Add fuzz testing using american fuzzy lop

Existing tests: block, transaction, signature, cold outputs,
cold transaction.

Data for these is in tests/data/fuzz.

A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:

contrib/fuzz_testing/fuzz.sh signature

The fuzzer will run indefinitely, ^C to stop.

Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
This commit is contained in:
moneromooo-monero 2017-06-24 12:38:41 +01:00
parent ae8841f2ab
commit 841231e5bd
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
20 changed files with 710 additions and 0 deletions

View file

@ -108,6 +108,10 @@ release-static-win32:
mkdir -p build/release mkdir -p build/release
cd build/release && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="i686" -D BUILD_64=OFF -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG="win-x32" -D CMAKE_TOOLCHAIN_FILE=../../cmake/32-bit-toolchain.cmake -D MSYS2_FOLDER=c:/msys32 ../.. && $(MAKE) cd build/release && cmake -G "MSYS Makefiles" -D STATIC=ON -D ARCH="i686" -D BUILD_64=OFF -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG="win-x32" -D CMAKE_TOOLCHAIN_FILE=../../cmake/32-bit-toolchain.cmake -D MSYS2_FOLDER=c:/msys32 ../.. && $(MAKE)
fuzz:
mkdir -p build/fuzz
cd build/fuzz && cmake -D BUILD_TESTS=ON -D USE_LTO=OFF -D CMAKE_C_COMPILER=afl-gcc -D CMAKE_CXX_COMPILER=afl-g++ -D ARCH="x86-64" -D CMAKE_BUILD_TYPE=fuzz -D BUILD_TAG="linux-x64" ../.. && $(MAKE)
clean: clean:
@echo "WARNING: Back-up your wallet if it exists within ./build!" ; \ @echo "WARNING: Back-up your wallet if it exists within ./build!" ; \
read -r -p "This will destroy the build directory, continue (y/N)?: " CONTINUE; \ read -r -p "This will destroy the build directory, continue (y/N)?: " CONTINUE; \

21
contrib/fuzz_testing/fuzz.sh Executable file
View file

@ -0,0 +1,21 @@
#!/bin/sh
AFLFUZZ=$(which afl-fuzz)
if ! test -x "$AFLFUZZ"
then
echo "afl-fuzz not found - install american-fuzzy-lop"
exit 1
fi
type="$1"
if test -z "$type"
then
echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"
exit 1
fi
case "$type" in
block|transaction|signature|cold-outputs|cold-transaction) ;;
*) echo "usage: $0 block|transaction|signature|cold-outputs|cold-transaction"; exit 1 ;;
esac
afl-fuzz -i tests/data/fuzz/$type -m 150 -t 250 -o fuzz-out/$type build/fuzz/tests/fuzz/${type}_fuzz_tests

View file

@ -77,6 +77,7 @@ file(COPY
DESTINATION data) DESTINATION data)
add_subdirectory(core_tests) add_subdirectory(core_tests)
add_subdirectory(fuzz)
add_subdirectory(crypto) add_subdirectory(crypto)
add_subdirectory(functional_tests) add_subdirectory(functional_tests)
add_subdirectory(performance_tests) add_subdirectory(performance_tests)
@ -114,6 +115,7 @@ set(enabled_tests
hash hash
performance_tests performance_tests
core_proxy core_proxy
fuzz
unit_tests) unit_tests)
add_custom_target(tests DEPENDS enabled_tests) add_custom_target(tests DEPENDS enabled_tests)

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

View file

@ -0,0 +1 @@
SigV1WbMcLkLKXz3Su9iFUp9aYF5vSfpVetcytVWAgqhn3KNe1kidn7M2KfTRpuK8G1ba1w2u5mbyoWbkLPy2Gm97BM4W

Binary file not shown.

Binary file not shown.

91
tests/fuzz/CMakeLists.txt Normal file
View file

@ -0,0 +1,91 @@
# Copyright (c) 2014-2017, The Monero Project
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are
# permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this list of
# conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice, this list
# of conditions and the following disclaimer in the documentation and/or other
# materials provided with the distribution.
#
# 3. Neither the name of the copyright holder nor the names of its contributors may be
# used to endorse or promote products derived from this software without specific
# prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
add_executable(block_fuzz_tests block.cpp fuzzer.cpp)
target_link_libraries(block_fuzz_tests
PRIVATE
cryptonote_core
p2p
epee
${CMAKE_THREAD_LIBS_INIT}
${EXTRA_LIBRARIES})
set_property(TARGET block_fuzz_tests
PROPERTY
FOLDER "tests")
add_executable(transaction_fuzz_tests transaction.cpp fuzzer.cpp)
target_link_libraries(transaction_fuzz_tests
PRIVATE
cryptonote_core
p2p
epee
${CMAKE_THREAD_LIBS_INIT}
${EXTRA_LIBRARIES})
set_property(TARGET transaction_fuzz_tests
PROPERTY
FOLDER "tests")
add_executable(signature_fuzz_tests signature.cpp fuzzer.cpp)
target_link_libraries(signature_fuzz_tests
PRIVATE
wallet
cryptonote_core
p2p
epee
${CMAKE_THREAD_LIBS_INIT}
${EXTRA_LIBRARIES})
set_property(TARGET signature_fuzz_tests
PROPERTY
FOLDER "tests")
add_executable(cold-outputs_fuzz_tests cold-outputs.cpp fuzzer.cpp)
target_link_libraries(cold-outputs_fuzz_tests
PRIVATE
wallet
cryptonote_core
p2p
epee
${CMAKE_THREAD_LIBS_INIT}
${EXTRA_LIBRARIES})
set_property(TARGET cold-outputs_fuzz_tests
PROPERTY
FOLDER "tests")
add_executable(cold-transaction_fuzz_tests cold-transaction.cpp fuzzer.cpp)
target_link_libraries(cold-transaction_fuzz_tests
PRIVATE
wallet
cryptonote_core
p2p
epee
${CMAKE_THREAD_LIBS_INIT}
${EXTRA_LIBRARIES})
set_property(TARGET cold-transaction_fuzz_tests
PROPERTY
FOLDER "tests")

67
tests/fuzz/block.cpp Normal file
View file

@ -0,0 +1,67 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "include_base_utils.h"
#include "common/command_line.h"
#include "file_io_utils.h"
#include "cryptonote_protocol/blobdatatype.h"
#include "cryptonote_basic/cryptonote_basic.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "fuzzer.h"
class BlockFuzzer: public Fuzzer
{
public:
virtual int run(const std::string &filename);
private:
};
int BlockFuzzer::run(const std::string &filename)
{
std::string s;
if (!epee::file_io_utils::load_file_to_string(filename, s))
{
std::cout << "Error: failed to load file " << filename << std::endl;
return 1;
}
cryptonote::block b = AUTO_VAL_INIT(b);
if(!parse_and_validate_block_from_blob(s, b))
{
std::cout << "Error: failed to parse block from file " << filename << std::endl;
return 1;
}
return 0;
}
int main(int argc, const char **argv)
{
BlockFuzzer fuzzer;
return run_fuzzer(argc, argv, fuzzer);
}

108
tests/fuzz/cold-outputs.cpp Normal file
View file

@ -0,0 +1,108 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "include_base_utils.h"
#include "file_io_utils.h"
#include "cryptonote_protocol/blobdatatype.h"
#include "cryptonote_basic/cryptonote_basic.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "wallet/wallet2.h"
#include "fuzzer.h"
class ColdOutputsFuzzer: public Fuzzer
{
public:
ColdOutputsFuzzer(): wallet(true) {}
virtual int init();
virtual int run(const std::string &filename);
private:
tools::wallet2 wallet;
};
int ColdOutputsFuzzer::init()
{
static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
crypto::secret_key spendkey;
epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
try
{
boost::filesystem::remove("/tmp/cold-outputs-test.keys");
boost::filesystem::remove("/tmp/cold-outputs-test.address.txt");
boost::filesystem::remove("/tmp/cold-outputs-test");
wallet.init("");
wallet.generate("/tmp/cold-outputs-test", "", spendkey, true, false);
boost::filesystem::remove("/tmp/cold-outputs-test.keys");
boost::filesystem::remove("/tmp/cold-outputs-test.address.txt");
boost::filesystem::remove("/tmp/cold-outputs-test");
}
catch (const std::exception &e)
{
std::cerr << "Error on ColdOutputsFuzzer::init: " << e.what() << std::endl;
return 1;
}
return 0;
}
int ColdOutputsFuzzer::run(const std::string &filename)
{
std::string s;
if (!epee::file_io_utils::load_file_to_string(filename, s))
{
std::cout << "Error: failed to load file " << filename << std::endl;
return 1;
}
s = std::string("\x01\x16serialization::archive") + s;
try
{
std::vector<tools::wallet2::transfer_details> outputs;
std::stringstream iss;
iss << s;
boost::archive::portable_binary_iarchive ar(iss);
ar >> outputs;
size_t n_outputs = wallet.import_outputs(outputs);
std::cout << boost::lexical_cast<std::string>(n_outputs) << " outputs imported" << std::endl;
}
catch (const std::exception &e)
{
std::cerr << "Failed to import outputs: " << e.what() << std::endl;
return 1;
}
return 0;
}
int main(int argc, const char **argv)
{
ColdOutputsFuzzer fuzzer;
return run_fuzzer(argc, argv, fuzzer);
}

View file

@ -0,0 +1,110 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "include_base_utils.h"
#include "common/command_line.h"
#include "file_io_utils.h"
#include "cryptonote_protocol/blobdatatype.h"
#include "cryptonote_basic/cryptonote_basic.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "wallet/wallet2.h"
#include "fuzzer.h"
class ColdTransactionFuzzer: public Fuzzer
{
public:
ColdTransactionFuzzer(): wallet(true) {}
virtual int init();
virtual int run(const std::string &filename);
private:
tools::wallet2 wallet;
};
int ColdTransactionFuzzer::init()
{
static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
crypto::secret_key spendkey;
epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
try
{
boost::filesystem::remove("/tmp/cold-transaction-test.keys");
boost::filesystem::remove("/tmp/cold-transaction-test.address.txt");
boost::filesystem::remove("/tmp/cold-transaction-test");
wallet.init("");
wallet.generate("/tmp/cold-transaction-test", "", spendkey, true, false);
boost::filesystem::remove("/tmp/cold-transaction-test.keys");
boost::filesystem::remove("/tmp/cold-transaction-test.address.txt");
boost::filesystem::remove("/tmp/cold-transaction-test");
}
catch (const std::exception &e)
{
std::cerr << "Error on ColdTransactionFuzzer::init: " << e.what() << std::endl;
return 1;
}
return 0;
}
int ColdTransactionFuzzer::run(const std::string &filename)
{
std::string s;
if (!epee::file_io_utils::load_file_to_string(filename, s))
{
std::cout << "Error: failed to load file " << filename << std::endl;
return 1;
}
s = std::string("\x01\x16serialization::archive") + s;
try
{
tools::wallet2::unsigned_tx_set exported_txs;
std::stringstream iss;
iss << s;
boost::archive::portable_binary_iarchive ar(iss);
ar >> exported_txs;
std::vector<tools::wallet2::pending_tx> ptx;
bool success = wallet.sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx);
std::cout << (success ? "signed" : "error") << std::endl;
}
catch (const std::exception &e)
{
std::cerr << "Failed to sign transaction: " << e.what() << std::endl;
return 1;
}
return 0;
}
int main(int argc, const char **argv)
{
ColdTransactionFuzzer fuzzer;
return run_fuzzer(argc, argv, fuzzer);
}

96
tests/fuzz/fuzzer.cpp Normal file
View file

@ -0,0 +1,96 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <boost/program_options.hpp>
#include "include_base_utils.h"
#include "common/command_line.h"
#include "fuzzer.h"
#if (!defined(__clang__) || (__clang__ < 5))
static int __AFL_LOOP(int)
{
static int once = 0;
if (once)
return 0;
once = 1;
return 1;
}
#endif
using namespace epee;
using namespace boost::program_options;
int run_fuzzer(int argc, const char **argv, Fuzzer &fuzzer)
{
TRY_ENTRY();
string_tools::set_module_name_and_folder(argv[0]);
//set up logging options
mlog_configure(mlog_get_default_log_path("fuzztests.log"), true);
mlog_set_log("*:FATAL,logging:none");
options_description desc_options("Allowed options");
command_line::add_arg(desc_options, command_line::arg_help);
variables_map vm;
bool r = command_line::handle_error_helper(desc_options, [&]()
{
store(parse_command_line(argc, argv, desc_options), vm);
notify(vm);
return true;
});
if (!r)
return 1;
if (command_line::get_arg(vm, command_line::arg_help))
{
std::cout << desc_options << std::endl;
return 0;
}
if (argc < 2)
{
std::cout << desc_options << std::endl;
return 1;
}
int ret = fuzzer.init();
if (ret)
return ret;
const std::string filename = argv[1];
while (__AFL_LOOP(1000))
{
ret = fuzzer.run(filename);
if (ret)
return ret;
}
CATCH_ENTRY_L0("fuzzer_main", 1);
return 0;
}

38
tests/fuzz/fuzzer.h Normal file
View file

@ -0,0 +1,38 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <string>
class Fuzzer
{
public:
virtual int init() { return 0; }
virtual int run(const std::string &filename) = 0;
};
int run_fuzzer(int argc, const char **argv, Fuzzer &fuzzer);

105
tests/fuzz/signature.cpp Normal file
View file

@ -0,0 +1,105 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "include_base_utils.h"
#include "common/command_line.h"
#include "file_io_utils.h"
#include "cryptonote_protocol/blobdatatype.h"
#include "cryptonote_basic/cryptonote_basic.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "wallet/wallet2.h"
#include "fuzzer.h"
class SignatureFuzzer: public Fuzzer
{
public:
SignatureFuzzer(): Fuzzer(), wallet(true) {}
virtual int init();
virtual int run(const std::string &filename);
private:
tools::wallet2 wallet;
cryptonote::account_public_address address;
};
int SignatureFuzzer::init()
{
static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
crypto::secret_key spendkey;
epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
try
{
boost::filesystem::remove("/tmp/signature-test.keys");
boost::filesystem::remove("/tmp/signature-test.address.txt");
boost::filesystem::remove("/tmp/signature-test");
wallet.init("");
wallet.generate("/tmp/signature-test", "", spendkey, true, false);
boost::filesystem::remove("/tmp/signature-test.keys");
boost::filesystem::remove("/tmp/signature-test.address.txt");
boost::filesystem::remove("/tmp/signature-test");
bool has_payment_id;
crypto::hash8 new_payment_id;
if (!cryptonote::get_account_address_from_str_or_url(address, has_payment_id, new_payment_id, true, "9uVsvEryzpN8WH2t1WWhFFCG5tS8cBNdmJYNRuckLENFimfauV5pZKeS1P2CbxGkSDTUPHXWwiYE5ZGSXDAGbaZgDxobqDN"))
{
std::cerr << "failed to parse address" << std::endl;
return 1;
}
}
catch (const std::exception &e)
{
std::cerr << "Error on SignatureFuzzer::init: " << e.what() << std::endl;
return 1;
}
return 0;
}
int SignatureFuzzer::run(const std::string &filename)
{
std::string s;
if (!epee::file_io_utils::load_file_to_string(filename, s))
{
std::cout << "Error: failed to load file " << filename << std::endl;
return 1;
}
bool valid = wallet.verify("test", address, s);
std::cout << "Signature " << (valid ? "valid" : "invalid") << std::endl;
return 0;
}
int main(int argc, const char **argv)
{
SignatureFuzzer fuzzer;
return run_fuzzer(argc, argv, fuzzer);
}

View file

@ -0,0 +1,67 @@
// Copyright (c) 2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "include_base_utils.h"
#include "common/command_line.h"
#include "file_io_utils.h"
#include "cryptonote_protocol/blobdatatype.h"
#include "cryptonote_basic/cryptonote_basic.h"
#include "cryptonote_basic/cryptonote_format_utils.h"
#include "fuzzer.h"
class TransactionFuzzer: public Fuzzer
{
public:
virtual int run(const std::string &filename);
private:
};
int TransactionFuzzer::run(const std::string &filename)
{
std::string s;
if (!epee::file_io_utils::load_file_to_string(filename, s))
{
std::cout << "Error: failed to load file " << filename << std::endl;
return 1;
}
cryptonote::transaction tx = AUTO_VAL_INIT(tx);
if(!parse_and_validate_tx_from_blob(s, tx))
{
std::cout << "Error: failed to parse transaction from file " << filename << std::endl;
return 1;
}
return 0;
}
int main(int argc, const char **argv)
{
TransactionFuzzer fuzzer;
return run_fuzzer(argc, argv, fuzzer);
}