Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/projects/bitcoin-core/build_cryptofuzz.sh

130 lines
4.9 KiB
Bash
Raw Normal View History

[bitcoin-core] Add differential cryptography fuzzer (#5717) * [bitcoin-core] Support AFL builds * [bitcoin-core] Add differential cryptography fuzzer * [bitcoin-core] Update secp256k1 build procedure * [bitcoin-core] Build libsecp256k1 without schnorrsig support * [bitcoin-core] Cryptofuzz: Build 3 versions of libsecp256k1
2021-05-19 04:12:50 +00:00
#!/bin/bash -eu
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL"
export LIBFUZZER_LINK="$LIB_FUZZING_ENGINE"
# Install Boost headers
cd $SRC/
tar jxf boost_1_74_0.tar.bz2
cd boost_1_74_0/
CFLAGS="" CXXFLAGS="" ./bootstrap.sh
CFLAGS="" CXXFLAGS="" ./b2 headers
export CXXFLAGS="$CXXFLAGS -I $SRC/boost_1_74_0/"
# Preconfigure libsecp256k1
cd $SRC/secp256k1/
autoreconf -ivf
export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_SECP256K1"
function build_libsecp256k1() {
# Build libsecp256k1
cd $SRC/secp256k1/
if test -f "Makefile"; then
# Remove old configuration if it exists
make clean
fi
if [[ $CFLAGS = *sanitize=memory* ]]
then
./configure --enable-static --disable-tests --disable-benchmark --disable-exhaustive-tests --enable-module-recovery --enable-experimental --with-asm=no "$@"
else
./configure --enable-static --disable-tests --disable-benchmark --disable-exhaustive-tests --enable-module-recovery --enable-experimental "$@"
fi
make
export SECP256K1_INCLUDE_PATH=$(realpath include)
export LIBSECP256K1_A_PATH=$(realpath .libs/libsecp256k1.a)
# Build libsecp256k1 Cryptofuzz module
cd $SRC/cryptofuzz/modules/secp256k1/
make -B -j$(nproc)
}
# Build Trezor firmware
cd $SRC/trezor-firmware/crypto/
# Rename blake2b_* functions to avoid symbol collisions with other libraries
sed -i "s/\<blake2b_\([A-Za-z_]\)/trezor_blake2b_\1/g" *.c *.h
sed -i 's/\<blake2b(/trezor_blake2b(/g' *.c *.h
cd ../../
export TREZOR_FIRMWARE_PATH=$(realpath trezor-firmware)
export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_TREZOR_FIRMWARE"
# Build Botan
cd $SRC/botan
if [[ $CFLAGS != *-m32* ]]
then
./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
else
./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
fi
make -j$(nproc)
export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN -DCRYPTOFUZZ_BOTAN_IS_ORACLE"
export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a"
export BOTAN_INCLUDE_PATH="$SRC/botan/build/include"
# Build Cryptofuzz
cd $SRC/cryptofuzz
python gen_repository.py
rm extra_options.h
echo -n '"' >>extra_options.h
echo -n '--operations=Digest,HMAC,KDF_HKDF,SymmetricEncrypt,SymmetricDecrypt,ECC_PrivateToPublic,ECC_ValidatePubkey,ECDSA_Sign,ECDSA_Verify,ECDSA_Recover,BignumCalc_Mod_2Exp256 ' >>extra_options.h
echo -n '--curves=secp256k1 ' >>extra_options.h
echo -n '--digests=NULL,SHA1,SHA256,SHA512,RIPEMD160,SHA3-256,SIPHASH64 ' >>extra_options.h
echo -n '--ciphers=CHACHA20,AES_256_CBC ' >>extra_options.h
echo -n '--calcops=Add,And,Div,IsEq,IsGt,IsGte,IsLt,IsLte,IsOdd,Mul,NumBits,Or,Set,Sub,Xor ' >>extra_options.h
echo -n '"' >>extra_options.h
cd modules/bitcoin/
make -B -j$(nproc)
cd ../trezor/
make -B -j$(nproc)
cd ../botan/
make -B -j$(nproc)
cd ../../
# Build with 3 configurations of libsecp256k1
# Discussion: https://github.com/google/oss-fuzz/pull/5717#issuecomment-842765383
build_libsecp256k1 "--with-ecmult-window=2" "--with-ecmult-gen-precision=2"
cd $SRC/cryptofuzz/
make -B -j$(nproc)
cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w2-p2
build_libsecp256k1 "--with-ecmult-window=15" "--with-ecmult-gen-precision=4"
cd $SRC/cryptofuzz/
rm cryptofuzz
make
cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w15-p4
build_libsecp256k1 "--with-ecmult-window=24" "--with-ecmult-gen-precision=8"
cd $SRC/cryptofuzz/
rm cryptofuzz
make
cp cryptofuzz $OUT/cryptofuzz-bitcoin-cryptography-w24-p8
# Convert Wycheproof test vectors to Cryptofuzz corpus format
mkdir $SRC/corpus-cryptofuzz-wycheproof/
find $SRC/wycheproof/testvectors/ -type f -name 'ecdsa_secp256k1_*' -exec $SRC/cryptofuzz/cryptofuzz --from-wycheproof={},$SRC/corpus-cryptofuzz-wycheproof/ \;
[bitcoin-core] Cryptofuzz build fixes (#5827) * [bitcoin-core] Cryptofuzz build fixes * [bitcoin-core] Make build_cryptofuzz.sh executable
2021-05-26 09:33:12 +00:00
# Pack the Wycheproof test vectors
zip -j cryptofuzz-bitcoin-cryptography_seed_corpus.zip $SRC/corpus-cryptofuzz-wycheproof/*
# Use them as the seed corpus for each of the fuzzers
cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w2-p2_seed_corpus.zip
cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w15-p4_seed_corpus.zip
cp cryptofuzz-bitcoin-cryptography_seed_corpus.zip $OUT/cryptofuzz-bitcoin-cryptography-w24-p8_seed_corpus.zip