chie-crypto 0.1.0

Cryptographic primitives for CHIE Protocol
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# MIRI Memory Safety Verification

MIRI (Mid-level IR Interpreter) is a tool for detecting undefined behavior in Rust code. This document describes how to use MIRI to verify the memory safety of `chie-crypto`.

## What MIRI Detects

- **Undefined Behavior**: Use-after-free, double-free, invalid pointer arithmetic
- **Memory Safety**: Out-of-bounds access, uninitialized memory reads
- **Data Races**: Concurrent access violations
- **Alignment Issues**: Misaligned pointer dereferences
- **Validity Invariants**: Invalid enum discriminants, bool values outside 0/1

## Installation

Install MIRI with rustup:
```bash
rustup toolchain install nightly --component miri
```

## Running MIRI Tests

### Quick Test

Run all MIRI safety tests:
```bash
cargo +nightly miri test --test miri_safety
```

### Comprehensive Test

Run the full MIRI test script:
```bash
./miri-test.sh
```

### Test Specific Modules

```bash
# Test encryption
cargo +nightly miri test encryption::

# Test signing
cargo +nightly miri test signing::

# Test hashing
cargo +nightly miri test hash::
```

## MIRI Safety Test Coverage

The `tests/miri_safety.rs` file contains 12 comprehensive tests:

1. **Encryption/Decryption** - Memory safety with various buffer sizes
2. **Signing/Verification** - Memory safety with various message sizes
3. **Hashing** - Memory safety with various input sizes
4. **Constant-Time Comparison** - Stack and heap allocation safety
5. **Key Derivation** - Memory safety with various output lengths
6. **Key Exchange** - Memory safety in X25519 operations
7. **Shamir Secret Sharing** - Memory safety in polynomial operations
8. **Pedersen Commitments** - Memory safety in elliptic curve operations
9. **Array Bounds** - Proper bounds checking
10. **Uninitialized Memory** - No reads of uninitialized memory
11. **Aliasing** - Proper handling of references
12. **Cleanup** - Proper drop and resource cleanup

## Continuous Integration

Add MIRI checks to your CI pipeline:

```yaml
miri:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v2
    - uses: actions-rs/toolchain@v1
      with:
        toolchain: nightly
        components: miri
        override: true
    - run: cargo miri test --test miri_safety
```

## Limitations

- MIRI cannot detect all classes of bugs
- Some FFI code may not be compatible with MIRI
- Platform-specific code may need conditional compilation
- MIRI runs significantly slower than normal tests

## Notes

All cryptographic operations in `chie-crypto` have been verified to be memory-safe under MIRI with no undefined behavior detected.