diff options
| -rw-r--r-- | src/Makefile.test.include | 7 | ||||
| -rw-r--r-- | src/test/fuzz/signature_checker.cpp | 68 |
2 files changed, 75 insertions, 0 deletions
diff --git a/src/Makefile.test.include b/src/Makefile.test.include index 9697a157fb..e92b02a9bc 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -91,6 +91,7 @@ FUZZ_TARGETS = \ test/fuzz/script_ops \ test/fuzz/scriptnum_ops \ test/fuzz/service_deserialize \ + test/fuzz/signature_checker \ test/fuzz/snapshotmetadata_deserialize \ test/fuzz/spanparsing \ test/fuzz/string \ @@ -809,6 +810,12 @@ test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp +test_fuzz_signature_checker_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) +test_fuzz_signature_checker_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) +test_fuzz_signature_checker_LDADD = $(FUZZ_SUITE_LD_COMMON) +test_fuzz_signature_checker_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) +test_fuzz_signature_checker_SOURCES = $(FUZZ_SUITE) test/fuzz/signature_checker.cpp + test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1 test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) diff --git a/src/test/fuzz/signature_checker.cpp b/src/test/fuzz/signature_checker.cpp new file mode 100644 index 0000000000..312db27adc --- /dev/null +++ b/src/test/fuzz/signature_checker.cpp @@ -0,0 +1,68 @@ +// Copyright (c) 2009-2019 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include <pubkey.h> +#include <script/interpreter.h> +#include <test/fuzz/FuzzedDataProvider.h> +#include <test/fuzz/fuzz.h> +#include <util/memory.h> + +#include <cstdint> +#include <limits> +#include <string> +#include <vector> + +void initialize() +{ + static const auto verify_handle = MakeUnique<ECCVerifyHandle>(); +} + +namespace { +class FuzzedSignatureChecker : public BaseSignatureChecker +{ + FuzzedDataProvider& m_fuzzed_data_provider; + +public: + FuzzedSignatureChecker(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider(fuzzed_data_provider) + { + } + + virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const + { + return m_fuzzed_data_provider.ConsumeBool(); + } + + virtual bool CheckLockTime(const CScriptNum& nLockTime) const + { + return m_fuzzed_data_provider.ConsumeBool(); + } + + virtual bool CheckSequence(const CScriptNum& nSequence) const + { + return m_fuzzed_data_provider.ConsumeBool(); + } + + virtual ~FuzzedSignatureChecker() {} +}; +} // namespace + +void test_one_input(const std::vector<uint8_t>& buffer) +{ + FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); + const unsigned int flags = fuzzed_data_provider.ConsumeIntegral<unsigned int>(); + const SigVersion sig_version = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}); + const std::string script_string_1 = fuzzed_data_provider.ConsumeRandomLengthString(65536); + const std::vector<uint8_t> script_bytes_1{script_string_1.begin(), script_string_1.end()}; + const std::string script_string_2 = fuzzed_data_provider.ConsumeRandomLengthString(65536); + const std::vector<uint8_t> script_bytes_2{script_string_2.begin(), script_string_2.end()}; + std::vector<std::vector<unsigned char>> stack; + (void)EvalScript(stack, {script_bytes_1.begin(), script_bytes_1.end()}, flags, FuzzedSignatureChecker(fuzzed_data_provider), sig_version, nullptr); + if ((flags & SCRIPT_VERIFY_CLEANSTACK) != 0 && ((flags & SCRIPT_VERIFY_P2SH) == 0 || (flags & SCRIPT_VERIFY_WITNESS) == 0)) { + return; + } + if ((flags & SCRIPT_VERIFY_WITNESS) != 0 && (flags & SCRIPT_VERIFY_P2SH) == 0) { + return; + } + (void)VerifyScript({script_bytes_1.begin(), script_bytes_1.end()}, {script_bytes_2.begin(), script_bytes_2.end()}, nullptr, flags, FuzzedSignatureChecker(fuzzed_data_provider), nullptr); +} |