crypto/secp256k1: fix undefined behavior in BitCurve.Add (#22621)

2026-06-19 21:31:37 +00:00 · 2024-11-29 16:08:31 +08:00 · 2024-11-29 16:08:31 +08:00 · 5ee26e04ed
commit 5ee26e04ed
parent 7711f4b76d
4 changed files with 61 additions and 0 deletions
--- a/go.mod
+++ b/go.mod
@ -47,6 +47,7 @@ require (
 	github.com/consensys/gnark-crypto v0.4.1-0.20210426202927-39ac3d4b3f1f
 	github.com/deckarep/golang-set v1.8.0
 	github.com/dop251/goja v0.0.0-20200721192441-a695b0cdd498
+	github.com/google/gofuzz v1.2.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.17
 	github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible
--- a/go.sum
+++ b/go.sum
@ -63,6 +63,8 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
--- a/tests/fuzzers/secp256k1/secp_fuzzer.go
+++ b/tests/fuzzers/secp256k1/secp_fuzzer.go
@ -0,0 +1,50 @@
+// Copyright 2021 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+// build +gofuzz
+
+package secp256k1
+
+import (
+	"fmt"
+
+	"github.com/btcsuite/btcd/btcec"
+	"github.com/XinFinOrg/XDPoSChain/crypto/secp256k1"
+	fuzz "github.com/google/gofuzz"
+)
+
+func Fuzz(input []byte) int {
+	var (
+		fuzzer = fuzz.NewFromGoFuzz(input)
+		curveA = secp256k1.S256()
+		curveB = btcec.S256()
+		dataP1 []byte
+		dataP2 []byte
+	)
+	// first point
+	fuzzer.Fuzz(&dataP1)
+	x1, y1 := curveB.ScalarBaseMult(dataP1)
+	// second point
+	fuzzer.Fuzz(&dataP2)
+	x2, y2 := curveB.ScalarBaseMult(dataP2)
+	resAX, resAY := curveA.Add(x1, y1, x2, y2)
+	resBX, resBY := curveB.Add(x1, y1, x2, y2)
+	if resAX.Cmp(resBX) != 0 || resAY.Cmp(resBY) != 0 {
+		fmt.Printf("%s %s %s %s\n", x1, y1, x2, y2)
+		panic(fmt.Sprintf("Addition failed: geth: %s %s btcd: %s %s", resAX, resAY, resBX, resBY))
+	}
+	return 0
+}
--- a/tests/fuzzers/secp256k1/secp_test.go
+++ b/tests/fuzzers/secp256k1/secp_test.go
@ -0,0 +1,8 @@
+package secp256k1
+
+import "testing"
+
+func TestFuzzer(t *testing.T) {
+	test := "00000000N0000000/R00000000000000000U0000S0000000mkhP000000000000000U"
+	Fuzz([]byte(test))
+}