fuzz/brontide: random+static round-trip encrypt+decrypt harnesses

This commit is contained in:
nsa 2020-01-30 13:44:55 -05:00
parent 0be5660a2a
commit 0d42da0cb3
No known key found for this signature in database
GPG Key ID: 118759E83439A9B1
4 changed files with 193 additions and 0 deletions

@ -0,0 +1,48 @@
// +build gofuzz
package brontidefuzz
import (
"bytes"
"math"
)
// Fuzz_random_init_enc_dec is a go-fuzz harness that tests round-trip
// encryption and decryption between the initiator and the responder.
func Fuzz_random_init_enc_dec(data []byte) int {
// Ensure that length of message is not greater than max allowed size.
if len(data) > math.MaxUint16 {
return 0
}
// This will return brontide machines with random keys.
initiator, responder := getBrontideMachines()
// Complete the brontide handshake.
completeHandshake(initiator, responder)
var b bytes.Buffer
// Encrypt the message using WriteMessage w/ initiator machine.
if err := initiator.WriteMessage(data); err != nil {
nilAndPanic(initiator, responder, err)
}
// Flush the encrypted message w/ initiator machine.
if _, err := initiator.Flush(&b); err != nil {
nilAndPanic(initiator, responder, err)
}
// Decrypt the ciphertext using ReadMessage w/ responder machine.
plaintext, err := responder.ReadMessage(&b)
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Check that the decrypted message and the original message are equal.
if !bytes.Equal(data, plaintext) {
nilAndPanic(initiator, responder, nil)
}
return 1
}

@ -0,0 +1,48 @@
// +build gofuzz
package brontidefuzz
import (
"bytes"
"math"
)
// Fuzz_random_resp_enc_dec is a go-fuzz harness that tests round-trip
// encryption and decryption between the responder and the initiator.
func Fuzz_random_resp_enc_dec(data []byte) int {
// Ensure that length of message is not greater than max allowed size.
if len(data) > math.MaxUint16 {
return 0
}
// This will return brontide machines with random keys.
initiator, responder := getBrontideMachines()
// Complete the brontide handshake.
completeHandshake(initiator, responder)
var b bytes.Buffer
// Encrypt the message using WriteMessage w/ responder machine.
if err := responder.WriteMessage(data); err != nil {
nilAndPanic(initiator, responder, err)
}
// Flush the encrypted message w/ responder machine.
if _, err := responder.Flush(&b); err != nil {
nilAndPanic(initiator, responder, err)
}
// Decrypt the ciphertext using ReadMessage w/ initiator machine.
plaintext, err := initiator.ReadMessage(&b)
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Check that the decrypted message and the original message are equal.
if !bytes.Equal(data, plaintext) {
nilAndPanic(initiator, responder, nil)
}
return 1
}

@ -0,0 +1,49 @@
// +build gofuzz
package brontidefuzz
import (
"bytes"
"math"
)
// Fuzz_static_init_enc_dec is a go-fuzz harness that tests round-trip
// encryption and decryption
// between the initiator and the responder.
func Fuzz_static_init_enc_dec(data []byte) int {
// Ensure that length of message is not greater than max allowed size.
if len(data) > math.MaxUint16 {
return 0
}
// This will return brontide machines with static keys.
initiator, responder := getStaticBrontideMachines()
// Complete the brontide handshake.
completeHandshake(initiator, responder)
var b bytes.Buffer
// Encrypt the message using WriteMessage w/ initiator machine.
if err := initiator.WriteMessage(data); err != nil {
nilAndPanic(initiator, responder, err)
}
// Flush the encrypted message w/ initiator machine.
if _, err := initiator.Flush(&b); err != nil {
nilAndPanic(initiator, responder, err)
}
// Decrypt the ciphertext using ReadMessage w/ responder machine.
plaintext, err := responder.ReadMessage(&b)
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Check that the decrypted message and the original message are equal.
if !bytes.Equal(data, plaintext) {
nilAndPanic(initiator, responder, nil)
}
return 1
}

@ -0,0 +1,48 @@
// +build gofuzz
package brontidefuzz
import (
"bytes"
"math"
)
// Fuzz_static_resp_enc_dec is a go-fuzz harness that tests round-trip
// encryption and decryption between the responder and the initiator.
func Fuzz_static_resp_enc_dec(data []byte) int {
// Ensure that length of message is not greater than max allowed size.
if len(data) > math.MaxUint16 {
return 0
}
// This will return brontide machines with static keys.
initiator, responder := getStaticBrontideMachines()
// Complete the brontide handshake.
completeHandshake(initiator, responder)
var b bytes.Buffer
// Encrypt the message using WriteMessage w/ responder machine.
if err := responder.WriteMessage(data); err != nil {
nilAndPanic(initiator, responder, err)
}
// Flush the encrypted message w/ responder machine.
if _, err := responder.Flush(&b); err != nil {
nilAndPanic(initiator, responder, err)
}
// Decrypt the ciphertext using ReadMessage w/ initiator machine.
plaintext, err := initiator.ReadMessage(&b)
if err != nil {
nilAndPanic(initiator, responder, err)
}
// Check that the decrypted message and the original message are equal.
if !bytes.Equal(data, plaintext) {
nilAndPanic(initiator, responder, nil)
}
return 1
}