Bitcoin Core  22.99.0
P2P Digital Currency
crypto_chacha20_poly1305_aead.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020-2021 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
6 #include <crypto/poly1305.h>
8 #include <test/fuzz/fuzz.h>
9 #include <test/fuzz/util.h>
10 
11 #include <cassert>
12 #include <cstdint>
13 #include <limits>
14 #include <vector>
15 
16 FUZZ_TARGET(crypto_chacha20_poly1305_aead)
17 {
18  FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
19 
20  const std::vector<uint8_t> k1 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);
21  const std::vector<uint8_t> k2 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);
22 
23  ChaCha20Poly1305AEAD aead(k1.data(), k1.size(), k2.data(), k2.size());
24  uint64_t seqnr_payload = 0;
25  uint64_t seqnr_aad = 0;
26  int aad_pos = 0;
27  size_t buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);
28  std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
29  std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
30  bool is_encrypt = fuzzed_data_provider.ConsumeBool();
31  while (fuzzed_data_provider.ConsumeBool()) {
32  CallOneOf(
33  fuzzed_data_provider,
34  [&] {
35  buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(64, 4096);
36  in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
37  out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
38  },
39  [&] {
40  (void)aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffer_size, is_encrypt);
41  },
42  [&] {
43  uint32_t len = 0;
44  const bool ok = aead.GetLength(&len, seqnr_aad, aad_pos, in.data());
45  assert(ok);
46  },
47  [&] {
48  if (AdditionOverflow(seqnr_payload, static_cast<uint64_t>(1))) {
49  return;
50  }
51  seqnr_payload += 1;
54  aad_pos = 0;
55  if (AdditionOverflow(seqnr_aad, static_cast<uint64_t>(1))) {
56  return;
57  }
58  seqnr_aad += 1;
59  }
60  },
61  [&] {
62  seqnr_payload = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
63  },
64  [&] {
65  seqnr_aad = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
66  },
67  [&] {
68  is_encrypt = fuzzed_data_provider.ConsumeBool();
69  });
70  }
71 }
chacha_poly_aead.h
assert
assert(!tx.IsCoinBase())
util.h
AdditionOverflow
bool AdditionOverflow(const T i, const T j) noexcept
Definition: util.h:195
CHACHA20_ROUND_OUTPUT
static constexpr int CHACHA20_ROUND_OUTPUT
Definition: chacha_poly_aead.h:14
poly1305.h
CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:40
ChaCha20Poly1305AEAD
Definition: chacha_poly_aead.h:117
FuzzedDataProvider.h
k2
static const unsigned char k2[32]
Definition: chacha_poly_aead.cpp:20
aead
static ChaCha20Poly1305AEAD aead(k1, 32, k2, 32)
POLY1305_TAGLEN
#define POLY1305_TAGLEN
Definition: poly1305.h:12
ChaCha20Poly1305AEAD::GetLength
bool GetLength(uint32_t *len24_out, uint64_t seqnr_aad, int aad_pos, const uint8_t *ciphertext)
decrypts the 3 bytes AAD data and decodes it into a uint32_t field
Definition: chacha_poly_aead.cpp:107
FUZZ_TARGET
FUZZ_TARGET(crypto_chacha20_poly1305_aead)
Definition: crypto_chacha20_poly1305_aead.cpp:16
fuzz.h
FuzzedDataProvider
Definition: FuzzedDataProvider.h:31
CHACHA20_POLY1305_AEAD_KEY_LEN
static constexpr int CHACHA20_POLY1305_AEAD_KEY_LEN
Definition: chacha_poly_aead.h:12
ChaCha20Poly1305AEAD::Crypt
bool Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int aad_pos, unsigned char *dest, size_t dest_len, const unsigned char *src, size_t src_len, bool is_encrypt)
Encrypts/decrypts a packet seqnr_payload, the message sequence number seqnr_aad, the messages AAD seq...
Definition: chacha_poly_aead.cpp:43
ConsumeFixedLengthByteVector
std::vector< uint8_t > ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const size_t length) noexcept
Returns a byte vector of specified size regardless of the number of remaining bytes available from th...
Definition: util.h:230
k1
static const unsigned char k1[32]
Definition: chacha_poly_aead.cpp:19
CHACHA20_POLY1305_AEAD_AAD_LEN
static constexpr int CHACHA20_POLY1305_AEAD_AAD_LEN
Definition: chacha_poly_aead.h:13