From 948a1128b4804f80b77251db2f1e3a1c1298f8bf Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Tue, 30 Nov 2021 04:35:32 +0100 Subject: [PATCH] [rustcrypto] Initial integration (#6908) --- projects/rustcrypto/Dockerfile | 27 ++++++++++ projects/rustcrypto/build.sh | 87 ++++++++++++++++++++++++++++++++ projects/rustcrypto/project.yaml | 12 +++++ 3 files changed, 126 insertions(+) create mode 100644 projects/rustcrypto/Dockerfile create mode 100755 projects/rustcrypto/build.sh create mode 100644 projects/rustcrypto/project.yaml diff --git a/projects/rustcrypto/Dockerfile b/projects/rustcrypto/Dockerfile new file mode 100644 index 000000000..2695918a0 --- /dev/null +++ b/projects/rustcrypto/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y make autoconf automake libtool wget python +RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz +RUN git clone --depth 1 https://github.com/randombit/botan.git +RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.74.0/source/boost_1_74_0.tar.bz2 +RUN wget https://storage.googleapis.com/pub/gsutil.tar.gz -O $SRC/gsutil.tar.gz +RUN tar zxf $SRC/gsutil.tar.gz +ENV PATH="${PATH}:$SRC/gsutil" +# Retrieve corpus from the OSS-Fuzz 'cryptofuzz' project +RUN gsutil cp gs://cryptofuzz-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/cryptofuzz_cryptofuzz-openssl/public.zip $SRC/corpus_cryptofuzz.zip +COPY build.sh $SRC/ diff --git a/projects/rustcrypto/build.sh b/projects/rustcrypto/build.sh new file mode 100755 index 000000000..efeeaf657 --- /dev/null +++ b/projects/rustcrypto/build.sh @@ -0,0 +1,87 @@ +#!/bin/bash -eu +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_RUSTCRYPTO -DCRYPTOFUZZ_NO_OPENSSL" +export LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" + +rm -f /usr/local/bin/cargo + +curl https://sh.rustup.rs -sSf | sh -s -- -y +source $HOME/.cargo/env + +# Install Boost headers +cd $SRC/ +tar jxf boost_1_74_0.tar.bz2 +cd boost_1_74_0/ +CFLAGS="" CXXFLAGS="" ./bootstrap.sh +CFLAGS="" CXXFLAGS="" ./b2 headers +cp -R boost/ /usr/include/ + +cd $SRC/cryptofuzz/ +python gen_repository.py + +rm extra_options.h +echo -n '"' >>extra_options.h +echo -n '--force-module=RustCrypto ' >>extra_options.h +echo -n '--operations=' >>extra_options.h +echo -n 'Digest,' >>extra_options.h +echo -n 'HMAC,' >>extra_options.h +echo -n 'CMAC,' >>extra_options.h +echo -n 'SymmetricEncrypt,' >>extra_options.h +echo -n 'SymmetricDecrypt,' >>extra_options.h +echo -n 'KDF_HKDF,' >>extra_options.h +echo -n 'KDF_ARGON2,' >>extra_options.h +echo -n 'KDF_BCRYPT,' >>extra_options.h +echo -n 'KDF_PBKDF2,' >>extra_options.h +echo -n 'KDF_SCRYPT,' >>extra_options.h +echo -n 'BignumCalc_Mod_2Exp256' >>extra_options.h +echo -n '"' >>extra_options.h + +cd $SRC/botan +if [[ $CFLAGS != *-m32* ]] +then + ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator,x509,tls --build-targets=static --without-documentation +else + ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator,x509,tls --build-targets=static --without-documentation +fi +make -j$(nproc) +export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN -DCRYPTOFUZZ_BOTAN_IS_ORACLE" +export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" +export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" + +cd $SRC/cryptofuzz/modules/botan/ +make -j$(nproc) -f Makefile-oracle + +cd $SRC/cryptofuzz/modules/rustcrypto/ +if [[ $CFLAGS != *-m32* ]] +then + make +else + rustup target add i686-unknown-linux-gnu + make -f Makefile.i386 +fi + +cd $SRC/cryptofuzz/ +make -j$(nproc) + +cp $SRC/cryptofuzz/cryptofuzz $OUT/ + +# Create seed corpus +unzip -n $SRC/corpus_cryptofuzz.zip -d $SRC/cryptofuzz_seed_corpus/ +cd $SRC/cryptofuzz_seed_corpus +zip -r $SRC/cryptofuzz_seed_corpus.zip . +cp $SRC/cryptofuzz_seed_corpus.zip $OUT/ diff --git a/projects/rustcrypto/project.yaml b/projects/rustcrypto/project.yaml new file mode 100644 index 000000000..31bbf9cad --- /dev/null +++ b/projects/rustcrypto/project.yaml @@ -0,0 +1,12 @@ +homepage: "https://github.com/RustCrypto" +language: c++ +primary_contact: "guidovranken@gmail.com" +main_repo: "https://github.com/RustCrypto/hashes.git" +auto_ccs: + - "newpavlov@gmail.com" + - "bascule@gmail.com" +sanitizers: + - address +architectures: + - x86_64 + - i386