mirror of
https://github.com/bitcoin/bitcoin.git
synced 2024-11-20 02:25:40 +01:00
Merge #18155: tests: Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker
5e47b19e50
tests: Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker (practicalswift)
Pull request description:
Add harness which fuzzes `EvalScript` and `VerifyScript` using a fuzzed signature checker.
Test this PR using:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/signature_checker
…
```
Closes #17986.
Top commit has no ACKs.
Tree-SHA512: a9988f8fa7919fe470756ca3e4e75764a589f590769aab452c8f4c254cf41667793e52131d470a12629ec3681fa7fc20091f371b8f3e3eec105674c2769e7d7e
This commit is contained in:
commit
e83a1de4c0
@ -91,6 +91,7 @@ FUZZ_TARGETS = \
|
|||||||
test/fuzz/script_ops \
|
test/fuzz/script_ops \
|
||||||
test/fuzz/scriptnum_ops \
|
test/fuzz/scriptnum_ops \
|
||||||
test/fuzz/service_deserialize \
|
test/fuzz/service_deserialize \
|
||||||
|
test/fuzz/signature_checker \
|
||||||
test/fuzz/snapshotmetadata_deserialize \
|
test/fuzz/snapshotmetadata_deserialize \
|
||||||
test/fuzz/spanparsing \
|
test/fuzz/spanparsing \
|
||||||
test/fuzz/string \
|
test/fuzz/string \
|
||||||
@ -809,6 +810,12 @@ test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
|||||||
test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
|
test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
|
||||||
test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
|
test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
|
||||||
|
|
||||||
|
test_fuzz_signature_checker_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
|
||||||
|
test_fuzz_signature_checker_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||||
|
test_fuzz_signature_checker_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||||
|
test_fuzz_signature_checker_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
|
||||||
|
test_fuzz_signature_checker_SOURCES = $(FUZZ_SUITE) test/fuzz/signature_checker.cpp
|
||||||
|
|
||||||
test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1
|
test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1
|
||||||
test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||||
test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||||
|
68
src/test/fuzz/signature_checker.cpp
Normal file
68
src/test/fuzz/signature_checker.cpp
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
// Copyright (c) 2009-2019 The Bitcoin Core developers
|
||||||
|
// Distributed under the MIT software license, see the accompanying
|
||||||
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
|
#include <pubkey.h>
|
||||||
|
#include <script/interpreter.h>
|
||||||
|
#include <test/fuzz/FuzzedDataProvider.h>
|
||||||
|
#include <test/fuzz/fuzz.h>
|
||||||
|
#include <util/memory.h>
|
||||||
|
|
||||||
|
#include <cstdint>
|
||||||
|
#include <limits>
|
||||||
|
#include <string>
|
||||||
|
#include <vector>
|
||||||
|
|
||||||
|
void initialize()
|
||||||
|
{
|
||||||
|
static const auto verify_handle = MakeUnique<ECCVerifyHandle>();
|
||||||
|
}
|
||||||
|
|
||||||
|
namespace {
|
||||||
|
class FuzzedSignatureChecker : public BaseSignatureChecker
|
||||||
|
{
|
||||||
|
FuzzedDataProvider& m_fuzzed_data_provider;
|
||||||
|
|
||||||
|
public:
|
||||||
|
FuzzedSignatureChecker(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider(fuzzed_data_provider)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const
|
||||||
|
{
|
||||||
|
return m_fuzzed_data_provider.ConsumeBool();
|
||||||
|
}
|
||||||
|
|
||||||
|
virtual bool CheckLockTime(const CScriptNum& nLockTime) const
|
||||||
|
{
|
||||||
|
return m_fuzzed_data_provider.ConsumeBool();
|
||||||
|
}
|
||||||
|
|
||||||
|
virtual bool CheckSequence(const CScriptNum& nSequence) const
|
||||||
|
{
|
||||||
|
return m_fuzzed_data_provider.ConsumeBool();
|
||||||
|
}
|
||||||
|
|
||||||
|
virtual ~FuzzedSignatureChecker() {}
|
||||||
|
};
|
||||||
|
} // namespace
|
||||||
|
|
||||||
|
void test_one_input(const std::vector<uint8_t>& buffer)
|
||||||
|
{
|
||||||
|
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||||
|
const unsigned int flags = fuzzed_data_provider.ConsumeIntegral<unsigned int>();
|
||||||
|
const SigVersion sig_version = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0});
|
||||||
|
const std::string script_string_1 = fuzzed_data_provider.ConsumeRandomLengthString(65536);
|
||||||
|
const std::vector<uint8_t> script_bytes_1{script_string_1.begin(), script_string_1.end()};
|
||||||
|
const std::string script_string_2 = fuzzed_data_provider.ConsumeRandomLengthString(65536);
|
||||||
|
const std::vector<uint8_t> script_bytes_2{script_string_2.begin(), script_string_2.end()};
|
||||||
|
std::vector<std::vector<unsigned char>> stack;
|
||||||
|
(void)EvalScript(stack, {script_bytes_1.begin(), script_bytes_1.end()}, flags, FuzzedSignatureChecker(fuzzed_data_provider), sig_version, nullptr);
|
||||||
|
if ((flags & SCRIPT_VERIFY_CLEANSTACK) != 0 && ((flags & SCRIPT_VERIFY_P2SH) == 0 || (flags & SCRIPT_VERIFY_WITNESS) == 0)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if ((flags & SCRIPT_VERIFY_WITNESS) != 0 && (flags & SCRIPT_VERIFY_P2SH) == 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
(void)VerifyScript({script_bytes_1.begin(), script_bytes_1.end()}, {script_bytes_2.begin(), script_bytes_2.end()}, nullptr, flags, FuzzedSignatureChecker(fuzzed_data_provider), nullptr);
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user