fuzz/brontide: random+static round-trip encrypt+decrypt harnesses

2020-01-30 13:44:55 -05:00 · 2020-01-30 13:44:55 -05:00 · 0d42da0cb3
commit 0d42da0cb3
parent 0be5660a2a
4 changed files with 193 additions and 0 deletions
--- a/fuzz/brontide/random_init_enc_dec.go
+++ b/fuzz/brontide/random_init_enc_dec.go
@ -0,0 +1,48 @@
+// +build gofuzz
+
+package brontidefuzz
+
+import (
+	"bytes"
+	"math"
+)
+
+// Fuzz_random_init_enc_dec is a go-fuzz harness that tests round-trip
+// encryption and decryption between the initiator and the responder.
+func Fuzz_random_init_enc_dec(data []byte) int {
+	// Ensure that length of message is not greater than max allowed size.
+	if len(data) > math.MaxUint16 {
+		return 0
+	}
+
+	// This will return brontide machines with random keys.
+	initiator, responder := getBrontideMachines()
+
+	// Complete the brontide handshake.
+	completeHandshake(initiator, responder)
+
+	var b bytes.Buffer
+
+	// Encrypt the message using WriteMessage w/ initiator machine.
+	if err := initiator.WriteMessage(data); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Flush the encrypted message w/ initiator machine.
+	if _, err := initiator.Flush(&b); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Decrypt the ciphertext using ReadMessage w/ responder machine.
+	plaintext, err := responder.ReadMessage(&b)
+	if err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Check that the decrypted message and the original message are equal.
+	if !bytes.Equal(data, plaintext) {
+		nilAndPanic(initiator, responder, nil)
+	}
+
+	return 1
+}
--- a/fuzz/brontide/random_resp_enc_dec.go
+++ b/fuzz/brontide/random_resp_enc_dec.go
@ -0,0 +1,48 @@
+// +build gofuzz
+
+package brontidefuzz
+
+import (
+	"bytes"
+	"math"
+)
+
+// Fuzz_random_resp_enc_dec is a go-fuzz harness that tests round-trip
+// encryption and decryption between the responder and the initiator.
+func Fuzz_random_resp_enc_dec(data []byte) int {
+	// Ensure that length of message is not greater than max allowed size.
+	if len(data) > math.MaxUint16 {
+		return 0
+	}
+
+	// This will return brontide machines with random keys.
+	initiator, responder := getBrontideMachines()
+
+	// Complete the brontide handshake.
+	completeHandshake(initiator, responder)
+
+	var b bytes.Buffer
+
+	// Encrypt the message using WriteMessage w/ responder machine.
+	if err := responder.WriteMessage(data); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Flush the encrypted message w/ responder machine.
+	if _, err := responder.Flush(&b); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Decrypt the ciphertext using ReadMessage w/ initiator machine.
+	plaintext, err := initiator.ReadMessage(&b)
+	if err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Check that the decrypted message and the original message are equal.
+	if !bytes.Equal(data, plaintext) {
+		nilAndPanic(initiator, responder, nil)
+	}
+
+	return 1
+}
--- a/fuzz/brontide/static_init_enc_dec.go
+++ b/fuzz/brontide/static_init_enc_dec.go
@ -0,0 +1,49 @@
+// +build gofuzz
+
+package brontidefuzz
+
+import (
+	"bytes"
+	"math"
+)
+
+// Fuzz_static_init_enc_dec is a go-fuzz harness that tests round-trip
+// encryption and decryption
+// between the initiator and the responder.
+func Fuzz_static_init_enc_dec(data []byte) int {
+	// Ensure that length of message is not greater than max allowed size.
+	if len(data) > math.MaxUint16 {
+		return 0
+	}
+
+	// This will return brontide machines with static keys.
+	initiator, responder := getStaticBrontideMachines()
+
+	// Complete the brontide handshake.
+	completeHandshake(initiator, responder)
+
+	var b bytes.Buffer
+
+	// Encrypt the message using WriteMessage w/ initiator machine.
+	if err := initiator.WriteMessage(data); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Flush the encrypted message w/ initiator machine.
+	if _, err := initiator.Flush(&b); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Decrypt the ciphertext using ReadMessage w/ responder machine.
+	plaintext, err := responder.ReadMessage(&b)
+	if err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Check that the decrypted message and the original message are equal.
+	if !bytes.Equal(data, plaintext) {
+		nilAndPanic(initiator, responder, nil)
+	}
+
+	return 1
+}
--- a/fuzz/brontide/static_resp_enc_dec.go
+++ b/fuzz/brontide/static_resp_enc_dec.go
@ -0,0 +1,48 @@
+// +build gofuzz
+
+package brontidefuzz
+
+import (
+	"bytes"
+	"math"
+)
+
+// Fuzz_static_resp_enc_dec is a go-fuzz harness that tests round-trip
+// encryption and decryption between the responder and the initiator.
+func Fuzz_static_resp_enc_dec(data []byte) int {
+	// Ensure that length of message is not greater than max allowed size.
+	if len(data) > math.MaxUint16 {
+		return 0
+	}
+
+	// This will return brontide machines with static keys.
+	initiator, responder := getStaticBrontideMachines()
+
+	// Complete the brontide handshake.
+	completeHandshake(initiator, responder)
+
+	var b bytes.Buffer
+
+	// Encrypt the message using WriteMessage w/ responder machine.
+	if err := responder.WriteMessage(data); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Flush the encrypted message w/ responder machine.
+	if _, err := responder.Flush(&b); err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Decrypt the ciphertext using ReadMessage w/ initiator machine.
+	plaintext, err := initiator.ReadMessage(&b)
+	if err != nil {
+		nilAndPanic(initiator, responder, err)
+	}
+
+	// Check that the decrypted message and the original message are equal.
+	if !bytes.Equal(data, plaintext) {
+		nilAndPanic(initiator, responder, nil)
+	}
+
+	return 1
+}