Adapt fuzz target to use oracle version of ecrecover

Author: antoniolocascio

tests/fuzzer/Cargo.lock

@@ -1,30 +1,26 @@
 #![no_main]
 #![feature(allocator_api)]
 
-use arbitrary::{Arbitrary,Unstructured};
+use crate::common::{be_dec_inplace, be_inc_inplace};
+use arbitrary::{Arbitrary, Unstructured};
+use fuzz_precompiles_forward::precompiles::ecrecover as ecrecover_forward;
+use fuzz_precompiles_forward::precompiles::ecrecover_with_oracle;
 use libfuzzer_sys::fuzz_target;
 use revm_precompile::secp256k1::ec_recover_run;
-use fuzz_precompiles_forward::precompiles::ecrecover as ecrecover_forward;
-use fuzz_precompiles_proving::precompiles::ecrecover as ecrecover_proving;
-use secp256k1::{ecdsa::RecoverableSignature,Message,Secp256k1,SecretKey};
-use crate::common::{be_inc_inplace,be_dec_inplace};
+use secp256k1::{ecdsa::RecoverableSignature, Message, Secp256k1, SecretKey};
 
 mod common;
 
 const IN_LEN: usize = 128;
 
 const N_SECP256K1: [u8; 32] = [
-    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
-    0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
-    0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+    0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41,
 ];
 
 const N_SECP256K1_HALF: [u8; 32] = [
-    0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-    0x5D,0x57,0x6E,0x73,0x57,0xA4,0x50,0x1D,
-    0xDF,0xE9,0x2F,0x46,0x68,0x1B,0x20,0xA0,
+    0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0x5D, 0x57, 0x6E, 0x73, 0x57, 0xA4, 0x50, 0x1D, 0xDF, 0xE9, 0x2F, 0x46, 0x68, 0x1B, 0x20, 0xA0,
 ];
 
 #[derive(Arbitrary, Debug, Clone, Copy)]
@@ -36,25 +32,25 @@ enum Case {
 
 #[derive(Arbitrary, Debug, Clone, Copy)]
 enum Mutation {
-    Msg,    // Bit flip mutate msg
-    V,      // Bit flip mutate v part of signature
-    R,      // Bit flip mutate r part of signature
-    S,      // Bit flip mutate s part of signature
-
-    V_0,      // v = 0
-    V_1,      // v = 1
-    V_29,     // v = 29
-    V_27,     // force 27
-    V_28,     // force 28
-
-    ZeroR,    // r = 0
-    ZeroS,    // s = 0
-    R_EqN,    // r = n
-    S_EqN,    // s = n
-    R_GeN,    // r = n+1
-    S_GeN,    // s = n+1
-    HighS,    // s = n-1
-    LowS,     // s = floor(n/2)
+    Msg, // Bit flip mutate msg
+    V,   // Bit flip mutate v part of signature
+    R,   // Bit flip mutate r part of signature
+    S,   // Bit flip mutate s part of signature
+
+    V_0,  // v = 0
+    V_1,  // v = 1
+    V_29, // v = 29
+    V_27, // force 27
+    V_28, // force 28
+
+    ZeroR, // r = 0
+    ZeroS, // s = 0
+    R_EqN, // r = n
+    S_EqN, // s = n
+    R_GeN, // r = n+1
+    S_GeN, // s = n+1
+    HighS, // s = n-1
+    LowS,  // s = floor(n/2)
 }
 
 #[derive(Arbitrary, Debug, Clone)]
@@ -70,9 +66,8 @@ struct Input {
 fn valid_tuple(seed: [u8; 32], msg32: [u8; 32]) -> ([u8; 32], [u8; 32], [u8; 32], [u8; 32]) {
     let secp = Secp256k1::signing_only();
 
-    let sk = SecretKey::from_slice(&seed).unwrap_or_else(|_| {
-        SecretKey::from_slice(&[1u8; 32]).expect("non-zero sk")
-    });
+    let sk = SecretKey::from_slice(&seed)
+        .unwrap_or_else(|_| SecretKey::from_slice(&[1u8; 32]).expect("non-zero sk"));
 
     let msg = Message::from_slice(&msg32).expect("prehash");
     let recsig: RecoverableSignature = secp.sign_ecdsa_recoverable(&msg, &sk);
@@ -99,7 +94,9 @@ fn build_input(u: &mut Unstructured<'_>, i: &Input) -> Vec<u8> {
 
             if let Some(t) = i.trunc {
                 let t = t as usize;
-                if t < v.len() { v.truncate(t); }
+                if t < v.len() {
+                    v.truncate(t);
+                }
             }
             v
         }
@@ -117,39 +114,81 @@ fn build_input(u: &mut Unstructured<'_>, i: &Input) -> Vec<u8> {
 
             if let Some(t) = i.trunc {
                 let t = t as usize;
-                if t < out.len() { out.truncate(t); }
+                if t < out.len() {
+                    out.truncate(t);
+                }
             }
             out
         }
     }
 }
 
-fn apply_mut(mutation: Mutation, msg: &mut [u8;32], v: &mut [u8;32], r: &mut [u8;32], s: &mut [u8;32], flip_idx: u8) {
-    let flip = |b: &mut [u8;32], at: u8| {
+fn apply_mut(
+    mutation: Mutation,
+    msg: &mut [u8; 32],
+    v: &mut [u8; 32],
+    r: &mut [u8; 32],
+    s: &mut [u8; 32],
+    flip_idx: u8,
+) {
+    let flip = |b: &mut [u8; 32], at: u8| {
         let i = (at as usize) & 31;
         b[i] ^= 1;
     };
     match mutation {
         Mutation::Msg => flip(msg, flip_idx),
-        Mutation::V   => flip(v, flip_idx),
-        Mutation::R   => flip(r, flip_idx),
-        Mutation::S   => flip(s, flip_idx),
-
-        Mutation::V_0  => { *v = [0u8;32]; }
-        Mutation::V_1  => { *v = [0u8;32]; v[31] = 1; }
-        Mutation::V_29 => { *v = [0u8;32]; v[31] = 29; }
-        Mutation::V_27 => { *v = [0u8;32]; v[31] = 27; }
-        Mutation::V_28 => { *v = [0u8;32]; v[31] = 28; }
-
-        Mutation::ZeroR => { *r = [0u8;32]; }
-        Mutation::ZeroS => { *s = [0u8;32]; }
-        Mutation::R_EqN => { *r = N_SECP256K1; }
-        Mutation::S_EqN => { *s = N_SECP256K1; }
-        Mutation::R_GeN => { *r = N_SECP256K1; be_inc_inplace(r); }
-        Mutation::S_GeN => { *s = N_SECP256K1; be_inc_inplace(s); }
-
-        Mutation::HighS => { *s = N_SECP256K1; be_dec_inplace(s); }
-        Mutation::LowS  => { *s = N_SECP256K1_HALF; },
+        Mutation::V => flip(v, flip_idx),
+        Mutation::R => flip(r, flip_idx),
+        Mutation::S => flip(s, flip_idx),
+
+        Mutation::V_0 => {
+            *v = [0u8; 32];
+        }
+        Mutation::V_1 => {
+            *v = [0u8; 32];
+            v[31] = 1;
+        }
+        Mutation::V_29 => {
+            *v = [0u8; 32];
+            v[31] = 29;
+        }
+        Mutation::V_27 => {
+            *v = [0u8; 32];
+            v[31] = 27;
+        }
+        Mutation::V_28 => {
+            *v = [0u8; 32];
+            v[31] = 28;
+        }
+
+        Mutation::ZeroR => {
+            *r = [0u8; 32];
+        }
+        Mutation::ZeroS => {
+            *s = [0u8; 32];
+        }
+        Mutation::R_EqN => {
+            *r = N_SECP256K1;
+        }
+        Mutation::S_EqN => {
+            *s = N_SECP256K1;
+        }
+        Mutation::R_GeN => {
+            *r = N_SECP256K1;
+            be_inc_inplace(r);
+        }
+        Mutation::S_GeN => {
+            *s = N_SECP256K1;
+            be_inc_inplace(s);
+        }
+
+        Mutation::HighS => {
+            *s = N_SECP256K1;
+            be_dec_inplace(s);
+        }
+        Mutation::LowS => {
+            *s = N_SECP256K1_HALF;
+        }
     }
 }
 
@@ -171,16 +210,16 @@ fn fuzz(data: &[u8]) {
     let r1 = ecrecover_forward(in_bytes.as_slice(), &mut out_forward);
     let fwd_ok = r1.is_ok();
 
-    let r2 = ecrecover_proving(in_bytes.as_slice(), &mut out_proving);
+    let r2 = ecrecover_with_oracle(in_bytes.as_slice(), &mut out_proving);
     let prv_ok = r2.is_ok();
 
     match (reth_ok, fwd_ok, prv_ok) {
         (true, true, true) => {
             let reth_bytes = r_reth.unwrap().bytes.to_vec();
             assert_eq!(out_forward, reth_bytes, "forward <> reth bytes mismatch");
-            assert_eq!(out_proving, reth_bytes, "proving <> reth bytes mismatch");
+            assert_eq!(out_proving, reth_bytes, "oracle <> reth bytes mismatch");
         }
-        (false, false, false) => { }
+        (false, false, false) => {}
         _ => {
             panic!(
                 "status mismatch: reth_ok={reth_ok} fwd_ok={fwd_ok} prv_ok={prv_ok}, in_len={}",
@@ -193,4 +232,4 @@ fn fuzz(data: &[u8]) {
 fuzz_target!(|data: &[u8]| {
     // call fuzzing in a separate function, so we can see its coverage
     fuzz(data);
-});
+});

tests/fuzzer/fuzz/fuzz_targets/precompiles_diff/ecrecover.rs

@@ -0,0 +1,28 @@
+[package]
+name = "callable_oracles_forward"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+path = "../../../../../callable_oracles/src/lib.rs"
+
+[dependencies]
+zk_ee = { package = "zk_ee_forward", path = "../zk_ee_forward" }
+ruint = { version = "1.12.3", default-features = false, features = ["alloc"] }
+crypto = { package = "crypto_forward", path = "../crypto_forward", default-features = false }
+oracle_provider = { package = "oracle_provider_forward", path = "../oracle_provider_forward" }
+basic_system = { package = "basic_system_forward", path = "../basic_system_forward" }
+
+risc_v_simulator = { git = "https://github.com/matter-labs/zksync-airbender", tag = "v0.4.3", optional = true }
+num-bigint = { version = "*", optional = true }
+num-traits = { version = "*", optional = true }
+
+alloy-consensus = "1.0.41"
+c-kzg = "2.1.5"
+
+[dev-dependencies]
+hex = "*"
+
+[features]
+default = ["evaluate"]
+evaluate = ["risc_v_simulator", "num-bigint", "num-traits"]

tests/fuzzer/fuzz/wrappers/callable_oracles_forward/Cargo.toml

@@ -6,4 +6,6 @@ edition = "2021"
 
 [dependencies]
 basic_system = { package = "basic_system_forward", path = "../basic_system_forward"}
-zk_ee = { package = "zk_ee_forward", path = "../zk_ee_forward" }
+zk_ee = { package = "zk_ee_forward", path = "../zk_ee_forward" }
+callable_oracles = { package = "callable_oracles_forward", path = "../callable_oracles_forward" }
+oracle_provider = { package = "oracle_provider_forward", path = "../oracle_provider_forward" }

tests/fuzzer/fuzz/wrappers/fuzz_precompiles_forward/Cargo.toml

@@ -72,6 +72,18 @@ pub fn ecrecover(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<Sec
     EcRecoverImpl::execute(&src, dst, &mut resource, &mut DummyOracle, &mut NullLogger, allocator)
 }
 
+/// ecrecover using native field operations oracle (for comparing oracle vs non-oracle paths)
+pub fn ecrecover_with_oracle(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<Secp256k1ECRecoverErrors>> {
+    use callable_oracles::field_hints::NativeFieldOpsQuery;
+    use oracle_provider::{DummyMemorySource, ZkEENonDeterminismSource};
+    
+    let allocator = std::alloc::Global;
+    let mut resource = <BaseResources<DecreasingNative> as Resource>::FORMAL_INFINITE;
+    let mut oracle = ZkEENonDeterminismSource::<DummyMemorySource>::default();
+    oracle.add_external_processor(NativeFieldOpsQuery::<DummyMemorySource>::default());
+    EcRecoverImpl::execute(&src, dst, &mut resource, &mut oracle, &mut NullLogger, allocator)
+}
+
 pub fn pairing(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<Bn254PairingCheckErrors>> {
     let allocator = std::alloc::Global;
     let mut resource = <BaseResources<DecreasingNative> as Resource>::FORMAL_INFINITE;

tests/fuzzer/fuzz/wrappers/fuzz_precompiles_forward/src/precompiles.rs

@@ -1,19 +1,21 @@
 use basic_system::system_functions::bn254_ecadd::Bn254AddImpl;
-use basic_system::system_functions::sha256::Sha256Impl;
-use basic_system::system_functions::keccak256::Keccak256Impl;
-use basic_system::system_functions::ripemd160::RipeMd160Impl;
 use basic_system::system_functions::bn254_ecmul::Bn254MulImpl;
-use basic_system::system_functions::p256_verify::P256VerifyImpl;
-use basic_system::system_functions::ecrecover::EcRecoverImpl;
 use basic_system::system_functions::bn254_pairing_check::Bn254PairingCheckImpl;
+use basic_system::system_functions::ecrecover::EcRecoverImpl;
+use basic_system::system_functions::keccak256::Keccak256Impl;
+use basic_system::system_functions::p256_verify::P256VerifyImpl;
 use basic_system::system_functions::point_evaluation::PointEvaluationImpl;
+use basic_system::system_functions::ripemd160::RipeMd160Impl;
+use basic_system::system_functions::sha256::Sha256Impl;
 use zk_ee::reference_implementations::BaseResources;
-use zk_ee::system::{SystemFunction,SystemFunctionExt};
-use zk_ee::system::Resource;
 use zk_ee::reference_implementations::DecreasingNative;
+use zk_ee::system::base_system_functions::{
+    Bn254AddErrors, Bn254MulErrors, Bn254PairingCheckErrors, Keccak256Errors, P256VerifyErrors,
+    PointEvaluationErrors, RipeMd160Errors, Secp256k1ECRecoverErrors, Sha256Errors,
+};
 use zk_ee::system::errors::subsystem::SubsystemError;
-use zk_ee::system::base_system_functions::{Bn254AddErrors,Sha256Errors,RipeMd160Errors,Keccak256Errors,
-Bn254MulErrors,P256VerifyErrors,Secp256k1ECRecoverErrors,Bn254PairingCheckErrors,PointEvaluationErrors};
+use zk_ee::system::Resource;
+use zk_ee::system::{SystemFunction, SystemFunctionExt};
 
 pub fn ecadd(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<Bn254AddErrors>> {
     let allocator = std::alloc::Global;
@@ -51,13 +53,10 @@ pub fn p256_verify(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<P
     P256VerifyImpl::execute(&src, dst, &mut resource, allocator)
 }
 
-pub fn ecrecover(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<Secp256k1ECRecoverErrors>> {
-    let allocator = std::alloc::Global;
-    let mut resource = <BaseResources<DecreasingNative> as Resource>::FORMAL_INFINITE;
-    EcRecoverImpl::execute(&src, dst, &mut resource, allocator)
-}
-
-pub fn pairing(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<Bn254PairingCheckErrors>> {
+pub fn pairing(
+    src: &[u8],
+    dst: &mut Vec<u8>,
+) -> Result<(), SubsystemError<Bn254PairingCheckErrors>> {
     let allocator = std::alloc::Global;
     let mut resource = <BaseResources<DecreasingNative> as Resource>::FORMAL_INFINITE;
     Bn254PairingCheckImpl::execute(&src, dst, &mut resource, allocator)
@@ -67,4 +66,4 @@ pub fn kzg(src: &[u8], dst: &mut Vec<u8>) -> Result<(), SubsystemError<PointEval
     let allocator = std::alloc::Global;
     let mut resource = <BaseResources<DecreasingNative> as Resource>::FORMAL_INFINITE;
     PointEvaluationImpl::execute(&src, dst, &mut resource, allocator)
-}
+}