/src/cryptofuzz/mutator.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | #include <cstdint> |
2 | | #include <array> |
3 | | #include <fuzzing/datasource/datasource.hpp> |
4 | | #include <fuzzing/datasource/id.hpp> |
5 | | #include <cryptofuzz/operations.h> |
6 | | #include <cryptofuzz/repository.h> |
7 | | #include <cryptofuzz/options.h> |
8 | | #include <cryptofuzz/util.h> |
9 | | #include <boost/multiprecision/cpp_int.hpp> |
10 | | #include <boost/lexical_cast.hpp> |
11 | | #include <boost/random.hpp> |
12 | | #include <algorithm> |
13 | | #include <random> |
14 | | #include "config.h" |
15 | | #include "repository_tbl.h" |
16 | | #include "numbers.h" |
17 | | #include "mutatorpool.h" |
18 | | #include "_z3.h" |
19 | | #include "expmod.h" |
20 | | #include "third_party/json/json.hpp" |
21 | | |
22 | | extern "C" size_t LLVMFuzzerMutate(uint8_t* data, size_t size, size_t maxSize); |
23 | | |
24 | | uint32_t PRNG(void) |
25 | 9.52k | { |
26 | 9.52k | static uint32_t nSeed = 5323; |
27 | 9.52k | nSeed = (8253729 * nSeed + 2396403); |
28 | 9.52k | return nSeed % 32767; |
29 | 9.52k | } |
30 | | |
31 | | auto rng = std::default_random_engine {}; |
32 | | |
33 | | boost::multiprecision::cpp_int cpp_int_reciprocal( |
34 | | boost::multiprecision::cpp_int x, |
35 | 0 | boost::multiprecision::cpp_int m) { |
36 | 0 | if ( x == 0 || x >= m ) { |
37 | 0 | return x; |
38 | 0 | } |
39 | 0 | boost::multiprecision::cpp_int y = x; |
40 | 0 | x = m; |
41 | 0 | boost::multiprecision::cpp_int a = 0; |
42 | 0 | boost::multiprecision::cpp_int b = 1; |
43 | 0 | while ( y != 0 ) { |
44 | 0 | boost::multiprecision::cpp_int tmp; |
45 | |
|
46 | 0 | tmp = a; |
47 | 0 | a = b; |
48 | 0 | b = tmp - x / y * b; |
49 | |
|
50 | 0 | tmp = x; |
51 | 0 | x = y; |
52 | 0 | y = tmp % y; |
53 | 0 | } |
54 | |
|
55 | 0 | if ( x == 1 ) { |
56 | 0 | return a % m; |
57 | 0 | } |
58 | | |
59 | 0 | return 0; |
60 | 0 | } |
61 | | |
62 | 0 | static size_t cpp_int_num_bits(const boost::multiprecision::cpp_int& m) { |
63 | 0 | boost::multiprecision::cpp_int m_copy = m; |
64 | |
|
65 | 0 | size_t num_bits = 0; |
66 | 0 | while ( m_copy ) { |
67 | 0 | m_copy >>= 1; |
68 | 0 | num_bits++; |
69 | 0 | } |
70 | 0 | num_bits = (num_bits / 8 + 1) * 8; |
71 | |
|
72 | 0 | return num_bits; |
73 | 0 | } |
74 | | |
75 | 0 | static std::string to_mont(const std::string& y_, const std::string& mod_) { |
76 | 0 | if ( y_ == "" || (y_.size() && (y_[0] == '0' || y_[0] == '-')) ) { |
77 | 0 | return y_; |
78 | 0 | } |
79 | 0 | if ( mod_ == "" || (mod_.size() && (mod_[0] == '0' || mod_[0] == '-')) ) { |
80 | 0 | return y_; |
81 | 0 | } |
82 | 0 | const boost::multiprecision::cpp_int mod(mod_); |
83 | 0 | const boost::multiprecision::cpp_int y(y_); |
84 | 0 | const boost::multiprecision::cpp_int res = (y << cpp_int_num_bits(mod)) % mod; |
85 | 0 | return res.str(); |
86 | 0 | } |
87 | | |
88 | 0 | static std::string from_mont(const std::string& y_, const std::string& mod_) { |
89 | 0 | if ( y_ == "" || (y_.size() && (y_[0] == '0' || y_[0] == '-')) ) { |
90 | 0 | return y_; |
91 | 0 | } |
92 | 0 | if ( mod_ == "" || (mod_.size() && (mod_[0] == '0' || mod_[0] == '-')) ) { |
93 | 0 | return y_; |
94 | 0 | } |
95 | 0 | const boost::multiprecision::cpp_int mod(mod_); |
96 | 0 | const auto num_bits = cpp_int_num_bits(mod); |
97 | 0 | boost::multiprecision::cpp_int reducer = 1; |
98 | 0 | reducer <<= num_bits; |
99 | 0 | const auto multiplier = cpp_int_reciprocal(reducer % mod, mod); |
100 | 0 | const boost::multiprecision::cpp_int y(y_); |
101 | 0 | const boost::multiprecision::cpp_int res = (y * multiplier) % mod; |
102 | 0 | return res.str(); |
103 | 0 | } |
104 | | |
105 | 0 | static std::string mutateBinary(const std::string s) { |
106 | 0 | if ( s.size() && s[0] == '0' ) { |
107 | 0 | return s; |
108 | 0 | } |
109 | 0 | if ( s.size() && s[0] == '-' ) { |
110 | 0 | return s; |
111 | 0 | } |
112 | | |
113 | 0 | const auto i = boost::multiprecision::cpp_int(s); |
114 | |
|
115 | 0 | std::vector<uint8_t> bytes; |
116 | 0 | export_bits(i, std::back_inserter(bytes), 8); |
117 | 0 | auto newsize = LLVMFuzzerMutate(bytes.data(), bytes.size(), bytes.size()); |
118 | | |
119 | | /* Memory sanitizer doesn't like that LLVMFuzzerMutate is called. |
120 | | * If MSAN is enabled, manually unpoison the region returned by |
121 | | * LLVMFuzzerMutate. |
122 | | */ |
123 | 0 | cryptofuzz::util::MemorySanitizerUnpoison(bytes.data(), newsize); |
124 | |
|
125 | 0 | bytes.resize(newsize); |
126 | 0 | if ( newsize ) { |
127 | 0 | newsize = PRNG() % (newsize+1); |
128 | 0 | if ( newsize ) { |
129 | 0 | bytes.resize(newsize); |
130 | 0 | } |
131 | 0 | } |
132 | 0 | boost::multiprecision::cpp_int j; |
133 | 0 | import_bits(j, bytes.begin(), bytes.end()); |
134 | |
|
135 | 0 | return j.str(); |
136 | 0 | } |
137 | | |
138 | 0 | std::optional<std::string> get_op_mod(const uint64_t& operation) { |
139 | 0 | switch ( operation ) { |
140 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp64"): |
141 | 0 | return "18446744073709551616"; |
142 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp128"): |
143 | 0 | return "340282366920938463463374607431768211456"; |
144 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp256"): |
145 | 0 | return "115792089237316195423570985008687907853269984665640564039457584007913129639936"; |
146 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp512"): |
147 | 0 | return "13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084096"; |
148 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_P"): |
149 | 0 | return "4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"; |
150 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_R"): |
151 | 0 | return "52435875175126190479447740508185965837690552500527637822603658699938581184513"; |
152 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_P"): |
153 | 0 | return "21888242871839275222246405745257275088696311157297823662689037894645226208583"; |
154 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_R"): |
155 | 0 | return "21888242871839275222246405745257275088548364400416034343698204186575808495617"; |
156 | 0 | case CF_OPERATION("BignumCalc_Mod_ED25519"): |
157 | 0 | return "57896044618658097711785492504343953926634992332820282019728792003956564819949"; |
158 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_P"): |
159 | 0 | return "6210044120409721004947206240885978274523751269793792001"; |
160 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_R"): |
161 | 0 | return "1552511030102430251236801561344621993261920897571225601"; |
162 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1"): |
163 | 0 | return "115792089237316195423570985008687907852837564279074904382605163141518161494337"; |
164 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1_P"): |
165 | 0 | return "115792089237316195423570985008687907853269984665640564039457584007908834671663"; |
166 | | /* TODO the rest */ |
167 | 0 | default: |
168 | 0 | return std::nullopt; |
169 | 0 | } |
170 | 0 | } |
171 | | |
172 | 0 | static uint64_t PRNG64(void) { |
173 | 0 | return (((uint64_t)PRNG()) << 32) + PRNG(); |
174 | 0 | } |
175 | | |
176 | 0 | static std::vector<size_t> SplitLength(size_t left, const size_t numParts) { |
177 | 0 | std::vector<size_t> lengths; |
178 | 0 | for (size_t i = 0; i < numParts; i++) { |
179 | 0 | const auto cur = PRNG() % (left+1); |
180 | 0 | lengths.push_back(cur); |
181 | 0 | left -= cur; |
182 | 0 | } |
183 | |
|
184 | 0 | std::vector<size_t> lengths_randomized; |
185 | 0 | for (size_t i = 0; i < numParts; i++) { |
186 | 0 | const auto cur = lengths.begin() + PRNG() % (lengths.size()); |
187 | 0 | lengths_randomized.push_back(*cur); |
188 | 0 | lengths.erase(cur); |
189 | 0 | } |
190 | |
|
191 | 0 | return lengths_randomized; |
192 | 0 | } |
193 | | |
194 | 0 | bool getBool(void) { |
195 | 0 | return PRNG() % 2 == 0; |
196 | 0 | } |
197 | | |
198 | 0 | static size_t getDefaultSize(void) { |
199 | 0 | static const std::array defaultSizes = {0, 1, 2, 4, 8, 12, 16, 24, 32, 64}; |
200 | |
|
201 | 0 | return defaultSizes[PRNG() % defaultSizes.size()]; |
202 | 0 | } |
203 | | |
204 | 0 | static std::string getBuffer(size_t size, const bool alternativeSize = false) { |
205 | 0 | static const std::array<std::string, 256> hex = { |
206 | 0 | "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", |
207 | 0 | "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "1a", "1b", "1c", "1d", "1e", "1f", |
208 | 0 | "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "2a", "2b", "2c", "2d", "2e", "2f", |
209 | 0 | "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "3a", "3b", "3c", "3d", "3e", "3f", |
210 | 0 | "40", "41", "42", "43", "44", "45", "46", "47", "48", "49", "4a", "4b", "4c", "4d", "4e", "4f", |
211 | 0 | "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "5a", "5b", "5c", "5d", "5e", "5f", |
212 | 0 | "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "6a", "6b", "6c", "6d", "6e", "6f", |
213 | 0 | "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "7a", "7b", "7c", "7d", "7e", "7f", |
214 | 0 | "80", "81", "82", "83", "84", "85", "86", "87", "88", "89", "8a", "8b", "8c", "8d", "8e", "8f", |
215 | 0 | "90", "91", "92", "93", "94", "95", "96", "97", "98", "99", "9a", "9b", "9c", "9d", "9e", "9f", |
216 | 0 | "a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "aa", "ab", "ac", "ad", "ae", "af", |
217 | 0 | "b0", "b1", "b2", "b3", "b4", "b5", "b6", "b7", "b8", "b9", "ba", "bb", "bc", "bd", "be", "bf", |
218 | 0 | "c0", "c1", "c2", "c3", "c4", "c5", "c6", "c7", "c8", "c9", "ca", "cb", "cc", "cd", "ce", "cf", |
219 | 0 | "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "da", "db", "dc", "dd", "de", "df", |
220 | 0 | "e0", "e1", "e2", "e3", "e4", "e5", "e6", "e7", "e8", "e9", "ea", "eb", "ec", "ed", "ee", "ef", |
221 | 0 | "f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7", "f8", "f9", "fa", "fb", "fc", "fd", "fe", "ff"}; |
222 | |
|
223 | 0 | if ( alternativeSize == true ) { |
224 | 0 | if ( getBool() ) { |
225 | 0 | const auto newSize = getDefaultSize(); |
226 | 0 | if ( newSize < size ) { |
227 | 0 | size = newSize; |
228 | 0 | } |
229 | 0 | } |
230 | 0 | } |
231 | |
|
232 | 0 | std::string ret; |
233 | |
|
234 | 0 | for (size_t i = 0; i < size; i++) { |
235 | 0 | ret += hex[PRNG() % 256]; |
236 | 0 | } |
237 | |
|
238 | 0 | return ret; |
239 | 0 | } |
240 | | |
241 | 0 | static std::vector<uint8_t> getBufferBin(const size_t size) { |
242 | 0 | std::vector<uint8_t> ret(size); |
243 | |
|
244 | 0 | for (size_t i = 0; i < size; i++) { |
245 | 0 | ret[i] = PRNG(); |
246 | 0 | } |
247 | |
|
248 | 0 | return ret; |
249 | 0 | } |
250 | | |
251 | 0 | std::string getBignum(bool mustBePositive = false) { |
252 | 0 | std::string ret; |
253 | |
|
254 | 0 | if ( (PRNG() % 10) == 0 ) { |
255 | 0 | constexpr long sizeMax = cryptofuzz::config::kMaxBignumSize; |
256 | 0 | constexpr long sizeTop = sizeMax * 0.5; |
257 | 0 | constexpr long sizeBottom = sizeMax - sizeTop; |
258 | |
|
259 | 0 | static_assert(sizeBottom > 0); |
260 | 0 | static_assert(sizeBottom + sizeTop <= sizeMax); |
261 | |
|
262 | 0 | const size_t size = (PRNG() % sizeTop) + sizeBottom; |
263 | |
|
264 | 0 | for (size_t i = 0; i < size; i++) { |
265 | 0 | char c = '0' + (PRNG() % 10); |
266 | 0 | if ( i == 0 && c == '0' ) { |
267 | | /* Cannot have leading zeroes */ |
268 | 0 | c = '1'; |
269 | 0 | } |
270 | 0 | ret += c; |
271 | 0 | } |
272 | 0 | } else { |
273 | 0 | if ( getBool() ) { |
274 | 0 | ret = Pool_Bignum.Get(); |
275 | 0 | } else { |
276 | 0 | ret = cryptofuzz::numbers.at(PRNG() % cryptofuzz::numbers.size()); |
277 | 0 | } |
278 | 0 | } |
279 | |
|
280 | 0 | const bool isNegative = !ret.empty() && ret[0] == '-'; |
281 | 0 | if ( cryptofuzz::config::kNegativeIntegers == false ) { |
282 | 0 | mustBePositive = true; |
283 | 0 | } |
284 | |
|
285 | 0 | if ( isNegative && mustBePositive ) { |
286 | 0 | ret = std::string(ret.data() + 1, ret.size() - 1); |
287 | 0 | } |
288 | |
|
289 | 0 | if ( !mustBePositive && !isNegative && getBool() ) { |
290 | 0 | ret = "-" + ret; |
291 | 0 | } |
292 | |
|
293 | 0 | return ret; |
294 | 0 | } |
295 | | |
296 | 0 | std::string getPrime(void) { |
297 | 0 | return Pool_Bignum_Primes.Get(); |
298 | 0 | } |
299 | | |
300 | 0 | uint64_t hint_ecc_mont(const uint64_t& curveType) { |
301 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(curveType); |
302 | |
|
303 | 0 | if ( order != std::nullopt ) { |
304 | 0 | const auto v = from_mont(mutateBinary(getBignum()), *order); |
305 | |
|
306 | 0 | Pool_Bignum.Set(v); |
307 | 0 | } |
308 | |
|
309 | 0 | return curveType; |
310 | 0 | } |
311 | | |
312 | | #if 0 |
313 | | std::string to_mont(const std::string& y_) { |
314 | | static const boost::multiprecision::cpp_int mod("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"); |
315 | | const boost::multiprecision::cpp_int y(y_); |
316 | | const boost::multiprecision::cpp_int res = (y << 384) % mod; |
317 | | return res.str(); |
318 | | } |
319 | | std::string from_mont(const std::string& y_) { |
320 | | static const boost::multiprecision::cpp_int multiplier("3231460744492646417066832100176244795738767926513225105051837195607029917124509527734802654356338138714468589979680"); |
321 | | static const boost::multiprecision::cpp_int mod("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"); |
322 | | const boost::multiprecision::cpp_int y(y_); |
323 | | const boost::multiprecision::cpp_int res = (y * multiplier) % mod; |
324 | | return res.str(); |
325 | | } |
326 | | #endif |
327 | | |
328 | | extern cryptofuzz::Options* cryptofuzz_options; |
329 | | |
330 | 0 | static uint64_t getRandomCipher(void) { |
331 | 0 | if ( !cryptofuzz_options->ciphers.Empty() ) { |
332 | 0 | return cryptofuzz_options->ciphers.At(PRNG()); |
333 | 0 | } else { |
334 | 0 | return CipherLUT[ PRNG() % (sizeof(CipherLUT) / sizeof(CipherLUT[0])) ].id; |
335 | 0 | } |
336 | 0 | } |
337 | | |
338 | 0 | static uint64_t getRandomDigest(void) { |
339 | 0 | if ( !cryptofuzz_options->digests.Empty() ) { |
340 | 0 | return cryptofuzz_options->digests.At(PRNG()); |
341 | 0 | } else { |
342 | 0 | return DigestLUT[ PRNG() % (sizeof(DigestLUT) / sizeof(DigestLUT[0])) ].id; |
343 | 0 | } |
344 | 0 | } |
345 | | |
346 | 0 | static uint64_t getRandomCurve(void) { |
347 | 0 | if ( !cryptofuzz_options->curves.Empty() ) { |
348 | 0 | return cryptofuzz_options->curves.At(PRNG()); |
349 | 0 | } else { |
350 | 0 | return ECC_CurveLUT[ PRNG() % (sizeof(ECC_CurveLUT) / sizeof(ECC_CurveLUT[0])) ].id; |
351 | 0 | } |
352 | 0 | } |
353 | | |
354 | 0 | static uint64_t getRandomCalcOp(void) { |
355 | 0 | if ( !cryptofuzz_options->calcOps.Empty() ) { |
356 | 0 | return cryptofuzz_options->calcOps.At(PRNG()); |
357 | 0 | } else { |
358 | 0 | return CalcOpLUT[ PRNG() % (sizeof(CalcOpLUT) / sizeof(CalcOpLUT[0])) ].id; |
359 | 0 | } |
360 | 0 | } |
361 | | |
362 | 0 | static std::string get_BLS_PyECC_DST(void) { |
363 | 0 | return "424c535f5349475f424c53313233383147325f584d443a5348412d3235365f535357555f524f5f504f505f"; |
364 | 0 | } |
365 | | |
366 | 0 | static std::string get_BLS_BasicScheme_DST(void) { |
367 | 0 | return "424c535f5349475f424c53313233383147325f584d443a5348412d3235365f535357555f524f5f4e554c5f"; |
368 | 0 | } |
369 | | |
370 | 0 | static std::string get_BLS_predefined_DST(void) { |
371 | 0 | return getBool() ? get_BLS_PyECC_DST() : get_BLS_BasicScheme_DST(); |
372 | 0 | } |
373 | | |
374 | 0 | static void generateECCPoint(void) { |
375 | 0 | if ( (PRNG() % 100) != 0 ) { |
376 | 0 | return; |
377 | 0 | } |
378 | | |
379 | 0 | const auto curveID = getRandomCurve(); |
380 | |
|
381 | 0 | const auto a = cryptofuzz::repository::ECC_CurveToA(curveID); |
382 | 0 | if ( a == std::nullopt ) { |
383 | 0 | return; |
384 | 0 | } |
385 | | |
386 | 0 | const auto b = cryptofuzz::repository::ECC_CurveToB(curveID); |
387 | 0 | if ( b == std::nullopt ) { |
388 | 0 | return; |
389 | 0 | } |
390 | | |
391 | 0 | const auto p = cryptofuzz::repository::ECC_CurveToPrime(curveID); |
392 | 0 | if ( p == std::nullopt ) { |
393 | 0 | return; |
394 | 0 | } |
395 | | |
396 | 0 | const auto o = cryptofuzz::repository::ECC_CurveToPrime(curveID); |
397 | 0 | if ( o == std::nullopt ) { |
398 | 0 | return; |
399 | 0 | } |
400 | | |
401 | 0 | const auto x = getBignum(true); |
402 | |
|
403 | 0 | const auto y = cryptofuzz::util::Find_ECC_Y(x, *a, *b, *p, *o, getBool()); |
404 | |
|
405 | 0 | if ( curveID == CF_ECC_CURVE("BLS12_381") ) { |
406 | 0 | Pool_CurveBLSG1.Set({ curveID, x, y }); |
407 | 0 | } else { |
408 | 0 | Pool_CurveECC_Point.Set({ curveID, x, y }); |
409 | 0 | } |
410 | 0 | } |
411 | | |
412 | 0 | extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, size_t maxSize, unsigned int seed) { |
413 | 0 | (void)seed; |
414 | 0 | std::vector<uint8_t> modifier; |
415 | 0 | bool reuseModifier; |
416 | |
|
417 | 0 | if ( maxSize < 64 || getBool() ) { |
418 | 0 | goto end; |
419 | 0 | } |
420 | | |
421 | 0 | reuseModifier = getBool(); |
422 | |
|
423 | 0 | if ( reuseModifier == true ) { |
424 | 0 | cryptofuzz::util::MemorySanitizerUnpoison(data, size); |
425 | | |
426 | | /* Try to extract modifier from input */ |
427 | 0 | try { |
428 | 0 | fuzzing::datasource::Datasource ds(data, size); |
429 | 0 | /* ignore result */ ds.Get<uint64_t>(); |
430 | 0 | /* ignore result */ ds.GetData(0, 1); |
431 | 0 | modifier = ds.GetData(0); |
432 | 0 | } catch ( fuzzing::datasource::Datasource::OutOfData ) { } |
433 | 0 | } |
434 | |
|
435 | 0 | { |
436 | 0 | uint64_t operation; |
437 | |
|
438 | 0 | if ( !cryptofuzz_options->operations.Empty() ) { |
439 | 0 | operation = cryptofuzz_options->operations.At(PRNG()); |
440 | 0 | } else { |
441 | 0 | operation = OperationLUT[ PRNG() % (sizeof(OperationLUT) / sizeof(OperationLUT[0])) ].id; |
442 | 0 | } |
443 | |
|
444 | 0 | fuzzing::datasource::Datasource dsOut2(nullptr, 0); |
445 | |
|
446 | 0 | nlohmann::json parameters; |
447 | |
|
448 | 0 | #define GET_OR_BIGNUM(x) getBool() ? (x) : getBignum(); |
449 | 0 | switch ( operation ) { |
450 | 0 | case CF_OPERATION("Digest"): |
451 | 0 | { |
452 | 0 | parameters["modifier"] = ""; |
453 | 0 | parameters["cleartext"] = getBuffer(PRNG64() % maxSize); |
454 | 0 | parameters["digestType"] = getRandomDigest(); |
455 | |
|
456 | 0 | cryptofuzz::operation::Digest op(parameters); |
457 | 0 | op.Serialize(dsOut2); |
458 | 0 | } |
459 | 0 | break; |
460 | 0 | case CF_OPERATION("HMAC"): |
461 | 0 | { |
462 | 0 | size_t numParts = 0; |
463 | |
|
464 | 0 | numParts++; /* modifier */ |
465 | 0 | numParts++; /* cleartext */ |
466 | 0 | numParts++; /* iv */ |
467 | 0 | numParts++; /* key */ |
468 | |
|
469 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
470 | |
|
471 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
472 | 0 | parameters["cleartext"] = getBuffer(lengths[1]); |
473 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
474 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
475 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
476 | 0 | parameters["digestType"] = getRandomDigest(); |
477 | |
|
478 | 0 | cryptofuzz::operation::HMAC op(parameters); |
479 | 0 | op.Serialize(dsOut2); |
480 | 0 | } |
481 | 0 | break; |
482 | 0 | case CF_OPERATION("UMAC"): |
483 | 0 | { |
484 | 0 | parameters["modifier"] = ""; |
485 | 0 | parameters["cleartext"] = getBuffer(PRNG64() % maxSize); |
486 | 0 | parameters["key"] = getBuffer(16); |
487 | 0 | parameters["iv"] = getBuffer(PRNG() % 17); |
488 | 0 | parameters["type"] = PRNG() % 4; |
489 | 0 | parameters["outSize"] = PRNG() % 1024; |
490 | |
|
491 | 0 | cryptofuzz::operation::UMAC op(parameters); |
492 | 0 | op.Serialize(dsOut2); |
493 | 0 | } |
494 | 0 | break; |
495 | 0 | case CF_OPERATION("CMAC"): |
496 | 0 | { |
497 | 0 | size_t numParts = 0; |
498 | |
|
499 | 0 | numParts++; /* modifier */ |
500 | 0 | numParts++; /* cleartext */ |
501 | 0 | numParts++; /* iv */ |
502 | 0 | numParts++; /* key */ |
503 | |
|
504 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
505 | |
|
506 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
507 | 0 | parameters["cleartext"] = getBuffer(lengths[1]); |
508 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
509 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
510 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
511 | |
|
512 | 0 | cryptofuzz::operation::CMAC op(parameters); |
513 | 0 | op.Serialize(dsOut2); |
514 | 0 | } |
515 | 0 | break; |
516 | 0 | case CF_OPERATION("SymmetricEncrypt"): |
517 | 0 | { |
518 | 0 | const bool aad_enabled = PRNG() % 2; |
519 | 0 | const bool tagSize_enabled = PRNG() % 2; |
520 | 0 | size_t numParts = 0; |
521 | |
|
522 | 0 | numParts++; /* modifier */ |
523 | 0 | numParts++; /* cleartext */ |
524 | 0 | numParts++; /* iv */ |
525 | 0 | numParts++; /* key */ |
526 | |
|
527 | 0 | if ( aad_enabled ) { |
528 | 0 | numParts++; /* aad */ |
529 | 0 | } |
530 | |
|
531 | 0 | auto lengths = SplitLength(maxSize - 64, numParts); |
532 | |
|
533 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
534 | 0 | if ( getBool() ) { |
535 | 0 | if ( 16 < lengths[1] ) { |
536 | 0 | lengths[1] = 16; |
537 | 0 | } |
538 | 0 | } |
539 | 0 | parameters["cleartext"] = getBuffer(lengths[1]); |
540 | |
|
541 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
542 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
543 | |
|
544 | 0 | if ( aad_enabled ) { |
545 | 0 | parameters["aad_enabled"] = true; |
546 | 0 | if ( getBool() ) { |
547 | 0 | lengths[4] = 0; |
548 | 0 | } |
549 | 0 | parameters["aad"] = getBuffer(lengths[4]); |
550 | 0 | } else { |
551 | 0 | parameters["aad_enabled"] = false; |
552 | 0 | } |
553 | |
|
554 | 0 | if ( tagSize_enabled ) { |
555 | 0 | parameters["tagSize_enabled"] = true; |
556 | 0 | if ( getBool() ) { |
557 | 0 | parameters["tagSize"] = getDefaultSize(); |
558 | 0 | } else { |
559 | 0 | parameters["tagSize"] = PRNG() % 102400; |
560 | 0 | } |
561 | 0 | } else { |
562 | 0 | parameters["tagSize_enabled"] = false; |
563 | 0 | } |
564 | |
|
565 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
566 | 0 | parameters["ciphertextSize"] = PRNG() % (lengths[1] + 9); |
567 | |
|
568 | 0 | cryptofuzz::operation::SymmetricEncrypt op(parameters); |
569 | 0 | op.Serialize(dsOut2); |
570 | 0 | } |
571 | 0 | break; |
572 | 0 | case CF_OPERATION("SymmetricDecrypt"): |
573 | 0 | { |
574 | 0 | const bool aad_enabled = PRNG() % 2; |
575 | 0 | const bool tag_enabled = PRNG() % 2; |
576 | 0 | size_t numParts = 0; |
577 | |
|
578 | 0 | numParts++; /* modifier */ |
579 | 0 | numParts++; /* cleartext */ |
580 | 0 | numParts++; /* iv */ |
581 | 0 | numParts++; /* key */ |
582 | |
|
583 | 0 | if ( aad_enabled ) { |
584 | 0 | numParts++; /* aad */ |
585 | 0 | } |
586 | 0 | if ( tag_enabled ) { |
587 | 0 | numParts++; /* tag */ |
588 | 0 | } |
589 | |
|
590 | 0 | auto lengths = SplitLength(maxSize - 64, numParts); |
591 | |
|
592 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
593 | 0 | if ( getBool() ) { |
594 | 0 | if ( 16 < lengths[1] ) { |
595 | 0 | lengths[1] = 16; |
596 | 0 | } |
597 | 0 | } |
598 | 0 | parameters["ciphertext"] = getBuffer(lengths[1]); |
599 | |
|
600 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
601 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
602 | |
|
603 | 0 | if ( aad_enabled ) { |
604 | 0 | parameters["aad_enabled"] = true; |
605 | 0 | if ( getBool() ) { |
606 | 0 | lengths[4] = 0; |
607 | 0 | } |
608 | 0 | parameters["aad"] = getBuffer(lengths[4]); |
609 | 0 | } else { |
610 | 0 | parameters["aad_enabled"] = false; |
611 | 0 | } |
612 | |
|
613 | 0 | if ( tag_enabled ) { |
614 | 0 | parameters["tag_enabled"] = true; |
615 | 0 | parameters["tag"] = getBuffer(lengths[aad_enabled ? 5 : 4], true); |
616 | 0 | } else { |
617 | 0 | parameters["tag_enabled"] = false; |
618 | 0 | } |
619 | |
|
620 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
621 | 0 | parameters["cleartextSize"] = PRNG() % (lengths[1] + 9); |
622 | |
|
623 | 0 | cryptofuzz::operation::SymmetricDecrypt op(parameters); |
624 | 0 | op.Serialize(dsOut2); |
625 | 0 | } |
626 | 0 | break; |
627 | 0 | case CF_OPERATION("BignumCalc"): |
628 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_R"): |
629 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_P"): |
630 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_R"): |
631 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_P"): |
632 | 0 | case CF_OPERATION("BignumCalc_Mod_ED25519"): |
633 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_R"): |
634 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_P"): |
635 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT4_R"): |
636 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT4_P"): |
637 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT6_R"): |
638 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT6_P"): |
639 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp64"): |
640 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp128"): |
641 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp256"): |
642 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp512"): |
643 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1"): |
644 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1_P"): |
645 | 0 | { |
646 | 0 | parameters["modifier"] = ""; |
647 | |
|
648 | 0 | const auto calcop = getRandomCalcOp(); |
649 | 0 | parameters["calcOp"] = calcop; |
650 | |
|
651 | 0 | auto bn1 = getBignum(); |
652 | 0 | const auto bn2 = getBignum(); |
653 | 0 | const auto bn3 = getBignum(); |
654 | |
|
655 | 0 | if ( calcop == CF_CALCOP("InvMod(A,B)") || calcop == CF_CALCOP("ExpMod(A,B,C)") ) { |
656 | 0 | std::optional<std::string> mod = get_op_mod(operation); |
657 | |
|
658 | 0 | if ( mod == std::nullopt ) { |
659 | 0 | if ( calcop == CF_CALCOP("InvMod(A,B)") ) { |
660 | 0 | mod = bn2; |
661 | 0 | } else if ( CF_CALCOP("ExpMod(A,B,C)") ) { |
662 | 0 | mod = bn3; |
663 | 0 | } else { |
664 | 0 | abort(); |
665 | 0 | } |
666 | 0 | } |
667 | | |
668 | 0 | const auto mont = from_mont(mutateBinary(getBignum()), *mod); |
669 | 0 | Pool_Bignum.Set(mont); |
670 | |
|
671 | 0 | if ( getBool() ) { |
672 | 0 | bn1 = mont; |
673 | 0 | } |
674 | 0 | } |
675 | | |
676 | 0 | parameters["bn1"] = bn1; |
677 | 0 | parameters["bn2"] = bn2; |
678 | 0 | parameters["bn3"] = bn3; |
679 | 0 | parameters["bn4"] = ""; |
680 | |
|
681 | 0 | if ( calcop == CF_CALCOP("ExpMod(A,B,C)") && operation == CF_OPERATION("BignumCalc") ) { |
682 | 0 | if ( PRNG() % 100 == 0 ) { |
683 | 0 | const auto p = cryptofuzz::mutator::ExpModGenerator::generate_exp_mod(getBignum(true)); |
684 | |
|
685 | 0 | if ( p != std::nullopt ) { |
686 | 0 | parameters = *p; |
687 | 0 | } |
688 | 0 | } |
689 | 0 | } |
690 | | #if defined(CRYPTOFUZZ_HAVE_Z3) |
691 | | else if ( (PRNG() % 1000) == 0 ) { |
692 | | const auto p = cryptofuzz::Z3::Generate(calcop); |
693 | | if ( p != std::nullopt ) { |
694 | | parameters = *p; |
695 | | } |
696 | | } |
697 | | #endif |
698 | 0 | cryptofuzz::operation::BignumCalc op(parameters); |
699 | 0 | op.Serialize(dsOut2); |
700 | 0 | } |
701 | 0 | break; |
702 | 0 | case CF_OPERATION("BignumCalc_Fp2"): |
703 | 0 | { |
704 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
705 | 0 | parameters["calcOp"] = getRandomCalcOp(); |
706 | 0 | parameters["bn1"][0] = getBignum(); |
707 | 0 | parameters["bn1"][1] = getBignum(); |
708 | 0 | parameters["bn2"][0] = getBignum(); |
709 | 0 | parameters["bn2"][1] = getBignum(); |
710 | 0 | parameters["bn3"][0] = ""; |
711 | 0 | parameters["bn3"][1] = ""; |
712 | 0 | parameters["bn4"][0] = ""; |
713 | 0 | parameters["bn4"][1] = ""; |
714 | |
|
715 | 0 | cryptofuzz::operation::BignumCalc_Fp2 op(parameters); |
716 | 0 | op.Serialize(dsOut2); |
717 | 0 | } |
718 | 0 | break; |
719 | | |
720 | 0 | case CF_OPERATION("BignumCalc_Fp12"): |
721 | 0 | { |
722 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
723 | 0 | parameters["calcOp"] = getRandomCalcOp(); |
724 | |
|
725 | 0 | if ( Pool_Fp12.Have() && getBool() == true ) { |
726 | 0 | const auto Fp12 = Pool_Fp12.Get(); |
727 | | #if 0 |
728 | | parameters["bn1"][0] = GET_OR_BIGNUM(Fp12.bn1); |
729 | | parameters["bn1"][1] = GET_OR_BIGNUM(Fp12.bn2); |
730 | | parameters["bn1"][2] = GET_OR_BIGNUM(Fp12.bn3); |
731 | | parameters["bn1"][3] = GET_OR_BIGNUM(Fp12.bn4); |
732 | | parameters["bn1"][4] = GET_OR_BIGNUM(Fp12.bn5); |
733 | | parameters["bn1"][5] = GET_OR_BIGNUM(Fp12.bn6); |
734 | | parameters["bn1"][6] = GET_OR_BIGNUM(Fp12.bn7); |
735 | | parameters["bn1"][7] = GET_OR_BIGNUM(Fp12.bn8); |
736 | | parameters["bn1"][8] = GET_OR_BIGNUM(Fp12.bn9); |
737 | | parameters["bn1"][9] = GET_OR_BIGNUM(Fp12.bn10); |
738 | | parameters["bn1"][10] = GET_OR_BIGNUM(Fp12.bn11); |
739 | | parameters["bn1"][11] = GET_OR_BIGNUM(Fp12.bn12); |
740 | | #endif |
741 | 0 | parameters["bn1"][0] = Fp12.bn1; |
742 | 0 | parameters["bn1"][1] = Fp12.bn2; |
743 | 0 | parameters["bn1"][2] = Fp12.bn3; |
744 | 0 | parameters["bn1"][3] = Fp12.bn4; |
745 | 0 | parameters["bn1"][4] = Fp12.bn5; |
746 | 0 | parameters["bn1"][5] = Fp12.bn6; |
747 | 0 | parameters["bn1"][6] = Fp12.bn7; |
748 | 0 | parameters["bn1"][7] = Fp12.bn8; |
749 | 0 | parameters["bn1"][8] = Fp12.bn9; |
750 | 0 | parameters["bn1"][9] = Fp12.bn10; |
751 | 0 | parameters["bn1"][10] = Fp12.bn11; |
752 | 0 | parameters["bn1"][11] = Fp12.bn12; |
753 | 0 | } else { |
754 | 0 | parameters["bn1"][0] = getBignum(); |
755 | 0 | parameters["bn1"][1] = getBignum(); |
756 | 0 | parameters["bn1"][2] = getBignum(); |
757 | 0 | parameters["bn1"][3] = getBignum(); |
758 | 0 | parameters["bn1"][4] = getBignum(); |
759 | 0 | parameters["bn1"][5] = getBignum(); |
760 | 0 | parameters["bn1"][6] = getBignum(); |
761 | 0 | parameters["bn1"][7] = getBignum(); |
762 | 0 | parameters["bn1"][8] = getBignum(); |
763 | 0 | parameters["bn1"][9] = getBignum(); |
764 | 0 | parameters["bn1"][10] = getBignum(); |
765 | 0 | parameters["bn1"][11] = getBignum(); |
766 | |
|
767 | 0 | parameters["bn2"][0] = getBignum(); |
768 | 0 | parameters["bn2"][1] = getBignum(); |
769 | 0 | parameters["bn2"][2] = getBignum(); |
770 | 0 | parameters["bn2"][3] = getBignum(); |
771 | 0 | parameters["bn2"][4] = getBignum(); |
772 | 0 | parameters["bn2"][5] = getBignum(); |
773 | 0 | parameters["bn2"][6] = getBignum(); |
774 | 0 | parameters["bn2"][7] = getBignum(); |
775 | 0 | parameters["bn2"][8] = getBignum(); |
776 | 0 | parameters["bn2"][9] = getBignum(); |
777 | 0 | parameters["bn2"][10] = getBignum(); |
778 | 0 | parameters["bn2"][11] = getBignum(); |
779 | 0 | } |
780 | |
|
781 | 0 | if ( Pool_Fp12.Have() && getBool() == true ) { |
782 | 0 | const auto Fp12 = Pool_Fp12.Get(); |
783 | | #if 0 |
784 | | parameters["bn2"][0] = GET_OR_BIGNUM(Fp12.bn1); |
785 | | parameters["bn2"][1] = GET_OR_BIGNUM(Fp12.bn2); |
786 | | parameters["bn2"][2] = GET_OR_BIGNUM(Fp12.bn3); |
787 | | parameters["bn2"][3] = GET_OR_BIGNUM(Fp12.bn4); |
788 | | parameters["bn2"][4] = GET_OR_BIGNUM(Fp12.bn5); |
789 | | parameters["bn2"][5] = GET_OR_BIGNUM(Fp12.bn6); |
790 | | parameters["bn2"][6] = GET_OR_BIGNUM(Fp12.bn7); |
791 | | parameters["bn2"][7] = GET_OR_BIGNUM(Fp12.bn8); |
792 | | parameters["bn2"][8] = GET_OR_BIGNUM(Fp12.bn9); |
793 | | parameters["bn2"][9] = GET_OR_BIGNUM(Fp12.bn10); |
794 | | parameters["bn2"][10] = GET_OR_BIGNUM(Fp12.bn11); |
795 | | parameters["bn2"][11] = GET_OR_BIGNUM(Fp12.bn12); |
796 | | #endif |
797 | 0 | parameters["bn2"][0] = Fp12.bn1; |
798 | 0 | parameters["bn2"][1] = Fp12.bn2; |
799 | 0 | parameters["bn2"][2] = Fp12.bn3; |
800 | 0 | parameters["bn2"][3] = Fp12.bn4; |
801 | 0 | parameters["bn2"][4] = Fp12.bn5; |
802 | 0 | parameters["bn2"][5] = Fp12.bn6; |
803 | 0 | parameters["bn2"][6] = Fp12.bn7; |
804 | 0 | parameters["bn2"][7] = Fp12.bn8; |
805 | 0 | parameters["bn2"][8] = Fp12.bn9; |
806 | 0 | parameters["bn2"][9] = Fp12.bn10; |
807 | 0 | parameters["bn2"][10] = Fp12.bn11; |
808 | 0 | parameters["bn2"][11] = Fp12.bn12; |
809 | 0 | } else { |
810 | 0 | parameters["bn2"][0] = getBignum(); |
811 | 0 | parameters["bn2"][1] = getBignum(); |
812 | 0 | parameters["bn2"][2] = getBignum(); |
813 | 0 | parameters["bn2"][3] = getBignum(); |
814 | 0 | parameters["bn2"][4] = getBignum(); |
815 | 0 | parameters["bn2"][5] = getBignum(); |
816 | 0 | parameters["bn2"][6] = getBignum(); |
817 | 0 | parameters["bn2"][7] = getBignum(); |
818 | 0 | parameters["bn2"][8] = getBignum(); |
819 | 0 | parameters["bn2"][9] = getBignum(); |
820 | 0 | parameters["bn2"][10] = getBignum(); |
821 | 0 | parameters["bn2"][11] = getBignum(); |
822 | 0 | } |
823 | |
|
824 | 0 | parameters["bn3"][0] = ""; |
825 | 0 | parameters["bn3"][1] = ""; |
826 | 0 | parameters["bn3"][2] = ""; |
827 | 0 | parameters["bn3"][3] = ""; |
828 | 0 | parameters["bn3"][4] = ""; |
829 | 0 | parameters["bn3"][5] = ""; |
830 | 0 | parameters["bn3"][6] = ""; |
831 | 0 | parameters["bn3"][7] = ""; |
832 | 0 | parameters["bn3"][8] = ""; |
833 | 0 | parameters["bn3"][9] = ""; |
834 | 0 | parameters["bn3"][10] = ""; |
835 | 0 | parameters["bn3"][11] = ""; |
836 | |
|
837 | 0 | parameters["bn4"][0] = ""; |
838 | 0 | parameters["bn4"][1] = ""; |
839 | 0 | parameters["bn4"][2] = ""; |
840 | 0 | parameters["bn4"][3] = ""; |
841 | 0 | parameters["bn4"][4] = ""; |
842 | 0 | parameters["bn4"][5] = ""; |
843 | 0 | parameters["bn4"][6] = ""; |
844 | 0 | parameters["bn4"][7] = ""; |
845 | 0 | parameters["bn4"][8] = ""; |
846 | 0 | parameters["bn4"][9] = ""; |
847 | 0 | parameters["bn4"][10] = ""; |
848 | 0 | parameters["bn4"][11] = ""; |
849 | 0 | cryptofuzz::operation::BignumCalc_Fp12 op(parameters); |
850 | 0 | op.Serialize(dsOut2); |
851 | 0 | } |
852 | 0 | break; |
853 | 0 | case CF_OPERATION("ECC_PrivateToPublic"): |
854 | 0 | { |
855 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
856 | |
|
857 | 0 | if ( Pool_CurvePrivkey.Have() && getBool() == true ) { |
858 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
859 | |
|
860 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
861 | 0 | parameters["priv"] = P1.priv; |
862 | 0 | } else { |
863 | 0 | const auto curveID = getRandomCurve(); |
864 | 0 | parameters["curveType"] = hint_ecc_mont(curveID); |
865 | |
|
866 | 0 | if ( getBool() ) { |
867 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(curveID); |
868 | 0 | if ( order != std::nullopt ) { |
869 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
870 | 0 | parameters["priv"] = boost::lexical_cast<std::string>(o-1); |
871 | 0 | } else { |
872 | 0 | parameters["priv"] = getBignum(); |
873 | 0 | } |
874 | 0 | } else { |
875 | 0 | parameters["priv"] = getBignum(); |
876 | 0 | } |
877 | |
|
878 | 0 | } |
879 | |
|
880 | 0 | cryptofuzz::operation::ECC_PrivateToPublic op(parameters); |
881 | 0 | op.Serialize(dsOut2); |
882 | 0 | } |
883 | 0 | break; |
884 | 0 | case CF_OPERATION("ECC_ValidatePubkey"): |
885 | 0 | { |
886 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
887 | |
|
888 | 0 | if ( getBool() && Pool_CurveKeypair.Have() ) { |
889 | 0 | const auto P = Pool_CurveKeypair.Get(); |
890 | |
|
891 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
892 | |
|
893 | 0 | parameters["pub_x"] = getBool() ? getBignum() : P.pub_x; |
894 | 0 | parameters["pub_y"] = getBool() ? getBignum() : P.pub_y; |
895 | 0 | } else if ( getBool() && Pool_CurveECC_Point.Have() == true ) { |
896 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
897 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
898 | |
|
899 | 0 | parameters["pub_x"] = getBool() ? getBignum() : P.x; |
900 | 0 | parameters["pub_y"] = getBool() ? getBignum() : P.y; |
901 | 0 | } else { |
902 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
903 | 0 | parameters["pub_x"] = getBignum(); |
904 | 0 | parameters["pub_y"] = getBignum(); |
905 | 0 | } |
906 | |
|
907 | 0 | cryptofuzz::operation::ECC_ValidatePubkey op(parameters); |
908 | 0 | op.Serialize(dsOut2); |
909 | |
|
910 | 0 | generateECCPoint(); |
911 | 0 | } |
912 | 0 | break; |
913 | 0 | case CF_OPERATION("ECDH_Derive"): |
914 | 0 | { |
915 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
916 | |
|
917 | 0 | if ( Pool_CurvePrivkey.Have() && getBool() == true ) { |
918 | 0 | const auto P1 = Pool_CurveKeypair.Get(); |
919 | 0 | const auto P2 = Pool_CurveKeypair.Get(); |
920 | |
|
921 | 0 | CF_CHECK_EQ(P1.curveID, P2.curveID); |
922 | |
|
923 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
924 | |
|
925 | 0 | parameters["priv"] = P1.privkey; |
926 | |
|
927 | 0 | parameters["pub_x"] = P1.pub_x; |
928 | 0 | parameters["pub_y"] = P1.pub_y; |
929 | 0 | } else { |
930 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
931 | |
|
932 | 0 | parameters["priv"] = getBignum(); |
933 | |
|
934 | 0 | parameters["pub_x"] = getBignum(); |
935 | 0 | parameters["pub_y"] = getBignum(); |
936 | 0 | } |
937 | | |
938 | 0 | cryptofuzz::operation::ECDH_Derive op(parameters); |
939 | 0 | op.Serialize(dsOut2); |
940 | 0 | } |
941 | 0 | break; |
942 | 0 | case CF_OPERATION("ECDSA_Sign"): |
943 | 0 | { |
944 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
945 | |
|
946 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
947 | |
|
948 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
949 | 0 | parameters["priv"] = P1.priv; |
950 | 0 | parameters["nonce"] = getBignum(); |
951 | |
|
952 | 0 | if ( getBool() ) { |
953 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
954 | 0 | } else { |
955 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
956 | 0 | } |
957 | 0 | parameters["nonceSource"] = PRNG() % 3; |
958 | 0 | parameters["digestType"] = getRandomDigest(); |
959 | |
|
960 | 0 | cryptofuzz::operation::ECDSA_Sign op(parameters); |
961 | 0 | op.Serialize(dsOut2); |
962 | 0 | } |
963 | 0 | break; |
964 | 0 | case CF_OPERATION("ECGDSA_Sign"): |
965 | 0 | { |
966 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
967 | |
|
968 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
969 | |
|
970 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
971 | 0 | parameters["priv"] = P1.priv; |
972 | 0 | parameters["nonce"] = getBignum(); |
973 | |
|
974 | 0 | if ( getBool() ) { |
975 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
976 | 0 | } else { |
977 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
978 | 0 | } |
979 | 0 | parameters["nonceSource"] = PRNG() % 3; |
980 | 0 | parameters["digestType"] = getRandomDigest(); |
981 | |
|
982 | 0 | cryptofuzz::operation::ECGDSA_Sign op(parameters); |
983 | 0 | op.Serialize(dsOut2); |
984 | 0 | } |
985 | 0 | break; |
986 | 0 | case CF_OPERATION("ECRDSA_Sign"): |
987 | 0 | { |
988 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
989 | |
|
990 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
991 | |
|
992 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
993 | 0 | parameters["priv"] = P1.priv; |
994 | 0 | parameters["nonce"] = getBignum(); |
995 | |
|
996 | 0 | if ( getBool() ) { |
997 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
998 | 0 | } else { |
999 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1000 | 0 | } |
1001 | 0 | parameters["nonceSource"] = PRNG() % 3; |
1002 | 0 | parameters["digestType"] = getRandomDigest(); |
1003 | |
|
1004 | 0 | cryptofuzz::operation::ECRDSA_Sign op(parameters); |
1005 | 0 | op.Serialize(dsOut2); |
1006 | 0 | } |
1007 | 0 | break; |
1008 | 0 | case CF_OPERATION("Schnorr_Sign"): |
1009 | 0 | { |
1010 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1011 | |
|
1012 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
1013 | |
|
1014 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
1015 | 0 | parameters["priv"] = P1.priv; |
1016 | 0 | parameters["nonce"] = getBignum(); |
1017 | |
|
1018 | 0 | if ( getBool() ) { |
1019 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1020 | 0 | } else { |
1021 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1022 | 0 | } |
1023 | 0 | parameters["nonceSource"] = PRNG() % 3; |
1024 | 0 | parameters["digestType"] = getRandomDigest(); |
1025 | |
|
1026 | 0 | cryptofuzz::operation::Schnorr_Sign op(parameters); |
1027 | 0 | op.Serialize(dsOut2); |
1028 | 0 | } |
1029 | 0 | break; |
1030 | 0 | case CF_OPERATION("ECDSA_Verify"): |
1031 | 0 | { |
1032 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1033 | |
|
1034 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1035 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1036 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1037 | |
|
1038 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1039 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1040 | |
|
1041 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1042 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1043 | |
|
1044 | 0 | if ( getBool() ) { |
1045 | | /* Test ECDSA signature malleability */ |
1046 | |
|
1047 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1048 | 0 | if ( order != std::nullopt ) { |
1049 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1050 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1051 | 0 | if ( o > s ) { |
1052 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1053 | 0 | } |
1054 | 0 | } |
1055 | 0 | } |
1056 | |
|
1057 | 0 | parameters["signature"]["signature"][1] = sigS; |
1058 | 0 | parameters["cleartext"] = P.cleartext; |
1059 | 0 | } else { |
1060 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1061 | |
|
1062 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1063 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1064 | |
|
1065 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1066 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1067 | |
|
1068 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1069 | 0 | } |
1070 | |
|
1071 | 0 | parameters["digestType"] = getRandomDigest(); |
1072 | |
|
1073 | 0 | cryptofuzz::operation::ECDSA_Verify op(parameters); |
1074 | 0 | op.Serialize(dsOut2); |
1075 | 0 | } |
1076 | 0 | break; |
1077 | 0 | case CF_OPERATION("ECGDSA_Verify"): |
1078 | 0 | { |
1079 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1080 | |
|
1081 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1082 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1083 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1084 | |
|
1085 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1086 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1087 | |
|
1088 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1089 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1090 | |
|
1091 | 0 | if ( getBool() ) { |
1092 | | /* Test ECGDSA signature malleability */ |
1093 | |
|
1094 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1095 | 0 | if ( order != std::nullopt ) { |
1096 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1097 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1098 | 0 | if ( o > s ) { |
1099 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1100 | 0 | } |
1101 | 0 | } |
1102 | 0 | } |
1103 | |
|
1104 | 0 | parameters["signature"]["signature"][1] = sigS; |
1105 | 0 | parameters["cleartext"] = P.cleartext; |
1106 | 0 | } else { |
1107 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1108 | |
|
1109 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1110 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1111 | |
|
1112 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1113 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1114 | |
|
1115 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1116 | 0 | } |
1117 | |
|
1118 | 0 | parameters["digestType"] = getRandomDigest(); |
1119 | |
|
1120 | 0 | cryptofuzz::operation::ECGDSA_Verify op(parameters); |
1121 | 0 | op.Serialize(dsOut2); |
1122 | 0 | } |
1123 | 0 | break; |
1124 | 0 | case CF_OPERATION("ECRDSA_Verify"): |
1125 | 0 | { |
1126 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1127 | |
|
1128 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1129 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1130 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1131 | |
|
1132 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1133 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1134 | |
|
1135 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1136 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1137 | |
|
1138 | 0 | if ( getBool() ) { |
1139 | | /* Test ECRDSA signature malleability */ |
1140 | |
|
1141 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1142 | 0 | if ( order != std::nullopt ) { |
1143 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1144 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1145 | 0 | if ( o > s ) { |
1146 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1147 | 0 | } |
1148 | 0 | } |
1149 | 0 | } |
1150 | |
|
1151 | 0 | parameters["signature"]["signature"][1] = sigS; |
1152 | 0 | parameters["cleartext"] = P.cleartext; |
1153 | 0 | } else { |
1154 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1155 | |
|
1156 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1157 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1158 | |
|
1159 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1160 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1161 | |
|
1162 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1163 | 0 | } |
1164 | |
|
1165 | 0 | parameters["digestType"] = getRandomDigest(); |
1166 | |
|
1167 | 0 | cryptofuzz::operation::ECRDSA_Verify op(parameters); |
1168 | 0 | op.Serialize(dsOut2); |
1169 | 0 | } |
1170 | 0 | break; |
1171 | 0 | case CF_OPERATION("Schnorr_Verify"): |
1172 | 0 | { |
1173 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1174 | |
|
1175 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1176 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1177 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1178 | |
|
1179 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1180 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1181 | |
|
1182 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1183 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1184 | |
|
1185 | 0 | if ( getBool() ) { |
1186 | | /* Test Schnorr signature malleability */ |
1187 | |
|
1188 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1189 | 0 | if ( order != std::nullopt ) { |
1190 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1191 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1192 | 0 | if ( o > s ) { |
1193 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1194 | 0 | } |
1195 | 0 | } |
1196 | 0 | } |
1197 | |
|
1198 | 0 | parameters["signature"]["signature"][1] = sigS; |
1199 | 0 | parameters["cleartext"] = P.cleartext; |
1200 | 0 | } else { |
1201 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1202 | |
|
1203 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1204 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1205 | |
|
1206 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1207 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1208 | |
|
1209 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1210 | 0 | } |
1211 | |
|
1212 | 0 | parameters["digestType"] = getRandomDigest(); |
1213 | |
|
1214 | 0 | cryptofuzz::operation::Schnorr_Verify op(parameters); |
1215 | 0 | op.Serialize(dsOut2); |
1216 | 0 | } |
1217 | 0 | break; |
1218 | 0 | case CF_OPERATION("ECDSA_Recover"): |
1219 | 0 | { |
1220 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1221 | |
|
1222 | 0 | if ( getBool() && Pool_CurveECDSASignature.Have() == true ) { |
1223 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1224 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1225 | |
|
1226 | 0 | parameters["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1227 | 0 | parameters["signature"][1] = getBool() ? getBignum() : P.sig_y; |
1228 | |
|
1229 | 0 | if ( getBool() ) { |
1230 | 0 | parameters["cleartext"] = P.cleartext; |
1231 | 0 | } else { |
1232 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1233 | 0 | } |
1234 | 0 | } else if ( getBool() && Pool_CurveECC_Point.Have() == true ) { |
1235 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1236 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1237 | |
|
1238 | 0 | parameters["signature"][0] = getBool() ? getBignum() : P.x; |
1239 | 0 | parameters["signature"][1] = getBool() ? getBignum() : P.y; |
1240 | |
|
1241 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1242 | 0 | } else { |
1243 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1244 | |
|
1245 | 0 | parameters["signature"][0] = getBignum(); |
1246 | 0 | parameters["signature"][1] = getBignum(); |
1247 | |
|
1248 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1249 | 0 | } |
1250 | |
|
1251 | 0 | parameters["id"] = PRNG() % 4; |
1252 | 0 | parameters["digestType"] = getRandomDigest(); |
1253 | |
|
1254 | 0 | cryptofuzz::operation::ECDSA_Recover op(parameters); |
1255 | 0 | op.Serialize(dsOut2); |
1256 | 0 | } |
1257 | 0 | case CF_OPERATION("ECC_GenerateKeyPair"): |
1258 | 0 | { |
1259 | 0 | parameters["modifier"] = getBuffer(PRNG() % 128); |
1260 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1261 | |
|
1262 | 0 | cryptofuzz::operation::ECC_GenerateKeyPair op(parameters); |
1263 | 0 | op.Serialize(dsOut2); |
1264 | 0 | } |
1265 | 0 | break; |
1266 | 0 | case CF_OPERATION("ECIES_Encrypt"): |
1267 | 0 | case CF_OPERATION("ECIES_Decrypt"): |
1268 | 0 | { |
1269 | 0 | parameters["modifier"] = getBuffer(PRNG() % 128); |
1270 | 0 | if ( operation == CF_OPERATION("ECIES_Encrypt") ) { |
1271 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 1024); |
1272 | 0 | } else { |
1273 | 0 | parameters["ciphertext"] = getBuffer(PRNG() % 1024); |
1274 | 0 | } |
1275 | | //parameters["cipherType"] = getRandomCipher(); |
1276 | 0 | parameters["cipherType"] = CF_CIPHER("AES_128_CBC"); |
1277 | 0 | parameters["iv_enabled"] = false; |
1278 | |
|
1279 | 0 | parameters["priv"] = getBignum(); |
1280 | |
|
1281 | 0 | if ( Pool_CurveKeypair.Have() && getBool() == true ) { |
1282 | 0 | const auto P = Pool_CurveKeypair.Get(); |
1283 | |
|
1284 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1285 | 0 | parameters["pub_x"] = P.pub_x; |
1286 | 0 | parameters["pub_y"] = P.pub_y; |
1287 | |
|
1288 | 0 | if ( Pool_CurvePrivkey.Have() && getBool() == true ) { |
1289 | 0 | const auto P2 = Pool_CurvePrivkey.Get(); |
1290 | 0 | if ( P2.curveID == P.curveID ) { |
1291 | 0 | parameters["priv"] = P2.priv; |
1292 | 0 | } |
1293 | 0 | } |
1294 | 0 | } else { |
1295 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1296 | 0 | parameters["pub_x"] = getBignum(); |
1297 | 0 | parameters["pub_y"] = getBignum(); |
1298 | 0 | } |
1299 | |
|
1300 | 0 | if ( operation == CF_OPERATION("ECIES_Encrypt") ) { |
1301 | 0 | cryptofuzz::operation::ECIES_Encrypt op(parameters); |
1302 | 0 | op.Serialize(dsOut2); |
1303 | 0 | } else { |
1304 | 0 | cryptofuzz::operation::ECIES_Decrypt op(parameters); |
1305 | 0 | op.Serialize(dsOut2); |
1306 | 0 | } |
1307 | 0 | } |
1308 | 0 | break; |
1309 | 0 | case CF_OPERATION("ECC_Point_Add"): |
1310 | 0 | { |
1311 | 0 | parameters["modifier"] = ""; |
1312 | |
|
1313 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1314 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1315 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1316 | |
|
1317 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1318 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1319 | 0 | } else { |
1320 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1321 | |
|
1322 | 0 | parameters["a_x"] = getBignum(); |
1323 | 0 | parameters["a_y"] = getBignum(); |
1324 | 0 | } |
1325 | |
|
1326 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1327 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1328 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1329 | |
|
1330 | 0 | parameters["b_x"] = getBool() ? getBignum() : P.x; |
1331 | 0 | parameters["b_y"] = getBool() ? getBignum() : P.y; |
1332 | 0 | } else { |
1333 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1334 | |
|
1335 | 0 | parameters["b_x"] = getBignum(); |
1336 | 0 | parameters["b_y"] = getBignum(); |
1337 | 0 | } |
1338 | |
|
1339 | 0 | cryptofuzz::operation::ECC_Point_Add op(parameters); |
1340 | 0 | op.Serialize(dsOut2); |
1341 | |
|
1342 | 0 | generateECCPoint(); |
1343 | 0 | } |
1344 | 0 | break; |
1345 | 0 | case CF_OPERATION("ECC_Point_Mul"): |
1346 | 0 | { |
1347 | 0 | parameters["modifier"] = ""; |
1348 | |
|
1349 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1350 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1351 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1352 | |
|
1353 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1354 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1355 | 0 | } else { |
1356 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1357 | |
|
1358 | 0 | parameters["a_x"] = getBignum(); |
1359 | 0 | parameters["a_y"] = getBignum(); |
1360 | 0 | } |
1361 | |
|
1362 | 0 | parameters["b"] = getBignum(); |
1363 | |
|
1364 | 0 | cryptofuzz::operation::ECC_Point_Mul op(parameters); |
1365 | 0 | op.Serialize(dsOut2); |
1366 | |
|
1367 | 0 | generateECCPoint(); |
1368 | 0 | } |
1369 | 0 | break; |
1370 | 0 | case CF_OPERATION("ECC_Point_Neg"): |
1371 | 0 | { |
1372 | 0 | parameters["modifier"] = ""; |
1373 | |
|
1374 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1375 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1376 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1377 | |
|
1378 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1379 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1380 | 0 | } else { |
1381 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1382 | |
|
1383 | 0 | parameters["a_x"] = getBignum(); |
1384 | 0 | parameters["a_y"] = getBignum(); |
1385 | 0 | } |
1386 | |
|
1387 | 0 | cryptofuzz::operation::ECC_Point_Neg op(parameters); |
1388 | 0 | op.Serialize(dsOut2); |
1389 | |
|
1390 | 0 | generateECCPoint(); |
1391 | 0 | } |
1392 | 0 | break; |
1393 | 0 | case CF_OPERATION("ECC_Point_Dbl"): |
1394 | 0 | { |
1395 | 0 | parameters["modifier"] = ""; |
1396 | |
|
1397 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1398 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1399 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1400 | |
|
1401 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1402 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1403 | 0 | } else { |
1404 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1405 | |
|
1406 | 0 | parameters["a_x"] = getBignum(); |
1407 | 0 | parameters["a_y"] = getBignum(); |
1408 | 0 | } |
1409 | |
|
1410 | 0 | cryptofuzz::operation::ECC_Point_Dbl op(parameters); |
1411 | 0 | op.Serialize(dsOut2); |
1412 | |
|
1413 | 0 | generateECCPoint(); |
1414 | 0 | } |
1415 | 0 | break; |
1416 | 0 | case CF_OPERATION("KDF_SCRYPT"): |
1417 | 0 | { |
1418 | 0 | size_t numParts = 0; |
1419 | |
|
1420 | 0 | numParts++; /* modifier */ |
1421 | 0 | numParts++; /* password */ |
1422 | 0 | numParts++; /* salt */ |
1423 | |
|
1424 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1425 | |
|
1426 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1427 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1428 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1429 | 0 | parameters["N"] = PRNG() % 5; |
1430 | 0 | parameters["r"] = PRNG() % 9; |
1431 | 0 | parameters["p"] = PRNG() % 5; |
1432 | 0 | parameters["keySize"] = PRNG() % 1024; |
1433 | |
|
1434 | 0 | cryptofuzz::operation::KDF_SCRYPT op(parameters); |
1435 | 0 | op.Serialize(dsOut2); |
1436 | 0 | } |
1437 | 0 | break; |
1438 | 0 | case CF_OPERATION("KDF_HKDF"): |
1439 | 0 | { |
1440 | 0 | size_t numParts = 0; |
1441 | |
|
1442 | 0 | numParts++; /* modifier */ |
1443 | 0 | numParts++; /* password */ |
1444 | 0 | numParts++; /* salt */ |
1445 | 0 | numParts++; /* info */ |
1446 | |
|
1447 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1448 | |
|
1449 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1450 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1451 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1452 | 0 | parameters["info"] = getBuffer(lengths[3]); |
1453 | 0 | parameters["keySize"] = PRNG() % 17000; |
1454 | 0 | parameters["digestType"] = getRandomDigest(); |
1455 | |
|
1456 | 0 | cryptofuzz::operation::KDF_HKDF op(parameters); |
1457 | 0 | op.Serialize(dsOut2); |
1458 | 0 | } |
1459 | 0 | break; |
1460 | 0 | case CF_OPERATION("KDF_TLS1_PRF"): |
1461 | 0 | { |
1462 | 0 | size_t numParts = 0; |
1463 | |
|
1464 | 0 | numParts++; /* modifier */ |
1465 | 0 | numParts++; /* secret */ |
1466 | 0 | numParts++; /* seed */ |
1467 | |
|
1468 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1469 | |
|
1470 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1471 | 0 | parameters["secret"] = getBuffer(lengths[1]); |
1472 | 0 | parameters["seed"] = getBuffer(lengths[2]); |
1473 | 0 | parameters["keySize"] = PRNG() % 1024; |
1474 | 0 | parameters["digestType"] = getRandomDigest(); |
1475 | |
|
1476 | 0 | cryptofuzz::operation::KDF_TLS1_PRF op(parameters); |
1477 | 0 | op.Serialize(dsOut2); |
1478 | 0 | } |
1479 | 0 | break; |
1480 | 0 | case CF_OPERATION("KDF_PBKDF"): |
1481 | 0 | { |
1482 | 0 | size_t numParts = 0; |
1483 | |
|
1484 | 0 | numParts++; /* modifier */ |
1485 | 0 | numParts++; /* password */ |
1486 | 0 | numParts++; /* salt */ |
1487 | |
|
1488 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1489 | |
|
1490 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1491 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1492 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1493 | 0 | parameters["iterations"] = PRNG() % 5; |
1494 | 0 | parameters["keySize"] = PRNG() % 1024; |
1495 | 0 | parameters["digestType"] = getRandomDigest(); |
1496 | |
|
1497 | 0 | cryptofuzz::operation::KDF_PBKDF op(parameters); |
1498 | 0 | op.Serialize(dsOut2); |
1499 | 0 | } |
1500 | 0 | break; |
1501 | 0 | case CF_OPERATION("KDF_PBKDF1"): |
1502 | 0 | { |
1503 | 0 | size_t numParts = 0; |
1504 | |
|
1505 | 0 | numParts++; /* modifier */ |
1506 | 0 | numParts++; /* password */ |
1507 | 0 | numParts++; /* salt */ |
1508 | |
|
1509 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1510 | |
|
1511 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1512 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1513 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1514 | 0 | parameters["iterations"] = PRNG() % 5; |
1515 | 0 | parameters["keySize"] = PRNG() % 1024; |
1516 | 0 | parameters["digestType"] = getRandomDigest(); |
1517 | |
|
1518 | 0 | cryptofuzz::operation::KDF_PBKDF op(parameters); |
1519 | 0 | op.Serialize(dsOut2); |
1520 | 0 | } |
1521 | 0 | break; |
1522 | 0 | case CF_OPERATION("KDF_PBKDF2"): |
1523 | 0 | { |
1524 | 0 | size_t numParts = 0; |
1525 | |
|
1526 | 0 | numParts++; /* modifier */ |
1527 | 0 | numParts++; /* password */ |
1528 | 0 | numParts++; /* salt */ |
1529 | |
|
1530 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1531 | |
|
1532 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1533 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1534 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1535 | 0 | parameters["iterations"] = PRNG() % 5; |
1536 | 0 | parameters["keySize"] = PRNG() % 1024; |
1537 | 0 | parameters["digestType"] = getRandomDigest(); |
1538 | |
|
1539 | 0 | cryptofuzz::operation::KDF_PBKDF2 op(parameters); |
1540 | 0 | op.Serialize(dsOut2); |
1541 | 0 | } |
1542 | 0 | break; |
1543 | 0 | case CF_OPERATION("KDF_ARGON2"): |
1544 | 0 | { |
1545 | 0 | size_t numParts = 0; |
1546 | |
|
1547 | 0 | numParts++; /* modifier */ |
1548 | 0 | numParts++; /* password */ |
1549 | 0 | numParts++; /* salt */ |
1550 | |
|
1551 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1552 | |
|
1553 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1554 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1555 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1556 | 0 | parameters["type"] = PRNG() % 3; |
1557 | 0 | parameters["threads"] = PRNG() % 256; |
1558 | 0 | parameters["memory"] = PRNG() % (64*1024); |
1559 | 0 | parameters["iterations"] = PRNG() % 3; |
1560 | 0 | parameters["keySize"] = PRNG() % 1024; |
1561 | |
|
1562 | 0 | cryptofuzz::operation::KDF_ARGON2 op(parameters); |
1563 | 0 | op.Serialize(dsOut2); |
1564 | 0 | } |
1565 | 0 | break; |
1566 | 0 | case CF_OPERATION("KDF_SSH"): |
1567 | 0 | { |
1568 | 0 | size_t numParts = 0; |
1569 | |
|
1570 | 0 | numParts++; /* modifier */ |
1571 | 0 | numParts++; /* key */ |
1572 | 0 | numParts++; /* xcghash */ |
1573 | 0 | numParts++; /* session_id */ |
1574 | |
|
1575 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1576 | |
|
1577 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1578 | 0 | parameters["key"] = getBuffer(lengths[1]); |
1579 | 0 | parameters["xcghash"] = getBuffer(lengths[2]); |
1580 | 0 | parameters["session_id"] = getBuffer(lengths[3]); |
1581 | 0 | parameters["type"] = getBuffer(1); |
1582 | 0 | parameters["keySize"] = PRNG() % 1024; |
1583 | 0 | parameters["digestType"] = getRandomDigest(); |
1584 | |
|
1585 | 0 | cryptofuzz::operation::KDF_SSH op(parameters); |
1586 | 0 | op.Serialize(dsOut2); |
1587 | 0 | } |
1588 | 0 | break; |
1589 | 0 | case CF_OPERATION("KDF_X963"): |
1590 | 0 | { |
1591 | 0 | size_t numParts = 0; |
1592 | |
|
1593 | 0 | numParts++; /* modifier */ |
1594 | 0 | numParts++; /* secret */ |
1595 | 0 | numParts++; /* info */ |
1596 | |
|
1597 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1598 | |
|
1599 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1600 | 0 | parameters["secret"] = getBuffer(lengths[1]); |
1601 | 0 | parameters["info"] = getBuffer(lengths[2]); |
1602 | 0 | parameters["keySize"] = PRNG() % 1024; |
1603 | 0 | parameters["digestType"] = getRandomDigest(); |
1604 | |
|
1605 | 0 | cryptofuzz::operation::KDF_X963 op(parameters); |
1606 | 0 | op.Serialize(dsOut2); |
1607 | 0 | } |
1608 | 0 | break; |
1609 | 0 | case CF_OPERATION("KDF_SP_800_108"): |
1610 | 0 | { |
1611 | 0 | size_t numParts = 0; |
1612 | |
|
1613 | 0 | numParts++; /* modifier */ |
1614 | 0 | numParts++; /* secret */ |
1615 | 0 | numParts++; /* salt */ |
1616 | 0 | numParts++; /* label */ |
1617 | |
|
1618 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1619 | |
|
1620 | 0 | if ( getBool() == true ) { |
1621 | | /* MAC = HMAC */ |
1622 | 0 | parameters["mech"]["mode"] = true; |
1623 | 0 | parameters["mech"]["type"] = getRandomDigest(); |
1624 | 0 | } else { |
1625 | | /* MAC = CMAC */ |
1626 | 0 | parameters["mech"]["mode"] = false; |
1627 | 0 | parameters["mech"]["type"] = getRandomCipher(); |
1628 | 0 | } |
1629 | |
|
1630 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1631 | 0 | parameters["secret"] = getBuffer(lengths[1]); |
1632 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1633 | 0 | parameters["label"] = getBuffer(lengths[3]); |
1634 | 0 | parameters["mode"] = PRNG() % 3; |
1635 | 0 | parameters["keySize"] = PRNG() % 17000; |
1636 | |
|
1637 | 0 | cryptofuzz::operation::KDF_SP_800_108 op(parameters); |
1638 | 0 | op.Serialize(dsOut2); |
1639 | 0 | } |
1640 | 0 | break; |
1641 | 0 | case CF_OPERATION("DH_GenerateKeyPair"): |
1642 | 0 | { |
1643 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1644 | 0 | parameters["prime"] = getBignum(); |
1645 | 0 | parameters["base"] = getBignum(); |
1646 | |
|
1647 | 0 | cryptofuzz::operation::DH_GenerateKeyPair op(parameters); |
1648 | 0 | op.Serialize(dsOut2); |
1649 | 0 | } |
1650 | 0 | break; |
1651 | 0 | case CF_OPERATION("DH_Derive"): |
1652 | 0 | { |
1653 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1654 | 0 | parameters["prime"] = getBignum(); |
1655 | 0 | parameters["base"] = getBignum(); |
1656 | 0 | if ( Pool_DH_PublicKey.Have() && getBool() == true ) { |
1657 | 0 | parameters["pub"] = Pool_DH_PublicKey.Get(); |
1658 | 0 | } else { |
1659 | 0 | parameters["pub"] = getBignum(); |
1660 | 0 | } |
1661 | |
|
1662 | 0 | if ( Pool_DH_PrivateKey.Have() && getBool() == true ) { |
1663 | 0 | parameters["priv"] = Pool_DH_PrivateKey.Get(); |
1664 | 0 | } else { |
1665 | 0 | parameters["priv"] = getBignum(); |
1666 | 0 | } |
1667 | |
|
1668 | 0 | cryptofuzz::operation::DH_Derive op(parameters); |
1669 | 0 | op.Serialize(dsOut2); |
1670 | 0 | } |
1671 | 0 | break; |
1672 | 0 | case CF_OPERATION("BLS_PrivateToPublic"): |
1673 | 0 | { |
1674 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1675 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1676 | |
|
1677 | 0 | parameters["priv"] = getBignum(); |
1678 | |
|
1679 | 0 | cryptofuzz::operation::BLS_PrivateToPublic op(parameters); |
1680 | 0 | op.Serialize(dsOut2); |
1681 | 0 | } |
1682 | 0 | break; |
1683 | 0 | case CF_OPERATION("BLS_PrivateToPublic_G2"): |
1684 | 0 | { |
1685 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1686 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1687 | |
|
1688 | 0 | parameters["priv"] = getBignum(); |
1689 | |
|
1690 | 0 | cryptofuzz::operation::BLS_PrivateToPublic_G2 op(parameters); |
1691 | 0 | op.Serialize(dsOut2); |
1692 | 0 | } |
1693 | 0 | break; |
1694 | 0 | case CF_OPERATION("BLS_Sign"): |
1695 | 0 | { |
1696 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1697 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1698 | 0 | const auto hashOrPoint = getBool(); |
1699 | | //const auto hashOrPoint = false; |
1700 | 0 | parameters["hashOrPoint"] = hashOrPoint; |
1701 | 0 | if ( hashOrPoint == true ) { |
1702 | | //parameters["cleartext"] = getBuffer(PRNG() % 32); |
1703 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1704 | 0 | parameters["point_v"] = ""; |
1705 | 0 | parameters["point_w"] = ""; |
1706 | 0 | parameters["point_x"] = ""; |
1707 | 0 | parameters["point_y"] = ""; |
1708 | 0 | } else { |
1709 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
1710 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
1711 | 0 | parameters["point_v"] = GET_OR_BIGNUM(P.g2_v); |
1712 | 0 | parameters["point_w"] = GET_OR_BIGNUM(P.g2_w); |
1713 | 0 | parameters["point_x"] = GET_OR_BIGNUM(P.g2_x); |
1714 | 0 | parameters["point_y"] = GET_OR_BIGNUM(P.g2_y); |
1715 | 0 | } else { |
1716 | 0 | parameters["point_v"] = getBignum(); |
1717 | 0 | parameters["point_w"] = getBignum(); |
1718 | 0 | parameters["point_x"] = getBignum(); |
1719 | 0 | parameters["point_y"] = getBignum(); |
1720 | 0 | } |
1721 | |
|
1722 | 0 | parameters["cleartext"] = ""; |
1723 | 0 | } |
1724 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
1725 | 0 | parameters["aug"] = ""; |
1726 | 0 | parameters["priv"] = getBignum(); |
1727 | |
|
1728 | 0 | cryptofuzz::operation::BLS_Sign op(parameters); |
1729 | 0 | op.Serialize(dsOut2); |
1730 | 0 | } |
1731 | 0 | break; |
1732 | 0 | case CF_OPERATION("BLS_Verify"): |
1733 | 0 | { |
1734 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1735 | |
|
1736 | 0 | if ( Pool_CurveBLSSignature.Have() == true ) { |
1737 | 0 | const auto P = Pool_CurveBLSSignature.Get(); |
1738 | |
|
1739 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1740 | 0 | parameters["hashOrPoint"] = P.hashOrPoint; |
1741 | 0 | parameters["point_v"] = GET_OR_BIGNUM(P.point_v); |
1742 | 0 | parameters["point_w"] = GET_OR_BIGNUM(P.point_w); |
1743 | 0 | parameters["point_x"] = GET_OR_BIGNUM(P.point_x); |
1744 | 0 | parameters["point_y"] = GET_OR_BIGNUM(P.point_y); |
1745 | 0 | parameters["cleartext"] = P.cleartext; |
1746 | 0 | parameters["dest"] = P.dest; |
1747 | 0 | parameters["aug"] = P.aug; |
1748 | 0 | parameters["pub_x"] = GET_OR_BIGNUM(P.pub_x); |
1749 | 0 | parameters["pub_y"] = GET_OR_BIGNUM(P.pub_y); |
1750 | 0 | parameters["sig_v"] = GET_OR_BIGNUM(P.sig_v); |
1751 | 0 | parameters["sig_w"] = GET_OR_BIGNUM(P.sig_w); |
1752 | 0 | parameters["sig_x"] = GET_OR_BIGNUM(P.sig_x); |
1753 | 0 | parameters["sig_y"] = GET_OR_BIGNUM(P.sig_y); |
1754 | 0 | } else { |
1755 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1756 | 0 | const auto hashOrPoint = getBool(); |
1757 | 0 | parameters["hashOrPoint"] = hashOrPoint; |
1758 | 0 | if ( hashOrPoint == true ) { |
1759 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1760 | 0 | parameters["point_v"] = ""; |
1761 | 0 | parameters["point_w"] = ""; |
1762 | 0 | parameters["point_x"] = ""; |
1763 | 0 | parameters["point_y"] = ""; |
1764 | 0 | } else { |
1765 | 0 | parameters["point_v"] = getBignum(); |
1766 | 0 | parameters["point_w"] = getBignum(); |
1767 | 0 | parameters["point_x"] = getBignum(); |
1768 | 0 | parameters["point_y"] = getBignum(); |
1769 | 0 | parameters["cleartext"] = ""; |
1770 | 0 | } |
1771 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
1772 | 0 | parameters["pub_x"] = getBignum(); |
1773 | 0 | parameters["pub_y"] = getBignum(); |
1774 | 0 | parameters["sig_v"] = getBignum(); |
1775 | 0 | parameters["sig_w"] = getBignum(); |
1776 | 0 | parameters["sig_x"] = getBignum(); |
1777 | 0 | parameters["sig_y"] = getBignum(); |
1778 | 0 | } |
1779 | |
|
1780 | 0 | cryptofuzz::operation::BLS_Verify op(parameters); |
1781 | 0 | op.Serialize(dsOut2); |
1782 | 0 | } |
1783 | 0 | break; |
1784 | 0 | case CF_OPERATION("BLS_BatchSign"): |
1785 | 0 | { |
1786 | 0 | parameters["modifier"] = ""; |
1787 | | |
1788 | | //const size_t num = PRNG() % 100; |
1789 | | //const size_t num = (PRNG() % 50) + 30; |
1790 | 0 | const size_t num = (PRNG() % 8) + 1; |
1791 | |
|
1792 | 0 | parameters["bf"] = nlohmann::json::array(); |
1793 | |
|
1794 | 0 | for (size_t i = 0; i < num; i++) { |
1795 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
1796 | |
|
1797 | 0 | nlohmann::json p; |
1798 | |
|
1799 | 0 | p["priv"] = getBignum(); |
1800 | 0 | p["g1_x"] = P.g1_x; |
1801 | 0 | p["g1_y"] = P.g1_y; |
1802 | |
|
1803 | 0 | parameters["bf"].push_back(p); |
1804 | 0 | } |
1805 | |
|
1806 | 0 | cryptofuzz::operation::BLS_BatchSign op(parameters); |
1807 | 0 | op.Serialize(dsOut2); |
1808 | |
|
1809 | 0 | generateECCPoint(); |
1810 | 0 | } |
1811 | 0 | break; |
1812 | 0 | case CF_OPERATION("BLS_BatchVerify"): |
1813 | 0 | { |
1814 | 0 | parameters["modifier"] = ""; |
1815 | 0 | parameters["dest"] = get_BLS_predefined_DST(); |
1816 | |
|
1817 | 0 | std::vector< |
1818 | 0 | std::pair< |
1819 | 0 | std::array<std::string, 2>, |
1820 | 0 | std::array<std::string, 4> |
1821 | 0 | > |
1822 | 0 | > points; |
1823 | |
|
1824 | 0 | if ( Pool_BLS_BatchSignature.Have() == true ) { |
1825 | 0 | const auto sig = Pool_BLS_BatchSignature.Get(); |
1826 | |
|
1827 | 0 | for (const auto& mp : sig.msgpub) { |
1828 | 0 | std::array<std::string, 2> g1; |
1829 | 0 | std::array<std::string, 4> g2; |
1830 | |
|
1831 | 0 | switch ( PRNG() % 3 ) { |
1832 | 0 | case 0: |
1833 | 0 | { |
1834 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
1835 | 0 | g1 = {P.g1_x, P.g1_y}; |
1836 | 0 | } |
1837 | 0 | break; |
1838 | 0 | case 1: |
1839 | 0 | g1 = {mp.first.g1_x, mp.first.g1_y}; |
1840 | 0 | break; |
1841 | 0 | case 2: |
1842 | 0 | g1 = {getBignum(), getBignum()}; |
1843 | 0 | break; |
1844 | 0 | } |
1845 | | |
1846 | 0 | if ( (PRNG()%3) == 0 ) { |
1847 | 0 | const auto P2 = Pool_CurveBLSG2.Get(); |
1848 | 0 | g2 = {P2.g2_v, P2.g2_w, P2.g2_x, P2.g2_y}; |
1849 | 0 | } else { |
1850 | 0 | g2 = {mp.second.g2_v, mp.second.g2_w, mp.second.g2_x, mp.second.g2_y}; |
1851 | 0 | } |
1852 | |
|
1853 | 0 | points.push_back({g1, g2}); |
1854 | 0 | } |
1855 | | |
1856 | 0 | parameters["bf"] = nlohmann::json::array(); |
1857 | |
|
1858 | 0 | std::shuffle(std::begin(points), std::end(points), rng); |
1859 | |
|
1860 | 0 | for (const auto& p : points) { |
1861 | 0 | nlohmann::json cur; |
1862 | 0 | cur["g1_x"] = p.first[0]; |
1863 | 0 | cur["g1_y"] = p.first[1]; |
1864 | |
|
1865 | 0 | cur["g2_v"] = p.second[0]; |
1866 | 0 | cur["g2_w"] = p.second[1]; |
1867 | 0 | cur["g2_x"] = p.second[2]; |
1868 | 0 | cur["g2_y"] = p.second[3]; |
1869 | 0 | parameters["bf"].push_back(cur); |
1870 | 0 | } |
1871 | |
|
1872 | 0 | cryptofuzz::operation::BLS_BatchVerify op(parameters); |
1873 | 0 | op.Serialize(dsOut2); |
1874 | 0 | } else { |
1875 | 0 | goto end; |
1876 | 0 | } |
1877 | 0 | } |
1878 | 0 | break; |
1879 | 0 | case CF_OPERATION("BLS_IsG1OnCurve"): |
1880 | 0 | { |
1881 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1882 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1883 | |
|
1884 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
1885 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
1886 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
1887 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
1888 | 0 | } else { |
1889 | 0 | parameters["g1_x"] = getBignum(); |
1890 | 0 | parameters["g1_y"] = getBignum(); |
1891 | 0 | } |
1892 | |
|
1893 | 0 | cryptofuzz::operation::BLS_IsG1OnCurve op(parameters); |
1894 | 0 | op.Serialize(dsOut2); |
1895 | |
|
1896 | 0 | generateECCPoint(); |
1897 | 0 | } |
1898 | 0 | break; |
1899 | 0 | case CF_OPERATION("BLS_IsG2OnCurve"): |
1900 | 0 | { |
1901 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1902 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1903 | |
|
1904 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
1905 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
1906 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
1907 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
1908 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
1909 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
1910 | 0 | } else { |
1911 | 0 | parameters["g2_v"] = getBignum(); |
1912 | 0 | parameters["g2_w"] = getBignum(); |
1913 | 0 | parameters["g2_x"] = getBignum(); |
1914 | 0 | parameters["g2_y"] = getBignum(); |
1915 | 0 | } |
1916 | |
|
1917 | 0 | cryptofuzz::operation::BLS_IsG2OnCurve op(parameters); |
1918 | 0 | op.Serialize(dsOut2); |
1919 | 0 | } |
1920 | 0 | break; |
1921 | 0 | case CF_OPERATION("BLS_GenerateKeyPair"): |
1922 | 0 | { |
1923 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1924 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1925 | 0 | parameters["ikm"] = getBuffer(PRNG() % 512); |
1926 | 0 | parameters["info"] = getBuffer(PRNG() % 512); |
1927 | |
|
1928 | 0 | cryptofuzz::operation::BLS_GenerateKeyPair op(parameters); |
1929 | 0 | op.Serialize(dsOut2); |
1930 | 0 | } |
1931 | 0 | break; |
1932 | 0 | case CF_OPERATION("BLS_Decompress_G1"): |
1933 | 0 | { |
1934 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1935 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1936 | 0 | parameters["compressed"] = getBignum(); |
1937 | |
|
1938 | 0 | cryptofuzz::operation::BLS_Decompress_G1 op(parameters); |
1939 | 0 | op.Serialize(dsOut2); |
1940 | 0 | } |
1941 | 0 | break; |
1942 | 0 | case CF_OPERATION("BLS_Compress_G1"): |
1943 | 0 | { |
1944 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1945 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1946 | |
|
1947 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
1948 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
1949 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
1950 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
1951 | 0 | } else { |
1952 | 0 | parameters["g1_x"] = getBignum(); |
1953 | 0 | parameters["g1_y"] = getBignum(); |
1954 | 0 | } |
1955 | |
|
1956 | 0 | cryptofuzz::operation::BLS_Compress_G1 op(parameters); |
1957 | 0 | op.Serialize(dsOut2); |
1958 | |
|
1959 | 0 | generateECCPoint(); |
1960 | 0 | } |
1961 | 0 | break; |
1962 | 0 | case CF_OPERATION("BLS_Decompress_G2"): |
1963 | 0 | { |
1964 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1965 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1966 | 0 | parameters["g1_x"] = getBignum(); |
1967 | 0 | parameters["g1_y"] = getBignum(); |
1968 | |
|
1969 | 0 | cryptofuzz::operation::BLS_Decompress_G2 op(parameters); |
1970 | 0 | op.Serialize(dsOut2); |
1971 | 0 | } |
1972 | 0 | break; |
1973 | 0 | case CF_OPERATION("BLS_Compress_G2"): |
1974 | 0 | { |
1975 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1976 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1977 | |
|
1978 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
1979 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
1980 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
1981 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
1982 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
1983 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
1984 | 0 | } else { |
1985 | 0 | parameters["g2_v"] = getBignum(); |
1986 | 0 | parameters["g2_w"] = getBignum(); |
1987 | 0 | parameters["g2_x"] = getBignum(); |
1988 | 0 | parameters["g2_y"] = getBignum(); |
1989 | 0 | } |
1990 | |
|
1991 | 0 | cryptofuzz::operation::BLS_Compress_G2 op(parameters); |
1992 | 0 | op.Serialize(dsOut2); |
1993 | 0 | } |
1994 | 0 | break; |
1995 | 0 | case CF_OPERATION("BLS_HashToG1"): |
1996 | 0 | { |
1997 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1998 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
1999 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 1024); |
2000 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
2001 | |
|
2002 | 0 | parameters["aug"] = getBuffer(PRNG() % 1024); |
2003 | |
|
2004 | 0 | cryptofuzz::operation::BLS_HashToG1 op(parameters); |
2005 | 0 | op.Serialize(dsOut2); |
2006 | 0 | } |
2007 | 0 | break; |
2008 | 0 | case CF_OPERATION("BLS_HashToG2"): |
2009 | 0 | { |
2010 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2011 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2012 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 1024); |
2013 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
2014 | 0 | parameters["aug"] = getBuffer(PRNG() % 1024); |
2015 | |
|
2016 | 0 | cryptofuzz::operation::BLS_HashToG2 op(parameters); |
2017 | 0 | op.Serialize(dsOut2); |
2018 | 0 | } |
2019 | 0 | break; |
2020 | 0 | case CF_OPERATION("BLS_MapToG1"): |
2021 | 0 | { |
2022 | 0 | parameters["modifier"] = ""; |
2023 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2024 | 0 | parameters["u"] = getBignum(); |
2025 | 0 | parameters["v"] = getBignum(); |
2026 | |
|
2027 | 0 | cryptofuzz::operation::BLS_MapToG1 op(parameters); |
2028 | 0 | op.Serialize(dsOut2); |
2029 | 0 | } |
2030 | 0 | break; |
2031 | 0 | case CF_OPERATION("BLS_MapToG2"): |
2032 | 0 | { |
2033 | 0 | parameters["modifier"] = ""; |
2034 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2035 | 0 | parameters["u"][0] = getBignum(); |
2036 | 0 | parameters["u"][1] = getBignum(); |
2037 | 0 | parameters["v"][0] = getBignum(); |
2038 | 0 | parameters["v"][1] = getBignum(); |
2039 | |
|
2040 | 0 | cryptofuzz::operation::BLS_MapToG2 op(parameters); |
2041 | 0 | op.Serialize(dsOut2); |
2042 | 0 | } |
2043 | 0 | break; |
2044 | 0 | case CF_OPERATION("BLS_Pairing"): |
2045 | 0 | { |
2046 | 0 | parameters["modifier"] = ""; |
2047 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2048 | |
|
2049 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2050 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2051 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
2052 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
2053 | 0 | } else { |
2054 | 0 | parameters["g1_x"] = getBignum(); |
2055 | 0 | parameters["g1_y"] = getBignum(); |
2056 | 0 | } |
2057 | |
|
2058 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2059 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2060 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
2061 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
2062 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
2063 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
2064 | 0 | } else { |
2065 | 0 | parameters["g2_v"] = getBignum(); |
2066 | 0 | parameters["g2_w"] = getBignum(); |
2067 | 0 | parameters["g2_x"] = getBignum(); |
2068 | 0 | parameters["g2_y"] = getBignum(); |
2069 | 0 | } |
2070 | |
|
2071 | 0 | cryptofuzz::operation::BLS_Pairing op(parameters); |
2072 | 0 | op.Serialize(dsOut2); |
2073 | |
|
2074 | 0 | generateECCPoint(); |
2075 | 0 | } |
2076 | 0 | break; |
2077 | 0 | case CF_OPERATION("BLS_MillerLoop"): |
2078 | 0 | { |
2079 | 0 | parameters["modifier"] = ""; |
2080 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2081 | |
|
2082 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2083 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2084 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
2085 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
2086 | 0 | } else { |
2087 | 0 | parameters["g1_x"] = getBignum(); |
2088 | 0 | parameters["g1_y"] = getBignum(); |
2089 | 0 | } |
2090 | |
|
2091 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2092 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2093 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
2094 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
2095 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
2096 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
2097 | 0 | } else { |
2098 | 0 | parameters["g2_v"] = getBignum(); |
2099 | 0 | parameters["g2_w"] = getBignum(); |
2100 | 0 | parameters["g2_x"] = getBignum(); |
2101 | 0 | parameters["g2_y"] = getBignum(); |
2102 | 0 | } |
2103 | |
|
2104 | 0 | cryptofuzz::operation::BLS_MillerLoop op(parameters); |
2105 | 0 | op.Serialize(dsOut2); |
2106 | |
|
2107 | 0 | generateECCPoint(); |
2108 | 0 | } |
2109 | 0 | break; |
2110 | 0 | case CF_OPERATION("BLS_FinalExp"): |
2111 | 0 | { |
2112 | 0 | parameters["modifier"] = ""; |
2113 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2114 | |
|
2115 | 0 | if ( Pool_Fp12.Have() && getBool() == true ) { |
2116 | 0 | const auto Fp12 = Pool_Fp12.Get(); |
2117 | |
|
2118 | 0 | parameters["fp12"][0] = Fp12.bn1; |
2119 | 0 | parameters["fp12"][1] = Fp12.bn2; |
2120 | 0 | parameters["fp12"][2] = Fp12.bn3; |
2121 | 0 | parameters["fp12"][3] = Fp12.bn4; |
2122 | 0 | parameters["fp12"][4] = Fp12.bn5; |
2123 | 0 | parameters["fp12"][5] = Fp12.bn6; |
2124 | 0 | parameters["fp12"][6] = Fp12.bn7; |
2125 | 0 | parameters["fp12"][7] = Fp12.bn8; |
2126 | 0 | parameters["fp12"][8] = Fp12.bn9; |
2127 | 0 | parameters["fp12"][9] = Fp12.bn10; |
2128 | 0 | parameters["fp12"][10] = Fp12.bn11; |
2129 | 0 | parameters["fp12"][11] = Fp12.bn12; |
2130 | 0 | } else { |
2131 | 0 | parameters["fp12"][0] = getBignum(); |
2132 | 0 | parameters["fp12"][1] = getBignum(); |
2133 | 0 | parameters["fp12"][2] = getBignum(); |
2134 | 0 | parameters["fp12"][3] = getBignum(); |
2135 | 0 | parameters["fp12"][4] = getBignum(); |
2136 | 0 | parameters["fp12"][5] = getBignum(); |
2137 | 0 | parameters["fp12"][6] = getBignum(); |
2138 | 0 | parameters["fp12"][7] = getBignum(); |
2139 | 0 | parameters["fp12"][8] = getBignum(); |
2140 | 0 | parameters["fp12"][9] = getBignum(); |
2141 | 0 | parameters["fp12"][10] = getBignum(); |
2142 | 0 | parameters["fp12"][11] = getBignum(); |
2143 | 0 | } |
2144 | |
|
2145 | 0 | cryptofuzz::operation::BLS_FinalExp op(parameters); |
2146 | 0 | op.Serialize(dsOut2); |
2147 | 0 | } |
2148 | 0 | break; |
2149 | 0 | case CF_OPERATION("BLS_G1_Add"): |
2150 | 0 | { |
2151 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2152 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2153 | |
|
2154 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2155 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2156 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2157 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2158 | 0 | } else { |
2159 | 0 | parameters["a_x"] = getBignum(); |
2160 | 0 | parameters["a_y"] = getBignum(); |
2161 | 0 | } |
2162 | |
|
2163 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2164 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2165 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g1_x); |
2166 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g1_y); |
2167 | 0 | } else { |
2168 | 0 | parameters["b_x"] = getBignum(); |
2169 | 0 | parameters["b_y"] = getBignum(); |
2170 | 0 | } |
2171 | |
|
2172 | 0 | cryptofuzz::operation::BLS_G1_Add op(parameters); |
2173 | 0 | op.Serialize(dsOut2); |
2174 | |
|
2175 | 0 | generateECCPoint(); |
2176 | 0 | } |
2177 | 0 | break; |
2178 | 0 | case CF_OPERATION("BLS_G1_Mul"): |
2179 | 0 | { |
2180 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2181 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2182 | |
|
2183 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2184 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2185 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2186 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2187 | 0 | } else { |
2188 | 0 | parameters["a_x"] = getBignum(); |
2189 | 0 | parameters["a_y"] = getBignum(); |
2190 | 0 | } |
2191 | |
|
2192 | 0 | parameters["b"] = getBignum(); |
2193 | |
|
2194 | 0 | cryptofuzz::operation::BLS_G1_Mul op(parameters); |
2195 | 0 | op.Serialize(dsOut2); |
2196 | |
|
2197 | 0 | generateECCPoint(); |
2198 | 0 | } |
2199 | 0 | break; |
2200 | 0 | case CF_OPERATION("BLS_G1_IsEq"): |
2201 | 0 | { |
2202 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2203 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2204 | |
|
2205 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2206 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2207 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2208 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2209 | 0 | } else { |
2210 | 0 | parameters["a_x"] = getBignum(); |
2211 | 0 | parameters["a_y"] = getBignum(); |
2212 | 0 | } |
2213 | |
|
2214 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2215 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2216 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g1_x); |
2217 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g1_y); |
2218 | 0 | } else { |
2219 | 0 | parameters["b_x"] = getBignum(); |
2220 | 0 | parameters["b_y"] = getBignum(); |
2221 | 0 | } |
2222 | |
|
2223 | 0 | cryptofuzz::operation::BLS_G1_IsEq op(parameters); |
2224 | 0 | op.Serialize(dsOut2); |
2225 | |
|
2226 | 0 | generateECCPoint(); |
2227 | 0 | } |
2228 | 0 | break; |
2229 | 0 | case CF_OPERATION("BLS_G1_Neg"): |
2230 | 0 | { |
2231 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2232 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2233 | |
|
2234 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2235 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2236 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2237 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2238 | 0 | } else { |
2239 | 0 | parameters["a_x"] = getBignum(); |
2240 | 0 | parameters["a_y"] = getBignum(); |
2241 | 0 | } |
2242 | |
|
2243 | 0 | cryptofuzz::operation::BLS_G1_Neg op(parameters); |
2244 | 0 | op.Serialize(dsOut2); |
2245 | |
|
2246 | 0 | generateECCPoint(); |
2247 | 0 | } |
2248 | 0 | break; |
2249 | 0 | case CF_OPERATION("BLS_G2_Add"): |
2250 | 0 | { |
2251 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2252 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2253 | |
|
2254 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2255 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2256 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2257 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2258 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2259 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2260 | 0 | } else { |
2261 | 0 | parameters["a_v"] = getBignum(); |
2262 | 0 | parameters["a_w"] = getBignum(); |
2263 | 0 | parameters["a_x"] = getBignum(); |
2264 | 0 | parameters["a_y"] = getBignum(); |
2265 | 0 | } |
2266 | |
|
2267 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2268 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2269 | 0 | parameters["b_v"] = GET_OR_BIGNUM(P.g2_v); |
2270 | 0 | parameters["b_w"] = GET_OR_BIGNUM(P.g2_w); |
2271 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g2_x); |
2272 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g2_y); |
2273 | 0 | } else { |
2274 | 0 | parameters["b_v"] = getBignum(); |
2275 | 0 | parameters["b_w"] = getBignum(); |
2276 | 0 | parameters["b_x"] = getBignum(); |
2277 | 0 | parameters["b_y"] = getBignum(); |
2278 | 0 | } |
2279 | |
|
2280 | 0 | cryptofuzz::operation::BLS_G2_Add op(parameters); |
2281 | 0 | op.Serialize(dsOut2); |
2282 | 0 | } |
2283 | 0 | break; |
2284 | 0 | case CF_OPERATION("BLS_G2_Mul"): |
2285 | 0 | { |
2286 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2287 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2288 | |
|
2289 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2290 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2291 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2292 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2293 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2294 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2295 | 0 | } else { |
2296 | 0 | parameters["a_v"] = getBignum(); |
2297 | 0 | parameters["a_w"] = getBignum(); |
2298 | 0 | parameters["a_x"] = getBignum(); |
2299 | 0 | parameters["a_y"] = getBignum(); |
2300 | 0 | } |
2301 | |
|
2302 | 0 | parameters["b"] = getBignum(); |
2303 | |
|
2304 | 0 | cryptofuzz::operation::BLS_G2_Mul op(parameters); |
2305 | 0 | op.Serialize(dsOut2); |
2306 | 0 | } |
2307 | 0 | break; |
2308 | 0 | case CF_OPERATION("BLS_G2_IsEq"): |
2309 | 0 | { |
2310 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2311 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2312 | |
|
2313 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2314 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2315 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2316 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2317 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2318 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2319 | 0 | } else { |
2320 | 0 | parameters["a_v"] = getBignum(); |
2321 | 0 | parameters["a_w"] = getBignum(); |
2322 | 0 | parameters["a_x"] = getBignum(); |
2323 | 0 | parameters["a_y"] = getBignum(); |
2324 | 0 | } |
2325 | |
|
2326 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2327 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2328 | 0 | parameters["b_v"] = GET_OR_BIGNUM(P.g2_v); |
2329 | 0 | parameters["b_w"] = GET_OR_BIGNUM(P.g2_w); |
2330 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g2_x); |
2331 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g2_y); |
2332 | 0 | } else { |
2333 | 0 | parameters["b_v"] = getBignum(); |
2334 | 0 | parameters["b_w"] = getBignum(); |
2335 | 0 | parameters["b_x"] = getBignum(); |
2336 | 0 | parameters["b_y"] = getBignum(); |
2337 | 0 | } |
2338 | |
|
2339 | 0 | cryptofuzz::operation::BLS_G2_IsEq op(parameters); |
2340 | 0 | op.Serialize(dsOut2); |
2341 | 0 | } |
2342 | 0 | break; |
2343 | 0 | case CF_OPERATION("BLS_G2_Neg"): |
2344 | 0 | { |
2345 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2346 | 0 | parameters["curveType"] = hint_ecc_mont(CF_ECC_CURVE("BLS12_381")); |
2347 | |
|
2348 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2349 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2350 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2351 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2352 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2353 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2354 | 0 | } else { |
2355 | 0 | parameters["a_v"] = getBignum(); |
2356 | 0 | parameters["a_w"] = getBignum(); |
2357 | 0 | parameters["a_x"] = getBignum(); |
2358 | 0 | parameters["a_y"] = getBignum(); |
2359 | 0 | } |
2360 | |
|
2361 | 0 | cryptofuzz::operation::BLS_G2_Neg op(parameters); |
2362 | 0 | op.Serialize(dsOut2); |
2363 | 0 | } |
2364 | 0 | break; |
2365 | 0 | case CF_OPERATION("SR25519_Verify"): |
2366 | 0 | { |
2367 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
2368 | |
|
2369 | 0 | parameters["signature"]["pub"] = getBignum(); |
2370 | |
|
2371 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
2372 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
2373 | |
|
2374 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
2375 | |
|
2376 | 0 | cryptofuzz::operation::SR25519_Verify op(parameters); |
2377 | 0 | op.Serialize(dsOut2); |
2378 | 0 | } |
2379 | 0 | break; |
2380 | 0 | default: |
2381 | 0 | goto end; |
2382 | 0 | } |
2383 | 0 | #undef GET_OR_BIGNUM |
2384 | | |
2385 | 0 | fuzzing::datasource::Datasource dsOut(nullptr, 0); |
2386 | | |
2387 | | /* Operation ID */ |
2388 | 0 | dsOut.Put<uint64_t>(operation); |
2389 | |
|
2390 | 0 | dsOut.PutData(dsOut2.GetOut()); |
2391 | | |
2392 | | /* Modifier */ |
2393 | 0 | if ( reuseModifier == true && !modifier.empty() ) { |
2394 | 0 | dsOut.PutData(modifier); |
2395 | 0 | } else { |
2396 | 0 | size_t modifierMaxSize = maxSize / 10; |
2397 | 0 | if ( modifierMaxSize == 0 ) { |
2398 | 0 | modifierMaxSize = 1; |
2399 | 0 | } |
2400 | |
|
2401 | 0 | dsOut.PutData(getBufferBin(PRNG() % modifierMaxSize)); |
2402 | 0 | } |
2403 | | |
2404 | | /* Module ID */ |
2405 | 0 | dsOut.Put<uint64_t>( ModuleLUT[ PRNG() % (sizeof(ModuleLUT) / sizeof(ModuleLUT[0])) ].id ); |
2406 | | |
2407 | | /* Terminator */ |
2408 | 0 | dsOut.Put<bool>(false); |
2409 | |
|
2410 | 0 | const auto insertSize = dsOut.GetOut().size(); |
2411 | 0 | if ( insertSize <= maxSize ) { |
2412 | 0 | memcpy(data, dsOut.GetOut().data(), insertSize); |
2413 | |
|
2414 | 0 | if ( getBool() == true ) { |
2415 | 0 | return insertSize; |
2416 | 0 | } |
2417 | | |
2418 | | /* Fall through to LLVMFuzzerMutate */ |
2419 | 0 | } |
2420 | 0 | } |
2421 | | |
2422 | 0 | end: |
2423 | 0 | return LLVMFuzzerMutate(data, size, maxSize); |
2424 | 0 | } |