File: fast_pair_encryption_fuzzer.cc

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (141 lines) | stat: -rw-r--r-- 5,398 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "ash/quick_pair/fast_pair_handshake/fast_pair_encryption.h"

#include <fuzzer/FuzzedDataProvider.h>
#include <stddef.h>
#include <stdint.h>
#include <array>

#include "ash/quick_pair/common/logging.h"
#include "ash/quick_pair/fast_pair_handshake/fast_pair_key_pair.h"
#include "base/check.h"
#include "base/no_destructor.h"
#include "chromeos/ash/services/quick_pair/fast_pair_decryption.h"
#include "third_party/boringssl/src/include/openssl/base.h"
#include "third_party/boringssl/src/include/openssl/bn.h"
#include "third_party/boringssl/src/include/openssl/ec.h"
#include "third_party/boringssl/src/include/openssl/nid.h"

namespace {

constexpr size_t kXSize = 32;
constexpr size_t kYSize = 1;
constexpr size_t kKeySize = /*type byte=*/1 + /*x coord=*/32 + /*y coord=*/32;

struct Environment {
  Environment() {
    // Disable noisy logging for fuzzing.
    logging::SetMinLogLevel(logging::LOGGING_FATAL);
  }

  ash::quick_pair::ScopedDisableLoggingForTesting disable_logging_;
};

}  // namespace

namespace ash {
namespace quick_pair {
namespace fast_pair_encryption {

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // Enforce a minimum input size so that we can pass in valid parameters
  // to EncryptBytes(), GenerateKeysWithEcdhKeyAgreement(),
  // GenerateHmacSha256(), and EncryptAdditionalData().
  size_t min_size = 2 * ash::quick_pair::fast_pair_decryption::kBlockByteSize +
                    kNonceSizeBytes + kSecretKeySizeBytes;
  if (size < min_size) {
    return 0;
  }

  // Generate data needed for testing.
  static base::NoDestructor<Environment> env;
  FuzzedDataProvider fuzzed_data(data, size);

  std::vector<uint8_t> aes_key_bytes = fuzzed_data.ConsumeBytes<uint8_t>(
      ash::quick_pair::fast_pair_decryption::kBlockByteSize);
  std::array<uint8_t, ash::quick_pair::fast_pair_decryption::kBlockByteSize>
      aes_key_arr{*aes_key_bytes.data()};

  std::vector<uint8_t> data_bytes = fuzzed_data.ConsumeBytes<uint8_t>(
      ash::quick_pair::fast_pair_decryption::kBlockByteSize);
  std::array<uint8_t, ash::quick_pair::fast_pair_decryption::kBlockByteSize>
      data_arr{*data_bytes.data()};

  std::vector<uint8_t> secret_key_bytes =
      fuzzed_data.ConsumeBytes<uint8_t>(kSecretKeySizeBytes);
  std::array<uint8_t, kSecretKeySizeBytes> secret_key_arr{
      *secret_key_bytes.data()};

  std::vector<uint8_t> nonce_bytes =
      fuzzed_data.ConsumeBytes<uint8_t>(kNonceSizeBytes);
  std::array<uint8_t, kNonceSizeBytes> nonce_arr{*nonce_bytes.data()};

  std::string input_data_string = fuzzed_data.ConsumeRandomLengthString();
  std::vector<uint8_t> input_data{input_data_string.begin(),
                                  input_data_string.end()};

  // Test FastPairEncryption functions with generated data.
  EncryptBytes(aes_key_arr, data_arr);
  GenerateHmacSha256(secret_key_arr, nonce_arr, input_data);
  EncryptAdditionalData(secret_key_arr, nonce_arr, input_data);

  // In order to fuzz a valid EC_POINT, the fuzz needs to have at least
  // kXSize + kYSize bytes remaining. For simplicity, exit early if there
  // are not exactly as many bytes as required.
  if (fuzzed_data.remaining_bytes() < kXSize + kYSize) {
    std::string invalid_len_string = fuzzed_data.ConsumeRandomLengthString();

    GenerateKeysWithEcdhKeyAgreement(invalid_len_string);

    return 0;
  }

  // Generates a random point on the curve defined by EC_GROUP.
  bssl::UniquePtr<EC_GROUP> ec_group(
      EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
  bssl::UniquePtr<EC_POINT> point(EC_POINT_new(ec_group.get()));

  // Set x value and y bit according to fuzz.
  auto x_value_arr = fuzzed_data.ConsumeBytes<uint8_t>(kXSize);
  DCHECK(x_value_arr.size() == kXSize);
  bssl::UniquePtr<BIGNUM> x(BN_new());
  DCHECK(BN_le2bn(&x_value_arr[0], kXSize, x.get()));

  auto y_value_arr = fuzzed_data.ConsumeBytes<uint8_t>(kYSize);
  DCHECK(y_value_arr.size() == kYSize);
  int y_bit = y_value_arr[0] & 1;

  // Set EC_POINT according to the compressed coordinates x and y_bit. This
  // effectively uses fuzz to generate a point on the EC without us having to
  // explicitly compute the solution y for x on the EC. Fails 50% of the time
  // when generated x value has no solution on the EC.
  if (!EC_POINT_set_compressed_coordinates_GFp(ec_group.get(), point.get(),
                                               x.get(), y_bit, /*ctx=*/nullptr))
    return 0;

  // Convert compressed EC_POINT into the uncompressed string expected by the
  // function.
  std::array<uint8_t, kKeySize> buffer;
  DCHECK(EC_POINT_point2oct(ec_group.get(), point.get(),
                            POINT_CONVERSION_UNCOMPRESSED, buffer.data(),
                            kKeySize, /*ctx=*/nullptr));
  // Function expects a string which is missing the first type byte.
  std::string anti_spoofing_key(buffer.data() + 1, buffer.data() + kKeySize);
  DCHECK(anti_spoofing_key.length() == kKeySize - 1);

  GenerateKeysWithEcdhKeyAgreement(anti_spoofing_key);

  return 0;
}

}  // namespace fast_pair_encryption
}  // namespace quick_pair
}  // namespace ash