arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-02-06 12:51:21 +00:00
Code Issues Releases Wiki Activity

feat(crypto): improve trezor-crypto fuzzer

Browse Source
This commit is contained in:
Christian Reitter 2022-08-12 14:04:15 +02:00 committed by Andrew Kozlik
parent b56e848eaa
commit d069b2955e
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
crypto/fuzzer/fuzzer.c
View File

@ -80,9 +80,10 @@
* *
* use #define over runtime checks for performance reasons * use #define over runtime checks for performance reasons
* avoid VLA arrays for performance reasons * avoid VLA arrays for performance reasons
* potential performance drawbacks of heap usage are accepted for better out of bounds error detection * potential performance drawbacks of heap usage are accepted for better out of
* some expensive functions are hidden with compile-time switches * bounds error detection some expensive functions are hidden with compile-time
* fuzzer harnesses are meant to exit early if the preconditions are not met * switches fuzzer harnesses are meant to exit early if the preconditions are
* not met
*/ */
/* fuzzer input data handling */ /* fuzzer input data handling */
@ -182,7 +183,8 @@ int fuzz_bn_format(void) {
memset(prefix, 0, prefixlen); memset(prefix, 0, prefixlen);
memset(suffix, 0, suffixlen); memset(suffix, 0, suffixlen);
// only fetch up to (length - 1) to ensure null termination together with the memset // only fetch up to (length - 1) to ensure null termination together with the
// memset
memcpy(prefix, fuzzer_input(prefixlen - 1), prefixlen - 1); memcpy(prefix, fuzzer_input(prefixlen - 1), prefixlen - 1);
memcpy(suffix, fuzzer_input(suffixlen - 1), suffixlen - 1); memcpy(suffix, fuzzer_input(suffixlen - 1), suffixlen - 1);
@ -386,7 +388,6 @@ int fuzz_xmr_base58_addr_decode_check(void) {
#define XMR_BASE58_DECODE_MAX_INPUT_LEN 512 #define XMR_BASE58_DECODE_MAX_INPUT_LEN 512
// a more focused variant of the xmr_base58_addr_decode_check() harness // a more focused variant of the xmr_base58_addr_decode_check() harness
int fuzz_xmr_base58_decode(void) { int fuzz_xmr_base58_decode(void) {
if (fuzzer_length > XMR_BASE58_DECODE_MAX_INPUT_LEN) { if (fuzzer_length > XMR_BASE58_DECODE_MAX_INPUT_LEN) {
return -1; return -1;
} }
@ -450,7 +451,7 @@ int fuzz_xmr_base58_addr_encode_check(void) {
int ret2 = 0; int ret2 = 0;
// encoding successful // encoding successful
ret2 = xmr_base58_addr_decode_check(out_buffer, outlen, &second_tag, ret2 = xmr_base58_addr_decode_check(out_buffer, outlen, &second_tag,
dummy_buffer, 512); dummy_buffer, sizeof(dummy_buffer));
if (ret2 == 0) { if (ret2 == 0) {
// TODO investigate irregularities // TODO investigate irregularities
// crash(); // crash();
@ -466,7 +467,6 @@ int fuzz_xmr_base58_addr_encode_check(void) {
#define XMR_BASE58_ENCODE_MAX_INPUT_LEN 512 #define XMR_BASE58_ENCODE_MAX_INPUT_LEN 512
// a more focused variant of the xmr_base58_addr_encode_check() harness // a more focused variant of the xmr_base58_addr_encode_check() harness
int fuzz_xmr_base58_encode(void) { int fuzz_xmr_base58_encode(void) {
if (fuzzer_length > XMR_BASE58_ENCODE_MAX_INPUT_LEN) { if (fuzzer_length > XMR_BASE58_ENCODE_MAX_INPUT_LEN) {
return -1; return -1;
} }
@ -1259,11 +1259,10 @@ int fuzz_button_sequence_to_word(void) {
} }
int fuzz_xmr_add_keys(void) { int fuzz_xmr_add_keys(void) {
bignum256modm a, b; bignum256modm a, b;
ge25519 A, B; ge25519 A, B;
if (fuzzer_length < sizeof(bignum256modm) * 2 + sizeof(ge25519) * 2 ) { if (fuzzer_length < sizeof(bignum256modm) * 2 + sizeof(ge25519) * 2) {
return -1; return -1;
} }
memcpy(&a, fuzzer_input(sizeof(bignum256modm)), sizeof(bignum256modm)); memcpy(&a, fuzzer_input(sizeof(bignum256modm)), sizeof(bignum256modm));
@ -1289,7 +1288,6 @@ int fuzz_xmr_add_keys(void) {
} }
int fuzz_ecdh_multiply(void) { int fuzz_ecdh_multiply(void) {
uint8_t priv_key[32]; uint8_t priv_key[32];
// 33 or 65 bytes content // 33 or 65 bytes content
uint8_t pub_key[65]; uint8_t pub_key[65];
@ -1307,18 +1305,19 @@ int fuzz_ecdh_multiply(void) {
// TODO evaluate crash with &curve == NULL, documentation / convention issue? // TODO evaluate crash with &curve == NULL, documentation / convention issue?
const ecdsa_curve *curve2; const ecdsa_curve *curve2;
// ecdh_multiply() is only called with secp256k1 and nist256p1 curve from modtrezorcrypto code // ecdh_multiply() is only called with secp256k1 and nist256p1 curve from
// theoretically other curve parameters are also possible // modtrezorcrypto code theoretically other curve parameters are also possible
if ((decider & 1) == 0) { if ((decider & 1) == 0) {
curve2 = &nist256p1; curve2 = &nist256p1;
} else { } else {
curve2 = &secp256k1; curve2 = &secp256k1;
} }
res1 = ecdh_multiply(curve2, (uint8_t *)&priv_key, (uint8_t *)&pub_key, (uint8_t *)&session_key); res1 = ecdh_multiply(curve2, (uint8_t *)&priv_key, (uint8_t *)&pub_key,
(uint8_t *)&session_key);
check_msan(&session_key, sizeof(session_key)); check_msan(&session_key, sizeof(session_key));
if(res1 != 0) { if (res1 != 0) {
// failure case // failure case
} }
@ -1368,7 +1367,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// recent libFuzzer implementations support marking inputs as non-interesting // recent libFuzzer implementations support marking inputs as non-interesting
// via return -1; instead of the regular return 0; // via return -1; instead of the regular return 0;
// see https://github.com/llvm/llvm-project/commit/92fb310151d2b1e349695fc0f1c5d5d50afb3b52 // see
// https://github.com/llvm/llvm-project/commit/92fb310151d2b1e349695fc0f1c5d5d50afb3b52
int target_result = 0; int target_result = 0;
// TODO reorder and regroup target functions // TODO reorder and regroup target functions