diff options
author | Jack Lloyd <[email protected]> | 2016-12-16 20:27:05 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-12-16 20:27:29 -0500 |
commit | bf57b43729321bca22a4d0f05a6a97c6bd22b28a (patch) | |
tree | b08f31b175ef28395b6adb5036c447bf9e5449cc | |
parent | 9409fb0d1a20f2b2c5fc7323db185a524cf4a48f (diff) |
Add fuzzer for power_mod
[ci skip]
-rw-r--r-- | src/extra_tests/fuzzers/GNUmakefile | 13 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/pow_mod.cpp | 62 |
2 files changed, 69 insertions, 6 deletions
diff --git a/src/extra_tests/fuzzers/GNUmakefile b/src/extra_tests/fuzzers/GNUmakefile index 43866d0c3..3e6f9a35a 100644 --- a/src/extra_tests/fuzzers/GNUmakefile +++ b/src/extra_tests/fuzzers/GNUmakefile @@ -2,13 +2,14 @@ FUZZERS=$(patsubst jigs/%.cpp,%,$(wildcard jigs/*.cpp)) AFL_SAN_FLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined -CLANG_SAN_FLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -CLANG_SAN_FLAGS=-fsanitize-coverage=edge,indirect-calls,8bit-counters +CLANG_SAN_FLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined -CFG_FLAGS=--with-debug-info --unsafe-fuzzer-mode +CLANG_COV_FLAGS=-fsanitize-coverage=edge,indirect-calls,8bit-counters SHARED_FLAGS=-O3 -g -std=c++11 -pthread -LIBFUZZER_FLAGS=-Illvm-build/build/include $(SHARED_FLAGS) $(CLANG_SAN_FLAGS) -AFL_FLAGS=-DINCLUDE_AFL_MAIN -Iafl-build/build/include $(SHARED_FLAGS) +CFG_FLAGS=--with-debug-info --unsafe-fuzzer-mode + +LIBFUZZER_FLAGS=-Illvm-build/build/include $(SHARED_FLAGS) $(CLANG_COV_FLAGS) +AFL_FLAGS=-Iafl-build/build/include $(SHARED_FLAGS) -DINCLUDE_AFL_MAIN LIBFUZZER_LIBS=llvm-build/libbotan-1.11.a libFuzzer.a AFL_LIBS=afl-build/libbotan-1.11.a @@ -45,7 +46,7 @@ afl-build: make -j2 -f afl-build/Makefile afl-build/libbotan-1.11.a llvm-build: - ../../../configure.py $(CFG_FLAGS) --with-build-dir=llvm-build --cc=clang --cc-bin=$(CLANG_CXX) --cc-abi-flags="$(CLANG_SAN_FLAGS)" + ../../../configure.py $(CFG_FLAGS) --with-build-dir=llvm-build --cc=clang --cc-bin=$(CLANG_CXX) --cc-abi-flags="$(CLANG_COV_FLAGS) $(CLANG_SAN_FLAGS)" make -j2 -f llvm-build/Makefile llvm-build/libbotan-1.11.a # libFuzzer default is max_len 64 this sets 140 but allows override via args= diff --git a/src/extra_tests/fuzzers/jigs/pow_mod.cpp b/src/extra_tests/fuzzers/jigs/pow_mod.cpp new file mode 100644 index 000000000..65181ac93 --- /dev/null +++ b/src/extra_tests/fuzzers/jigs/pow_mod.cpp @@ -0,0 +1,62 @@ +/* +* (C) 2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "driver.h" +#include <botan/numthry.h> +#include <botan/reducer.h> +#include <botan/pow_mod.h> + +BigInt simple_power_mod(BigInt x, BigInt n, const BigInt& p) + { + if(n == 0) + { + if(p == 1) + return 0; + return 1; + } + + Modular_Reducer mod_p(p); + BigInt y = 1; + + while(n > 1) + { + if(n.is_odd()) + { + y = mod_p.multiply(x, y); + } + x = mod_p.square(x); + n >>= 1; + } + return mod_p.multiply(x, y); + } + +void fuzz(const uint8_t in[], size_t len) + { + if(len % 3 != 0 || len > 3 * (2048/8)) + return; + + const size_t part_size = len / 3; + + try + { + const BigInt g = BigInt::decode(in, part_size); + const BigInt x = BigInt::decode(in + part_size, part_size); + const BigInt p = BigInt::decode(in + 2 * (part_size), part_size); + const BigInt ref = simple_power_mod(g, x, p); + const BigInt z = Botan::power_mod(g, x, p); + + if(ref != z) + { + std::cout << "G = " << g << "\n" + << "X = " << x << "\n" + << "P = " << p << "\n" + << "Z = " << z << "\n" + << "R = " << ref << "\n"; + abort(); + } + } + catch(Botan::Exception& e) {} + } |