gecko-dev/security/nss/fuzz/mpi_invmod_target.cc

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * This target fuzzes NSS mpi against openssl bignum.
 * It therefore requires openssl to be installed.
 */

#include "mpi_helper.h"
#include "mpprime.h"

#include <algorithm>

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  // We require at least size 4 to get everything we need from data.
  if (size < 4) {
    return 0;
  }

  INIT_THREE_NUMBERS

  // Make a prime of length size.
  int count = 0;
  mp_err res = MP_NO;
  // mpp_make_prime is so slow :( use something smaller than size.
  int primeLen = std::max(static_cast<int>(size / 4), 3);
  uint8_t bp[primeLen];
  memcpy(bp, data, primeLen);
  do {
    bp[0] |= 0x80;            /* set high-order bit */
    bp[primeLen - 1] |= 0x01; /* set low-order bit  */
    ++count;
    assert(mp_read_unsigned_octets(&b, bp, primeLen) == MP_OKAY);
  } while ((res = mpp_make_prime(&b, primeLen * 8, PR_FALSE)) != MP_YES &&
           count < 10);
  if (res != MP_YES) {
    return 0;
  }

  // Use the same prime in OpenSSL B
  char tmp[max_size];
  mp_toradix(&b, tmp, 16);
  int tmpLen;
  assert((tmpLen = BN_hex2bn(&B, tmp)) != 0);

  // Compare with OpenSSL invmod
  res = mp_invmod(&a, &b, &c);
  BIGNUM *X = BN_mod_inverse(C, A, B, ctx);
  if (res != MP_OKAY) {
    // In case we couldn't compute the inverse, OpenSSL shouldn't be able to
    // either.
    assert(X == nullptr);
  } else {
    check_equal(C, &c, max_size);

    // Check a * c mod b == 1
    assert(mp_mulmod(&a, &c, &b, &c) == MP_OKAY);
    bool eq = mp_cmp_d(&c, 1) == 0;
    if (!eq) {
      char cC[max_size];
      mp_tohex(&c, cC);
      std::cout << "c = " << std::hex << cC << std::endl;
    }
    assert(eq);
  }

  CLEANUP_AND_RETURN_THREE
}