Coverage Report

Created: 2021-01-13 07:05

/src/botan/src/fuzzer/barrett.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* (C) 2018,2020 Jack Lloyd
3
*
4
* Botan is released under the Simplified BSD License (see license.txt)
5
*/
6
7
#include "fuzzers.h"
8
#include <botan/numthry.h>
9
#include <botan/reducer.h>
10
#include <botan/internal/divide.h>
11
12
void fuzz(const uint8_t in[], size_t len)
13
1.11k
   {
14
1.11k
   static const size_t max_bits = 4096;
15
16
1.11k
   if(len <= 4)
17
4
      return;
18
19
1.10k
   if(len > 2*(max_bits/8))
20
19
      return;
21
22
1.08k
   const size_t x_len = 2 * ((len + 2) / 3);
23
24
1.08k
   Botan::BigInt x = Botan::BigInt::decode(in, x_len);
25
1.08k
   const Botan::BigInt p = Botan::BigInt::decode(in + x_len, len - x_len);
26
27
1.08k
   if(p.is_zero())
28
2
      return;
29
30
1.08k
   const size_t x_bits = x.bits();
31
1.08k
   if(x_bits % 8 == 0 && x_bits / 8 == x_len)
32
511
      x.flip_sign();
33
34
1.08k
   const Botan::BigInt ref = x % p;
35
36
1.08k
   const Botan::Modular_Reducer mod_p(p);
37
1.08k
   const Botan::BigInt z = mod_p.reduce(x);
38
39
1.08k
   const Botan::BigInt ct = ct_modulo(x, p);
40
41
1.08k
   if(ref != z || ref != ct)
42
0
      {
43
0
      FUZZER_WRITE_AND_CRASH("X = " << x << "\n"
44
0
                             << "P = " << p << "\n"
45
0
                             << "Barrett = " << z << "\n"
46
0
                             << "Ct = " << ct << "\n"
47
0
                             << "Ref = " << ref << "\n");
48
0
      }
49
1.08k
   }