-
Notifications
You must be signed in to change notification settings - Fork 279
/
Copy pathtarget.cc
151 lines (123 loc) · 3.88 KB
/
target.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
// Copyright 2016 Google Inc. All Rights Reserved.
// Licensed under the Apache License, Version 2.0 (the "License");
// Find CVE-2015-3193. Derived from
// https://github.com/hannob/bignum-fuzz/blob/master/CVE-2015-3193-openssl-vs-gcrypt-modexp.c
/* Fuzz-compare the OpenSSL function BN_mod_exp() and the libgcrypt function gcry_mpi_powm().
*
* To use this you should compile both libgcrypt and openssl with american fuzzy lop and then statically link everything together, e.g.:
* afl-clang-fast -o [output] [input] libgcrypt.a libcrypto.a -lgpg-error
*
* Input is a binary file, the first bytes will decide how the rest of the file will be split into three bignums.
*
* by Hanno Böck, license CC0 (public domain)
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <openssl/bn.h>
#include <gcrypt.h>
#define MAXBUF 1000000
struct big_results {
char *name;
char *a;
char *b;
char *c;
char *exptmod;
};
void printres(struct big_results *res) {
printf("\n%s:\n", res->name);
printf("a: %s\n", res->a);
printf("b: %s\n", res->b);
printf("c: %s\n", res->c);
printf("b^c mod a: %s\n", res->exptmod);
}
void freeres(struct big_results *res) {
free(res->a);
free(res->b);
free(res->c);
free(res->exptmod);
}
char *gcrytostring(gcry_mpi_t in) {
char *a, *b;
size_t i;
size_t j=0;
gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char**) &a, &i, in);
while(a[j]=='0' && j<(i-2)) j++;
if ((j%2)==1) j--;
if (strncmp(&a[j],"00",2)==0) j++;
b=(char*)malloc(i-j);
strcpy(b, &a[j]);
free(a);
return b;
}
/* test gcry functions from libgcrypt */
void gcrytest(unsigned char* a_raw, int a_len, unsigned char* b_raw, int b_len, unsigned char* c_raw, int c_len, struct big_results *res) {
gcry_mpi_t a, b, c, res1, res2;
/* unknown leak here */
gcry_mpi_scan(&a, GCRYMPI_FMT_USG, a_raw, a_len, NULL);
res->a = gcrytostring(a);
gcry_mpi_scan(&b, GCRYMPI_FMT_USG, b_raw, b_len, NULL);
res->b = gcrytostring(b);
gcry_mpi_scan(&c, GCRYMPI_FMT_USG, c_raw, c_len, NULL);
res->c = gcrytostring(c);
res1=gcry_mpi_new(0);
gcry_mpi_powm(res1, b, c, a);
res->exptmod=gcrytostring(res1);
gcry_mpi_release(a);
gcry_mpi_release(b);
gcry_mpi_release(c);
gcry_mpi_release(res1);
}
/* test bn functions from openssl/libcrypto */
void bntest(unsigned char* a_raw, int a_len, unsigned char* b_raw, int b_len, unsigned char* c_raw, int c_len, struct big_results *res) {
BN_CTX *bctx = BN_CTX_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
BIGNUM *c = BN_new();
BIGNUM *res1 = BN_new();
BN_bin2bn(a_raw, a_len, a);
BN_bin2bn(b_raw, b_len, b);
BN_bin2bn(c_raw, c_len, c);
res->a = BN_bn2hex(a);
res->b = BN_bn2hex(b);
res->c = BN_bn2hex(c);
BN_mod_exp(res1, b, c, a, bctx);
res->exptmod = BN_bn2hex(res1);
BN_free(a);
BN_free(b);
BN_free(c);
BN_free(res1);
BN_CTX_free(bctx);
}
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {
size_t len, l1, l2,l3;
unsigned int divi1, divi2;
unsigned char *a, *b, *c;
struct big_results openssl_results= {"openssl",0,0,0,0};
struct big_results gcrypt_results= {"libgcrypt",0,0,0,0};
len = Size;
if (len<5) return 0;
divi1=Data[0];
divi2=Data[1];
divi1++;divi2++;
l1 = (len-2)*divi1/256;
l2 = (len-2-l1)*divi2/256;
l3 = (len-2-l1-l2);
assert(l1+l2+l3==len-2);
//printf("div1 div2 %i %i\n", divi1, divi2);
//printf("len l1 l2 l3 %i %i %i %i\n", (int)len,(int)l1,(int)l2,(int)l3);
a=const_cast<unsigned char*>(Data)+2;
b=const_cast<unsigned char*>(Data)+2+l1;
c=const_cast<unsigned char*>(Data)+2+l1+l2;
bntest(a, l1, b, l2, c, l3, &openssl_results);
//printres(&openssl_results);
if ((strcmp(openssl_results.a,"0")==0) || (strcmp(openssl_results.c,"0")==0)) goto END;
gcrytest(a, l1, b, l2, c, l3, &gcrypt_results);
//printres(&gcrypt_results);
assert(strcmp(openssl_results.exptmod, gcrypt_results.exptmod)==0);
END:
freeres(&openssl_results);
freeres(&gcrypt_results);
return 0;
}