/src/cryptofuzz/mutator.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | #include <cstdint> |
2 | | #include <array> |
3 | | #include <fuzzing/datasource/datasource.hpp> |
4 | | #include <fuzzing/datasource/id.hpp> |
5 | | #include <cryptofuzz/operations.h> |
6 | | #include <cryptofuzz/repository.h> |
7 | | #include <cryptofuzz/options.h> |
8 | | #include <cryptofuzz/util.h> |
9 | | #include <boost/multiprecision/cpp_int.hpp> |
10 | | #include <boost/lexical_cast.hpp> |
11 | | #include <boost/random.hpp> |
12 | | #include <algorithm> |
13 | | #include <random> |
14 | | #include "config.h" |
15 | | #include "repository_tbl.h" |
16 | | #include "numbers.h" |
17 | | #include "mutatorpool.h" |
18 | | #include "_z3.h" |
19 | | #include "expmod.h" |
20 | | #include "third_party/json/json.hpp" |
21 | | |
22 | | extern "C" size_t LLVMFuzzerMutate(uint8_t* data, size_t size, size_t maxSize); |
23 | | |
24 | | uint32_t PRNG(void) |
25 | 21.5k | { |
26 | 21.5k | static uint32_t nSeed = 5323; |
27 | 21.5k | nSeed = (8253729 * nSeed + 2396403); |
28 | 21.5k | return nSeed % 32767; |
29 | 21.5k | } |
30 | | |
31 | | auto rng = std::default_random_engine {}; |
32 | | |
33 | | boost::multiprecision::cpp_int cpp_int_reciprocal( |
34 | | boost::multiprecision::cpp_int x, |
35 | 0 | boost::multiprecision::cpp_int m) { |
36 | 0 | if ( x == 0 || x >= m ) { |
37 | 0 | return x; |
38 | 0 | } |
39 | 0 | boost::multiprecision::cpp_int y = x; |
40 | 0 | x = m; |
41 | 0 | boost::multiprecision::cpp_int a = 0; |
42 | 0 | boost::multiprecision::cpp_int b = 1; |
43 | 0 | while ( y != 0 ) { |
44 | 0 | boost::multiprecision::cpp_int tmp; |
45 | |
|
46 | 0 | tmp = a; |
47 | 0 | a = b; |
48 | 0 | b = tmp - x / y * b; |
49 | |
|
50 | 0 | tmp = x; |
51 | 0 | x = y; |
52 | 0 | y = tmp % y; |
53 | 0 | } |
54 | |
|
55 | 0 | if ( x == 1 ) { |
56 | 0 | return a % m; |
57 | 0 | } |
58 | | |
59 | 0 | return 0; |
60 | 0 | } |
61 | | |
62 | 0 | static size_t cpp_int_num_bits(const boost::multiprecision::cpp_int& m) { |
63 | 0 | boost::multiprecision::cpp_int m_copy = m; |
64 | |
|
65 | 0 | size_t num_bits = 0; |
66 | 0 | while ( m_copy ) { |
67 | 0 | m_copy >>= 1; |
68 | 0 | num_bits++; |
69 | 0 | } |
70 | 0 | num_bits = (num_bits / 8 + 1) * 8; |
71 | |
|
72 | 0 | return num_bits; |
73 | 0 | } |
74 | | |
75 | 0 | static std::string to_mont(const std::string& y_, const std::string& mod_) { |
76 | 0 | if ( y_ == "" || (y_.size() && (y_[0] == '0' || y_[0] == '-')) ) { |
77 | 0 | return y_; |
78 | 0 | } |
79 | 0 | if ( mod_ == "" || (mod_.size() && (mod_[0] == '0' || mod_[0] == '-')) ) { |
80 | 0 | return y_; |
81 | 0 | } |
82 | 0 | const boost::multiprecision::cpp_int mod(mod_); |
83 | 0 | const boost::multiprecision::cpp_int y(y_); |
84 | 0 | const boost::multiprecision::cpp_int res = (y << cpp_int_num_bits(mod)) % mod; |
85 | 0 | return res.str(); |
86 | 0 | } |
87 | | |
88 | 0 | static std::string from_mont(const std::string& y_, const std::string& mod_) { |
89 | 0 | if ( y_ == "" || (y_.size() && (y_[0] == '0' || y_[0] == '-')) ) { |
90 | 0 | return y_; |
91 | 0 | } |
92 | 0 | if ( mod_ == "" || (mod_.size() && (mod_[0] == '0' || mod_[0] == '-')) ) { |
93 | 0 | return y_; |
94 | 0 | } |
95 | 0 | const boost::multiprecision::cpp_int mod(mod_); |
96 | 0 | const auto num_bits = cpp_int_num_bits(mod); |
97 | 0 | boost::multiprecision::cpp_int reducer = 1; |
98 | 0 | reducer <<= num_bits; |
99 | 0 | const auto multiplier = cpp_int_reciprocal(reducer % mod, mod); |
100 | 0 | const boost::multiprecision::cpp_int y(y_); |
101 | 0 | const boost::multiprecision::cpp_int res = (y * multiplier) % mod; |
102 | 0 | return res.str(); |
103 | 0 | } |
104 | | |
105 | 0 | static std::string mutateBinary(const std::string s) { |
106 | 0 | if ( s.size() && s[0] == '0' ) { |
107 | 0 | return s; |
108 | 0 | } |
109 | 0 | if ( s.size() && s[0] == '-' ) { |
110 | 0 | return s; |
111 | 0 | } |
112 | | |
113 | 0 | const auto i = boost::multiprecision::cpp_int(s); |
114 | |
|
115 | 0 | std::vector<uint8_t> bytes; |
116 | 0 | export_bits(i, std::back_inserter(bytes), 8); |
117 | 0 | auto newsize = LLVMFuzzerMutate(bytes.data(), bytes.size(), bytes.size()); |
118 | | |
119 | | /* Memory sanitizer doesn't like that LLVMFuzzerMutate is called. |
120 | | * If MSAN is enabled, manually unpoison the region returned by |
121 | | * LLVMFuzzerMutate. |
122 | | */ |
123 | 0 | cryptofuzz::util::MemorySanitizerUnpoison(bytes.data(), newsize); |
124 | |
|
125 | 0 | bytes.resize(newsize); |
126 | 0 | if ( newsize ) { |
127 | 0 | newsize = PRNG() % (newsize+1); |
128 | 0 | if ( newsize ) { |
129 | 0 | bytes.resize(newsize); |
130 | 0 | } |
131 | 0 | } |
132 | 0 | boost::multiprecision::cpp_int j; |
133 | 0 | import_bits(j, bytes.begin(), bytes.end()); |
134 | |
|
135 | 0 | return j.str(); |
136 | 0 | } |
137 | | |
138 | 0 | std::optional<std::string> get_op_mod(const uint64_t& operation) { |
139 | 0 | switch ( operation ) { |
140 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp64"): |
141 | 0 | return "18446744073709551616"; |
142 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp128"): |
143 | 0 | return "340282366920938463463374607431768211456"; |
144 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp256"): |
145 | 0 | return "115792089237316195423570985008687907853269984665640564039457584007913129639936"; |
146 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp512"): |
147 | 0 | return "13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084096"; |
148 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_P"): |
149 | 0 | return "4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"; |
150 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_R"): |
151 | 0 | return "52435875175126190479447740508185965837690552500527637822603658699938581184513"; |
152 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_P"): |
153 | 0 | return "21888242871839275222246405745257275088696311157297823662689037894645226208583"; |
154 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_R"): |
155 | 0 | return "21888242871839275222246405745257275088548364400416034343698204186575808495617"; |
156 | 0 | case CF_OPERATION("BignumCalc_Mod_Vesta_P"): |
157 | 0 | return "28948022309329048855892746252171976963363056481941647379679742748393362948097"; |
158 | 0 | case CF_OPERATION("BignumCalc_Mod_Vesta_R"): |
159 | 0 | return "28948022309329048855892746252171976963363056481941560715954676764349967630337"; |
160 | 0 | case CF_OPERATION("BignumCalc_Mod_ED25519"): |
161 | 0 | return "57896044618658097711785492504343953926634992332820282019728792003956564819949"; |
162 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_P"): |
163 | 0 | return "6210044120409721004947206240885978274523751269793792001"; |
164 | 0 | case CF_OPERATION("BignumCalc_Mod_Goldilocks"): |
165 | 0 | return "18446744069414584321"; |
166 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_R"): |
167 | 0 | return "1552511030102430251236801561344621993261920897571225601"; |
168 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1"): |
169 | 0 | return "115792089237316195423570985008687907852837564279074904382605163141518161494337"; |
170 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1_P"): |
171 | 0 | return "115792089237316195423570985008687907853269984665640564039457584007908834671663"; |
172 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_377_P"): |
173 | 0 | return "258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177"; |
174 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_377_R"): |
175 | 0 | return "8444461749428370424248824938781546531375899335154063827935233455917409239041"; |
176 | | /* TODO the rest */ |
177 | 0 | default: |
178 | 0 | return std::nullopt; |
179 | 0 | } |
180 | 0 | } |
181 | | |
182 | 0 | static uint64_t PRNG64(void) { |
183 | 0 | return (((uint64_t)PRNG()) << 32) + PRNG(); |
184 | 0 | } |
185 | | |
186 | 0 | static std::vector<size_t> SplitLength(size_t left, const size_t numParts) { |
187 | 0 | std::vector<size_t> lengths; |
188 | 0 | for (size_t i = 0; i < numParts; i++) { |
189 | 0 | const auto cur = PRNG() % (left+1); |
190 | 0 | lengths.push_back(cur); |
191 | 0 | left -= cur; |
192 | 0 | } |
193 | |
|
194 | 0 | std::vector<size_t> lengths_randomized; |
195 | 0 | for (size_t i = 0; i < numParts; i++) { |
196 | 0 | const auto cur = lengths.begin() + PRNG() % (lengths.size()); |
197 | 0 | lengths_randomized.push_back(*cur); |
198 | 0 | lengths.erase(cur); |
199 | 0 | } |
200 | |
|
201 | 0 | return lengths_randomized; |
202 | 0 | } |
203 | | |
204 | 0 | bool getBool(void) { |
205 | 0 | return PRNG() % 2 == 0; |
206 | 0 | } |
207 | | |
208 | 0 | static size_t getDefaultSize(void) { |
209 | 0 | static const std::array defaultSizes = {0, 1, 2, 4, 8, 12, 16, 24, 32, 64}; |
210 | |
|
211 | 0 | return defaultSizes[PRNG() % defaultSizes.size()]; |
212 | 0 | } |
213 | | |
214 | 0 | static std::string getBuffer(size_t size, const bool alternativeSize = false) { |
215 | 0 | static const std::array<std::string, 256> hex = { |
216 | 0 | "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", |
217 | 0 | "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "1a", "1b", "1c", "1d", "1e", "1f", |
218 | 0 | "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "2a", "2b", "2c", "2d", "2e", "2f", |
219 | 0 | "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "3a", "3b", "3c", "3d", "3e", "3f", |
220 | 0 | "40", "41", "42", "43", "44", "45", "46", "47", "48", "49", "4a", "4b", "4c", "4d", "4e", "4f", |
221 | 0 | "50", "51", "52", "53", "54", "55", "56", "57", "58", "59", "5a", "5b", "5c", "5d", "5e", "5f", |
222 | 0 | "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "6a", "6b", "6c", "6d", "6e", "6f", |
223 | 0 | "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "7a", "7b", "7c", "7d", "7e", "7f", |
224 | 0 | "80", "81", "82", "83", "84", "85", "86", "87", "88", "89", "8a", "8b", "8c", "8d", "8e", "8f", |
225 | 0 | "90", "91", "92", "93", "94", "95", "96", "97", "98", "99", "9a", "9b", "9c", "9d", "9e", "9f", |
226 | 0 | "a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "aa", "ab", "ac", "ad", "ae", "af", |
227 | 0 | "b0", "b1", "b2", "b3", "b4", "b5", "b6", "b7", "b8", "b9", "ba", "bb", "bc", "bd", "be", "bf", |
228 | 0 | "c0", "c1", "c2", "c3", "c4", "c5", "c6", "c7", "c8", "c9", "ca", "cb", "cc", "cd", "ce", "cf", |
229 | 0 | "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "da", "db", "dc", "dd", "de", "df", |
230 | 0 | "e0", "e1", "e2", "e3", "e4", "e5", "e6", "e7", "e8", "e9", "ea", "eb", "ec", "ed", "ee", "ef", |
231 | 0 | "f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7", "f8", "f9", "fa", "fb", "fc", "fd", "fe", "ff"}; |
232 | |
|
233 | 0 | if ( alternativeSize == true ) { |
234 | 0 | if ( getBool() ) { |
235 | 0 | const auto newSize = getDefaultSize(); |
236 | 0 | if ( newSize < size ) { |
237 | 0 | size = newSize; |
238 | 0 | } |
239 | 0 | } |
240 | 0 | } |
241 | |
|
242 | 0 | std::string ret; |
243 | |
|
244 | 0 | for (size_t i = 0; i < size; i++) { |
245 | 0 | ret += hex[PRNG() % 256]; |
246 | 0 | } |
247 | |
|
248 | 0 | return ret; |
249 | 0 | } |
250 | | |
251 | 0 | static std::vector<uint8_t> getBufferBin(const size_t size) { |
252 | 0 | std::vector<uint8_t> ret(size); |
253 | |
|
254 | 0 | for (size_t i = 0; i < size; i++) { |
255 | 0 | ret[i] = PRNG(); |
256 | 0 | } |
257 | |
|
258 | 0 | return ret; |
259 | 0 | } |
260 | | |
261 | 0 | std::string getBignum(bool mustBePositive = false) { |
262 | 0 | std::string ret; |
263 | |
|
264 | 0 | if ( (PRNG() % 10) == 0 ) { |
265 | 0 | constexpr long sizeMax = cryptofuzz::config::kMaxBignumSize; |
266 | 0 | constexpr long sizeTop = sizeMax * 0.5; |
267 | 0 | constexpr long sizeBottom = sizeMax - sizeTop; |
268 | |
|
269 | 0 | static_assert(sizeBottom > 0); |
270 | 0 | static_assert(sizeBottom + sizeTop <= sizeMax); |
271 | |
|
272 | 0 | const size_t size = (PRNG() % sizeTop) + sizeBottom; |
273 | |
|
274 | 0 | for (size_t i = 0; i < size; i++) { |
275 | 0 | char c = '0' + (PRNG() % 10); |
276 | 0 | if ( i == 0 && c == '0' ) { |
277 | | /* Cannot have leading zeroes */ |
278 | 0 | c = '1'; |
279 | 0 | } |
280 | 0 | ret += c; |
281 | 0 | } |
282 | 0 | } else { |
283 | 0 | if ( getBool() ) { |
284 | 0 | ret = Pool_Bignum.Get(); |
285 | 0 | } else { |
286 | 0 | ret = cryptofuzz::numbers.at(PRNG() % cryptofuzz::numbers.size()); |
287 | 0 | } |
288 | 0 | } |
289 | |
|
290 | 0 | const bool isNegative = !ret.empty() && ret[0] == '-'; |
291 | 0 | if ( cryptofuzz::config::kNegativeIntegers == false ) { |
292 | 0 | mustBePositive = true; |
293 | 0 | } |
294 | |
|
295 | 0 | if ( isNegative && mustBePositive ) { |
296 | 0 | ret = std::string(ret.data() + 1, ret.size() - 1); |
297 | 0 | } |
298 | |
|
299 | 0 | if ( !mustBePositive && !isNegative && getBool() ) { |
300 | 0 | ret = "-" + ret; |
301 | 0 | } |
302 | |
|
303 | 0 | return ret; |
304 | 0 | } |
305 | | |
306 | 0 | std::string getPrime(void) { |
307 | 0 | return Pool_Bignum_Primes.Get(); |
308 | 0 | } |
309 | | |
310 | 0 | uint64_t hint_ecc_mont(const uint64_t& curveType) { |
311 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(curveType); |
312 | |
|
313 | 0 | if ( order != std::nullopt ) { |
314 | 0 | const auto v = from_mont(mutateBinary(getBignum()), *order); |
315 | |
|
316 | 0 | Pool_Bignum.Set(v); |
317 | 0 | } |
318 | |
|
319 | 0 | return curveType; |
320 | 0 | } |
321 | | |
322 | | #if 0 |
323 | | std::string to_mont(const std::string& y_) { |
324 | | static const boost::multiprecision::cpp_int mod("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"); |
325 | | const boost::multiprecision::cpp_int y(y_); |
326 | | const boost::multiprecision::cpp_int res = (y << 384) % mod; |
327 | | return res.str(); |
328 | | } |
329 | | std::string from_mont(const std::string& y_) { |
330 | | static const boost::multiprecision::cpp_int multiplier("3231460744492646417066832100176244795738767926513225105051837195607029917124509527734802654356338138714468589979680"); |
331 | | static const boost::multiprecision::cpp_int mod("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"); |
332 | | const boost::multiprecision::cpp_int y(y_); |
333 | | const boost::multiprecision::cpp_int res = (y * multiplier) % mod; |
334 | | return res.str(); |
335 | | } |
336 | | #endif |
337 | | |
338 | | extern cryptofuzz::Options* cryptofuzz_options; |
339 | | |
340 | 0 | static uint64_t getRandomCipher(void) { |
341 | 0 | if ( !cryptofuzz_options->ciphers.Empty() ) { |
342 | 0 | return cryptofuzz_options->ciphers.At(PRNG()); |
343 | 0 | } else { |
344 | 0 | return CipherLUT[ PRNG() % (sizeof(CipherLUT) / sizeof(CipherLUT[0])) ].id; |
345 | 0 | } |
346 | 0 | } |
347 | | |
348 | 0 | static uint64_t getRandomDigest(void) { |
349 | 0 | if ( !cryptofuzz_options->digests.Empty() ) { |
350 | 0 | return cryptofuzz_options->digests.At(PRNG()); |
351 | 0 | } else { |
352 | 0 | return DigestLUT[ PRNG() % (sizeof(DigestLUT) / sizeof(DigestLUT[0])) ].id; |
353 | 0 | } |
354 | 0 | } |
355 | | |
356 | 0 | static uint64_t getRandomCurve(void) { |
357 | 0 | if ( !cryptofuzz_options->curves.Empty() ) { |
358 | 0 | return cryptofuzz_options->curves.At(PRNG()); |
359 | 0 | } else { |
360 | 0 | return ECC_CurveLUT[ PRNG() % (sizeof(ECC_CurveLUT) / sizeof(ECC_CurveLUT[0])) ].id; |
361 | 0 | } |
362 | 0 | } |
363 | | |
364 | 0 | static uint64_t getRandomCalcOp(void) { |
365 | 0 | if ( !cryptofuzz_options->calcOps.Empty() ) { |
366 | 0 | return cryptofuzz_options->calcOps.At(PRNG()); |
367 | 0 | } else { |
368 | 0 | return CalcOpLUT[ PRNG() % (sizeof(CalcOpLUT) / sizeof(CalcOpLUT[0])) ].id; |
369 | 0 | } |
370 | 0 | } |
371 | | |
372 | 0 | static std::string get_BLS_PyECC_DST(void) { |
373 | 0 | return "424c535f5349475f424c53313233383147325f584d443a5348412d3235365f535357555f524f5f504f505f"; |
374 | 0 | } |
375 | | |
376 | 0 | static std::string get_BLS_BasicScheme_DST(void) { |
377 | 0 | return "424c535f5349475f424c53313233383147325f584d443a5348412d3235365f535357555f524f5f4e554c5f"; |
378 | 0 | } |
379 | | |
380 | 0 | static std::string get_BLS_predefined_DST(void) { |
381 | 0 | return getBool() ? get_BLS_PyECC_DST() : get_BLS_BasicScheme_DST(); |
382 | 0 | } |
383 | | |
384 | 0 | static void generateECCPoint(void) { |
385 | 0 | if ( (PRNG() % 100) != 0 ) { |
386 | 0 | return; |
387 | 0 | } |
388 | | |
389 | 0 | const auto curveID = getRandomCurve(); |
390 | |
|
391 | 0 | const auto a = cryptofuzz::repository::ECC_CurveToA(curveID); |
392 | 0 | if ( a == std::nullopt ) { |
393 | 0 | return; |
394 | 0 | } |
395 | | |
396 | 0 | const auto b = cryptofuzz::repository::ECC_CurveToB(curveID); |
397 | 0 | if ( b == std::nullopt ) { |
398 | 0 | return; |
399 | 0 | } |
400 | | |
401 | 0 | const auto p = cryptofuzz::repository::ECC_CurveToPrime(curveID); |
402 | 0 | if ( p == std::nullopt ) { |
403 | 0 | return; |
404 | 0 | } |
405 | | |
406 | 0 | const auto o = cryptofuzz::repository::ECC_CurveToPrime(curveID); |
407 | 0 | if ( o == std::nullopt ) { |
408 | 0 | return; |
409 | 0 | } |
410 | | |
411 | 0 | const auto x = getBignum(true); |
412 | |
|
413 | 0 | const auto y = cryptofuzz::util::Find_ECC_Y(x, *a, *b, *p, *o, getBool()); |
414 | |
|
415 | 0 | if ( curveID == CF_ECC_CURVE("BLS12_381") || |
416 | 0 | curveID == CF_ECC_CURVE("alt_bn128") ) { |
417 | 0 | Pool_CurveBLSG1.Set({ curveID, x, y }); |
418 | 0 | } else { |
419 | 0 | Pool_CurveECC_Point.Set({ curveID, x, y }); |
420 | 0 | } |
421 | 0 | } |
422 | | |
423 | 0 | extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, size_t maxSize, unsigned int seed) { |
424 | 0 | (void)seed; |
425 | 0 | std::vector<uint8_t> modifier; |
426 | 0 | bool reuseModifier; |
427 | |
|
428 | 0 | if ( maxSize < 64 || getBool() ) { |
429 | 0 | goto end; |
430 | 0 | } |
431 | | |
432 | 0 | reuseModifier = getBool(); |
433 | |
|
434 | 0 | if ( reuseModifier == true ) { |
435 | 0 | cryptofuzz::util::MemorySanitizerUnpoison(data, size); |
436 | | |
437 | | /* Try to extract modifier from input */ |
438 | 0 | try { |
439 | 0 | fuzzing::datasource::Datasource ds(data, size); |
440 | 0 | /* ignore result */ ds.Get<uint64_t>(); |
441 | 0 | /* ignore result */ ds.GetData(0, 1); |
442 | 0 | modifier = ds.GetData(0); |
443 | 0 | } catch ( fuzzing::datasource::Datasource::OutOfData& ) { } |
444 | 0 | } |
445 | |
|
446 | 0 | { |
447 | 0 | uint64_t operation; |
448 | |
|
449 | 0 | if ( !cryptofuzz_options->operations.Empty() ) { |
450 | 0 | operation = cryptofuzz_options->operations.At(PRNG()); |
451 | 0 | } else { |
452 | 0 | operation = OperationLUT[ PRNG() % (sizeof(OperationLUT) / sizeof(OperationLUT[0])) ].id; |
453 | 0 | } |
454 | |
|
455 | 0 | fuzzing::datasource::Datasource dsOut2(nullptr, 0); |
456 | |
|
457 | 0 | nlohmann::json parameters; |
458 | |
|
459 | 0 | #define GET_OR_BIGNUM(x) getBool() ? (x) : getBignum(); |
460 | 0 | switch ( operation ) { |
461 | 0 | case CF_OPERATION("Digest"): |
462 | 0 | { |
463 | 0 | parameters["modifier"] = ""; |
464 | 0 | parameters["cleartext"] = getBuffer(PRNG64() % maxSize); |
465 | 0 | parameters["digestType"] = getRandomDigest(); |
466 | |
|
467 | 0 | cryptofuzz::operation::Digest op(parameters); |
468 | 0 | op.Serialize(dsOut2); |
469 | 0 | } |
470 | 0 | break; |
471 | 0 | case CF_OPERATION("HMAC"): |
472 | 0 | { |
473 | 0 | size_t numParts = 0; |
474 | |
|
475 | 0 | numParts++; /* modifier */ |
476 | 0 | numParts++; /* cleartext */ |
477 | 0 | numParts++; /* iv */ |
478 | 0 | numParts++; /* key */ |
479 | |
|
480 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
481 | |
|
482 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
483 | 0 | parameters["cleartext"] = getBuffer(lengths[1]); |
484 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
485 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
486 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
487 | 0 | parameters["digestType"] = getRandomDigest(); |
488 | |
|
489 | 0 | cryptofuzz::operation::HMAC op(parameters); |
490 | 0 | op.Serialize(dsOut2); |
491 | 0 | } |
492 | 0 | break; |
493 | 0 | case CF_OPERATION("UMAC"): |
494 | 0 | { |
495 | 0 | parameters["modifier"] = ""; |
496 | 0 | parameters["cleartext"] = getBuffer(PRNG64() % maxSize); |
497 | 0 | parameters["key"] = getBuffer(16); |
498 | 0 | parameters["iv"] = getBuffer(PRNG() % 17); |
499 | 0 | parameters["type"] = PRNG() % 4; |
500 | 0 | parameters["outSize"] = PRNG() % 1024; |
501 | |
|
502 | 0 | cryptofuzz::operation::UMAC op(parameters); |
503 | 0 | op.Serialize(dsOut2); |
504 | 0 | } |
505 | 0 | break; |
506 | 0 | case CF_OPERATION("CMAC"): |
507 | 0 | { |
508 | 0 | size_t numParts = 0; |
509 | |
|
510 | 0 | numParts++; /* modifier */ |
511 | 0 | numParts++; /* cleartext */ |
512 | 0 | numParts++; /* iv */ |
513 | 0 | numParts++; /* key */ |
514 | |
|
515 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
516 | |
|
517 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
518 | 0 | parameters["cleartext"] = getBuffer(lengths[1]); |
519 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
520 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
521 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
522 | |
|
523 | 0 | cryptofuzz::operation::CMAC op(parameters); |
524 | 0 | op.Serialize(dsOut2); |
525 | 0 | } |
526 | 0 | break; |
527 | 0 | case CF_OPERATION("SymmetricEncrypt"): |
528 | 0 | { |
529 | 0 | const bool aad_enabled = PRNG() % 2; |
530 | 0 | const bool tagSize_enabled = PRNG() % 2; |
531 | 0 | size_t numParts = 0; |
532 | |
|
533 | 0 | numParts++; /* modifier */ |
534 | 0 | numParts++; /* cleartext */ |
535 | 0 | numParts++; /* iv */ |
536 | 0 | numParts++; /* key */ |
537 | |
|
538 | 0 | if ( aad_enabled ) { |
539 | 0 | numParts++; /* aad */ |
540 | 0 | } |
541 | |
|
542 | 0 | auto lengths = SplitLength(maxSize - 64, numParts); |
543 | |
|
544 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
545 | 0 | if ( getBool() ) { |
546 | 0 | if ( 16 < lengths[1] ) { |
547 | 0 | lengths[1] = 16; |
548 | 0 | } |
549 | 0 | } |
550 | 0 | parameters["cleartext"] = getBuffer(lengths[1]); |
551 | |
|
552 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
553 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
554 | |
|
555 | 0 | if ( aad_enabled ) { |
556 | 0 | parameters["aad_enabled"] = true; |
557 | 0 | if ( getBool() ) { |
558 | 0 | lengths[4] = 0; |
559 | 0 | } |
560 | 0 | parameters["aad"] = getBuffer(lengths[4]); |
561 | 0 | } else { |
562 | 0 | parameters["aad_enabled"] = false; |
563 | 0 | } |
564 | |
|
565 | 0 | if ( tagSize_enabled ) { |
566 | 0 | parameters["tagSize_enabled"] = true; |
567 | 0 | if ( getBool() ) { |
568 | 0 | parameters["tagSize"] = getDefaultSize(); |
569 | 0 | } else { |
570 | 0 | parameters["tagSize"] = PRNG() % 102400; |
571 | 0 | } |
572 | 0 | } else { |
573 | 0 | parameters["tagSize_enabled"] = false; |
574 | 0 | } |
575 | |
|
576 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
577 | 0 | parameters["ciphertextSize"] = PRNG() % (lengths[1] + 9); |
578 | |
|
579 | 0 | cryptofuzz::operation::SymmetricEncrypt op(parameters); |
580 | 0 | op.Serialize(dsOut2); |
581 | 0 | } |
582 | 0 | break; |
583 | 0 | case CF_OPERATION("SymmetricDecrypt"): |
584 | 0 | { |
585 | 0 | const bool aad_enabled = PRNG() % 2; |
586 | 0 | const bool tag_enabled = PRNG() % 2; |
587 | 0 | size_t numParts = 0; |
588 | |
|
589 | 0 | numParts++; /* modifier */ |
590 | 0 | numParts++; /* cleartext */ |
591 | 0 | numParts++; /* iv */ |
592 | 0 | numParts++; /* key */ |
593 | |
|
594 | 0 | if ( aad_enabled ) { |
595 | 0 | numParts++; /* aad */ |
596 | 0 | } |
597 | 0 | if ( tag_enabled ) { |
598 | 0 | numParts++; /* tag */ |
599 | 0 | } |
600 | |
|
601 | 0 | auto lengths = SplitLength(maxSize - 64, numParts); |
602 | |
|
603 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
604 | 0 | if ( getBool() ) { |
605 | 0 | if ( 16 < lengths[1] ) { |
606 | 0 | lengths[1] = 16; |
607 | 0 | } |
608 | 0 | } |
609 | 0 | parameters["ciphertext"] = getBuffer(lengths[1]); |
610 | |
|
611 | 0 | parameters["cipher"]["iv"] = getBuffer(lengths[2], true); |
612 | 0 | parameters["cipher"]["key"] = getBuffer(lengths[3], true); |
613 | |
|
614 | 0 | if ( aad_enabled ) { |
615 | 0 | parameters["aad_enabled"] = true; |
616 | 0 | if ( getBool() ) { |
617 | 0 | lengths[4] = 0; |
618 | 0 | } |
619 | 0 | parameters["aad"] = getBuffer(lengths[4]); |
620 | 0 | } else { |
621 | 0 | parameters["aad_enabled"] = false; |
622 | 0 | } |
623 | |
|
624 | 0 | if ( tag_enabled ) { |
625 | 0 | parameters["tag_enabled"] = true; |
626 | 0 | parameters["tag"] = getBuffer(lengths[aad_enabled ? 5 : 4], true); |
627 | 0 | } else { |
628 | 0 | parameters["tag_enabled"] = false; |
629 | 0 | } |
630 | |
|
631 | 0 | parameters["cipher"]["cipherType"] = getRandomCipher(); |
632 | 0 | parameters["cleartextSize"] = PRNG() % (lengths[1] + 9); |
633 | |
|
634 | 0 | cryptofuzz::operation::SymmetricDecrypt op(parameters); |
635 | 0 | op.Serialize(dsOut2); |
636 | 0 | } |
637 | 0 | break; |
638 | 0 | case CF_OPERATION("BignumCalc"): |
639 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_R"): |
640 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_381_P"): |
641 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_R"): |
642 | 0 | case CF_OPERATION("BignumCalc_Mod_BN128_P"): |
643 | 0 | case CF_OPERATION("BignumCalc_Mod_Vesta_R"): |
644 | 0 | case CF_OPERATION("BignumCalc_Mod_Vesta_P"): |
645 | 0 | case CF_OPERATION("BignumCalc_Mod_ED25519"): |
646 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_R"): |
647 | 0 | case CF_OPERATION("BignumCalc_Mod_Edwards_P"): |
648 | 0 | case CF_OPERATION("BignumCalc_Mod_Goldilocks"): |
649 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT4_R"): |
650 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT4_P"): |
651 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT6_R"): |
652 | 0 | case CF_OPERATION("BignumCalc_Mod_MNT6_P"): |
653 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp64"): |
654 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp128"): |
655 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp256"): |
656 | 0 | case CF_OPERATION("BignumCalc_Mod_2Exp512"): |
657 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1"): |
658 | 0 | case CF_OPERATION("BignumCalc_Mod_SECP256K1_P"): |
659 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_377_R"): |
660 | 0 | case CF_OPERATION("BignumCalc_Mod_BLS12_377_P"): |
661 | 0 | { |
662 | 0 | parameters["modifier"] = ""; |
663 | |
|
664 | 0 | const auto calcop = getRandomCalcOp(); |
665 | 0 | parameters["calcOp"] = calcop; |
666 | |
|
667 | 0 | auto bn1 = getBignum(); |
668 | 0 | const auto bn2 = getBignum(); |
669 | 0 | const auto bn3 = getBignum(); |
670 | |
|
671 | 0 | if ( calcop == CF_CALCOP("InvMod(A,B)") || calcop == CF_CALCOP("ExpMod(A,B,C)") ) { |
672 | 0 | std::optional<std::string> mod = get_op_mod(operation); |
673 | |
|
674 | 0 | if ( mod == std::nullopt ) { |
675 | 0 | if ( calcop == CF_CALCOP("InvMod(A,B)") ) { |
676 | 0 | mod = bn2; |
677 | 0 | } else if ( CF_CALCOP("ExpMod(A,B,C)") ) { |
678 | 0 | mod = bn3; |
679 | 0 | } else { |
680 | 0 | abort(); |
681 | 0 | } |
682 | 0 | } |
683 | | |
684 | 0 | const auto mont = from_mont(mutateBinary(getBignum()), *mod); |
685 | 0 | Pool_Bignum.Set(mont); |
686 | |
|
687 | 0 | if ( getBool() ) { |
688 | 0 | bn1 = mont; |
689 | 0 | } |
690 | 0 | } |
691 | | |
692 | 0 | parameters["bn1"] = bn1; |
693 | 0 | parameters["bn2"] = bn2; |
694 | 0 | parameters["bn3"] = bn3; |
695 | 0 | parameters["bn4"] = ""; |
696 | |
|
697 | 0 | if ( calcop == CF_CALCOP("ExpMod(A,B,C)") && operation == CF_OPERATION("BignumCalc") ) { |
698 | 0 | if ( PRNG() % 100 == 0 ) { |
699 | 0 | const auto p = cryptofuzz::mutator::ExpModGenerator::generate_exp_mod(getBignum(true)); |
700 | |
|
701 | 0 | if ( p != std::nullopt ) { |
702 | 0 | parameters = *p; |
703 | 0 | } |
704 | 0 | } |
705 | 0 | } |
706 | | #if defined(CRYPTOFUZZ_HAVE_Z3) |
707 | | else if ( (PRNG() % 1000) == 0 ) { |
708 | | const auto p = cryptofuzz::Z3::Generate(calcop); |
709 | | if ( p != std::nullopt ) { |
710 | | parameters = *p; |
711 | | } |
712 | | } |
713 | | #endif |
714 | 0 | cryptofuzz::operation::BignumCalc op(parameters); |
715 | 0 | op.Serialize(dsOut2); |
716 | 0 | } |
717 | 0 | break; |
718 | 0 | case CF_OPERATION("BignumCalc_Fp2"): |
719 | 0 | { |
720 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
721 | 0 | parameters["calcOp"] = getRandomCalcOp(); |
722 | 0 | parameters["bn1"][0] = getBignum(); |
723 | 0 | parameters["bn1"][1] = getBignum(); |
724 | 0 | parameters["bn2"][0] = getBignum(); |
725 | 0 | parameters["bn2"][1] = getBignum(); |
726 | 0 | parameters["bn3"][0] = ""; |
727 | 0 | parameters["bn3"][1] = ""; |
728 | 0 | parameters["bn4"][0] = ""; |
729 | 0 | parameters["bn4"][1] = ""; |
730 | |
|
731 | 0 | cryptofuzz::operation::BignumCalc_Fp2 op(parameters); |
732 | 0 | op.Serialize(dsOut2); |
733 | 0 | } |
734 | 0 | break; |
735 | | |
736 | 0 | case CF_OPERATION("BignumCalc_Fp12"): |
737 | 0 | { |
738 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
739 | 0 | parameters["calcOp"] = getRandomCalcOp(); |
740 | |
|
741 | 0 | if ( Pool_Fp12.Have() && getBool() == true ) { |
742 | 0 | const auto Fp12 = Pool_Fp12.Get(); |
743 | | #if 0 |
744 | | parameters["bn1"][0] = GET_OR_BIGNUM(Fp12.bn1); |
745 | | parameters["bn1"][1] = GET_OR_BIGNUM(Fp12.bn2); |
746 | | parameters["bn1"][2] = GET_OR_BIGNUM(Fp12.bn3); |
747 | | parameters["bn1"][3] = GET_OR_BIGNUM(Fp12.bn4); |
748 | | parameters["bn1"][4] = GET_OR_BIGNUM(Fp12.bn5); |
749 | | parameters["bn1"][5] = GET_OR_BIGNUM(Fp12.bn6); |
750 | | parameters["bn1"][6] = GET_OR_BIGNUM(Fp12.bn7); |
751 | | parameters["bn1"][7] = GET_OR_BIGNUM(Fp12.bn8); |
752 | | parameters["bn1"][8] = GET_OR_BIGNUM(Fp12.bn9); |
753 | | parameters["bn1"][9] = GET_OR_BIGNUM(Fp12.bn10); |
754 | | parameters["bn1"][10] = GET_OR_BIGNUM(Fp12.bn11); |
755 | | parameters["bn1"][11] = GET_OR_BIGNUM(Fp12.bn12); |
756 | | #endif |
757 | 0 | parameters["bn1"][0] = Fp12.bn1; |
758 | 0 | parameters["bn1"][1] = Fp12.bn2; |
759 | 0 | parameters["bn1"][2] = Fp12.bn3; |
760 | 0 | parameters["bn1"][3] = Fp12.bn4; |
761 | 0 | parameters["bn1"][4] = Fp12.bn5; |
762 | 0 | parameters["bn1"][5] = Fp12.bn6; |
763 | 0 | parameters["bn1"][6] = Fp12.bn7; |
764 | 0 | parameters["bn1"][7] = Fp12.bn8; |
765 | 0 | parameters["bn1"][8] = Fp12.bn9; |
766 | 0 | parameters["bn1"][9] = Fp12.bn10; |
767 | 0 | parameters["bn1"][10] = Fp12.bn11; |
768 | 0 | parameters["bn1"][11] = Fp12.bn12; |
769 | 0 | } else { |
770 | 0 | parameters["bn1"][0] = getBignum(); |
771 | 0 | parameters["bn1"][1] = getBignum(); |
772 | 0 | parameters["bn1"][2] = getBignum(); |
773 | 0 | parameters["bn1"][3] = getBignum(); |
774 | 0 | parameters["bn1"][4] = getBignum(); |
775 | 0 | parameters["bn1"][5] = getBignum(); |
776 | 0 | parameters["bn1"][6] = getBignum(); |
777 | 0 | parameters["bn1"][7] = getBignum(); |
778 | 0 | parameters["bn1"][8] = getBignum(); |
779 | 0 | parameters["bn1"][9] = getBignum(); |
780 | 0 | parameters["bn1"][10] = getBignum(); |
781 | 0 | parameters["bn1"][11] = getBignum(); |
782 | |
|
783 | 0 | parameters["bn2"][0] = getBignum(); |
784 | 0 | parameters["bn2"][1] = getBignum(); |
785 | 0 | parameters["bn2"][2] = getBignum(); |
786 | 0 | parameters["bn2"][3] = getBignum(); |
787 | 0 | parameters["bn2"][4] = getBignum(); |
788 | 0 | parameters["bn2"][5] = getBignum(); |
789 | 0 | parameters["bn2"][6] = getBignum(); |
790 | 0 | parameters["bn2"][7] = getBignum(); |
791 | 0 | parameters["bn2"][8] = getBignum(); |
792 | 0 | parameters["bn2"][9] = getBignum(); |
793 | 0 | parameters["bn2"][10] = getBignum(); |
794 | 0 | parameters["bn2"][11] = getBignum(); |
795 | 0 | } |
796 | |
|
797 | 0 | if ( Pool_Fp12.Have() && getBool() == true ) { |
798 | 0 | const auto Fp12 = Pool_Fp12.Get(); |
799 | | #if 0 |
800 | | parameters["bn2"][0] = GET_OR_BIGNUM(Fp12.bn1); |
801 | | parameters["bn2"][1] = GET_OR_BIGNUM(Fp12.bn2); |
802 | | parameters["bn2"][2] = GET_OR_BIGNUM(Fp12.bn3); |
803 | | parameters["bn2"][3] = GET_OR_BIGNUM(Fp12.bn4); |
804 | | parameters["bn2"][4] = GET_OR_BIGNUM(Fp12.bn5); |
805 | | parameters["bn2"][5] = GET_OR_BIGNUM(Fp12.bn6); |
806 | | parameters["bn2"][6] = GET_OR_BIGNUM(Fp12.bn7); |
807 | | parameters["bn2"][7] = GET_OR_BIGNUM(Fp12.bn8); |
808 | | parameters["bn2"][8] = GET_OR_BIGNUM(Fp12.bn9); |
809 | | parameters["bn2"][9] = GET_OR_BIGNUM(Fp12.bn10); |
810 | | parameters["bn2"][10] = GET_OR_BIGNUM(Fp12.bn11); |
811 | | parameters["bn2"][11] = GET_OR_BIGNUM(Fp12.bn12); |
812 | | #endif |
813 | 0 | parameters["bn2"][0] = Fp12.bn1; |
814 | 0 | parameters["bn2"][1] = Fp12.bn2; |
815 | 0 | parameters["bn2"][2] = Fp12.bn3; |
816 | 0 | parameters["bn2"][3] = Fp12.bn4; |
817 | 0 | parameters["bn2"][4] = Fp12.bn5; |
818 | 0 | parameters["bn2"][5] = Fp12.bn6; |
819 | 0 | parameters["bn2"][6] = Fp12.bn7; |
820 | 0 | parameters["bn2"][7] = Fp12.bn8; |
821 | 0 | parameters["bn2"][8] = Fp12.bn9; |
822 | 0 | parameters["bn2"][9] = Fp12.bn10; |
823 | 0 | parameters["bn2"][10] = Fp12.bn11; |
824 | 0 | parameters["bn2"][11] = Fp12.bn12; |
825 | 0 | } else { |
826 | 0 | parameters["bn2"][0] = getBignum(); |
827 | 0 | parameters["bn2"][1] = getBignum(); |
828 | 0 | parameters["bn2"][2] = getBignum(); |
829 | 0 | parameters["bn2"][3] = getBignum(); |
830 | 0 | parameters["bn2"][4] = getBignum(); |
831 | 0 | parameters["bn2"][5] = getBignum(); |
832 | 0 | parameters["bn2"][6] = getBignum(); |
833 | 0 | parameters["bn2"][7] = getBignum(); |
834 | 0 | parameters["bn2"][8] = getBignum(); |
835 | 0 | parameters["bn2"][9] = getBignum(); |
836 | 0 | parameters["bn2"][10] = getBignum(); |
837 | 0 | parameters["bn2"][11] = getBignum(); |
838 | 0 | } |
839 | |
|
840 | 0 | parameters["bn3"][0] = ""; |
841 | 0 | parameters["bn3"][1] = ""; |
842 | 0 | parameters["bn3"][2] = ""; |
843 | 0 | parameters["bn3"][3] = ""; |
844 | 0 | parameters["bn3"][4] = ""; |
845 | 0 | parameters["bn3"][5] = ""; |
846 | 0 | parameters["bn3"][6] = ""; |
847 | 0 | parameters["bn3"][7] = ""; |
848 | 0 | parameters["bn3"][8] = ""; |
849 | 0 | parameters["bn3"][9] = ""; |
850 | 0 | parameters["bn3"][10] = ""; |
851 | 0 | parameters["bn3"][11] = ""; |
852 | |
|
853 | 0 | parameters["bn4"][0] = ""; |
854 | 0 | parameters["bn4"][1] = ""; |
855 | 0 | parameters["bn4"][2] = ""; |
856 | 0 | parameters["bn4"][3] = ""; |
857 | 0 | parameters["bn4"][4] = ""; |
858 | 0 | parameters["bn4"][5] = ""; |
859 | 0 | parameters["bn4"][6] = ""; |
860 | 0 | parameters["bn4"][7] = ""; |
861 | 0 | parameters["bn4"][8] = ""; |
862 | 0 | parameters["bn4"][9] = ""; |
863 | 0 | parameters["bn4"][10] = ""; |
864 | 0 | parameters["bn4"][11] = ""; |
865 | 0 | cryptofuzz::operation::BignumCalc_Fp12 op(parameters); |
866 | 0 | op.Serialize(dsOut2); |
867 | 0 | } |
868 | 0 | break; |
869 | 0 | case CF_OPERATION("ECC_PrivateToPublic"): |
870 | 0 | { |
871 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
872 | |
|
873 | 0 | if ( Pool_CurvePrivkey.Have() && getBool() == true ) { |
874 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
875 | |
|
876 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
877 | 0 | parameters["priv"] = P1.priv; |
878 | 0 | } else { |
879 | 0 | const auto curveID = getRandomCurve(); |
880 | 0 | parameters["curveType"] = hint_ecc_mont(curveID); |
881 | |
|
882 | 0 | if ( getBool() ) { |
883 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(curveID); |
884 | 0 | if ( order != std::nullopt ) { |
885 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
886 | 0 | parameters["priv"] = boost::lexical_cast<std::string>(o-1); |
887 | 0 | } else { |
888 | 0 | parameters["priv"] = getBignum(); |
889 | 0 | } |
890 | 0 | } else { |
891 | 0 | parameters["priv"] = getBignum(); |
892 | 0 | } |
893 | |
|
894 | 0 | } |
895 | |
|
896 | 0 | cryptofuzz::operation::ECC_PrivateToPublic op(parameters); |
897 | 0 | op.Serialize(dsOut2); |
898 | 0 | } |
899 | 0 | break; |
900 | 0 | case CF_OPERATION("ECC_ValidatePubkey"): |
901 | 0 | { |
902 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
903 | |
|
904 | 0 | if ( getBool() && Pool_CurveKeypair.Have() ) { |
905 | 0 | const auto P = Pool_CurveKeypair.Get(); |
906 | |
|
907 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
908 | |
|
909 | 0 | parameters["pub_x"] = getBool() ? getBignum() : P.pub_x; |
910 | 0 | parameters["pub_y"] = getBool() ? getBignum() : P.pub_y; |
911 | 0 | } else if ( getBool() && Pool_CurveECC_Point.Have() == true ) { |
912 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
913 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
914 | |
|
915 | 0 | parameters["pub_x"] = getBool() ? getBignum() : P.x; |
916 | 0 | parameters["pub_y"] = getBool() ? getBignum() : P.y; |
917 | 0 | } else { |
918 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
919 | 0 | parameters["pub_x"] = getBignum(); |
920 | 0 | parameters["pub_y"] = getBignum(); |
921 | 0 | } |
922 | |
|
923 | 0 | cryptofuzz::operation::ECC_ValidatePubkey op(parameters); |
924 | 0 | op.Serialize(dsOut2); |
925 | |
|
926 | 0 | generateECCPoint(); |
927 | 0 | } |
928 | 0 | break; |
929 | 0 | case CF_OPERATION("DSA_GenerateParameters"): |
930 | 0 | { |
931 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
932 | 0 | cryptofuzz::operation::DSA_GenerateParameters op(parameters); |
933 | 0 | op.Serialize(dsOut2); |
934 | 0 | } |
935 | 0 | break; |
936 | 0 | case CF_OPERATION("DSA_PrivateToPublic"): |
937 | 0 | { |
938 | 0 | parameters["modifier"] = ""; |
939 | |
|
940 | 0 | if ( Pool_DSA_PQG.Have() && getBool() == true ) { |
941 | 0 | const auto PQG = Pool_DSA_PQG.Get(); |
942 | 0 | parameters["p"] = PQG.p; |
943 | 0 | parameters["g"] = PQG.g; |
944 | 0 | } else { |
945 | 0 | parameters["p"] = getBignum(); |
946 | 0 | parameters["g"] = getBignum(); |
947 | 0 | } |
948 | |
|
949 | 0 | parameters["priv"] = getBignum(); |
950 | |
|
951 | 0 | cryptofuzz::operation::DSA_PrivateToPublic op(parameters); |
952 | 0 | op.Serialize(dsOut2); |
953 | 0 | } |
954 | 0 | break; |
955 | 0 | case CF_OPERATION("DSA_GenerateKeyPair"): |
956 | 0 | { |
957 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
958 | |
|
959 | 0 | if ( Pool_DSA_PQG.Have() && getBool() == true ) { |
960 | 0 | const auto PQG = Pool_DSA_PQG.Get(); |
961 | 0 | parameters["p"] = PQG.p; |
962 | 0 | parameters["q"] = PQG.q; |
963 | 0 | parameters["g"] = PQG.g; |
964 | 0 | } else { |
965 | 0 | parameters["p"] = getBignum(); |
966 | 0 | parameters["q"] = getBignum(); |
967 | 0 | parameters["g"] = getBignum(); |
968 | 0 | } |
969 | |
|
970 | 0 | cryptofuzz::operation::DSA_GenerateKeyPair op(parameters); |
971 | 0 | op.Serialize(dsOut2); |
972 | 0 | } |
973 | 0 | break; |
974 | 0 | case CF_OPERATION("DSA_Verify"): |
975 | 0 | { |
976 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
977 | |
|
978 | 0 | if ( Pool_DSASignature.Have() && getBool() == true ) { |
979 | 0 | const auto sig = Pool_DSASignature.Get(); |
980 | |
|
981 | 0 | nlohmann::json parameters_; |
982 | 0 | parameters_["p"] = sig.p; |
983 | 0 | parameters_["q"] = sig.q; |
984 | 0 | parameters_["g"] = sig.g; |
985 | |
|
986 | 0 | parameters["parameters"] = parameters_; |
987 | |
|
988 | 0 | parameters["signature"][0] = getBool() ? getBignum() : sig.r; |
989 | 0 | parameters["signature"][1] = getBool() ? getBignum() : sig.s; |
990 | 0 | parameters["pub"] = sig.pub; |
991 | 0 | parameters["cleartext"] = sig.cleartext; |
992 | 0 | } else { |
993 | 0 | nlohmann::json parameters_; |
994 | 0 | parameters_["p"] = getBignum(); |
995 | 0 | parameters_["q"] = getBignum(); |
996 | 0 | parameters_["g"] = getBignum(); |
997 | |
|
998 | 0 | parameters["parameters"] = parameters_; |
999 | |
|
1000 | 0 | parameters["signature"][0] = getBignum(); |
1001 | 0 | parameters["signature"][1] = getBignum(); |
1002 | 0 | parameters["pub"] = getBignum(); |
1003 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 8); |
1004 | 0 | } |
1005 | | |
1006 | |
|
1007 | 0 | cryptofuzz::operation::DSA_Verify op(parameters); |
1008 | 0 | op.Serialize(dsOut2); |
1009 | 0 | } |
1010 | 0 | break; |
1011 | 0 | case CF_OPERATION("DSA_Sign"): |
1012 | 0 | { |
1013 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1014 | |
|
1015 | 0 | if ( Pool_DSA_PQG.Have() && getBool() == true ) { |
1016 | 0 | const auto PQG = Pool_DSA_PQG.Get(); |
1017 | |
|
1018 | 0 | nlohmann::json parameters_; |
1019 | 0 | parameters_["p"] = PQG.p; |
1020 | 0 | parameters_["q"] = PQG.q; |
1021 | 0 | parameters_["g"] = PQG.g; |
1022 | |
|
1023 | 0 | parameters["parameters"] = parameters_; |
1024 | 0 | } else { |
1025 | 0 | nlohmann::json parameters_; |
1026 | 0 | parameters_["p"] = getBignum(); |
1027 | 0 | parameters_["q"] = getBignum(); |
1028 | 0 | parameters_["g"] = getBignum(); |
1029 | |
|
1030 | 0 | parameters["parameters"] = parameters_; |
1031 | 0 | } |
1032 | |
|
1033 | 0 | parameters["priv"] = getBignum(); |
1034 | |
|
1035 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 8); |
1036 | |
|
1037 | 0 | cryptofuzz::operation::DSA_Sign op(parameters); |
1038 | 0 | op.Serialize(dsOut2); |
1039 | 0 | } |
1040 | 0 | break; |
1041 | 0 | case CF_OPERATION("ECDH_Derive"): |
1042 | 0 | { |
1043 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1044 | |
|
1045 | 0 | if ( Pool_CurvePrivkey.Have() && getBool() == true ) { |
1046 | 0 | const auto P1 = Pool_CurveKeypair.Get(); |
1047 | 0 | const auto P2 = Pool_CurveKeypair.Get(); |
1048 | |
|
1049 | 0 | CF_CHECK_EQ(P1.curveID, P2.curveID); |
1050 | |
|
1051 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
1052 | |
|
1053 | 0 | parameters["priv"] = P1.privkey; |
1054 | |
|
1055 | 0 | parameters["pub_x"] = P1.pub_x; |
1056 | 0 | parameters["pub_y"] = P1.pub_y; |
1057 | 0 | } else { |
1058 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1059 | |
|
1060 | 0 | parameters["priv"] = getBignum(); |
1061 | |
|
1062 | 0 | parameters["pub_x"] = getBignum(); |
1063 | 0 | parameters["pub_y"] = getBignum(); |
1064 | 0 | } |
1065 | | |
1066 | 0 | cryptofuzz::operation::ECDH_Derive op(parameters); |
1067 | 0 | op.Serialize(dsOut2); |
1068 | 0 | } |
1069 | 0 | break; |
1070 | 0 | case CF_OPERATION("ECCSI_Sign"): |
1071 | 0 | { |
1072 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1073 | |
|
1074 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
1075 | |
|
1076 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
1077 | 0 | parameters["priv"] = P1.priv; |
1078 | |
|
1079 | 0 | if ( getBool() ) { |
1080 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1081 | 0 | } else { |
1082 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1083 | 0 | } |
1084 | 0 | parameters["digestType"] = getRandomDigest(); |
1085 | 0 | parameters["id"] = getBuffer(PRNG() % 1024); |
1086 | |
|
1087 | 0 | cryptofuzz::operation::ECCSI_Sign op(parameters); |
1088 | 0 | op.Serialize(dsOut2); |
1089 | 0 | } |
1090 | 0 | break; |
1091 | 0 | case CF_OPERATION("ECDSA_Sign"): |
1092 | 0 | { |
1093 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1094 | | |
1095 | | // Was broken: empty string is not valid priv key (copy-paste from getPublicKey) |
1096 | 0 | if ( Pool_CurvePrivkey.Have() && getBool() == true ) { |
1097 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
1098 | |
|
1099 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
1100 | 0 | parameters["priv"] = P1.priv; |
1101 | 0 | } else { |
1102 | 0 | const auto curveID = getRandomCurve(); |
1103 | 0 | parameters["curveType"] = hint_ecc_mont(curveID); |
1104 | |
|
1105 | 0 | if ( getBool() ) { |
1106 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(curveID); |
1107 | 0 | if ( order != std::nullopt ) { |
1108 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1109 | 0 | parameters["priv"] = boost::lexical_cast<std::string>(o-1); |
1110 | 0 | } else { |
1111 | 0 | parameters["priv"] = getBignum(); |
1112 | 0 | } |
1113 | 0 | } else { |
1114 | 0 | parameters["priv"] = getBignum(); |
1115 | 0 | } |
1116 | |
|
1117 | 0 | } |
1118 | 0 | parameters["nonce"] = getBignum(); |
1119 | |
|
1120 | 0 | if ( getBool() ) { |
1121 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1122 | 0 | } else { |
1123 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1124 | 0 | } |
1125 | |
|
1126 | 0 | parameters["nonceSource"] = PRNG() % 3; |
1127 | 0 | parameters["digestType"] = getRandomDigest(); |
1128 | |
|
1129 | 0 | cryptofuzz::operation::ECDSA_Sign op(parameters); |
1130 | 0 | op.Serialize(dsOut2); |
1131 | 0 | } |
1132 | 0 | break; |
1133 | 0 | case CF_OPERATION("ECGDSA_Sign"): |
1134 | 0 | { |
1135 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1136 | |
|
1137 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
1138 | |
|
1139 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
1140 | 0 | parameters["priv"] = P1.priv; |
1141 | 0 | parameters["nonce"] = getBignum(); |
1142 | |
|
1143 | 0 | if ( getBool() ) { |
1144 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1145 | 0 | } else { |
1146 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1147 | 0 | } |
1148 | 0 | parameters["nonceSource"] = PRNG() % 3; |
1149 | 0 | parameters["digestType"] = getRandomDigest(); |
1150 | |
|
1151 | 0 | cryptofuzz::operation::ECGDSA_Sign op(parameters); |
1152 | 0 | op.Serialize(dsOut2); |
1153 | 0 | } |
1154 | 0 | break; |
1155 | 0 | case CF_OPERATION("ECRDSA_Sign"): |
1156 | 0 | { |
1157 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1158 | |
|
1159 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
1160 | |
|
1161 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
1162 | 0 | parameters["priv"] = P1.priv; |
1163 | 0 | parameters["nonce"] = getBignum(); |
1164 | |
|
1165 | 0 | if ( getBool() ) { |
1166 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1167 | 0 | } else { |
1168 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1169 | 0 | } |
1170 | 0 | parameters["nonceSource"] = PRNG() % 3; |
1171 | 0 | parameters["digestType"] = getRandomDigest(); |
1172 | |
|
1173 | 0 | cryptofuzz::operation::ECRDSA_Sign op(parameters); |
1174 | 0 | op.Serialize(dsOut2); |
1175 | 0 | } |
1176 | 0 | break; |
1177 | 0 | case CF_OPERATION("Schnorr_Sign"): |
1178 | 0 | { |
1179 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1180 | |
|
1181 | 0 | const auto P1 = Pool_CurvePrivkey.Get(); |
1182 | |
|
1183 | 0 | parameters["curveType"] = hint_ecc_mont(P1.curveID); |
1184 | 0 | parameters["priv"] = P1.priv; |
1185 | 0 | parameters["nonce"] = getBignum(); |
1186 | |
|
1187 | 0 | if ( getBool() ) { |
1188 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1189 | 0 | } else { |
1190 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
1191 | 0 | } |
1192 | 0 | parameters["nonceSource"] = PRNG() % 3; |
1193 | 0 | parameters["digestType"] = getRandomDigest(); |
1194 | |
|
1195 | 0 | cryptofuzz::operation::Schnorr_Sign op(parameters); |
1196 | 0 | op.Serialize(dsOut2); |
1197 | 0 | } |
1198 | 0 | break; |
1199 | 0 | case CF_OPERATION("ECCSI_Verify"): |
1200 | 0 | { |
1201 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1202 | |
|
1203 | 0 | if ( Pool_CurveECCSISignature.Have() == true ) { |
1204 | 0 | const auto P = Pool_CurveECCSISignature.Get(); |
1205 | | #if 0 |
1206 | | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1207 | | |
1208 | | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1209 | | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1210 | | |
1211 | | parameters["signature"]["pvt"][0] = getBool() ? getBignum() : P.pvt_x; |
1212 | | parameters["signature"]["pvt"][1] = getBool() ? getBignum() : P.pvt_y; |
1213 | | |
1214 | | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1215 | | parameters["signature"]["signature"][1] = getBool() ? getBignum() : P.sig_s; |
1216 | | |
1217 | | parameters["cleartext"] = P.cleartext; |
1218 | | parameters["id"] = P.id; |
1219 | | #endif |
1220 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1221 | |
|
1222 | 0 | parameters["signature"]["pub"][0] = P.pub_x; |
1223 | 0 | parameters["signature"]["pub"][1] = P.pub_y; |
1224 | |
|
1225 | 0 | parameters["signature"]["pvt"][0] = P.pvt_x; |
1226 | 0 | parameters["signature"]["pvt"][1] = P.pvt_y; |
1227 | |
|
1228 | 0 | parameters["signature"]["signature"][0] = P.sig_r; |
1229 | 0 | parameters["signature"]["signature"][1] = P.sig_s; |
1230 | |
|
1231 | 0 | parameters["cleartext"] = P.cleartext; |
1232 | 0 | parameters["id"] = P.id; |
1233 | 0 | } else { |
1234 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1235 | |
|
1236 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1237 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1238 | |
|
1239 | 0 | parameters["signature"]["pvt"][0] = getBignum(); |
1240 | 0 | parameters["signature"]["pvt"][1] = getBignum(); |
1241 | |
|
1242 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1243 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1244 | |
|
1245 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1246 | 0 | parameters["id"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1247 | 0 | } |
1248 | |
|
1249 | 0 | parameters["digestType"] = getRandomDigest(); |
1250 | |
|
1251 | 0 | cryptofuzz::operation::ECCSI_Verify op(parameters); |
1252 | 0 | op.Serialize(dsOut2); |
1253 | 0 | } |
1254 | 0 | break; |
1255 | 0 | case CF_OPERATION("ECDSA_Verify"): |
1256 | 0 | { |
1257 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1258 | |
|
1259 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1260 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1261 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1262 | |
|
1263 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1264 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1265 | |
|
1266 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1267 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1268 | |
|
1269 | 0 | if ( getBool() ) { |
1270 | | /* Test ECDSA signature malleability */ |
1271 | |
|
1272 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1273 | 0 | if ( order != std::nullopt ) { |
1274 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1275 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1276 | 0 | if ( o > s ) { |
1277 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1278 | 0 | } |
1279 | 0 | } |
1280 | 0 | } |
1281 | |
|
1282 | 0 | parameters["signature"]["signature"][1] = sigS; |
1283 | 0 | parameters["cleartext"] = P.cleartext; |
1284 | 0 | } else { |
1285 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1286 | |
|
1287 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1288 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1289 | |
|
1290 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1291 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1292 | |
|
1293 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1294 | 0 | } |
1295 | |
|
1296 | 0 | parameters["digestType"] = getRandomDigest(); |
1297 | |
|
1298 | 0 | cryptofuzz::operation::ECDSA_Verify op(parameters); |
1299 | 0 | op.Serialize(dsOut2); |
1300 | 0 | } |
1301 | 0 | break; |
1302 | 0 | case CF_OPERATION("ECGDSA_Verify"): |
1303 | 0 | { |
1304 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1305 | |
|
1306 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1307 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1308 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1309 | |
|
1310 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1311 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1312 | |
|
1313 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1314 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1315 | |
|
1316 | 0 | if ( getBool() ) { |
1317 | | /* Test ECGDSA signature malleability */ |
1318 | |
|
1319 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1320 | 0 | if ( order != std::nullopt ) { |
1321 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1322 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1323 | 0 | if ( o > s ) { |
1324 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1325 | 0 | } |
1326 | 0 | } |
1327 | 0 | } |
1328 | |
|
1329 | 0 | parameters["signature"]["signature"][1] = sigS; |
1330 | 0 | parameters["cleartext"] = P.cleartext; |
1331 | 0 | } else { |
1332 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1333 | |
|
1334 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1335 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1336 | |
|
1337 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1338 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1339 | |
|
1340 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1341 | 0 | } |
1342 | |
|
1343 | 0 | parameters["digestType"] = getRandomDigest(); |
1344 | |
|
1345 | 0 | cryptofuzz::operation::ECGDSA_Verify op(parameters); |
1346 | 0 | op.Serialize(dsOut2); |
1347 | 0 | } |
1348 | 0 | break; |
1349 | 0 | case CF_OPERATION("ECRDSA_Verify"): |
1350 | 0 | { |
1351 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1352 | |
|
1353 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1354 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1355 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1356 | |
|
1357 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1358 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1359 | |
|
1360 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1361 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1362 | |
|
1363 | 0 | if ( getBool() ) { |
1364 | | /* Test ECRDSA signature malleability */ |
1365 | |
|
1366 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1367 | 0 | if ( order != std::nullopt ) { |
1368 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1369 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1370 | 0 | if ( o > s ) { |
1371 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1372 | 0 | } |
1373 | 0 | } |
1374 | 0 | } |
1375 | |
|
1376 | 0 | parameters["signature"]["signature"][1] = sigS; |
1377 | 0 | parameters["cleartext"] = P.cleartext; |
1378 | 0 | } else { |
1379 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1380 | |
|
1381 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1382 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1383 | |
|
1384 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1385 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1386 | |
|
1387 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1388 | 0 | } |
1389 | |
|
1390 | 0 | parameters["digestType"] = getRandomDigest(); |
1391 | |
|
1392 | 0 | cryptofuzz::operation::ECRDSA_Verify op(parameters); |
1393 | 0 | op.Serialize(dsOut2); |
1394 | 0 | } |
1395 | 0 | break; |
1396 | 0 | case CF_OPERATION("Schnorr_Verify"): |
1397 | 0 | { |
1398 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1399 | |
|
1400 | 0 | if ( Pool_CurveECDSASignature.Have() == true ) { |
1401 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1402 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1403 | |
|
1404 | 0 | parameters["signature"]["pub"][0] = getBool() ? getBignum() : P.pub_x; |
1405 | 0 | parameters["signature"]["pub"][1] = getBool() ? getBignum() : P.pub_y; |
1406 | |
|
1407 | 0 | parameters["signature"]["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1408 | 0 | auto sigS = getBool() ? getBignum() : P.sig_y; |
1409 | |
|
1410 | 0 | if ( getBool() ) { |
1411 | | /* Test Schnorr signature malleability */ |
1412 | |
|
1413 | 0 | const auto order = cryptofuzz::repository::ECC_CurveToOrder(P.curveID); |
1414 | 0 | if ( order != std::nullopt ) { |
1415 | 0 | const auto o = boost::multiprecision::cpp_int(*order); |
1416 | 0 | const auto s = boost::multiprecision::cpp_int(sigS); |
1417 | 0 | if ( o > s ) { |
1418 | 0 | sigS = boost::lexical_cast<std::string>(o - s); |
1419 | 0 | } |
1420 | 0 | } |
1421 | 0 | } |
1422 | |
|
1423 | 0 | parameters["signature"]["signature"][1] = sigS; |
1424 | 0 | parameters["cleartext"] = P.cleartext; |
1425 | 0 | } else { |
1426 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1427 | |
|
1428 | 0 | parameters["signature"]["pub"][0] = getBignum(); |
1429 | 0 | parameters["signature"]["pub"][1] = getBignum(); |
1430 | |
|
1431 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
1432 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
1433 | |
|
1434 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1435 | 0 | } |
1436 | |
|
1437 | 0 | parameters["digestType"] = getRandomDigest(); |
1438 | |
|
1439 | 0 | cryptofuzz::operation::Schnorr_Verify op(parameters); |
1440 | 0 | op.Serialize(dsOut2); |
1441 | 0 | } |
1442 | 0 | break; |
1443 | 0 | case CF_OPERATION("ECDSA_Recover"): |
1444 | 0 | { |
1445 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
1446 | |
|
1447 | 0 | if ( getBool() && Pool_CurveECDSASignature.Have() == true ) { |
1448 | 0 | const auto P = Pool_CurveECDSASignature.Get(); |
1449 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1450 | |
|
1451 | 0 | parameters["signature"][0] = getBool() ? getBignum() : P.sig_r; |
1452 | 0 | parameters["signature"][1] = getBool() ? getBignum() : P.sig_y; |
1453 | |
|
1454 | 0 | if ( getBool() ) { |
1455 | 0 | parameters["cleartext"] = P.cleartext; |
1456 | 0 | } else { |
1457 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1458 | 0 | } |
1459 | 0 | } else if ( getBool() && Pool_CurveECC_Point.Have() == true ) { |
1460 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1461 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1462 | |
|
1463 | 0 | parameters["signature"][0] = getBool() ? getBignum() : P.x; |
1464 | 0 | parameters["signature"][1] = getBool() ? getBignum() : P.y; |
1465 | |
|
1466 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1467 | 0 | } else { |
1468 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1469 | |
|
1470 | 0 | parameters["signature"][0] = getBignum(); |
1471 | 0 | parameters["signature"][1] = getBignum(); |
1472 | |
|
1473 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
1474 | 0 | } |
1475 | |
|
1476 | 0 | parameters["id"] = PRNG() % 4; |
1477 | 0 | parameters["digestType"] = getRandomDigest(); |
1478 | |
|
1479 | 0 | cryptofuzz::operation::ECDSA_Recover op(parameters); |
1480 | 0 | op.Serialize(dsOut2); |
1481 | 0 | } |
1482 | 0 | break; |
1483 | 0 | case CF_OPERATION("ECC_GenerateKeyPair"): |
1484 | 0 | { |
1485 | 0 | parameters["modifier"] = getBuffer(PRNG() % 128); |
1486 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1487 | |
|
1488 | 0 | cryptofuzz::operation::ECC_GenerateKeyPair op(parameters); |
1489 | 0 | op.Serialize(dsOut2); |
1490 | 0 | } |
1491 | 0 | break; |
1492 | 0 | case CF_OPERATION("ECIES_Encrypt"): |
1493 | 0 | case CF_OPERATION("ECIES_Decrypt"): |
1494 | 0 | { |
1495 | 0 | parameters["modifier"] = getBuffer(PRNG() % 128); |
1496 | 0 | if ( operation == CF_OPERATION("ECIES_Encrypt") ) { |
1497 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 1024); |
1498 | 0 | } else { |
1499 | 0 | parameters["ciphertext"] = getBuffer(PRNG() % 1024); |
1500 | 0 | } |
1501 | | //parameters["cipherType"] = getRandomCipher(); |
1502 | 0 | parameters["cipherType"] = CF_CIPHER("AES_128_CBC"); |
1503 | 0 | parameters["iv_enabled"] = false; |
1504 | |
|
1505 | 0 | parameters["priv"] = getBignum(); |
1506 | |
|
1507 | 0 | if ( Pool_CurveKeypair.Have() && getBool() == true ) { |
1508 | 0 | const auto P = Pool_CurveKeypair.Get(); |
1509 | |
|
1510 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1511 | 0 | parameters["pub_x"] = P.pub_x; |
1512 | 0 | parameters["pub_y"] = P.pub_y; |
1513 | |
|
1514 | 0 | if ( Pool_CurvePrivkey.Have() && getBool() == true ) { |
1515 | 0 | const auto P2 = Pool_CurvePrivkey.Get(); |
1516 | 0 | if ( P2.curveID == P.curveID ) { |
1517 | 0 | parameters["priv"] = P2.priv; |
1518 | 0 | } |
1519 | 0 | } |
1520 | 0 | } else { |
1521 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1522 | 0 | parameters["pub_x"] = getBignum(); |
1523 | 0 | parameters["pub_y"] = getBignum(); |
1524 | 0 | } |
1525 | |
|
1526 | 0 | if ( operation == CF_OPERATION("ECIES_Encrypt") ) { |
1527 | 0 | cryptofuzz::operation::ECIES_Encrypt op(parameters); |
1528 | 0 | op.Serialize(dsOut2); |
1529 | 0 | } else { |
1530 | 0 | cryptofuzz::operation::ECIES_Decrypt op(parameters); |
1531 | 0 | op.Serialize(dsOut2); |
1532 | 0 | } |
1533 | 0 | } |
1534 | 0 | break; |
1535 | 0 | case CF_OPERATION("ECC_Point_Add"): |
1536 | 0 | { |
1537 | 0 | parameters["modifier"] = ""; |
1538 | |
|
1539 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1540 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1541 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1542 | |
|
1543 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1544 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1545 | 0 | } else { |
1546 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1547 | |
|
1548 | 0 | parameters["a_x"] = getBignum(); |
1549 | 0 | parameters["a_y"] = getBignum(); |
1550 | 0 | } |
1551 | |
|
1552 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1553 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1554 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1555 | |
|
1556 | 0 | parameters["b_x"] = getBool() ? getBignum() : P.x; |
1557 | 0 | parameters["b_y"] = getBool() ? getBignum() : P.y; |
1558 | 0 | } else { |
1559 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1560 | |
|
1561 | 0 | parameters["b_x"] = getBignum(); |
1562 | 0 | parameters["b_y"] = getBignum(); |
1563 | 0 | } |
1564 | |
|
1565 | 0 | cryptofuzz::operation::ECC_Point_Add op(parameters); |
1566 | 0 | op.Serialize(dsOut2); |
1567 | |
|
1568 | 0 | generateECCPoint(); |
1569 | 0 | } |
1570 | 0 | break; |
1571 | 0 | case CF_OPERATION("ECC_Point_Sub"): |
1572 | 0 | { |
1573 | 0 | parameters["modifier"] = ""; |
1574 | |
|
1575 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1576 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1577 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1578 | |
|
1579 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1580 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1581 | 0 | } else { |
1582 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1583 | |
|
1584 | 0 | parameters["a_x"] = getBignum(); |
1585 | 0 | parameters["a_y"] = getBignum(); |
1586 | 0 | } |
1587 | |
|
1588 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1589 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1590 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1591 | |
|
1592 | 0 | parameters["b_x"] = getBool() ? getBignum() : P.x; |
1593 | 0 | parameters["b_y"] = getBool() ? getBignum() : P.y; |
1594 | 0 | } else { |
1595 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1596 | |
|
1597 | 0 | parameters["b_x"] = getBignum(); |
1598 | 0 | parameters["b_y"] = getBignum(); |
1599 | 0 | } |
1600 | |
|
1601 | 0 | cryptofuzz::operation::ECC_Point_Sub op(parameters); |
1602 | 0 | op.Serialize(dsOut2); |
1603 | |
|
1604 | 0 | generateECCPoint(); |
1605 | 0 | } |
1606 | 0 | break; |
1607 | 0 | case CF_OPERATION("ECC_Point_Mul"): |
1608 | 0 | { |
1609 | 0 | parameters["modifier"] = ""; |
1610 | |
|
1611 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1612 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1613 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1614 | |
|
1615 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1616 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1617 | 0 | } else { |
1618 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1619 | |
|
1620 | 0 | parameters["a_x"] = getBignum(); |
1621 | 0 | parameters["a_y"] = getBignum(); |
1622 | 0 | } |
1623 | |
|
1624 | 0 | parameters["b"] = getBignum(); |
1625 | |
|
1626 | 0 | cryptofuzz::operation::ECC_Point_Mul op(parameters); |
1627 | 0 | op.Serialize(dsOut2); |
1628 | |
|
1629 | 0 | generateECCPoint(); |
1630 | 0 | } |
1631 | 0 | break; |
1632 | 0 | case CF_OPERATION("ECC_Point_Neg"): |
1633 | 0 | { |
1634 | 0 | parameters["modifier"] = ""; |
1635 | |
|
1636 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1637 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1638 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1639 | |
|
1640 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1641 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1642 | 0 | } else { |
1643 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1644 | |
|
1645 | 0 | parameters["a_x"] = getBignum(); |
1646 | 0 | parameters["a_y"] = getBignum(); |
1647 | 0 | } |
1648 | |
|
1649 | 0 | cryptofuzz::operation::ECC_Point_Neg op(parameters); |
1650 | 0 | op.Serialize(dsOut2); |
1651 | |
|
1652 | 0 | generateECCPoint(); |
1653 | 0 | } |
1654 | 0 | break; |
1655 | 0 | case CF_OPERATION("ECC_Point_Dbl"): |
1656 | 0 | { |
1657 | 0 | parameters["modifier"] = ""; |
1658 | |
|
1659 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1660 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1661 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1662 | |
|
1663 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1664 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1665 | 0 | } else { |
1666 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1667 | |
|
1668 | 0 | parameters["a_x"] = getBignum(); |
1669 | 0 | parameters["a_y"] = getBignum(); |
1670 | 0 | } |
1671 | |
|
1672 | 0 | cryptofuzz::operation::ECC_Point_Dbl op(parameters); |
1673 | 0 | op.Serialize(dsOut2); |
1674 | |
|
1675 | 0 | generateECCPoint(); |
1676 | 0 | } |
1677 | 0 | break; |
1678 | 0 | case CF_OPERATION("ECC_Point_Cmp"): |
1679 | 0 | { |
1680 | 0 | parameters["modifier"] = ""; |
1681 | |
|
1682 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1683 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1684 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1685 | |
|
1686 | 0 | parameters["a_x"] = getBool() ? getBignum() : P.x; |
1687 | 0 | parameters["a_y"] = getBool() ? getBignum() : P.y; |
1688 | 0 | } else { |
1689 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1690 | |
|
1691 | 0 | parameters["a_x"] = getBignum(); |
1692 | 0 | parameters["a_y"] = getBignum(); |
1693 | 0 | } |
1694 | |
|
1695 | 0 | if ( Pool_CurveECC_Point.Have() == true ) { |
1696 | 0 | const auto P = Pool_CurveECC_Point.Get(); |
1697 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
1698 | |
|
1699 | 0 | parameters["b_x"] = getBool() ? getBignum() : P.x; |
1700 | 0 | parameters["b_y"] = getBool() ? getBignum() : P.y; |
1701 | 0 | } else { |
1702 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1703 | |
|
1704 | 0 | parameters["b_x"] = getBignum(); |
1705 | 0 | parameters["b_y"] = getBignum(); |
1706 | 0 | } |
1707 | |
|
1708 | 0 | cryptofuzz::operation::ECC_Point_Cmp op(parameters); |
1709 | 0 | op.Serialize(dsOut2); |
1710 | |
|
1711 | 0 | generateECCPoint(); |
1712 | 0 | } |
1713 | 0 | break; |
1714 | 0 | case CF_OPERATION("KDF_SCRYPT"): |
1715 | 0 | { |
1716 | 0 | size_t numParts = 0; |
1717 | |
|
1718 | 0 | numParts++; /* modifier */ |
1719 | 0 | numParts++; /* password */ |
1720 | 0 | numParts++; /* salt */ |
1721 | |
|
1722 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1723 | |
|
1724 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1725 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1726 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1727 | 0 | parameters["N"] = PRNG() % 5; |
1728 | 0 | parameters["r"] = PRNG() % 9; |
1729 | 0 | parameters["p"] = PRNG() % 5; |
1730 | 0 | parameters["keySize"] = PRNG() % 1024; |
1731 | |
|
1732 | 0 | cryptofuzz::operation::KDF_SCRYPT op(parameters); |
1733 | 0 | op.Serialize(dsOut2); |
1734 | 0 | } |
1735 | 0 | break; |
1736 | 0 | case CF_OPERATION("KDF_HKDF"): |
1737 | 0 | { |
1738 | 0 | size_t numParts = 0; |
1739 | |
|
1740 | 0 | numParts++; /* modifier */ |
1741 | 0 | numParts++; /* password */ |
1742 | 0 | numParts++; /* salt */ |
1743 | 0 | numParts++; /* info */ |
1744 | |
|
1745 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1746 | |
|
1747 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1748 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1749 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1750 | 0 | parameters["info"] = getBuffer(lengths[3]); |
1751 | 0 | parameters["keySize"] = PRNG() % 17000; |
1752 | 0 | parameters["digestType"] = getRandomDigest(); |
1753 | |
|
1754 | 0 | cryptofuzz::operation::KDF_HKDF op(parameters); |
1755 | 0 | op.Serialize(dsOut2); |
1756 | 0 | } |
1757 | 0 | break; |
1758 | 0 | case CF_OPERATION("KDF_TLS1_PRF"): |
1759 | 0 | { |
1760 | 0 | size_t numParts = 0; |
1761 | |
|
1762 | 0 | numParts++; /* modifier */ |
1763 | 0 | numParts++; /* secret */ |
1764 | 0 | numParts++; /* seed */ |
1765 | |
|
1766 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1767 | |
|
1768 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1769 | 0 | parameters["secret"] = getBuffer(lengths[1]); |
1770 | 0 | parameters["seed"] = getBuffer(lengths[2]); |
1771 | 0 | parameters["keySize"] = PRNG() % 1024; |
1772 | 0 | parameters["digestType"] = getRandomDigest(); |
1773 | |
|
1774 | 0 | cryptofuzz::operation::KDF_TLS1_PRF op(parameters); |
1775 | 0 | op.Serialize(dsOut2); |
1776 | 0 | } |
1777 | 0 | break; |
1778 | 0 | case CF_OPERATION("KDF_PBKDF"): |
1779 | 0 | { |
1780 | 0 | size_t numParts = 0; |
1781 | |
|
1782 | 0 | numParts++; /* modifier */ |
1783 | 0 | numParts++; /* password */ |
1784 | 0 | numParts++; /* salt */ |
1785 | |
|
1786 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1787 | |
|
1788 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1789 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1790 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1791 | 0 | parameters["iterations"] = PRNG() % 5; |
1792 | 0 | parameters["keySize"] = PRNG() % 1024; |
1793 | 0 | parameters["digestType"] = getRandomDigest(); |
1794 | |
|
1795 | 0 | cryptofuzz::operation::KDF_PBKDF op(parameters); |
1796 | 0 | op.Serialize(dsOut2); |
1797 | 0 | } |
1798 | 0 | break; |
1799 | 0 | case CF_OPERATION("KDF_PBKDF1"): |
1800 | 0 | { |
1801 | 0 | size_t numParts = 0; |
1802 | |
|
1803 | 0 | numParts++; /* modifier */ |
1804 | 0 | numParts++; /* password */ |
1805 | 0 | numParts++; /* salt */ |
1806 | |
|
1807 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1808 | |
|
1809 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1810 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1811 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1812 | 0 | parameters["iterations"] = PRNG() % 5; |
1813 | 0 | parameters["keySize"] = PRNG() % 1024; |
1814 | 0 | parameters["digestType"] = getRandomDigest(); |
1815 | |
|
1816 | 0 | cryptofuzz::operation::KDF_PBKDF op(parameters); |
1817 | 0 | op.Serialize(dsOut2); |
1818 | 0 | } |
1819 | 0 | break; |
1820 | 0 | case CF_OPERATION("KDF_PBKDF2"): |
1821 | 0 | { |
1822 | 0 | size_t numParts = 0; |
1823 | |
|
1824 | 0 | numParts++; /* modifier */ |
1825 | 0 | numParts++; /* password */ |
1826 | 0 | numParts++; /* salt */ |
1827 | |
|
1828 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1829 | |
|
1830 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1831 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1832 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1833 | 0 | parameters["iterations"] = PRNG() % 5; |
1834 | 0 | parameters["keySize"] = PRNG() % 1024; |
1835 | 0 | parameters["digestType"] = getRandomDigest(); |
1836 | |
|
1837 | 0 | cryptofuzz::operation::KDF_PBKDF2 op(parameters); |
1838 | 0 | op.Serialize(dsOut2); |
1839 | 0 | } |
1840 | 0 | break; |
1841 | 0 | case CF_OPERATION("KDF_ARGON2"): |
1842 | 0 | { |
1843 | 0 | size_t numParts = 0; |
1844 | |
|
1845 | 0 | numParts++; /* modifier */ |
1846 | 0 | numParts++; /* password */ |
1847 | 0 | numParts++; /* salt */ |
1848 | |
|
1849 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1850 | |
|
1851 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1852 | 0 | parameters["password"] = getBuffer(lengths[1]); |
1853 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1854 | 0 | parameters["type"] = PRNG() % 3; |
1855 | 0 | parameters["threads"] = PRNG() % 256; |
1856 | 0 | parameters["memory"] = PRNG() % (64*1024); |
1857 | 0 | parameters["iterations"] = PRNG() % 3; |
1858 | 0 | parameters["keySize"] = PRNG() % 1024; |
1859 | |
|
1860 | 0 | cryptofuzz::operation::KDF_ARGON2 op(parameters); |
1861 | 0 | op.Serialize(dsOut2); |
1862 | 0 | } |
1863 | 0 | break; |
1864 | 0 | case CF_OPERATION("KDF_SSH"): |
1865 | 0 | { |
1866 | 0 | size_t numParts = 0; |
1867 | |
|
1868 | 0 | numParts++; /* modifier */ |
1869 | 0 | numParts++; /* key */ |
1870 | 0 | numParts++; /* xcghash */ |
1871 | 0 | numParts++; /* session_id */ |
1872 | |
|
1873 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1874 | |
|
1875 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1876 | 0 | parameters["key"] = getBuffer(lengths[1]); |
1877 | 0 | parameters["xcghash"] = getBuffer(lengths[2]); |
1878 | 0 | parameters["session_id"] = getBuffer(lengths[3]); |
1879 | 0 | parameters["type"] = getBuffer(1); |
1880 | 0 | parameters["keySize"] = PRNG() % 1024; |
1881 | 0 | parameters["digestType"] = getRandomDigest(); |
1882 | |
|
1883 | 0 | cryptofuzz::operation::KDF_SSH op(parameters); |
1884 | 0 | op.Serialize(dsOut2); |
1885 | 0 | } |
1886 | 0 | break; |
1887 | 0 | case CF_OPERATION("KDF_X963"): |
1888 | 0 | { |
1889 | 0 | size_t numParts = 0; |
1890 | |
|
1891 | 0 | numParts++; /* modifier */ |
1892 | 0 | numParts++; /* secret */ |
1893 | 0 | numParts++; /* info */ |
1894 | |
|
1895 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1896 | |
|
1897 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1898 | 0 | parameters["secret"] = getBuffer(lengths[1]); |
1899 | 0 | parameters["info"] = getBuffer(lengths[2]); |
1900 | 0 | parameters["keySize"] = PRNG() % 1024; |
1901 | 0 | parameters["digestType"] = getRandomDigest(); |
1902 | |
|
1903 | 0 | cryptofuzz::operation::KDF_X963 op(parameters); |
1904 | 0 | op.Serialize(dsOut2); |
1905 | 0 | } |
1906 | 0 | break; |
1907 | 0 | case CF_OPERATION("KDF_SP_800_108"): |
1908 | 0 | { |
1909 | 0 | size_t numParts = 0; |
1910 | |
|
1911 | 0 | numParts++; /* modifier */ |
1912 | 0 | numParts++; /* secret */ |
1913 | 0 | numParts++; /* salt */ |
1914 | 0 | numParts++; /* label */ |
1915 | |
|
1916 | 0 | const auto lengths = SplitLength(maxSize - 64, numParts); |
1917 | |
|
1918 | 0 | if ( getBool() == true ) { |
1919 | | /* MAC = HMAC */ |
1920 | 0 | parameters["mech"]["mode"] = true; |
1921 | 0 | parameters["mech"]["type"] = getRandomDigest(); |
1922 | 0 | } else { |
1923 | | /* MAC = CMAC */ |
1924 | 0 | parameters["mech"]["mode"] = false; |
1925 | 0 | parameters["mech"]["type"] = getRandomCipher(); |
1926 | 0 | } |
1927 | |
|
1928 | 0 | parameters["modifier"] = getBuffer(lengths[0]); |
1929 | 0 | parameters["secret"] = getBuffer(lengths[1]); |
1930 | 0 | parameters["salt"] = getBuffer(lengths[2]); |
1931 | 0 | parameters["label"] = getBuffer(lengths[3]); |
1932 | 0 | parameters["mode"] = PRNG() % 3; |
1933 | 0 | parameters["keySize"] = PRNG() % 17000; |
1934 | |
|
1935 | 0 | cryptofuzz::operation::KDF_SP_800_108 op(parameters); |
1936 | 0 | op.Serialize(dsOut2); |
1937 | 0 | } |
1938 | 0 | break; |
1939 | 0 | case CF_OPERATION("DH_GenerateKeyPair"): |
1940 | 0 | { |
1941 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1942 | 0 | parameters["prime"] = getBignum(); |
1943 | 0 | parameters["base"] = getBignum(); |
1944 | |
|
1945 | 0 | cryptofuzz::operation::DH_GenerateKeyPair op(parameters); |
1946 | 0 | op.Serialize(dsOut2); |
1947 | 0 | } |
1948 | 0 | break; |
1949 | 0 | case CF_OPERATION("DH_Derive"): |
1950 | 0 | { |
1951 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1952 | 0 | parameters["prime"] = getBignum(); |
1953 | 0 | parameters["base"] = getBignum(); |
1954 | 0 | if ( Pool_DH_PublicKey.Have() && getBool() == true ) { |
1955 | 0 | parameters["pub"] = Pool_DH_PublicKey.Get(); |
1956 | 0 | } else { |
1957 | 0 | parameters["pub"] = getBignum(); |
1958 | 0 | } |
1959 | |
|
1960 | 0 | if ( Pool_DH_PrivateKey.Have() && getBool() == true ) { |
1961 | 0 | parameters["priv"] = Pool_DH_PrivateKey.Get(); |
1962 | 0 | } else { |
1963 | 0 | parameters["priv"] = getBignum(); |
1964 | 0 | } |
1965 | |
|
1966 | 0 | cryptofuzz::operation::DH_Derive op(parameters); |
1967 | 0 | op.Serialize(dsOut2); |
1968 | 0 | } |
1969 | 0 | break; |
1970 | 0 | case CF_OPERATION("BLS_PrivateToPublic"): |
1971 | 0 | { |
1972 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1973 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1974 | |
|
1975 | 0 | parameters["priv"] = getBignum(); |
1976 | |
|
1977 | 0 | cryptofuzz::operation::BLS_PrivateToPublic op(parameters); |
1978 | 0 | op.Serialize(dsOut2); |
1979 | 0 | } |
1980 | 0 | break; |
1981 | 0 | case CF_OPERATION("BLS_PrivateToPublic_G2"): |
1982 | 0 | { |
1983 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1984 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1985 | |
|
1986 | 0 | parameters["priv"] = getBignum(); |
1987 | |
|
1988 | 0 | cryptofuzz::operation::BLS_PrivateToPublic_G2 op(parameters); |
1989 | 0 | op.Serialize(dsOut2); |
1990 | 0 | } |
1991 | 0 | break; |
1992 | 0 | case CF_OPERATION("BLS_Sign"): |
1993 | 0 | { |
1994 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
1995 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
1996 | 0 | const auto hashOrPoint = getBool(); |
1997 | | //const auto hashOrPoint = false; |
1998 | 0 | parameters["hashOrPoint"] = hashOrPoint; |
1999 | 0 | if ( hashOrPoint == true ) { |
2000 | | //parameters["cleartext"] = getBuffer(PRNG() % 32); |
2001 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
2002 | 0 | parameters["point_v"] = ""; |
2003 | 0 | parameters["point_w"] = ""; |
2004 | 0 | parameters["point_x"] = ""; |
2005 | 0 | parameters["point_y"] = ""; |
2006 | 0 | } else { |
2007 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2008 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2009 | 0 | parameters["point_v"] = GET_OR_BIGNUM(P.g2_v); |
2010 | 0 | parameters["point_w"] = GET_OR_BIGNUM(P.g2_w); |
2011 | 0 | parameters["point_x"] = GET_OR_BIGNUM(P.g2_x); |
2012 | 0 | parameters["point_y"] = GET_OR_BIGNUM(P.g2_y); |
2013 | 0 | } else { |
2014 | 0 | parameters["point_v"] = getBignum(); |
2015 | 0 | parameters["point_w"] = getBignum(); |
2016 | 0 | parameters["point_x"] = getBignum(); |
2017 | 0 | parameters["point_y"] = getBignum(); |
2018 | 0 | } |
2019 | |
|
2020 | 0 | parameters["cleartext"] = ""; |
2021 | 0 | } |
2022 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
2023 | 0 | parameters["aug"] = ""; |
2024 | 0 | parameters["priv"] = getBignum(); |
2025 | |
|
2026 | 0 | cryptofuzz::operation::BLS_Sign op(parameters); |
2027 | 0 | op.Serialize(dsOut2); |
2028 | 0 | } |
2029 | 0 | break; |
2030 | 0 | case CF_OPERATION("BLS_Verify"): |
2031 | 0 | { |
2032 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2033 | |
|
2034 | 0 | if ( Pool_CurveBLSSignature.Have() == true ) { |
2035 | 0 | const auto P = Pool_CurveBLSSignature.Get(); |
2036 | |
|
2037 | 0 | parameters["curveType"] = hint_ecc_mont(P.curveID); |
2038 | 0 | parameters["hashOrPoint"] = P.hashOrPoint; |
2039 | 0 | parameters["point_v"] = GET_OR_BIGNUM(P.point_v); |
2040 | 0 | parameters["point_w"] = GET_OR_BIGNUM(P.point_w); |
2041 | 0 | parameters["point_x"] = GET_OR_BIGNUM(P.point_x); |
2042 | 0 | parameters["point_y"] = GET_OR_BIGNUM(P.point_y); |
2043 | 0 | parameters["cleartext"] = P.cleartext; |
2044 | 0 | parameters["dest"] = P.dest; |
2045 | 0 | parameters["aug"] = P.aug; |
2046 | 0 | parameters["pub_x"] = GET_OR_BIGNUM(P.pub_x); |
2047 | 0 | parameters["pub_y"] = GET_OR_BIGNUM(P.pub_y); |
2048 | 0 | parameters["sig_v"] = GET_OR_BIGNUM(P.sig_v); |
2049 | 0 | parameters["sig_w"] = GET_OR_BIGNUM(P.sig_w); |
2050 | 0 | parameters["sig_x"] = GET_OR_BIGNUM(P.sig_x); |
2051 | 0 | parameters["sig_y"] = GET_OR_BIGNUM(P.sig_y); |
2052 | 0 | } else { |
2053 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2054 | 0 | const auto hashOrPoint = getBool(); |
2055 | 0 | parameters["hashOrPoint"] = hashOrPoint; |
2056 | 0 | if ( hashOrPoint == true ) { |
2057 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 32); |
2058 | 0 | parameters["point_v"] = ""; |
2059 | 0 | parameters["point_w"] = ""; |
2060 | 0 | parameters["point_x"] = ""; |
2061 | 0 | parameters["point_y"] = ""; |
2062 | 0 | } else { |
2063 | 0 | parameters["point_v"] = getBignum(); |
2064 | 0 | parameters["point_w"] = getBignum(); |
2065 | 0 | parameters["point_x"] = getBignum(); |
2066 | 0 | parameters["point_y"] = getBignum(); |
2067 | 0 | parameters["cleartext"] = ""; |
2068 | 0 | } |
2069 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
2070 | 0 | parameters["pub_x"] = getBignum(); |
2071 | 0 | parameters["pub_y"] = getBignum(); |
2072 | 0 | parameters["sig_v"] = getBignum(); |
2073 | 0 | parameters["sig_w"] = getBignum(); |
2074 | 0 | parameters["sig_x"] = getBignum(); |
2075 | 0 | parameters["sig_y"] = getBignum(); |
2076 | 0 | } |
2077 | |
|
2078 | 0 | cryptofuzz::operation::BLS_Verify op(parameters); |
2079 | 0 | op.Serialize(dsOut2); |
2080 | 0 | } |
2081 | 0 | break; |
2082 | 0 | case CF_OPERATION("BLS_BatchSign"): |
2083 | 0 | { |
2084 | 0 | parameters["modifier"] = ""; |
2085 | | |
2086 | | //const size_t num = PRNG() % 100; |
2087 | | //const size_t num = (PRNG() % 50) + 30; |
2088 | 0 | const size_t num = (PRNG() % 8) + 1; |
2089 | |
|
2090 | 0 | parameters["bf"] = nlohmann::json::array(); |
2091 | |
|
2092 | 0 | for (size_t i = 0; i < num; i++) { |
2093 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2094 | |
|
2095 | 0 | nlohmann::json p; |
2096 | |
|
2097 | 0 | p["priv"] = getBignum(); |
2098 | 0 | p["g1_x"] = P.g1_x; |
2099 | 0 | p["g1_y"] = P.g1_y; |
2100 | |
|
2101 | 0 | parameters["bf"].push_back(p); |
2102 | 0 | } |
2103 | |
|
2104 | 0 | cryptofuzz::operation::BLS_BatchSign op(parameters); |
2105 | 0 | op.Serialize(dsOut2); |
2106 | |
|
2107 | 0 | generateECCPoint(); |
2108 | 0 | } |
2109 | 0 | break; |
2110 | 0 | case CF_OPERATION("BLS_BatchVerify"): |
2111 | 0 | { |
2112 | 0 | parameters["modifier"] = ""; |
2113 | 0 | parameters["dest"] = get_BLS_predefined_DST(); |
2114 | |
|
2115 | 0 | std::vector< |
2116 | 0 | std::pair< |
2117 | 0 | std::array<std::string, 2>, |
2118 | 0 | std::array<std::string, 4> |
2119 | 0 | > |
2120 | 0 | > points; |
2121 | |
|
2122 | 0 | if ( Pool_BLS_BatchSignature.Have() == true ) { |
2123 | 0 | const auto sig = Pool_BLS_BatchSignature.Get(); |
2124 | |
|
2125 | 0 | for (const auto& mp : sig.msgpub) { |
2126 | 0 | std::array<std::string, 2> g1; |
2127 | 0 | std::array<std::string, 4> g2; |
2128 | |
|
2129 | 0 | switch ( PRNG() % 3 ) { |
2130 | 0 | case 0: |
2131 | 0 | { |
2132 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2133 | 0 | g1 = {P.g1_x, P.g1_y}; |
2134 | 0 | } |
2135 | 0 | break; |
2136 | 0 | case 1: |
2137 | 0 | g1 = {mp.first.g1_x, mp.first.g1_y}; |
2138 | 0 | break; |
2139 | 0 | case 2: |
2140 | 0 | g1 = {getBignum(), getBignum()}; |
2141 | 0 | break; |
2142 | 0 | } |
2143 | | |
2144 | 0 | if ( (PRNG()%3) == 0 ) { |
2145 | 0 | const auto P2 = Pool_CurveBLSG2.Get(); |
2146 | 0 | g2 = {P2.g2_v, P2.g2_w, P2.g2_x, P2.g2_y}; |
2147 | 0 | } else { |
2148 | 0 | g2 = {mp.second.g2_v, mp.second.g2_w, mp.second.g2_x, mp.second.g2_y}; |
2149 | 0 | } |
2150 | |
|
2151 | 0 | points.push_back({g1, g2}); |
2152 | 0 | } |
2153 | | |
2154 | 0 | parameters["bf"] = nlohmann::json::array(); |
2155 | |
|
2156 | 0 | std::shuffle(std::begin(points), std::end(points), rng); |
2157 | |
|
2158 | 0 | for (const auto& p : points) { |
2159 | 0 | nlohmann::json cur; |
2160 | 0 | cur["g1_x"] = p.first[0]; |
2161 | 0 | cur["g1_y"] = p.first[1]; |
2162 | |
|
2163 | 0 | cur["g2_v"] = p.second[0]; |
2164 | 0 | cur["g2_w"] = p.second[1]; |
2165 | 0 | cur["g2_x"] = p.second[2]; |
2166 | 0 | cur["g2_y"] = p.second[3]; |
2167 | 0 | parameters["bf"].push_back(cur); |
2168 | 0 | } |
2169 | |
|
2170 | 0 | cryptofuzz::operation::BLS_BatchVerify op(parameters); |
2171 | 0 | op.Serialize(dsOut2); |
2172 | 0 | } else { |
2173 | 0 | goto end; |
2174 | 0 | } |
2175 | 0 | } |
2176 | 0 | break; |
2177 | 0 | case CF_OPERATION("BLS_IsG1OnCurve"): |
2178 | 0 | { |
2179 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2180 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2181 | |
|
2182 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2183 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2184 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
2185 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
2186 | 0 | } else { |
2187 | 0 | parameters["g1_x"] = getBignum(); |
2188 | 0 | parameters["g1_y"] = getBignum(); |
2189 | 0 | } |
2190 | |
|
2191 | 0 | cryptofuzz::operation::BLS_IsG1OnCurve op(parameters); |
2192 | 0 | op.Serialize(dsOut2); |
2193 | |
|
2194 | 0 | generateECCPoint(); |
2195 | 0 | } |
2196 | 0 | break; |
2197 | 0 | case CF_OPERATION("BLS_IsG2OnCurve"): |
2198 | 0 | { |
2199 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2200 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2201 | |
|
2202 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2203 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2204 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
2205 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
2206 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
2207 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
2208 | 0 | } else { |
2209 | 0 | parameters["g2_v"] = getBignum(); |
2210 | 0 | parameters["g2_w"] = getBignum(); |
2211 | 0 | parameters["g2_x"] = getBignum(); |
2212 | 0 | parameters["g2_y"] = getBignum(); |
2213 | 0 | } |
2214 | |
|
2215 | 0 | cryptofuzz::operation::BLS_IsG2OnCurve op(parameters); |
2216 | 0 | op.Serialize(dsOut2); |
2217 | 0 | } |
2218 | 0 | break; |
2219 | 0 | case CF_OPERATION("BLS_GenerateKeyPair"): |
2220 | 0 | { |
2221 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2222 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2223 | 0 | parameters["ikm"] = getBuffer(PRNG() % 512); |
2224 | 0 | parameters["info"] = getBuffer(PRNG() % 512); |
2225 | |
|
2226 | 0 | cryptofuzz::operation::BLS_GenerateKeyPair op(parameters); |
2227 | 0 | op.Serialize(dsOut2); |
2228 | 0 | } |
2229 | 0 | break; |
2230 | 0 | case CF_OPERATION("BLS_Decompress_G1"): |
2231 | 0 | { |
2232 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2233 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2234 | 0 | parameters["compressed"] = getBignum(); |
2235 | |
|
2236 | 0 | cryptofuzz::operation::BLS_Decompress_G1 op(parameters); |
2237 | 0 | op.Serialize(dsOut2); |
2238 | 0 | } |
2239 | 0 | break; |
2240 | 0 | case CF_OPERATION("BLS_Compress_G1"): |
2241 | 0 | { |
2242 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2243 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2244 | |
|
2245 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2246 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2247 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
2248 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
2249 | 0 | } else { |
2250 | 0 | parameters["g1_x"] = getBignum(); |
2251 | 0 | parameters["g1_y"] = getBignum(); |
2252 | 0 | } |
2253 | |
|
2254 | 0 | cryptofuzz::operation::BLS_Compress_G1 op(parameters); |
2255 | 0 | op.Serialize(dsOut2); |
2256 | |
|
2257 | 0 | generateECCPoint(); |
2258 | 0 | } |
2259 | 0 | break; |
2260 | 0 | case CF_OPERATION("BLS_Decompress_G2"): |
2261 | 0 | { |
2262 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2263 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2264 | 0 | parameters["g1_x"] = getBignum(); |
2265 | 0 | parameters["g1_y"] = getBignum(); |
2266 | |
|
2267 | 0 | cryptofuzz::operation::BLS_Decompress_G2 op(parameters); |
2268 | 0 | op.Serialize(dsOut2); |
2269 | 0 | } |
2270 | 0 | break; |
2271 | 0 | case CF_OPERATION("BLS_Compress_G2"): |
2272 | 0 | { |
2273 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2274 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2275 | |
|
2276 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2277 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2278 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
2279 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
2280 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
2281 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
2282 | 0 | } else { |
2283 | 0 | parameters["g2_v"] = getBignum(); |
2284 | 0 | parameters["g2_w"] = getBignum(); |
2285 | 0 | parameters["g2_x"] = getBignum(); |
2286 | 0 | parameters["g2_y"] = getBignum(); |
2287 | 0 | } |
2288 | |
|
2289 | 0 | cryptofuzz::operation::BLS_Compress_G2 op(parameters); |
2290 | 0 | op.Serialize(dsOut2); |
2291 | 0 | } |
2292 | 0 | break; |
2293 | 0 | case CF_OPERATION("BLS_HashToG1"): |
2294 | 0 | { |
2295 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2296 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2297 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 1024); |
2298 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
2299 | |
|
2300 | 0 | parameters["aug"] = getBuffer(PRNG() % 1024); |
2301 | |
|
2302 | 0 | cryptofuzz::operation::BLS_HashToG1 op(parameters); |
2303 | 0 | op.Serialize(dsOut2); |
2304 | 0 | } |
2305 | 0 | break; |
2306 | 0 | case CF_OPERATION("BLS_HashToG2"): |
2307 | 0 | { |
2308 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2309 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2310 | 0 | parameters["cleartext"] = getBuffer(PRNG() % 1024); |
2311 | 0 | parameters["dest"] = getBool() ? getBuffer(PRNG() % 512) : get_BLS_predefined_DST(); |
2312 | 0 | parameters["aug"] = getBuffer(PRNG() % 1024); |
2313 | |
|
2314 | 0 | cryptofuzz::operation::BLS_HashToG2 op(parameters); |
2315 | 0 | op.Serialize(dsOut2); |
2316 | 0 | } |
2317 | 0 | break; |
2318 | 0 | case CF_OPERATION("BLS_MapToG1"): |
2319 | 0 | { |
2320 | 0 | parameters["modifier"] = ""; |
2321 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2322 | 0 | parameters["u"] = getBignum(); |
2323 | 0 | parameters["v"] = getBignum(); |
2324 | |
|
2325 | 0 | cryptofuzz::operation::BLS_MapToG1 op(parameters); |
2326 | 0 | op.Serialize(dsOut2); |
2327 | 0 | } |
2328 | 0 | break; |
2329 | 0 | case CF_OPERATION("BLS_MapToG2"): |
2330 | 0 | { |
2331 | 0 | parameters["modifier"] = ""; |
2332 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2333 | 0 | parameters["u"][0] = getBignum(); |
2334 | 0 | parameters["u"][1] = getBignum(); |
2335 | 0 | parameters["v"][0] = getBignum(); |
2336 | 0 | parameters["v"][1] = getBignum(); |
2337 | |
|
2338 | 0 | cryptofuzz::operation::BLS_MapToG2 op(parameters); |
2339 | 0 | op.Serialize(dsOut2); |
2340 | 0 | } |
2341 | 0 | break; |
2342 | 0 | case CF_OPERATION("BLS_Pairing"): |
2343 | 0 | { |
2344 | 0 | parameters["modifier"] = ""; |
2345 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2346 | |
|
2347 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2348 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2349 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
2350 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
2351 | 0 | } else { |
2352 | 0 | parameters["g1_x"] = getBignum(); |
2353 | 0 | parameters["g1_y"] = getBignum(); |
2354 | 0 | } |
2355 | |
|
2356 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2357 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2358 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
2359 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
2360 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
2361 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
2362 | 0 | } else { |
2363 | 0 | parameters["g2_v"] = getBignum(); |
2364 | 0 | parameters["g2_w"] = getBignum(); |
2365 | 0 | parameters["g2_x"] = getBignum(); |
2366 | 0 | parameters["g2_y"] = getBignum(); |
2367 | 0 | } |
2368 | |
|
2369 | 0 | cryptofuzz::operation::BLS_Pairing op(parameters); |
2370 | 0 | op.Serialize(dsOut2); |
2371 | |
|
2372 | 0 | generateECCPoint(); |
2373 | 0 | } |
2374 | 0 | break; |
2375 | 0 | case CF_OPERATION("BLS_MillerLoop"): |
2376 | 0 | { |
2377 | 0 | parameters["modifier"] = ""; |
2378 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2379 | |
|
2380 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2381 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2382 | 0 | parameters["g1_x"] = GET_OR_BIGNUM(P.g1_x); |
2383 | 0 | parameters["g1_y"] = GET_OR_BIGNUM(P.g1_y); |
2384 | 0 | } else { |
2385 | 0 | parameters["g1_x"] = getBignum(); |
2386 | 0 | parameters["g1_y"] = getBignum(); |
2387 | 0 | } |
2388 | |
|
2389 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2390 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2391 | 0 | parameters["g2_v"] = GET_OR_BIGNUM(P.g2_v); |
2392 | 0 | parameters["g2_w"] = GET_OR_BIGNUM(P.g2_w); |
2393 | 0 | parameters["g2_x"] = GET_OR_BIGNUM(P.g2_x); |
2394 | 0 | parameters["g2_y"] = GET_OR_BIGNUM(P.g2_y); |
2395 | 0 | } else { |
2396 | 0 | parameters["g2_v"] = getBignum(); |
2397 | 0 | parameters["g2_w"] = getBignum(); |
2398 | 0 | parameters["g2_x"] = getBignum(); |
2399 | 0 | parameters["g2_y"] = getBignum(); |
2400 | 0 | } |
2401 | |
|
2402 | 0 | cryptofuzz::operation::BLS_MillerLoop op(parameters); |
2403 | 0 | op.Serialize(dsOut2); |
2404 | |
|
2405 | 0 | generateECCPoint(); |
2406 | 0 | } |
2407 | 0 | break; |
2408 | 0 | case CF_OPERATION("BLS_FinalExp"): |
2409 | 0 | { |
2410 | 0 | parameters["modifier"] = ""; |
2411 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2412 | |
|
2413 | 0 | if ( Pool_Fp12.Have() && getBool() == true ) { |
2414 | 0 | const auto Fp12 = Pool_Fp12.Get(); |
2415 | |
|
2416 | 0 | parameters["fp12"][0] = Fp12.bn1; |
2417 | 0 | parameters["fp12"][1] = Fp12.bn2; |
2418 | 0 | parameters["fp12"][2] = Fp12.bn3; |
2419 | 0 | parameters["fp12"][3] = Fp12.bn4; |
2420 | 0 | parameters["fp12"][4] = Fp12.bn5; |
2421 | 0 | parameters["fp12"][5] = Fp12.bn6; |
2422 | 0 | parameters["fp12"][6] = Fp12.bn7; |
2423 | 0 | parameters["fp12"][7] = Fp12.bn8; |
2424 | 0 | parameters["fp12"][8] = Fp12.bn9; |
2425 | 0 | parameters["fp12"][9] = Fp12.bn10; |
2426 | 0 | parameters["fp12"][10] = Fp12.bn11; |
2427 | 0 | parameters["fp12"][11] = Fp12.bn12; |
2428 | 0 | } else { |
2429 | 0 | parameters["fp12"][0] = getBignum(); |
2430 | 0 | parameters["fp12"][1] = getBignum(); |
2431 | 0 | parameters["fp12"][2] = getBignum(); |
2432 | 0 | parameters["fp12"][3] = getBignum(); |
2433 | 0 | parameters["fp12"][4] = getBignum(); |
2434 | 0 | parameters["fp12"][5] = getBignum(); |
2435 | 0 | parameters["fp12"][6] = getBignum(); |
2436 | 0 | parameters["fp12"][7] = getBignum(); |
2437 | 0 | parameters["fp12"][8] = getBignum(); |
2438 | 0 | parameters["fp12"][9] = getBignum(); |
2439 | 0 | parameters["fp12"][10] = getBignum(); |
2440 | 0 | parameters["fp12"][11] = getBignum(); |
2441 | 0 | } |
2442 | |
|
2443 | 0 | cryptofuzz::operation::BLS_FinalExp op(parameters); |
2444 | 0 | op.Serialize(dsOut2); |
2445 | 0 | } |
2446 | 0 | break; |
2447 | 0 | case CF_OPERATION("BLS_G1_Add"): |
2448 | 0 | { |
2449 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2450 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2451 | |
|
2452 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2453 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2454 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2455 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2456 | 0 | } else { |
2457 | 0 | parameters["a_x"] = getBignum(); |
2458 | 0 | parameters["a_y"] = getBignum(); |
2459 | 0 | } |
2460 | |
|
2461 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2462 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2463 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g1_x); |
2464 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g1_y); |
2465 | 0 | } else { |
2466 | 0 | parameters["b_x"] = getBignum(); |
2467 | 0 | parameters["b_y"] = getBignum(); |
2468 | 0 | } |
2469 | |
|
2470 | 0 | cryptofuzz::operation::BLS_G1_Add op(parameters); |
2471 | 0 | op.Serialize(dsOut2); |
2472 | |
|
2473 | 0 | generateECCPoint(); |
2474 | 0 | } |
2475 | 0 | break; |
2476 | 0 | case CF_OPERATION("BLS_G1_Mul"): |
2477 | 0 | { |
2478 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2479 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2480 | |
|
2481 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2482 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2483 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2484 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2485 | 0 | } else { |
2486 | 0 | parameters["a_x"] = getBignum(); |
2487 | 0 | parameters["a_y"] = getBignum(); |
2488 | 0 | } |
2489 | |
|
2490 | 0 | parameters["b"] = getBignum(); |
2491 | |
|
2492 | 0 | cryptofuzz::operation::BLS_G1_Mul op(parameters); |
2493 | 0 | op.Serialize(dsOut2); |
2494 | |
|
2495 | 0 | generateECCPoint(); |
2496 | 0 | } |
2497 | 0 | break; |
2498 | 0 | case CF_OPERATION("BLS_G1_IsEq"): |
2499 | 0 | { |
2500 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2501 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2502 | |
|
2503 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2504 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2505 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2506 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2507 | 0 | } else { |
2508 | 0 | parameters["a_x"] = getBignum(); |
2509 | 0 | parameters["a_y"] = getBignum(); |
2510 | 0 | } |
2511 | |
|
2512 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2513 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2514 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g1_x); |
2515 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g1_y); |
2516 | 0 | } else { |
2517 | 0 | parameters["b_x"] = getBignum(); |
2518 | 0 | parameters["b_y"] = getBignum(); |
2519 | 0 | } |
2520 | |
|
2521 | 0 | cryptofuzz::operation::BLS_G1_IsEq op(parameters); |
2522 | 0 | op.Serialize(dsOut2); |
2523 | |
|
2524 | 0 | generateECCPoint(); |
2525 | 0 | } |
2526 | 0 | break; |
2527 | 0 | case CF_OPERATION("BLS_G1_Neg"): |
2528 | 0 | { |
2529 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2530 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2531 | |
|
2532 | 0 | if ( getBool() && Pool_CurveBLSG1.Have() == true ) { |
2533 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2534 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g1_x); |
2535 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g1_y); |
2536 | 0 | } else { |
2537 | 0 | parameters["a_x"] = getBignum(); |
2538 | 0 | parameters["a_y"] = getBignum(); |
2539 | 0 | } |
2540 | |
|
2541 | 0 | cryptofuzz::operation::BLS_G1_Neg op(parameters); |
2542 | 0 | op.Serialize(dsOut2); |
2543 | |
|
2544 | 0 | generateECCPoint(); |
2545 | 0 | } |
2546 | 0 | break; |
2547 | 0 | case CF_OPERATION("BLS_G2_Add"): |
2548 | 0 | { |
2549 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2550 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2551 | |
|
2552 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2553 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2554 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2555 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2556 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2557 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2558 | 0 | } else { |
2559 | 0 | parameters["a_v"] = getBignum(); |
2560 | 0 | parameters["a_w"] = getBignum(); |
2561 | 0 | parameters["a_x"] = getBignum(); |
2562 | 0 | parameters["a_y"] = getBignum(); |
2563 | 0 | } |
2564 | |
|
2565 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2566 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2567 | 0 | parameters["b_v"] = GET_OR_BIGNUM(P.g2_v); |
2568 | 0 | parameters["b_w"] = GET_OR_BIGNUM(P.g2_w); |
2569 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g2_x); |
2570 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g2_y); |
2571 | 0 | } else { |
2572 | 0 | parameters["b_v"] = getBignum(); |
2573 | 0 | parameters["b_w"] = getBignum(); |
2574 | 0 | parameters["b_x"] = getBignum(); |
2575 | 0 | parameters["b_y"] = getBignum(); |
2576 | 0 | } |
2577 | |
|
2578 | 0 | cryptofuzz::operation::BLS_G2_Add op(parameters); |
2579 | 0 | op.Serialize(dsOut2); |
2580 | 0 | } |
2581 | 0 | break; |
2582 | 0 | case CF_OPERATION("BLS_G2_Mul"): |
2583 | 0 | { |
2584 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2585 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2586 | |
|
2587 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2588 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2589 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2590 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2591 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2592 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2593 | 0 | } else { |
2594 | 0 | parameters["a_v"] = getBignum(); |
2595 | 0 | parameters["a_w"] = getBignum(); |
2596 | 0 | parameters["a_x"] = getBignum(); |
2597 | 0 | parameters["a_y"] = getBignum(); |
2598 | 0 | } |
2599 | |
|
2600 | 0 | parameters["b"] = getBignum(); |
2601 | |
|
2602 | 0 | cryptofuzz::operation::BLS_G2_Mul op(parameters); |
2603 | 0 | op.Serialize(dsOut2); |
2604 | 0 | } |
2605 | 0 | break; |
2606 | 0 | case CF_OPERATION("BLS_G2_IsEq"): |
2607 | 0 | { |
2608 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2609 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2610 | |
|
2611 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2612 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2613 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2614 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2615 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2616 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2617 | 0 | } else { |
2618 | 0 | parameters["a_v"] = getBignum(); |
2619 | 0 | parameters["a_w"] = getBignum(); |
2620 | 0 | parameters["a_x"] = getBignum(); |
2621 | 0 | parameters["a_y"] = getBignum(); |
2622 | 0 | } |
2623 | |
|
2624 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2625 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2626 | 0 | parameters["b_v"] = GET_OR_BIGNUM(P.g2_v); |
2627 | 0 | parameters["b_w"] = GET_OR_BIGNUM(P.g2_w); |
2628 | 0 | parameters["b_x"] = GET_OR_BIGNUM(P.g2_x); |
2629 | 0 | parameters["b_y"] = GET_OR_BIGNUM(P.g2_y); |
2630 | 0 | } else { |
2631 | 0 | parameters["b_v"] = getBignum(); |
2632 | 0 | parameters["b_w"] = getBignum(); |
2633 | 0 | parameters["b_x"] = getBignum(); |
2634 | 0 | parameters["b_y"] = getBignum(); |
2635 | 0 | } |
2636 | |
|
2637 | 0 | cryptofuzz::operation::BLS_G2_IsEq op(parameters); |
2638 | 0 | op.Serialize(dsOut2); |
2639 | 0 | } |
2640 | 0 | break; |
2641 | 0 | case CF_OPERATION("BLS_G2_Neg"): |
2642 | 0 | { |
2643 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1000); |
2644 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2645 | |
|
2646 | 0 | if ( getBool() && Pool_CurveBLSG2.Have() == true ) { |
2647 | 0 | const auto P = Pool_CurveBLSG2.Get(); |
2648 | 0 | parameters["a_v"] = GET_OR_BIGNUM(P.g2_v); |
2649 | 0 | parameters["a_w"] = GET_OR_BIGNUM(P.g2_w); |
2650 | 0 | parameters["a_x"] = GET_OR_BIGNUM(P.g2_x); |
2651 | 0 | parameters["a_y"] = GET_OR_BIGNUM(P.g2_y); |
2652 | 0 | } else { |
2653 | 0 | parameters["a_v"] = getBignum(); |
2654 | 0 | parameters["a_w"] = getBignum(); |
2655 | 0 | parameters["a_x"] = getBignum(); |
2656 | 0 | parameters["a_y"] = getBignum(); |
2657 | 0 | } |
2658 | |
|
2659 | 0 | cryptofuzz::operation::BLS_G2_Neg op(parameters); |
2660 | 0 | op.Serialize(dsOut2); |
2661 | 0 | } |
2662 | 0 | break; |
2663 | 0 | case CF_OPERATION("BLS_G1_MultiExp"): |
2664 | 0 | { |
2665 | 0 | parameters["modifier"] = ""; |
2666 | 0 | parameters["curveType"] = hint_ecc_mont(getRandomCurve()); |
2667 | |
|
2668 | 0 | const size_t num = (PRNG() % 256) + 2; |
2669 | 0 | parameters["points_scalars"] = nlohmann::json::array(); |
2670 | |
|
2671 | 0 | for (size_t i = 0; i < num; i++) { |
2672 | 0 | nlohmann::json ps; |
2673 | |
|
2674 | 0 | if ( Pool_CurveBLSG1.Have() == true ) { |
2675 | 0 | const auto P = Pool_CurveBLSG1.Get(); |
2676 | 0 | ps["x"] = P.g1_x; |
2677 | 0 | ps["y"] = P.g1_y; |
2678 | 0 | } else { |
2679 | 0 | ps["x"] = getBignum(); |
2680 | 0 | ps["y"] = getBignum(); |
2681 | 0 | } |
2682 | 0 | ps["scalar"] = getBignum(); |
2683 | 0 | parameters["points_scalars"].push_back(ps); |
2684 | 0 | } |
2685 | |
|
2686 | 0 | cryptofuzz::operation::BLS_G1_MultiExp op(parameters); |
2687 | 0 | op.Serialize(dsOut2); |
2688 | 0 | } |
2689 | 0 | break; |
2690 | 0 | case CF_OPERATION("SR25519_Verify"): |
2691 | 0 | { |
2692 | 0 | parameters["modifier"] = getBuffer(PRNG() % 1024); |
2693 | |
|
2694 | 0 | parameters["signature"]["pub"] = getBignum(); |
2695 | |
|
2696 | 0 | parameters["signature"]["signature"][0] = getBignum(); |
2697 | 0 | parameters["signature"]["signature"][1] = getBignum(); |
2698 | |
|
2699 | 0 | parameters["cleartext"] = cryptofuzz::util::DecToHex(getBignum(true), (PRNG() % 64) * 2); |
2700 | |
|
2701 | 0 | cryptofuzz::operation::SR25519_Verify op(parameters); |
2702 | 0 | op.Serialize(dsOut2); |
2703 | 0 | } |
2704 | 0 | break; |
2705 | 0 | default: |
2706 | 0 | goto end; |
2707 | 0 | } |
2708 | 0 | #undef GET_OR_BIGNUM |
2709 | | |
2710 | 0 | fuzzing::datasource::Datasource dsOut(nullptr, 0); |
2711 | | |
2712 | | /* Operation ID */ |
2713 | 0 | dsOut.Put<uint64_t>(operation); |
2714 | |
|
2715 | 0 | dsOut.PutData(dsOut2.GetOut()); |
2716 | | |
2717 | | /* Modifier */ |
2718 | 0 | if ( reuseModifier == true && !modifier.empty() ) { |
2719 | 0 | dsOut.PutData(modifier); |
2720 | 0 | } else { |
2721 | 0 | size_t modifierMaxSize = maxSize / 10; |
2722 | 0 | if ( modifierMaxSize == 0 ) { |
2723 | 0 | modifierMaxSize = 1; |
2724 | 0 | } |
2725 | |
|
2726 | 0 | dsOut.PutData(getBufferBin(PRNG() % modifierMaxSize)); |
2727 | 0 | } |
2728 | | |
2729 | | /* Module ID */ |
2730 | 0 | dsOut.Put<uint64_t>( ModuleLUT[ PRNG() % (sizeof(ModuleLUT) / sizeof(ModuleLUT[0])) ].id ); |
2731 | | |
2732 | | /* Terminator */ |
2733 | 0 | dsOut.Put<bool>(false); |
2734 | |
|
2735 | 0 | const auto insertSize = dsOut.GetOut().size(); |
2736 | 0 | if ( insertSize <= maxSize ) { |
2737 | 0 | memcpy(data, dsOut.GetOut().data(), insertSize); |
2738 | |
|
2739 | 0 | if ( getBool() == true ) { |
2740 | 0 | return insertSize; |
2741 | 0 | } |
2742 | | |
2743 | | /* Fall through to LLVMFuzzerMutate */ |
2744 | 0 | } |
2745 | 0 | } |
2746 | | |
2747 | 0 | end: |
2748 | 0 | return LLVMFuzzerMutate(data, size, maxSize); |
2749 | 0 | } |