From 2fc4e5916c1c35902a32830c3f199a308a66bea0 Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Wed, 17 Jun 2020 11:12:05 +0000
Subject: tests: Add fuzzing harness for ChaCha20

---
 src/Makefile.test.include         |  7 ++++++
 src/test/fuzz/crypto_chacha20.cpp | 50 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 src/test/fuzz/crypto_chacha20.cpp

(limited to 'src')

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 4ec5315d71..91aa6175b4 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -35,6 +35,7 @@ FUZZ_TARGETS = \
   test/fuzz/crypto \
   test/fuzz/crypto_aes256 \
   test/fuzz/crypto_aes256cbc \
+  test/fuzz/crypto_chacha20 \
   test/fuzz/crypto_common \
   test/fuzz/crypto_hkdf_hmac_sha256_l32 \
   test/fuzz/crypto_poly1305 \
@@ -502,6 +503,12 @@ test_fuzz_crypto_aes256cbc_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_crypto_aes256cbc_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_crypto_aes256cbc_SOURCES = test/fuzz/crypto_aes256cbc.cpp
 
+test_fuzz_crypto_chacha20_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_crypto_chacha20_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_crypto_chacha20_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_crypto_chacha20_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_crypto_chacha20_SOURCES = test/fuzz/crypto_chacha20.cpp
+
 test_fuzz_crypto_common_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_crypto_common_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_crypto_common_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/crypto_chacha20.cpp b/src/test/fuzz/crypto_chacha20.cpp
new file mode 100644
index 0000000000..b7438d312d
--- /dev/null
+++ b/src/test/fuzz/crypto_chacha20.cpp
@@ -0,0 +1,50 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <crypto/chacha20.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cstdint>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+
+    ChaCha20 chacha20;
+    if (fuzzed_data_provider.ConsumeBool()) {
+        const std::vector<unsigned char> key = ConsumeFixedLengthByteVector(fuzzed_data_provider, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(16, 32));
+        chacha20 = ChaCha20{key.data(), key.size()};
+    }
+    while (fuzzed_data_provider.ConsumeBool()) {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 4)) {
+        case 0: {
+            const std::vector<unsigned char> key = ConsumeFixedLengthByteVector(fuzzed_data_provider, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(16, 32));
+            chacha20.SetKey(key.data(), key.size());
+            break;
+        }
+        case 1: {
+            chacha20.SetIV(fuzzed_data_provider.ConsumeIntegral<uint64_t>());
+            break;
+        }
+        case 2: {
+            chacha20.Seek(fuzzed_data_provider.ConsumeIntegral<uint64_t>());
+            break;
+        }
+        case 3: {
+            std::vector<uint8_t> output(fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096));
+            chacha20.Keystream(output.data(), output.size());
+            break;
+        }
+        case 4: {
+            std::vector<uint8_t> output(fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096));
+            const std::vector<uint8_t> input = ConsumeFixedLengthByteVector(fuzzed_data_provider, output.size());
+            chacha20.Crypt(input.data(), output.data(), input.size());
+            break;
+        }
+        }
+    }
+}
-- 
cgit v1.2.3