Skip to content

Commit 2f42113

Browse files
dhruvdhruv
committed
fuzz: Provide correct MAC tag to assist v2 transport fuzzing
before commit: 121218 REDUCE cov: 1889 ft: 2574 corp: 36/2305b lim: 877 exec/s: 939 rss: 442Mb L: 345/345 after commit: 119632 REDUCE cov: 2692 ft: 3657 corp: 57/8816b lim: 1021 exec/s: 61 rss: 478Mb L: 1000/1013
1 parent 932c9df commit 2f42113

File tree

1 file changed

+19
-6
lines changed

1 file changed

+19
-6
lines changed

src/test/fuzz/p2p_v2_transport_serialization.cpp

+19-6
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
#include <compat/endian.h>
66
#include <crypto/chacha_poly_aead.h>
7+
#include <crypto/poly1305.h>
78
#include <key.h>
89
#include <net.h>
910
#include <netmessagemaker.h>
@@ -14,21 +15,33 @@
1415

1516
FUZZ_TARGET(p2p_v2_transport_serialization)
1617
{
17-
const CPrivKey k1(32, 0);
18-
const CPrivKey k2(32, 0);
18+
const CPrivKey k1(CHACHA20_POLY1305_AEAD_KEY_LEN, 0);
19+
const CPrivKey k2(CHACHA20_POLY1305_AEAD_KEY_LEN, 0);
1920

2021
// Construct deserializer, with a dummy NodeId
2122
V2TransportDeserializer deserializer{(NodeId)0, k1, k2};
2223
V2TransportSerializer serializer{k1, k2};
2324
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
2425

2526
bool length_assist = fuzzed_data_provider.ConsumeBool();
27+
bool mac_assist = fuzzed_data_provider.ConsumeBool();
2628
auto payload_bytes = fuzzed_data_provider.ConsumeRemainingBytes<uint8_t>();
2729

28-
if (length_assist && payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
29-
uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
30-
packet_length = htole32(packet_length);
31-
memcpy(payload_bytes.data(), &packet_length, 3);
30+
if (payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
31+
if (length_assist) {
32+
uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
33+
packet_length = htole32(packet_length);
34+
memcpy(payload_bytes.data(), &packet_length, 3);
35+
}
36+
37+
if (mac_assist) {
38+
unsigned char pseudorandom_bytes[CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_KEYLEN];
39+
memset(pseudorandom_bytes, 0, sizeof(pseudorandom_bytes));
40+
ChaCha20Forward4064 chacha{k1.data(), CHACHA20_POLY1305_AEAD_KEY_LEN};
41+
chacha.Crypt(pseudorandom_bytes, pseudorandom_bytes, CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_KEYLEN);
42+
43+
poly1305_auth(payload_bytes.data() + (payload_bytes.size() - POLY1305_TAGLEN), payload_bytes.data(), (payload_bytes.size() - POLY1305_TAGLEN), pseudorandom_bytes + CHACHA20_POLY1305_AEAD_AAD_LEN);
44+
}
3245
}
3346

3447
Span<const uint8_t> msg_bytes{payload_bytes};

0 commit comments

Comments
 (0)