Bitcoin Core  22.99.0
P2P Digital Currency
crypto_chacha20_poly1305_aead.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020-2021 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
6 #include <crypto/poly1305.h>
8 #include <test/fuzz/fuzz.h>
9 #include <test/fuzz/util.h>
10 #include <util/overflow.h>
11 
12 #include <cassert>
13 #include <cstdint>
14 #include <limits>
15 #include <vector>
16 
17 FUZZ_TARGET(crypto_chacha20_poly1305_aead)
18 {
19  FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
20 
21  const std::vector<uint8_t> k1 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);
22  const std::vector<uint8_t> k2 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);
23 
24  ChaCha20Poly1305AEAD aead(k1.data(), k1.size(), k2.data(), k2.size());
25  uint64_t seqnr_payload = 0;
26  uint64_t seqnr_aad = 0;
27  int aad_pos = 0;
28  size_t buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);
29  std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
30  std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
31  bool is_encrypt = fuzzed_data_provider.ConsumeBool();
32  LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
33  CallOneOf(
34  fuzzed_data_provider,
35  [&] {
36  buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(64, 4096);
37  in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
38  out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
39  },
40  [&] {
41  (void)aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffer_size, is_encrypt);
42  },
43  [&] {
44  uint32_t len = 0;
45  const bool ok = aead.GetLength(&len, seqnr_aad, aad_pos, in.data());
46  assert(ok);
47  },
48  [&] {
49  if (AdditionOverflow(seqnr_payload, static_cast<uint64_t>(1))) {
50  return;
51  }
52  seqnr_payload += 1;
55  aad_pos = 0;
56  if (AdditionOverflow(seqnr_aad, static_cast<uint64_t>(1))) {
57  return;
58  }
59  seqnr_aad += 1;
60  }
61  },
62  [&] {
63  seqnr_payload = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
64  },
65  [&] {
66  seqnr_aad = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
67  },
68  [&] {
69  is_encrypt = fuzzed_data_provider.ConsumeBool();
70  });
71  }
72 }
chacha_poly_aead.h
assert
assert(!tx.IsCoinBase())
util.h
CHACHA20_ROUND_OUTPUT
static constexpr int CHACHA20_ROUND_OUTPUT
Definition: chacha_poly_aead.h:14
poly1305.h
CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:42
ChaCha20Poly1305AEAD
Definition: chacha_poly_aead.h:117
FuzzedDataProvider.h
k2
static const unsigned char k2[32]
Definition: chacha_poly_aead.cpp:20
aead
static ChaCha20Poly1305AEAD aead(k1, 32, k2, 32)
LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:18
AdditionOverflow
bool AdditionOverflow(const T i, const T j) noexcept
Definition: overflow.h:12
POLY1305_TAGLEN
#define POLY1305_TAGLEN
Definition: poly1305.h:12
ChaCha20Poly1305AEAD::GetLength
bool GetLength(uint32_t *len24_out, uint64_t seqnr_aad, int aad_pos, const uint8_t *ciphertext)
decrypts the 3 bytes AAD data and decodes it into a uint32_t field
Definition: chacha_poly_aead.cpp:107
FUZZ_TARGET
FUZZ_TARGET(crypto_chacha20_poly1305_aead)
Definition: crypto_chacha20_poly1305_aead.cpp:17
fuzz.h
FuzzedDataProvider
Definition: FuzzedDataProvider.h:31
CHACHA20_POLY1305_AEAD_KEY_LEN
static constexpr int CHACHA20_POLY1305_AEAD_KEY_LEN
Definition: chacha_poly_aead.h:12
ChaCha20Poly1305AEAD::Crypt
bool Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int aad_pos, unsigned char *dest, size_t dest_len, const unsigned char *src, size_t src_len, bool is_encrypt)
Encrypts/decrypts a packet seqnr_payload, the message sequence number seqnr_aad, the messages AAD seq...
Definition: chacha_poly_aead.cpp:43
ConsumeFixedLengthByteVector
std::vector< uint8_t > ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const size_t length) noexcept
Returns a byte vector of specified size regardless of the number of remaining bytes available from th...
Definition: util.h:221
k1
static const unsigned char k1[32]
Definition: chacha_poly_aead.cpp:19
overflow.h
CHACHA20_POLY1305_AEAD_AAD_LEN
static constexpr int CHACHA20_POLY1305_AEAD_AAD_LEN
Definition: chacha_poly_aead.h:13