Add fuzzing testing #1215
Comments
|
I'd like to suggest and champion an effort integrating liboqs with google/oss-fuzz. If you aren't familiar with it, Google offers a free (for open source) continuous fuzzing service called OSS-fuzz. I've opened up a draft pull request to add a super basic fuzz-testing harness here #1905. It needs a little bit of tidying before it's ready to go but I thought I'd guage interest before polishing it up. The general process would look something like this.
Let me know what your thoughts are on this :) |
This would be very welcome, @silvergasp ! Thanks a million for the suggestion and apparent commitment!! As you seem to be an Independent Contributor like me (trying to establish that notion towards the corporate/LF folks :) I shall provide any possibly needed assistance with this, e.g., helping #1905 move to merge-ability, so please be sure to tag me when needed.
In a nutshell: LGTM :) Details to follow once this moves forward, I guess. |
Cheers mate. Yeah I'm an independent contributor. I've gone ahead and opened up a draft pull request over at oss-fuzz google/oss-fuzz#12408 that will function as both the integration and the "application" process. Everything seems to be working well locally and the CI is passing. A few things I'll need to move that PR forward (in the order that they need to happen);
I've gone ahead and polished up #1905 and I think it's ready for review. It's just a super-basic fuzzer that's mostly adapted from one of the examples. But the goal was just to get all the infrastructure in place so that more complex/useful fuzzer's are possible and worth the effort. |
Ideally you'd use security@openquantumsafe.org (listed at https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs) that different people read. Please let us know if it must be a gmail account (not really ideal, though). |
We can also set up a dedicated fuzz-related alias if it's helpful. |
It doesn't need to be a gmail account you just won't have access to the dashboard and will only receive email updates. The dashboard has a bunch of useful features for analysing fuzzing performance and also automatically bisecting bugs to see when they where introduced. So I'd recommend adding at least one gmail account that someone on the core team has access to. I can add as many email accounts as you like, but only the gmail ones will have full access. I know some projects will setup a specific separate gmail account for this purpose so that it's separate from their personal accounts e.g. rhai.
This might be worthwhile as oss-fuzz will send off an email everytime a fuzzer crashes this includes both security and non-security related bugs. In some projects this can be a lot of emails and it's often hard to triage them all without the filtering tools on the dashboard. If you use a gmail account you can configure your notifications to only receive security updates rather than every crash report. I'll leave that up to you to decide :) |
|
@ryjones Do you have a preferred way to handle setting up a Gmail account for project use? As you can see in the comment above there is apparently a benefit to using a Gmail account for this fuzzing dashboard rather than just a generic email address. |
Let me ask around. I don't think I can set up a gmail/google apps account for any of the domains PQCA controls. |
|
To keep things moving along it sounds like it would be easiest to just use security@openquantumsafe.org for now. I can always add a list of gmail accounts in addition to the security@openquantumsafe.org later if/when that becomes worthwhile. Anyone have any objections to me adding the following into the oss-fuzz integration?
|
|
This diff is approximately what this will look like. All bug reports will be sent to security@openquantumsafe.org AND myself. I will have limited access to the oss-fuzz dashboard including bug and fuzzing performance information, but I will not have access to project admin level clusterfuzz features which is only available to the primary_contact (if it's a google/gmail account or linked to a github account). |
|
@nathaniel-brough: the security@openquantumsafe.org alias already exists, and currently forwards to me, @baentsch, and @christianpaquin. So it should be fine to start using it. @ryjones: doing the domain transfer is on my to-do list, but has been low priority so I haven't gotten to it. There's some kind of LF form for this, right? |
|
@dstebila I'm not sure about that. Right now, I just need a transfer code and a zone file, plus any reflectors you want me to port. |
|
Now that #1905 is merged I've updated the integration configuration over at oss-fuzz google/oss-fuzz#12408, which is now ready to merge. I will need one of the maintainers of liboqs with merge access to review the changes in google/oss-fuzz#12408 and make a comment on the PR approving of the integration before the oss-fuzz team will proceed with the integration. |
|
Now that oss-fuzz is set up, here is my plan for fuzz-testing going forward;
Beyond this I don't really have much of a plan, except to just peruse the code-base and slowly chip away until I get to 80-100% code-coverage for fuzzing. If you have any specific requests or thoughts on how I should prioritise fuzzing of specific algorithms (or groups of algorithms) let me know and I'll keep that in mind moving forward. |
I think the ML-KEM implementation is probably highest priority. That said, extrapolating from your ongoing work in #1955, I imagine you'll be able to hit all the KEMs in one go. The most important thing (in my opinion) is that the test harness easily accommodates new and/or updated algorithms, ideally without manual maintenance. |
|
Thanks Nathaniel!
In case you don't already know, we do have an API for swapping out the normal RNG with another function. This is used in the kat_kem and kat_sig tests for the known answer tests. You should be able to swap in your own deterministic RNG if you need to. |
Cool, I'm working on a fuzzing optimised random(ish) number generator. I'm trying to estimate the amount of "random data" that will be used per algorithm so that I can partition out a section of the fuzzed data to drive the random(ish) number generator. As a naive guess (with minimal understanding of cryptography) I'm just using |
In general I don't think there will be any correlation between public key + private key size and the amount of randomness consumed by an implementation. Moreover, some PQC implementations that need lots of randomness have decided to go the route of reading 32 bytes of randomness and expanding that seed internally, others keep reading from the RNG. One could go through the implementations we have in the library now and figure out how much each of them is currently reading, but there's no guarantee that wouldn't change. If you want to partition the output of the RNG, then maybe one way of doing it would be to use a PRF with relevant contact labels/counters to generate the randomness needed for different calls. |
Follow the approach taken by OpenSSL or another one: Suggestions welcome below.
The text was updated successfully, but these errors were encountered: