +cat src/no_asm.h >>new_no_asm.h +mv new_no_asm.h src/no_asm.h +CFLAGS="$CFLAGS -D__BLST_NO_ASM__ -D__BLST_PORTABLE__" ./build.sh +export BLST_LIBBLST_A_PATH=$(realpath libblst.a) +export BLST_INCLUDE_PATH=$(realpath bindings/) +export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BLST" + +# Compile Cryptofuzz blst module +cd $SRC/cryptofuzz/modules/blst/ +make -B -j$(nproc) + +# Build libsecp256k1 +cd $SRC/secp256k1/ +autoreconf -ivf +export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SECP256K1" +if [[ $CFLAGS = *sanitize=memory* ]] +then + ./configure --enable-static --disable-tests --disable-benchmark --disable-exhaustive-tests --enable-module-recovery --enable-experimental --enable-module-schnorrsig --enable-module-ecdh --with-asm=no +else + ./configure --enable-static --disable-tests --disable-benchmark --disable-exhaustive-tests --enable-module-recovery --enable-experimental --enable-module-schnorrsig --enable-module-ecdh +fi +make +export SECP256K1_INCLUDE_PATH=$(realpath include) +export LIBSECP256K1_A_PATH=$(realpath .libs/libsecp256k1.a) + +# Compile Cryptofuzz libsecp256k1 module +cd $SRC/cryptofuzz/modules/secp256k1/ +make -B -j$(nproc) + +if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]] +then + # noble-secp256k1 + cd $SRC/cryptofuzz/modules/noble-secp256k1/ + export NOBLE_SECP256K1_PATH="$SRC/noble-secp256k1/index.js" + export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NOBLE_SECP256K1" + make -B + + # noble-bls12-381 + cd $SRC/noble-bls12-381/ + cp math.ts new_index.ts + $(awk '/^export/ {print "tail -n +"FNR+1" index.ts"; exit}' index.ts) >>new_index.ts + mv new_index.ts index.ts + npm install && npm run build + export NOBLE_BLS12_381_PATH=$(realpath index.js) + export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NOBLE_BLS12_381" + cd $SRC/cryptofuzz/modules/noble-bls12-381/ + make -B + + # noble-ed25519 + cd $SRC/cryptofuzz/modules/noble-ed25519/ + export NOBLE_ED25519_PATH="$SRC/noble-ed25519/index.js" + export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NOBLE_ED25519" + make -B +fi + # Compile SymCrypt cd $SRC/SymCrypt/ if [[ $CFLAGS != *sanitize=array-bounds* ]] @@ -160,32 +235,6 @@ then make -B fi -# Compile Nettle -mkdir $SRC/nettle-install/ -cd $SRC/nettle/ -bash .bootstrap -if [[ $CFLAGS != *sanitize=memory* ]] -then - ./configure --disable-documentation --disable-openssl --prefix=`realpath ../nettle-install` -else - ./configure --disable-documentation --disable-openssl --disable-assembler --prefix=`realpath ../nettle-install` -fi -make -j$(nproc) -make install -if [[ $CFLAGS != *-m32* ]] -then -export LIBNETTLE_A_PATH=`realpath ../nettle-install/lib/libnettle.a` -export LIBHOGWEED_A_PATH=`realpath ../nettle-install/lib/libhogweed.a` -else -export LIBNETTLE_A_PATH=`realpath ../nettle-install/lib32/libnettle.a` -export LIBHOGWEED_A_PATH=`realpath ../nettle-install/lib32/libhogweed.a` -fi -export NETTLE_INCLUDE_PATH=`realpath ../nettle-install/include` -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NETTLE" -# Compile Cryptofuzz Nettle module -cd $SRC/cryptofuzz/modules/nettle -make -B - # Compile libgmp if [[ $CFLAGS != *sanitize=memory* ]] then