Open sr-gi opened 2 years ago
carterian8
commented
2 years ago Had some thoughts on testing here but want to make sure I'm interpreting this problem correctly. Is the goal to verify the infallibility of the signing function itself (cryptography::sign) or, are we testing the validity of the receipt going into the signing function?
sr-gi
commented
2 years ago Hi @carterian8, there are various inputs that can go into the signing function, the more critical ones are those that have to be performed by the tower using inputs picked by the user.
I think the best approach here would be to identify what are the expected inputs (and what are their bounds) and test the function under those assumptions.
A complementary approach would be trying to break the function so we can identify possible attack vectors and guard the function against them (e.g. reject to call sign under certain conditions, or even s anitize the inputs if needed).
The signing of receipts (teos-common/src/receipts.rs) is assumed to be infallible and, therefore, the result is unwrapped. This may not be the case, and if so, it may need to be dealt with.
Test edge cases to see if there's any in where the receipts may not be suitable for signing.