/src/ndpi/fuzz/fuzz_gcrypt_cipher.cpp

Source
#include <stdlib.h>
#include <stdint.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"

#define MBEDTLS_CHECK_RETURN_TYPICAL
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret )  do { } while( 0 )
#include "gcrypt/cipher.h"
#include "gcrypt/error.h"
#include "gcrypt/aes.h"

extern int force_no_aesni;

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  int key_lens[] = { 128, 192, 256 };
  int key_len, iv_len, rc_e, rc_d, input_length;
  unsigned char *output, *decrypted;
  size_t output_size, output_size2, decrypted_size;
  mbedtls_cipher_type_t cipher_type;
  /* TODO: GCM. This code/fuzzer doesn't work with GCM ciphers. Not sure why.. :( */
  const char *cipher_names[] = { NULL, "", "AES-128-ECB", "AES-192-ECB", "AES-256-ECB",
                                 /* "AES-128-GCM", "AES-192-GCM", "AES-256-GCM" */ };
  const char *cipher_name;
  mbedtls_cipher_context_t *ctx_e, *ctx_d;

  /* No real memory allocations involved */

  if(fuzzed_data.remaining_bytes() < 512) /* Some data */
    return -1;

  posix_memalign((void **)&ctx_e, 8, sizeof(mbedtls_cipher_context_t));
  posix_memalign((void **)&ctx_d, 8, sizeof(mbedtls_cipher_context_t));

  key_len = fuzzed_data.PickValueInArray(key_lens);
  std::vector<unsigned char>key = fuzzed_data.ConsumeBytes<u_int8_t>(key_len / 8);
  iv_len = fuzzed_data.ConsumeIntegralInRange(0, MBEDTLS_MAX_IV_LENGTH + 1);
  std::vector<u_int8_t>iv = fuzzed_data.ConsumeBytes<uint8_t>(iv_len);
  input_length = fuzzed_data.ConsumeIntegralInRange(16, 17);
  std::vector<unsigned char>input = fuzzed_data.ConsumeBytes<u_int8_t>(input_length);
  output = (unsigned char *)malloc(input_length);
  decrypted = (unsigned char *)malloc(input_length);

  mbedtls_cipher_list();
  /* Random iteration */
  cipher_type = static_cast<mbedtls_cipher_type_t>(fuzzed_data.ConsumeIntegralInRange(0, (int)MBEDTLS_CIPHER_AES_256_KWP) + 1);
  mbedtls_cipher_info_from_type(cipher_type);

  /* Real cipher used */
  cipher_name = cipher_names[fuzzed_data.ConsumeIntegralInRange(0, (int)(sizeof(cipher_names) / sizeof(char *) - 1))];
  mbedtls_cipher_init(ctx_e);
  mbedtls_cipher_init(ctx_d);
  ctx_e->cipher_info = mbedtls_cipher_info_from_string(cipher_name);
  ctx_d->cipher_info = ctx_e->cipher_info;

  mbedtls_cipher_info_get_mode(ctx_e->cipher_info);
  mbedtls_cipher_info_get_type(ctx_e->cipher_info);
  mbedtls_cipher_info_get_name(ctx_e->cipher_info);
  mbedtls_cipher_info_has_variable_key_bitlen(ctx_e->cipher_info);
  mbedtls_cipher_info_has_variable_iv_size(ctx_e->cipher_info);
  mbedtls_cipher_info_get_iv_size(ctx_e->cipher_info);
  mbedtls_cipher_info_get_block_size(ctx_e->cipher_info);
  mbedtls_cipher_get_cipher_mode(ctx_e);
  mbedtls_cipher_get_iv_size(ctx_e);
  mbedtls_cipher_get_type(ctx_e);
  mbedtls_cipher_get_name(ctx_e);
  mbedtls_cipher_get_key_bitlen(ctx_e);
  mbedtls_cipher_get_operation(ctx_e);
  mbedtls_cipher_info_get_key_bitlen(ctx_e->cipher_info);
  mbedtls_error_add(0, 0, NULL, 0);

  posix_memalign((void **)&ctx_e->cipher_ctx, 8, sizeof(mbedtls_aes_context));
  posix_memalign((void **)&ctx_d->cipher_ctx, 8, sizeof(mbedtls_aes_context));

  rc_e = mbedtls_cipher_setkey(ctx_e, key.data(), key.size() * 8, MBEDTLS_ENCRYPT);
  rc_d = mbedtls_cipher_setkey(ctx_d, key.data(), key.size() * 8, MBEDTLS_DECRYPT);
  if(rc_e == 0 && rc_d == 0) {

    if(fuzzed_data.ConsumeBool()) {
      rc_e = mbedtls_cipher_crypt(ctx_e, iv.data(), iv.size(),
                                  input.data(), input.size(), output, &output_size);
    } else {
      rc_e = mbedtls_cipher_set_iv(ctx_e, iv.data(), iv.size());
      rc_d = mbedtls_cipher_set_iv(ctx_d, iv.data(), iv.size());
      if(rc_e == 0 && rc_d == 0) {
        mbedtls_cipher_reset(ctx_e);
        mbedtls_cipher_reset(ctx_d);

        rc_e = mbedtls_cipher_update(ctx_e, input.data(), input.size(), output, &output_size);
        if(rc_e == 0) {
    rc_e = mbedtls_cipher_finish(ctx_e, NULL, &output_size2);
          if(rc_e == 0) {

            rc_d = mbedtls_cipher_update(ctx_d, output, output_size, decrypted, &decrypted_size);
            if(rc_d == 0) {
              rc_d = mbedtls_cipher_finish(ctx_d, NULL, &output_size2);
              /* TODO: decryption doesn't work with no-aesni data path!
           Note that with MASAN, aesni is always disabled */
#if 0
        if(rc_d == 0) {
                assert(input.size() == decrypted_size);
                assert(memcmp(input.data(), decrypted, decrypted_size) == 0);
              }
#endif
      }
          }
        }
      }
    }
  }

  free(output);
  free(decrypted);
  free(ctx_e->cipher_ctx);
  free(ctx_e);
  free(ctx_d->cipher_ctx);
  free(ctx_d);
  return 0;
}

Line	Count	Source
1		#include <stdlib.h>
2		#include <stdint.h>
3		#include <assert.h>
4		#include "fuzzer/FuzzedDataProvider.h"
5
6		#define MBEDTLS_CHECK_RETURN_TYPICAL
7	1.18k	#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
8		#include "gcrypt/cipher.h"
9		#include "gcrypt/error.h"
10		#include "gcrypt/aes.h"
11
12		extern int force_no_aesni;
13
14	213	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
15	213	FuzzedDataProvider fuzzed_data(data, size);
16	213	int key_lens[] = { 128, 192, 256 };
17	213	int key_len, iv_len, rc_e, rc_d, input_length;
18	213	unsigned char output, decrypted;
19	213	size_t output_size, output_size2, decrypted_size;
20	213	mbedtls_cipher_type_t cipher_type;
21		/* TODO: GCM. This code/fuzzer doesn't work with GCM ciphers. Not sure why.. :( */
22	213	const char *cipher_names[] = { NULL, "", "AES-128-ECB", "AES-192-ECB", "AES-256-ECB",
23	213	/* "AES-128-GCM", "AES-192-GCM", "AES-256-GCM" */ };
24	213	const char *cipher_name;
25	213	mbedtls_cipher_context_t ctx_e, ctx_d;
26
27		/* No real memory allocations involved */
28
29	213	if(fuzzed_data.remaining_bytes() < 512) /* Some data */
30	16	return -1;
31
32	197	posix_memalign((void **)&ctx_e, 8, sizeof(mbedtls_cipher_context_t));
33	197	posix_memalign((void **)&ctx_d, 8, sizeof(mbedtls_cipher_context_t));
34
35	197	key_len = fuzzed_data.PickValueInArray(key_lens);
36	197	std::vector<unsigned char>key = fuzzed_data.ConsumeBytes<u_int8_t>(key_len / 8);
37	197	iv_len = fuzzed_data.ConsumeIntegralInRange(0, MBEDTLS_MAX_IV_LENGTH + 1);
38	197	std::vector<u_int8_t>iv = fuzzed_data.ConsumeBytes<uint8_t>(iv_len);
39	197	input_length = fuzzed_data.ConsumeIntegralInRange(16, 17);
40	197	std::vector<unsigned char>input = fuzzed_data.ConsumeBytes<u_int8_t>(input_length);
41	197	output = (unsigned char *)malloc(input_length);
42	197	decrypted = (unsigned char *)malloc(input_length);
43
44	197	mbedtls_cipher_list();
45		/* Random iteration */
46	197	cipher_type = static_cast<mbedtls_cipher_type_t>(fuzzed_data.ConsumeIntegralInRange(0, (int)MBEDTLS_CIPHER_AES_256_KWP) + 1);
47	197	mbedtls_cipher_info_from_type(cipher_type);
48
49		/* Real cipher used */
50	197	cipher_name = cipher_names[fuzzed_data.ConsumeIntegralInRange(0, (int)(sizeof(cipher_names) / sizeof(char *) - 1))];
51	197	mbedtls_cipher_init(ctx_e);
52	197	mbedtls_cipher_init(ctx_d);
53	197	ctx_e->cipher_info = mbedtls_cipher_info_from_string(cipher_name);
54	197	ctx_d->cipher_info = ctx_e->cipher_info;
55
56	197	mbedtls_cipher_info_get_mode(ctx_e->cipher_info);
57	197	mbedtls_cipher_info_get_type(ctx_e->cipher_info);
58	197	mbedtls_cipher_info_get_name(ctx_e->cipher_info);
59	197	mbedtls_cipher_info_has_variable_key_bitlen(ctx_e->cipher_info);
60	197	mbedtls_cipher_info_has_variable_iv_size(ctx_e->cipher_info);
61	197	mbedtls_cipher_info_get_iv_size(ctx_e->cipher_info);
62	197	mbedtls_cipher_info_get_block_size(ctx_e->cipher_info);
63	197	mbedtls_cipher_get_cipher_mode(ctx_e);
64	197	mbedtls_cipher_get_iv_size(ctx_e);
65	197	mbedtls_cipher_get_type(ctx_e);
66	197	mbedtls_cipher_get_name(ctx_e);
67	197	mbedtls_cipher_get_key_bitlen(ctx_e);
68	197	mbedtls_cipher_get_operation(ctx_e);
69	197	mbedtls_cipher_info_get_key_bitlen(ctx_e->cipher_info);
70	197	mbedtls_error_add(0, 0, NULL, 0);
71
72	197	posix_memalign((void **)&ctx_e->cipher_ctx, 8, sizeof(mbedtls_aes_context));
73	197	posix_memalign((void **)&ctx_d->cipher_ctx, 8, sizeof(mbedtls_aes_context));
74
75	197	rc_e = mbedtls_cipher_setkey(ctx_e, key.data(), key.size() * 8, MBEDTLS_ENCRYPT);
76	197	rc_d = mbedtls_cipher_setkey(ctx_d, key.data(), key.size() * 8, MBEDTLS_DECRYPT);
77	197	if(rc_e == 0 && rc_d == 0) {
78
79	91	if(fuzzed_data.ConsumeBool()) {
80	46	rc_e = mbedtls_cipher_crypt(ctx_e, iv.data(), iv.size(),
81	46	input.data(), input.size(), output, &output_size);
82	46	} else {
83	45	rc_e = mbedtls_cipher_set_iv(ctx_e, iv.data(), iv.size());
84	45	rc_d = mbedtls_cipher_set_iv(ctx_d, iv.data(), iv.size());
85	45	if(rc_e == 0 && rc_d == 0) {
86	41	mbedtls_cipher_reset(ctx_e);
87	41	mbedtls_cipher_reset(ctx_d);
88
89	41	rc_e = mbedtls_cipher_update(ctx_e, input.data(), input.size(), output, &output_size);
90	41	if(rc_e == 0) {
91	29	rc_e = mbedtls_cipher_finish(ctx_e, NULL, &output_size2);
92	29	if(rc_e == 0) {
93
94	29	rc_d = mbedtls_cipher_update(ctx_d, output, output_size, decrypted, &decrypted_size);
95	29	if(rc_d == 0) {
96	29	rc_d = mbedtls_cipher_finish(ctx_d, NULL, &output_size2);
97		/* TODO: decryption doesn't work with no-aesni data path!
98		Note that with MASAN, aesni is always disabled */
99		#if 0
100		if(rc_d == 0) {
101		assert(input.size() == decrypted_size);
102		assert(memcmp(input.data(), decrypted, decrypted_size) == 0);
103		}
104		#endif
105	29	}
106	29	}
107	29	}
108	41	}
109	45	}
110	91	}
111
112	197	free(output);
113	197	free(decrypted);
114	197	free(ctx_e->cipher_ctx);
115	197	free(ctx_e);
116	197	free(ctx_d->cipher_ctx);
117	197	free(ctx_d);
118	197	return 0;
119	213	}

Coverage Report

Created: 2025-08-29 06:29