crypto__chacha20__poly1305__aead_8cpp_source.html

 // Copyright (c) 2020-2021 The Bitcoin Core developers

 // Distributed under the MIT software license, see the accompanying

 // file COPYING or http://www.opensource.org/licenses/mit-license.php.


 #include <crypto/chacha_poly_aead.h>

 #include <crypto/poly1305.h>

 #include <test/fuzz/FuzzedDataProvider.h>

 #include <test/fuzz/fuzz.h>

 #include <test/fuzz/util.h>

 #include <util/overflow.h>


 #include <cassert>

 #include <cstdint>

 #include <limits>

 #include <vector>


 FUZZ_TARGET(crypto_chacha20_poly1305_aead)

 {

     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};


     const std::vector<uint8_t> k1 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);

     const std::vector<uint8_t> k2 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);


     ChaCha20Poly1305AEAD aead(k1.data(), k1.size(), k2.data(), k2.size());

     uint64_t seqnr_payload = 0;

     uint64_t seqnr_aad = 0;

     int aad_pos = 0;

     size_t buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);

     std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0);

     std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0);

     bool is_encrypt = fuzzed_data_provider.ConsumeBool();

     LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {

         CallOneOf(

             fuzzed_data_provider,

             [&] {

                 buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(64, 4096);

                 in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0);

                 out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN, 0);

             },

             [&] {

                 (void)aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffer_size, is_encrypt);

             },

             [&] {

                 uint32_t len = 0;

                 const bool ok = aead.GetLength(&len, seqnr_aad, aad_pos, in.data());

                 assert(ok);

             },

             [&] {

                 if (AdditionOverflow(seqnr_payload, static_cast<uint64_t>(1))) {

                     return;

                 }

                 seqnr_payload += 1;

                 aad_pos += CHACHA20_POLY1305_AEAD_AAD_LEN;

                 if (aad_pos + CHACHA20_POLY1305_AEAD_AAD_LEN > CHACHA20_ROUND_OUTPUT) {

                     aad_pos = 0;

                     if (AdditionOverflow(seqnr_aad, static_cast<uint64_t>(1))) {

                         return;

                     }

                     seqnr_aad += 1;

                 }

             },

             [&] {

                 seqnr_payload = fuzzed_data_provider.ConsumeIntegral<uint64_t>();

             },

             [&] {

                 seqnr_aad = fuzzed_data_provider.ConsumeIntegral<uint64_t>();

             },

             [&] {

                 is_encrypt = fuzzed_data_provider.ConsumeBool();

             });

     }

 }

FuzzedDataProvider.h

k1
static const unsigned char k1[32]
Definition: chacha_poly_aead.cpp:19

aead
static ChaCha20Poly1305AEAD aead(k1, 32, k2, 32)

k2
static const unsigned char k2[32]
Definition: chacha_poly_aead.cpp:20

chacha_poly_aead.h

CHACHA20_POLY1305_AEAD_KEY_LEN
static constexpr int CHACHA20_POLY1305_AEAD_KEY_LEN
Definition: chacha_poly_aead.h:12

CHACHA20_POLY1305_AEAD_AAD_LEN
static constexpr int CHACHA20_POLY1305_AEAD_AAD_LEN
Definition: chacha_poly_aead.h:13

CHACHA20_ROUND_OUTPUT
static constexpr int CHACHA20_ROUND_OUTPUT
Definition: chacha_poly_aead.h:14

ChaCha20Poly1305AEAD
Definition: chacha_poly_aead.h:118

ChaCha20Poly1305AEAD::Crypt
bool Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int aad_pos, unsigned char *dest, size_t dest_len, const unsigned char *src, size_t src_len, bool is_encrypt)
Encrypts/decrypts a packet seqnr_payload, the message sequence number seqnr_aad, the messages AAD seq...
Definition: chacha_poly_aead.cpp:48

ChaCha20Poly1305AEAD::GetLength
bool GetLength(uint32_t *len24_out, uint64_t seqnr_aad, int aad_pos, const uint8_t *ciphertext)
decrypts the 3 bytes AAD data and decodes it into a uint32_t field
Definition: chacha_poly_aead.cpp:114

FuzzedDataProvider
Definition: FuzzedDataProvider.h:31

Poly1305::TAGLEN
static constexpr unsigned TAGLEN
Length of the output produced by Finalize().
Definition: poly1305.h:43

FUZZ_TARGET
FUZZ_TARGET(crypto_chacha20_poly1305_aead)
Definition: crypto_chacha20_poly1305_aead.cpp:17

fuzz.h

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:18

tests_wycheproof_generate.out
string out
Definition: tests_wycheproof_generate.py:28

overflow.h

AdditionOverflow
bool AdditionOverflow(const T i, const T j) noexcept
Definition: overflow.h:13

poly1305.h

util.h

ConsumeFixedLengthByteVector
std::vector< uint8_t > ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const size_t length) noexcept
Returns a byte vector of specified size regardless of the number of remaining bytes available from th...
Definition: util.h:212

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35

assert
assert(!tx.IsCoinBase())