crypto__chacha20__poly1305__aead_8cpp_source.html

// Copyright (c) 2020-2021 The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <crypto/chacha_poly_aead.h>

#include <crypto/poly1305.h>

#include <test/fuzz/FuzzedDataProvider.h>

#include <test/fuzz/fuzz.h>

#include <test/fuzz/util.h>


#include <cassert>

#include <cstdint>

#include <limits>

#include <vector>


FUZZ_TARGET(crypto_chacha20_poly1305_aead)

{

    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};


    const std::vector<uint8_t> k1 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);

    const std::vector<uint8_t> k2 = ConsumeFixedLengthByteVector(fuzzed_data_provider, CHACHA20_POLY1305_AEAD_KEY_LEN);


    ChaCha20Poly1305AEAD aead(k1.data(), k1.size(), k2.data(), k2.size());

    uint64_t seqnr_payload = 0;

    uint64_t seqnr_aad = 0;

    int aad_pos = 0;

    size_t buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);

    std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);

    std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);

    bool is_encrypt = fuzzed_data_provider.ConsumeBool();

    while (fuzzed_data_provider.ConsumeBool()) {

        CallOneOf(

            fuzzed_data_provider,

            [&] {

                buffer_size = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(64, 4096);

                in = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);

                out = std::vector<uint8_t>(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);

            },

            [&] {

                (void)aead.Crypt(seqnr_payload, seqnr_aad, aad_pos, out.data(), out.size(), in.data(), buffer_size, is_encrypt);

            },

            [&] {

                uint32_t len = 0;

                const bool ok = aead.GetLength(&len, seqnr_aad, aad_pos, in.data());

                assert(ok);

            },

            [&] {

                if (AdditionOverflow(seqnr_payload, static_cast<uint64_t>(1))) {

                    return;

                }

                seqnr_payload += 1;

                aad_pos += CHACHA20_POLY1305_AEAD_AAD_LEN;

                if (aad_pos + CHACHA20_POLY1305_AEAD_AAD_LEN > CHACHA20_ROUND_OUTPUT) {

                    aad_pos = 0;

                    if (AdditionOverflow(seqnr_aad, static_cast<uint64_t>(1))) {

                        return;

                    }

                    seqnr_aad += 1;

                }

            },

            [&] {

                seqnr_payload = fuzzed_data_provider.ConsumeIntegral<uint64_t>();

            },

            [&] {

                seqnr_aad = fuzzed_data_provider.ConsumeIntegral<uint64_t>();

            },

            [&] {

                is_encrypt = fuzzed_data_provider.ConsumeBool();

            });

    }

}

FuzzedDataProvider.h

k1
static const unsigned char k1[32]
Definition: chacha_poly_aead.cpp:19

aead
static ChaCha20Poly1305AEAD aead(k1, 32, k2, 32)

k2
static const unsigned char k2[32]
Definition: chacha_poly_aead.cpp:20

chacha_poly_aead.h

CHACHA20_POLY1305_AEAD_KEY_LEN
static constexpr int CHACHA20_POLY1305_AEAD_KEY_LEN
Definition: chacha_poly_aead.h:12

CHACHA20_POLY1305_AEAD_AAD_LEN
static constexpr int CHACHA20_POLY1305_AEAD_AAD_LEN
Definition: chacha_poly_aead.h:13

CHACHA20_ROUND_OUTPUT
static constexpr int CHACHA20_ROUND_OUTPUT
Definition: chacha_poly_aead.h:14

ChaCha20Poly1305AEAD
Definition: chacha_poly_aead.h:118

ChaCha20Poly1305AEAD::Crypt
bool Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int aad_pos, unsigned char *dest, size_t dest_len, const unsigned char *src, size_t src_len, bool is_encrypt)
Encrypts/decrypts a packet seqnr_payload, the message sequence number seqnr_aad, the messages AAD seq...
Definition: chacha_poly_aead.cpp:43

ChaCha20Poly1305AEAD::GetLength
bool GetLength(uint32_t *len24_out, uint64_t seqnr_aad, int aad_pos, const uint8_t *ciphertext)
decrypts the 3 bytes AAD data and decodes it into a uint32_t field
Definition: chacha_poly_aead.cpp:107

FuzzedDataProvider
Definition: FuzzedDataProvider.h:31

FUZZ_TARGET
FUZZ_TARGET(crypto_chacha20_poly1305_aead)
Definition: crypto_chacha20_poly1305_aead.cpp:16

fuzz.h

poly1305.h

POLY1305_TAGLEN
#define POLY1305_TAGLEN
Definition: poly1305.h:12

util.h

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:40

AdditionOverflow
bool AdditionOverflow(const T i, const T j) noexcept
Definition: util.h:195

ConsumeFixedLengthByteVector
std::vector< uint8_t > ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const size_t length) noexcept
Returns a byte vector of specified size regardless of the number of remaining bytes available from th...
Definition: util.h:230

assert
assert(!tx.IsCoinBase())