golang: add ecdsa fuzzer (#12918)

Signed-off-by: Adam Korczynski <[email protected]>
google · Jan 8, 2025 · 6d2d313 · 6d2d313
1 parent 11b6cd9
commit 6d2d313
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 1 deletion.
diff --git a/projects/golang/Dockerfile b/projects/golang/Dockerfile
@@ -23,6 +23,7 @@ RUN git clone --depth 1 https://github.com/golang/image
 RUN git clone --depth 1 https://github.com/golang/crypto
 RUN git clone --depth 1 https://github.com/golang/text
 RUN git clone --depth 1 https://github.com/AdamKorcz/instrumentation
+RUN git clone --depth=1 https://github.com/AdamKorcz/go-118-fuzz-build --branch=november-backup
 RUN wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz \
     && mkdir temp-go \
     && rm -rf /root/.go/* \

diff --git a/projects/golang/build.sh b/projects/golang/build.sh
@@ -26,6 +26,10 @@ export GOTOOLCHAIN="local"
 
 export FUZZ_ROOT="github.com/dvyukov/go-fuzz-corpus"
 
+cd $SRC/go-118-fuzz-build
+go build .
+mv go-118-fuzz-build /root/go/bin/
+
 cd $SRC/text
 cp $SRC/unicode_fuzzer.go ./encoding/unicode/
 find . -name "*_test.go" ! -name 'fuzz_test.go' -type f -exec rm -f {} +
@@ -62,6 +66,10 @@ function setup_golang_fuzzers() {
 	mkdir $SRC/golang/encoding && cp $SRC/encoding_fuzzer.go $SRC/golang/encoding/
 
 	go mod init "github.com/dvyukov/go-fuzz-corpus"
+	mkdir fuzzingdep
+	printf "package fuzzingdep\nimport _ \"github.com/AdamKorcz/go-118-fuzz-build/testing\"\n" > fuzzingdep/register.go
+	go mod edit -replace github.com/AdamKorcz/go-118-fuzz-build="$SRC"/go-118-fuzz-build
+	go mod tidy
 }
 
 function compile_fuzzers() {
@@ -70,11 +78,15 @@ function compile_fuzzers() {
 	compile_go_fuzzer $FUZZ_ROOT/encoding FuzzEncoding fuzz_encoding$version
 	compile_go_fuzzer $FUZZ_ROOT/strings FuzzStringsSplit fuzz_strings_split$version
 	compile_go_fuzzer $FUZZ_ROOT/fp FuzzFpGlob glob_fuzzer$version
+	if [ "${version}" != '_latest_master' ]
+        then
+		compile_go_fuzzer $FUZZ_ROOT/crypto/ecdsa FuzzEcdsaSign FuzzEcdsaSign$version
+		compile_native_go_fuzzer $FUZZ_ROOT/crypto/ecdsa FuzzEcdsaVerify FuzzEcdsaVerify$version
+        fi
 	compile_go_fuzzer $FUZZ_ROOT/crypto/x509 FuzzParseCert fuzz_parse_cert$version
 	compile_go_fuzzer $FUZZ_ROOT/crypto/x509 FuzzPemDecrypt fuzz_pem_decrypt$version
 	compile_go_fuzzer $FUZZ_ROOT/crypto/aes FuzzAesCipherDecrypt fuzz_aes_cipher_decrypt$version
 	compile_go_fuzzer $FUZZ_ROOT/crypto/aes FuzzAesCipherEncrypt fuzz_aes_cipher_encrypt$version
-	compile_go_fuzzer $FUZZ_ROOT/crypto/ecdsa FuzzEcdsaSign FuzzEcdsaSign$version
 	compile_go_fuzzer $FUZZ_ROOT/text FuzzAcceptLanguage accept_language_fuzzer$version
 	compile_go_fuzzer $FUZZ_ROOT/text FuzzMultipleParsers fuzz_multiple_parsers$version
 	compile_go_fuzzer $FUZZ_ROOT/text FuzzCurrency currency_fuzzer$version
@@ -183,6 +195,7 @@ go mod tidy
 cd $SRC/go/src/image/png
 go mod init pngPackage
 go get github.com/AdamKorcz/go-118-fuzz-build/testing
+go mod edit -replace github.com/AdamKorcz/go-118-fuzz-build="$SRC"/go-118-fuzz-build
 compile_native_go_fuzzer pngPackage FuzzDecode fuzz_png_decode
 zip $OUT/fuzz_png_decode_seed_corpus.zip ./testdata/*.png
 
@@ -191,6 +204,7 @@ go mod init gzipPackage
 go mod tidy
 find . -name "*_test.go" ! -name 'fuzz_test.go' -type f -exec rm -f {} +
 go get github.com/AdamKorcz/go-118-fuzz-build/testing
+go mod edit -replace github.com/AdamKorcz/go-118-fuzz-build="$SRC"/go-118-fuzz-build
 compile_native_go_fuzzer gzipPackage FuzzReader fuzz_std_lib_gzip_reader
 zip $OUT/fuzz_std_lib_gzip_reader_seed_corpus.zip $SRC/go/src/compress/gzip/testdata/*
 
@@ -200,6 +214,7 @@ cd $SRC/go/src/html
 go mod init htmlPackage
 go mod tidy
 go get github.com/AdamKorcz/go-118-fuzz-build/testing
+go mod edit -replace github.com/AdamKorcz/go-118-fuzz-build="$SRC"/go-118-fuzz-build
 compile_native_go_fuzzer htmlPackage FuzzEscapeUnescape fuzz_html_escape_unescape
 
 # Install latest Go from master branch and build fuzzers again

diff --git a/projects/golang/ecdsa_fuzzer.go b/projects/golang/ecdsa_fuzzer.go
@@ -19,6 +19,7 @@ import (
 	"bytes"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"testing"
 )
 
 func FuzzEcdsaSign(data []byte) int {
@@ -45,3 +46,23 @@ func FuzzEcdsaSign(data []byte) int {
 	_, _, _ = ecdsa.Sign(randReader, priv, data[firstRandReaderLen+1:])
 	return 1
 }
+
+func FuzzEcdsaVerify(f *testing.F) {
+	f.Fuzz(func(t *testing.T, rand1, rand2, sig []byte, cIndex uint8) {
+
+		cs := []elliptic.Curve{
+			elliptic.P256(),
+			elliptic.P224(),
+			elliptic.P384(),
+			elliptic.P521(),
+		}
+		c := int(cIndex) % len(cs)
+		randReader := bytes.NewReader(rand1)
+		priv, err := ecdsa.GenerateKey(cs[c], randReader)
+		if err != nil {
+			return
+		}
+		pub := priv.Public()
+		ecdsa.VerifyASN1(pub.(*ecdsa.PublicKey), rand2, sig)
+	})
+}