Follow

A team funded by the Network Steward is working on developing a version of the CryptoAuth code and then beginning to migrate to BoringTun (WireGuard protocol).

I just finished re-working the CryptoAuth tests to run on both implementations at the same time.

· · Web · 1 · 0 · 3

I added a new module which encapsulates the new CryptoAuth and an old one. You can construct it with both new and old, or just old, or just new. If it's constructed with both then whenever you do any operation (encrypt, decrypt etc) it verifies both have the exact same result.

This amplifies the power of the existing tests and uses new and old code to cross-test each other.
I also added 2 new fuzz tests to the cjdns fuzzing framework, same fuzz test as before but using CryptoAuth new+old and CryptoAuth noise protocol.

How do you fuzz an encryption function? You can't just throw random bytes at it and see how many times it fails to decrypt.
The thing to do is decode the fuzz bytes into a "plan", i.e. a sequence of events. Alice sends a message, Bob sends a message, a message is lost, etc.

You basically take all the "what if's" floating around your head and write a cointoss() function which grabs a few bits of the fuzz data and tries different things depending on them.

But where fuzzing REALLY shines is when you have 2 independent implementations to compare.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!