From a21e7d975efdf1bc7e1ae2b77b60fc6ddab8260b Mon Sep 17 00:00:00 2001
From: Guido Vranken <guidovranken@users.noreply.github.com>
Date: Mon, 16 Nov 2020 18:04:04 +0100
Subject: [PATCH] [bearssl] Add project (#4645)

* [bearssl] Add project

* [bearssl] Specify compile-time Cryptofuzz options
---
 projects/bearssl/Dockerfile   | 24 ++++++++++
 projects/bearssl/build.sh     | 84 +++++++++++++++++++++++++++++++++++
 projects/bearssl/project.yaml | 12 +++++
 3 files changed, 120 insertions(+)
 create mode 100644 projects/bearssl/Dockerfile
 create mode 100755 projects/bearssl/build.sh
 create mode 100644 projects/bearssl/project.yaml

diff --git a/projects/bearssl/Dockerfile b/projects/bearssl/Dockerfile
new file mode 100644
index 000000000..2a5d3e76a
--- /dev/null
+++ b/projects/bearssl/Dockerfile
@@ -0,0 +1,24 @@
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool wget python
+RUN git clone --depth 1 https://www.bearssl.org/git/BearSSL
+RUN git clone --depth 1 https://github.com/randombit/botan.git
+RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz
+RUN git clone --depth 1 https://github.com/guidovranken/cryptofuzz-corpora
+RUN wget https://dl.bintray.com/boostorg/release/1.74.0/source/boost_1_74_0.tar.bz2
+COPY build.sh $SRC/
diff --git a/projects/bearssl/build.sh b/projects/bearssl/build.sh
new file mode 100755
index 000000000..db97318ec
--- /dev/null
+++ b/projects/bearssl/build.sh
@@ -0,0 +1,84 @@
+#!/bin/bash -eu
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Not using OpenSSL
+    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL"
+
+# Install Boost headers
+    cd $SRC/
+    tar jxf boost_1_74_0.tar.bz2
+    cd boost_1_74_0/
+    CFLAGS="" CXXFLAGS="" ./bootstrap.sh
+    CFLAGS="" CXXFLAGS="" ./b2 headers
+    cp -R boost/ /usr/include/
+
+# Generate lookup tables. This only needs to be done once.
+    cd $SRC/cryptofuzz
+    python gen_repository.py
+
+# Only test primitives which BearSSL supports
+    rm extra_options.h
+    echo -n '"' >>extra_options.h
+    echo -n '--force-module=BearSSL ' >>extra_options.h
+    echo -n '--digests=MD5,SHA1,SHA224,SHA256,SHA384,SHA512,MD5_SHA1,SHAKE128,SHAKE256 ' >>extra_options.h
+    echo -n '--ciphers=AES_128_GCM,AES_192_GCM,AES_256_GCM,AES_128_CCM,AES_192_CCM,AES_256_CCM,CHACHA20,CHACHA20_POLY1305 ' >>extra_options.h
+    echo -n '--operations=Digest,HMAC,SymmetricEncrypt,SymmetricDecrypt,KDF_HKDF,KDF_TLS1_PRF,ECC_GenerateKeyPair,ECC_PrivateToPublic,ECDSA_Verify,ECDSA_Sign' >>extra_options.h
+    echo -n '"' >>extra_options.h
+
+# Compile BearSSL
+    cd $SRC/BearSSL/
+    sed -i '/^CC = /d' conf/Unix.mk
+    sed -i '/^CFLAGS = /d' conf/Unix.mk
+    make -j$(nproc) lib
+
+    export BEARSSL_INCLUDE_PATH=$(realpath inc/)
+    export LIBBEARSSL_A_PATH=$(realpath ./build/libbearssl.a)
+    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BEARSSL"
+
+    # Compile Cryptofuzz BearSSL module
+    cd $SRC/cryptofuzz/modules/bearssl
+    make -B
+
+# Compile Botan
+    cd $SRC/botan
+    if [[ $CFLAGS != *-m32* ]]
+    then
+        ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
+    else
+        ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
+    fi
+    make -j$(nproc)
+
+    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN"
+    export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a"
+    export BOTAN_INCLUDE_PATH="$SRC/botan/build/include"
+
+    # Compile Cryptofuzz Botan module
+    cd $SRC/cryptofuzz/modules/botan
+    make -B
+
+# Compile Cryptofuzz
+    cd $SRC/cryptofuzz
+    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc) >/dev/null
+
+    # Generate dictionary
+    ./generate_dict
+
+    # Copy fuzzer
+    cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-bearssl
+    # Copy dictionary
+    cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-bearssl.dict
diff --git a/projects/bearssl/project.yaml b/projects/bearssl/project.yaml
new file mode 100644
index 000000000..d9b20ae0e
--- /dev/null
+++ b/projects/bearssl/project.yaml
@@ -0,0 +1,12 @@
+homepage: "https://bearssl.org/"
+language: c++
+primary_contact: "guidovranken@gmail.com"
+auto_ccs:
+    - "pornin@gmail.com"
+sanitizers:
+ - address
+ - undefined
+ - memory
+architectures:
+ - x86_64
+ - i386