Add fuzzing harness to compare python and cpp chacha20 outputs

stratospher · stratospher · commit 6972662e6247 · 2022-01-17T12:37:04.000+05:30
This behaves like the client and sends requests to the python server
file (src/test/fuzz/script.py) to perform certain operations,
receives python output computed in the server file and compares both
to see if they match.
diff --git a/src/Makefile.test.include b/src/Makefile.test.include
@@ -240,6 +240,7 @@ test_fuzz_fuzz_SOURCES = \
  test/fuzz/crypto_chacha20_poly1305_aead.cpp \
  test/fuzz/crypto_common.cpp \
  test/fuzz/crypto_diff_fuzz_chacha20.cpp \
+ test/fuzz/crypto_diff_fuzz_pychacha20.cpp \
  test/fuzz/crypto_hkdf_hmac_sha256_l32.cpp \
  test/fuzz/crypto_poly1305.cpp \
  test/fuzz/cuckoocache.cpp \
diff --git a/src/test/fuzz/crypto_diff_fuzz_pychacha20.cpp b/src/test/fuzz/crypto_diff_fuzz_pychacha20.cpp
@@ -2,6 +2,11 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <crypto/chacha20.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
 #include <cstdint>
 #include <netdb.h>
 #include <netinet/in.h>
@@ -12,6 +17,8 @@
 #include <unistd.h>
 #include <vector>
 
+#define SV_SOCK_PATH "/tmp/socket_test.s"
+
 // read size from a file descriptor
 // return true if val is set, false for EOF
 static bool read_uint32(int read_fd, uint32_t& val)
@@ -128,4 +135,84 @@ void send_to_python(int sockfd, uint32_t num)
             iBuf += rc;
         }
     }
+}
+
+FUZZ_TARGET(crypto_diff_fuzz_pychacha20)
+{
+    /* ----------------------- socket initialisation --------------------------  */
+    struct sockaddr_un addr;
+
+    // Create a new client socket with domain: AF_UNIX, type: SOCK_STREAM, protocol: 0
+    int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
+
+    // Make sure socket's file descriptor is legit.
+    if (sockfd == -1) {
+        std::cout << "socket creation failed...\n";
+        exit(1);
+    }
+
+    // Construct server address, and make the connection.
+    memset(&addr, 0, sizeof(struct sockaddr_un));
+    addr.sun_family = AF_UNIX;
+    strncpy(addr.sun_path, SV_SOCK_PATH, sizeof(addr.sun_path) - 1);
+
+    struct timeval tv;
+    tv.tv_sec = 60;
+    tv.tv_usec = 0;
+    setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO, (const char*)&tv, sizeof tv);
+
+    // Connects the active socket(sockfd) to the listening socket whose address is addr.
+    if (connect(sockfd, (struct sockaddr*)&addr, sizeof(struct sockaddr_un)) == -1) {
+        std::cout << "connection with the server failed...\n";
+        exit(1);
+    }
+    /* ----------------------- initialisation over -----------------------  */
+    /* ----------------------- fuzzing phase ------------------------------ */
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    ChaCha20 chacha20;
+
+    const std::vector<unsigned char> key = ConsumeFixedLengthByteVector(fuzzed_data_provider, 32);
+    chacha20 = ChaCha20{key.data(), key.size()};
+    // send to python server [4][init][key.size][key.data]
+    send_to_python(sockfd, "init");
+    send_to_python(sockfd, std::string(key.begin(), key.end()));
+    // check if response from python server is "ok"
+    std::vector<unsigned char> response = read_from_python(sockfd);
+    std::string s1(response.begin(), response.end());
+    assert(s1 == "ok");
+
+    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 3000)
+    {
+        CallOneOf(
+            fuzzed_data_provider,
+            [&] {
+                uint32_t integralInRange = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);
+                std::vector<uint8_t> cpp_keystream(integralInRange);
+                chacha20.Keystream(cpp_keystream.data(), cpp_keystream.size());
+                // send to python server [6]["stream"][keystream_size]
+                send_to_python(sockfd, "stream");
+                send_to_python(sockfd, integralInRange);
+                // check if the cpp and python computations of the keystream match
+                std::vector<unsigned char> py_keystream = read_from_python(sockfd);
+                assert(cpp_keystream == py_keystream);
+            },
+            [&] {
+                uint32_t integralInRange = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096);
+                std::vector<uint8_t> cpp_ciphertext(integralInRange);
+                const std::vector<uint8_t> plaintext = ConsumeFixedLengthByteVector(fuzzed_data_provider, integralInRange);
+                chacha20.Crypt(plaintext.data(), cpp_ciphertext.data(), integralInRange);
+                // send to python server [5]["crypt"][size][plaintext]
+                send_to_python(sockfd, "crypt");
+                send_to_python(sockfd, std::string(plaintext.begin(), plaintext.end()));
+                // check if the cpp and python ciphertext match
+                std::vector<unsigned char> py_ciphertext = read_from_python(sockfd);
+                assert(cpp_ciphertext == py_ciphertext);
+            });
+    }
+    send_to_python(sockfd, "exit");
+    response = read_from_python(sockfd);
+    std::string s2(response.begin(), response.end());
+    assert(s2 == "ok");
+    /* ----------------------- end fuzzing phase -----------------------  */
+    close(sockfd);
 }
