aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-12-16 20:27:05 -0500
committerJack Lloyd <[email protected]>2016-12-16 20:27:29 -0500
commitbf57b43729321bca22a4d0f05a6a97c6bd22b28a (patch)
treeb08f31b175ef28395b6adb5036c447bf9e5449cc
parent9409fb0d1a20f2b2c5fc7323db185a524cf4a48f (diff)
Add fuzzer for power_mod
[ci skip]
-rw-r--r--src/extra_tests/fuzzers/GNUmakefile13
-rw-r--r--src/extra_tests/fuzzers/jigs/pow_mod.cpp62
2 files changed, 69 insertions, 6 deletions
diff --git a/src/extra_tests/fuzzers/GNUmakefile b/src/extra_tests/fuzzers/GNUmakefile
index 43866d0c3..3e6f9a35a 100644
--- a/src/extra_tests/fuzzers/GNUmakefile
+++ b/src/extra_tests/fuzzers/GNUmakefile
@@ -2,13 +2,14 @@
FUZZERS=$(patsubst jigs/%.cpp,%,$(wildcard jigs/*.cpp))
AFL_SAN_FLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined
-CLANG_SAN_FLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters
-CLANG_SAN_FLAGS=-fsanitize-coverage=edge,indirect-calls,8bit-counters
+CLANG_SAN_FLAGS=-fsanitize=address,undefined -fno-sanitize-recover=undefined
-CFG_FLAGS=--with-debug-info --unsafe-fuzzer-mode
+CLANG_COV_FLAGS=-fsanitize-coverage=edge,indirect-calls,8bit-counters
SHARED_FLAGS=-O3 -g -std=c++11 -pthread
-LIBFUZZER_FLAGS=-Illvm-build/build/include $(SHARED_FLAGS) $(CLANG_SAN_FLAGS)
-AFL_FLAGS=-DINCLUDE_AFL_MAIN -Iafl-build/build/include $(SHARED_FLAGS)
+CFG_FLAGS=--with-debug-info --unsafe-fuzzer-mode
+
+LIBFUZZER_FLAGS=-Illvm-build/build/include $(SHARED_FLAGS) $(CLANG_COV_FLAGS)
+AFL_FLAGS=-Iafl-build/build/include $(SHARED_FLAGS) -DINCLUDE_AFL_MAIN
LIBFUZZER_LIBS=llvm-build/libbotan-1.11.a libFuzzer.a
AFL_LIBS=afl-build/libbotan-1.11.a
@@ -45,7 +46,7 @@ afl-build:
make -j2 -f afl-build/Makefile afl-build/libbotan-1.11.a
llvm-build:
- ../../../configure.py $(CFG_FLAGS) --with-build-dir=llvm-build --cc=clang --cc-bin=$(CLANG_CXX) --cc-abi-flags="$(CLANG_SAN_FLAGS)"
+ ../../../configure.py $(CFG_FLAGS) --with-build-dir=llvm-build --cc=clang --cc-bin=$(CLANG_CXX) --cc-abi-flags="$(CLANG_COV_FLAGS) $(CLANG_SAN_FLAGS)"
make -j2 -f llvm-build/Makefile llvm-build/libbotan-1.11.a
# libFuzzer default is max_len 64 this sets 140 but allows override via args=
diff --git a/src/extra_tests/fuzzers/jigs/pow_mod.cpp b/src/extra_tests/fuzzers/jigs/pow_mod.cpp
new file mode 100644
index 000000000..65181ac93
--- /dev/null
+++ b/src/extra_tests/fuzzers/jigs/pow_mod.cpp
@@ -0,0 +1,62 @@
+/*
+* (C) 2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "driver.h"
+#include <botan/numthry.h>
+#include <botan/reducer.h>
+#include <botan/pow_mod.h>
+
+BigInt simple_power_mod(BigInt x, BigInt n, const BigInt& p)
+ {
+ if(n == 0)
+ {
+ if(p == 1)
+ return 0;
+ return 1;
+ }
+
+ Modular_Reducer mod_p(p);
+ BigInt y = 1;
+
+ while(n > 1)
+ {
+ if(n.is_odd())
+ {
+ y = mod_p.multiply(x, y);
+ }
+ x = mod_p.square(x);
+ n >>= 1;
+ }
+ return mod_p.multiply(x, y);
+ }
+
+void fuzz(const uint8_t in[], size_t len)
+ {
+ if(len % 3 != 0 || len > 3 * (2048/8))
+ return;
+
+ const size_t part_size = len / 3;
+
+ try
+ {
+ const BigInt g = BigInt::decode(in, part_size);
+ const BigInt x = BigInt::decode(in + part_size, part_size);
+ const BigInt p = BigInt::decode(in + 2 * (part_size), part_size);
+ const BigInt ref = simple_power_mod(g, x, p);
+ const BigInt z = Botan::power_mod(g, x, p);
+
+ if(ref != z)
+ {
+ std::cout << "G = " << g << "\n"
+ << "X = " << x << "\n"
+ << "P = " << p << "\n"
+ << "Z = " << z << "\n"
+ << "R = " << ref << "\n";
+ abort();
+ }
+ }
+ catch(Botan::Exception& e) {}
+ }