bitcoin/src/test/fuzz/crypto_chacha20_poly1305_aead.cpp

// Copyright (c) 2020-2021 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <crypto/chacha_poly_aead.h>
#include <crypto/poly1305.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>

#include <cassert>
#include <cstdint>
#include <limits>
#include <vector>

FUZZ_TARGET(crypto_chacha20_poly1305_aead)
{
    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};

    const std::vector<uint8_t> k1 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);
    const std::vector<uint8_t> k2 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);

    ChaCha20Poly1305AEAD aead(k1.data(), k1.size(), k2.data(), k2.size());
    uint64_t seqnr_payload = 0;
    uint64_t seqnr_aad = 0;
    int aad_pos = 0;
    size_t buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);
    std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
    std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
    bool is_encrypt = fuzzed_data_provider.ConsumeBool();
    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
        CallOneOf(
            fuzzed_data_provider,
            [&] {
                buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(64, 4096);
                in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
                out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
            },
            [&] {
                (void)aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffer_size, is_encrypt);
            },
            [&] {
                uint32_t len = 0;
                const bool ok = aead.GetLength(&len, seqnr_aad, aad_pos, in.data());
                assert(ok);
            },
            [&] {
                if (AdditionOverflow(seqnr_payload, static_cast<uint64_t>(1))) {
                    return;
                }
                seqnr_payload += 1;
                aad_pos += CHACHA20_POLY1305_AEAD_AAD_LEN;
                if (aad_pos + CHACHA20_POLY1305_AEAD_AAD_LEN > CHACHA20_ROUND_OUTPUT) {
                    aad_pos = 0;
                    if (AdditionOverflow(seqnr_aad, static_cast<uint64_t>(1))) {
                        return;
                    }
                    seqnr_aad += 1;
                }
            },
            [&] {
                seqnr_payload = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
            },
            [&] {
                seqnr_aad = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
            },
            [&] {
                is_encrypt = fuzzed_data_provider.ConsumeBool();
            });
    }
}
scripted-diff: Rename MakeFuzzingContext to MakeNoLogFileContext -BEGIN VERIFY SCRIPT- # Rename sed -i -e 's/MakeFuzzingContext/MakeNoLogFileContext/g' $(git grep -l MakeFuzzingContext) # Bump the copyright of touched files in this scripted diff to avoid touching them again later ./contrib/devtools/copyright_header.py update ./src/test/fuzz/ -END VERIFY SCRIPT- 2021-01-25 12:23:45 +01:00			`// Copyright (c) 2020-2021 The Bitcoin Core developers`
tests: Add fuzzing harness for ChaCha20Poly1305AEAD 2020-06-17 15:22:38 +00:00			`// Distributed under the MIT software license, see the accompanying`
			`// file COPYING or http://www.opensource.org/licenses/mit-license.php.`

			`#include <crypto/chacha_poly_aead.h>`
			`#include <crypto/poly1305.h>`
			`#include <test/fuzz/FuzzedDataProvider.h>`
			`#include <test/fuzz/fuzz.h>`
			`#include <test/fuzz/util.h>`

			`#include <cassert>`
			`#include <cstdint>`
			`#include <limits>`
			`#include <vector>`

fuzz: Link all targets once 2020-12-03 16:42:49 +01:00			`FUZZ_TARGET(crypto_chacha20_poly1305_aead)`
tests: Add fuzzing harness for ChaCha20Poly1305AEAD 2020-06-17 15:22:38 +00:00			`{`
			`FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};`

			`const std::vector<uint8_t> k1 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);`
			`const std::vector<uint8_t> k2 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);`

			`ChaCha20Poly1305AEAD aead(k1.data(), k1.size(), k2.data(), k2.size());`
			`uint64_t seqnr_payload = 0;`
			`uint64_t seqnr_aad = 0;`
			`int aad_pos = 0;`
			`size_t buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);`
			`std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);`
			`std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);`
			`bool is_encrypt = fuzzed_data_provider.ConsumeBool();`
fuzz: replace every fuzzer-controlled loop with a LIMITED_WHILE loop Blindly chose a cap of 10000 iterations for every loop, except for the two in script_ops.cpp and scriptnum_ops.cpp which appeared to (sometimes) be deserializing individual bytes; capped those to one million to ensure that sometimes we try working with massive scripts. There was also one fuzzer-controlled loop in timedata.cpp which was already capped, so I left that alone. git grep 'while (fuzz' should now run clean except for timedata.cpp 2021-10-25 19:48:22 +00:00			`LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {`
fuzz: Introduce CallOneOf helper to replace switch-case Can be reviewed with --ignore-all-space 2021-01-02 13:38:14 +01:00			`CallOneOf(`
			`fuzzed_data_provider,`
			`[&] {`
			`buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(64, 4096);`
			`in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);`
			`out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);`
			`},`
			`[&] {`
			`(void)aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffer_size, is_encrypt);`
			`},`
			`[&] {`
			`uint32_t len = 0;`
			`const bool ok = aead.GetLength(&len, seqnr_aad, aad_pos, in.data());`
			`assert(ok);`
			`},`
			`[&] {`
fuzz: Avoid -fsanitize=integer warnings in fuzzing harnesses 2021-01-24 18:45:44 +00:00			`if (AdditionOverflow(seqnr_payload, static_cast<uint64_t>(1))) {`
			`return;`
			`}`
fuzz: Introduce CallOneOf helper to replace switch-case Can be reviewed with --ignore-all-space 2021-01-02 13:38:14 +01:00			`seqnr_payload += 1;`
			`aad_pos += CHACHA20_POLY1305_AEAD_AAD_LEN;`
			`if (aad_pos + CHACHA20_POLY1305_AEAD_AAD_LEN > CHACHA20_ROUND_OUTPUT) {`
			`aad_pos = 0;`
fuzz: Avoid -fsanitize=integer warnings in fuzzing harnesses 2021-01-24 18:45:44 +00:00			`if (AdditionOverflow(seqnr_aad, static_cast<uint64_t>(1))) {`
			`return;`
			`}`
fuzz: Introduce CallOneOf helper to replace switch-case Can be reviewed with --ignore-all-space 2021-01-02 13:38:14 +01:00			`seqnr_aad += 1;`
			`}`
			`},`
			`[&] {`
fuzz: Avoid -fsanitize=integer warnings in fuzzing harnesses 2021-01-24 18:45:44 +00:00			`seqnr_payload = fuzzed_data_provider.ConsumeIntegral<uint64_t>();`
fuzz: Introduce CallOneOf helper to replace switch-case Can be reviewed with --ignore-all-space 2021-01-02 13:38:14 +01:00			`},`
			`[&] {`
fuzz: Avoid -fsanitize=integer warnings in fuzzing harnesses 2021-01-24 18:45:44 +00:00			`seqnr_aad = fuzzed_data_provider.ConsumeIntegral<uint64_t>();`
fuzz: Introduce CallOneOf helper to replace switch-case Can be reviewed with --ignore-all-space 2021-01-02 13:38:14 +01:00			`},`
			`[&] {`
			`is_encrypt = fuzzed_data_provider.ConsumeBool();`
			`});`
tests: Add fuzzing harness for ChaCha20Poly1305AEAD 2020-06-17 15:22:38 +00:00			`}`
			`}`